cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
970
Views
0
Helpful
7
Replies

4500E / 6L-E .. How to determine what image to use?

I am confused about what switch images I am permitted to use for our nearly end of life supervisor 6L-E in the 4500E series. We purchased Smartnet this year so we could get the final releases available before it goes out of support.

If I look directly at what is on the 4500E right now, it says "cat4500e-lanbase-mz.(version redacted).bin"

However the download center is very mysterious. It lists a pile of images, and I don't know what I am permitted to use. It doesn't seem to say access to any of these is restricted.

  • ENTERPRISE SERVICES W/O CRYPTO - cat4500e-entservices-mz.152-2.E8.bin
  • ENTERPRISE IMAGE W/O CRYPTO - cat4500e-entservices-tar.152-2.E8.tar
  • ENTERPRISE SERVICES UPGRADE SSH - cat4500e-entservicesk9-mz.152-2.E8.bin
  • ENTERPRISE SERVICES SSH - cat4500e-entservicesk9-mz.152-2.E8.bin
  • ENTERPRISE IMAGE - cat4500e-entservicesk9-tar.152-2.E8.tar
  • IP BASE W/O CRYPTO - cat4500e-ipbase-mz.152-2.E8.bin
  • IP BASE UPGRADE W/O CRYPTO - cat4500e-ipbase-mz.152-2.E8.bin
  • IP BASE IMAGE W/O CRYPTO - cat4500e-ipbase-tar.152-2.E8.tar
  • IP BASE SSH - cat4500e-ipbasek9-mz.152-2.E8.bin
  • IP BASE UPGRADE SSH - cat4500e-ipbasek9-mz.152-2.E8.bin
  • IP BASE IMAGE - cat4500e-ipbasek9-tar.152-2.E8.tar
  • LAN BASE W/O CRYPTO - cat4500e-lanbase-mz.152-2.E8.bin
  • LAN BASE IMAGE W/O CRYPTO - cat4500e-lanbase-tar.152-2.E8.tar
  • LAN BASE SSH - cat4500e-lanbasek9-mz.152-2.E8.bin
  • LAN BASE IMAGE - cat4500e-lanbasek9-tar.152-2.E8.tar

Cisco's support downloads are incredibly frustrating. What is the difference between "LAN BASE" and "LAN BASE SSH"?  I can find nothing to describe the difference, other than I note one is an "MZ" file and the other is a "TAR" file.. Does this matter? No information can be found.

Why is there a "IP BASE SSH" and a "IP BASE UPGRADE SSH" available for download which are the same filename?  And also I note "IP BASE W/O CRYPTO" and "IP BASE UPGRADE W/O CRYPTO" are also the same filename?  What?

I separately tried to open a support case to ask what licensing we can use, and I get basically ... no response. Very strange. You'd think Cisco would keep track of these things and could tell me what we are licensed to use if I give them the supervisor serial which I did... but apparently not.

7 REPLIES 7
Richard Burts
Hall of Fame Guru

I agree that choosing the correct image to use to upgrade your switch is complicated. If you have an active support contract for 4500E then you are entitled to access any of the images for that platform in the download directory. There are many choices and you need to select the one that best fits your situation. Some of the images are bin files while some are tar files. The bin files provide the code to run the supervisor while the tar files are a bundle that include the bin file and also files to support the GUI interface for the switch. Which fits your situation? Some of the images do support crypto (encryption capabilities) while others do not. Which fits your situation? Some of the images support certain functionalities based on feature set or license level while other are for different features or license levels. Which fits your situation? If your 4500E is currently running the lanbase image then probably you should select a fanbase image for the upgrade.

 

If you have an active service contract I would expect that you should be able to open a case with Cisco TAC and get their advice. Your post seems to suggest that you did open a case but got no support and that is a bit puzzling. Did you open the case on line or over the phone? Did you receive a case number?

 

HTH

 

Rick

HTH

Rick

I assume the "without Crypto" images would be for countries that restrict or strongly regulate encryption, or if there is some US government export restriction.

I am in the USA, so as far as I know, there is nothing to be gained from using a "without crypto" image. The weird thing is why Cisco would offer that option if it is entirely pointless or not applicable to me.

"You can install this image which does not have SSH capability. It will shoot you in the foot and reduce functionality for no reason, but if you want to limit yourself using this, go ahead."

Joseph W. Doherty
Hall of Fame Expert

"It lists a pile of images, and I don't know what I am permitted to use. It doesn't seem to say access to any of these is restricted."

Yes, you're not restricted to what you can download, but legally you are only licensed for specific features. For example, if you only have a LANBASE license, it would be illegal to use an IP BASE or Enterprise image without upgrading your license.

"What is the difference between "LAN BASE" and "LAN BASE SSH"?"

The latter includes SSH support which is a crypto version (also indicated by the "k9" in the download filename).

Rick notes the difference between TAR and BIN downloads.

Also yes, sometimes the filename is the same, for different "functions" (in fact, it can sometimes be the same for "different" platforms). Why Cisco does that? Probably as placeholders for when the downloads are not the same.

From your 2nd post:

"I assume the "without Crypto" images would be for countries that restrict or strongly regulate encryption, or if there is some US government export restriction."

Correct and in times past, you had to note you weren't restricted by those restriction to download a "strong" crypto version.

"I am in the USA, so as far as I know, there is nothing to be gained from using a "without crypto" image. The weird thing is why Cisco would offer that option if it is entirely pointless or not applicable to me."

The image is often smaller, which consumes less flash and RAM. (With mega RAM now the norm, this isn't a important as it once was, however it's also one less thing to "break".)

I have to wonder if people are just repeating the same half-truths over and over without really knowing what they are talking about.

I downloaded these files to see exactly what is in them. The TAR files are not significantly larger than the MZ files. The TAR file in fact contains the MZ file of the exact same size, but includes two additional files:

21 -rw- 34633307 Nov 30 2019 03:41:22 +00:00 cat4500e-lanbasek9-mz.152-2.E8.bin

cat4500e-lanbasek9-tar.152-2.E8.tar contains:

20  -rw-    34633307   Jan 1 2000 00:39:52 +00:00  cat4500e-lanbasek9-mz.152-2.E8.bin

21 -rw- 332 Jan 1 2000 00:39:54 +00:00 info
22 -rw- 199306 Jan 1 2000 00:39:54 +00:00 dc_default_profiles.txt

 

# more info
version_suffix: 152-2.E8
version_directory: cat4500e-lanbasek9-mz.152-2.E8
image_system_type_id: cat4500e
image_name: cat4500e-lanbasek9-mz.152-2.E8.bin
ios_image_file_size: 0
total_image_file_size: 0
image_feature: Unknown
image_family: cat4500e-lanbasek9-m
stacking_number: 0x00001
board_ids: SUP6E
fru_module_version:
info_end:

 

# more bootflash:dc_default_profiles.txt
#
# ------------------------------------------------------------------
# Profile, Rules and check definition for the IOS rule engine
# Copyright (c) 2010-2013 by Cisco Systems, Inc.
# All rights reserved.
# **** THIS FILE IS AUTO-GENERATED FROM XML FILE - DO NOT EDIT *****
# ------------------------------------------------------------------
#
iusdfilshfsnfifdkfjkghngfnadfojfl0iusdfilshfsnfifdkfjkghngfnadfojfl
01-22-18:03:10:50
# Profile Version Number
1
iusdfilshfsnfifdkfjkghngfnadfojfl1iusdfilshfsnfifdkfjkghngfnadfojfl
# Use string for exact match: HTC CORPORATION
# Use string for exact match: VERILINK CORPORATION
# Use string for exact match: XEROX CORPORATION
# Number of OUI-vendor-strings Used =
110
# 0
HEWLETT PACKARD
# 1

[.........]

I will not post the whole thing. Google does not seem to explain what this file is, but I found a similar file that looks about the same, just a bunch of manufacturer names and seemingly random ID codes:

https://www.scribd.com/doc/282837326/Dc-Default-Profiles

How this file enables a "Web GUI" I have no idea, and probably is not what the TAR file is for at all. 

"I have to wonder if people are just repeating the same half-truths over and over without really knowing what they are talking about."

Yes, that's a possibility, as is someone, with insufficient information not "knowing" what they are looking at.

"The TAR files are not significantly larger than the MZ files. The TAR file in fact contains the MZ file of the exact same size, but includes two additional files:"

Yes, the BIN file is included in the TAR, as Rick already mentioned. The IOS BIN is also the bulk of the contents. However, as to there only being just two files in the TAR, I believe "21 -rw- 332 Jan 1 2000 00:39:54 +00:00 info" might be a directory. If so, explore what it contains.

Thank you @Joseph W. Doherty. To provide a bit more substance I suggest reading this from the official Cisco documentation:

"The upgrade procedures in these release notes describe how to perform the upgrade by using a combined tar file. This file contains the Cisco IOS image file and the files needed for the embedded device manager.

embedded device manager sometimes referred to as GUI.

See this link for further details

https://www.cisco.com/c/en/us/td/docs/switches/connectedgrid/cg-switch-sw-master/software/release/notes/rn-15-2-5e1.html#pgfId-123740

 

HTH

 

Rick

HTH

Rick
Leo Laohoo
VIP Community Legend

IMPORTANT: When dealing with Catalyst 4K switches, always download the IOS file with a file extension of TAR.
The "TAR" file extension means that one can use the "archive download-sw" automation command to upgrade the firmware of the supervisor card.
Always read the Release Notes very carefully and determine if the supervisor requires a ROMMON upgrade or not.