Cisco IOS Resilient Configuration
The Cisco IOS Resilient Configuration feature enables a router to secure and maintain a working copy of the running image and configuration so that those files can withstand malicious attempts to erase the contents of persistent storage (NVRAM and flash).
Feature History for Cisco IOS Resilient Configuration
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
• Restrictions for Cisco IOS Resilient Configuration, page 1
• Information About Cisco IOS Resilient Configuration, page 2
• How to Use Cisco IOS Resilient Configuration, page 2
• Additional References, page 6
• Command Reference, page 7
Restrictions for Cisco IOS Resilient Configuration
• This feature is available only on platforms that support a Personal Computer Memory Card International Association (PCMCIA) Advanced Technology Attachment (ATA) disk. There must be enough space on the storage device to accommodate at least one Cisco IOS image (two for upgrades) and a copy of the running configuration. IOS Files System (IFS) support for secure file systems is also needed by the software.
Release Modification
Cisco IOS Resilient Configuration Information About Cisco IOS Resilient Configuration
• It may be possible to force removal of secured files using an older version of Cisco IOS software that does not contain file system support for hidden files.
• This feature can be disabled only by using a console connection to the router. With the exception of the upgrade scenario, feature activation does not require console access.
• You cannot secure a bootset with an image loaded from the network. The running image must be loaded from persistent storage to be secured as primary.
• Secured files will not appear on the output of a dir command issued from an executive shell because the IFS prevents secure files in a directory from being listed. ROM monitor (ROMMON) mode does not have any such restriction and can be used to list and boot secured files. The running image and running configuration archives will not be visible in the Cisco IOS dir command output. Instead, use the show secure bootset command to verify archive existence.
Information About Cisco IOS Resilient Configuration
Before using Cisco IOS Resilient Configuration, you should understand the following concept:
• Feature Design of Cisco IOS Resilient Configuration, page 2
Feature Design of Cisco IOS Resilient Configuration
A great challenge of network operators is the total downtime experienced after a router has been compromised and its operating software and configuration data erased from its persistent storage. The operator must retrieve an archived copy (if any) of the configuration and a working image to restore the router. Recovery must then be performed for each affected router, adding to the total network downtime.
The Cisco IOS Resilient Configuration feature is intended to speed up the recovery process. The feature maintains a secure working copy of the router image and the startup configuration at all times. These secure files cannot be removed by the user. This set of image and router running configuration is referred to as the primary bootset.
The following factors were considered in the design of Cisco IOS Resilient Configuration:
• The configuration file in the primary bootset is a copy of the running configuration that was in the router when the feature was first enabled.
• The feature secures the smallest working set of files to preserve persistent storage space. No extra space is required to secure the primary Cisco IOS image file.
• The feature automatically detects image or configuration version mismatch.
• Only local storage is used for securing files, eliminating scalability maintenance challenges from storing multiple images and configurations on TFTP servers.
• The feature can be disabled only through a console session.
How to Use Cisco IOS Resilient Configuration
This section contains the following procedures:
• Archiving a Router Configuration, page 3
Cisco IOS Resilient Configuration
How to Use Cisco IOS Resilient Configuration
Archiving a Router Configuration
This task describes how to save a primary bootset to a secure archive in persistent storage.
SUMMARY STEPS
1. enable
2. configure terminal
3. secure boot-image
4. secure boot-config
5. end
6. show secure bootset
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example: Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
Step 3 secure boot-image
Example:
Router(config)# secure boot-image
Enables Cisco IOS image resilience.
Step 4 secure boot-config
Example:
Router(config)# secure boot-config
Stores a secure copy of the primary bootset in persistent storage.
Step 5 end
Example:
Router(config)# end
Exits to privileged EXEC mode.
Step 6 show secure bootset
Example:
Router# show secure bootset
Cisco IOS Resilient Configuration How to Use Cisco IOS Resilient Configuration
Examples
This section provides the following output example:
• Sample Output for the show secure bootset Command, page 4
Sample Output for the show secure bootset Command
The following example displays sample output from the show secure bootset command:
Router# show secure bootset
IOS resilience router id JMX0704L5GH
IOS image resilience version 12.3 activated at 08:16:51 UTC Sun Jun 16 2002 Secure archive slot0:c3745-js2-mz type is image (elf) []
file size is 25469248 bytes, run size is 25634900 bytes Runnable image, entry point 0x80008000, run from ram
IOS configuration resilience version 12.3 activated at 08:17:02 UTC Sun Jun 16 2002 Secure archive slot0:.runcfg-20020616-081702.ar type is config
configuration archive size 1059 bytes
Restoring an Archived Router Configuration
This task describes how to restore a primary bootset from a secure archive after the router has been tampered with (by an NVRAM erase or a disk format).
Note To restore an archived primary bootset, Cisco IOS image resilience must have been enabled and a primary bootset previously archived in persistent storage.
SUMMARY STEPS
1. reload
2. dir [filesystem:]
3. boot [partition-number:][filename]
4. no
5. enable
6. configure terminal
7. secure boot-config [restorefilename]
8. end
Cisco IOS Resilient Configuration
How to Use Cisco IOS Resilient Configuration
DETAILED STEPS
Command or Action Purpose
Step 1 reload
Example: Router# reload
(Optional) Enters ROM monitor mode, if necessary.
Step 2 dir [filesystem:]
Example:
rommon 1 > dir slot0:
Lists the contents of the device that contains the secure bootset file.
• The device name can be found in the output of the show secure bootset command.
Step 3 boot [partition-number:][filename]
Example:
rommon 2 > boot slot0:c3745-js2-mz
Boots up the router using the secure bootset image.
Step 4 no
Example:
System Configuration Dialog ---Would you like to enter the initial configuration dialog? [yes/no]: no
(Optional) Declines to enter an interactive configuration session in setup mode.
• If the NVRAM was erased, the router enters setup mode and prompts the user to initiate an interactive
configuration session.
Step 5 enable
Example: Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 6 configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
Step 7 secure boot-config [restore filename]
Example:
Router(config)# secure boot-config restore slot0:rescue-cfg
Restores the secure configuration to the supplied filename.
Step 8 end
Example:
Router(config)# end
Exits to privileged EXEC mode.
Step 9 copy filename running-config
Example:
Router# copy slot0:rescue-cfg running-config
Cisco IOS Resilient Configuration Additional References
Additional References
The following sections provide references related to Cisco IOS Resilient Configuration.
Related Documents
Standards
MIBs
RFCs
Technical Assistance
Related Topic Document Title
Additional commands: complete command syntax, command mode, defaults, usage guidelines, and examples
The Cisco IOS Configuration Fundamentals and Network Management Command Reference, Release 12.3 T
Standards Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
MIBs MIBs Link
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://www.cisco.com/go/mibs
RFCs Title
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.
—
Description Link
Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
Cisco IOS Resilient Configuration
Command Reference
Command Reference
This section documents only new commands.
• secure boot-config
• secure boot-image
Cisco IOS Resilient Configuration secure boot-config
secure boot-config
To take a snapshot of the router running configuration and securely archive it in persistent storage, use the secure boot-config command in global configuration mode. To remove the secure configuration archive and disable configuration resilience, use the no form of this command.
secure boot-config [restorefilename]
no secure boot-config
Syntax Description
Defaults No default behavior or values.
Command Modes Global configuration
Command History
Usage Guidelines Without any parameters, this command takes a snapshot of the router running configuration and securely archives it in persistent storage. Like the image, the configuration archive is hidden and cannot be viewed or removed directly from the command-line interface (CLI) prompt. We recommend that you run this command after the router has been fully configured to reach a steady state of operation and the running configuration is considered complete for a restoration, if required. A syslog message is printed on the console notifying the user of configuration resilience activation. The secure archive uses the time of creation as its filename. For example, the file named “.runcfg-20020616-081702.ar” was created July 16 2002 at 8:17:02.
The restore option reproduces a copy of the secure configuration archive as the supplied filename (disk0:running-config, slot1:runcfg, and so on). The restore operation will work only if configuration resilience is enabled. The number of restored copies that can be created is unlimited.
The no form of this command removes the secure configuration archive and disables configuration resilience. An enable, disable, enable sequence has the effect of upgrading the configuration archive if any changes were made to the running configuration since the last time the feature was disabled.
The configuration upgrade scenario is similar to an image upgrade. The feature detects a different version of Cisco IOS software and notifies the user of a version mismatch. The same command can be run to upgrade the configuration archive to a newer version after new configuration commands corresponding to features in the new image have been issued.
The correct sequence of steps to upgrade the configuration archive after an image upgrade is as follows:
• Configure new commands.
• Issue the secure boot-config command.
restorefilename (Optional) Reproduces a copy of the secure configuration archive as the supplied filename.
Release Modification
Cisco IOS Resilient Configuration
secure boot-config
Examples The following example shows the command used to securely archive a snapshot of the router running configuration:
secure boot-config
The following example shows the command used to restore an archived image to the file slot0:rescue-cfg:
Router(config)# secure boot-config restore slot0:rescue-cfg
ios resilience:configuration successfully restored as slot0:rescue-cfg
Related Commands Command Description
secure boot-image Enables Cisco IOS image resilience.
Cisco IOS Resilient Configuration secure boot-image
secure boot-image
To enable Cisco IOS image resilience, use the secure boot-image command in global configuration mode. To disable Cisco IOS image resilience and release the secured image so that it can be safely removed, use the no form of this command.
secure boot-image
no secure boot-image
Syntax Description This command has no arguments or keywords.
Defaults No default behavior or values
Command Modes Global configuration
Command History
Usage Guidelines This command enables or disables the securing of the running Cisco IOS image. The following two possible scenarios exist with this command.
• When turned on for the first time, the running image (as displayed in the show version command output) is secured, and a syslog entry is generated. This command will function properly only when the system is configured to run an image from a disk with an Advanced Technology Attachment (ATA) interface. Images booted from a TFTP server cannot be secured. Because this command has the effect of “hiding” the running image, the image file will not be included in any directory listing of the disk. The no form of this command releases the image so that it can be safely removed.
• If the router is configured to boot up with Cisco IOS resilience and an image with a different version of Cisco IOS is detected, a message similar to the following is displayed at bootup:
ios resilience :Archived image and configuration version 12.2 differs from running version 12.3.
Run secure boot-config and image commands to upgrade archives to running version.
To upgrade the image archive to the new running image, reenter this command from the console. A message will be displayed about the upgraded image. The old image is released and will be visible in the
dir command output.
Caution Be careful when copying new images to persistent storage because the existing secure image name might conflict with the new image. To verify the name of the secured archive, run the show secure bootset
command and resolve any name conflicts with the currently secured hidden image.
Release Modification
Cisco IOS Resilient Configuration
secure boot-image
Note After the Cisco IOS image is secured, the resilient configuration feature will deny any requests to copy, modify, or delete the secure archive and will even survive a disk format operation.
Examples The following example shows the activation of image resilience. router(config)# secure boot-image
Related Commands Command Description
dir Displays a list of files on a file system.
secure boot-config Saves a secure copy of the router running configuration in persistent storage.
show secure bootset Displays the status of image and configuration resilience.
Cisco IOS Resilient Configuration show secure bootset
show secure bootset
To display the status of Cisco IOS image and configuration resilience, use the show secure bootset
command in privileged EXEC mode.
show secure bootset
Syntax Description This command has no arguments or keywords.
Command Modes Privileged EXEC
Command History
Usage Guidelines Use the show secure bootset command instead of the dir command, the Cisco IOS directory listing command, to verify the existence of an image archive. This command will also display output that shows whether the image or configuration archive is ready for upgrade.
Examples The following is self-explanatory sample output from the show secure bootset command: Router# show secure bootset
%IOS image and configuration resilience is not active
Router# show secure bootset
IOS resilience router id JMX0704L5GH
IOS image resilience version 12.3 activated at 08:16:51 UTC Sun Jun 16 2002 Secure archive slot0:c3745-js2-mz type is image (elf) []
file size is 25469248 bytes, run size is 25634900 bytes Runnable image, entry point 0x80008000, run from ram
IOS configuration resilience version 12.3 activated at 08:17:02 UTC Sun Jun 16 2002 Secure archive slot0:.runcfg-20020616-081702.ar type is config
configuration archive size 1059 bytes
Related Commands
Release Modification
12.3(8)T This command was introduced.
Command Description
dir Displays a list of files on a file system.
secure boot-config Saves a secure copy of the router running configuration in persistent storage.
Cisco IOS Resilient Configuration
show secure bootset
CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0403R)