Just as patching Windows is regular event so should be updating your networking equipment. New updates not only fix security holes and bugs but they often enable new features (and deprecate others).
Keeping everything up to date also aids in keeping your environment standardized. You won’t have to keep a separate template for every flavor of IOS you have deployed across the same devices.
This will also make it easier for you to come up with more secure templates since you’ll just have one standard template to run through tools like Nipper to ensure you’re following best practices.
How to Upgrade Cisco IOS Switches and Routers
Before we get to the steps I want to point out that there will be some variation in update steps between single switches and stack switches as well as between switches and routers. Hopefully the steps below are close enough that you can extrapolate them to your specific type of hardware.
Plus, let’s be honest, IOS doesn’t change THAT much across devices and deployments and we both know you’re a smart cookie!
In this tutorial I’m going to lists the steps for upgrading a stack of 2960-X switches. The steps for a single switch are very similar except you’ll only be working with one flash directory and it will most likely be named flash or bootflash instead of flash1, flash2, etc…
To be completely honest, the additional flash steps below will be a little redundant since updating the master should update all member switches as well. When the master comes up it will see a version mismatch and begin updating and reloading the members. For the purpose of demonstration, I wanted to do it the long way, which subsequently has a shorter downtime while the stack reloads.
Step 1. Verify Current Cisco IOS Version
Before starting any upgrades, you need to establish your baseline. For me that is verifying what the current IOS version running on the switch is so I can compare it to the release notes of the version I’m upgrading to so I can make any intermediate upgrades if need be.
Start by entering enable mode and running a show switch:
LAB2960X# show switch Switch/Stack Mac Address : 0012.efgh.4567 H/W Current Switch# Role Mac Address Priority Version State ---------------------------------------------------------- *1 Master 0012.efgh.4567 10 0 Ready 2 Member 0012.efgh.5678 1 0 Ready
This command may be unavailable on a single switch deployment.
Once you know how many switches you’re working with you can inspect the contents of the flash to see what version the .bin files are. Verify the contents by running:
LAB2960X# dir flash1: 3 -rwx 21268480 Jun 1 2018 14:28:52 -05:00 c2960x-universalk9-mz.152-2.E6.bin LAB2960X# dir flash2: 3 -rwx 21268480 Jun 1 2018 14:28:52 -05:00 c2960x-universalk9-mz.152-2.E6.bin
This will tell you what version currently exists in flash which may be helpful if you need to return this version because of problems with the new firmware.
Finally, lets run a show ver to see the version that’s currently running and make sure everything lines up.
LAB2960X# show ver Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 48 WS-C2960X-48TS-L 15.2(2)E6 C2960X-UNIVERSALK9-MZ 2 48 WS-C2960X-48TS-L 15.2(2)E6 C2960X-UNIVERSALK9-MZ
Step 2. Download the Latest IOS Image
This step is pretty self-explanatory. All I’ll add is that you need to check the release notes to make sure there aren’t any intermediate update jumps you need to make between your current IOS version and the one you’re update to.
You also need to make sure you don’t need to update Boot Rom or ROMMON (chassis switches) or anything like that to support the latest update.
Step 3. Delete Old IOS Image from Flash if Short on Space
Space permitting, I like to update first and verify everything works before deleting the old firmware version from flash. Sometimes that’s not possible and you’ll have to delete the existing image first to make room.
To delete the image run:
LAB2960X# delete /f /r flash1:c2960x-universalk9-mz.152-2.E6.bin LAB2960X# delete /f /r flash2:c2960x-universalk9-mz.152-2.E6.bin
/f is for Force and /r is for recursive.
Verify the contents of the flash are clear by running:
LAB2960X# dir flash1: LAB2960X# dir flash2:
Step 4. Upload the New IOS Image to Flash
To upload images I run a small tftp server on my workstation, set my workstation to an IP on the same network as my switch, and connect the workstation to a switchport via ethernet.
To start the copy process run:
LAB2960X# copy tftp flash1 >Address or name of remote host? 192.168.1.10 >source filename? c2960x-universalk9-mz.152-4.E6.bin >Destination filename? c2960x-universalk9-mz.152-4.E6.bin
Verify the image copied by checking the flash yet again:
LAB2960X# dir flash1: 3 -rwx 21268480 Sep 11 2018 14:28:52 -05:00 c2960x-universalk9-mz.152-4.E6.bin
Take the extra minute and make sure the MD5 checksum of the uploaded file matches that given on the Cisco website to make sure the file integrity is good:
LAB2960X# verify /md5 flash1:c2960x-universalk9-mz.152-4.E6.bin
Repeat for the remaining switches in the stack:
LAB2960X# copy tftp flash2: # dir flash2: 3 -rwx 21268480 Sep 11 2018 14:28:52 -05:00 c2960x-universalk9-mz.152-4.E6.bin # verify /md5 flash2:c2960x-universalk9-mz.152-4.E6.bin
Step 5. Update the Boot Path List in the Config
First, we need to make sure that the config register is set to 0xF (on 2900, 3700, etc series switches) or 0x2102 (on 4500 and other chassis switches). This will ensure the switch uses whatever image is specified in the config rather than booting the first on the flash. To do so run show ver and skip to the bottom to find current config register like so:
LAB2960X# show ver Configuration register is 0xF
If you’re updating a chassis switch such as a 4500 series and the config register is not set to 0x2102 then enter enable mode and run:
LAB2960X# conf t LAB2960X(config)# configure-register 0x2102
Update the config with the new boot path:
LAB2960X# conf t LAB2960X(config)# boot system switch all flash:c2960x-universalk9-mz.152-4.E6.bin
On some older switches/IOS versions you may need to delete the “switch all” from the above command example.
Step 6. Save the Running-Config to the Startup-Config and Reload
We need to save our changes to the config and reload the switch so it can load the latest firmware we copied to the flash. Run:
LAB2960X# show boot BOOT path-list: flash:c2960x-universalk9-mz.152-4.E6.bin LAB2960X# copy run start LAB2960X# reload
Step 7. Verify Switch Loaded to Latest Firmware
Once your switch has fully booted up you need to make sure it actually loaded to the latest firmware. A quick show ver will tell you all you need to know:
LAB2960X# show ver Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 48 WS-C2960X-48TS-L 15.2(4)E6 C2960X-UNIVERSALK9-MZ 2 48 WS-C2960X-48TS-L 15.2(4)E6 C2960X-UNIVERSALK9-MZ
Once you’ve confirmed that your switch has loaded the right image you can give the config and port status a twice over to make sure everything came back up as it should.
Recommended for You: Solarwinds Network Configuration Manager (NCM)What would you do if one of your pieces of networking equipment failed? Could you rebuild it quickly? Do you know exactly what configuration it had? What ports were on what vlan? What about port channels?
You get the point.
Automate backing up configurations and updating of all your switching, routing, and firewall equipment without needing to know a single line of code with Solarwinds Network Configuration Manager.
This is one of those tools that pays for itself in man hours the first time you need to rely on it. Plus, you’ll sleep easier knowing you really have backed up all the things.