Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4821
Views
10
Helpful
20
Replies

Catalyst 3560X BootLoader upgrade?

andrew.butterworth
Level 7
Level 7

‎02-12-2020 07:31 AM

I have a Catalyst 3560X (WS-C3560X-24P-S) running the latest IOS 15.2(4)E9 image, however the bootloader is 12.2(53r)SE2. 

ROM: Bootstrap program is C3560E boot loader
BOOTLDR: C3560E Boot Loader (C3560X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)


I have upgraded 3560/3750G/E/X's previously and have seen the microcode updates that take ages.  I assumed the bootloader would be upgraded if needed when the IOS image was upgraded.

I have just been working on a couple of Catalyst 3560X's running older IOS 12.2(55)SE10, however these both a have a newer bootloader:

ROM: Bootstrap program is C3560E boot loader
BOOTLDR: C3560E Boot Loader (C3560X-HBOOT-M) Version 15.2(3r)E, RELEASE SOFTWARE (fc1)

The hardware revisions for the switches are different so I am assuming the one I have that is running the latest IOS was actually manufactured before the other two (V04 vs V07).

I have had a search but can't find any references to updating the BootLoader independently of the IOS image - all the release notes just say the bootloader might get upgraded if needed.

I have unpacked the 15.2(4)E9 and the 15.2(1)E1 tar files and compared them and the 15.2(1)E1 includes the file 'pucode_bundle.dat' file that the later image doesn't.  Is this the bootloader?  Is there a process for upgrading this independently of the IOS image?  The 'archive' command has a 'download-ucode' option?

 

1 person had this problem
Labels:
0 Helpful
20 Replies 20

Leo Laohoo
Hall of Fame
Hall of Fame
In response to andrew.butterworth

‎02-14-2020 02:14 AM

Let me just say that I don't work for Cisco (and never had).
Different hardware versions because the internals change over time (different parts, different suppliers, etc).
Different hardware versions load different bootloader and discard when not required.
For more definite answer, raise a TAC Case.

marce1000
VIP
VIP
In response to Leo Laohoo

‎02-15-2020 02:54 AM

 

>Different hardware versions load different bootloader and discard when not required.

           Thumbs up!

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎02-15-2020 10:23 AM

If Cisco doesn't provide a boot image, and a way to install it, then likely trying to upgrade it, independently of an IOS upgrade, isn't likely normally provided by Cisco. (There might be a way that TAC might provide a way to do it if they saw a need for it.)

BTW, if you had upgraded the IOS, did you watch all the results with a console connection? Reason I ask, at the last company I worked at, almost all devices were remote and we did upgrades in-band, i.e. without seeing console output. I came across a case of a 3750 that has been upgraded but not its boot firmware. Doing the upgrade again, with a console connection, I noticed the boot firmware upgrade failed due to insufficient flash space to expand the upgrade module software into.

As to why different hardware platforms have different boot firmware, most likely (as Leo touched on) it's due to different installed hardware (likely logically functionally alike, but perhaps not taking the same "programming" commands). Newer hardware might be different enough that it requires different software to initialize it, operate it and/or for some POST tests. I.e. if you do manage to upgrade boot software on older hardware, there shouldn't be any real operational benefit (actually there might be some lost benefit to doing such an upgrade when really not needed, such as perhaps taking longer to boot, and you risk encountering some added bug within the revision) although if you're looking to obtain some report showing all your 3750s have the same IOS and firmware versions, there's that "benefit".
0 Helpful

andrew.butterworth
Level 7
Level 7
In response to Joseph W. Doherty

‎02-24-2020 07:24 AM

OK, so I managed to get hold of another 3560X running 12.2(55)SE software with bootloader 12.2(53r)SE1.  This is an even older hardware version (Version ID: V01).  I upgraded it to 15.0(2)SE1 and the bootloader didn't upgrade.  The output on the console during boot simply says:

...done Initializing flashfs.
Checking for Bootloader upgrade..
Boot Loader upgrade not required (Stage 2)

However if you add a fips authorization key and reload it the bootloader does get upgraded:

Checking for Bootloader upgrade..New version = Version 15.0(2.1.15)SE1 Fri Ja,

Current version = Version 12.2(53r)SE1, RELEASE

Upgrading Boot Loader...
 Completed processing ucode0
 Completed processing bstage:
 Completed processing brom:
 Completed processing bsdcs:
 writing boot sectors..
Boot Upgrade image auto-rebooting ... Burning parameters into flash parameter block:
    MAC address: C4:71:00:00:00:00
    Motherboard assembly number: 73-12557-04
    Motherboard serial number: FDXXXXXXXXX
    Model revision number: A0
    Motherboard revision number: A0
    Model number: WS-C3560X-48P-L
    System serial number: FDXXXXXXXXX
    Daughterboard assembly number: 800-32786-01
    Daughterboard serial number: FDXXXXXXXXX
    Top assembly part number: 800-31328-01
    Top assembly revision number: A0
    Version ID: V01
    CLEI Code Number: COMJP00ARA
    Board configuration revision number: 0
Reading parameter block...done.
Editing copy...done.
Writing parameter block...done.
Parameters burned into parameter block.

done.
The system will now restart

So the bootloader is now version 15.0(2.1.15)SE1.  I then proceeded to upgrade to some later versions to see whether the bootloader would get upgraded to something later (I am aiming for 15.2(3r)E or later).  So far it hasn't.  I tried 15.2(1)E1, 15.2(3)E3 and I have just upgraded to the latest 15.2(4)E9.  The same message is displayed on the console saying the bootloader doesn't need upgrading.

...done Initializing flashfs.
Checking for Bootloader upgrade..New version = Version 15.0(2.1.15)SE1 Mon Se,

Current version = Version 15.0(2.1.15)SE1, TEST

Boot Loader upgrade not needed(v)

Still somewhat confused over this tbh...

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to andrew.butterworth

‎02-24-2020 08:42 AM

Well, reading up a bit on FIPS mode, an overview notes FIPS does power-up self-tests, so once the mode is enabled, I can see why the boot software might need updating for that, but once it has been updated, later IOSs probably are "safe" with that version too.
0 Helpful

andrew.butterworth
Level 7
Level 7
In response to Joseph W. Doherty

‎02-24-2020 08:54 AM

Just added the 'fips authorization-key xxxxx' to the original 3560X I was playing with that is running 15.2(4)E9 but with the 12.2(53r)SE1 bootloader.  The bootloader gets upgraded but only to 15.0(2.1.15)SE1:

Checking for Bootloader upgrade..New version = Version 15.0(2.1.15)SE1 Fri Ja,

Current version = Version 12.2(53r)SE1, RELEASE

Upgrading Boot Loader...

So I think older hardware versions never originally supported FIPS so when this came about Cisco had to provide an update to the bootloader that verified the IOS image as part of the FIPS accreditation.  Newer hardware versions I suspect already have this functionality built-in to the bootloader (anything after 15.0 I guess?).

If I come across any other 3560x or 3750x's that are newer hardware versions I might see what happens when you add the fips command.

 

I think...

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card