Kingston 32Gb USB Flash with Metal Casing-Using a Kingston USB stick to upgrade the IOS on a Cisco 4500X Switch
How to upgrade the IOS/Software on a Cisco 4500X switch? A Consultant named Roger Perkin (Who is for a Cisco Gold Partner in the UK) shared his experience of Upgrading IOS on Cisco 4500X Switch. What’s it? Let’s have a look.
Roger Perkin said that it will not be covering how to do a hitless upgrade using ISSU with 2 switches in a VSS pair. This process is performed on two switches which are not in production. So to perform the upgrade he has disconnected the VSS link and will upgrade each switch in turn and will then connect the VSS link again.
First copy your image file into the bootflash: of the switch, this can be done via TFTP or USB.
USB is the much easier solution, for this to work you need a compatible USB stick, I have always used a Kingston brand and have never had any problems.(This is the exact USB stick he used for upgrading IOS on Cisco Switches)
Insert the USB stick into the slot on the front of the Cisco 4500X switch as shown above.
From the CLI issue the command dir usbb0: If you get (No such device) your USB is not supported
%Error opening usb0:/ (No such device)
If your USB is supported this is the output you will see
Directory of usb0:/
176 -rwx 173555452 Mar 23 2015 18:59:44 +00:00 cat4500e-universalk9.SPA.03.05.03.E
You now need to copy this image from the USB to the bootflash: using the following command
copy usb0:cat4500e-universalk9.SPA.03.05.03.E.152-1.E3.bin bootflash:
This will copy the image onto the bootflash of the switch.
You now need to tell the switch to boot this image.
There are 2 options to do this – Option 1 Rename old IOS
By default the config-register of the switches will be set to 0x2101 when the appliance is shipped out.
The last octet of “1” basically tells the appliance to IGNORE the boot variable string and boot the first valid IOS
(from top to bottom) found in the bootflash.
So you can either delete the old image or rename it. I prefer to rename it.
rename bootflash:OLD_IOS_filename.bin bootflash:OLD_IOS_filename.bin
If you now reload the switch it will boot the newer image.
Option 2 – change boot variable and config-register
The second option is to create a new boot variable
In global config enter the command.
boot system flash bootflash:cat4500e-universalk9.SPA.03.05.03.E.152-1.E3.bin (or your new image name)
Just this will not do anything as with the config register set to 0X2101 it will ignore the boot variable set.
If you change the config-register to 0X2102 the switch will then reference the boot variable.
In global config
Save the config and reload the switch.
You may need to delete any other boot variable settings
Check this with sh ver | inc boot
If there is a second one referencing the old image delete it.
Repeat this operation on the second switch and when both have booted using the new image connect up the VSS link.
Reference from http://www.rogerperkin.co.uk/ccie/switching/4500x/how-to-upgrade-ios-on-cisco-4500x-switch/
More Topics Related to Cisco 4500 Series
Two new redundant chassis, the Catalyst 4507R+E and 4510R+E had been introduced to Cisco Catalyst 4500E family. What’s the new of them? WS-C4507R+E, as the name, is a new 7-slot redundant chassis. And WS-C4510R+E, is a 10-slot redundant chassis. WS-C4507R+E continues to support five line card slots and two supervisor slots, like the WS-C4507R-E chassis. Similarly, the WS-C4510R+E chassis continues to support eight line card slots and two supervisor slots, like the WS-C4510R-E chassis.
Compared to the previous WS-C4507R-E and WS-C4510R-E (they are End-of-Sale & End-of-Life), the new WS-C4507R+E and WS-C4510R+E chassis support 48 Gbps bandwidth per line card slot. Also, WS-C4503-E and WS-C4506-E are already capable of supporting 48 Gbps bandwidth per line card slot.
The Cisco Catalyst 4507R+E and 4510R+E chassis offer the following benefits:
• Bandwidth capacity: The new chassis are capable of providing up to 848 Gbps switching capacity at 48 Gb per slot. This provides investment protection and the capability to meet future high-bandwidth requirements in the network.
• Redundant power supplies: The Cisco Catalyst 4507R+E and 4510R+E chassis have two bays for the power supplies to help maximize system uptime.
• Redundant supervisor engines: To facilitate nonstop operations, the new chassis have two dedicated slots for supervisor engines.
• AC and DC power options: The new chassis support both AC and DC power supply options. For AC power, 1300 watts (W), 1400W, 2800W, 4200W, and 6000W power supplies are available. For DC power, 1400W DC power supplies are available.
• Standards compliance: The Cisco Catalyst 407R+E and 4510R+E comply with Network Equipment Building Standards (NEBS).
WS-C4507R+E and WS-C4510R+E, both support Supervisor Engine 8-E, Supervisor Engine 7L-E and Supervisor Engine 7-E.
Note: Refer to your software release notes for the minimum software release versions required to support the supervisor engines.
- Supervisor engines must be installed in slot 3 or in slot 4.
- Supervisor engine redundancy is supported in this chassis.
Note: The Catalyst 4507R+E and 4510R+E switch supports 1+1 supervisor-engine redundancy. With the support of stateful switchover (SSO), the secondary supervisor engine serves as a backup to immediately take over after a primary supervisor failure. During the switchover, Layer 2 links are maintained transparently without the need to renegotiate sessions.
The Catalyst 4507R+E and 4510R+E switch support one or two power supplies. The following power supplies are supported:
–1000 W AC-input power supply (PWR-C45-1000AC)
–1400 W AC-input power supply (PWR-C45-1400AC)
–1300 W AC-input power supply (PWR-C45-1300ACV)
–2800 W AC-input power supply (PWR-C45-2800ACV)
–4200 W AC-input power supply (PWR-C45-4200ACV)
–6000 W AC-input power supply (PWR-C45-6000ACV)
–9000 W AC-input power supply (PWR-C45-9000ACV)
–1400 W DC-input power supply, triple-input (PWR-C45-1400DC)
–1400 W DC-input power supply with integrated PEM (PWR-C45-1400DC-P)
–External AC power shelf (WS-P4502-1PSU)
- All Catalyst 4500 series AC-input power supplies require single-phase source AC.
- Source AC can be out of phase between multiple power supplies or multiple AC-power plugs on the same power supply because all AC power supply inputs are isolated.
- Single power supplies are installed in the left power supply bay. The second power supply is installed in the right power supply bay.
Note: For proper operation of the power supply OUTPUT FAIL LED, systems with single power supplies must be configured with a minimum of one fan tray and one supervisor engine. Systems with dual power supplies must have a minimum configuration of one fan tray, one supervisor engine, and one additional module. Failure to meet these minimum configuration requirements can cause a false power supply output fail signal.
…More info: Some simple questions about the New Cisco Catalyst 4500 E-Series Redundant Chassis you can read here
More Related Cisco 4500E Topics
Simplify Access Control without Network Redesign
What’s the Cisco TrustSec Software? What benefits will you get from this Security Solution? You should read some tips about this. Nowadays, we know that business demand for cloud services, mobility, and the Internet of Things (IoT) has created exponential network growth and complexity. It has introduced risk, too. Each new user, device, and data connection represents a potential attack entry point. So your attack surface is expanding. How to deal with these? Now you can control the situation with Cisco TrustSec. Embedded in your existing Cisco network infrastructure, the TrustSec security solution simplifies the provisioning and management of network access control. It uses software-defined segmentation to classify network traffic and enforce policies for more flexible access controls. Traffic classification is based on endpoint identity, not IP address, enabling policy change without network redesign.
TrustSec is powered by the Cisco Identity Services Engine. The centralized policy management platform gathers advanced contextual data about who and what is accessing your network. It then uses security group tags to define roles and access rights and pushes the associated policy to your TrustSec-enabled network devices, such as switches, routers, and security equipment.
You get better visibility through richer contextual information, are better able to detect threats, and accelerate remediation. So you can reduce the impact and costs associated with a potential breach.
What are the Main Benefits You can Get?
• Quickly isolate and contain threats using technology already in your network.
• Limit the impact of data breaches by dynamically segmenting your network.
• Centrally apply and enforce granular and consistent policies across wired, wireless, and remote-access users and devices.
• Reduce operational expenses by defining firewall and access control rules based on asset or application context.
• Easily provide dynamic campus segmentation to enforce security policies in quickly changing environments without provisioning and maintaining access control lists.
• Cater to changing workforces and business relationships by defining security groups based on business roles, not IP addresses.
How It Works
Traditional network segmentation approaches use IP-address-based access control lists (ACLs), VLAN segmentation, and firewall policies that require extensive manual maintenance. Cisco TrustSec simplifies the effort by dynamically grouping machines into objects, called security groups, and provisioning security policies between those objects.
The interaction of systems is determined by the security-group-based policies, eliminating the need for VLAN or address-based policy provisioning. TrustSec is available in virtual and physical switches and treats virtual and physical workloads across the campus and data center consistently.
“Effective network segmentation... reduces the extent to which an adversary can move across the network.”
US Department of Homeland Security
United States Computer Emergency Readiness Team