If you have ever upgraded the IOS on a Cisco Switch or Router, you may have just copied the new IOS file from a tftp server and then rebooted without thinking twice about it. This generally works and I've done my fair share of upgrades without checking the file integrity in the past. However, there is a safer way to upgrade: the Verify command.
After copying your file from whatever source (ftp, tftp, scp, etc), you simply type verify and the filename and it does the rest. Here's what it looks like:
Router#verify flash:c1841-ipbasek9-mz.124-24.T.bin Verifying file integrity of flash:c1841-ipbasek9-mz.124-24.T.bin............. ............................................................................. ........................................... several thousand dots truncated ............................................................................. ............................................................................. ...............................................Done! Embedded Hash MD5 : A51F5C72743BAB116E72E58F4A8D2BB2 Computed Hash MD5 : A51F5C72743CFC116E72E58F4A8D2BB2 CCO Hash MD5 : 8F8DED53AF421719DB699DF5ADC891E0 Embedded hash verification successful. Router#
As you can see from the output, the MD5 hash value is calculated and then compared to an embedded hash in the file. Obviously if the file were modified or corrupted during transport, it would show up here.
Another way to verify the file is to include the /verify option when copying a file. It does the same function as the example above, however it performs it immediately after the copy is complete. Here's the syntax:
Router#copy ? /erase Erase destination file system. /error Allow to copy error file. /noverify Don't verify image signature before reload. /verify Verify image signature before reload.
Router# copy /verify ftp:/filename.bin flash:
I haven't seen an MD5 hash come back labeled as "bad" yet, but I have seen a corrupt file simply not work with the verify command:
Router#verify example.bin File example.bin does not support verification.
That's all there is to it. So, be sure to check your files when you're upgrading IOS.. before you reboot.
No comments:
Post a Comment