[c-nsp] 7500 Boot Image

Pete Templin petelists at templin.org
Wed Jun 14 15:41:10 EDT 2006


Gustavo Rodrigues Ramos wrote:

> There are two main reasons I can see. First of all if you are afraid of
> a security vulnerability. I also have to upgrade my boxes when I need
> some feature not available in old IOS versions. However, I've got a lot
> of problems when I did upgrades in my 7500 boxes a couple of months ago.

He's talking about the boot image, which has no support for routing 
protocols and therefore the box is likely unreachable during the brief 
period while it's running the boot image to then boot the full image. 
If it's not reachable, it's essentially NOT vulnerable.

However, I've seen issues going between 12.0S and 12.2S where my tacacs+ 
passwords were incompatible between the two trains.  Having the boot 
image in the same train is probably a smart choice.  I tend to sync my 
boot images after the first boot, for simple anal retentive issues.

pt


More information about the cisco-nsp mailing list