labunix's blog

labunixのラボUnix

Cisco Switch(2940)のバックアップ、初期化、復元、アップデート

■Cisco Switch(2940)のバックアップ、初期化、復元、アップデート
 今回は1Gx1ポート、100Mx8ポートのスイッチ。

# screen /dev/ttyS0

Switch> enable
Switch#show version | include ^cisco
cisco WS-C2940-8TT-S (RC32300) processor (revision D0) with 20681K bytes of memory.
Switch#show interfaces status

Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/1                        connected    1          a-full  a-100 10/100BaseTX
Fa0/2                        notconnect   1            auto   auto 10/100BaseTX
Fa0/3                        notconnect   1            auto   auto 10/100BaseTX
Fa0/4                        notconnect   1            auto   auto 10/100BaseTX
Fa0/5                        notconnect   1            auto   auto 10/100BaseTX
Fa0/6                        notconnect   1            auto   auto 10/100BaseTX
Fa0/7                        notconnect   1            auto   auto 10/100BaseTX
Fa0/8                        notconnect   1            auto   auto 10/100BaseTX
Gi0/1                        notconnect   1            auto   auto 10/100/1000BaseTX

■対象の確認

Switch#dir flash:
Directory of flash:/

    2  -rwx         274   Mar 1 1993 00:01:40 +00:00  info
    4  -rwx           5  Apr 24 1993 13:51:46 +00:00  private-config.text.renamed
    6  drwx         192   Mar 1 1993 00:04:59 +00:00  c2940-i6q4l2-mz.121-20.EA1a
   91  -rwx         274   Mar 1 1993 00:04:59 +00:00  info.ver

7612416 bytes total (1451520 bytes free)
Switch#dir flash:c2940-i6q4l2-mz.121-20.EA1a
Directory of flash:/c2940-i6q4l2-mz.121-20.EA1a/

    7  drwx        2688   Mar 1 1993 00:03:15 +00:00  html
   89  -rwx     3064857   Mar 1 1993 00:04:59 +00:00  c2940-i6q4l2-mz.121-20.EA1a.bin
   90  -rwx         274   Mar 1 1993 00:04:59 +00:00  info

7612416 bytes total (1449984 bytes free)

■debian側

$ sudo /sbin/ifconfig eth2 172.31.31.254/24 up
$ sudo route add -net 172.31.31.0/24 gw 172.31.31.253 eth2
$ ls /srv/tftp/
$ netstat -an | grep :69
udp        0      0 0.0.0.0:69              0.0.0.0:*                          

■VLAN 1にIPを設定

Switch#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#interface vlan 1
Switch(config)#no shutdown
Switch(config-if)#ip address 172.31.31.253 255.255.255.0
Switch(config-if)#exit
Switch(config)#ip default-gateway 172.31.31.254
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#exit
Switch#write memory 
Building configuration...
[OK]
Switch#copy running-config startup-config
Destination filename [startup-config]? 
Building configuration...
[OK]
Switch#show interfaces fastEthernet 0/1 | include connect
FastEthernet0/1 is up, line protocol is up (connected)
Switch#show interfaces status | include full
Fa0/1                        connected    1          a-full  a-100 10/100BaseTX
Switch#show running-config interface vlan 1
Building configuration...

Current configuration : 92 bytes
!
interface Vlan1
 ip address 172.31.31.253 255.255.255.0
 no ip route-cache
 no shutdown
end

Switch#show vlan id 1
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Gi0/1

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0   

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

Switch#

■tftpサーバにバックアップ
 「private-config.text*」以外は成功

Switch#copy running-config flash:/backup.config 
Destination filename [backup.config]? 
687 bytes copied in 0.920 secs (747 bytes/sec)
Switch#copy flash:backup.config tftp:
Address or name of remote host []? 172.31.31.254
Destination filename [backup.config]? 
!!
687 bytes copied in 0.016 secs (42938 bytes/sec)
Switch#copy flash:info tftp:
Address or name of remote host []? 172.31.31.254
Destination filename [info]? 
!!
274 bytes copied in 0.064 secs (4281 bytes/sec)
Switch#copy flash:info.ver tftp:
Address or name of remote host []? 172.31.31.254
Destination filename [info.ver]? 
!!
274 bytes copied in 0.016 secs (17125 bytes/sec)
Switch#copy flash:private-config.text tftp:
Address or name of remote host []? 172.31.31.254
Destination filename [private-config.text]? 
%Error opening flash:private-config.text (Permission denied)
Switch#copy flash:private-config.text.renamed tftp:
Address or name of remote host []? 172.31.31.254
Destination filename [private-config.text.renamed]? 
%Error opening flash:private-config.text.renamed (Permission denied)
Switch#copy flash:config.text tftp:
Address or name of remote host []? 172.31.31.254
Destination filename [config.text]? 
!!
687 bytes copied in 0.016 secs (42938 bytes/sec)
Switch#archive upload-sw /version c2940-i6q4l2-mz.121-20.EA1a tftp://172.31.31.254/c2940-i6q4l2-mz.121-20.EA1a.tar
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
...
archiving c2940-i6q4l2-mz.121-20.EA1a/info (274 bytes)
archiving info.ver (274 bytes)
Switch#

■debian側から確認

$ env LANG=C ls -l /srv/tftp/
total 6084
-rw-r--r-- 1 nobody nogroup     687 May 13 20:27 backup.config
-rw-r--r-- 1 nobody nogroup 6198272 May 13 20:23 c2940-i6q4l2-mz.121-20.EA1a.tar
-rw-r--r-- 1 nobody nogroup     687 May 13 20:13 config.text
-rw-r--r-- 1 nobody nogroup     274 May 13 20:11 info
-rw-r--r-- 1 nobody nogroup     274 May 13 20:12 info.ver

■private-config.textについて

 起動時のコンフィグファイルなので削除のみ行える。
 つまり「startup-config」=「private-config.text」

Switch#show boot 
BOOT path-list:       
Config file:          flash:/config.text
Private Config file:  flash:/private-config.text
Enable Break:         no
Manual Boot:          no
HELPER path-list:     
NVRAM/Config file
      buffer size:    32768
Switch#delete flash:private-config.text.old
Delete filename [private-config.text.old]? 
Delete flash:private-config.text.old? [confirm]

■「startup-config」=「private-config.text」の確認方法
 サイズが同じでMD5SUM値が同じ。

Switch#dir nvram:/startup-config
Directory of nvram:/startup-config

   30  -rw-         687                    <no date>  startup-config

32768 bytes total (32024 bytes free)

Directory of flash:/backup.config

    2  -rwx         687   Mar 1 1993 00:56:29 +00:00  backup.config

7612416 bytes total (1450496 bytes free)

Switch#verify /md5 flash:/backup.config
.Done!
verify /md5 (flash:/backup.config) = 3da123aa635141a7bfab317881f66aba


Switch#verify /md5 nvram:startup-config
.Done!
verify /md5 (nvram:startup-config) = 3da123aa635141a7bfab317881f66aba

■初期化
 「vlan.dat」があるなら削除
 「vlan.dat」の削除と「startup-config」の削除の順番はどちらからでも良い。

Switch#delete flash:vlan.dat
Delete filename [vlan.dat]? 
Delete flash:vlan.dat? [confirm]
witch#erase startup-config 
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
Erase of nvram: complete
Switch#reload

...
         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]:no

Press RETURN to get started!

Switch>enable 
Switch#dir system:
Directory of system:/

    2  dr-x           0                    <no date>  memory
    1  -rw-         639                    <no date>  running-config

No space information available


■「flash:backup.config」からの復元
 最小限のバックアップはflashに置いておくべき。

Switch#show running-config | include 172
Switch#
Switch#more flash:backup.config | include 172 
 ip address 172.31.31.253 255.255.255.0
ip default-gateway 172.31.31.254
Switch#copy flash:backup.config system:running-config
Destination filename [running-config]? 
687 bytes copied in 0.544 secs (1263 bytes/sec)
Switch#verify /md5 system:running-config
.Done!
verify /md5 (system:running-config) = 6811f91449343b1447e3b19336fd9613

Switch#verify /md5 system:running-config             
.Done!
verify /md5 (system:running-config) = 719112622987cbd65a29b8b11a424a4f

Switch#show running-config | include 172             
 ip address 172.31.31.253 255.255.255.0
ip default-gateway 172.31.31.254

■アップデートモジュールをdebian側に配置

$ tar tvf /srv/tftp/c2940-i6q4l2-tar.121-22.EA14.tar | grep bin\$ | awk '{print $NF}'
c2940-i6q4l2-mz.121-22.EA14/c2940-i6q4l2-mz.121-22.EA14.bin
$ sudo chown -R nobody:nogroup /srv/tftp/c2940-i6q4l2-tar.121-22.EA14.tar 

■既存のIOS削除、tftp経由でアップデート。

Switch#show version | include bin
System image file is "flash:/c2940-i6q4l2-mz.121-20.EA1a/c2940-i6q4l2-mz.121-20.EA1a.bin"
Switch#cd flash:c2940-i6q4l2-mz.121-20.EA1a
Switch#delete /recursive flash:/c2940-i6q4l2-mz.121-20.EA1a
Delete filename [c2940-i6q4l2-mz.121-20.EA1a]? 
Examine files in directory flash:/c2940-i6q4l2-mz.121-20.EA1a? [confirm]
Examine files in directory flash:/c2940-i6q4l2-mz.121-20.EA1a/html? [confirm]
Delete flash:/c2940-i6q4l2-mz.121-20.EA1a/html/cms_boot.jar? [confirm]
Delete flash:/c2940-i6q4l2-mz.121-20.EA1a/html/cms_13.html? [confirm]
Delete flash:/c2940-i6q4l2-mz.121-20.EA1a/html/custom_cms.html? [confirm]
Delete flash:/c2940-i6q4l2-mz.121-20.EA1a/html/start.html? [confirm]
...
Switch#archive download-sw tftp://172.31.31.254/c2940-i6q4l2-tar.121-22.EA14.tar
examining image...
Loading c2940-i6q4l2-tar.121-22.EA14.tar from 172.31.31.254 (via Vlan1): !
extracting info (274 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
...
[OK - 5109760 bytes]

New software image installed in flash:/c2940-i6q4l2-mz.121-22.EA14
Configuring system to use new image...done.

Switch#reload

System configuration has been modified. Save? [yes/no]: no
Proceed with reload? [confirm]

...

Would you like to enter the initial configuration dialog? [yes/no]:no

Press RETURN to get started!

Switch>

■アップデート後の確認

Switch>enable
Switch#show boot 
BOOT path-list:       flash:/c2940-i6q4l2-mz.121-22.EA14/c2940-i6q4l2-mz.121-22.EA14.bin
Config file:          flash:/config.text
Private Config file:  flash:/private-config.text
Enable Break:         no
Manual Boot:          no
HELPER path-list:     
NVRAM/Config file
      buffer size:    32768
Timeout for Config
          Download:    0 seconds
Config Download 
       via DHCP:       disabled (next boot: disabled)
Switch#show version | include ^cisco|bin
System image file is "flash:/c2940-i6q4l2-mz.121-22.EA14/c2940-i6q4l2-mz.121-22.EA14.bin"
cisco WS-C2940-8TT-S (RC32300) processor (revision D0) with 20912K bytes of memory.

■旧バージョンの最小限のコンフィグから復元

Switch#dir flash:
Directory of flash:/

    2  -rwx         687  Mar 01 1993 00:56:29 +00:00  backup.config
    5  drwx         192  Mar 01 1993 00:40:36 +00:00  c2940-i6q4l2-mz.121-22.EA14

7612416 bytes total (2650624 bytes free)
Switch#copy flash:backup.config system:running-config
Destination filename [running-config]? 
687 bytes copied in 0.516 secs (1331 bytes/sec)
Switch#ping 172.31.31.254 

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.31.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1000 ms
Switch#ping 172.31.31.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.31.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Switch#

■最小限のバックアップということで、「small.conf」として再保存した。

Switch#write memory 
Building configuration...
[OK]
Switch#copy running-config flash:small.config  
Destination filename [small.config]? 
714 bytes copied in 1.148 secs (622 bytes/sec)
Switch#delete flash:backup.config
Delete filename [backup.config]? 
Delete flash:backup.config? [confirm]
Switch#dir flash:
Directory of flash:/

    3  -rwx         714  Mar 01 1993 00:06:41 +00:00  config.text
    5  drwx         192  Mar 01 1993 00:40:36 +00:00  c2940-i6q4l2-mz.121-22.EA14
    4  -rwx           5  Mar 01 1993 00:06:41 +00:00  private-config.text
  325  -rwx         714  Mar 01 1993 00:07:14 +00:00  small.config

7612416 bytes total (2649088 bytes free)

Switch#verify /md5 system:running-config
.Done!
verify /md5 (system:running-config) = e660003c1b56e78f2f4216840197dcb4

Switch#verify /md5 flash:small.config
.Done!
verify /md5 (flash:small.config) = e660003c1b56e78f2f4216840197dcb4

Switch#copy flash:small.config tftp://172.31.31.254
Address or name of remote host [172.31.31.254]? 
Destination filename [small.config]? 
!!
714 bytes copied in 0.020 secs (35700 bytes/sec)