FWSM-failover 配置故障--升级IOS
FWSM 配置failover后发现其中一台机器死活Telnet不上,提示连接超时或者直接power off。查阅官方文档才知道,两天FWSM做failover要版本完全相同。
sm(cygnus_oir_bay slot4), running yes, state wait_til_online
Last transition recorded: (power_on_ok)-> wait_til_online (online)-> online (powered_off)-> shutdown_pc (pc_powered_off)-> po
MFSC-2#
Aug 16 16:32:25: %C6KPWR-SP-4-DISABLED: power to module in slot 4 set off (Module Failed SCP dnld)
恢复IOS的方法:
1、将交换机连接FTP服务的vlan改为vlan 1
3、通过MFSC进入FWSM维护分区进行升级
升级过程日志:
MFSC-1#hw-module module 2 reset cf:1
注释cf:1:FWSM拥有128M Flash,Flash包含6个Partition:Maintenance partition (cf:1)、Network configuration partition (cf:2)、Crash dump partition (cf:3)、Application partitions (cf:4 and cf:5)、Security context partition (cf:6),如果想改变boot partition的话可以使用command:boot device module mod_num cf:n
MFSC-1#session sl 2 pr 1
Login: root
Password:
By default, the password is "cisco."
root@localhost.localdomain#ip ?
Usage : ip address <ip-address> <netmask>
ip broadcast <broadcast-address>
ip gateway <gateway-address>
ip nameserver <name-server1> [name-server2] [name-server3]
ip domain <domain-name>
ip host <hostname>
root@localhost.localdomain#ip address 10.0.0.100 255.255.255.0
root@localhost.localdomain#ip gateway 10.0.0.227
root@localhost.localdomain#show ip
IP address : 10.0.0.100
Subnet Mask : 255.255.255.0
IP Broadcast : 10.255.255.255
DNS Name : localhost.localdomain
Default Gateway : 10.0.0.227
Nameserver(s) :
5 packets transmitted, 0 packets received, 100% packet loss
root@localhost.localdomain#ping 10.0.0.227
PING 10.0.0.227 (10.0.0.227) from 10.0.0.100 : 56(84) bytes of data.
64 bytes from 10.0.0.227: icmp_seq=0 ttl=128 time=556 usec
64 bytes from 10.0.0.227: icmp_seq=1 ttl=128 time=419 usec
64 bytes from 10.0.0.227: icmp_seq=2 ttl=128 time=418 usec
64 bytes from 10.0.0.227: icmp_seq=3 ttl=128 time=327 usec
64 bytes from 10.0.0.227: icmp_seq=4 ttl=128 time=370 usec
--- 10.0.0.227 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.327/0.418/0.556/0.076 ms
root@localhost.localdomain#
root@localhost.localdomain#upgrade ftp://10.0.0.227/c6svc-fwm-k9.3-2-23.bin cf:5
Downloading the p_w_picpath. This may take several minutes...
ftp://10.0.0.227/c6svc-fwm-k9.3-2-23.bin (5952K)
/tmp/upgrade [########################] 5952K | 11671.64K/s
6095360 bytes transferred in 0.51 sec (11668.59k/sec)
Upgrade file ftp://10.0.0.227/c6svc-fwm-k9.3-2-23.bin is downloaded.
Upgrading will wipe out the contents on the storage media.
Do you want to proceed installing it [y|N]: y
Proceeding with upgrade. Please do not interrupt.
If the upgrade is interrupted or fails, boot into
Maintenance p_w_picpath again and restart upgrade.
Do you want to retain the configuration [y|N]: y
Backing up FWSM configuration.
Restoring FWSM configuration.
Application p_w_picpath upgrade complete. You can boot the p_w_picpath now.
root@localhost.localdomain#logout
[Connection to 127.0.0.21 closed by foreign host]
MFSC-1#
MFSC-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
MFSC-1(config)#do show bootv
BOOT variable =
CONFIG_FILE variable =
BOOTLDR variable =
Configuration register is 0x2102
Standby not ready to show bootvar
MFSC-1(config)#end
MFSC-1#show boot de
Firewall Module [Mod: 2]:
Anomaly Guard Module [Mod: 6]:
Anomaly Detector Module [Mod: 7]:
MFSC-1#conf t
Enter configuration commands, one per line. End with CNTL/Z..
MFSC-1(config)#boot device module 2 cf:5
Device BOOT variable = cf:5
Warning: Device list is not verified.
MFSC-1(config)#end
MFSC-1#hw-module module 2 reset