Overblog Follow this blog
Administration Create my blog
Cisco & Cisco Network Hardware News and Technology

An Example to Upgrade IOS on Cisco 4500X Switch

July 22 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Kingston 32Gb USB Flash with Metal Casing-Using a Kingston USB stick to upgrade the IOS on a Cisco 4500X Switch

Kingston 32Gb USB Flash with Metal Casing-Using a Kingston USB stick to upgrade the IOS on a Cisco 4500X Switch

How to upgrade the IOS/Software on a Cisco 4500X switch? A Consultant named Roger Perkin (Who is for a Cisco Gold Partner in the UK) shared his experience of Upgrading IOS on Cisco 4500X Switch. What’s it? Let’s have a look.

Roger Perkin said that it will not be covering how to do a hitless upgrade using ISSU with 2 switches in a VSS pair. This process is performed on two switches which are not in production. So to perform the upgrade he has disconnected the VSS link and will upgrade each switch in turn and will then connect the VSS link again.

First copy your image file into the bootflash: of the switch, this can be done via TFTP or USB.

USB is the much easier solution, for this to work you need a compatible USB stick, I have always used a Kingston brand and have never had any problems.(This is the exact USB stick he used for upgrading IOS on Cisco Switches)

Insert the USB stick into the slot on the front of the Cisco 4500X switch as shown above.

From the CLI issue the command dir usbb0: If you get (No such device) your USB is not supported

4500X-SW-01#dir usb0:

%Error opening usb0:/ (No such device)

If your USB is supported this is the output you will see

4500X-SW-01#dir usb0:

Directory of usb0:/

176 -rwx 173555452 Mar 23 2015 18:59:44 +00:00 cat4500e-universalk9.SPA.03.05.03.E

You now need to copy this image from the USB to the bootflash: using the following command

copy usb0:cat4500e-universalk9.SPA.03.05.03.E.152-1.E3.bin bootflash:

This will copy the image onto the bootflash of the switch.

You now need to tell the switch to boot this image.

There are 2 options to do this – Option 1 Rename old IOS

By default the config-register of the switches will be set to 0x2101 when the appliance is shipped out.

The last octet of “1” basically tells the appliance to IGNORE the boot variable string and boot the first valid IOS
(from top to bottom) found in the bootflash.

So you can either delete the old image or rename it. I prefer to rename it.

rename bootflash:OLD_IOS_filename.bin bootflash:OLD_IOS_filename.bin

If you now reload the switch it will boot the newer image.

Option 2 – change boot variable and config-register

The second option is to create a new boot variable

In global config enter the command.

boot system flash bootflash:cat4500e-universalk9.SPA.03.05.03.E.152-1.E3.bin (or your new image name)

Just this will not do anything as with the config register set to 0X2101 it will ignore the boot variable set.

If you change the config-register to 0X2102 the switch will then reference the boot variable.

In global config

config-register 0x2102

Save the config and reload the switch.

You may need to delete any other boot variable settings

Check this with sh ver | inc boot

If there is a second one referencing the old image delete it.

Repeat this operation on the second switch and when both have booted using the new image connect up the VSS link.

Reference from http://www.rogerperkin.co.uk/ccie/switching/4500x/how-to-upgrade-ios-on-cisco-4500x-switch/

More Topics Related to Cisco 4500 Series

What’s New on Cisco Catalyst 4500 VSS?

VSS on Cisco 4500/4500X Switches

Cisco VSS Configuration: Cisco Catalyst 6500 Virtual Switching System

A Sample VSS Configuration for 2x Cisco Cat6500 with Supervisor 720

Cisco 4500 VSS Requirement-Software, Hardware and Licensing

Cisco Catalyst Switches for the Different Types of Campuses

Read more

What’s The New of Cisco Catalyst 4507R+E and 4510R+E Chassis?

July 17 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

WS-C4507R-E and WS-C4510R-E-Redundant Sups

WS-C4507R-E and WS-C4510R-E-Redundant Sups

Two new redundant chassis, the Catalyst 4507R+E and 4510R+E had been introduced to Cisco Catalyst 4500E family. What’s the new of them? WS-C4507R+E, as the name, is a new 7-slot redundant chassis. And WS-C4510R+E, is a 10-slot redundant chassis. WS-C4507R+E continues to support five line card slots and two supervisor slots, like the WS-C4507R-E chassis. Similarly, the WS-C4510R+E chassis continues to support eight line card slots and two supervisor slots, like the WS-C4510R-E chassis.

Compared to the previous WS-C4507R-E and WS-C4510R-E (they are End-of-Sale & End-of-Life), the new WS-C4507R+E and WS-C4510R+E chassis support 48 Gbps bandwidth per line card slot. Also, WS-C4503-E and WS-C4506-E are already capable of supporting 48 Gbps bandwidth per line card slot.

The Cisco Catalyst 4507R+E and 4510R+E chassis offer the following benefits:

Bandwidth capacity: The new chassis are capable of providing up to 848 Gbps switching capacity at 48 Gb per slot. This provides investment protection and the capability to meet future high-bandwidth requirements in the network.

Redundant power supplies: The Cisco Catalyst 4507R+E and 4510R+E chassis have two bays for the power supplies to help maximize system uptime.

Redundant supervisor engines: To facilitate nonstop operations, the new chassis have two dedicated slots for supervisor engines.

AC and DC power options: The new chassis support both AC and DC power supply options. For AC power, 1300 watts (W), 1400W, 2800W, 4200W, and 6000W power supplies are available. For DC power, 1400W DC power supplies are available.

Standards compliance: The Cisco Catalyst 407R+E and 4510R+E comply with Network Equipment Building Standards (NEBS).

WS-C4507R+E and WS-C4510R+E, both support Supervisor Engine 8-E, Supervisor Engine 7L-E and Supervisor Engine 7-E.

Note: Refer to your software release notes for the minimum software release versions required to support the supervisor engines.

  • Supervisor engines must be installed in slot 3 or in slot 4.
  • Supervisor engine redundancy is supported in this chassis.

Note: The Catalyst 4507R+E and 4510R+E switch supports 1+1 supervisor-engine redundancy. With the support of stateful switchover (SSO), the secondary supervisor engine serves as a backup to immediately take over after a primary supervisor failure. During the switchover, Layer 2 links are maintained transparently without the need to renegotiate sessions.

The Catalyst 4507R+E and 4510R+E switch support one or two power supplies. The following power supplies are supported:

–1000 W AC-input power supply (PWR-C45-1000AC)

–1400 W AC-input power supply (PWR-C45-1400AC)

–1300 W AC-input power supply (PWR-C45-1300ACV)

–2800 W AC-input power supply (PWR-C45-2800ACV)

–4200 W AC-input power supply (PWR-C45-4200ACV)

–6000 W AC-input power supply (PWR-C45-6000ACV)

–9000 W AC-input power supply (PWR-C45-9000ACV)

–1400 W DC-input power supply, triple-input (PWR-C45-1400DC)

–1400 W DC-input power supply with integrated PEM (PWR-C45-1400DC-P)

–External AC power shelf (WS-P4502-1PSU)

  • All Catalyst 4500 series AC-input power supplies require single-phase source AC.
  • Source AC can be out of phase between multiple power supplies or multiple AC-power plugs on the same power supply because all AC power supply inputs are isolated.
  • Single power supplies are installed in the left power supply bay. The second power supply is installed in the right power supply bay.

Note: For proper operation of the power supply OUTPUT FAIL LED, systems with single power supplies must be configured with a minimum of one fan tray and one supervisor engine. Systems with dual power supplies must have a minimum configuration of one fan tray, one supervisor engine, and one additional module. Failure to meet these minimum configuration requirements can cause a false power supply output fail signal.

…More info: Some simple questions about the New Cisco Catalyst 4500 E-Series Redundant Chassis you can read here

http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/qa_c67_610073.html

More Related Cisco 4500E Topics

Supervisor Engine 6-E vs. Supervisor Engine 7-E vs. Supervisor Engine 8-E

Cisco Catalyst 4500E Supervisor Engine 8-E Review

Power Supplies for the Cisco Catalyst 4500-E Series

Read more

Cisco TrustSec Software-Security Solution

July 13 2015 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network

Cisco TrustSec Support

Cisco TrustSec Support

Simplify Access Control without Network Redesign

What’s the Cisco TrustSec Software? What benefits will you get from this Security Solution? You should read some tips about this. Nowadays, we know that business demand for cloud services, mobility, and the Internet of Things (IoT) has created exponential network growth and complexity. It has introduced risk, too. Each new user, device, and data connection represents a potential attack entry point. So your attack surface is expanding. How to deal with these? Now you can control the situation with Cisco TrustSec. Embedded in your existing Cisco network infrastructure, the TrustSec security solution simplifies the provisioning and management of network access control. It uses software-defined segmentation to classify network traffic and enforce policies for more flexible access controls. Traffic classification is based on endpoint identity, not IP address, enabling policy change without network redesign.

TrustSec is powered by the Cisco Identity Services Engine. The centralized policy management platform gathers advanced contextual data about who and what is accessing your network. It then uses security group tags to define roles and access rights and pushes the associated policy to your TrustSec-enabled network devices, such as switches, routers, and security equipment.

You get better visibility through richer contextual information, are better able to detect threats, and accelerate remediation. So you can reduce the impact and costs associated with a potential breach.

What are the Main Benefits You can Get?

Quickly isolate and contain threats using technology already in your network.

Limit the impact of data breaches by dynamically segmenting your network.

Centrally apply and enforce granular and consistent policies across wired, wireless, and remote-access users and devices.

Reduce operational expenses by defining firewall and access control rules based on asset or application context.

Easily provide dynamic campus segmentation to enforce security policies in quickly changing environments without provisioning and maintaining access control lists.

Cater to changing workforces and business relationships by defining security groups based on business roles, not IP addresses.

How It Works

Traditional network segmentation approaches use IP-address-based access control lists (ACLs), VLAN segmentation, and firewall policies that require extensive manual maintenance. Cisco TrustSec simplifies the effort by dynamically grouping machines into objects, called security groups, and provisioning security policies between those objects.

The interaction of systems is determined by the security-group-based policies, eliminating the need for VLAN or address-based policy provisioning. TrustSec is available in virtual and physical switches and treats virtual and physical workloads across the campus and data center consistently.

“Effective network segmentation... reduces the extent to which an adversary can move across the network.”

US Department of Homeland Security

United States Computer Emergency Readiness Team

…More…http://www.cisco.com/c/en/us/solutions/enterprise-networks/trustsec/index.html

Read more