第一部分:升级ROMMON
可以通过release note去查看什么Supervisor建议什么样的版本。例如:
ROMMON Release Notes for the WS-X45-SUP7-E, WS-X45-SUP7L-E, and WS-C4500X Family of Switches Current Release: 15.0(1r)SG16—March 14, 2019 Prior Releases: 15.0(1r)SG15, 15.0(1r)SG14, 15.0(1r)SG13, 15.0(1r)SG11, 15.0(1r)SG10, 15.0(1r)SG7, 15.0(1r)SG6, 15.0(1r)SG5, 15.0(1r)SG2 This publication describes how to download the new ROMMON image from Cisco.com and then upgrade the ROMMON on the WS-X45-SUP7-E, WS-X45-Sup7L-E, WS-C4500X-32 and WS-C4500X-16 switches.来自 <https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_24829.html#pgfId-185999> 注意:在SSO模式下升级ROMMON,可能需要升级步骤:C4506#copy tftp:cat4500-promupgrade.122-31r.SG3.bin bootflash:cat4500-promupgrade.122-31r.SG3.bin然后系统会提示要求输入远程IP地址,这个远程IP地址就是TFTP服务器的IP地址ROMMON文件很小,这个版本的文件大小为445KB,基本上几秒就传完了。C4506(config)#no boot system bootflash:catXXXXXXXXXXXX.bin将原先的引导镜像去掉,然后重新引导新的rommon文件C4506(config)#boot system bootflash:cat4500-promupgrade.122-31r.SG3.bin <------引导ROMMONC4506(config)#boot system bootflash:catXXXXXXXXXXXX.bin <------引导IOS一定要先引导rommon升级文件,再引导原来的IOS文件C4506(config)#config-register 0x2102 <------0x2101是去找最老的IOS启动,0x2102是启动boot system指定的IOS将寄存器值改为自动引导write保存好配置之后reload重启的过程中,系统会自动更新rommon版本,启动好之后,可以用sh ver命令去查一下ROM的版本,ver信息中显示ROM:122-31r.SG3,就说明rommon版本已升级成功。接下来需要把rommon文件从bootflash中删除,并将其引导参数去掉。(删掉引导参数是必须的,不然重启还是会升级ROMMON,如果运行两次ROMMON升级,不知道会出现啥情况,我也不想去尝试!)C4506(config)#no boot system bootflash:cat4500-promupgrade.122-31r.SG3.binC4506#delete bootflash:cat4500-promupgrade.122-31r.SG3.bin C4506#squeeze bootflash:在bootflash中删除文件之后,空间并不会马上释放出来,需要使用squeeze命令来释放bootflash中的空间这样,rommon版本的升级就完成了在完成第二部分时,首先注意ISSU的相关限制:
Note An ISSU upgrade from any release prior to IOS XE 3.6.0E to 3.6.0E or later is unsupported for IOS XE supervisor engines (SUP7-E, SUP7L-E and SUP8-E).
……
Four scenarios will illustrate the restriction:
If you are running a release prior to IOS XE 3.6.0E (3.5.1E, for example), you cannot perform an ISSU upgrade to IOS XE 3.6.0E.
If you are running IOS XE 3.6.0E, you cannot perform an ISSU downgrade to IOS XE 3.5.0E.
If you are running IOS XE 3.6.0E, you can perform an ISSU upgrade to IOS XE 3.6.1E (when released).
If you are running a release after IOS XE 3.6.0E (for example, 3.7.0, when released), you cannot perform an ISSU downgrade to IOS XE 3.5.0E.
A permanent “ISSU barrier" exists between pre-IOS XE 3.6.0E and IOS XE 3.6.0 releases: ISSU is supported between versions on the same side of the barrier but it is not supported between versions on opposite sides.
详情可参考:
第二部分:升级IOS XE
CISCO CATALYST 4500系列零停机IOS升级过程,适用于引擎7-E,7L-E,6L-E和V-10GE冗余配置的情况。
我们应该注意,在升级Supervisor引擎时,必须重启引擎,以便系统加载新的IOS映像。对于只能接受单个Supervisor引擎的Cisco Catalyst 4503和4506系列,这意味着网络服务中断是不可避免的。Cisco Catalyst 4507R和4510R系列能够接受最多两个Supervisor引擎('R' - 冗余),因此如果安装了两个Supervisor引擎的4507R / 4510R,可以执行IOS升级保证零服务中断。如下例子是带有两个Supervisor引擎7L-E的4507R + E上进行的操作:1、升级过程步骤:使用冗余Supervisor引擎升级系统时,必须以特定方式执行升级过程,因为每个Supervisor引擎依次升级。以下是升级步骤的简要概述: • Load the new IOS image on to the Active Supervisor Engine (SE1) ----将IOS上传到Active的引擎 • Copy IOS image to Standby Supervisor Engine (SE2) ----将IOS拷贝到备份引擎 • Configure Supervisor Engines to load the new image upon reboot ----配置新的启动路径 • Set Configuration-Register variable to ensure newest image is loaded upon bootup ----配置寄存器值 • Force reload of Standby Supervisor Engine (SE2) & Switchover to Standby Supervisor Engine (SE2). This now becomes the newActive Supervisor Engine ----强制重启备引擎 & 切换到备引擎(备引擎成为主引擎) • Force reload of previously Active Supervisor Engine (SE1). ----强制重启之前的主引擎2、开始升级:2.1、将IOS上传到Active引擎4507R# copy tftp bootflash:Address or name of remote host []? 10.0.0.76Source filename []? cat4500e-universal.SPA.03.04.00.SG.151-2.SG.binDestination filename [cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin]?Accessing tftp://10.0.0.76/cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin...Loading cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin from 10.0.0.36 (via Vlan2): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!![OK - 119576292 bytes]119576292 bytes copied in 356.708 secs (335222 bytes/sec)注意新的IOS镜像被保存在bootflash:file system 如果有疑问,只需使用show file system命令,该命令将显示Catalyst交换机上的文件系统:4507R# show file systemFile Systems: Size(b) Free(b) Type Flags Prefixes* 831541248 718979072 disk rw bootflash: 141433856 139310080 rom ro crashinfo: 16915456 16660992 disk rw kinfo: - - disk rw slot0: - - disk rw usb0: - - opaque rw system: - - opaque rw tmpsys: 524284 523248 flash rw cat4000_flash: 524284 510196 nvram rw slavenvram: 820875264 708313088 flash rw slavebootflash: 524284 523248 flash rw slavecat4000_flash: - - flash rw slaveslot0: - - flash rw slaveusb0: 139940864 137817088 opaque ro slavecrashinfo: - - opaque rw slavercsf: 16915456 16660992 flash rw slavekinfo: - - opaque rw null: - - opaque ro tar: - - network rw tftp: - - opaque wo syslog: 524284 510196 nvram rw nvram: - - network rw rcp: - - network rw http: - - network rw ftp: - - opaque ro cns: - - opaque rw revrcsf:2.2、将IOS拷贝到备引擎一旦IOS上传到主引擎,必须将它copy到备引擎。我们使用命令:copy bootflash: slavebootflash:4507R# copy bootflash: slavebootflash:Source filename []? cat4500e-universal.SPA.03.04.00.SG.151-2.SG.binDestination filename [cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin]?Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC119576292 bytes copied in 99.404 secs (1202932 bytes/sec)4507R#要验证在两个Supervisor引擎bootflash系统上正确加载映像,请使用show bootflash&show slavebootflash命令:4507R# show bootflash: -#- --length-- ---------date/time--------- path 1 112337548 Feb 26 2013 08:44:27 +00:00 cat4500e-universal.SPA.03.03.00.SG.151-1.SG.bin 2 119576292 Mar 21 2013 03:07:21 +00:00 cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin557035520 bytes available (232263680 bytes used)Filesystem: bootflashMounted: Unknown4507R# show slavebootflash:-#- --length-- ---------date/time--------- path 1 112337548 Feb 26 2013 06:46:26 +00:00 cat4500e-universal.SPA.03.03.00.SG.151-1.SG.bin 2 119576292 Mar 21 2013 01:09:33 +00:00 cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin546914304 bytes available (232263680 bytes used)注意:列出的第一个IOS映像是之前的版本(03.03.00.SG.151-1.SG)。 我们需要在下一步中记住这些信息。2.3、配置新的启动路径使用命令:boot system flash bootflash:4507R(config)# boot system flash bootflash:cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin由于之前存在有启动之前镜像的命令,所以需要删除之前的命令:4507R(config)# no boot system flash bootflash:cat4500e-universal.SPA.03.03.00.SG.151-1.SG.bin接下来,需要保证配置保存到启动配置。4507R# wr memBuilding configuration...% VRF table-id 0 not activeCompressed configuration from 12839 bytes to 3791 bytes[OK]*Mar 21 01:15:28.356: %C4K_REDUNDANCY-5-CONFIGSYNC: The private-config has been successfully synchronized to the standby supervisor*Mar 21 01:15:29.098: %C4K_REDUNDANCY-5-CONFIGSYNC: The startup-config has been successfully synchronized to the standby supervisor有人可能认为%VRF table-id 0 not activeCompressed 消息在保存运行配置时不应该弹出,因为这是一个装饰性错误,可以安全地忽略。 如果在保存配置时没有报告此类消息,则表示当前运行的IOS没有此修饰性错误。另外,每次我们将配置保存到startup-config时,系统都会立即将配置更改同步到备用Supervisor。 当发生这种情况时,我们将收到一条消息,类似于上面的情况,确认同步已成功。2.4、配置寄存器值思科Supervisor默认出厂的寄存器值为 configuration register set to 0x2101.我们将关注两个特定值:0x2101和0x2102。值0x2101指示系统引导板载闪存中的第一个系统映像(bootflash)通常是flash中最老的一个镜像;0x2102的值指示系统使用BOOT环境变量中指定的映像,该变量基本上是使用boot system flash bootflash:命令中指定的映像。要在两个Supervisor引擎上查看环境变量,请使用show bootvar命令:4507R# show bootvarBOOT variable = bootflash:cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin,1;CONFIG_FILE variable does not existBOOTLDR variable does not existConfiguration register is 0x2101Standby BOOT variable = bootflash:cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin,1;Standby CONFIG_FILE variable does not existStandby BOOTLDR variable does not existStandby Configuration register is 0x2101注意,目前在系统中配置的boot system flash bootflash: 虽然选择的是新上传的镜像,但是寄存器值为0x2101,而实际的老的镜像还是在系统中的,所以会选择老的镜像cat4500e-universal.SPA.03.03.00.SG.151-1.SG.bin去加载。4507R# show bootflash: all-#- --length-- ---------date/time--------- path 1 112337548 Feb 26 2013 08:44:27 +00:00 cat4500e-universal.SPA.03.03.00.SG.151-1.SG.bin 2 119576292 Mar 21 2013 03:07:21 +00:00 cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin4507R# show slavebootflash:-#- --length-- ---------date/time--------- path 1 112337548 Feb 26 2013 06:46:26 +00:00 cat4500e-universal.SPA.03.03.00.SG.151-1.SG.bin 2 119576292 Mar 21 2013 01:09:33 +00:00 cat4500e-universal.SPA.03.04.00.SG.151-2.SG.bin为了解决这个问题,将寄存器值改为0x2102 或者删除老的镜像。这里采用该寄存器值的方式:4507R(config)# config-register 0x2102*Mar 21 01:19:55.542: %C4K_REDUNDANCY-5-CONFIGSYNC: The config-reg has been successfully synchronized to the standby supervisor4507R# wr memBuilding configuration...% VRF table-id 0 not activeCompressed configuration from 12849 bytes to 3791 bytes[OK]*Mar 21 01:20:08.352: %C4K_REDUNDANCY-5-CONFIGSYNC: The private-config has been successfully synchronized to the standby supervisor*Mar 21 01:20:09.091: %C4K_REDUNDANCY-5-CONFIGSYNC: The startup-config has been successfully synchronized to the standby supervisor2.5、强制重启备引擎并执行switchover强制重启备引擎,会使得它加载新的镜像。一旦我们确认备引擎加载了新的镜像,我们就可以执行switchover操作了。为了强制重启备引擎,我们使用命令:redundancy reload peer4507R# redundancy reload peerReload peer [confirm]4507R#*Mar 21 01:21:02.318: %RF-5-RF_RELOAD: Peer reload. Reason: Unknown Reason*Mar 21 01:21:05.314: %C4K_REDUNDANCY-3-COMMUNICATION: Communication with the peer Supervisor has been lost*Mar 21 01:21:05.327: %C4K_REDUNDANCY-3-SIMPLEX_MODE: The peer Supervisor has been lost重启整机的命令:“redundancy reload shelf”备引擎重启,将会花费一定的时间,对设备不会产生负面影响。一旦IOS在重启后加载完成,大概会有如下的提示消息:*Mar 21 01:24:54.312: %C4K_REDUNDANCY-6-DUPLEX_MODE: The peer Supervisor has been detected*Mar 21 01:25:36.066: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 4 (WS-X45-SUP7L-E S/N: CAT1714L4T4 Hw: 1.1) is online*Mar 21 01:25:36.094: %C4K_REDUNDANCY-6-MODE: ACTIVE supervisor initializing for sso mode*Mar 21 01:25:36.344: %C4K_REDUNDANCY-3-COMMUNICATION: Communication with the peer Supervisor has been established*Mar 21 01:25:37.098: %C4K_REDUNDANCY-6-MODE: ACTIVE supervisor initializing for sso mode以上消息表明备用Supervisor引擎已成功完成重新引导,并与活动的Supervisor引擎完全同步。 系统显示刚刚与活动Supervisor引擎建立通信的Supervisor引擎的产品ID(WS-X45-SUP7L-E),序列号和硬件版本。要验证备用Supervisor引擎是否正在运行我们刚加载的最新且最好的IOS映像,请使用show module命令:4507R# show module Chassis Type : WS-C4507R+EPower consumed by backplane : 40 WattsMod Ports Card Type Model Serial No.---+-----+--------------------------------------+------------------+----------- 1 48 10/100/1000BaseT Premium POE E Series WS-X4748-RJ45V+E CAT1754L4C7 2 48 10/100/1000BaseT Premium POE E Series WS-X4648-RJ45V+E JAE171515SY 3 6 Sup 7L-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7L-E CAT1712L2X5 4 6 Sup 7L-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7L-E CAT1714L4T4 5 48 10/100/1000BaseT Premium POE E Series WS-X4648-RJ45V+E JAE170525D3 M MAC addresses Hw Fw Sw Status--+--------------------------------+---+------------+----------------+--------- 1 4c4e.352e.a2cc to 4c4e.352e.a2fb 1.3 Ok 2 0006.f6e9.7520 to 0006.f6e9.754f 3.1 Ok 3 0006.f620.2e80 to 0006.f620.2e85 1.1 15.0(1r)SG3 03.03.00.SG Ok 4 0006.f620.2e86 to 0006.f620.2e8b 1.1 15.0(1r)SG3 03.04.00.SG Ok 5 0006.f673.51d4 to 0006.f673.5203 3.1 Ok Mod Redundancy role Operating mode Redundancy status----+-------------------+-------------------+---------------------------------- 3 Active Supervisor SSO Active 4 Standby Supervisor SSO Standby hot show module命令提供大量信息,包括所有安装的线卡,Supervisor引擎模型,IOS软件版本,序列号,操作状态和冗余模式(默认为SSO)。我们标粗了我们的备用Supervisor引擎,它恰好位于4号插槽中。 请注意系统为两个Supervisor引擎报告的软件映像。 我们当前的主Supervisor引擎运行版本03.03.00.SG,而我们的备用Supervisor引擎运行版本03.04.00.SG(新的IOS加载)!我们现在已经确认备用Supervisor引擎已经加载了新的IOS并且完全正常运行:2.6、强制重启之前的主引擎在最后的步骤中,我们需要强制重启主引擎,以便它可以加载新的镜像。在switchover期间,我们不能看到LEDs亮起来,而是疯狂的闪烁。SUP ACTIVE LED将从当前主引擎关闭并且在当前的备引擎开启,这表示备引擎成为新的主引擎。为了实现引擎switchover,使用命令:redundancy force-switchover4507R# redundancy force-switchoverThis will reload the active unit and force switchover to standby[confirm]Preparing for switchover..*Mar 21 01:27:57.007: %SYS-5-SWITCHOVER: Switchover requested by Virtual Exec. Reason: Stateful Switchover.一旦敲了上面的命令,我们将会从Cat4507R上断开Telnet,这是预期行为,不用担心。除了切换我们的telnet会话之外,用户不会注意到任何服务中断 - 无论切换期间的网络负载如何,切换都将完全透明。要重新连接到交换机,只需telnet回到相同的IP地址即可。 如果通过console线连接,则需要将其连接到新的主Supervisor引擎,以便继续控制交换机。想要通过telnet或直接console线连接(到新的活动引擎)监控Supervisor引擎的重新加载进度的我们可以使用show module命令。 通过输入命令,我们将看到4507R在插槽3中识别出Supervisor引擎(即正在重新加载的SE1),但是,进一步下来我们将看到没有提供有关引擎的MAC地址或IOS软件的信息,因为它 还没有完全启动到新的IOS。 此外,第一个引擎的冗余状态为Disabled - 预期结果,因为Supervisor引擎(SE1)尚未启动。4507R# show moduleChassis Type : WS-C4507R+EPower consumed by backplane : 40 WattsMod Ports Card Type Model Serial No.---+-----+--------------------------------------+------------------+----------- 1 48 10/100/1000BaseT Premium POE E Series WS-X4748-RJ45V+E CAT1754L4C7 2 48 10/100/1000BaseT Premium POE E Series WS-X4648-RJ45V+E JAE171515SY 3 Supervisor 4 6 Sup 7L-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7L-E CAT1714L4T4 5 48 10/100/1000BaseT Premium POE E Series WS-X4648-RJ45V+E JAE170525D3 M MAC addresses Hw Fw Sw Status--+--------------------------------+---+------------+----------------+--------- 1 4c4e.352e.a2cc to 4c4e.352e.a2fb 1.3 Ok 2 0006.f6e9.7520 to 0006.f6e9.754f 3.1 Ok 3 Unknown Unknown Unknown Other 4 0006.f620.2e86 to 0006.f620.2e8b 1.1 15.0(1r)SG3 03.04.00.SG Ok 5 0006.f673.51d4 to 0006.f673.5203 3.1 Ok Mod Redundancy role Operating mode Redundancy status----+-------------------+-------------------+---------------------------------- 3 Standby Supervisor SSO Disabled 4 Active Supervisor SSO Active 此时,我们可以继续发出show module命令并监视输出变化。 在某些时候,系统将显示加载了新IOS的Supervisor引擎(SE1),但是,冗余状态将经历以下阶段,直到它准备就绪(standby hot): Standby Supervisor Redundancy Status Cycle: 1. Disabled 2. In progress to Standby cold 3. Standby cold 4. In progress to Issu negotiation la 5. In progress to Standby config 6. In progress to Standby bulk 7. Standby hot当Supervisor引擎达到“standby hot”状态时,它就可以在活动的Supervisor引擎发生故障时接管工作了。以下是加载Supervisor引擎IOS并与活动Supervisor引擎完全同步时的预期输出:4507R# show moduleChassis Type : WS-C4507R+EPower consumed by backplane : 40 WattsMod Ports Card Type Model Serial No.---+-----+--------------------------------------+------------------+----------- 1 48 10/100/1000BaseT Premium POE E Series WS-X4748-RJ45V+E CAT1754L4C7 2 48 10/100/1000BaseT Premium POE E Series WS-X4648-RJ45V+E JAE171515SY 3 6 Sup 7L-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7L-E CAT1712L2X5 4 6 Sup 7L-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7L-E CAT1714L4T4 5 48 10/100/1000BaseT Premium POE E Series WS-X4648-RJ45V+E JAE170525D3 M MAC addresses Hw Fw Sw Status--+--------------------------------+---+------------+----------------+--------- 1 4c4e.352e.a2cc to 4c4e.352e.a2fb 1.3 Ok 2 0006.f6e9.7520 to 0006.f6e9.754f 3.1 Ok 3 0006.f620.2e80 to 0006.f620.2e85 1.1 15.0(1r)SG3 03.04.00.SG Ok 4 0006.f620.2e86 to 0006.f620.2e8b 1.1 15.0(1r)SG3 03.04.00.SG Ok 5 0006.f673.51d4 to 0006.f673.5203 3.1 Ok Mod Redundancy role Operating mode Redundancy status----+-------------------+-------------------+---------------------------------- 3 Standby Supervisor SSO Standby hot 4 Active Supervisor SSO Active