IOS system files basic
To better meet the requirements of the different market segments, the software is organized into software release families and software trains.
A software release family is comprised of multiple IOS software release versions that:
- Share a code base
- Apply to related hardware platforms
- Overlap in support coverage (as one OS comes to end-of-life, another OS is introduced and supported)
Examples of IOS software releases, within a software release family, include 12.3, 12.4, 15.0, and 15.1, note that there is no 13 and 14.
Along with each software release, there are new versions of the software created to implement bug fixes and new features. IOS refers to these versions as trains.
- Mainline Train:The Cisco IOS Software 12.4 train is considered the mainline train. The mainline train receives mostly software (bug) fixes with the goal of increasing software quality.
- MD: The mainline train releases are also designated as Maintenance Deployment releases (MD).
- T train: A mainline train is always associated with a technology train (T train). A T train, such as 12.4T, receives the same software bug fixes as the mainline train. The T train also receives new software and hardware support features. Releases in the Cisco IOS Software 12.4T train are considered Early Deployment (ED) releases.
- S train: An S train will contain specific features designed to meet service provider requirements.
An example of the numbering scheme is shown in the figure for both the mainline and T trains:
- The software release numbering scheme for a mainline train is composed of a train number, a maintenance identifier, and a rebuild identifier.
For example, the Cisco IOS Software Release 12.4(21a) is a mainline train.
- The release for a T train is composed of a train number, a maintenance identifier, a train identifier, and a rebuild identifier.
For example, Cisco IOS Software Release 12.4(20)T1 belongs to the Cisco IOS Software 12.4T train.
- Each maintenance identifier of Cisco IOS Software 12.4 mainline, such as 12.4(7), includes additional software and maintenance fixes. This change is indicated with the number within the parentheses. Each maintenance release of Cisco IOS Software 12.4T, such as 12.4(20)T, includes these same software fixes, along with additional software features, and hardware support.
- Cisco uses rebuilds of an individual release to integrate fixes for significant issues. This reduces the possible impact on customers who have already deployed and certified an individual release. A rebuild typically includes fixes to a limited number of software defects, which are known as caveats. It is indicated by a lowercase letter inside the parenthesis of mainline trains, or by a final number in other trains.
For example, Cisco IOS Software Release 12.4(21) received a few caveat fixes and the resulting rebuild was named 12.4(21a). Similarly, 12.4(15)T8 is the eighth rebuild of 12.4(15)T. Each new rebuild increments the rebuild identifier and delivers additional software fixes on an accelerated schedule, prior to the next planned individual release. The criteria for making changes in a rebuild are strict.
A single set of individual release numbers are used for all Cisco IOS Software 12.4 trains. Cisco IOS Software Maintenance Release 12.4 and Cisco IOS Software Release 12.4T use a pool of individual release numbers that are shared across the entire Cisco IOS Software 12.4 release family. Cisco IOS Software Release 12.4(6)T was followed by 12.4(7)T and 12.4(8)T. This permits the administrator to track changes introduced in the code.
Note: Any caveat that is fixed in a T train release should be implemented in the next mainline release.
Prior to Cisco IOS Software Release 15.0, Cisco IOS Software Packaging consisted of eight packages for Cisco routers, as shown in the figure. This packaging scheme was introduced with the Cisco IOS Software 12.3 mainline train and was later used in other trains. The image packaging consists of eight IOS images, three of which are considered premium packages.
The five non-premium packages are:
- IP Base – IP Base is the entry level Cisco IOS Software Image
- IP Voice – Converged voice and data, VoIP, VoFR, and IP Telephony
- Advanced Security – Security and VPN features including Cisco IOS Firewall, IDS/IPS, IPsec, 3DES, and VPN
- SP (Service Provider) Services – Adds SSH/SSL, ATM, VoATM, and MPLS to IP Voice
- Enterprise Base – Enterprise protocols: Appletalk, IPX, and IBM Support
Note: Starting with the Cisco IOS Software 12.4 release family SSH is available in all images.
Three other premium packages offer additional IOS software feature combinations that address more complex network requirements. All features merge in the Advanced Enterprise Services package. This package integrates support for all routing protocols with Voice, Security, and VPN capabilities:
- Advanced Enterprise Services – Full Cisco IOS Software features
- Enterprise Services – Enterprise Base and Service Provider Services
- Advanced IP Services – Advanced Security, Service Provider Services, and support for IPv6
Note: The Cisco Feature Navigator is a tool used to find the right Cisco operating system depending on the features and technologies needed.
Following the Cisco IOS 12.4(24)T release, the next release of Cisco IOS Software was 15.0, no 13, 14.
IOS 15.0 provides several enhancements to the operating system including:
- New feature and hardware support
- Broadened feature consistency with other major IOS releases
- More predictable new feature release and rebuild schedules
- Proactive individual release support policies
- Simplified release numbering
- Clearer software deployment and migration guidelines
Cisco IOS 15.0 uses a different release model from the traditional separate mainline and T trains of 12.4. Instead of diverging into separate trains, Cisco IOS Software 15 mainline and T will have extended maintenance release (EM release) and standard maintenance release (T release). With the new IOS release model, Cisco IOS 15 mainline releases are referred to as M trains.
Beginning with 15.0, new releases in the form of a T train are available approximately two to three times per year. EM releases are available approximately every 16 to 20 months. T releases enable faster Cisco feature delivery before the next EM release becomes available.
An EM release incorporates the features and hardware support of all the previous T releases. This makes newer EM releases available that contain the full functionality of the train at the time of release.
In summary, the benefits of the new Cisco IOS release model include:
- Feature inheritance from Cisco IOS Software Releases 12.4T and 12.4 mainline
- New feature releases approximately two to three times a year delivered sequentially from a single train
- EM releases approximately every 16 to 20 months and includes new features
- T releases for the very latest features and hardware support before next EM release becomes available on Cisco.com
- Maintenance rebuilds of M and T releases contain bug fixes only
Extended Maintenance Release
The EM release is ideal for long-term maintenance, enabling customers to qualify, deploy, and remain on the release for an extended period. The mainline train incorporates features delivered in previous releases plus incremental new feature enhancements and hardware support.
The first maintenance rebuild (for bug fixes only, not new features or new hardware support) of Release 15.0(1)M is numbered 15.0(1)M1. Subsequent maintenance releases are defined by an increment of the maintenance rebuild number (i.e., M2, M3, etc.).
Standard Maintenance Release
The T release is used for short deployment releases ideal for the latest new features and hardware support before the next EM release becomes available. The T release provides regular bug fix maintenance rebuilds, plus critical fix support for network affecting bugs such as Product Security Incident Report Team (PSIRT) issues.
The first planned 15 T new feature release is numbered Release 15.1(1)T.
The first maintenance rebuild (for bug fixes only, not new features or new hardware support) of Release 15.1(1)T will be numbered 15.1(1)T1. Subsequent releases are defined by an increment of the maintenance rebuild number (i.e., T2, T3, etc.).
Cisco Integrated Services Routers Generation Two (ISR G2) 1900, 2900, and 3900 Series support services on demand through the use of software licensing. The Services on Demand process enables customers to realize operational savings through ease of software ordering and management. When an order is placed for a new ISR G2 platform, the router is shipped with a single universal Cisco IOS Software image and a license is used to enable the specific feature set packages, as shown in Figure.
There are two types of universal images supported in ISR G2:
- Universal images with the “universalk9” designation in the image name – This universal image offers all of the Cisco IOS Software features, including strong payload cryptography features, such as IPsec VPN, SSL VPN, and Secure Unified Communications.
- Universal images with the “universalk9_npe” designation in the image name – The strong enforcement of encryption capabilities provided by Cisco Software Activation satisfies requirements for the export of encryption capabilities. However, some countries have import requirements that require that the platform does not support any strong cryptography functionality, such as payload cryptography. To satisfy the import requirements of those countries, the npe universal image does not support any strong payload encryption.
With the ISR G2 devices, IOS image selection has been made easier because all features are included within the universal image. Features are activated through licensing. Each device ships with Universal image. The technology packages IP Base, Data, UC (Unified Communications), and SEC (Security), are enabled in the universal image using Cisco Software Activation licensing keys. Each licensing key is unique to a particular device and is obtained from Cisco by providing the product ID and serial number of the router and a Product Activation Key (PAK). The PAK is provided by Cisco at the time of software purchase. The IP Base is installed by default.
Figure below shows the suggested migration for the next generation ISRs from the IOS 12 (IOS Reformation Packaging) to IOS 15 (Simplified Packaging).
The Cisco IOS image file is based on a special naming convention. The name for the Cisco IOS image file contains multiple parts, each with a specific meaning. It is important to understand this naming convention when upgrading and selecting a Cisco IOS Software.
The show flash command displays the files stored in flash memory, including the system image files.
An example of an IOS 12.4 software image name is shown in Figure.
- Image Name (c2800nm) – Identifies the platform on which the image runs. In this example, the platform is a Cisco 2800 router with a network module.
- advipservicesk9 – Specifies the feature set. In this example, advipservicesk9 refers to the advanced IP services feature set which includes both the advanced security and service provider packages, along with IPv6.
K9 is the software feature code.
The K means “kitchen sink” (enterprise for high−end) (same as BX). Not used after Cisco IOS Software Release 10.3
K9 -Greater than 64−bit encryption. On Cisco IOS Software Release 12.2 and up.
- mz – Indicates where the image runs and if the file is compressed. In this example, mz indicates that the file runs from RAM and is compressed.
The most common designation for memory location and compression format is mz. The first letter indicates the location where the image is executed on the router. The locations can include:
- f – flash
- m – RAM
- r – ROM
- l – relocatable
The compression format can be either z for zip or x for mzip. Zipping is a method Cisco uses to compress some run-from-RAM images that is effective in reducing the size of the image. It is self-unzipping, so when the image is loaded into RAM for execution, the first action is to unzip.
So “mz” means its a stored in RAM (m) in Zipped (z) format.
Other compressions identifers
X – Image is MZip compressed
W – Image is Stac compressed
- 124-6.T – The filename format for image 12.4(6)T. This is the train number, maintenance release number, and the train identifier.
- bin – The file extension. This extension indicates that this file is a binary executable file.
Figure above illustrates the different parts of an IOS 15 system image file on an ISR G2 device:
- Image Name (c1900) – Identifies the platform on which the image runs. In this example, the platform is a Cisco 1900 router.
- universalk9 – Specifies the image designation. The two designations for an ISR G2 are universalk9 and universalk9_npe. Universalk9_npe does not contain strong encryption and is meant for countries with encryption restrictions. Features are controlled by licensing and can be divided into four technology packages. These are IP Base, Security, Unified Communications, and Data.
- mz – Indicates where the image runs and if the file is compressed. In this example, mz indicates that the file runs from RAM and is compressed.
- SPA – Designates that file is digitally signed by Cisco.
- 152-4.M3 – Specifies the filename format for the image 15.2(4)M3. This is the version of IOS, which includes the major release, minor release, maintenance release, and maintenance rebuild numbers. The M indicates this is an extended maintenance release.
- bin – The file extension. This extension indicates that this file is a binary executable file.
Note: The Cisco IOS Software naming conventions, field meaning, image content, and other details are subject to change.
On most Cisco routers including the integrated services routers, the IOS is stored in compact flash as a compressed image and loaded into DRAM during boot-up. The Cisco IOS Software Release 15.0 images available for the Cisco 1900 and 2900 ISR require 256MB of flash and 512MB of RAM. The 3900 ISR requires 256MB of flash and 1GB of RAM. This does not include additional management tools such as Cisco Configuration Professional (Cisco CP). For complete details, refer to the product data sheet for the specific router.
Manage IOS images
As a network grows, Cisco IOS Software images and configuration files can be stored on a central TFTP server. This helps to control the number of IOS images and the revisions to those IOS images, as well as the configuration files that must be maintained.
Production internetworks usually span wide areas and contain multiple routers. For any network, it is good practice to keep a backup copy of the Cisco IOS Software image in case the system image in the router becomes corrupted or accidentally erased.
Widely distributed routers need a source or backup location for Cisco IOS Software images. Using a network TFTP server allows image and configuration uploads and downloads over the network. The network TFTP server can be another router, a workstation, or a host system.
To create a backup of the Cisco IOS image to a TFTP server, perform the following three steps:
Step 1. Ensure that there is access to the network TFTP server. Ping the TFTP server to test connectivity.
Step 2. Verify that the TFTP server has sufficient disk space to accommodate the Cisco IOS Software image. Use the
show flash0: command on the router to determine the size of the Cisco IOS image file.
Step 3. Copy the image to the TFTP server using the
copy source-url destination-url command.
After issuing the command using the specified source and destination URLs, the user is prompted for the source file name, IP address of the remote host, and destination file name. The transfer will then begin.
Follow these steps to upgrade the software on the Cisco router from TFTP:
Step 1. Select a Cisco IOS image file that meets the requirements in terms of platform, features, and software. Download the file from cisco.com and transfer it to the TFTP server.
Step 2. Verify connectivity to the TFTP server. Ping the TFTP server from the router.
Step 3. Ensure that there is sufficient flash space on the router that is being upgraded. The amount of free flash can be verified using the show flash0: command. Compare the free flash space with the new image file size.Or show version.
Step 4. Copy the IOS image file from the TFTP server to the router using the
copy tftp: flash:command
After issuing this command with specified source and destination URLs, the user will be prompted for IP address of the remote host, source file name, and destination file name. The transfer of the file will begin.
Boot system from a specific image
To upgrade to the copied IOS image after that image is saved on the router’s flash memory, configure the router to load the new image during bootup using the boot system command. Save the configuration. Reload the router to boot the router with new image. After the router has booted, to verify the new image has loaded, use the show version command.
During startup, the bootstrap code parses the startup configuration file in NVRAM for the boot system commands that specify the name and location of the Cisco IOS Software image to load. Several boot system commands can be entered in sequence to provide a fault-tolerant boot plan.
The boot system command is a global configuration command that allows the user to specify the source for the Cisco IOS Software image to load. Some of the syntax options available include:
- Specify the flash device as the source of the Cisco IOS image.
Router(config)# boot system flash0://c1900-universalk9-mz.SPA.152-4.M3.bin
- Specify the TFTP server as a source of Cisco IOS image.
Router(config)# boot system tftp://c1900-universalk9-mz.SPA.152-4.M3.bin
If there are no boot system commands in the configuration, the router defaults to loading the first valid Cisco IOS image in flash memory and running it.
Beginning with Cisco IOS Software release 15.0, Cisco modified the process to enable new technologies within the IOS feature sets. Cisco IOS Software release 15.0 incorporates cross-platform feature sets to simplify the image selection process. It does this by providing similar functions across platform boundaries. Each device ships with the same universal image. Technology packages are enabled in the universal image via Cisco Software Activation licensing keys.
Technology packages that are available:
- IP Base: Offers features found in IP Base IOS image on ISR 1900, 2900, and 3900 + Flexible Netflow + IPv6 parity for IPv4 features present in IP Base. Some of the key features are AAA, BGP, OSPF, EIGRP, IS-IS, RIP, PBR, IGMP, Multicast, DHCP, HSRP, GLBP, NHRP, HTTP, HQF, QoS, ACL, NBAR, GRE, CDP, ARP, NTP, PPP, PPPoA, PPPoE, RADIUS, TACACS, SCTP, SMDS, SNMP, STP, VLAN, DTP, IGMP, Snooping, SPAN, WCCP, ISDN, ADSL over ISDN, NAT-Basic X.25, RSVP, NTP, Flexible Netflow, etc.
- Data: Data features found in SP Services and Enterprise Services IOS image on ISR 1900, 2900, and 3900 e.g. MPLS, BFD, RSVP, L2VPN, L2TPv3, Layer 2 Local Switching, Mobile IP, Multicast Authentication, FHRP-GLBP, IP SLAs, PfR, DECnet, ALPS, RSRB, BIP, DLSw+, FRAS, Token Ring, ISL, IPX, STUN, SNTP, SDLC, QLLC, etc.
- Unified Communications (UC): Offers the UC Features found in IPVoice IOS image on ISR 1900, 2900, and 3900 e.g. TDM/PSTN Gateway, Video Gateway [H320/324], Voice Conferencing, Codec Transcoding, RSVP Agent (voice), FAX T.37/38, CAC/QOS, Hoot-n-Holler, etc.
- Security (SEC): Offers the security features found in Advanced Security IOS image on ISR 1900, 2900, and 3900 e.g. IKE v1 / IPsec / PKI, IPsec/GRE, Easy VPN w/ DVTI, DMVPN, Static VTI, Firewall, Network Foundation Protection, GETVPN, etc.
Note: The IP Base license is a prerequisite for installing the Data, Security, and Unified Communications licenses. For earlier router platforms that can support Cisco IOS Software release 15.0, a universal image is not available. It is necessary to download a separate image that contains the desired features.
Technology Package Licenses
Technology package licenses are supported on Cisco ISR G2 platforms (Cisco 1900, 2900, and 3900 Series routers). The Cisco IOS universal image contains all packages and features in one image. Each package is a grouping of technology-specific features. Multiple technology package licenses can be activated on the Cisco 1900, 2900, and 3900 series ISR platforms.
Note: Use the
show license feature command to view the technology package licenses and feature licenses supported on the router.
When a new router is shipped, it comes preinstalled with the software image and the corresponding permanent licenses for the customer-specified packages and features.
The router also comes with the evaluation license, known as a temporary license, for most packages and features supported on the specified router. This allows customers to try a new software package or feature by activating a specific evaluation license. If customers want to permanently activate a software package or feature on the router, they must get a new software license.
Step 1. Purchase the software package or feature to install.
This may be adding a package to IP Base, such as Security. Software Claim Certificates are used for licenses that require software activation. The claim certificate provides the Product Activation Key (PAK) for the license and important information regarding the Cisco End User License Agreement (EULA). In most instances, Cisco or the Cisco channel partner will have already activated the licenses ordered at the time of purchase and no Software Claim Certificate is provided.
Step 2. Obtain a license.
The next step is to obtain the license, which is actually a license file. A license file, also known as a Software Activation License, is obtained using one of the following options:
- Cisco License Manager (CLM) – This is a free software application available at http://www.cisco.com/go/clm. Cisco License Manager is a standalone application from Cisco that helps network administrators rapidly deploy multiple Cisco software licenses across their networks. Cisco License Manager can discover network devices, view their license information, and acquire and deploy licenses from Cisco. The application provides a GUI that simplifies installation and helps automate license acquisition, as well as perform multiple licensing tasks from a central location. CLM is free of charge and can be downloaded from CCO.
- Cisco License Registration Portal – This is the web-based portal for getting and registering individual software licenses, available at http://www.cisco.com/go/license.
Both of these processes require a PAK number and a Unique Device Identifier (UDI).The PAK is received during purchase.The UDI is a combination of the Product ID (PID), the Serial Number (SN), and the hardware version. The SN is an 11 digit number which uniquely identifies a device. The PID identifies the type of device. Only the PID and SN are used for license creation. This UDI can be displayed using the
show license udi command
This information is also available on a pull-out label tray found on the device. Figure below shows an example of the pull-out label on a Cisco 1941 router.
After entering the appropriate information, the customer receives an email containing the license information to install the license file. The license file is an XML text file with a .lic extension.
Step 3. Install the License
After the license has been purchased, the customer receives a license file. Installing a permanent license requires two steps:
Step 1. Use the
license install stored-location-url privileged exec mode command to install a license file.
Step 2. Reload the router using the privileged exec command
reload. A reload is not required if an evaluation license is active.
Note: Unified Communications is not supported on 1941 routers.
A permanent license is a license that never expires. After a permanent license is installed on a router, it is good for that particular feature set for the life of the router, even across IOS versions. For example, when a UC, SEC, or Data license is installed on a router, the subsequent features for that license are activated even if the router is upgraded to a new IOS release. A permanent license is the most common license type used when a feature set is purchased for a device.
Note: Cisco manufacturing preinstalls the appropriate permanent license on the ordered device for the purchased feature set. No customer interaction with the Cisco IOS Software Activation processes is required to enable that license on new hardware.
The show version command is used after the router is reloaded to verify that license has been installed.
The show license command is used to display additional information about Cisco IOS software licenses. This command displays license information used to help with troubleshooting issues related to Cisco IOS software licenses. This command displays all the licenses installed in the system. In this example, both the IP Base and Security licenses have been installed. This command also displays the features that are available, but not licensed to execute, such as the Data feature set. Output is grouped according to how the features are stored in license storage.
The following is a brief description of the output:
- Feature – Name of the feature
- License Type – Type of license; such as Permanent or Evaluation
- License State – Status of the license; such as Active or In Use
- License Count – Number of licenses available and in use, if counted. If non-counted is indicated, the license is unrestricted.
- License Priority – Priority of the license; such as high or low
Note: Refer to the Cisco IOS 15 command reference guide for complete details on the information displayed in the show license command.
Active Evaluation License
The Evaluation license process has gone through three revisions on the ISR G2 devices. The latest revision, starting with Cisco IOS Releases 15.0(1)M6, 15.1(1)T4, 15.1(2)T4, 15.1(3)T2, and 15.1(4)M Evaluation licenses are replaced with Evaluation Right-To-Use licenses (RTU) after 60 days. An Evaluation license is good for a 60 day evaluation period. After the 60 days, this license automatically transitions into an RTU license. These licenses are available on the honor system and require the customer’s acceptance of the EULA. The EULA is automatically applied to all Cisco IOS software licenses.
license accept end user agreement global configuration mode command is used to configure a one-time acceptance of the EULA for all Cisco IOS software packages and features. After the command is issued and the EULA accepted, the EULA is automatically applied to all Cisco IOS software licenses and the user is not prompted to accept the EULA during license installation.
Router(config)# license accept end user agreement
The command to activate an Evaluation RTU license:
Router# license boot module module-name technology-package package-name
Use the ? in place of the arguments to determine which module names and supported software packages are available on the router. Technology package names for Cisco ISR G2 platforms are:
- ipbasek9 – IP Base technology package
- securityk9 – Security technology package
- datak9 – Data technology package
- uck9 – Unified Communications package (not available on 1900 series)
Note: A reload using the reload command is required to activate the software package.
Evaluation licenses are temporary, and are used to evaluate a feature set on new hardware. Temporary licenses are limited to a specific usage period (for example, 60 days).
Saved licenses are restored by using the license install command.
The command to back up a copy of the licenses on a device is:
Router# license save file-sys://lic-location
Use the show flash0: command to verify that the licenses have been saved.
The license storage location can be a directory or a URL that points to a file system. Use the ? command to see the storage locations supported by a device.
uninstall the license
To clear an active permanent license from the Cisco 1900 series, 2900 series, and 3900 series routers, perform the following steps:
Step 1. Disable the technology package.
- Disable the active license with the command:
Router(config)# license boot module module-name technology-package package-name disable
- Reload the router using the reload command. A reload is required to make the software package inactive.
Step 2. Clear the license.
- Clear the technology package license from license storage.
Router# license clear feature-name
- Clear the license boot module module-name technology-package package-name disable command used for disabling the active license:
Router(config)# no license boot module module-name technology-package package-name disable
Note: Some licenses, such as built-in licenses, cannot be cleared. Only licenses that have been added by using the license install command are removed. Evaluation licenses are not removed.