Solved: Catalyst CPLD upgrade absolutely necessary?

goyourmin · ‎11-04-2023

hello!

While observing after the update, I found out that it was CPLD Version.

[Question summary]
Q1. I'm not sure. Is it necessary to upgrade the CPLD version in Catalyst?

Q2. Is it possible to perform CPLD upgrade in Catalyst without <filename.pkg> next to bootflash:?

-upgrade hw-programmable cpld filename bootflash: rp standby

Q3. Do I need to delete the "Server internal" config after the CPLD upgrade is complete?

[story content]

When I read the Cisco documentation, I found out that I had an old version of CPLD and that I had to run additional commands to upgrade to the new version.

Q1. I'm not sure. Is it necessary to upgrade the CPLD version in Catalyst?

Also, if I need to upgrade, can I just follow the documentation?

I have a question about this process.

ex)

Device# configure terminal
Device(config)# service internal
Device(config)# exit
Device# upgrade hw-programmable cpld filename bootflash: rp standby
Device# redundancy force-switchover

Q2.

For the ASR platform, you must enter <filename.pkg> as shown below.
"upgrade hw-programmable cpld filename bootflash:<filename.pkg> rp standby"

Is it possible to perform cpld upgrade in Catalyst without <filename.pkg> next to bootflash:?

"upgrade hw-programmable cpld filename bootflash: rp standby"

Q3. Do I need to delete the "Server internal" config after the CPLD upgrade is complete?

-link

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9400/software/release/17-9/release_notes/ol-17-9-9400/rommon_versions.html

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9400/software/release/17-9/release_notes/ol-17-9-9400/upgrading_the_switch_software.html

Best regards,

Leo Laohoo · ‎11-05-2023

Because I never upgrade the CPLD. I always upgrade the ROMMON.

View solution in original post

Rich R · ‎11-12-2023

@goyourmin CPLD upgrades are platform and model specific.
Sometimes they are mandatory to support new software, ROMMON or modules.
They are also sometimes used to address hardware/firmware level security vulnerabilities.
The documentation is patchy and variable in quality but you generally have to patch together the answers from IOS release notes, TAC recommended version guides, CISCO PSIRT Security Advisories and firmware/CPLD upgrade guides.
If you don't use the versions recommended in the release notes and guides then you might encounter unexpected problems and behaviour because Cisco only test the hardware and software combinations listed there.

What is the switch model you are referring to?
What version of software are you using?

> Do I need to delete the "Server internal" config after the CPLD upgrade is complete?
You mean "service internal"? Yes (no service internal) - it is only needed to enable certain debug level commands which Cisco don't believe should normally be exposed on the CLI. It does no specific harm leaving it enabled but Cisco would recommend leaving it disabled when you don't specifically need it.

> Is it possible to perform cpld upgrade in Catalyst without <filename.pkg> next to bootflash:?
That's what the instructions say... Commands often do vary slightly between different platforms because the developers in different Cisco business units sometimes implement them differently and that can also be necessary with different hardware platforms.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

View solution in original post

Leo Laohoo · ‎11-05-2023

For Catalyst switches (and only switches), do not make any attempt(s) to upgrade the golden capsule. (The golden capsule is a back-up of the ROMMON. In case the active ROMMON fails, the secondary is meant to take over.)

I have to main reasons why I do not recommend Golden Capsule Upgrade:

1. If the ROMMON fails or gets corrupted, do not waste any more time and RMA the switch. Period.

2. Cisco does not test these codes. Cisco do not have the resources to test these codes. The chance of the Golden Capsule getting corrupt or completely bricks the switch (because of upgrading the Golden Capsule) is high.

goyourmin · ‎11-05-2023

sorry. I didn't understand. I didn't understand the term the golden capsule.
likewise, Aren’t ROMMON and CPLD completely different things?

There is this passage about CPLD in the second link I provided in the text.
"CPLD version upgrade process must be completed after upgrading the software image."

Looking at this sentence alone, it looks like Cisco recommended CPLD upgrade.

Leo Laohoo · ‎11-05-2023

ROMMON upgrade is mandatory. If the ROMMON does not get upgraded, there is a chance the router will not boot the desired firmware version.

Depending on the model of the router, ROMMON-to-IOS-firmware matrix are "hidden". Some router models have this, others do not.

goyourmin · ‎11-05-2023

sorry. I have completed upgrading ROMMON. Sorry, I asked a question about CPLD, but I didn't understand why you answered about ROMMON.

Leo Laohoo · ‎11-05-2023

Because I never upgrade the CPLD. I always upgrade the ROMMON.

goyourmin · ‎11-06-2023

Thank you very much for your help as always.

However, that sentence in the Cisco documentation confuses me.

I understand this to mean that CPLD must be upgraded.
"CPLD version upgrade process must be completed after upgrading the software image."

Leo Laohoo · ‎11-06-2023

No idea because I have never made any attempts to upgrade the CPLD.

Leo Laohoo · ‎11-05-2023

For routers, always upgrade the ROMMON.

Rich R · ‎11-12-2023

@goyourmin CPLD upgrades are platform and model specific.
Sometimes they are mandatory to support new software, ROMMON or modules.
They are also sometimes used to address hardware/firmware level security vulnerabilities.
The documentation is patchy and variable in quality but you generally have to patch together the answers from IOS release notes, TAC recommended version guides, CISCO PSIRT Security Advisories and firmware/CPLD upgrade guides.
If you don't use the versions recommended in the release notes and guides then you might encounter unexpected problems and behaviour because Cisco only test the hardware and software combinations listed there.

What is the switch model you are referring to?
What version of software are you using?

> Do I need to delete the "Server internal" config after the CPLD upgrade is complete?
You mean "service internal"? Yes (no service internal) - it is only needed to enable certain debug level commands which Cisco don't believe should normally be exposed on the CLI. It does no specific harm leaving it enabled but Cisco would recommend leaving it disabled when you don't specifically need it.

> Is it possible to perform cpld upgrade in Catalyst without <filename.pkg> next to bootflash:?
That's what the instructions say... Commands often do vary slightly between different platforms because the developers in different Cisco business units sometimes implement them differently and that can also be necessary with different hardware platforms.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

goyourmin · ‎11-20-2023

Hello. I've seen the response history late.
I was unable to proceed with the CPLD upgrade as per my concerns.