Cisco 25xx IOS Upgrade

http://www.sdnp.undp.org/rc/areas/tech/setup/cisco-upgrade.html

Upgrading cisco IOS can be tricky if it is your only connection to the Internet. If you screw up and need help, you can't go to www.cisco.com or search newsgroups at DejaNews any more. So I suggest that you get Cisco documentation CD-ROM handy and also download this document and the documents listed below before you start.

You will need new "IOS image" which contains newer (or one with more features) release of the system. Unless you have an (expensive) support contract with cisco, you ususally have to pay for them, unless it is only bugfix upgrade. Note that different IOS versions have different memory requirements. Many cisco 25xx came with 4MB of flash ROM memory (more expensive) and 1MB RAM (easy to upgrade, use SIMMs). Newer ciscos 25xx come with 8MB flash and 2MB RAM default. You can order more when purchasing the cisco, but cisco prices on memory are quite high. RAM usage is highly dependant on what you are doing (eg. whether you use routing protocols, access lists etc). Basic terminal server (such as zaque) is fine with 1MB RAM, even though cisco recommends minimum 4MB RAM with any IOS 11.* . Flash ROM holds IOS and that's the one you have to worry about when upgrading or selecting IOS version. Last IOS version that fits into 4MB flash is 11.1(20) - this is true for basic IP feature setm, if you need more features, the flash ROM requirements can be higher. Starting with 11.2, newer IOS versions require 8MB flash. Here is a list of several documents with details on the stuff below, which might come usefull if anything goes wrong.

tftp server setup

For the procedure described below you will need a working tftp server, preferably on the same LAN as cisco. tftp is a very simple (and also very insecure) file transport protocol, often used for net-boot of diskless workstations. It's also extensively used for remote managenment of cisco config files. It doesn't use any access control mechanism (such as passwords), so you probably either want to disable it after you are done, or restrict it's use by the firewall rule. Virtually all unices some with tftp server, which is disabled by default. The following is how you enable it on RH Linux 5.* (and probably all other Linux versions).
  • # mkdir /tftpboot
  • # chmod 666 /tftpboot
  • edit file /etc/inetd.conf, uncoment line
    tftp dgram udp wait root /usr/sbin/tcpd in.tftpd
  • # killall -1 inetd
For (primitive) security reasons, tftp clients can only download or upload files withing /tftpboot directory which already exist and are world read-writable. So for every file you want to download to client (ie. cisco) do
  • # cp filename /tftpboot/filename
  • # chmod 666 /tftpboot/filename
and for every file you want to upload (eg. cisco config file) do
  • # touch /tftpboot/zemzem-confg
  • # chmod 666 /tftpboot/zemzem-confg
The first step described below is a good step of your tftp server setup.

IOS upgrade

This is captured telnet session of zemzem (cisco 2501) upgrade from IOS 11.2(14) (with IP PLUS feature set) to IOS 11.2(15) using tftp server 10.0.0.79. You can do the whole thing remotely, but it's safer to use direct (serial) console connection for it.

The procedure involves several reboots of cisco. In addition to that during the step 2 your router will run boot-ROM version of IOS, which may be very old and not capable to perform all tasks your cisco is configured for. Not mentioning the service interruptions if soemthing goes wrong. So you should plan fro the upgrade for some time router is not heavily used :-)

Step 1 - review cisco IOS version, status of flash ROM, backup configuration and current version of IOS to tftp server. If your tftp server is not setup properly (or the files you are uploading don't exist or are not world red/writeable), you will get error messages for wri n and copy flash tftp commands. Here is the outline what we will do:

  • review IOS version, flash size and status, normal config register value
  • review IOS images (probably only 1) stored in flash
  • save (upload) configuration file to tftp server
  • load configuration file back from the tftp server as a test
  • backup current IOS image (in flash) to tftp server
  • change config-register (and review it's state using sh ver)
  • reboot (into new mode given by config-register)
As success some of the steps (tftp uploads) depends on proper tftp server setup, you may spend some time tuning it. Note that none of these actions is "destructive", so you can do this even during normal use. It's only after changing config-register and reboot when the things start to be funny. If you are unable to upload or download files from tftp server, don't continue, but fix it first! You will need the files you upload here later or if something goes wrong.
sdnhq[honza]> telnet zemzem
Trying 10.0.0.1...
Connected to zemzem.
Escape character is '^]'.


User Access Verification

Username: login
Password: 
zemzem>en
Password: 
zemzem#sh ver
Cisco Internetwork Operating System Software 
IOS (tm) 2500 Software (C2500-IS-L), Version 11.2(14), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1998 by cisco Systems, Inc.
Compiled Mon 18-May-98 12:43 by tlane
Image text-base: 0x0302F4E4, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFT
WARE (fc1)

zemzem uptime is 1 day, 16 hours, 26 minutes
System restarted by reload
System image file is "flash:c2500-is-l.112-14", booted via flash
Host configuration file is "zemzem-confg", booted via tftp from 10.0.0.79

cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory.
Processor board ID 08363366, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

zemzem#sh flash

System flash directory:
File  Length   Name/status
  1   5895768  c2500-is-l.112-14  
[5895832 bytes used, 2492776 available, 8388608 total]
8192K bytes of processor board System flash (Read ONLY)

zemzem#wri n
Remote host [10.0.0.79]? 10.0.0.79
Name of configuration file to write [zemzem-confg]? zemzem-confg
Write file zemzem-confg on host 10.0.0.79? [confirm]
Building configuration...

Writing zemzem-confg !! [OK]
zemzem#conf n
Host or network configuration file [host]? 
Address of remote host [10.0.0.79]? 10.0.0.79
Name of configuration file [zemzem-confg]? zemzem-confg
Configure using zemzem-confg from 10.0.0.79? [confirm]
Loading zemzem-confg from 10.0.0.79 (via Ethernet1): !
[OK - 1918/32723 bytes]

zemzem#copy flash tftp

System flash directory:
File  Length   Name/status
  1   5895768  c2500-is-l.112-14  
[5895832 bytes used, 2492776 available, 8388608 total]
Address or name of remote host [255.255.255.255]? 10.0.0.79
Source file name? c2500-is-l.112-14
Destination file name [c2500-is-l.112-14]? c2500-is-l.112-14 
Verifying checksum for 'c2500-is-l.112-14' (file # 1)...  OK
Copy 'c2500-is-l.112-14' from Flash to server
  as 'c2500-is-l.112-14'? [yes/no]yes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Upload to server done
Flash copy took 00:01:18 [hh:mm:ss]
zemzem#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
zemzem(config)#config-register 0x2101
zemzem(config)#^Z
zemzem#sh ver
Cisco Internetwork Operating System Software 
IOS (tm) 2500 Software (C2500-IS-L), Version 11.2(14), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1998 by cisco Systems, Inc.
Compiled Mon 18-May-98 12:43 by tlane
Image text-base: 0x0302F4E4, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFT
WARE (fc1)

zemzem uptime is 1 day, 16 hours, 31 minutes
System restarted by reload
System image file is "flash:c2500-is-l.112-14", booted via flash
Host configuration file is "zemzem-confg", booted via tftp from 10.0.0.79

cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory.
Processor board ID 08363366, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102 (will be 0x2101 at next reload)

zemzem#wri
Building configuration...
[OK]
zemzem#reload
Proceed with reload? [confirm]
Connection closed by foreign host.
sdnhq[honza]> 

Step 2 - cisco now reboots in "boot-mode", running boot-ROM version of IOS (boot-ROM is another piece of physical memory in cisco, non-upgradable). It containd simpe version of IOS, which possibly cannot do everything your cisco is normally configured for. It can setup IP on ethernet interfaces and accept telnet sessions though. The mode is given by the value of "config-register". In mode 0x2101, flash ROM is also in read/write mode.

Actions:

  • review boot-IOS version, flash ROM status (should be R/W)
  • download new IOS image (presumably you already placed it on tftp server) - this will also erase current flash ROM contents
  • set the config-register back to normal value
  • reboot (to normal mode) - you are asked to save config here. It's better not to do it (as we are currently running incomplete IOS), but even if you do it, you don't have to worry - we already have backup of config on tftp server

sdnhq[honza]> telnet zemzem
Trying 10.0.0.1...
Connected to zemzem.
Escape character is '^]'.


User Access Verification

Username: login
Password: 
zemzem(boot)>en
Password: 
zemzem(boot)#sh ver
Cisco Internetwork Operating System Software 
IOS (tm) 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWA
RE (fc1)
Copyright (c) 1986-1996 by cisco Systems, Inc.
Compiled Fri 27-Dec-96 17:33 by loreilly
Image text-base: 0x01010000, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE

zemzem uptime is 1 minute
System restarted by reload
Running default software

cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory.
Processor board ID 08363366, with hardware revision 00000000
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
2 Ethernet/IEEE 802.3 interfaces.
2 Serial network interfaces.
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2101

zemzem(boot)#copy tftp flash

System flash directory:
File  Length   Name/status
  1   5895768  c2500-is-l.112-14  
[5895832 bytes used, 2492776 available, 8388608 total]
Address or name of remote host [255.255.255.255]? 10.0.0.79
Source file name? c2500-is-l.112-15.bin
Destination file name [c2500-is-l.112-15.bin]? c2500-is-l.112-15.bin 
Accessing file 'c2500-is-l.112-15.bin' on 10.0.0.79...
Loading c2500-is-l.112-15.bin from 10.0.0.79 (via Ethernet1): ! [OK]

Erase flash device before writing? [confirm]
Flash contains files. Are you sure you want to erase? [confirm]

Copy 'c2500-is-l.112-15.bin' from server
  as 'c2500-is-l.112-15.bin' into Flash WITH erase? [yes/no]yes
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased
Loading c2500-is-l.112-15.bin from 10.0.0.79 (via Ethernet1): !!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!
[OK - 5895436/8388608 bytes]

Verifying checksum...  OK (0x61A0)
Flash copy took 0:03:02 [hh:mm:ss]
zemzem(boot)#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
zemzem(boot)(config)#config-register 0x2102
zemzem(boot)(config)#^Z
zemzem(boot)#sh ver
Cisco Internetwork Operating System Software 
IOS (tm) 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWA
RE (fc1)
Copyright (c) 1986-1996 by cisco Systems, Inc.
Compiled Fri 27-Dec-96 17:33 by loreilly
Image text-base: 0x01010000, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE

zemzem uptime is 5 minutes
System restarted by reload
Running default software

cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory.
Processor board ID 08363366, with hardware revision 00000000
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
2 Ethernet/IEEE 802.3 interfaces.
2 Serial network interfaces.
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2101 (will be 0x2102 at next reload)

zemzem(boot)#reload

System configuration has been modified. Save? [yes/no]: no
Proceed with reload? [confirm]
Connection closed by foreign host.
sdnhq[honza]>

Step 3 - we rebooted back to normal mode, shoudl be running new version of IOS now. Load the saved config.

Actions:

  • review IOS version, flash ROM status (should be R/O)
  • load (previously saved) config file from tftp server
  • save the configuration to NVRAM

sdnhq[honza]> telnet zemzem
Trying 10.0.0.1...
Connected to zemzem.
Escape character is '^]'.


User Access Verification

Username: login
Password: 
zemzem>en
Password: 
zemzem#sh ver
Cisco Internetwork Operating System Software 
IOS (tm) 2500 Software (C2500-IS-L), Version 11.2(15), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1998 by cisco Systems, Inc.
Compiled Tue 07-Jul-98 21:56 by tmullins
Image text-base: 0x0302F154, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFT
WARE (fc1)

zemzem uptime is 0 minutes
System restarted by reload
System image file is "flash:c2500-is-l.112-15.bin", booted via flash

cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory.
Processor board ID 08363366, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

zemzem#conf n
Host or network configuration file [host]? 
Address of remote host [255.255.255.255]? 10.0.0.79
Name of configuration file [zemzem-confg]? zemzem-confg
Configure using zemzem-confg from 10.0.0.79? [confirm]
Loading zemzem-confg from 10.0.0.79 (via Ethernet1): !
[OK - 1953/32723 bytes]

zemzem#wri
Building configuration...
[OK]
zemzem#exit
Connection closed by foreign host.
sdnhq[honza]> 

Notes

Problems with enable password on old ciscos - boot-ROM IOS on old ciscos doesn't understand enable secret config password, only outdated enable password (which is insecure and generaly should not be used). In such a case you might not be able to enter enable mode in step 2, getting error messages such as "password required but none set" (it happenned to me on zaque, our old 2509 with boot-IOS version 4.14(9.1)). If that happen, you have to use part of password recovery procedure as described in document referred above, specifically these steps - attaching to cisco console, cold-booting cisco, breaking the boot sequence, changing config-register to value 0x42 using boot-monitor command and rebooting again.

You can save yourself this work if you enter enable password <passwd> and wri in step 1 and remove it using no enable password and wri in step 3.

If something goes wrong - this depends on the steps done so far. If cisco doesn't reboot after step 1, you can use part of "password recovery procedure" and set config-register to 0x2102 using boot-monitor prompt - cisco should boot back to old IOS. If it doesn't boot after step 2, use the same procedure to set the config-register to 0x2101 - cisco should boot back to boot-ROM IOS and you can repeat step 2 downloading back previous version of IOS.


| Areas | Management | Training | Technical |