NOPE LinkedIn

Catégories:
Security
Network

How to update the firmware on cisco 2960 serie switch.

  1. Backup the running configuration to your laptop or what ever. By using putty, after being connected:

    • Select Change Settings…, in Session, select Logging, Click on Printable output, click on Browse and then select wher you want to save the output file and then Click on Apply
    • On the switch:
    term len 0
sh running configuration
    • Select Change Settings…, in Session, select Logging, Click on None, and then Click on Apply

  2. Connect to the switch, via SSH. If ssh is not configured; follow these steps after connecting to the console:

switch(config)#ip domain-name BREIZHLAND.INT

switch(config)#line vty 0 4
switch(config-line)#transport input ssh
switch(config-line)#login local

switch(config)#crypto key generate rsa 

The name for the keys will be: switch.BREIZHLAND.INT
Choose the size of the key modulus in the range of 360 to 4096 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 3 seconds)

switch(config)#ip ssh version 2

And we need a user that has full access to the router:

switch(config)#username admin privilege 15 password cisco
  1. Enter the following commands on the switch to temporarily enable an SCP server on port 22. We do this as SCP is a secure means of transport, unlike TFTP:
conf t
ip scp server enable
end
wr me
  1. Launch a command shell on your laptop/server & enter the following commands:
 cd Where-is-located-the-firmware
 E:
  1. Copy the IOS firmware to the switch:
 pscp.exe -scp -P 22 E:\Cisco\c2960x-universalk9-mz.152-7.E3.bin admin@redacted-switch-ip:c2960x-universalk9-mz.152-7.E3.bin
  1. Verify the hash of the copied firmware - hash should be: f148fc860a1d4d08532bc616724e632d
 verify /md5 flash:c2960x-universalk9-mz.152-7.E3.bin
  1. Copy the firmware to the 2nd stack member:
copy flash:c2960x-universalk9-mz.152-7.E3.bin flash2:c2960x-universalk9-mz.152-7.E3.bin
  1. Enter the following commands to set all stack members to boot the new firmware:
conf t
 no boot system
 boot system switch all flash:c2960x-universalk9-mz.152-7.E3.bin
 end
 wr me
  1. Confirm that the switch stack is set to boot the new firmware:
 show boot system
  1. If OK, issue a reload command
 reload

  1. Await for stack members to reload and attempt to log on

  2. Check the status of the stack by issuing the following command:

 sh version
  1. Disable the SCP server:
 conf t
 no ip scp server enable
 end
 wr me
by Patrice Le Guyader
tags: cisco 2960 firmware