I got a security license key from Cisco that I need to TFTP and install on a remote router (for work). The only problem was the distance and I was also quite lazy to travel since it was on a Friday. I've found a convenient way of transferring files between two routers by configuring one of them to act as a TFTP server. FTP was supported on older IOS train but was removed due to security exploits.
First, I transferred the license key file from my PC to a local router. Since we've got public IP address assigned to the WAN interface, it's easy to transfer the file over the Internet.
2811#copy tftp://172.27.110.121/FGL1748115S_201404032246233900.lic flash
Destination filename [FGL1748115S_201404032246233900.lic]?
Accessing tftp://172.27.110.121/FGL1748115S_201404032246233900.lic...
Loading FGL1748115S_201404032246233900.lic from 172.27.110.121 (via FastEthernet0/1): !
[OK - 1154 bytes]
1154 bytes copied in 1.380 secs (836 bytes/sec)
2811#show flash
-#- --length-- -----date/time------ path
1 130552 Mar 15 2010 07:04:52 P00308010200.bin
2 1648 Sep 21 2005 15:13:32 sdmconfig-2811.cfg
3 3492 Jul 21 2011 01:44:24 eDonkey.pdlm
4 763392 Sep 21 2005 15:14:16 es.tar
5 820224 Sep 21 2005 15:14:40 common.tar
6 1038 Sep 21 2005 15:14:56 home.shtml
7 113152 Sep 21 2005 15:15:14 home.tar
8 504643 Sep 21 2005 15:15:32 128MB.sdf
9 1208320 Sep 21 2005 15:15:50 ips.tar
10 3100 Nov 30 2007 07:57:56 bittorrent.pldm
11 9411 Jul 11 2009 02:59:10 startup-config
12 57694284 Sep 09 2009 07:09:10 c2800nm-advipservicesk9-mz.124-24.T1.bin
13 130956 Mar 15 2010 07:05:28 P00308010200.sbn
14 708448 Mar 15 2010 07:05:48 P00308010200.sb2
15 461 Mar 15 2010 07:06:06 P00308010200.loads
16 3100 Jul 21 2011 01:43:50 bittorrent.pdlm
17 2251 Jul 21 2011 01:44:06 directconnect.pdlm
18 2377 Jul 21 2011 01:44:40 gnutella.pdlm
19 1752 Jul 21 2011 01:44:58 kazaa2.pdlm
20 1154 Apr 04 2014 06:43:48 FGL1748115S_201404032246233900.lic
We use the tftp-server command to function as a TFTP server and specify the location and filename that can be downloaded.
2811(config)#tftp-server flash:FGL1748115S_201404032246233900.lic
The remote Cisco 2911 router doesn't have the permanent security license installed yet. We verify this using the show version command.
2911#show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 20-Jun-13 13:06 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
2811 uptime is 1 day, 3 hours, 21 minutes
System returned to ROM by power-on
System restarted at 03:22:36 UTC Thu Apr 3 2014
System image file is "flash0:c2900-universalk9-mz.SPA.152-4.M4.bin"
Last reload type: Normal Reload
Last reload reason: power-on
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID FGL1748115S
3 Gigabit Ethernet interfaces
1 terminal line
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2911/K9 FGL1748115S
Technology Package License Information for Module:'c2900'
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security None None None
uc uck9 Permanent uck9
data None None None
Configuration register is 0x2102
We use the copy tftp flash command to transfer the file. Next, we issue the license install command from privileged EXEC prompt and perform a reload afterwards to take effect.
2911#copy tftp://202.79.18.25 flash
Source filename []? FGL1748115S_201404032246233900.lic
Destination filename [FGL1748115S_201404032246233900.lic]?
Accessing tftp://202.79.18.25/FGL1748115S_201404032246233900.lic...
Loading FGL1748117J_201404032246233900.lic from 202.78.17.250 (via GigabitEthernet0/1): !
[OK - 1154 bytes]
1154 bytes copied in 0.452 secs (2553 bytes/sec)
2911#show flash | inc .lic
241 1154 Apr 4 2014 06:47:56 +00:00 FGL1748115S_201404032246233900.lic
2911#license install flash:FGL1748115S_201404032246233900.lic
Installing licenses from "flash:FGL1748115S_201404032246233900.lic"
Installing...Feature:securityk9...Successful:Supported
1/1 licenses were successfully installed
0/1 licenses were existing licenses
0/1 licenses were failed to install
2911#reload
Proceed with reload? [confirm]
Connection closed by foreign host.
2911#show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 20-Jun-13 13:06 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
2911 uptime is 1 minute
System returned to ROM by reload at 06:50:36 UTC Fri Apr 4 2014
System image file is "flash0:c2900-universalk9-mz.SPA.152-4.M4.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID FGL1748115S
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2911/K9 FGL1748115S
Technology Package License Information for Module:'c2900'
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc uck9 Permanent uck9
data None None None
Configuration register is 0x2102
We do a clean up on the local router config if the TFTP function and other files are no longer needed.
2811(config)#no tftp-server flash:FGL1748115S_201404032246233900.lic
2811(config)#end
2811#delete flash:FGL1748115S_201404032246233900.lic
Delete filename [FGL1748115S_201404032246233900.lic]?
Delete flash:/FGL1748115S_201404032246233900.lic? [confirm]
First, I transferred the license key file from my PC to a local router. Since we've got public IP address assigned to the WAN interface, it's easy to transfer the file over the Internet.
2811#copy tftp://172.27.110.121/FGL1748115S_201404032246233900.lic flash
Destination filename [FGL1748115S_201404032246233900.lic]?
Accessing tftp://172.27.110.121/FGL1748115S_201404032246233900.lic...
Loading FGL1748115S_201404032246233900.lic from 172.27.110.121 (via FastEthernet0/1): !
[OK - 1154 bytes]
1154 bytes copied in 1.380 secs (836 bytes/sec)
2811#show flash
-#- --length-- -----date/time------ path
1 130552 Mar 15 2010 07:04:52 P00308010200.bin
2 1648 Sep 21 2005 15:13:32 sdmconfig-2811.cfg
3 3492 Jul 21 2011 01:44:24 eDonkey.pdlm
4 763392 Sep 21 2005 15:14:16 es.tar
5 820224 Sep 21 2005 15:14:40 common.tar
6 1038 Sep 21 2005 15:14:56 home.shtml
7 113152 Sep 21 2005 15:15:14 home.tar
8 504643 Sep 21 2005 15:15:32 128MB.sdf
9 1208320 Sep 21 2005 15:15:50 ips.tar
10 3100 Nov 30 2007 07:57:56 bittorrent.pldm
11 9411 Jul 11 2009 02:59:10 startup-config
12 57694284 Sep 09 2009 07:09:10 c2800nm-advipservicesk9-mz.124-24.T1.bin
13 130956 Mar 15 2010 07:05:28 P00308010200.sbn
14 708448 Mar 15 2010 07:05:48 P00308010200.sb2
15 461 Mar 15 2010 07:06:06 P00308010200.loads
16 3100 Jul 21 2011 01:43:50 bittorrent.pdlm
17 2251 Jul 21 2011 01:44:06 directconnect.pdlm
18 2377 Jul 21 2011 01:44:40 gnutella.pdlm
19 1752 Jul 21 2011 01:44:58 kazaa2.pdlm
20 1154 Apr 04 2014 06:43:48 FGL1748115S_201404032246233900.lic
We use the tftp-server command to function as a TFTP server and specify the location and filename that can be downloaded.
2811(config)#tftp-server flash:FGL1748115S_201404032246233900.lic
The remote Cisco 2911 router doesn't have the permanent security license installed yet. We verify this using the show version command.
2911#show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 20-Jun-13 13:06 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
2811 uptime is 1 day, 3 hours, 21 minutes
System returned to ROM by power-on
System restarted at 03:22:36 UTC Thu Apr 3 2014
System image file is "flash0:c2900-universalk9-mz.SPA.152-4.M4.bin"
Last reload type: Normal Reload
Last reload reason: power-on
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID FGL1748115S
3 Gigabit Ethernet interfaces
1 terminal line
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2911/K9 FGL1748115S
Technology Package License Information for Module:'c2900'
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security None None None
uc uck9 Permanent uck9
data None None None
Configuration register is 0x2102
We use the copy tftp flash command to transfer the file. Next, we issue the license install command from privileged EXEC prompt and perform a reload afterwards to take effect.
2911#copy tftp://202.79.18.25 flash
Source filename []? FGL1748115S_201404032246233900.lic
Destination filename [FGL1748115S_201404032246233900.lic]?
Accessing tftp://202.79.18.25/FGL1748115S_201404032246233900.lic...
Loading FGL1748117J_201404032246233900.lic from 202.78.17.250 (via GigabitEthernet0/1): !
[OK - 1154 bytes]
1154 bytes copied in 0.452 secs (2553 bytes/sec)
2911#show flash | inc .lic
241 1154 Apr 4 2014 06:47:56 +00:00 FGL1748115S_201404032246233900.lic
2911#license install flash:FGL1748115S_201404032246233900.lic
Installing licenses from "flash:FGL1748115S_201404032246233900.lic"
Installing...Feature:securityk9...Successful:Supported
1/1 licenses were successfully installed
0/1 licenses were existing licenses
0/1 licenses were failed to install
2911#reload
Proceed with reload? [confirm]
Connection closed by foreign host.
2911#show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 20-Jun-13 13:06 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
2911 uptime is 1 minute
System returned to ROM by reload at 06:50:36 UTC Fri Apr 4 2014
System image file is "flash0:c2900-universalk9-mz.SPA.152-4.M4.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID FGL1748115S
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2911/K9 FGL1748115S
Technology Package License Information for Module:'c2900'
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc uck9 Permanent uck9
data None None None
Configuration register is 0x2102
We do a clean up on the local router config if the TFTP function and other files are no longer needed.
2811(config)#no tftp-server flash:FGL1748115S_201404032246233900.lic
2811(config)#end
2811#delete flash:FGL1748115S_201404032246233900.lic
Delete filename [FGL1748115S_201404032246233900.lic]?
Delete flash:/FGL1748115S_201404032246233900.lic? [confirm]
No comments:
Post a Comment