Cisco CatOS - NonaSuomy/PuRe GitHub Wiki
Category:Cisco == CatOS Commands ==
== Setup Password ==
=== Console Password Change ===
This is an example of how to set the login password on the switch:
Console> (enable) set password Enter old password: (old_password) Enter new password: (new_password) Retype new password: (new_password) Password changed. Console> (enable)
This is an example of how to set the enable password on the switch:
Console> (enable) set enablepass Enter old password: (old_password) Enter new password: (new_password) Retype new password: (new_password) Password changed. Console> (enable)
== Setup SSH V1 ==
=== Configure SSH Crypto Keys ===
!--- Generate and verify RSA key.
sec-cat6000> (enable) set crypto key rsa 1024 Generating RSA keys..... [OK] sec-cat6000> (enable) ssh_key_process: host/server key size: 1024/768
!--- Display the RSA key.
sec-cat6000> (enable) show crypto key RSA keys were generated at: Mon Jul 23 2001, 15:03:30 1024 65537 1514414695360 577332853671704785709850606634768746869716963940352440620678575338701550888525 699691478330537840066956987610207810959498648179965330018010844785863472773067 697185256418386243001881008830561241137381692820078674376058275573133448529332 1996682019301329470978268059063378215479385405498193061651
!--- Restrict which host/subnets are allowed to use SSH to the switch. !--- Note: If you do not do this, the switch will display the message !--- "WARNING!! IP permit list has no entries!"
sec-cat6000> set ip permit 172.18.124.0 255.255.255.0 172.18.124.0 with mask 255.255.255.0 added to IP permit list.
!--- Turn on SSH.
sec-cat6000> (enable) set ip permit enable ssh SSH permit list enabled.
!--- Verity SSH permit list.
sec-cat6000> (enable) show ip permit Telnet permit list disabled. Ssh permit list enabled. Snmp permit list disabled. Permit List Mask Access-Type
172.18.124.0 255.255.255.0 telnet ssh snmp
Denied IP Address Last Accessed Time Type
=== Disabling SSH ===
In some situations it may be neccessary to disable SSH on the switch. You must verify whether SSH is configured on the switch and if so, disable it.
To verify if SSH has been configured on the switch, issue the show crypto key command. If the output displays the RSA key, then SSH has been configured and enabled on the switch. An example is shown here.
sec-cat6000> (enable) show crypto key RSA keys were generated at: Mon Jul 23 2001, 15:03:30 1024 65537 1514414695360 577332853671704785709850606634768746869716963940352440620678575338701550888525 699691478330537840066956987610207810959498648179965330018010844785863472773067 697185256418386243001881008830561241137381692820078674376058275573133448529332 1996682019301329470978268059063378215479385405498193061651
=== Remove Crypto Key ===
To remove the crypto key, issue the clear crypto key rsa command to disable SSH on the switch. An example is shown here.
sec-cat6000> (enable) clear crypto key rsa Do you really want to clear RSA keys (y/n) [n]? y RSA keys has been cleared. sec-cat6000> (enable)
=== Linux SSH Connection ===
SSH for CatOS requires V1 SSH so you have to connect like this.
SSH -v 1 10.13.37.15
== Flash Firmware ==
[http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_example09186a00801461ef.shtml CatOS Upgrade]
Introduction
This document explains the step-by-step procedure to upgrade the software image on Catalyst 4500/4000 series switches that run CatOS on Supervisor I and II modules, Cisco IOS® on 4232-L3 module, and Cisco IOS on Supervisor III, IV, and V modules. The software image upgrade is necessary for these reasons:
Implement new features in your network which are available in new software releases.
Install a new line card that is not supported by the current software version you run on the switch.
Fix a known bug that affects your switch if the bug is resolved in the future software release.
Prerequisites
Requirements
Ensure that you meet these requirements before you attempt this configuration:
Verify memory and boot ROM requirements.
Download the valid software image.
Install the TFTP server on your PC.
Back up the current switch configuration and software image.
For more information on these requirements, see the Background Information section of this document.
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
Background Information
This section describes the items in the Requirements section.
Verify Memory and Boot ROM Requirement
Verify the minimum amount of DRAM, Flash memory, and the boot ROM version necessary for the new software release. Check whether your switch supports these requirements. You can use the release notes to verify the requirements for the new software image. Refer to Release Notes for Catalyst 4500/4000 Series Switches.
The show version command displays the boot ROM version, DRAM installed, and the bootflash size on your switch.
Here is the output of the show version command on Catalyst 4500/4000 that runs CatOS:
4006> (enable) show version
WS-C4006 Software, Version NmpSW: 7.2(2)
Copyright (c) 1995-2002 by Cisco Systems, Inc.
NMP S/W compiled on Apr 25 2002, 15:07:51
GSP S/W compiled on Apr 25 2002, 14:51:18
System Bootstrap Version: 5.4(1)
!--- This is the boot ROM version that runs on your switch.
Hardware Version: 1.2 Model: WS-C4006 Serial #: FOX04243254
Mod Port Model Serial # Versions
--- ---- ------------------ -------------------- ---------------------------------
1 2 WS-X4013 JAB043300MG Hw : 1.2
Gsp: 7.2(2.0)
Nmp: 7.2(2)
2 48 WS-X4148-RJ45V JAE0621004J Hw : 1.6
3 34 WS-X4232-L3 JAB054306MQ Hw : 1.7
DRAM FLASH NVRAM
Module Total Used Free Total Used Free Total Used Free
------ ------- ------- ------- ------- ------- ------- ----- ----- -----
1 65536K 39209K 26327K 16384K 5507K 10877K 480K 327K 153K
!--- The amount of DRAM and Flash size on the switch.
Uptime is 0 day, 4 hours, 18 minutes
4006> (enable
Here is the output of the show version command on Catalyst 4500/4000 that runs integrated Cisco IOS:
c-4000#show version
Cisco Internetwork Operating System Software
IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version 12.1(12c)EW1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Oct-02 23:05 by eaarmas
Image text-base: 0x00000000, data-base: 0x00CA7368
!--- This is the boot ROM version that runs on your switch.
ROM: 12.1(11br)EW
Dagobah Revision 50, Swamp Revision 16
c-4000 uptime is 1 week, 2 days, 1 hour, 38 minutes
System returned to ROM by reload
System image file is "bootflash:cat4000-is-mz.121-12c.EW1.bin"
!--- The DRAM on the Supervisor module.
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
80 FastEthernet/IEEE 802.3 interface(s)
52 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of non-volatile configuration memory.
Configuration register is 0x2102
c-4000#
Download Software Image
Download the software image on to the PC that acts as the TFTP server prior to the actual image upgrade. Download the CatOS or integrated Cisco IOS software image from the Catalyst 4000 Software Download Center (registered customers only) .
Install TFTP Server on Your PC
For sample output in this document, the Cisco TFTP server is installed on a PC with Microsoft Windows 2000 Professional. You can use any TFTP server that can be installed on any platform. You do not need to use a PC with a Windows OS.
179-a.gif
Step 1: Download and install any shareware TFTP software from the Internet on the PC that you use to copy the software image to the switch. Download the software image to the TFTP server root directory. You can download the images to the default root directory of the TFTP server or change the root directory path to the directory in which the software image resides. For the Cisco TFTP server, select View Menu > Options to change the root directory.
Note: This document was written when the Cisco TFTP server was available for download through the Software Center. Cisco no longer supports the Cisco TFTP server. If you use the Cisco TFTP server, disable the log function to prevent excessive log generation, which can disrupt the TFTP process. Select View Menu > Options to disable logs on the Cisco TFTP server. Alternatively, deselect Enable Logging, and click Ok. By default, logging is enabled.
Step 2: Connect a console cable between the switch console port and the PC to access the switch Command Line Interface (CLI). Refer to Connecting a Terminal to the Console Port on Catalyst Switches for information on how to access the CLI through HyperTerminal.
Note: You can use remote Telnet access to upgrade the switch. However, you lose Telnet connectivity when the switch reloads during the software upgrade. You can re-establish the Telnet after the new image loads. However, to troubleshoot in case of failure, you need to have local console access. Cisco recommends a switch upgrade through the console access.
Backup Configuration and Software Image
Perform a backup of the switch configuration and the current software image to the PC that runs the TFTP server. Sometimes, your upgrade procedure can fail due to these reasons:
Insufficient memory
Insufficient space on the bootflash of the switch to support the new image
You can recover the switch to normal mode with the same image that was present in the switch. If you lose the switch configuration for any reason, you can restore the configuration from the TFTP server. Also, see the Known Issue: CatOS Switch Configuration Lost Due to Software Downgrade section of this document for more information. Refer to Managing Software Images and Working with Configuration Files on Catalyst Switches for information on how to manage the configuration files and software images on Catalyst 4000 switches that run CatOS.
On Catalyst 4500/4000 switches that run integrated Cisco IOS, you can issue the copy startup-config tftp: or copy startup-config bootflash: command to copy the configuration to the TFTP server or bootflash. If you have modified your configuration, make sure to issue the write memory command to copy the current configuration to startup configuration and perform the backup. You can issue the copy bootflash: tftp: or copy slot0: tftp: commands to copy the current software images from bootflash or slot0 to the TFTP server.
Configure
In this section, you are presented with the information to configure the features described in this document.
Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.
CatOS on Supervisor I and II Modules
The Catalyst 4003 (Supervisor I) and 4006 (Supervisor II) switches that run CatOS do not support the PCMCIA Flash card. You only have the option to copy the new software image from the TFTP server into the switch bootflash.
Step 1: Ensure that you verify the memory or bootROM requirements, and be ready with the TFTP server on your PC, and access the switch console from the switch console port. If you are not ready with this setup, see the Requirements section of this document.
Step 2: Configure the management IP address (sc0). Check the connectivity between the switch and the PC on which the TFTP server is installed. In this sample scenario, use the 10.10.10.1 IP address for switch management and the 10.10.10.2 IP address for the TFTP server.
!--- The management (sc0) IP address is configured on the switch.
Cat4006> (enable) set interface sc0 1 10.10.10.1 255.255.255.0
Interface sc0 vlan set, IP address and netmask set.
!--- Verify the management (sc0) IP address.
Cat4006> (enable) show interface
sl0: flags=50
slip 0.0.0.0 dest 0.0.0.0
!--- Set the sc0 in VLAN1 and the switch port that connects to the PC is in VLAN1.
sc0: flags=63
vlan 1 inet 10.10.10.1 netmask 255.255.255.0 broadcast 10.10.10.255
me1: flags=63
inet 1.1.1.1 netmask 255.255.255.0 broadcast 1.1.1.255
!--- Verify the IP connectivity between the switch and PC with the TFTP server.
Cat4006> (enable) ping 10.10.10.2
!!!!!
----10.10.10.2 PING Statistics----
5 packets transmitted, 5 packets received, 0% packet loss
round-trip (ms) min/avg/max = 1/3/7
Cat4006> (enable
Step 3: Verify whether you have enough space available in the bootflash to copy the new image from the TFTP server into the bootflash. You can check the size of the new image on the PC to which the image is downloaded.
Cat4006> (enable) dir bootflash:
-#- -length- -----date/time------ name
1 36688 Mar 20 2003 17:07:39 switch.cfg
2 4127708 Jul 12 2003 10:59:39 cat4000.6-3-8.bin
11563988 bytes available (4164652 bytes used)
Cat4006> (enable)
!--- You have now verified that the new image size is around 4.5 MB.
!--- The space available on bootflash is around 11.5 MB, which is sufficient.
In case there is not enough free space to copy the new image, delete the current image with the delete command. Issue the squeeze command to permanently erase files tagged as "deleted" to make more space available for the new image.
Switch>(enable) delete bootflash: [cat4000.6-3-8.bin]?
Delete bootflash:cat4000.6-3-8.bin?[confirm]
Switch>(enable)squeeze bootflash:
All deleted files will be removed, proceed (y/n) [n]? y
Squeeze operation may take a while, proceed (y/n) [n]? y
Erasing squeeze log
Squeeze of bootflash complete.
Step 4: Copy the new software image into the bootflash from the TFTP Server and verify whether the image is properly copied. Confirm that the file size of the new image is an exact match with the size that the Software Center on Cisco.com (registered customers only) mentions. If you find a difference, the image probably became corrupt during transfer. Download the image again in order to ensure that the switch does not go into ROMmon mode after reload.
Cat4006> (enable) copy tftp bootflash:
IP address or name of remote host []? 10.10.10.2
Name of file to copy from []? cat4000-k8.7-4-1.bin
11563860 bytes available on device bootflash, proceed (y/n) [n]? y
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCC
File has been copied successfully.
Cat4006> (enable)
Cat4006> (enable) dir bootflash:
-#- -length- -----date/time------ name
1 36688 Mar 20 2003 17:07:39 switch.cfg
2 4127708 Jul 12 2003 10:59:39 cat4000.6-3-8.bin
3 4470132 Jul 31 2003 17:58:48 cat4000-k8.7-4-1.bin
7093728 bytes available (8634912 bytes used)
Cat4006> (enable)
You can also confirm the checksum of the file on the Flash device with the verify command:
Cat4006>(enable) verify bootflash:cat4000-k8.7-4-1.bin
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
Starting verification on file bootflash:cat4000-k8.7-4-1.bin
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
...................................................
File bootflash:cat4000-k8.7-4-1.bin verified and is Ok.
Cat4006>(enable)
Step 5: Clear the old boot variable so that switch does not boot with an old image even if the image is available in bootflash. Configure the new boot variable so that the switch boots with the new software image after the reset.
Cat4006> (enable) show boot
!--- Previously, the switch used this image to boot.
BOOT variable = bootflash:cat4000.6-3-8.bin,1;
CONFIG_FILE variable =
Configuration register is 0x2102
ignore-config: disabled
auto-config: non-recurring
console baud: 9600
boot: image specified by the boot system commands
!--- Old boot variable is clear. Also, you can issue the
!--- clear boot system all command to clear all the boot variables.
Cat4006> (enable)clear boot system flash bootflash:cat4000.6-3-8.bin
BOOT variable =
!--- New boot variable is configured.
Cat4006> (enable) set boot system flash bootflash:cat4000-k8.7-4-1.bin
BOOT variable = bootflash:cat4000-k8.7-4-1.bin,1;
!--- If you do not want to clear the old boot variable, use the
!--- keyword prepend with the set boot system flash command
!--- so that the new boot variable is set at first priority. For example, issue
!--- the set boot system flash bootflash:cat4000-k8.7-4-1.bin prepend
!--- command for this example.
Cat4006> (enable) show boot
BOOT variable = bootflash:cat4000-k8.7-4-1.bin,1;
CONFIG_FILE variable =
!--- Make sure that the config-register is set to 0x2102 so that the switch
!--- uses the valid software image to boot. You can change the
!--- config-register with the set boot config-register 0x2102
!--- command. If the boot variable is not specified correctly, your switch can
!--- go into ROMmon mode after the reload.
Configuration register is 0x2102
ignore-config: disabled
auto-config: non-recurring
console baud: 9600
boot: image specified by the boot system commands
Cat4006> (enable)
Step 6: Reset the switch so that during reload the switch boots with the new software image.
Cat4006> (enable) reset
This command will reset the system.
Do you want to continue (y/n) [n]? y
2003 Jul 31 18:05:10 %SYS-5-SYS_RESET:System reset from Console//
Cat4006> (enable) 0:00.586648: No gateway has been specified
0:00.588434: ig0: 00:02:b9:80:85:fe is 200.200.201.1
0:00.589044: netmask: 255.255.255.0
0:00.589385: broadcast: 200.200.201.255
0:00.589754: gateway: 0.0.0.0
WS-X4013 bootrom version 6.1(4), built on 2001.07.30 14:43:26
H/W Revisions: Crumb: 5 Rancor: 8 Board: 2
Supervisor MAC addresses: 00:02:b9:80:82:00
through 00:02:b9:80:85:ff (1024 addresses)
Installed memory: 64 MB
Testing LEDs.... done!
The system will autoboot in 5 seconds.
Type control-C to prevent autobooting.
rommon 1 >
The system will now begin autobooting.
!--- The switch now boots with the new image.
Autobooting image: "bootflash:cat4000-k8.7-4-1.bin"
...................................................................
........................................................
.............################################
Starting Off-line Diagnostics
Mapping in TempFs
Board type is WS-X4013
DiagBootMode value is "post"
Loading diagnostics...
Enter password: 2003 Jul 31 18:06:19 %SYS-5-MOD_OK:Module 1 is online
Cat4006>
Step 7: Verify whether the new software version is on the switch.
Cat4006> (enable) show version
WS-C4006 Software, Version NmpSW: 7.4(1)
!--- The switch is running CatOS version 7.4(1).
Copyright (c) 1995-2002 by Cisco Systems, Inc.
NMP S/W compiled on Sep 20 2002, 11:46:26
GSP S/W compiled on Sep 20 2002, 11:24:50
System Bootstrap Version: 6.1(4)
Hardware Version: 1.2 Model: WS-C4006 Serial #: FOX04183883
Mod Port Model Serial # Versions
--- ---- ------------------ -------------------- ---------------------------------
1 2 WS-X4013 JAB04300631 Hw : 1.2
Gsp: 7.4(1.0)
Nmp: 7.4(1)
4 34 WS-X4232-GB-RJ JAB041404EL Hw : 2.3
5 48 WS-X4148-RJ21 JAB03450310 Hw : 0.2
DRAM FLASH NVRAM
Module Total Used Free Total Used Free Total Used Free
------ ------- ------- ------- ------- ------- ------- ----- ----- -----
1 65536K 39227K 26309K 16384K 9457K 6927K 480K 327K 153K
Uptime is 0 day, 0 hour, 0 minute
Cat4006> (enable)
If the switch fails to load or remains in rommon> mode, see the Software Upgrade Failed / Switch is in ROMmon section of this document for further assistance.
Cisco IOS 4232-L3 Module
Refer to How to Upgrade Software Images on Catalyst Switch Layer 3 Modules for a step-by-step procedure to upgrade the software on 4232-L3 modules:
Cisco IOS on Supervisor III, IV, and V Modules
Refer to the Upgrading the System Software section of Release Notes for the Catalyst 4000 Family Switch Cisco IOS for a step-by-step procedure to upgrade the integrated Cisco IOS on Catalyst 4500/4000 Supervisor III and IV modules.
Upgrade the Software Images on Redundant Supervisor Modules Without a System Reload
The Cisco Catalyst 4500 series switches allow a standby supervisor engine to take over the function if the primary supervisor engine fails. This way, the Cisco Catalyst 4500 series switches allow the switch to resume operation quickly in the event of a supervisor engine failure. This capability is known as supervisor engine redundancy. The software upgrade procedure, which the supervisor engine redundancy feature supports, allows you to upgrade the Cisco IOS software image on the supervisor engines without a need to reload the system.
Complete these steps in order to upgrade the software:
Copy the new Cisco IOS software image to bootflash or slot0 on both supervisor engines with these commands:
On the active supervisor:
copy source_device:source _filename slot0:target_filename
copy source_device:source_filename bootflash:target_filename
On the standby supervisor:
copy source_device:source_filename slaveslot0:target_filename
copy source_device:source_filename slavebootflash:target_filename
Configure the supervisor engines to boot the new image. Use these commands:
Switch#configure terminal
Switch(config)#config-register 0x2
Switch(config)#boot system flash device:file_name
Synchronize the supervisor engine configurations:
Switch(config)#redundancy
Switch(config-red)#main-cpu
Swicth(config-r-mc)#auto-syn standard
Issue the copy running-config start-config command to save the configuration.
Issue the redundancy reload peer command to reload the standby supervisor engine and bring the engine back online (with the new version of Cisco IOS software).
Note: Before you reload the standby supervisor engine, make sure you wait long enough so that all configuration synchronization changes are complete.
Conduct a manual switchover to the standby supervisor engine with the redundancy force-switchover command.
The standby supervisor engine becomes the active supervisor engine that runs the new Cisco IOS software image. The modules reload, and the module software downloads from the active supervisor engine. The originally active supervisor engine reboots with the new image and becomes the standby supervisor engine.
Verify
Use this section to confirm that your configuration works properly.
The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.
show version—Verifies whether the new switch runs the new software version.
Troubleshoot
This section provides information you can use to troubleshoot your configuration.
Software Upgrade Failed / Switch is in ROMmon
Your software upgrade can fail due to these reasons:
IP connectivity problems between the switch and TFTP server
Incorrectly set boot variables
Power failure during the copy operation of the software image to the switch
As a result, the switch can go into ROMmon mode. If your switch is in ROMmon and you do not have a valid image present on the bootflash or compact Flash (only on Supervisor III and IV), you can recover your switch to normal mode through the software recovery procedure. Refer to these documents for the software recovery procedure:
Recovering Catalyst Switches Running CatOS from Booting Failures
Recovering a Catalyst 4000 Switch with Supervisor III or IV from a Corrupted or Missing Image and from Rommon Mode
Redundant Supervisor Engine Software Upgrade Fails
If a software upgrade is performed on both the active and standby supervisor engines, check whether both the supervisors run the same new software image.
The upgrade fails when the primary supervisor downloads the configuration from the secondary supervisor. The secondary supervisor copies its own boot variable to the primary supervisor. If the primary supervisor does not have the same software image as the secondary supervisor, a boot loop occurs because the primary supervisor is unable to find the image. Complete these steps in order to resolve the problem:
Remove the primary supervisor.
Switch to the ROMMON mode.
Boot the promary supervisor manually.
Ensure that the primary supervisor loads the same image as in the other supervisor engine. After the image loads, reset your boot variables. After the supervisor engine recovers, upgrade one of the supervisors to have the same image as the other supervisor.
Known Issue: CatOS Switch Configuration Lost Due to Software Downgrade
A software downgrade on a switch that runs CatOS always leads to loss of configuration. Issue the copy config tftp command to back up your configuration to a TFTP server. Alternatively, issue the copy config flash command to back up the configuration to a Flash device.
In order to restore the configuration after a successful downgrade, issue the copy tftp config or copy flash config command to get the configuration file from the TFTP server or Flash device.
Refer to the Catalyst 4500 Command Reference Guide for the command syntax and use of these commands.