cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5282
Views
25
Helpful
10
Replies

ipservices vs ipservicesk9

ivanka_busta
Level 1
Level 1

Hi,

I'm need to download an IOS to update a switch and I'm not sure what's the difference between ipservices and ipservicesk9. Moreover, there are three different ipservicesk9: SSH LAN only, SSH and SSH-DEFAULT. The switch I need to update has an ipservicesk9 at the moment (but I don't know which one of the three previously mentioned is using). However, I always use telnet to connect to the switch so Could it be right to update to the ipservices version?

Thanks in advance.

10 Replies 10

Mark Malone
VIP Alumni
VIP Alumni

Hi

Use the K9 image its not just ssh , IPsec or any other form of encryption wont work if you only go with non k9 image , K9 allows for cryptographic features, if your on k9 stay with k9

whats the full ios name you currently have in place ?

You should disable telnet and only use ssh as best practice only in the VTY with transport input ssh, telnet passwords are clear text on the wire if you sniff them with wireshark , so people could gain access to your devices easily

Hi,

Thanks for the information.

It's a cisco WS-C6506-E.

The ios currently in use is: s72033-ipservicesk9_wan-mz.122-33.SXH4.bin

The updated ios is: s72033-ipservices_wan-mz.122-33.SXJ10.bin

I enclose a screenshot of the ios avaible. What's the difference between IP SERVICES SSH and IP SERVICES SSH DEFAULT? I'm not sure which one I should download.

Regarding the IOS version, Do you think I've choosen the right one to update to? I mean, the current version it's from 2008 and the updated one from 2015. Should I update to an intermediate version? There is also a more recent IOS version (15.1.2-SY7) but as I'm already using 122-33, I suppose it's safer to stay in 122-33. Is that right?

Thanks in advance.

Hi

you could go straight to 15 but it looks fairly new and the SXJ is a good train on the 6500 and yes it can be a lot smother staying same train usually,  so unless you really need the new features of v15 I would stay with the SXJ10

The updated ios I would be going for based on your current IOS is below, you need to stay with the k9 and stay with the wan module support as well as your currently using that , all the versions are 512/512 so make sure you have enough dram and flash to support it but you should be good already , the normal ip services ssh is fine to use , im not 100% on the default bit all our 65s would just be set with standard k9 and ssh image , I couldn't see it causing an issue either one though ssh will still be available to use

IP SERVICES SSH  Login & Valid Contract Required
s72033-ipservicesk9_wan-mz.122-33.SXJ10.bin

whenever im upgrading a 65 as well I make a copy of the config and save it locally on switch somewhere as well as taking a hard copy something like ---- copy running-config bootdisk:6500.backup.config.txt all

If something goes wrong it always handy to have the full running config stored locally you can easily transfer it over or use the more syntax to see the config saved and check against current config after the upgrade ---more bootdisk:6500.backup.config.txt ---make sure nothings mossing as slightly different IOS versions can have slightly different syntax but usually nothing that may cause an issue just go through each line after the upgrade make sure everything is still as was

Thanks a lot. All the information provided is being really useful.

Regarding the dram, flash space available. I'm not quite sure about it. I've already uploaded the new ios image. The space available in sup-bootdisk: is less than 512MB. Should I delete the old ios?

Directory of sup-bootdisk:/

    1  -rw-    74689508   Jan 4 2009 01:26:48 +01:00  s72033-ipservicesk9_wan-mz.122-33.SXH4.bin
    2  -rw-    33554432   Jan 4 2009 03:49:32 +01:00  sea_log.dat
    3  -rw-       32193   Sep 9 2015 11:50:36 +02:00  tftp
    4  -rw-   140096836  Aug 16 2016 09:44:48 +02:00  s72033-ipservicesk9_wan-mz.122-33.SXJ10.bin

512106496 bytes total (263725056 bytes free)

I enclose the output of the show version command. The processor memory is 512MB. Is it the one which has to be 512 to run the new IOS?

Yes 512 is fine you have enough to run that image in dram , you still have about 263mb in an around in flash as well , just set the boot statement and reload it for the new ios version , did you check that the md5 is correct for the new image after install , always good thing to do make sure it didn't get corrupted on upload and wont fail

verify /md5 sup-bootdisk:s2t54-advipservicesk9_npe-mz.SPA.150-1.SY5.bin

Thanks. The md5 was correct.

Before seeting the boot statements. The boot configuration looked like this:

boot system flash sup-bootdisk:

Now I can see this:

boot-start-marker
boot system flash sup-bootdisk:
boot system flash sup-bootdisk:s72033-ipservicesk9_wan-mz.122-33.SXJ10.bin
boot system flash sup-bootdisk:s72033-ipservicesk9_wan-mz.122-33.SXH4.bin
boot system flash disk1:s72033-ipservicesk9_wan-mz.122-33.SXJ10.bin
boot-end-marker

I copy the new ios both in internal and external flash.

sh boot


BOOT variable = sup-bootdisk:,1;sup-bootdisk:s72033-ipservicesk9_wan-mz.122-33.SXJ10.bin,1;sup-bootdisk:s72033-ipservicesk9_wan-mz.122-33.SXH4.bin,1;disk1:s72033-ipservicesk9_wan-mz.122-33.SXJ10.bin,1;
CONFIG_FILE variable =
BOOTLDR variable =
Configuration register is 0x2102

Is it correct that the boot system flash sup-bootdisk: is still appering on the first place?

should look something like below , remove just this line ---- no boot system flash sup-bootdisk:  ................so it just looks like below then your good to go

boot-start-marker

boot system flash sup-bootdisk:s72033-ipservicesk9_wan-mz.122-33.SXJ10.bin
boot system flash sup-bootdisk:s72033-ipservicesk9_wan-mz.122-33.SXH4.bin
boot system flash disk1:s72033-ipservicesk9_wan-mz.122-33.SXJ10.bin
boot-end-marker

.....................................

#sh run | i boot
boot-start-marker
boot system flash bootdisk:s2t54-advipservicesk9_npe-mz.SPA.150-1.SY5.bin
boot system flash bootdisk:s2t54-advipservicesk9_npe-mz.SPA.122-50.SY3.bin
boot system flash bootdisk:s2t54-ipbasek9-mz.SPA.122-50.SY3.bin
boot system flash bootdisk:s2t54-ipbasek9-mz.SPA.122-50.SY.bin
boot-end-marker

Hi,

The 6500's have FWSM modules installed and one of them it also has a NAM module. Does the IOS upgrade affect the modules? Do they need to be upgraded too? 

sh module


Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  1    6  Firewall Module                        WS-SVC-FWM-1       SAD125004GN
  2   48  CEF720 48 port 10/100/1000mb Ethernet  WS-X6748-GE-TX     SAL12394G04
  3   48  CEF720 48 port 1000mb SFP              WS-X6748-SFP       SAL1248BLW0
  5    2  Supervisor Engine 720 (Active)         WS-SUP720-3B       SAL11380T38

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
  1  0023.334e.34e4 to 0023.334e.34eb   4.5   7.2(1)       3.2(12)      Ok
  2  0023.334e.6830 to 0023.334e.685f   3.0   12.2(18r)S1  12.2(33)SXH4 Ok
  3  0021.a0b4.1bf8 to 0021.a0b4.1c27   1.12  12.2(14r)S5  12.2(33)SXH4 Ok
  5  0016.c848.0cc4 to 0016.c848.0cc7   5.4   8.4(2)       12.2(33)SXH4 Ok

Mod  Sub-Module                  Model              Serial       Hw     Status
---- --------------------------- ------------------ ----------- ------- -------
  2  Centralized Forwarding Card WS-F6700-CFC       SAL12394CPT  4.1    Ok
  3  Centralized Forwarding Card WS-F6700-CFC       SAL1248B62G  4.1    Ok
  5  Policy Feature Card 3       WS-F6K-PFC3B       SAL11370KJ8  2.3    Ok
  5  MSFC3 Daughterboard         WS-SUP720          SAL11370PYA  3.0    Ok

Mod  Online Diag Status
---- -------------------
  1  Pass
  2  Pass
  3  Pass
  5  Pass

Thanks.

from the docs below, so you should be ok as NAMs are the same upgraded separately there own 

http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm41/configuration/guide/fwsm_cfg/swcnfg_f.html

http://www.cisco.com/c/en/us/td/docs/net_mgmt/network_analysis_module_software/4-0/switch/configuration/guide/swinstcfg/advcfg.html#wp1064663


Note Because the FWSM runs its own operating system, upgrading the Cisco IOS software does not affect the operation of the FWSM.

ssh Lan
Level 1
Level 1

The main difference between ipservices and ipservicesk9 is the encryption capabilities. ipservicesk9 includes support for additional encryption technologies such as Secure Sockets Layer (SSL) and Internet Protocol Security (IPsec).

Regarding the three different ipservicesk9 options, SSH LAN only supports SSH connections to the switch from within the local area network only, while SSH and SSH-DEFAULT support SSH connections from anywhere, including outside the local network.

If your switch currently has ipservicesk9 installed, it's likely that you'll need to download and install the same version to ensure compatibility with your current configuration. If you're unsure which of the three ipservicesk9 options you have installed, you can check the switch configuration or contact the manufacturer for assistance.

As for using telnet, it's generally recommended to use SSH instead for security reasons. If you plan to continue using telnet, you may not need the additional encryption capabilities provided by ipservicesk9, but it's still important to ensure that you're running a version of the IOS that includes necessary bug fixes and security updates.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco