PIX Security Appliance Management
Image upgrade and activation keys

The show version command allows the administrator to display the software version, operating time since the last reboot, processor type, Flash partition type, interface boards, serial number, or BIOS ID, activation key value, license type, such as R or UR, and time stamp for when the configuration was last modified . The serial number listed with the show version command is for the Flash partition BIOS. This number is different from the serial number on the chassis. When a software upgrade is obtained, the serial number that appears in the show version command will be needed, not the chassis number.

The copy tftp flash command enables the administrator to change software images without accessing the TFTP monitor mode. This command can be used to download a software image via TFTP with any PIX Security Appliance model running version 5.1 or later. The image that is downloaded is made available to the PIX on the next reload.

Be sure to configure the TFTP server to point to the image to be downloaded. For example, to download the pix611.bin file from the D: partition on a Windows system whose IP address is 10.0.0.3, access the Cisco TFTP Server View > Options menu and enter the filename path such as, D:\pix_images, where the image is located. Then, to copy the file to the PIX Security Appliance, use the following command: copy tftp://10.0.0.3/pix700.bin flash .

The TFTP server receives the command and determines the actual file location from its root directory information. The server then downloads the TFTP image to the PIX.

NOTE:

The TFTP server must be running when the copy tftp command is entered on the PIX Security Appliance.

Entering a New Activation Key
The license for the PIX Security Appliance can be upgraded using the CLI . Before entering the activation key, ensure that the image in Flash and the running image are the same. This can be done by rebooting the PIX before entering the new activation key. The PIX will also need to be rebooted after the new activation key is entered for the change to take effect.

Enter the activation-key-four-tuple as a four-element hexadecimal string with one space between each element, or activation-key-five-tuple as a five-element hexidecimal string with one space between each element as follows:

0xe02888da 0x4ba7bed6 0xf1c123ae 0xffd8624e

The leading 0x specifier is optional. All values are assumed to be hexadecimal. The key is not stored in the configuration file. The key is tied to the serial number.

Use the activation-key command to enter an activation key. In this command, replace activation-key-four-tuple with the activation key obtained with the new license as follows:

activation-key 0x12345678 0xabcdef01 0x2345678ab 0xcdef01234

After the activation key is entered, the system will display an indication that the activation key has been successfully changed.

Reload the PIX Security Appliance to activate the Flash activation key.

Upgrading the Image and the Activation Key
If the image is being upgraded to a newer version and the activation key is also being changed, reboot the system twice, as shown in Figure . After the key update is complete, the system is reloaded a second time, so the updated licensing scheme can take effect.

If an image is being downgraded, The PIX Security Appliance will only need to be rebooted once, after installing the new image. In this situation, the old key is both verified and changed with the current image.

To view the current activation key, enter the show activation-key command. Figure shows error messages that may be returned in the output from this command, along with steps that can be taken to resolve the errors.


Lab Activity

e-Lab Activity: Upgrade the PIX Security Appliance Software Image

In this lab, the student will initialize the PIX Security Appliance by loading the latest software image and configuring console access. The student will also become familiar with the general maintenance commands.