Академический Документы
Профессиональный Документы
Культура Документы
Task 1: Secure Cisco IOS Image and Configuration Files on R1 and R3.
The Cisco IOS resilient configuration feature enables a router to secure the running image and maintain a
working copy of the configuration. This ensures that those files can withstand malicious attempts to erase the
contents of persistent storage (NVRAM and flash). This feature secures the smallest working set of files to
preserve persistent storage space. No extra space is required to secure the primary Cisco IOS image file. In
this task, you configure the Cisco IOS Resilient Configuration feature.
Note: Cisco IOS resilient configuration feature is not available on the Cisco 1921 router.
R1# dir
Directory of flash:/
1 -rw4.M8.bin
2 drw9 -rw-
45756600
c1841-advipservicesk9-mz.151-
0
1410
ipsdir
pre_autosec.cfg
Step 2: Secure the Cisco IOS image and archive a copy of the running configuration.
a. The secure boot-image command enables Cisco IOS image resilience, which hides the file from the dir
command and show commands. The file cannot be viewed, copied, modified, or removed using EXEC
mode commands. (It can be viewed in ROMMON mode.) When turned on for the first time, the running
image is secured.
R1(config)# secure boot-image
.Dec 17 25:40:13.170: %IOS_RESILIENCE-5-IMAGE_RESIL_ACTIVE: Successfully secured
running image
b. The secure boot-config command takes a snapshot of the router running configuration and securely
archives it in persistent storage (flash).
R1(config)# secure boot-config
.Dec 17 25:42:18.691: %IOS_RESILIENCE-5-CONFIG_RESIL_ACTIVE: Successfully secured
config archive [flash:.runcfg-20081219-224218.ar]
2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 21 of 61