IOS
IOS Image Management and Recovery
Manage network device software versions with proper testing and recovery mechanisms for safe upgrades
Contents
Managing the network operating system (NOS) is foundational to maintaining stability, applying security patches, and enabling new features. In Cisco environments, this means backing up and upgrading the Cisco IOS; but similar principles apply across Juniper, Arista, HP, and MikroTik platforms.
A failed IOS upgrade can render a device unbootable, causing major network outages. Proper planning, image verification, and rollback preparation are not optional steps; they are what separates a professional upgrade from a crisis.
23%
Outages from failed upgrades
67%
Breaches exploit unpatched devices
89%
Fewer failures with proper planning
$125K
Average cost of failed upgrade
Pre-Upgrade Planning
| Phase | Task | Key Commands / Actions |
|---|---|---|
| Assessment | Check current version and flash | show version, show flash: |
| Compatibility | Verify hardware support and memory | Cisco Feature Navigator, release notes |
| Documentation | Record current configuration | Backup running + startup config |
| Testing | Lab validation of new image | Test in non-production environment first |
| Scheduling | Plan maintenance window | Off-peak hours, notify stakeholders |
| Rollback Plan | Prepare recovery steps | Keep old image in flash, know ROMMON |
Step 1 — Pre-Upgrade Verification
# Document current state BEFORE touching anything Router# show version Router# show flash: Router# show boot Router# show license # Backup configs to TFTP server Router# copy running-config tftp://192.168.1.100/router01-pre-upgrade-running.cfg Router# copy startup-config tftp://192.168.1.100/router01-pre-upgrade-startup.cfg # Check available flash space Router# show flash: 256487424 bytes total (133018624 bytes free) # New image: 145MB | Free space: 127MB | Action: delete old image first
Image Transfer Methods
TFTP Transfer (Most Common)
Cisco IOS — TFTP Image Copy
Router(config)# ip tftp source-interface GigabitEthernet0/0
Router(config)# exit
Router# copy tftp: flash:
Address or name of remote host []? 192.168.1.100
Source filename []? c2900-universalk9-mz.SPA.157-3.M5.bin
Destination filename? <Enter>
Loading c2900-universalk9-mz.SPA.157-3.M5.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 151552000 bytes]
SCP Transfer (Secure — Recommended)
Cisco IOS — SCP Image Copy
Router(config)# ip scp server enable
Router(config)# exit
Router# copy scp: flash:
Address or name of remote host []? 192.168.1.100
Source username []? admin
Source filename []? /images/c2900-universalk9-mz.SPA.157-3.M5.bin
Destination filename? <Enter>
Always Verify Image Integrity
After transfer, verify the MD5/SHA512 hash matches Cisco's published value:
verify /md5 flash:image-name.bin. A corrupted image that passes through the transfer silently will cause a boot failure after reload.Boot Configuration
Setting Boot Image with Fallback
# Set primary boot image (new version) Router(config)# boot system flash:c2900-universalk9-mz.SPA.157-3.M5.bin # Set fallback to old image (keep it in flash!) Router(config)# boot system flash:c2900-universalk9-mz.SPA.155-3.M4a.bin Router(config)# exit # Verify boot order before reloading Router# show boot BOOT variable = flash:c2900-universalk9-mz.SPA.157-3.M5.bin,12;flash:c2900-universalk9-mz.SPA.155-3.M4a.bin # Save configuration Router# copy running-config startup-config
Do Not Delete the Old Image Yet
Keep the previous IOS image in flash as a fallback until you've confirmed the new version is stable for at least one full business day. Only then delete the old image to reclaim space.
Upgrade Execution and Verification
Execute Upgrade and Verify
# Final checks before reload Router# show boot Router# show flash: Router# show version # Schedule reload (gives time to disconnect gracefully) Router# reload in 5 Proceed with reload? [confirm] --- After reload completes --- # Verify new image loaded correctly Router# show version Cisco IOS Software, Version 15.7(3)M5 # Confirm new version # Verify network functionality Router# show interfaces brief Router# show ip route Router# show ip ospf neighbor Router# ping 8.8.8.8
ROMMON Recovery
If a device fails to boot after an upgrade, ROMMON (ROM Monitor) mode allows you to recover by loading an image from TFTP or USB without a working IOS. This is your last resort before physical replacement.
ROMMON — Boot Recovery via TFTP
# Enter ROMMON: press Ctrl+Break during boot (within 60 seconds) rommon 1 > # Set network parameters rommon 1 > IP_ADDRESS=192.168.1.1 rommon 2 > IP_SUBNET_MASK=255.255.255.0 rommon 3 > DEFAULT_GATEWAY=192.168.1.254 rommon 4 > TFTP_SERVER=192.168.1.100 rommon 5 > TFTP_FILE=c2900-universalk9-mz.SPA.155-3.M4a.bin # Boot from TFTP rommon 6 > tftpdnld # After download completes, boot the image rommon 7 > boot
ROMMON — Password Recovery (Config Register)
rommon 1 > confreg # Current register: 0x2102 (normal boot) rommon 2 > confreg 0x2142 # Bypass startup-config on next boot rommon 3 > boot --- After boot into IOS --- Router> enable Router# copy startup-config running-config # Load old config Router(config)# enable secret NewPassword! Router(config)# config-register 0x2102 # Restore normal boot Router# copy running-config startup-config
Best Practices
Key Recommendations
- Always backup running and startup config before any upgrade
- Verify image MD5/SHA512 hash after transfer:
verify /md5 flash:image.bin - Keep the previous image in flash as a fallback boot option
- Test the upgrade in a lab environment before production deployment
- Schedule upgrades during low-traffic maintenance windows with stakeholder notification
- Configure a fallback boot statement so the device tries the old image if new fails
- Document ROMMON procedure in your runbook; practice it before you need it
- Never delete old IOS images until the new version has been stable for 24+ hours
Subscribe
0 Comments
Oldest