cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
20370
Views
35
Helpful
24
Replies

Cisco 4500X IOS upgrade through ISSU

Tarunkumar Vyas
Level 1
Level 1

Hi,

I am having 2 number of cisco 4500x switch and configured with VSS

so one switch is active and another switch is standby.

I am panning to upgrade IOS through ISSU

i read in document that it required auto boot enable in switch.

My switch current Configuration register = 0x2101

do i need to change config register or this will ok. If need to change then what will be auto boot and after IOS upgrade do i need to change it again.

Please help....

24 Replies 24

Leo Laohoo
Hall of Fame
Hall of Fame

Configuration Register value of 0x2101 is, by default, the setting when the appliance or supervisor is shipped out.  The last octet of "1" basically tells the appliance to IGNORE the boot variable string and boot the first valid IOS (from top to bottom) found in the bootflash.  

The easiest and fastest way to do an IOS upgrade on a VSS pair is very simple.  

 

1.  Copy the IOS from the TFTP server to the active unit using the command "copy tftp://<TFTP IP address>/IOS_filename.bin bootflash:";

2.  Copy the IOS from the TFTP server to the standby unit using the command "copy tftp://<TFTP IP address>/IOS_filename.bin slavebootflash:";

3.  Remove the old boot variable string:  no boot system flash

4.  Change to the new boot variable string:  boot system flash bootflash:IOS_filename.bin

5.  Change the config-registry value to 0x2102:  config-registry 0x2102

6.  Reboot. 

 

Now be aware that, like any 4500 supervisor card and 6500 supervisor card, if you change the config-registry to 0x2102 and you DO NOT HAVE a boot variable string (or a valid one), the your switch will reboot into ROMmon.  So please take good care in entering the right boot variable string.

 

Hope this helps.  

 

Please don't forget to rate our useful posts.  

I would like to present to you Option 2.  

 

Now, if you do not want to change the config-registry value to 0x2102, this means that you would like config-registry value of 0x2101, there's another option around this.  

 

And the process is almost similar.  

 

1.  Copy the IOS from the TFTP server to the active unit using the command "copy tftp://<TFTP IP address>/IOS_filename.bin bootflash:";

2.  Copy the IOS from the TFTP server to the standby unit using the command "copy tftp://<TFTP IP address>/IOS_filename.bin slavebootflash:";

3.  RENAME the old IOS in both units:  

Active:  rename bootflash:OLD_IOS_filename.bin bootflash:OLD_IOS_filename.bin.BAK

Standby:  rename slavebootflash:OLD_IOS_filename.bin slavebootflash:OLD_IOS_filename.bin.BAK

4.  Reboot.

 

You need to rename the old IOS because if you don't then there's a chance that one of the VSS pairs will boot the OLD IOS if the file is found to be above the new IOS file.

Hi Leo,

while giving below command on active switch.

Switch# issu loadversion [active-slot] active-image-new [standby-slot] standby-image-new

I am getting error "Active config-register does not have 0x0002 as the low order nible"

Tarun, 

 

I cannot comment ISSU because I've attempted to use this process in the past and they never worked.  

 

The process I've detailed above is a known "workaround" to stop either one or two of your supervisors going into a boot-error-crash loop.  

Thnx Leo, I have upgraded IOS individually in both of switch and working fine.

 

Happy to hear it's working Tarun. 

 

Tell us, which option did you use?  Did you use the Option 1 (change the config-register to 0x2102) or use Option 2 (maintain the config-register of 0x2101)?

I have worked with default config-regester 0x2101

Ok, thanks for the update Tarun.

Hey Leo,  I was thinking about doing our 4500x vss pair upgrade through ISSU.  Did you say that you were having trouble with ISSU, so you did the upgrade on each switch individually?  Did you take down the network?

Did you take down the network?

Whichever process used, it will ALWAYS take down the network.  So the answer to the question is, yes, I took down the network. 

Did you say that you were having trouble with ISSU, so you did the upgrade on each switch individually?

Each switch pair was upgraded individually and both units were reloaded simultaneously.

Really??  Why would ISSU state in their documentation that "as long as SSO and NSF are enabled, you don't have to take down the network and you can individually perform the updates"

you can individually perform the updates

This is correct.  Anyone can copy the IOS into the box and, in an ideal condition, without an outage.  However, when ISSU is performed the secondary line card reboots and the primary line card stays online.  When this occurs, single-homed devices or devices with incorrectly configured etherchannel will fail.  

When the secondary line card goes online, the primary will failover.  During this failover, the same scenario above will be repeated again, i.e. single-homed devices or devices with incorrectly configured etherchannel will fail.

Some might say, sure they have theirs upgraded without any impact, however, I am not taking any chances.  The first time I did an ISSU, and we followed the procedure to the letter, my VSS pair went into a boot-error-crash loop and it took out our entire wireless network.  The only way to stop this was to pull out the supervisor card or power down the chassis.  I ain't repeating that nightmare again. 

Man, that sucks!  I have given everyone the notice that this might potentially happen, so I'm at least anticipating it.  I'm doing the upgrade for 3 Distribution switches that are VSS pairs.  Every single edge switch has one uplink on each of the VSS pairs, so everything is fully redundant.  Our WLC is connected to another 4500x that connects to all our Distribution switches...fully redundant also.  Fingers x'd

Man, that sucks!

We had proper change control in place and had anticipated a "moderate" outage.  Took all of us by surprise.  

So from now on, anyone (in our office) who utters the abbreviation FSU, eFSU and ISSU will be greeted with a well-aimed Citrix rocket and followed by threats of bodily harm ... using toothpicks & pitchforks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco