INTRODUCTION
IOS = Internetwork Operating System
Un IOS est un système d’exploitation développé par CISCO pour les équipements CISCO.
Les anciens IOS
Problématique pour CISCO :
– Pas assez rentable car facilement duplicable.
Vérification :
Router# show version Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T1 , RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 18-Jul-07 06:21 by pt_rel_team ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1) Copyright (c) 2000 by cisco Systems, Inc. System returned to ROM by power-on System image file is "c2800nm-advipservicesk9-mz.124-15.T1.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory Processor board ID JAD05190MTZ (4292891495) M860 processor: part number 0, mask 49 2 FastEthernet/IEEE 802.3 interface(s) 239K bytes of NVRAM. 62720K bytes of processor board System flash (Read/Write) Configuration register is 0x2102
Les nouveaux IOS
Lorsque l’on achète un équipement actif CISCO, il est fourni avec un IOS propre à la série de l’équipement. Cet IOS est un IOS dit “IP BASE“.
Nous pouvons lui rajouter 3 modules différents :
– DATA
– VOICE (pour activer les fonctions liées à la VOIP)
– SECURITY (pour activer les fonctions de cryptologies)
Router# show version Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2012 by Cisco Systems, Inc. Compiled Thurs 5-Jan-12 15:41 by pt_team ROM: System Bootstrap, Version 15.1(4)M4, RELEASE SOFTWARE (fc1) cisco2901 uptime is 33 seconds System returned to ROM by power-on System image file is "flash0:c2900-universalk9-mz.SPA.151-1.M4.bin" Last reload type: Normal Reload This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco CISCO2901/K9 (revision 1.0) with 491520K/32768K bytes of memory. Processor board ID FTX152400KS 2 Gigabit Ethernet interfaces DRAM configuration is 64 bits wide with parity disabled. 255K bytes of non-volatile configuration memory. 249856K bytes of ATA System CompactFlash 0 (Read/Write) License Info: License UDI: ------------------------------------------------- Device# PID SN ------------------------------------------------- *0 CISCO2901/K9 FTX1524C7FA Technology Package License Information for Module:'c2900' ---------------------------------------------------------------- Technology Technology-package Technology-package Current Type Next reboot ----------------------------------------------------------------- ipbase ipbasek9 Permanent ipbasek9 security None None None uc None None None data None None None Configuration register is 0x2102
Router# show license Index 1 Feature: ipbasek9 Period left: Life time License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Index 2 Feature: securityk9 Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: Non-Counted License Priority: None Index 3 Feature: uck9 Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: Non-Counted License Priority: None Index 4 Feature: datak9 Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: Non-Counted License Priority: Medium
Nous voulons mettre en place un tunnel IPSEC entre deux routeurs. Avec l’IP Base, nous pouvons monter un tunnel GRE mais nous ne pouvons pas lui appliquer de la cryptologie. Nous avons besoin du package “Security“.
Pour ce faire nous allons contacter un CISCO Reseller pour acheter ce package.
Ce dernier va nous fournir un numéro PKT (Product Authorization Key).
Il faudra se connecter sur le site cisco.com, et fournir le numéro PKT ainsi que le numéro UDI.
Le numéro UDI se récupère via la commande “show licence udi”.
Router# show license udi Device# PID SN UDI ------------------------------------------------------------------- *0 CISCO2901/K9 FTX1524C7FA CISCO2951/K9:FTX1524C7FA
– PID = Product ID
– SN = Serial Number
– UDI = Unique Device Identifier
UDI = PID : SN (Exemple : CISCO2951/K9:FTX162883H0)
CISCO va vérifier si le PKT n’est pas déjà lié avec un autre UDI. Si ce n’est pas le cas, il va générer et nous envoyer notre licence.
Il nous reste plus qu’à l’installer :
Router# license install usbflash1:FTX1524C7FA_201703171233752126.lic
Installing...Feature:securityk9...Successful:Supported
1/1 licenses were successfully installed
0/1 licenses were existing licenses
0/1 licenses were failed to install
Feb 11 22:35:20.786: %LICENSE-6-INSTALL: Feature securityk9 1.0 was installed in
this device. UDI=CISCO2901/K9:FTX1524C7FA; StoreIndex=1:Primary License Storage
Aug 10 21:31:21.038: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name=
c2900 Next reboot level = securityk9 and License = securityk9
Router# reload
Dès que notre routeur à redémarrer, il ne nous reste plus qu’à vérifier si l’installation c’est bien passé :
Router# show license Index 1 Feature: ipbasek9 Period left: Life time License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Index 2 Feature: securityk9 Period left: Life time License Type: Permanent License State: Active, in Use License Count: Non-Counted License Priority: None Index 3 Feature: uck9 Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: Non-Counted License Priority: None Index 4 Feature: datak9 Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: Non-Counted License Priority: Medium
Cisco Licence Manager
Cisco licence Manager (CLM) est un logiciel CISCO qui permet de gérer toutes les licences CISCO du parc informatique. Il est gratuit.
Cliquer ici pour le télécharger => ICI (cisco.com)
Cliquer ici pour voir la procédure d’installation => ICI (cisco.com)
ET VOILA !
En espérant avoir pu vous aidez !
N’hésitez pas si vous avez des questions ou si vous avez des informations à apporter !!
FingerInTheNet