思科防火墙服务模块 (FWSM) 的升级方法
应用场景
FWSM 是安装在 Catalyst 6500 系列交换机和 Cisco 7600 系列路由器上的性能较高、占用空间较少且有状态的防火墙模块。本文档介绍如何升级安装在 Cisco 7600 系列路由器中的防火墙服务模块 (FWSM) 。下面以WS-SVC-FWM-1为例进行升级。
准备工作
在进行重置之前,需要做好以下准备工作:
1.将WS-SVC-FWM-1插入Cisco 7600 系列路由器中,主控选用 WS-SUP720-3BXL。
2.本次是版本FWSM Firewall Version 3.2(2) 升级到FWSM Firewall Version 3.2(13) 。
3.准备一根console线和一根RJ45的网线,将路由器的console口与计算机的串口连接。
4.打开电脑的终端软件(如SecureCRT),, 如下图 GUI 界面所示,需要设置连接方式为串口,速率9600,无校验,无流控,停止位1。
1.开机初始查看版本
2.在Cisco 7600 系列路由器配置。
Router(config)#int range g1/1 - 2
Router(config-if-range)#no shut
Router(config-if-range)#sw
Router(config-if-range)#switchport
3.进入WS-SVC-FWM-1维护模式进行升级
Router#hw-module module 4 reset cf:1
Router#session slot 4 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.71 ... Open
Cisco Maintenance image
login: root
Password:cisco
Maintenance image version: 2.1(3)
root@exnj2401nam.mbnainternational.com#
root@exnj2401nam.mbnainternational.com#
root@exnj2401nam.mbnainternational.com#ip address 192.168.0.238 255.255.255.0
upgrade ftp://admin:admin@192.168.0.107/c6svc-fwm-k9.3-2-13.bin cf:4
FTP服务器设置:
root@localhost.localdomain#
root@localhost.localdomain#ping 192.168.0.107
PING 192.168.0.107 (192.168.0.107) from 192.168.0.238 : 56(84) bytes of data.
64 bytes from 192.168.0.107: icmp_seq=0 ttl=128 time=751 usec
64 bytes from 192.168.0.107: icmp_seq=1 ttl=128 time=389 usec
64 bytes from 192.168.0.107: icmp_seq=2 ttl=128 time=317 usec
64 bytes from 192.168.0.107: icmp_seq=3 ttl=128 time=379 usec
64 bytes from 192.168.0.107: icmp_seq=4 ttl=128 time=417 usec
--- 192.168.0.107 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.317/0.450/0.751/0.155 ms
<upgrade ftp://cisco:cisco@192.168.0.107/c6svc-fwm-k9.3-2-13.bin cf:4
Downloading the image. This may take several minutes...
ftp://cisco:cisco@192.168.0.107/c6svc-fwm-k9.3-2-13.bin (5952K)
/tmp/upgrade [########################] 5952K | 9905.10K/s
6095360 bytes transferred in 0.60 sec (9903.37k/sec)
*******注意保存许可KEY,下面会擦除许可*********
Upgrade file ftp://cisco:cisco@192.168.0.107/c6svc-fwm-k9.3-2-13.bin is downloaded.
Upgrading will wipe out the contents on the storage media.
Do you want to proceed installing it [y|N]: y
Proceeding with upgrade. Please do not interrupt.
If the upgrade is interrupted or fails, boot into
Maintenance image again and restart upgrade.
Do you want to retain the configuration [y|N]: y
Backing up FWSM configuration.
root@localhost.localdomain#
root@localhost.localdomain#logout
[Connection to 127.0.0.31 closed by foreign host]
Router#
4.模块状态重新ok后进入WS-SVC-FWM-1模块验证是否升级成功。
Router#session slot 4 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.41 ... Open
User Access Verification
Password: cisco
[Connection to 127.0.0.41 closed by foreign host]
Router#session slot 4 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.41 ... Open
User Access Verification
Password:
Password:
Type help or '?' for a list of available commands.
FWSM> en
Password:
FWSM# sh ver
FWSM Firewall Version 3.2(13)
Compiled on Mon 13-Jul-09 02:07 by fwsmbld
FWSM up 1 min 31 secs
Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash SMART CF @ 0xc321, 20MB
0: Int: GigabitEthernet0 : address is c89c.1d56.f400, irq 5
1: Int: GigabitEthernet1 : address is c89c.1d56.f400, irq 7
2: Int: EOBC0 : address is 0000.1400.0000, irq 11
The Running Activation Key is not set, using default settings:
Licensed features for this platform:
Maximum Interfaces : 256
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
BGP Stub : Disabled
VPN Peers : Unlimited
Serial Number: xxxxx
Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000
Configuration has not been modified since last system restart.
FWSM#
