Cisco IOS upgrade on production network

NormMuelleman · ‎11-22-2012

Looking for input/thoughts on the upgrade of our 3560's and 3750's while on production network.

While we could remotely send the IOS over the network to the device, I'm concerned about errors and the lack of physical control of the device.

So, the thought is to just go to the comm closet, plug in with laptop to the console port, and upgrade the IOS over the console port. But this would require xmodem, correct? I know the fastest way would be to a. configure an empty fa0/0 port to no switchport, add an IP address, and use tftp. BUT, we would have to isolate the switch from the production network while connected to it with our laptop. Otherwise, our laptop would be seen on the network as an unknown device, and there would be repercussions...

So, we console into the device, and u/l the IOS that way. Is there a way to increase the baud rate on the switch to 115200, change putty to 115200, then do the x modem?

I just say we should shut all the ports to isolate the switch from the network, then tftp the IOS to the switch. Unplug, reopen the ports, then reboot the switch.

Thoughts?

Leo Laohoo · ‎11-22-2012

Get a local client, install TFTPd32, put all the IOS in the default directory and pull the IOS from the local client to the appliance.

Simple and easy.

Alessio Andreoli · ‎11-22-2012

Hi Norm,
You can set the baud rate from ROM mode for xmodem. The command could vary a little bit over the platforms. Client which support xmodem are:

Teraterm
Hyper terminal
SecureCRT

Just a small observation. Check the memory capabilities of your router because maybe there is space for both the IOS and in this way working remotely would be safe too. Remember that xmodem is a quite slow process even at max baud rate. After that remember you could load the new IOS on a compatible flash memory or USB in case of more modern routers.

Hope this helps
Alessio

Sent from Cisco Technical Support iPad App

Joseph W. Doherty · ‎11-23-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

You really want to avoid console IOS upgrades, even with console port set to best rate and XMODEM using 1K, it's very, very slow.

I've done many, many remote upgrades. The only major issue when you don't have sufficient flash for both old and new, is power loss during the flash process (after which you need console access).

In the very few cases I had to load an IOS image via console, I'll find the smallest IOS image I can use to boot the device and then load the desired image across a network port.

PS:

BTW, for remote upgrades with any typical WAN latency, you might find FTP (or RCP), much, much faster than TFTP.

Leo Laohoo · ‎11-23-2012

I'm with Joseph here. Have you tried measuring the time it takes to load, for example, 12.2(44)SE BIN file via console? Let's say that you're that good and even bumped the baud rate to the maximum at 115200.

I have tried it and it takes a good 45 minutes or so.

Now multiply this to, say, 20 switch units.

No one, in their right state of mind, will recommend this method to upgrade an IOS. It's pure malarky.

Do you have a 3560 or 3750 of the "E" or "X" model? Or even a 2960S?

bharat.rajwanshi · ‎11-23-2012

Hi Norm,

but still there is chances for coming error in file updload via console port and time consuming too, you can upload the file via any Active existing network as well, say you fa0/0 is connected in production so you can can upload file from any machine to devices, if you get all exclamation (!!!!!) output then file uploaded properly, and if you get any dots in between (!!!..!!) then there problem in upload or file itself.

Once your file updloaded via LAN or Console recommonded to use Verify command with IOS filename path, it will let you know if there is any error in upload or MD5 or so

NormMuelleman · ‎11-24-2012

I figured that the process was going to be slow. A .bin file is about 12-14 Meg, and at 9600 baud...I knew it was going to be slow. I've upgraded IOS's in the past. I just wanted to know if it could be done. I just was getting some pushback on the IOS upgrade over the network from a co-worker. I didn't have an issue isolating the switch of the production network and upgrading IOS as one would normally do. I've timed the upgrades myself, and it doesnt take but 2 minutes or so to upgrade.

Thanks for the reply...I just wanted to make a strong case AGAINST the console upgrades.

Thanks again!

Leo Laohoo · ‎11-24-2012

I just wanted to make a strong case AGAINST the console upgrades

Whoever suggested this needs to PERSONALLY do this during a weekend and over 20 switches. By the 4th switch, he/she will get the message.

glen.grant · ‎11-25-2012

I would just do it over the network. There shouldn't be any errors if the network is clean to begin with and the switch does a file check when it is complete or you can manually check before rebooting it. TFTP will work fine for 3560/3750's , once you get into the 6500 images at over 100 meg then FTP is the only way to go , its about 66% faster than tftp.

Leo Laohoo · ‎11-26-2012

Got another suggestion and this is going to be a "cheat" of some sort.

Do you have a 3560 and/or a 3750 with 32 mb of flash (at each site)? If you do, let me know and I'll give you a solution you just might enjoy.

stubinski · ‎11-26-2012

Like everyone else, I would upload it via the network. Also, if you're concerned about errors or the .bin file being corrupted while uploading from the network you can always verify the .bin file after uploading it to the switch to make to make sure the file is good.

NormMuelleman · ‎11-26-2012

We have a couple 3560's and 3750's that have 32meg..but most have 16Meg..which made this a bear. Luckily, all the upgrades were done without a hitch..well, except I forgot one was a 2-switch stack and just upgraded the 1 switch. So when it rebooted, it didn't actually reboot correctly, and we lost contact with the CUCM on that switch

But it's all good now. There were a couple issues with a bunch of !!OOO!OO!OO!OO, but the IOS loaded finally.

I know theres's a command to verify the IOS...but what is it? Don't you need the hash value for the IOS .bin file? I'm guessing it's on the Cisco site somewhere...

I also have a question about stack IOS upgrades..but I'll post that in another topic

I just passed CCNP switch..now I have to focus on ROUTE and my head is changing gears