Solved: TFTP Upload - HTTP upload IOS switching

Yannick Vranckx · ‎07-04-2016

Hello,

At work i am dealing with the upgrades of some switches in our environment. The switches consist of 3750's with ipbase version that have no SSH capabilities..

So for security reasons we will upgrade them all to a K9 image.

I have 2 switches that are in a remote site, in order to reach this site we have a MPLS connection and a VPN connection across a service provider. But on that site we also have a jump station, altho these jump stations are very close to where the switches are it is impossible to get a TFTP going.

Why? The traceroute from the jump host showed everything ok, it takes around 5 hops to reach the devices and there is a firewall in between, this firewall is not blocking any tftp traffic. But the problem resides in the return traffic, for some reason the default gateway of these switches is the router behind it, that routers goes straight off to the provider connection. So i my tftp goes across the WAN connection to the main site, to then come back into the remote site via the MPLS. So this process will not even allow the TFTP upload to happen because it is blocked.

I also have a jump station located in the main site, the traffic will cross the MPLS (corperate backbone network), the tftp traffic goes but not smoothly. There is some drops of the traffic, so instead of ! you get . in the upload process. After some time the telnet session just breaks and nothing can be seen, it just drops. To tackle these issues would take time and approvals everywhere (Yes i am getting to the point :))

I have noticed that the switches have a tar image with some http files in them, i was able to activate the ip http server and log into the device with a http session. There is also a software upgrade here, i have never used this method before. The following concerns come to my mind:

- Does it force a reload after upgrading the switch? i would want to avoid reloading the switch. I need clearance to do this, my idea is to install the software and reload the switch during an agreed time period.

- It will need to be a tar format ofcourse?

- Does this process overwrite the current image? the flash is to small for 2 images.

Thanks for the information.

Leo Laohoo · ‎07-04-2016

i would want to avoid reloading the switch. I need clearance to do this, my idea is to install the software and reload the switch during an agreed time period.

It will need to be a tar format of course?

Does this process overwrite the current image? the flash is to small for 2 images.

Let's presume there are three switches in a stack. So use this automation script:

archive download-sw /overwrite /destination 1 /dest 2 /dest 3 tftp://<TFTP IP address>/IOS_filename.tar

The automation script above tells the stack to unpack the IOS (TAR file) and install into members 1, 2 & 3. It also says to delete the existing IOS and install the new IOS. Absent in the script is the instruction to (force) a stack reload upon completion. (So this means the stack will NOT reboot upon completion of the IOS software "un-packing".)

When the switches are located on a remote site with low speed WAN link, what I normally do is remote into one of the PCs and drop the IOS there. I will then instruct the stack to pull the IOS from the local PC. Alternatively, failure to find a PC suitable for my need, I have also dropped the IOS file into the router.

View solution in original post

Leo Laohoo · ‎07-04-2016

i would want to avoid reloading the switch. I need clearance to do this, my idea is to install the software and reload the switch during an agreed time period.

It will need to be a tar format of course?

Does this process overwrite the current image? the flash is to small for 2 images.

Let's presume there are three switches in a stack. So use this automation script:

archive download-sw /overwrite /destination 1 /dest 2 /dest 3 tftp://<TFTP IP address>/IOS_filename.tar

The automation script above tells the stack to unpack the IOS (TAR file) and install into members 1, 2 & 3. It also says to delete the existing IOS and install the new IOS. Absent in the script is the instruction to (force) a stack reload upon completion. (So this means the stack will NOT reboot upon completion of the IOS software "un-packing".)

When the switches are located on a remote site with low speed WAN link, what I normally do is remote into one of the PCs and drop the IOS there. I will then instruct the stack to pull the IOS from the local PC. Alternatively, failure to find a PC suitable for my need, I have also dropped the IOS file into the router.

Yannick Vranckx · ‎07-05-2016

Hello,

At this time i would use the switch's webpage to upgrade the switch. This needs to be a tar also.

Would it then force a reload if you use the webpage or can you choose this?

Leo Laohoo · ‎07-05-2016

Would it then force a reload if you use the webpage or can you choose this?

I can't answer that. The switch's GUI is very restrictive and a lot of people tend to use the CLI as it's more robust.

Yannick Vranckx · ‎07-06-2016

I will not do it anymore via the GUI, i know to little of it.

What will be done is more extensive but better for the future in my opinion, i will change the routing of this device so the TFTP-upload can be done via a local jumpstation.

In order to do this i need to remove the "ip default-gateway" command on the switch an create a default static route.

Because the switch is remote and i will probably lose my connection from the moment i remove the "ip default-gateway" command, i will have a console box connecting in. Therefore i can make a proper routing towards the jumphost and have send and return path be the same. Thanks anyway for the good explanation.

Leo Laohoo · ‎07-06-2016

Got another suggestion, if time ain't an issue.

The 3750X is capable of booting an IOS straight from a USB thumb drive. If you're able to find a USB thumb drive that's supported/compatible then send the USB thumb drive to the site and instruct the local staff to plug it in.