Upgrading the IOS (Internetwork Operating System) image on your Cisco Catalyst switches is an essential part of network maintenance.
Whether your switch operates in Layer 2 or 3, the IOS software handles all network protocols and delivers the necessary features you need for your network.
Therefore, keeping your IOS software up to date ensures that your network is continually protected from the latest security threats and equipped with the latest features.
Why do we need to upgrade the IOS image in the Cisco catalyst switch?
There are a few main reasons to upgrade the IOS image on Cisco Catalyst switches:
- To get new features: Cisco regularly releases new versions of IOS that contain bug fixes, security updates, and new features. Upgrading allows you to take advantage of the latest capabilities.
- For bug fixes: Older IOS versions may have known bugs that are fixed in newer releases. Upgrading can resolve any issues you may be experiencing.
- For security updates: Cisco issues security advisories for vulnerabilities in IOS and releases patched versions. Upgrading closes security holes that could be exploited.
- To maintain support: Cisco only provides full support and maintenance releases for recent IOS versions. Old images may reach end-of-life status where bugs are no longer fixed.
- For new hardware support: Some new Cisco switch hardware requires a minimum IOS version to function properly. An IOS upgrade allows new switches to work optimally.
- For new protocol support: Cisco sometimes introduces support for new protocols and standards in newer IOS releases. An upgrade may be needed to enable newer technologies.
- For new features: To utilize new features like StackWise, VoIP, or NBAR, a firmware upgrade is required to enable the latest capabilities.
Before starting the upgrade process, it’s crucial to determine the current IOS version that your switch is running. You can do this by logging into your switch and executing the show version command. This command displays detailed information about the currently running IOS software.
Next, you need to obtain the new IOS image. Cisco provides these images on its official website. Ensure that you download the correct image that matches your specific switch model and supports all the necessary features.
How to check IOS image is correct or not?
To verify if the IOS image is correct or not, you can follow these steps:
- Check the MD5 Hash: After downloading the IOS image from the Cisco website, you can calculate the MD5 hash of the downloaded file and compare it with the MD5 hash provided by Cisco. This ensures that the file has not been tampered with and that it was downloaded correctly without any errors. You can use tools like
certUtilon Windows ormd5on macOS and Linux to calculate the MD5 hash. - Verify IOS Image Details: After copying the IOS image to your switch, you can use the
show flash:command to list all files in the flash memory of your switch. This will show you the details of the IOS image file, including its name and size. Make sure that these details match with what’s expected for your downloaded IOS image. - Check Boot Variable: After setting the boot variable to boot from the new IOS image, you can use the
show bootcommand to verify that your switch is set to boot from the correct IOS image. - Test in a Controlled Environment: If possible, it’s always a good idea to test the new IOS image in a controlled environment before deploying it to your production network. This allows you to verify that the new IOS image works correctly with your switch model and network configuration.
How to upgrade the IOS image in catalyst switch layer 2 and layer 3?
Upgrading a Single Switch
Here’s a general guide on how to upgrade the IOS image in Catalyst switches, both Layer 2 and Layer 3.
Please note that the exact steps may vary depending on the specific model of your switch.
Step 1: Verify the Current IOS Version
First, you need to check the current IOS version of your switch. You can do this by logging into your switch and using the show version command.
Step 2: Obtain the New IOS Image
Next, you need to obtain the new IOS image. You can download this from the official Cisco website. Make sure to choose the correct image for your specific switch model and that it supports the features you need.
Step 3: Copy the IOS Image to the Switch
After downloading the new IOS image, you need to copy it to your switch. You can do this using TFTP or SCP. Here’s an example command for copying via TFTP:
copy tftp: flash:
You will be prompted to enter the IP address of your TFTP server and the name of the IOS image file.
Step 4: Update the Boot System Configuration
Once the new IOS image is on your switch, you need to update your boot system configuration so that your switch knows to boot from the new image. You can do this with the following commands:
conf t
boot system flash:/<IOS_image_filename>
exit
Replace <IOS_image_filename> with the name of your new IOS image file.
Step 5: Save Changes and Reboot
Finally, save your changes and reboot your switch with these commands:
write memory
reload
After your switch reboots, you can verify that it is using the new IOS image with the show version command again.
What if the switch is in a stack of 4 then how to upgrade?
Upgrading a Stack of Switches
Upgrading the IOS image on a stack of Cisco Catalyst switches involves a similar process to upgrading a single switch but with a few additional steps. Here’s a general guide:
Step 1: Verify the Current IOS Version
First, check the current IOS version of your switch stack. You can do this by logging into your switch and using the show version command.
Step 2: Obtain the New IOS Image
Next, obtain the new IOS image from the official Cisco website. Make sure to choose the correct image for your specific switch model and that it supports the features you need.
Step 3: Copy the IOS Image to the Master Switch
After downloading the new IOS image, copy it to your master switch using TFTP or SCP. Here’s an example command for copying via TFTP:
copy tftp: flash:
You will be prompted to enter the IP address of your TFTP server and the name of the IOS image file.
Step 4: Update the Boot System Configuration
Once the new IOS image is on your master switch, update your boot system configuration so that your switch knows to boot from the new image. You can do this with the following commands:
conf t
boot system flash:/<IOS_image_filename>
exit
Replace <IOS_image_filename> with the name of your new IOS image file.
Step 5: Copy the IOS Image to Other Switches in the Stack
Next, copy the new IOS image from your master switch to all other switches in your stack. You can do this with the following command:
archive copy-sw /destination-system <switch_number> flash:/<IOS_image_filename>
Replace <switch_number> with the number of each switch in your stack and <IOS_image_filename> with the name of your new IOS image file.
Step 6: Save Changes and Reboot
Finally, save your changes and reboot your switch stack with these commands:
write memory
reload
After your switch stack reboots, you can verify that it is using the new IOS image with the show version command again.
What if the switch is in VSS (virtual stack) active standby how to upgrade?
Upgrading a Virtual Switching System (VSS)
Upgrading the IOS image on a Virtual Switching System (VSS) involves a similar process to upgrading a single switch but with a few additional steps. Here’s a general guide:
Step 1: Verify the Current IOS Version
First, check the current IOS version of your VSS. You can do this by logging into your switch and using the show version command.
Step 2: Obtain the New IOS Image
Next, obtain the new IOS image from the official Cisco website. Make sure to choose the correct image for your specific switch model and that it supports the features you need.
Step 3: Copy the IOS Image to the Active Switch
After downloading the new IOS image, copy it to your active switch using TFTP or SCP. Here’s an example command for copying via TFTP:
copy tftp: bootflash:
You will be prompted to enter the IP address of your TFTP server and the name of the IOS image file.
Step 4: Update the Boot System Configuration
Once the new IOS image is on your active switch, update your boot system configuration so that your switch knows to boot from the new image. You can do this with the following commands:
conf t
boot system flash bootflash:<IOS_image_filename>
exit
Replace <IOS_image_filename> with the name of your new IOS image file.
Step 5: Save Changes and Reboot
Finally, save your changes and reboot your VSS with these commands:
write memory
reload
After your VSS reboots, you can verify that it is using the new IOS image with the show version command again.
Remember, always make sure to have a backup of your switch configuration before making any changes. Also, it’s recommended to perform these steps during a maintenance window as your switches will be unavailable during the reboot.
In a VSS setup, both switches should be running the same IOS version. The upgrade process should be non-disruptive if done correctly, as one switch can remain active while the other is being upgraded.
How can we upgrade the IOS image without downtime?
Can we do it without downtime?
Yes, it is possible to upgrade the IOS image on a Virtual Switching System (VSS) without downtime by using the In-Service Software Upgrade (ISSU) feature. This feature allows you to upgrade the IOS image while the system continues to forward traffic.
Here’s a general guide:
Step 1: Verify ISSU Support
First, check if your current and new IOS versions support ISSU. You can do this by checking the release notes on the Cisco website.
Step 2: Obtain the New IOS Image
Next, obtain the new IOS image from the official Cisco website. Make sure to choose the correct image for your specific switch model and that it supports ISSU.
Step 3: Copy the IOS Image to Both Switches
After downloading the new IOS image, copy it to both your active and standby switches using TFTP or SCP. Here’s an example command for copying via TFTP:
copy tftp: bootflash:
You will be prompted to enter the IP address of your TFTP server and the name of the IOS image file.
Step 4: Prepare for ISSU
Prepare your VSS for ISSU with the following command:
issu loadversion rp active bootflash:<IOS_image_filename> standby bootflash:<IOS_image_filename>
Replace <IOS_image_filename> with the name of your new IOS image file.
Step 5: Run ISSU
Run ISSU with this command:
issu runversion
This will start the upgrade process. The standby switch will be upgraded first, and then it will take over as the active switch while the original active switch is upgraded.
Step 6: Verify Upgrade
After ISSU completes, verify that both switches are running the new IOS version with the show version command.
Remember, always make sure to have a backup of your switch configuration before making any changes. Also, it’s recommended to perform these steps during a maintenance window as a precaution, even though traffic should continue to be forwarded during the upgrade.