Solved: Re: ASR-920-4SZ-A

Bob_Rock · ‎04-07-2021

Hi,

I will have to upgrade several ASR920 routers for our customer and i'm wondering if anybody had any issues with the upgrade procedure. Lately I had a couple of bad experiences with upgrading Cisco equipment, so I'm taking all the precautions I can take.

Sadly routers are accessible only over the mngmt IP, I will not have console access.
The procedure I will take is described in document : https://www.cisco.com/c/en/us/td/docs/routers/asr920/upgrade/guide/b-upgrade-3x-16x-asr920/b-upgrade-3x-16x-asr920_chapter_011.html

I will try to upgrade to Fuji-16.9.7 MD (it's also recommended by CISCO - star), in the document there is mentioned that ROMMON upgrade is not mandatory if you go to version Everest 16.5.1. Do you think I have to upgrade ROMMON first ?

Current version :
Cisco IOS XE Software, Version 03.16.02a.S - Extended Support Release
Cisco IOS Software, ASR920 Software (PPC_LINUX_IOSD-UNIVERSALK9_NPE-M), Version 15.5(3)S2a, RELEASE SOFTWARE (fc1)

Will licence stay the same or will I have to install it again ?

Thank you

johnlloyd_13 · ‎04-07-2021

hi,

i recently upgraded ASR920 3.16.x to 16.12.x. you'll need to upgrade ROMMON package to avoid compatibility issue with the main code. just follow the ROMMON and IOS-XE compatibility matrix.

you also need to pre-configure "stronger" SSH encryption:

ip ssh client algorithm encryption <ENCRYPTION>

if you're using TACACS+, the tacacs-server host command was deprecated in IOS-XE 16.12.2, so you need to convert them prior the upgrade:

no tacacs-server host <IP>

aaa group server tacacs+ <GROUP>
server-private <IP> key <KEY>

View solution in original post

johnlloyd_13 · ‎04-07-2021

hi,

i recently upgraded ASR920 3.16.x to 16.12.x. you'll need to upgrade ROMMON package to avoid compatibility issue with the main code. just follow the ROMMON and IOS-XE compatibility matrix.

you also need to pre-configure "stronger" SSH encryption:

ip ssh client algorithm encryption <ENCRYPTION>

if you're using TACACS+, the tacacs-server host command was deprecated in IOS-XE 16.12.2, so you need to convert them prior the upgrade:

no tacacs-server host <IP>

aaa group server tacacs+ <GROUP>
server-private <IP> key <KEY>

Bob_Rock · ‎04-07-2021

Thank you very much for the answer John, I have also asked Cisco support and I got the answer that I should just go for the latest ROMMON version. I think I got everything cleared now, the only issue will be lack of console access to the router during the upgrade.

But I hope everything will go as planned so console access will not be needed.

Best regards

johnlloyd_13 · ‎04-07-2021

hi,

i highly suggest to have an OBM server or someone onsite to give you console access. i had one ASR920 upgrade with no console view wherein the ROMMON package didn't kick in.

Bob_Rock · ‎04-07-2021

Hi,

what do you mean it did not "kick in" ? How did you solve the issue ?

If the upgrade will fail I will go to the site and connect with the console cable, but due to corona lockdown we have to try upgrades remotely first.

Ulrik Rosen · ‎05-12-2023

Follow up question on upgrade of the ASR-920-4SZ-A, if the rommon is upgraded to the lastest version
are there any problems going from 3.18 directly to 17.3.7 ? or do i need to step through 16.x first?