Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2981
Views
10
Helpful
9
Replies

[CG418-E] IOS XE Software upgrade

Go to solution
BertrandM
Frequent Visitor
Frequent Visitor

‎08-17-2021 08:39 AM - edited ‎08-17-2021 08:45 AM

Hello,

I'm testing the Cellular Gateway CG418-E. When I try to upgrade that CG418-E with IOS XE Software release Amsterdam-17.3.4a (downloaded on https://www.cisco.com/c/en/us/support/routers/catalyst-cellular-gateways/series.html#~tab-downloads, Product Model : Catalyst CG418-E Cellular Gateway), I get :

CellularGateway# gw-action:request software upgrade tftp://192.168.1.2/cg-ipservices.17.03.04a.SPA.bin
System is about to download and install the selected software, Continue? [no,yes] yes
Software Download successful, Received 80131264 bytes in 109.8 seconds [5840184 bit/s]
Software Upgrade failed ,Software signature verification failed.

Same error with release Bengaluru-17.5.1a. But when I did it on the Cellular Gateway CG522-E, it succeed.

Do you know if the software images on https://www.cisco.com/c/en/us/support/routers/catalyst-cellular-gateways/series.html#~tab-downloads for the CG418-E have the good signature ?

What is the command on the Cellular Gateway to verify the MD5 checksum ? I cannot find the 'verify' command.

Thanks in advance for your help.

Best regards,

Bertrand

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rich R
VIP
VIP
In response to BertrandM

‎08-18-2021 08:08 AM - edited ‎08-18-2021 08:22 AM

Oh that's interesting @BertrandM !

I had gathered from previous posts that Cisco are using a very cut-down version of XE on those devices but makes no sense to remove basic core functionality like that! Who knows what the developers were thinking ....

Oh well - try the approach Leo suggested and if that doesn't work then TAC.

Since no install/bundle mode options I think you need to contact TAC.

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎08-17-2021 07:18 PM

@BertrandM wrote:
request software upgrade tftp://192.168.1.2/cg-ipservices.17.03.04a.SPA.bin

NOTE:l  I am going to start by saying I have no background experience with the platform but maybe I can help with the IOS-XE upgrade. 

Do not attempt to do the "extract" via TFTP.  Instead, copy the file into the flash first and then extract the packages files. 

 

Go to solution
BertrandM
Frequent Visitor
Frequent Visitor
In response to Leo Laohoo

‎08-18-2021 02:52 AM

Hi @Leo Laohoo ,

Thanks for your reply. As suggested, I tried this multi-step method. But the software signature verification failed as well :

CellularGateway# gw-action:request file list 
drwx------ 16384 Feb 16 2021 lost+found
drwxr-xr-x 4096 Feb 16 2021 tmp
CellularGateway# gw-action:request software download tftp://192.168.1.2/cg-ipservices.17.03.04a.SPA.bin
Download failed, Image corrupted ,Software signature verification failed.
CellularGateway# gw-action:request file list
-rw-r--r-- 80131264 Aug 18 09:41 cg-ipservices.17.03.04a.SPA.bin
drwx------ 16384 Feb 16 2021 lost+found
drwxr-xr-x 4096 Feb 16 2021 tmp
CellularGateway# gw-action:request software install cg-ipservices.17.03.04a.SPA.bin
Software Installation failed ,Software signature verification failed.

You can see that the file is downloaded but verification fails. I cannot verify the MD5 checksum but the file size (80131264 bytes) is good.

Best regards,

Bertrand

 

Note: indeed, this multi-step method is also detailed here : https://www.cisco.com/c/en/us/td/docs/routers/wireless-wan/Cisco-Catalyst-Cellular-Gateways/cisco_catalyst_cellular_gateway_swcfg/m-config-device.html#concept_723473624711733248059007110600971

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎08-18-2021 03:36 AM

What is the current firmware and what is the uptime? 
This has all the hallmark of an software bug.

Again, I have no knowledge of this platform, BUT, is the platform able to boot the firmware in Bundle Mode?  IF it can, try it.  If it works, let the platform boot in Bundle Mode, extract the firmware again and reboot in Install Mode.

Go to solution
BertrandM
Frequent Visitor
Frequent Visitor
In response to Leo Laohoo

‎08-18-2021 07:40 AM

Hello @Leo Laohoo ,

That Cellular Gateway has never been upgraded since received from Cisco. Here the current version :

CellularGateway# show gw-system:system partition
Primary Image
Partition = image1
File name = cg-ipservices.S2C.SSA.bin
Version = 17.3.01.0.1888.1592307941..Amsterdam
Build Date = Tue Jun 16 11:45:41 2020
Install Date = Sun May 14 16:12:22 2102
Boot Status = Boot Successful.

Backup Image
Partition = image2
File name = cg-ipservices.S2C.SSA.bin
Version = 17.3.01.0.1888.1592307941..Amsterdam
Build date = Tue Jun 16 11:45:41 2020
Install Date = Sun May 14 16:12:22 2102
Boot Status = Boot Successful.
CellularGateway# show gw-system:system status | include "System Up Time"
System Up Time = up 14 weeks, 3 hours, 15 minutes

Unfortunately, I don't see any possibility in the documentation to boot it in a Bundle mode.

0 Helpful

Go to solution
Rich R
VIP
VIP
In response to BertrandM

‎08-18-2021 08:16 AM

I like the install date 81 years in the future "Sun May 14 16:12:22 2102" LOL

Clearly some bugs in that code ...

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

Go to solution
Rich R
VIP
VIP

‎08-18-2021 06:27 AM

Similar problems on ASR1K and 9800 required ROMMON upgrades to fix the problem but I don't see any ROMMON updates for the CGs.

Try Leo's suggested approach but I suspect you'll have the same problem.

Did you try "verify cg-ipservices.17.03.04a.SPA.bin" and "verify /md5 cg-ipservices.17.03.04a.SPA.bin"?

The first will verify and compare the embedded hash in the file to the computed hash for the file and the second will simply compute the MD5 hash for the file.

You can compare the results to the CCO values:

MD5 Checksum : 831b67adcf432fcf549073df619a0da9
SHA512 Checksum : 67ea08aa0a20dcf0ddb24f3f9fbb5ec138b02303c9d9977af00dfc1fb955c89f542ebd1525cd4b7d7aa58ec6067bb75e55ba16fc6f60689f0f9078b93f7eb90b

If the values are correct you know the file is correct and then you're facing a bug which you'll need Cisco TAC help to resolve - probably by a ROMMON upgrade which they can provide even if it's not been published.

 

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

Go to solution
BertrandM
Frequent Visitor
Frequent Visitor
In response to Rich R

‎08-18-2021 07:45 AM

Hi @Rich R ,

Thanks for your reply. The problem is the command "verify" doesn't exist in that Cellular Gateway. Thus I cannot verify the checksum.

 

0 Helpful

Go to solution
Rich R
VIP
VIP
In response to BertrandM

‎08-18-2021 08:08 AM - edited ‎08-18-2021 08:22 AM

Oh that's interesting @BertrandM !

I had gathered from previous posts that Cisco are using a very cut-down version of XE on those devices but makes no sense to remove basic core functionality like that! Who knows what the developers were thinking ....

Oh well - try the approach Leo suggested and if that doesn't work then TAC.

Since no install/bundle mode options I think you need to contact TAC.

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

Go to solution
BertrandM
Frequent Visitor
Frequent Visitor
In response to Rich R

‎08-19-2021 01:17 AM

Yes, we will have to ask Cisco directly.

Thanks @Leo Laohoo and @Rich R for your help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card