Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Cisco 4500X IOS upgrade through ISSU

Hi,

I am having 2 number of cisco 4500x switch and configured with VSS

so one switch is active and another switch is standby.

I am panning to upgrade IOS through ISSU

i read in document that it required auto boot enable in switch.

My switch current Configuration register = 0x2101

do i need to change config register or this will ok. If need to change then what will be auto boot and after IOS upgrade do i need to change it again.

Please help....

22 REPLIES
Hall of Fame Super Blue

Configuration Register value

Configuration Register value of 0x2101 is, by default, the setting when the appliance or supervisor is shipped out.  The last octet of "1" basically tells the appliance to IGNORE the boot variable string and boot the first valid IOS (from top to bottom) found in the bootflash.  

The easiest and fastest way to do an IOS upgrade on a VSS pair is very simple.  

 

1.  Copy the IOS from the TFTP server to the active unit using the command "copy tftp://<TFTP IP address>/IOS_filename.bin bootflash:";

2.  Copy the IOS from the TFTP server to the standby unit using the command "copy tftp://<TFTP IP address>/IOS_filename.bin slavebootflash:";

3.  Remove the old boot variable string:  no boot system flash

4.  Change to the new boot variable string:  boot system flash bootflash:IOS_filename.bin

5.  Change the config-registry value to 0x2102:  config-registry 0x2102

6.  Reboot. 

 

Now be aware that, like any 4500 supervisor card and 6500 supervisor card, if you change the config-registry to 0x2102 and you DO NOT HAVE a boot variable string (or a valid one), the your switch will reboot into ROMmon.  So please take good care in entering the right boot variable string.

 

Hope this helps.  

 

Please don't forget to rate our useful posts.  

Everyone's tags (1)
Hall of Fame Super Blue

I would like to present to

I would like to present to you Option 2.  

 

Now, if you do not want to change the config-registry value to 0x2102, this means that you would like config-registry value of 0x2101, there's another option around this.  

 

And the process is almost similar.  

 

1.  Copy the IOS from the TFTP server to the active unit using the command "copy tftp://<TFTP IP address>/IOS_filename.bin bootflash:";

2.  Copy the IOS from the TFTP server to the standby unit using the command "copy tftp://<TFTP IP address>/IOS_filename.bin slavebootflash:";

3.  RENAME the old IOS in both units:  

Active:  rename bootflash:OLD_IOS_filename.bin bootflash:OLD_IOS_filename.bin.BAK

Standby:  rename slavebootflash:OLD_IOS_filename.bin slavebootflash:OLD_IOS_filename.bin.BAK

4.  Reboot.

 

You need to rename the old IOS because if you don't then there's a chance that one of the VSS pairs will boot the OLD IOS if the file is found to be above the new IOS file.

Everyone's tags (1)
Community Member

Hi Leo,while giving below

Hi Leo,

while giving below command on active switch.

Switch# issu loadversion [active-slot] active-image-new [standby-slot] standby-image-new

I am getting error "Active config-register does not have 0x0002 as the low order nible"

Hall of Fame Super Blue

Tarun,  I cannot comment ISSU

Tarun, 

 

I cannot comment ISSU because I've attempted to use this process in the past and they never worked.  

 

The process I've detailed above is a known "workaround" to stop either one or two of your supervisors going into a boot-error-crash loop.  

Community Member

Thnx Leo, I have upgraded IOS

Thnx Leo, I have upgraded IOS individually in both of switch and working fine.

 

Hall of Fame Super Blue

Happy to hear it's working

Happy to hear it's working Tarun. 

 

Tell us, which option did you use?  Did you use the Option 1 (change the config-register to 0x2102) or use Option 2 (maintain the config-register of 0x2101)?

Community Member

I have worked with default

I have worked with default config-regester 0x2101

Hall of Fame Super Blue

Ok, thanks for the update

Ok, thanks for the update Tarun.

Community Member

Hey Leo,  I was thinking

Hey Leo,  I was thinking about doing our 4500x vss pair upgrade through ISSU.  Did you say that you were having trouble with ISSU, so you did the upgrade on each switch individually?  Did you take down the network?

Hall of Fame Super Blue

Did you take down the network

Did you take down the network?

Whichever process used, it will ALWAYS take down the network.  So the answer to the question is, yes, I took down the network. 

Did you say that you were having trouble with ISSU, so you did the upgrade on each switch individually?

Each switch pair was upgraded individually and both units were reloaded simultaneously.

Community Member

Really??  Why would ISSU

Really??  Why would ISSU state in their documentation that "as long as SSO and NSF are enabled, you don't have to take down the network and you can individually perform the updates"

Hall of Fame Super Blue

you can individually perform

you can individually perform the updates

This is correct.  Anyone can copy the IOS into the box and, in an ideal condition, without an outage.  However, when ISSU is performed the secondary line card reboots and the primary line card stays online.  When this occurs, single-homed devices or devices with incorrectly configured etherchannel will fail.  

When the secondary line card goes online, the primary will failover.  During this failover, the same scenario above will be repeated again, i.e. single-homed devices or devices with incorrectly configured etherchannel will fail.

Some might say, sure they have theirs upgraded without any impact, however, I am not taking any chances.  The first time I did an ISSU, and we followed the procedure to the letter, my VSS pair went into a boot-error-crash loop and it took out our entire wireless network.  The only way to stop this was to pull out the supervisor card or power down the chassis.  I ain't repeating that nightmare again. 

Community Member

Man, that sucks!  I have

Man, that sucks!  I have given everyone the notice that this might potentially happen, so I'm at least anticipating it.  I'm doing the upgrade for 3 Distribution switches that are VSS pairs.  Every single edge switch has one uplink on each of the VSS pairs, so everything is fully redundant.  Our WLC is connected to another 4500x that connects to all our Distribution switches...fully redundant also.  Fingers x'd

Hall of Fame Super Blue

Man, that sucks!

Man, that sucks!

We had proper change control in place and had anticipated a "moderate" outage.  Took all of us by surprise.  

So from now on, anyone (in our office) who utters the abbreviation FSU, eFSU and ISSU will be greeted with a well-aimed Citrix rocket and followed by threats of bodily harm ... using toothpicks & pitchforks.

10006
Views
30
Helpful
22
Replies
CreatePlease to create content