Re: I have some IES (Industrial

dierosan1 · ‎06-24-2016

Guys,

I have some IES (Industrial Ethernet Switches) in the network, and would like to know if is it possible to have two boot system images, one primary and another secondary.

In fact, I can't put the config lines "boot system flash:/image_name.bin" in running/startup-config, but I can see the image in the output of "show boot", as follows (notice that the second image is under a directory with the same name):

router# conf t

router# boot system flash:/ies-lanbasek9-mz.150-2.SE.bin
router# boot system flash:/ies-lanbase-mz.122-52.SE/ies-lanbase-mz.122-52.SE

As we can see bellow, nothing appears on running nor startup-config after command insertion:

router#sh run | i boot
boot-start-marker
boot-end-marker

router#sh startup-config | i boot
boot-start-marker
boot-end-marker

And in the "show boot" output, we can only see the image path that was last configured with "boot system" command. It seems like IOS replaces the image path that was configured first by the one that was last configured:

router#sh boot
BOOT path-list : flash:/ies-lanbase-mz.122-52.SE/ies-lanbase-mz.122-52.SE
Config file : flash:/config.text

Wierd stuff in "show version"

router#sh ver | i register
Configuration register is 0xF

Do you guys know if this platform, running this IOS (ies-lanbasek9-mz.150-2.SE.bin), supports multiple boot system images?

Thanks in advance!

Leo Laohoo · ‎06-24-2016

I have some IES (Industrial Ethernet Switches) in the network, and would like to know if is it possible to have two boot system images, one primary and another secondary.

Yes and no. Yes, two (or more) complete IOS can be accommodated but this will depend if the appliance(s) themselves have "junk" files in them or not.

However, the appliance can take two (or more) IOS version but the boot variable statement will only accept one. Unlike the chassis-based system where one can specify two (or more) boot variable statements, I believe this model will only accept one boot variable statement.

dierosan1 · ‎06-30-2016

I have labbed this, and it's true, this platform only accepts one boot image in the boot var, so it's not possible to manually configure a list with multiple images to be loaded in sequence, in order to have a primary image and a secondary image manually configured.

The same happens to 2950, 2955.

Best Regards.

jaichauh · ‎06-13-2023

Hi Leo, One of my clients is using IE4100 switch and configured multiple boot variable images but its only booting from the existing image. Switch can take and show both the images in boot path list with a ; but only boot the existing secondary image and not the first one. This is the boot statement:

TEST#show boot
BOOT path-list : sdflash:/ie4010-universalk9-mz.152-7.E3/ie4010-universalk9-mz.152-7.E3.bin;sdflash:/ie4010-universalk9-mz.152-7.E2/ie4010-universalk9-mz.152-7.E2.bin

but it loads the E2 image. There is no error on the boot and it simply goes to E2:

Loading "sdflash:/ie4010-universalk9-mz.152-7.E2/ie4010-universalk9-mz.152-7.E2.bin"... Verifying image sdflash:/ie4010-universalk9-mz.152-7.E2/ie4010-universalk9-mz.152-7.E2.bin.............................................................................................................................................................................................................................................................................................................................................................................................................................Image passed digital signature verification
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

I tried searching all over but couldn't see any official documentation, about these switches not supporting multiple images in the boot. Can you please explain your above statement for clarity?

JC

Leo Laohoo · ‎06-13-2023

This original thread is about the first generation of IES switches which the IE4010 is not a part/family of.

I do not really agree with multiple boot variable statement for access switches, like the IE4010, but the boot statement means:

After booting, load IOS version 15.2(7)E3 found in the SD Flash.
If 15.2(7)E3 fails, boot 15.2(7)E2 found in the SD Flash.
If 15.2(7)E2 fails, boot whatever supported BIN file is found.

jaichauh · ‎06-13-2023

Thanks for your reply, Leo. Thats makes sense.

I have tried setting up the Boot variable with two files but looks like for some reason its still going into "sdflash:/ie4010-universalk9-mz.152-7.E2/ie4010-universalk9-mz.152-7.E2.bin" and loading the E2 image.

This is happening even though I have copied the bin file directly into sdflash: and pointing to it. Looks like switch is not understanding the following boot variable and loading the default E2 file from directory.

I have tried with the following statements

TEST#show boot
BOOT path-list : sdflash:ie4010-universalk9-mz.152-7.E3.bin;ie4010-universalk9-mz.152-7.E2.bin

TEST#show boot
BOOT path-list : sdflash:ie4010-universalk9-mz.152-7.E3.bin;sdflash:ie4010-universalk9-mz.152-7.E2.bin

But still its loading from the directory-

Loading "sdflash:/ie4010-universalk9-mz.152-7.E2/ie4010-universalk9-mz.152-7.E2.bin"... Verifying image sdflash:/ie4010-universalk9-mz.152-7.E2/ie4010-universalk9-mz.152-7.E2.bin...................................................................................................................................................................................................................

Can you suggest if I am missing anything?

JC

Leo Laohoo · ‎06-13-2023

@jaichauh wrote:
Can you suggest if I am missing anything?

Never "copied the bin file directly into sdflash:" because it is archaic and chances are high to get the boot-variable statement wrong.

Use the recommended method:

archive download-sw tftp://<TFTP_IP_ADDRESSS>/filename.tar sdflash:

The method above will automatically change the boot-variable correctly.

jaichauh · ‎06-13-2023

Agree Leo,

I can ask customer to delete the bin files and try archive download method for the E3. Will they be able to use two boot images in the boot path after that? The switch is able to boot automatically on E3 if its is the only image in the boot variable.

Customer wants two images, primary E3 and secondary E2 as this is a remote site and they don't want any manual intervention if in case first one doesn't load.

JC

Leo Laohoo · ‎06-13-2023

@jaichauh wrote:
Customer wants two images, primary E3 and secondary E2 as this is a remote site and they don't want any manual intervention if in case first one doesn't load.

Uhhhhh ... That is dumb. And what if someone runs away with the SD flash or the SD flash fails?

If I want to do a two-boot-variable, I'd put E3 as a primary boot variable and the on-board flash as the secondary image.

jaichauh · ‎06-13-2023

You mean something like this-

BOOT path-list : sdflash:ie4010-universalk9-mz.152-7.E3.bin;flash:ie4010-universalk9-mz.152-7.E2.bin ?

Another important thing to point is - They tried making flash E3 image into the boot variable like this - BOOT path-list : flash:ie4010-universalk9-mz.152-7.E3.bin

But it still loaded the sdflash: E2 file even though the sdflash wasn't listed in the boot variable. When they check the boot path-list, it came as empty after reload like below:

TEST#conf t
Enter configuration commands, one per line. End with CNTL/Z.
XXX_TEST(config)#boot system flash:ie4010-universalk9-mz.152-7.E3.bin
WARNING: The BOOT/config file path points to the
On-board flash. The environment variable(s) is
saved onto the On-board flash.

NOTE: This warning message is displayed only once.

XXX_TEST(config)#do wr
Building configuration...
[OK]
XXX_TEST(config)#^Z
XXX_TEST#show boot
BOOT path-list : flash:ie4010-universalk9-mz.152-7.E3.bin
Config file : sdflash:/config.text
Private Config file : flash:/private-config.text
Enable Break : yes
Manual Boot : no
Allow Dev Key : yes
HELPER path-list :
Auto upgrade : yes
Auto upgrade path :
Boot optimization : enabled
NVRAM/Config file
buffer size: 524288
Timeout for Config
Download: 0 seconds
Config Download
via DHCP: disabled (next boot: disabled)
XXX_TEST#
XXX_TEST#
XXX_TEST#relo
XXX_TEST#reload
Proceed with reload? [confirm]

CPU rev: B
Image passed digital signature verification

Board rev: 5
Testing DataBus...
Testing AddressBus...
Using driver version 4 for media type 1

Xmodem file system is available.

Base ethernet MAC Address: 68:87:c6:64:a4:00

The password-recovery mechanism is enabled.

USB Console INIT

Initializing Flash...

mifs[5]: 12 files, 1 directories

mifs[5]: Total bytes : 1806336

mifs[5]: Bytes used : 834560

mifs[5]: Bytes available : 971776

mifs[5]: mifs fsck took 1 seconds.

mifs[6]: 1 files, 1 directories

mifs[6]: Total bytes : 3870720

mifs[6]: Bytes used : 133632

mifs[6]: Bytes available : 3737088

mifs[6]: mifs fsck took 0 seconds.

mifs[7]: 5 files, 1 directories

mifs[7]: Total bytes : 258048

mifs[7]: Bytes used : 8192

mifs[7]: Bytes available : 249856

mifs[7]: mifs fsck took 0 seconds.

mifs[8]: 5 files, 1 directories

mifs[8]: Total bytes : 258048

mifs[8]: Bytes used : 8192

mifs[8]: Bytes available : 249856

mifs[8]: mifs fsck took 0 seconds.

mifs[9]: 1819 files, 109 directories

mifs[9]: Total bytes : 122185728

mifs[9]: Bytes used : 98243584

mifs[9]: Bytes available : 23942144

mifs[9]: mifs fsck took 2 seconds.

...done Initializing Flash.

Loading "sdflash:/ie4010-universalk9-mz.152-7.E2/ie4010-universalk9-mz.152-7.E2.bin"... Verifying image sdflash:/ie4010-universalk9-mz.152-7.E2/ie4010-universalk9-mz.152-7.E2.bin.............................................................................................................................................................................................................................................................................................................................................................................................................................Image passed digital signature verification

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

File "sdflash:/ie4010-universalk9-mz.152-7.E2/ie4010-universalk9-mz.152-7.E2.bin" uncompressed and installed, entry point: 0x3000

executing...

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS Software, IE4010 Software (IE4010-UNIVERSALK9-M), Version 15.2(7)E2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Sun 15-Mar-20 07:57 by prod_rel_team
Initializing flashfs...
Using driver version 4 for media type 1
mifs[7]: 12 files, 1 directories
mifs[7]: Total bytes : 1806336
mifs[7]: Bytes used : 834560
mifs[7]: Bytes available : 971776
mifs[7]: mifs fsck took 1 seconds.
mifs[7]: Initialization complete.

mifs[8]: 1 files, 1 directories
mifs[8]: Total bytes : 3870720
mifs[8]: Bytes used : 133632
mifs[8]: Bytes available : 3737088
mifs[8]: mifs fsck took 0 seconds.
mifs[8]: Initialization complete.

mifs[9]: 5 files, 1 directories
mifs[9]: Total bytes : 258048
mifs[9]: Bytes used : 8192
mifs[9]: Bytes available : 249856
mifs[9]: mifs fsck took 0 seconds.
mifs[9]: Initialization complete.

mifs[10]: 5 files, 1 directories
mifs[10]: Total bytes : 258048
mifs[10]: Bytes used : 8192
mifs[10]: Bytes available : 249856
mifs[10]: mifs fsck took 0 seconds.
mifs[10]: Initialization complete.

mifs[11]: 1819 files, 109 directories
mifs[11]: Total bytes : 122185728
mifs[11]: Bytes used : 98243584
mifs[11]: Bytes available : 23942144
mifs[11]: mifs fsck took 1 seconds.
mifs[11]: Initialization complete.

...done Initializing flashfs.
Checking for Bootloader upgrade..
Boot Loader upgrade not needed(v)

FIPS: Flash Key Check : Begin
FIPS: Flash Key Check : End, Not Found, FIPS Mode Not Enabled

POST: MA BIST : End, Status Skipped

FPGA Initialization done!
POST: ACT2 Authentication : Begin
Platform-SCC:SUDI-H authentication passed: 0x0 - TAM_RC_OK

POST: ACT2 Authentication : End, Status Passed
Downloading FPGA image ...... done

POST: Inline Power Controller Tests : Begin
POST: Inline Power Controller Tests : End, Status Skipped

POST: PortASIC Port Loopback Tests : Begin
POST: PortASIC Port Loopback Tests : End, Status Skipped

Waiting for Port download...Complete
Initializing Port Extension Feature Support...

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco IE-4010-4S24P (APM86XXX) processor (revision W0) with 1048576K bytes of memory.
Processor board ID FDO2602J0GP
Last reset from power-on
1 Virtual Ethernet interface
28 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 68:87:C6:64:A4:00
Motherboard assembly number : 73-101622-03
Motherboard serial number : FDO2553109J
Model revision number : W0
Motherboard revision number : E0
Model number : IE-4010-4S24P
System serial number : FDO2602J0GP
Top Assembly Part Number : 68-6047-01
Top Assembly Revision Number : R0
Version ID : V01
Hardware Board Revision Number : 0x05
Backplane FPGA version : 1.26
CIP Serial Number : 0x0864A400
SKU Brand Name : Cisco
Device Manager Package : Multi-language

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 28 IE-4010-4S24P 15.2(7)E2 IE4010-UNIVERSALK9-M

SD Flash Manufacturer : SMART MODULAR (ID=89h)
Serial number : 10195D0C
Size : 908MB
Error: Could not initialize specific sgacl tcam entries

Press RETURN to get started!

C
------------------------------------------------------------------------------
Master : XXX KBWT30185
------------------------------------------------------------------------------
C

User Access Verification

Username:
%Error deleting sdflash:ssh.enable (No such file or directory)mmgadmin
Password: C

Mmg limited - MMGNET / ACCESS SWITCH - Rosebery (AUS)- AU1004 - KBWT30185

XXX_TEST#
XXX_TEST#
XXX_TEST#show boot
BOOT path-list :
Config file : sdflash:/config.text
Private Config file : flash:/private-config.text
Enable Break : yes
Manual Boot : no
Allow Dev Key : yes
HELPER path-list :
Auto upgrade : yes
Auto upgrade path :
Boot optimization : enabled
NVRAM/Config file
buffer size: 524288
Timeout for Config
Download: 0 seconds
Config Download
via DHCP: disabled (next boot: disabled)
XXX_TEST#

JC

Leo Laohoo · ‎06-14-2023

@jaichauh wrote:
Another important thing to point is - They tried making flash E3 image into the boot variable like this - BOOT path-list : flash:ie4010-universalk9-mz.152-7.E3.bin

archive download-sw tftp://<TFTP_IP_ADDRESSS>/filename.tar

Multiple boot system images on Cisco IES Switches