Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
1
Helpful
6
Replies

Switch Upgrade Failed through DNAC

JAISONTHOMAS
Level 1
Level 1

‎05-27-2025 01:42 AM

Folks, I have been trying to upgrade a list of Catalyst 9200 series switches through DNAC. More than 90% of switches have been successful. But the remaining got failed. Upon checking DNAC, attached is the error reason it is telling.

I have rebooted few of the switches and re-attempted the upgrade, it failed again on the same reason. Any idea why this is happening and what is the fix for this?

Labels:
Preview file
85 KB
0 Helpful
6 Replies 6

Jens Albrecht
Level 3
Level 3

‎05-27-2025 02:26 AM

Hello @JAISONTHOMAS,

depending on the preferred method you want to use, there are a few things to check:

  • Do the switches have IP connectivity to DNAC?
  • Can you connect to these switches via SSH/HTTPS successfully?
  • Does the user have privilege level 15 in case you use local authentication?
  • Is scp enabled on these switches?

There should be some difference in the configuration between the working and non-working devices so the good old method 'stare and compare' might help as well.

HTH!

0 Helpful

JAISONTHOMAS
Level 1
Level 1
In response to Jens Albrecht

‎05-27-2025 03:17 AM

Hello Jens,

 

1, Yes the switches have IP connectivity to DNAC and I can sync them.

2. Yes I can ssh onto the switches

3. Yes we have a dnac account configured on all these switch with priv 15 access

4. Yes I think SCP is enabled. See below the result for that from a switch,

SW_xx_01#sh run | i scp
ip scp server enable
SW_xx_01#

 

All these switches are built from the same provisioning script from DNAC. So all the configs are the same except for IP addresses.

 

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to JAISONTHOMAS

‎05-27-2025 03:01 PM

@JAISONTHOMAS wrote:
2. Yes I can ssh onto the switches

Then why is DNAC trying to upload an NPE (no product encryption)?

Try this on the troublesome 9200:

conf t
 service internal
end
clear install state

The switch will reboot.  Once DNAC can see it again, do the SWIM again.

0 Helpful

Jens Albrecht
Level 3
Level 3

‎05-27-2025 03:41 AM

Well, so the basic config looks good. Sometimes the error messages do not directly point to the real issue.

Did you check whether there is enough free space on flash for the upgrade? Lack of space is a very common issue.
You could try to do the upgrade on one switch from your pc and see if that works or you get an error message, probably a different one pointing to the root cause.

JAISONTHOMAS
Level 1
Level 1
In response to Jens Albrecht

‎05-27-2025 04:13 AM

Thank you. CHecked couple of switches and they have enough flash space for the upgrade. I need to sort the tftp thing for the upgrade from PC.

I will also raise a tac for this. CHeers 

0 Helpful

pieterh
VIP
VIP

‎05-27-2025 11:24 AM

Hi there, I think you test the wrong connectivity path.

The switch gets a command from DNAC to PULL the image from DNAC either using scp or https, ( DNAC does not send the image to the switch)

0 Helpful
Customers Also Viewed These Support Documents