cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10455
Views
1
Helpful
3
Replies

4321 IOS-XE upgrade

Hi all,

tried upgrading IOS-XE on Cisco 4321 ISR but it didn't work.

In other words, copied the bin file to flash, modified bootvar, saved it, verified it got saved and rebooted the ISR.

It booted with the old image.

What do you recommend?

1 Accepted Solution

Accepted Solutions

johnlloyd_13
Level 9
Level 9

hi,

did you change to boot variable?

no boot system bootflash:<OLD IOS>.bin

boot system bootflash:<NEW IOS>.bin

see helpful link:

http://wannabelab.blogspot.com/2017/02/cisco-4331-router-ios-and-license.html

View solution in original post

3 Replies 3

johnlloyd_13
Level 9
Level 9

hi,

did you change to boot variable?

no boot system bootflash:<OLD IOS>.bin

boot system bootflash:<NEW IOS>.bin

see helpful link:

http://wannabelab.blogspot.com/2017/02/cisco-4331-router-ios-and-license.html

Thanks, it worked.

wrong was:

boot system flash:<NEW IOS>.bin

CORRECT:

boot system bootflash:<NEW IOS>.bin

dkikko2
Level 1
Level 1

Ran into a similar problem with an ISR 4321 router that took a few steps to correct the upgrade firmware issues:

Upgrade isr4300-universalk9.03.15.00.S.155-2.S-std.SPA.bin to isr4300 universalk9.16.06.09.SPA.bin

 

Located isr4300-universalk9.16.06.09.SPA.bin

Image size 789165506 inode num 14, bks cnt 192668 blk size 8*512

##########################################################################################################################################################################################

Boot image size = 789165506 (0x2f09b5c2) bytes

Package header rev 3 structure detected

Calculating SHA-1 hash...done

validate_package: SHA-1 hash:

               calculated 4772c8cd:503f7b78:aa516c67:87eca434:d95dc400

               expected   4772c8cd:503f7b78:aa516c67:87eca434:d95dc400

Signature verification failed for key# 2

Signature verification failed for key# 3

Failed to validate digital signature

Signature verification failed for key# 2

Signature verification failed for key# 3

Failed to validate digital signature

RSA Signed REVOCATION Image Signature Verification Failed.

Package Load Test Latency : 12415 msec

Unsigned package found,  aborting ...

boot: error executing "boot bootflash:isr4300-universalk9.16.06.09.SPA.bin"

autoboot: boot failed, restarting...

Initializing Hardware ...

System integrity status: 00000610

Rom image verified correctly

System Bootstrap, Version 15.4(3r)S3, RELEASE SOFTWARE

Copyright (c) 1994-2014  by cisco Systems, Inc.

Current image running: Boot ROM0

Last reset cause: LocalSoft

 

Cisco ISR4321/K9 platform with 4194304 Kbytes of main memory

no valid BOOT image found

Final autoboot attempt from default boot device...

File size is 0x1bc32520

Located isr4300-universalk9.03.15.00.S.155-2.S-std.SPA.bin

Image size 465773856 inode num 12, bks cnt 113715 blk size 8*512

########################################################################################################################################################################################################################################################

Router#show platform

Chassis type: ISR4321/K9

Slot      Type                State                 Insert time (ago)

--------- ------------------- --------------------- -----------------

0         ISR4321/K9          ok                    00:01:53     

 0/0      ISR4321-2x1GE       ok                    00:00:47     

R0        ISR4321/K9          ok, active            00:01:53      (R0 is letter R and number 0)

F0        ISR4321/K9          ok, active            00:01:53     

P0        Unknown             ps, fail              never        

P2        ACS-4320-FANASSY    ok                    00:01:36     

Slot      CPLD Version        Firmware Version                       

*************************************************************(need to upgrade rom-monitor to install IOS above 16)***************

0         17100927            15.4(3r)S3                         

R0        17100927            15.4(3r)S3                       

F0        17100927            15.4(3r)S3    

 

********************************Tried upgrading the hw-programmables versions didn't help)**************************************

Router#show hw-programmable R0 all   

Hw-programmable versions

 

Slot              CPLD version              FPGA version    

-----------------------------------------------------------

R0                17100927                  N/A             

F0                17100927                  N/A             

0                 17100927                  N/A             

Router#dir

Directory of bootflash:

   14  -rw-        789165506  Jun 28 2022 18:49:34 +00:00  isr4300-universalk9.17.06.03a.SPA.bin

   15  -rw-         16057308  Jun 29 2022 14:51:50 +00:00  isr4300-hw-programmables.16.07.02-ext_v2.07.SPA.pkg

Router#show rom-monitor R0  (Remember R0 {R zero})

System Bootstrap, Version 15.4(3r)S3, RELEASE SOFTWARE

Copyright (c) 1994-2014  by cisco Systems, Inc.

Router#show platform

Chassis type: ISR4321/K9

 

Slot      Type                State                 Insert time (ago)

--------- ------------------- --------------------- -----------------

0         ISR4321/K9          ok                    00:11:46     

 0/0      ISR4321-2x1GE       ok                    00:10:40     

R0        ISR4321/K9          ok, active            00:11:46     

F0        ISR4321/K9          ok, active            00:11:46     

P0        Unknown             ps, fail              never        

P2        ACS-4320-FANASSY    ok                    00:11:28     

 

Slot      CPLD Version        Firmware Version                        

--------- ------------------- ---------------------------------------

0         17100927            15.4(3r)S3                         

R0        17100927            15.4(3r)S3                         

F0        17100927            15.4(3r)S3   

 

                      

******************THIS WILL FIX THE IMAGE UPGRADES FROM BEING REJECTED:*********************************

*****Download from Cisco.com and upload to the router flash: isr4200_4300_rommon_1612_2r_SPA.pkg*******************

*****************You can copy from a supported external flash drive so tftp isn't necessary:*************************

Router#copy usb0:isr4200_4300_rommon_1612_2r_SPA.pkg bootflash:isr4200_4300_rommon_1612_2r_SPA.pkg

***************************use the upgrade command and don't forget to add the word (all) after .pkg*****************************

Router#upgrade rom-monitor filename bootflash:isr4200_4300_rommon_612_2r_SPA.pkg all

Chassis model ISR4321/K9 has a single rom-monitor.

Upgrade rom-monitor

Target copying rom-monitor image file

selected : 0

Booted : 0

Reset Reason: 0

Info: Upgrading only BIOS from the rommon package

4259840+0 records in

4259840+0 records out

262144+0 records in

262144+0 records out

655360+0 records in

655360+0 records out

File  is a FIPS ROMMON image

FIPS-140-3 Load Test on  has PASSED.

Authenticity of the image has been verified.

Switching to ROM 1

8192+0 records in

8192+0 records out

Upgrade image MD5 signature is 871f9d7df678f0c4ea92b7c9c4dfa88c

4259840+0 records in

4259840+0 records out

4194304+0 records in

4194304+0 records out

 

4194304+0 records in

4194304+0 records out

262144+0 records in

262144+0 records out

Upgrade image MD5 signature verification is 871f9d7df678f0c4ea92b7c9c4dfa88c

Switching back to ROM 0

ROMMON upgrade complete.

To make the new ROMMON permanent, you must restart the RP.

System Bootstrap, Version 16.12(2r), RELEASE SOFTWARE

Copyright (c) 1994-2019  by cisco Systems, Inc.

Current image running: *Upgrade in progress* Boot ROM1

Last reset cause: BootRomUpgrade

ISR4321/K9 platform with 4194304 Kbytes of main memory

**********Reload the router to finalize the ROM upgrade, the new image will load System image file is "bootflash:isr4300 universalk9.16.06.09.SPA.bin"******************************************************************************************************

Located isr4300-universalk9.16.06.09.SPA.bin

Located isr4300-universalk9.16.06.09.SPA.bin

########################################################################################################################################################################################

Package header rev 1 structure detected

IsoSize = 553878818

Calculating SHA-1 hash...Validate package: SHA-1 hash:

               calculated 95606043:88CA98F9:31FFAA78:F38297E0:54399D4D

               expected   95606043:88CA98F9:31FFAA78:F38297E0:54399D4D

RSA Signed RELEASE Image Signature Verification Successful.

Image validated

Router#show version

Cisco IOS XE Software, Version 16.06.09

Cisco IOS Software [Everest], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.6.9, RELEASE SOFTWARE (fc3)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: