Upgrade Cisco IOS Switch Step-by-Step

Just as patching Windows is regular event so should be updating your networking equipment. New updates not only fix security holes and bugs but they often enable new features (and deprecate others).

Keeping everything up to date also aids in keeping your environment standardized. You won’t have to keep a separate template for every flavor of IOS you have deployed across the same devices.

This will also make it easier for you to come up with more secure templates since you’ll just have one standard template to run through tools like Nipper to ensure you’re following best practices.

How to Upgrade Cisco IOS Switches and Routers

Before we get to the steps I want to point out that there will be some variation in update steps between single switches and stack switches as well as between switches and routers. Hopefully the steps below are close enough that you can extrapolate them to your specific type of hardware.

Plus, let’s be honest, IOS doesn’t change THAT much across devices and deployments and we both know you’re a smart cookie!

In this tutorial I’m going to lists the steps for upgrading a stack of 2960-X switches. The steps for a single switch are very similar except you’ll only be working with one flash directory and it will most likely be named flash or bootflash instead of flash1, flash2, etc…

To be completely honest, the additional flash steps below will be a little redundant since updating the master should update all member switches as well. When the master comes up it will see a version mismatch and begin updating and reloading the members. For the purpose of demonstration, I wanted to do it the long way, which subsequently has a shorter downtime while the stack reloads.

Step 1. Verify Current Cisco IOS Version

Before starting any upgrades, you need to establish your baseline. For me that is verifying what the current IOS version running on the switch is so I can compare it to the release notes of the version I’m upgrading to so I can make any intermediate upgrades if need be.

Start by entering enable mode and running a show switch:

LAB2960X# show switch
Switch/Stack Mac Address : 0012.efgh.4567
                                           H/W   Current
Switch#  Role   Mac Address     Priority Version  State
*1       Master 0012.efgh.4567     10     0       Ready
 2       Member 0012.efgh.5678     1      0       Ready

This command may be unavailable on a single switch deployment.

Once you know how many switches you’re working with you can inspect the  contents of the flash to see what version the .bin files are. Verify the contents by running:

LAB2960X# dir flash1:
3  -rwx    21268480   Jun 1 2018 14:28:52 -05:00  c2960x-universalk9-mz.152-2.E6.bin

LAB2960X# dir flash2:
3  -rwx    21268480   Jun 1 2018 14:28:52 -05:00  c2960x-universalk9-mz.152-2.E6.bin

This will tell you what version currently exists in flash which may be helpful if you need to return this version because of problems with the new firmware.

Finally, lets run a show ver to see the version that’s currently running and make sure everything lines up.

LAB2960X# show ver
Switch Ports Model                 SW Version          SW Image
------ ----- -----                 ----------          ----------
*    1 48    WS-C2960X-48TS-L      15.2(2)E6           C2960X-UNIVERSALK9-MZ
     2 48    WS-C2960X-48TS-L      15.2(2)E6           C2960X-UNIVERSALK9-MZ

Step 2. Download the Latest IOS Image

This step is pretty self-explanatory. All I’ll add is that you need to check the release notes to make sure there aren’t any intermediate update jumps you need to make between your current IOS version and the one you’re update to.

You also need to make sure you don’t need to update Boot Rom or ROMMON (chassis switches) or anything like that to support the latest update.

Step 3. Delete Old IOS Image from Flash if Short on Space

Space permitting, I like to update first and verify everything works before deleting the old firmware version from flash. Sometimes that’s not possible and you’ll have to delete the existing image first to make room.

To delete the image run:

LAB2960X# delete /f /r flash1:c2960x-universalk9-mz.152-2.E6.bin

LAB2960X# delete /f /r flash2:c2960x-universalk9-mz.152-2.E6.bin

/f is for Force and /r is for recursive.

Verify the contents of the flash are clear by running:

LAB2960X# dir flash1:

LAB2960X# dir flash2:

Step 4. Upload the New IOS Image to Flash

To upload images I run a small tftp server on my workstation, set my workstation to an IP on the same network as my switch, and connect the workstation to a switchport via ethernet.

To start the copy process run:

LAB2960X# copy tftp flash1
>Address or name of remote host?
>source filename? c2960x-universalk9-mz.152-4.E6.bin
>Destination filename? c2960x-universalk9-mz.152-4.E6.bin

Verify the image copied by checking the flash yet again:

LAB2960X# dir flash1:
3  -rwx    21268480   Sep 11 2018 14:28:52 -05:00  c2960x-universalk9-mz.152-4.E6.bin

Take the extra minute and make sure the MD5 checksum of the uploaded file matches that given on the Cisco website to make sure the file integrity is good:

LAB2960X# verify /md5 flash1:c2960x-universalk9-mz.152-4.E6.bin

Repeat for the remaining switches in the stack:

LAB2960X# copy tftp flash2:
# dir flash2:
3  -rwx    21268480   Sep 11 2018 14:28:52 -05:00  c2960x-universalk9-mz.152-4.E6.bin

# verify /md5 flash2:c2960x-universalk9-mz.152-4.E6.bin

Step 5. Update the Boot Path List in the Config

First, we need to make sure that the config register is set to 0xF (on 2900, 3700, etc series switches) or 0x2102 (on 4500 and other chassis switches). This will ensure the switch uses whatever image is specified in the config rather than booting the first on the flash. To do so run show ver and skip to the bottom to find current config register like so:

LAB2960X# show ver

Configuration register is 0xF

If you’re updating a chassis switch such as a 4500 series and the config register is not set to 0x2102 then enter enable mode and run:

LAB2960X# conf t
LAB2960X(config)# configure-register 0x2102

Update the config with the new boot path:

LAB2960X# conf t
LAB2960X(config)# boot system switch all flash:c2960x-universalk9-mz.152-4.E6.bin

On some older switches/IOS versions you may need to delete the “switch all” from the above command example.

Step 6. Save the Running-Config to the Startup-Config and Reload

We need to save our changes to the config and reload the switch so it can load the latest firmware we copied to the flash. Run:

LAB2960X# show boot
BOOT path-list: flash:c2960x-universalk9-mz.152-4.E6.bin
LAB2960X# copy run start
LAB2960X# reload

Step 7. Verify Switch Loaded to Latest Firmware

Once your switch has fully booted up you need to make sure it actually loaded to the latest firmware. A quick show ver will tell you all you need to know:

LAB2960X# show ver
Switch Ports Model                 SW Version          SW Image
------ ----- -----                 ----------          ----------
*    1 48    WS-C2960X-48TS-L      15.2(4)E6           C2960X-UNIVERSALK9-MZ
     2 48    WS-C2960X-48TS-L      15.2(4)E6           C2960X-UNIVERSALK9-MZ

Once you’ve confirmed that your switch has loaded the right image you can give the config and port status a twice over to make sure everything came back up as it should.

Recommended for You: Solarwinds Network Configuration Manager (NCM)

What would you do if one of your pieces of networking equipment failed? Could you rebuild it quickly? Do you know exactly what configuration it had? What ports were on what vlan? What about port channels?

You get the point.

Automate backing up configurations and updating of all your switching, routing, and firewall equipment without needing to know a single line of code with Solarwinds Network Configuration Manager.

This is one of those tools that pays for itself in man hours the first time you need to rely on it. Plus, you’ll sleep easier knowing you really have backed up all the things.

Chase Smith, CCNP

Chase Smith, CCNP is a Network Engineer III who has spent the last decade elbow deep in enterprise system administration and networking. He can usually be found trying to warm up behind the storage in the datacenter.

Leave a Reply

Your email address will not be published.