Solved: Assistance Needed: Upgrade CIMC on WLC 5520 (UCS C220), including SSO deployments

Tymofii Dmytrenko · ‎07-05-2019

Hi everyone

We've been aiming to upgrade our WLC5520s across the globe to 8.5.140.0 from 8.2.x... However, today we found that Cisco recommends to perform an upgrade of CIMC to version 3.0.4(d) before upgrading AireOS.

Here's the challenge. In my understanding, this process requires physical presence of engineer in front of the WLC/UCS with KVM connection to the box to be able to work with server's console (CIMC's KVM will be unavailable during the upgrade?). Has anyone performed CIMC upgrade on UCS C220 chassis? If so, can you please explain the approach that works? Is it possible to do remotely at all?

Another question - we have some SSO deployments. How do we upgrade these? Break HA and upgrade one by one, then form HA again? Any better ways of doing it?

Thanks a lot in advance

Leo Laohoo · ‎07-06-2019

@Tymofii Dmytrenko wrote:

However, today we found that Cisco recommends to perform an upgrade of CIMC to version 3.0.4(d) before upgrading AireOS.

That is due to CSCvo33873.

WARNING: Pay close attention to CIMC bugs CSCvf57867, CSCvj80941 & CSCvj80915!

I don't know what is your current CIMC version but early versions, like from 2.X to 3.X, requires a full hardware reboot (aka "hard" reboot), hence, a physical body is mandatory (in case things go wrong).

Instructions in the CIMC Release Notes needs some form of "interpretation". My recommendation is to raise a TAC Case while you're doing the upgrade.

No, you won't need to break SSO because each CIMC (if configured correctly) will have its own IP address.

View solution in original post

Leo Laohoo · ‎07-06-2019

@Tymofii Dmytrenko wrote:

However, today we found that Cisco recommends to perform an upgrade of CIMC to version 3.0.4(d) before upgrading AireOS.

That is due to CSCvo33873.

WARNING: Pay close attention to CIMC bugs CSCvf57867, CSCvj80941 & CSCvj80915!

I don't know what is your current CIMC version but early versions, like from 2.X to 3.X, requires a full hardware reboot (aka "hard" reboot), hence, a physical body is mandatory (in case things go wrong).

Instructions in the CIMC Release Notes needs some form of "interpretation". My recommendation is to raise a TAC Case while you're doing the upgrade.

No, you won't need to break SSO because each CIMC (if configured correctly) will have its own IP address.

Tymofii Dmytrenko · ‎07-08-2019

@Leo Laohoothank you! Very helpful.

I guess we will use the following approach. We have HA N+N FlexConnect deployment. We will force APs to failover to secondary WLC, we can then do whatever we want to primary WLC. In SSO pair, we will break the HA, upgrade standby unit, build HA, failover, break HA, upgrade standby unit, build HA and failback to original state.

In both cases it will be seamless. The only reason to break HA is to make sure we are in control (in case a physical intervention will be required, or reboot of whole UCS).

I've just arranged KVM cables (we threw ours away as no one ever thought we will need to connect monitor and keyboard to WLC!). Checked the links you sent me, I think we're good. I have assigned IP addresses to CIMC in SSO using temporary DHCP scope and then changed to static and removed DHCP scope. This one is a bit worrying (CSCvj80941) and basically forces to approach this change with physical presence at site.

Regards

patoberli · ‎07-08-2019

The CIMC upgrade is not required, but it is recommended. I haven't done it so far and now running 8.5.140.0 (in an SSO setup). I haven't even configured the CIMC, which is why I haven't upgraded it (yet).

Tymofii Dmytrenko · ‎07-08-2019

I guess so, but effect of the bug is devastating. So if we hit it, then we're screwed... I'd prefer to do this in a controlled manner. By the way, it means we'll finally connect CIMC to the network and will have in-band access to the console via virtual KVM :) Not a bad thing.