Sunday, April 19, 2015

Upgrading IOS in Cisco 2800 and 3800 Routers


Summary of Steps:
Download the new IOS image to your pc.
Copy the new IOS image to the router’s flash via FTP. (Or TFTP or USB)
Edit boot statement in the running-config.
Save the new configuration and reload.
Reload.
Fully test the router.

Download the new IOS image to your pc
Make sure that you’ve selected a similar or appropriate IOS version for your router and services needed. This is beyond the scope of this document, so, my suggestion is to choose a similarly named image (i.e. lanbase, advipservices, advsecurity, etc.). If you have any questions about this check with TAC.
When you download the new image, note the md5 checksum:



Also, note the size of the image, this example is roughly 55 MB.

Copy the new IOS image to the router’s flash via FTP
First check the size of flash memory in the router and how much is free:

RTR2821#dir flash:
Directory of flash:/

    2  -rw-       43846  May 15 2012 08:53:00 -05:00  0w2821_conf
    4  -rw-        1729  May 22 2012 13:39:08 -05:00  old_config
    5  -rw-         660  May 22 2012 15:22:12 -05:00  vlan.dat
    7  -rw-      491213  Mar 15 2007 16:37:42 -05:00  128MB.sdf
    8  -rw-    57754768  Jun 12 2013 20:57:26 -05:00  c2800nm-advipservicesk9-mz.124-24.T3.bin
    9  -rw-       15763  May 15 2014 03:10:46 -05:00  running-config

64016384 bytes total (5464064 bytes free)

You can see from above that we’ve got a 64 MB flash card and only 5.4 MB free. This means that we’ll have to delete the existing image from flash to make space for the new image. (Yes, this is safe, so long as you don’t reload before the new image gets copied to flash! Worst case scenario, it gets reloaded for some reason, just copy the image onto a compatible USB flash drive, insert the drive and reload. It should find the image and boot up. Just make sure to copy the image from USB to flash once you’ve booted up.)

RTR2821#del flash:c2800nm-advipservicesk9-mz.124-24.T3.bin
Delete flash:/c2800nm-advipservicesk9-mz.124-24.T3.bin? [confirm]   <<< press enter
RTR2821#

Now, using your favorite FTP server, copy the image to flash:
(Notice the error about "not a valid executable", I've seen this many times, it's usually safe to ignore, so long as you've got the right model chassis in the image name.)

RTR2821#copy  ftp://anonymous:anonymous@10.20.20.15/c2800nm-advipservicesk9-mz.124-24.T8.bin  flash:
Accessing ftp://*****:*****@10.20.20.15/c2800nm-advipservicesk9-mz.124-24.T8.bin...
%Warning: File not a valid executable for this system
Abort Copy? [confirm] no  <<< press enter

Loading c2800nm-advipservicesk9-mz.124-24.T8.bin !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 57777596/4096 bytes]

57777596 bytes copied in 543.200 secs (106365 bytes/sec)
RTR2821#

Alternately, if you're not remote, just use a USB drive:

RTR2821#copy  usbflash0:c2800nm-advipservicesk9-mz.124-24.T8.bin  flash:
Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
….

Verify the checksum once you've copied the new image to flash:
(This should match the md5sum value from Cisco's download site.)

RTR2821#verify /md5 flash:c2800nm-advipservicesk9-mz.124-24.T8.bin   
................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ..........................................................................................................................................................................................................................................Done!
verify /md5 (flash:c2800-advipservicesk9-mz.124-24.T8.bin) = 5c667f7810b88f1112799267e7f7235b

Edit boot statement in the running-config
Check the running-config to see if you've got a boot statement pointing to a particular image and location:

RTR2821#sh run
Building configuration...
!
boot-start-marker
boot system flash:c2800nm-advipservicesk9-mz.124-24.T3.bin
boot system usbflash0:c2800nm-advipservicesk9-mz.124-24.T3.bin
warm-reboot
boot-end-marker
!

We'll need to change that first statement for the flash:

RTR2821(config)#no boot system flash:c2800nm-advipservicesk9-mz.124-24.T3.bin
RTR2821(config)#no boot system usbflash0:c2800nm-advipservicesk9-mz.124-24.T3.bin
RTR2821(config)#boot system flash:c2800nm-advipservicesk9-mz.124-24.T8.bin
RTR2821(config)#boot system usbflash0:c2800nm-advipservicesk9-mz.124-24.T3.bin
RTR2821(config)#end

Save the new configuration
Since we changed the running-config, we'll need to save it:

RTR2821#write memory
Building configuration...

[OK]
RTR2821#

Reload
Now that your new image and boot statements are in place you can reload:
(Most 2800/3800 routers take roughly 5 minute to reboot fully. I highly recommend staying connected to the console to watch as the router reloads. This way you'll see any errors or warnings that may occur. Also, you should see your new image in the version information.)

RTR2821#reload
Proceed with reload? [confirm]

May 17 22:05:27.387 CDT: %SYS-5-RELOAD: Reload requested  by robertoj on console. Reload Reason: Reload Command.
May 17 22:05:27.407 CDT: %BGP-5-ADJCHANGE: neighbor 265.22.101.25 Down Peer closed the session

System Bootstrap, Version 12.4(13r)T5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2007 by cisco Systems, Inc.

Initializing memory for ECC
.
c2821 platform with 262144 Kbytes of main memory
Main memory is configured to 64 bit mode with ECC enabled


Upgrade ROMMON initialized
program load complete, entry point: 0x8000f000, size: 0xcb80

program load complete, entry point: 0x8000f000, size: 0x3719bf4
Self decompressing the image : ######################################################################################################################################################################################################################################################################################################################################## [OK]

Smart Init is enabled
smart init is sizing iomem
  ID            MEMORY_REQ                 TYPE
0003E8          0X00474800 C2821 Mainboard
                0X00264050 Onboard VPN
                0X000021B8 Onboard USB
                0X002C29F0 public buffer pools
                0X00211000 public particle pools
TOTAL:          0X00BAE3F8

If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.
Rounded IOMEM up to: 12Mb.
Using 4 percent iomem. [12Mb/256Mb]

 Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(24)T8, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Sun 09-Sep-12 04:01 by prod_rel_team


This product contains cryptographic features and is subject to United
States and local country laws governing blah, blah, blah.....

Installed image archive
Cisco 2821 (revision 52.46) with 249856K/12288K bytes of memory.
Processor board ID FHD0833F1B
2 Gigabit Ethernet interfaces
2 Serial interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
982512K bytes of USB Flash usbflash0 (Read/Write)
62720K bytes of ATA CompactFlash (Read/Write)

Kron: Policy Accepted, Policy daily-backup needs to be configured
*May 18 03:07:29.643: SERVICE_MODULE(Serial0/2/0): self test finished: Passed
*May 18 03:07:32.439: SERVICE_MODULE(Serial0/3/0): self test finished: Passed
*May 18 03:07:48.159: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Initialized
*May 18 03:07:48.167: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Enabled
*May 18 03:07:49.551: %USB_HOST_STACK-6-USB_DEVICE_CONNECTED: A Full speed USB device has been inserted in port 0.
*May 18 03:07:49.911: %LINEPROTO-5-UPDOWN: Line protocol on Interface VoIP-Null0, changed state to up
*May 18 03:07:49.911: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*May 18 03:07:49.915: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*May 18 03:07:49.915: %LINK-3-UPDOWN: Interface Serial0/2/0, changed state to down
*May 18 03:07:49.915: %LINK-3-UPDOWN: Interface Serial0/3/0, changed state to down
*May 18 03:07:50.383: %USBFLASH-5-CHANGE: usbflash0 has been inserted!
*May 18 03:07:50.911: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
*May 18 03:07:50.915: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
*May 18 03:07:50.915: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/2/0, changed state to down
*May 18 03:07:50.915: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to down
*May 17 21:07:52.323 CST: %SYS-6-CLOCKUPDATE: System clock has been updated from 03:07:52 UTC Sun May 18 2012 to 21:07:52 CST Sat May 17 2012, configured from console by console.
*May 17 22:07:52.327 CDT: %SYS-6-CLOCKUPDATE: System clock has been updated from 21:07:52 CST Sat May 17 2012 to 22:07:52 CDT Sat May 17 2012, configured from console by console.
May 17 22:07:52.771 CDT: Interface Multilink1 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
May 17 22:07:53.803 CDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
May 17 22:07:54.703 CDT: NTP Core (INFO): keys initilized.
May 17 22:07:54.759 CDT: %SYS-5-CONFIG_I: Configured from memory by console
May 17 22:07:54.919 CDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:access-list 199 permit icmp host 10.10.10.10 host 20.20.20.20
May 17 22:07:54.931 CDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:crypto map NiStTeSt1 10 ipsec-manual
May 17 22:07:54.931 CDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:match address 199

May 17 22:07:54.935 CDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:set peer 20.20.20.20

May 17 22:07:54.935 CDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:exit
May 17 22:07:54.943 CDT: %LINK-3-UPDOWN: Interface Serial0/2/0, changed state to up
May 17 22:07:54.967 CDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:no access-list 199
May 17 22:07:54.979 CDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:no crypto map NiStTeSt1
May 17 22:07:55.195 CDT: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
May 17 22:07:55.447 CDT: %LINK-3-UPDOWN: Interface Serial0/3/0, changed state to up
May 17 22:07:56.015 CDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
May 17 22:07:58.495 CDT: %SYS-5-RESTART: System restarted --
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(24)T8, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Sun 09-Sep-12 04:01 by prod_rel_team
May 17 22:07:58.503 CDT: %SNMP-5-COLDSTART: SNMP agent on host RTR2821 is undergoing a cold start
May 17 22:07:58.851 CDT: %SYS-6-BOOTTIME: Time taken to reboot after reload =  153 seconds
May 17 22:07:59.079 CDT: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
May 17 22:07:59.079 CDT: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
May 17 22:07:59.079 CDT: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
May 17 22:07:59.079 CDT: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
May 17 22:07:59.203 CDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
May 17 22:07:59.240 CDT: %LINK-3-UPDOWN: Interface Multilink1, changed state to up
May 17 22:07:59.812 CDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Multilink1, changed state to up
May 17 22:08:00.076 CDT: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 10.40.9.194 port 514 started - CLI initiated
May 17 22:08:00.076 CDT: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 10.41.32.11 port 514 started - CLI initiated
May 17 22:08:00.228 CDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to up
May 17 22:08:00.228 CDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/2/0, changed state to up
May 17 22:08:00.616 CDT: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 10.65.105.1 on interface GigabitEthernet0/0.121
May 17 22:08:04.372 CDT: %DHCPD-4-PING_CONFLICT: DHCP address conflict:  server pinged 10.65.105.2.
May 17 22:08:04.448 CDT: %BGP-5-ADJCHANGE: neighbor 265.22.101.25 Up
May 17 22:08:18.608 CDT: %TRACKING-5-STATE: 101 ip sla 101 state Down->Up
May 17 22:08:23.800 CDT: %RTT-4-OPER_TIMEOUT: condition occurred, entry number = 500
May 17 22:08:23.812 CDT: %RTT-3-IPSLATHRESHOLD: IP SLAs(500): Threshold Occurred for timeout
May 17 22:08:23.816 CDT: %RTT-4-OPER_TIMEOUT: condition occurred, entry number = 520
May 17 22:08:23.828 CDT: %RTT-3-IPSLATHRESHOLD: IP SLAs(520): Threshold Occurred for timeout
May 17 22:08:37.636 CDT: NTP Core (INFO): peer 10.39.255.254 event 'event_reach' (0x84) status 'unreach, conf, 1 event, event_reach' (0x8014)
May 17 22:08:38.608 CDT: %TRACKING-5-STATE: 3 ip sla 3 state Down->Up
May 17 22:08:38.608 CDT: %TRACKING-5-STATE: 5 ip sla 5 state Down->Up
May 17 22:08:53.824 CDT: %RTT-4-OPER_TIMEOUT: condition cleared, entry number = 500
May 17 22:08:53.840 CDT: %RTT-3-IPSLATHRESHOLD: IP SLAs(500): Threshold Cleared for timeout
May 17 22:08:53.856 CDT: %RTT-4-OPER_TIMEOUT: condition cleared, entry number = 520
May 17 22:08:53.868 CDT: %RTT-3-IPSLATHRESHOLD: IP SLAs(520): Threshold Cleared for timeout You have logged onto a XYZ Device

Fully test the router
Now that you've successfully upgraded, it's time to test the router. Check that all the interfaces come up, including any encrypted tunnels, multilink bundles, etc. Also, perform all normal operations associated with the router. Such as, accessing the internet, placing phone calls, accessing data centers, etc.

Congrats!! You're done.


User's also viewed these links:
cisco phone boot basics
cisco port security




No comments:

Post a Comment