Re: IOS upgrade problem

msalim · ‎09-21-2009

Currenlty our cat3560G-48TS switches are running 12.2(46)SE. I am trying to upgrade it to 12.2(50)SE3 as fix for current DoS vulnerabilities, but getting an error. I checked the checksum and it's ok. Command I am using:

#archive download-sw /safe /reload tftp://xxxx/fn

Error output is given below.

----------------------------------

Loading c3560-ipbasek9-mz.122-50.SE3.bin from 10.10.10.105 (via Vlan5): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[OK - 9968993 bytes]

Loading c3560-ipbasek9-mz.122-50.SE3.bin from 10.10.10.105 (via Vlan5): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[OK - 9968993 bytes]

examining image...

%Tar checksum error in tftp://10.10.10.105/c3560-ipbasek9-mz.122-50.SE3.bin

%Error opening flash:update/info (No such file or directory)

ERROR: Image is not a valid IOS image archive.

-----------------------------------------

Thanks,

Giuseppe Larosa · ‎09-21-2009

Hello Mohammad,

notice the line:

%Tar checksum error in tftp://10.10.10.105/c3560-ipbasek9-mz.122-50.SE3.bin

you need to download a tar (compressed with TAR unix utility) version of image file to use with archive command.

otherwise you need to use the manual procedure

copy tftp flash

in this case you can download the bin file directly on the flash.

Hope to help

Giuseppe

Lucien Avramov · ‎09-21-2009

If you are running a stack of switched, then download the tar and use the archive command.

Else copy the bin file with the copy command as suggested.

glen.grant · ‎09-21-2009

If using the .bin file use the "copy tftp flash: " command to put it on .then manually change your boot statement. The archive command is for the .tar files as others have indicated.

Leo Laohoo · ‎09-21-2009

What DoS vulnerabilities? According to Cisco's PSIRT website, the latest crafted TCP exploit (document ID 109444) shows 12.2(46)SE to be OK. I have no idea what Cisco meant with 12.2(46)SE2 since there is no such releases for the 2960/3560/3750 anyway (probably due to bugs).

msalim · ‎09-22-2009

Please check the following links and let me know if we need to upgrade our IOS image per this link vulnerabilities.

Thanks,

Relevant Url(s):

<http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml>

====

This entry is available at

http://www.us-cert.gov/current/index.html#cisco_releases_security_advisory_for14

Leo Laohoo · ‎09-22-2009

Dude,

This link IS document ID 109444. :)

iyde · ‎09-23-2009

Right, 12.2(46)SE2 is listed as "First Fixed Release" while 12.2(50)SE3 is listed as "Recommended Release"

HTH

msalim · ‎09-23-2009

OK, Thanks. We have 12.2(46)SE and the release numbers were little confusing, but I figured it out.

Thanks,

Leo Laohoo · ‎09-23-2009

I have no idea what Cisco meant with 12.2(46)SE2 since there is no such releases for the 2960/3560/3750 anyway (probably due to bugs).