Solved: Re: Updating IOS to consistent versions - lab space with several devic

Brian AD · ‎01-24-2025

I run a networking lab at a University. We have 9 Cisco 2960 series switches from 2009-ish and 9 Cisco 2811 Routers from about the same time period. When trying to create some lab exercises, I was getting very different responses to things like access the web-based device manager (several devices simply show the file/command structure and not the http interface), setting up SSH connections (one of the devices does not support the crypto key generate command), etc. When reviewing the IOS versions for all the devices, I found 3 different IOS and Bootstrap versions on the switches and 4 different ones on the routers (attached file has inventory of software versions). My main question is can I simply copy the latest version from each set of devices and add that image to the remaining devices and expect that to work? I understand that I will need to work on setting up TFTP servers for file transfers (newbie at that, too). What issues might I run into and how do I avoid them? How easy is it to revert to a prior image?

Leo Laohoo · ‎01-24-2025

@Brian AD wrote:
My main question is can I simply copy the latest version from each set of devices and add that image to the remaining devices and expect that to work?

For routers, yes.

For switches, it can work.

@Brian AD wrote:
What issues might I run into and how do I avoid them? How easy is it to revert to a prior image?

The file is corrupt and the switch boots into ROMMON.

View solution in original post

Joseph W. Doherty · ‎01-24-2025

"What issues might I run into and how do I avoid them?"

On the older devices, especially ISRs, setting a location (usually local flash) for the IOS .bin image, and setting it up to boot, is often all it takes to run that IOS. Often, but not always, boot rom versions images don't matter, but release notes would describe dependencies. (Unfortunately, for EoL devices, that documentation might no longer be available.) Things like web management support, though, usually are best installed via an installation package. (I assume you might be able to manually set such [i.e. web management] up, not something I've ever done. [I have, very often, just copied .bin images about, as I didn't bother with web management, and it was a tad "faster" than using an installer packet - though also easier to make a mistake, too.])

"How easy is it to revert to a prior image?"

Again, excluding things like web management, often the same procedures as moving up to a new .bin, just the reverse for reverting. One thing to watch for, when you upgrade an IOS, unless it's a huge version jump, if there are any syntax changes, the newer version will almost always auto convert the config file to the new syntax. Going backwards, an older IOS will NOT recognize newer syntax. So, it's a good ideal to have a saved copy of config file that matches the IOS it originally used.

Now the above, just addresses your questions, technically.

Legally, you cannot move to a "better" feature set, nor a newer IOS, without having a support contract and/or paying the additional licensing fees. I suspect, your university would not want to bump into the penalties for such violations.

However, I believe (???), you can downgrade IOS version or feature set, to less than what the Cisco device had been originally licensed for, or up to less was whatever IOS version that was current at the end of a support contract. This might be an option, to have the same set of devices running the same IOS and with the same feature set.

BTW, are you aware of Cisco's Packet Tracer?

View solution in original post

Joseph W. Doherty · ‎01-24-2025

"I believe we have gotten devices mostly as donations or second hand."

If so, to my knowledge, licensing is not transferable. I.e. you own the hardware but need your own Cisco license to use their software.

View solution in original post

Leo Laohoo · ‎01-24-2025

@Brian AD wrote:
My main question is can I simply copy the latest version from each set of devices and add that image to the remaining devices and expect that to work?

For routers, yes.

For switches, it can work.

@Brian AD wrote:
What issues might I run into and how do I avoid them? How easy is it to revert to a prior image?

The file is corrupt and the switch boots into ROMMON.

Joseph W. Doherty · ‎01-24-2025

"What issues might I run into and how do I avoid them?"

On the older devices, especially ISRs, setting a location (usually local flash) for the IOS .bin image, and setting it up to boot, is often all it takes to run that IOS. Often, but not always, boot rom versions images don't matter, but release notes would describe dependencies. (Unfortunately, for EoL devices, that documentation might no longer be available.) Things like web management support, though, usually are best installed via an installation package. (I assume you might be able to manually set such [i.e. web management] up, not something I've ever done. [I have, very often, just copied .bin images about, as I didn't bother with web management, and it was a tad "faster" than using an installer packet - though also easier to make a mistake, too.])

"How easy is it to revert to a prior image?"

Again, excluding things like web management, often the same procedures as moving up to a new .bin, just the reverse for reverting. One thing to watch for, when you upgrade an IOS, unless it's a huge version jump, if there are any syntax changes, the newer version will almost always auto convert the config file to the new syntax. Going backwards, an older IOS will NOT recognize newer syntax. So, it's a good ideal to have a saved copy of config file that matches the IOS it originally used.

Now the above, just addresses your questions, technically.

Legally, you cannot move to a "better" feature set, nor a newer IOS, without having a support contract and/or paying the additional licensing fees. I suspect, your university would not want to bump into the penalties for such violations.

However, I believe (???), you can downgrade IOS version or feature set, to less than what the Cisco device had been originally licensed for, or up to less was whatever IOS version that was current at the end of a support contract. This might be an option, to have the same set of devices running the same IOS and with the same feature set.

BTW, are you aware of Cisco's Packet Tracer?

Brian AD · ‎01-24-2025

I am aware of Packet Tracer. I have my student go through the NetAcad Packet Tracer tutorial at the beginning of the semester and will be requiring them to create the lab environment in PT prior to performing any lab exercises. Very nice tool!

I will try to find out who our lab contact is at Cisco (I inherited all this) and ask about the licensing. I believe we have gotten devices mostly as donations or second hand.

Thank you,
Brian

Joseph W. Doherty · ‎01-24-2025

"I believe we have gotten devices mostly as donations or second hand."

If so, to my knowledge, licensing is not transferable. I.e. you own the hardware but need your own Cisco license to use their software.

Brian AD · ‎01-26-2025

Thank you, all! I have verified that the process works for my setup. I will be in touch with my Cisco rep to check on licensing issues before permanently installing in the lab.

Brian

Updating IOS to consistent versions - lab space with several devices