close

 

 

Cisco IOS Resilient Configuration

可以保護開機用IOS image與設定檔,以避免遭人誤刪。


指令
#secure boot-image     /IOS image保護
#secure boot-config    /config設定檔備份保護


範例

1.檢視原有flash空間
Router#dir
Directory of flash:/

    1  -rw-    41456608  May 24 2016 08:51:22 +00:00  c1841-advsecurityk9-mz.151-4.M10.bin
    2  -rw-        2746   Mar 4 2009 15:29:06 +00:00  sdmconfig-18xx.cfg
    3  -rw-      931840   Mar 4 2009 15:30:16 +00:00  es.tar
    4  -rw-     1505280   Mar 4 2009 15:31:06 +00:00  common.tar
    5  -rw-        1038   Mar 4 2009 15:31:28 +00:00  home.shtml
    6  -rw-      112640   Mar 4 2009 15:31:54 +00:00  home.tar
    7  -rw-         600  May 24 2016 07:52:12 +00:00  vlan.dat

63983616 bytes total (19955712 bytes free)

2.開啟IOS image保護機制
Router#enable 
Router#configure terminal 
Router(config)#secure boot-image 
Router(config)#end 

*Jun 30 06:06:30.203: %IOS_RESILIENCE-5-IMAGE_RESIL_ACTIVE: Successfully secured running image


3.檢視設定後flash空間,原有IOS檔案被隱藏了
Router#dir
Directory of flash:/

    2  -rw-        2746   Mar 4 2009 15:29:06 +00:00  sdmconfig-18xx.cfg
    3  -rw-      931840   Mar 4 2009 15:30:16 +00:00  es.tar
    4  -rw-     1505280   Mar 4 2009 15:31:06 +00:00  common.tar
    5  -rw-        1038   Mar 4 2009 15:31:28 +00:00  home.shtml
    6  -rw-      112640   Mar 4 2009 15:31:54 +00:00  home.tar
    7  -rw-         600  May 24 2016 07:52:12 +00:00  vlan.dat

63983616 bytes total (19951616 bytes free)


4.檢視狀況
Router# show secure bootset
IOS resilience router id JMX00000L0AA

IOS image resilience version 15.1 activated at 06:06:29 UTC Thu Jun 30 2016
Secure archive flash:c1841-advsecurityk9-mz.151-4.M10.bin type is image (elf) []
  file size is 41456608 bytes, run size is 41622292 bytes
  Runnable image, entry point 0x8000F000, run from ram

IOS configuration resilience is not active

5.格式化flash
Router#format flash: 
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "flash:".  Continue? [confirm]
Writing Monlib sectors....
Monlib write complete 

Format: All system sectors written. OK...

Format: Total sectors in formatted partition: 125408
Format: Total bytes in formatted partition: 64208896
Format: Operation completed successfully.

Format of flash: complete

6.確認格式化後的狀況,並未全釋放空間,因IOS image被保護並隱藏了
Router#dir
Directory of flash:/

No files in directory

64000000 bytes total (22536192 bytes free)
Router#

7.將IOS image保護機制關閉  ※console情況下才能關閉
Router(config)#no secure boot-image 
*Jun 30 06:11:32.923: %IOS_RESILIENCE-5-IMAGE_RESIL_INACTIVE: Disabled secure image archiva  
Router(config)#

8.flash空間顯示出IOS image
Router#dir
Directory of flash:/

    1  -rw-    41456608  Jun 30 2016 06:11:06 +00:00  c1841-advsecurityk9-mz.151-4.M10.bin

64000000 bytes total (22540288 bytes free)

 

原廠文件
Cisco IOS Resilient Configuration
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/15-sy/sec-usr-cfg-15-sy-book/sec-resil-config.pdf

arrow
arrow
    文章標籤
    Resilient IOS 保護
    全站熱搜

    鵝 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄