Upgrading IOS-XE on Catalyst 9000 series Switch Stack

A pair Cisco Catalyst 9324’s.

I recently had to put together a Catalyst 9300 stack of switches and upgrade the switch stack, so I thought I’d document the process and share it. The process is very similar to stacking other switches, if you’re familiar with stacking Cisco switches. I believe there are some newer commands in IOS-XE that help facilitate and make the process a little easier than in previous versions of IOS.

Copy the new IOS file over

As with any other IOS upgrade you have to get the files onto the switch stack. By default when you’re working with a switch stack you’re working on the stack master. Copy the file to the switch stack using copy tftp bootflash: <filename>. In this case I installing IOS-XE Fuji 16.9.3. You’ll be prompted to enter in the IP Address of your TFTP server – which could simply be your laptop running tftpd.

copy tftp flash:cat9k_iosxe.16.09.03.SPA.bin

Sync the file to all the Switches in the Stack

Now traditionally you’d have to copy the bin files over to all of the switches in the stack. However, in this case we use a command to help us with that – install add file <filename>

C9300-STACK#install add file flash:cat9k_iosxe.16.09.03.SPA.bin

! The following is output from the command
install_add: START Tue Jul 23 14:19:09 EDT 2019

*Jul 23 18:19:10.806: %IOSXE-5-PLATFORM: Switch 1 R0/0: Jul 23 14:19:10 install_engine.sh: %INSTALL-5-INSTALL_START_INFO: Started install add flash:cat9k_iosxe.16.09.03.SPA.bin

install_add: Adding PACKAGE

--- Starting initial file syncing ---
[1]: Copying flash:cat9k_iosxe.16.09.03.SPA.bin from switch 1 to switch 2
[2]: Finished copying to switch 2
Info: Finished copying flash:cat9k_iosxe.16.09.03.SPA.bin to the selected switch(es)
Finished initial file syncing

--- Starting Add ---
Performing Add on all members
[1] Add package(s) on switch 1
[1] Finished Add on switch 1
[2] Add package(s) on switch 2
[2] Finished Add on switch 2
Checking status of Add on [1 2]
Add: Passed on [1 2]
Finished Add

SUCCESS: install_add Tue Jul 23 14:21:21 EDT 2019

Install add takes the file and copies it to bootflash on all of the switches in the switch stack. In this case there was only one additional switch, switch 2.

Activate the Software

Next we’ll use install activate to unpack the bin files and add them to the boot config. Once this operation completes you’ll get prompted to reboot the switch stack.

C9300-STACK#install activate
install_activate: START Tue Jul 23 14:25:01 EDT 2019
install_activate: Activating PACKAGE

*Jul 23 18:25:03.046: %IOSXE-5-PLATFORM: Switch 1 R0/0: Jul 23 14:25:03 install_engine.sh: %INSTALL-5-INSTALL_START_INFO: Started install activateFollowing packages shall be activated:
/flash/cat9k-wlc.16.09.03.SPA.pkg
/flash/cat9k-webui.16.09.03.SPA.pkg
/flash/cat9k-srdriver.16.09.03.SPA.pkg
/flash/cat9k-sipspa.16.09.03.SPA.pkg
/flash/cat9k-sipbase.16.09.03.SPA.pkg
/flash/cat9k-rpboot.16.09.03.SPA.pkg
/flash/cat9k-rpbase.16.09.03.SPA.pkg
/flash/cat9k-guestshell.16.09.03.SPA.pkg
/flash/cat9k-espbase.16.09.03.SPA.pkg
/flash/cat9k-cc_srdriver.16.09.03.SPA.pkg

This operation requires a reload of the system. Do you want to proceed? [y/n]

Switch upgrade complete!

Upon reboot the switch stack will be upgraded. Use a show version to verify (verify all the things!) that the stack is running the new version. You can also clean up old IOS files that may be left over from the previous version using “install deactivate <filename.> For more detailed information and additional configuration options and examples check out the Cisco documentation.

12 thoughts

  3. Yep, can confirm that you have to run the Commit. Was upgrading from 16.9.3 to 16.9.5 and didnt do the commit and the auto abort timer kicked in and reverted back by itself after 2 hours……..

    Like

    Reply

    1. ISSU is for Chassis devices only, not switch stacks. Additionally, an ISSU upgrade has to meet certain criteria surrounding the version of the software you’re going to upgrade to and what version you’re currently on. Since these are individual switches you will have have to disrupt traffic flow for the upgrade process.

      Like

      Reply

      1. ISSU does work on certain stacks, with caveats around hardware platforms and software revisions used.

        I was looking up the same thing for Catalyst 9500s and found a section on doing it on stacks in the release notes for 16.12.X. But, there were a few restrictions at the bottom:

        >>>>>>>>>
        In-Service Software Upgrade (ISSU)

        While performing ISSU from Cisco IOS XE Fuji 16.9.x to Cisco IOS XE Gibraltar 16.12.x, if interface-id snmp-if-index command is not configured with OSPFv3, packet loss can occur. Configure the interface-id snmp-if-index command either during the maintenance window or after isolating the device (by using maintenance mode feature) from the network before doing the ISSU.

        On Cisco Catalyst 9500 Series Switches (C9500-12Q, C9500-16X, C9500-24Q, C9500-40X), ISSU from Cisco IOS XE Fuji 16.9.x to Cisco IOS XE Gibraltar 16.10.x or to Cisco IOS XE Gibraltar 16.11.x is not supported.

        On Cisco Catalyst 9500 Series Switches – High Performance (C9500-24Y4C, C9500-32C, C9500-32QC, and C9500-48Y4C), ISSU with Cisco StackWise Virtual is supported only starting from Cisco IOS XE Gibraltar 16.12.1. Therefore, ISSU upgrades can be performed only starting from this release to a later release.

        Like

  5. Pingback: Upgrading IOS-XE on Catalyst 9000 series Switch Stack – The Art of Network Engineering

  7. Hi guys, very good articles, you’ve saved my skin here for a second so far.

    Yes the commit command is required. You can check after the upgrade (after the install activate command) the timer with show install summary:
    9300 #show install summary
    [ Switch 1 2 ] Installed Package(s) Information:
    State (St): I – Inactive, U – Activated & Uncommitted,
    C – Activated & Committed, D – Deactivated & Uncommitted
    ——————————————————————————–
    Type St Filename/Version
    ——————————————————————————–
    IMG U 17.03.05.0.6600

    ——————————————————————————–
    Auto abort timer: active , time before rollback – 01:45:37
    ——————————————————————————–

    and then :

    9300 #show install committed
    [ Switch 1 2 ] Committed Package(s) Information:
    State (St): I – Inactive, U – Activated & Uncommitted,
    C – Activated & Committed, D – Deactivated & Uncommitted
    ——————————————————————————–
    Type St Filename/Version
    ——————————————————————————–
    No Committed Packages

    See I have yet to type mine in right now..

    9300 #install commit
    install_commit: START
    install_commit: Committing PACKAGE

    — Starting Commit —
    Performing Commit on all members
    [1] Commit package(s) on switch 1
    [1] Finished Commit on switch 1
    [2] Commit package(s) on switch 2
    [2] Finished Commit on switch 2
    Checking status of Commit on [1 2]
    Commit: Passed on [1 2]
    Finished Commit

    now I can check again:

    9300 #show instal committed
    [ Switch 1 2 ] Committed Package(s) Information:
    State (St): I – Inactive, U – Activated & Uncommitted,
    C – Activated & Committed, D – Deactivated & Uncommitted
    ——————————————————————————–
    Type St Filename/Version
    ——————————————————————————–
    IMG C 17.03.05.0.6600

    ——————————————————————————–
    Auto abort timer: inactive
    ——————————————————————————–

    See the timer is inactive meaning there is no timer. It will stay on the .5 version.

    Like

    Reply

Leave a comment