Hello Dears,

I have to upgrade the IOS for 6500 as compatible with FWSM, can u route me for the proper documentation to upgrade and proper IOS on 6500 switches.

Thanks

Hi again,

If you're wondering about software or hardware capability between FWSM and 6500/7600.

Check out the release notes:

http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/tsd_products_support_model_home.html

Regarding upgrade procedure on 6500, it depends a bit on what you're running (catOS, hybrid, native IOS, VSS?).

Marcin

Hello,

Steps what i wll follow,Please correct me if i m wrong.

• I will upgrade the IOS on 6500 switch as compatible with FWSM??????
• I will upgrade the FWSM from 3.2 to 4.1 on core 1 ????
• After upgrading FWSM on core 1 i hope the cordination of failover will break with the secondary FWSM on core 2 and both will be active, Is it will affect the network traffic.?????
• After upgrading Core 1 FWSM i will move to core 2 FWSM.I doub't the traffic will be disturbed please confirm
• Any configuration commands has been changed in 4.1 as compared to 3.2.

Please confirm me the steps above are OK or please guide me to proper steps.

Thanks

Hi!

You cannot allow both units to go active at the same time - this will cause traffic to be diturbed.

There should not be a moment in time where two units will communicate with different major release - this migh not only break failover communication but on top introduce corruption later on.

There are no changes in command syntax between 3.2 and 4.1 but best practice says - back it up ;-)

Apart from the above, it looks like a decent plan.

Marcin

Hello Marcin

Client is insisting to move from 3.2 to 4.1,

As from ur above mail if u say

There should not be a moment in time where two units will communicate with different major release - this migh not only break failover communication but on top introduce corruption later on

THEN,

What is the decent procedure to upgrade the FWSM as per cisco recommendation.

Thanks

Hi,

The best way ensuring minimum downtime is to:

1) Upload new image to both primary and secondary unit.

2) Make secondary active.

3) Reload primary,

4) WHILE primary is down and booting - but before it comes back online(!!!) reload secondary.

5) Primary comes online and will become active.

6) Secondary comes online and becomes standby.

Well timed step #4 can ensure minimum downtime ;-)

Marcin

Hello Marcin

• Please confirm by below output the RAM is 1024 and the flash is 20 MB from that occupied is 11 MB and free space is 8 MB please correct me if i m wrong???
• I hope there is no incremental upgrade as such like ASA i can jump from 3.2(5) to 4.1(4)???? please confirm.
• I m planning this combination

             c6svc-fwm-k9.4-1-3---------- IOS

             asdm-622f -----------asdm image          Please confirm i have choose correct???

• For 6500 IOS i m uploading 12.2SXH8 OR 12.2SXI4 OR 12.2SXI
• By which command i can see the existing image file and space available and used space

FWSM# sh version

FWSM Firewall Version 3.2(5)
Device Manager Version 5.2(1)F

Compiled on Mon 10-Mar-08 16:03 by fwsmbld

FWSM up 24 days 23 hours
failover cluster up 211 days 22 hours

Hardware:   WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash STI Flash 8.0.0 @ 0xc321, 20MB

0: Int: Not licensed        : irq 5
1: Int: Not licensed        : irq 7
2: Int: Not licensed        : irq 11
The Running Activation Key is not set, using default settings:

Licensed features for this platform:
Maximum Interfaces          : 256      
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled  
VPN-3DES-AES                : Enabled  
Cut-through Proxy           : Enabled  
Guards                      : Enabled  
URL Filtering               : Enabled  
Security Contexts           : 2        
GTP/GPRS                    : Disabled 
BGP Stub                    : Disabled 
VPN Peers                   : Unlimited

FWSM# sh flashfs
flash file system:  version:3  magic:0x00000000
  file 0: origin:       0 length:6058040
  file 1: origin: 6058496 length:5632060
  file 2: origin:11691008 length:1922
  file 3: origin:11693056 length:66919
  file 4: origin:21085696 length:280

FWSM# sh meme
FWSM# sh mem
FWSM# sh memory
Free memory:       784961496 bytes (73%)
Used memory:       288780328 bytes (27%)
-------------     ----------------
Total memory:     1073741824 bytes (100%)

Thanks

Hi!

The FWSM comes only in one model. There are no memory extension cards or antyhing of that sort that can be inroduced on the FWSM blade (as far as I know ;-))

You can upgrade without any problems between 3.x and 4.x provided you are not going to attempt a zero-downtime upgrade.

Regarding ASDM and FWSM version compatibility best place is to check the release notes:

http://www.cisco.com/en/US/docs/security/asdm/6_2f/release/notes/asdmrn62f.html#wp315986

ASDM release notes in general:

http://www.cisco.com/en/US/products/ps6121/prod_release_notes_list.html

The flash drive on FWSM is formatted so you can store only one image and one ASDM file - very similar to how old PIX and PDM behaved.

Regarding IOS version I will not (cannot) make a recommendation regarding software I would say that it's best to investigate what safe harbour is recommending.

http://www.cisco.com/en/US/netsol/ns504/networking_solutions_program_category_home.html

Hope this helps,

Marcin

Hello Marcin,

I want to see the below informationmark in RED which is the command that i have to execute which will display all the below information.

Flash Memory Overview:

The FWSM has a 128-MB Flash memory card that stores the operating system, configurations, and other data. The Flash memory includes six partitions, called cf:n in Cisco IOS and Catalyst operating system software commands:

•Maintenance partition (cf:1)—Contains the maintenance software. Use the maintenance software to upgrade or install application images if you cannot boot into the application partition, to reset the application image password, or to display the crash dump information.

•Network configuration partition (cf:2)—Contains the network configuration of the maintenance software. The maintenance software requires IP settings so that the FWSM can reach the TFTP server to download application software images.

•Crash dump partition (cf:3)—Stores the crash dump information.

•Application partitions (cf:4 and cf:5)—Stores the application software image, system configuration, and ASDM. By default, Cisco installs the images on cf:4. You can use cf:5 as a test partition. For example, if you want to upgrade your software, you can install the new software on cf:5, but maintain the old software as a backup in case you have problems. Each partition includes its own startup configuration.

•Security context partition (cf:6)—64 MB are dedicated to this partition, which stores security context configurations (if desired) and RSA keys in a navigable file system. Other partitions do not have file systems that allow you to perform common tasks such as listing files. This partition is called disk when using the copy command.

Thanks

Hi,

What would you like to verify exactly ;-)

What you as user should need to know if that the FWSM will boot either from cf:1 cf:4 or cf:5 - cf:4 and cf:5 have different configuration and image. cf:1 I basically used in case of recovery. (Lost password and such).

If you doubt that device has been properly formated you can run "format" of "fsck" commands to verify/clear the situation.

Marcin

Hello Marcin

Well i will tell u.

• I want to know enough space in my flash memmory so that i can keep existing IOS and ASDM image,I dont want to delete them b4 upgrading the new images.
• How to check which is my maintenance software release.which command???
• i issue the below commands in my switch but i don't see any such output.

Setting the Default Boot Partition

By default, the FWSM boots from the cf:4 application partition. However, you can choose to boot from the cf:5 application partition or into the cf:1 maintenance partition. Each application partition has its own startup configuration.

To change the default boot partition, enter the following command:

Router(config)# boot device module mod_num cf:n

Where n is 1 (maintenance), 4 (application), or 5 (application).

To view the current boot partition, enter the following command:

Router# show boot device [mod_num]

For example:

Router# show boot device

[mod:1 ]:

[mod:2 ]:

[mod:3 ]:

[mod:4 ]: cf:4

[mod:5 ]: cf:4

[mod:6 ]:

[mod:7 ]: cf:4

[mod:8 ]:

[mod:9 ]:

• If i want to install the IOS in partition C5: what will be the command???

  Step 3 Install the new OS using TFTP:
  hostname# copy tftp://server[/path]/filename flash:

  For example:
  hostname# copy tftp://10.1.1.1/c6svc-fwm-k9.4-1-1.bin flash:

  Thanks

Hey,

the FWSM can have only one flash:image and one flash:asdm file at a time. You cannot use "boot system" command.

Regarding version of maintenance pertition, I believe the best way was to boot into cf:1 and check "show module" (not sure about this one).

Maintenance partition  is something that does not change a lot ;-)

Marcin

Hello Marcin,

• I want to know what is the size of the flash memmory?? what command please
• I want to list the files in partittion C1 ,C4,C5,???? what command please
• If suppose i  want to copy IOS from TFTP to flash on C5 partition what will be the command I hope

       copy tftp://10.1.1.1/c6svc-fwm-k9.4-1-1.bin flash:C5  ???? pls correct me if i m wrong?????

• I need a procedure from rommon recovery????? please route me to proper document,

Please answer my 4 question seperately,i dont want to be with half knowledge b4 upgrading.other incase after reload FWSM does'nt come up i will secred up very badly.

Thanks