Cisco Physical Access Manager User Guide, Release 1.4.1
Upgrading and Configuring Gateway Modules
Downloads: This chapterpdf (PDF - 1.16MB) The complete bookPDF (PDF - 61.78MB) | Feedback

Upgrading and Configuring Gateway Modules

Table Of Contents

Upgrading and Configuring Gateway Modules

Contents

Displaying the Gateway Network and Firmware Configuration

Changing the Gateway Module Network Settings

Changing the NTP Setting for Multiple Gateway Modules

(Optional) Set a Default NTP Server

Change the NTP Setting for Multiple Gateways

Using Locations & Doors to Change Gateway Network Settings

Upgrading Gateway Firmware Images Using Cisco PAM

Uploading Firmware Images to a TFTP Server

Updating the Firmware on All Gateway Modules

Updating the Firmware on Individual Gateway Modules


Upgrading and Configuring Gateway Modules


Use the Hardware and Locations & Doors modules to upgrade the firmware on one or more Gateway modules, or change the network settings on the modules. You can also change the NTP settings on multiple Gateway modules to ensure the time is synchronized on all devices.


NoteWe strongly recommend using NTP to synchronize the Cisco PAM appliance and Gateway module clocks to ensure correct event and messaging. See the "Change the NTP Setting for Multiple Gateways" section for instructions to set NTP on Gateway modules.

The Gateway must be available on the network and in the Up state to use these configuration tools. For initial Gateway installation and configuration, see the Cisco Physical Access Gateway User Guide.


Contents

This appendix includes the following information:

Displaying the Gateway Network and Firmware Configuration

Changing the Gateway Module Network Settings

Changing the NTP Setting for Multiple Gateway Modules

(Optional) Set a Default NTP Server

Change the NTP Setting for Multiple Gateways

Using Locations & Doors to Change Gateway Network Settings

Upgrading Gateway Firmware Images Using Cisco PAM

Uploading Firmware Images to a TFTP Server

Updating the Firmware on All Gateway Modules

Updating the Firmware on Individual Gateway Modules

Displaying the Gateway Network and Firmware Configuration

The Extended Status area of the Hardware module displays the network configuration and firmware version for a Gateway module.

Procedure


Step 1 Select the Hardware module from the Doors menu.


Tip You can also view the Gateway settings from the Locations & Doors module. Filter the display to view the Gateway modules and then select a Gateway. See the "Using Locations & Doors to Change Gateway Network Settings" section for more information.


Step 2 Expand the Access GW Driver and click a Gateway module icon to highlight it (Figure C-1).

The Gateway tab in the Extended Status area displays the Gateway software (firmware) version number, as well as the IP address used for network communication.

Figure C-1 Gateway Software Version and IP Address Settings


Tip The IP address is the address configured on the Gateway Eth0 port, which provides IP network connectivity with the Cisco PAM appliance.


Step 3 Select the Gateway Network Address tab to display the module's network configuration.


Changing the Gateway Module Network Settings

To change network configuration settings for a Gateway module using Cisco PAM, right-click a Gateway module and select Set Gateway Address.

Procedure


Step 1 Select the Hardware module from the Doors menu.

Step 2 Expand the Access GW Driver.

Step 3 Right-click a Gateway module and select Set Gateway Address (Figure C-2).


Tip You can also change the Gateway settings from the Locations & Doors module. Filter the display to view the Gateway modules and then right-click a Gateway name. See the "Using Locations & Doors to Change Gateway Network Settings" section for more information.


Step 4 Modify the fields as described in the following table.

Figure C-2 Set Gateway Address

Field
Description

Gateway Address

DHCP

If a Dynamic Host Configuration Protocol (DHCP) server is configured on your IP network, select the DHCP check box for ETH0 to automatically configure the required IP network settings, including IP address, Subnet Mask, and Gateway.

IP Address

IP address for the module Ethernet interfaces.

The ETH0 interface provides IP network connectivity with the Cisco PAM appliance.

The ETH1 interface is used for management connections, such as connecting a PC directly to the Gateway module.

See the Cisco Physical Access Gateway User Guide for more information.

Subnet Mask

The subnet mask.

Default Gateway

The IP address of the default network gateway.

NTP Address

NTP Host

The IP Address of a network time protocol (NTP) server used to set the Gateway time. This setting is left blank if a DHCP server provides this setting.

DNS Server

Primary DNS Address

Enter the Primary DNS Address configuration if names (not IP addresses) are used for the NTP or CPAM addresses.

Secondary DNS Address

Enter the Secondary DNS Address configuration if names (not IP addresses) are used for the NTP or CPAM addresses

Primary Cisco PAM Server Address

Primary Cisco PAM Server

Enter the Cisco PAM IP Address (IP address or name) to enable Gateway communication with the appliance.

Port

Enter the Port number for the Cisco PAM appliance. The port number must be greater than 1024 and less 65535. The default is 8020.

Enable SSL

The secure socket layer (SSL) is enabled for secure communication between the Gateway and Cisco PAM appliance by default. If necessary SSL can be disabled by deselecting the Enable SSL check box.

Note SSL is enabled by default on all Gateways and Cisco PAM appliances. If SSL is disabled for a Gateway but enabled for Cisco PAM, the Gateway will not be able to connect to the appliance. If the SSL settings are changed, reset all Gateways and the Cisco PAM appliance. We recommend enabling SSL to ensure secure communications.


Step 5 Click OK to save the changes.

Step 6 Right-click the Gateway and select Apply Configuration Changes to download configuration changes for a single Gateway.


Note Gateways must be in the Up state, signified by a green triangle in the icon. A dark green triangle means configuration changes that have not been applied. See Understanding Device Status Colors.


Step 7 Verify that the new network settings appear in the Extended Status area, under the Gateway Network Address tab. See the "Displaying the Gateway Network and Firmware Configuration" section.


Changing the NTP Setting for Multiple Gateway Modules

You can set the network time protocol (NTP) server for all Gateway modules, or for selected Gateway modules, to automatically synchronize the device time on the devices.

Usage Notes

We strongly recommend using the same NTP setting for the Gateways and for the Cisco PAM appliance to ensure synchronized events and messaging. To set the server NTP address, see Chapter 3 "Configuring and Monitoring the Cisco PAM Server". Other systems that are integrated with Cisco PAM, such as the Video Surveillance Manager (Cisco VSM), should use the same NTP server setting.

If the Gateway is configured to receive an NTP server setting from DHCP, then the Set NTP Server command will not change the NTP server setting on that Gateway.

You can also enter a default NTP server address to pre-populate the server field in the Set NTP Server window. This setting is not applied to the Gateways automatically. You must complete the instructions in the "Change the NTP Setting for Multiple Gateways" section.

Refer to the following topics:

(Optional) Set a Default NTP Server

Change the NTP Setting for Multiple Gateways

(Optional) Set a Default NTP Server

The default NTP server address pre-populates the NTP Server setting when updating multiple Gateways. This default setting is optional, and is not applied to the Gateways until you complete the instructions in the "Change the NTP Setting for Multiple Gateways" section.

Procedure


Step 1 Select System Configuration from the Admin menu.

Step 2 Select the Cisco Settings tab.

Step 3 Enter the IP address in the NTP Server field (Figure C-3).


Note Enter an IP Address only. For example: 192.169.100.1. Hostnames are not supported.


Figure C-3 System Configuration: NTP Server IP Address

Step 4 Restart Cisco PAM (exit and relaunch the application).


Note Changes do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


Step 5 Continue to the following section: "Change the NTP Setting for Multiple Gateways" section.

You must use the Set NTP Server command to apply the NTP server setting to one or more Gateways.


Change the NTP Setting for Multiple Gateways

Use the Set NTP Server command on the Access Gateway Driver to configure the same NTP server IP Address on multiple Gateways.


Note If the Gateway is configured to receive an NTP server setting from DHCP, then the Set NTP Server command will not change the NTP server setting on that Gateway.


Procedure


Step 1 (Optional) Enter a default NTP server setting to auto-populate the NTP Server field.

See the "(Optional) Set a Default NTP Server" section for more information.

Step 2 Select Hardware from the Doors menu.

Step 3 Right-click the Access GW Driver and select the Set NTP Server command (Figure C-4).

Figure C-4 Set NTP Server for Multiple Gateways

Step 4 In the Set NTP Server window (Figure C-5), enter the following settings:

a. Enter the NTP server IP address.


Tip If an NTP server address was entered in the System Configuration, that address appears by default. You can edit the address if necessary. See the "(Optional) Set a Default NTP Server" section for more information.


b. Select All Gateways to select all available Gateways. Only Gateways in the UP state are displayed and available for NTP configuration.

c. Select or de-select Gateway modules in the list to include or exclude modules.

Figure C-5 Set NTP Server Configuration Window


Tip Use the Search field to locate and display a specific module.


Step 5 Click OK to save the changes.

Step 6 Select Yes when the confirmation message appears. The approximate time that the command will take to execute appears.

Step 7 Verify that the correct NTP address appears in the Extended Status area, under the Gateway Network Address tab. See the "Displaying the Gateway Network and Firmware Configuration" section for more information.


Note If the Set NTP Server command is already in progress for one or more Gateways, you must wait for the summary event information to appear before you can use the command again.



Using Locations & Doors to Change Gateway Network Settings

You can use either the Hardware module or the Locations & Doors module to perform Gateway configuration tasks such as changing the network settings or configuring an NTP server for multiple Gateways.

To use the Locations & Doors module, select Gateway Controllers from the View menu, as shown in Figure C-6. The Gateways are displayed according to their assigned location. Any Gateways not assigned a location are listed under Unassigned.

Figure C-6 Gateway Configuration Options in the Locations & Doors Module

Click a Gateway icon to display the network configuration and software (firmware) version in the Extended Status area. See the "Displaying the Gateway Network and Firmware Configuration" section for more information.

To change the network configuration for a single Gateway, right-click the Gateway icon and select Set Gateway Address. See the "Changing the Gateway Module Network Settings" section for additional instructions.

To change the NTP server address for multiple Gateways, right click a site icon and select Set NTP Server. See the "Changing the NTP Setting for Multiple Gateway Modules" section for additional instructions.

Upgrading Gateway Firmware Images Using Cisco PAM

Gateway modules must have the same firmware version as the Cisco PAM appliance server software. This includes the major version, minor version, maintenance version, and the build number. If any difference in versions exists between the Gateway and the appliance, then only a restricted set of operations (such as image upgrade) can be performed.

For example, if the Cisco PAM appliance is upgraded to release 1.3.0, then all Gateway modules must also be upgraded to firmware release 1.3.0. If the firmware release is different than the Cisco PAM appliance release, the Gateway will not operate and the Gateway status in the Cisco PAM Hardware module will be Mismatch.

To ensure the Gateway firmware is the same release as the Cisco PAM appliance software version, complete the instructions in this section. You can upgrade all the Gateway modules at the same time, or one Gateway at a time.

Firmware images must be located on a TFTP server (such as the built-in Cisco PAM TFTP server). The firmware image file is then copied to the Gateway from the TFTP server. Since Gateways can store more than one firmware image, you must define which image is the active image, and then reset the Gateway module. When the module resets, the new firmware image is called the running image.


TipTo upgrade the firmware, activate a higher number release. To downgrade, activate a lower number release.

You can also upgrade firmware using a PC directly connected to a Gateway module. See the Cisco Physical Access Gateway User Guide for more information.


This section includes the following information:

Uploading Firmware Images to a TFTP Server

Updating the Firmware on All Gateway Modules

Updating the Firmware on Individual Gateway Modules

Uploading Firmware Images to a TFTP Server

Firmware images used to update Gateway modules must be located on a TFTP server. You can load the images to the built-in Cisco PAM TFTP server, or to another TFTP server as described in this section.

Once the Firmware is copied to the TFTP server, you can load it to one or more Gateway modules, as described in Updating the Firmware on Individual Gateway Modules and Updating the Firmware on All Gateway Modules.


Tip You can use the built-in Cisco PAM TFTP server to store firmware images, or use a remote TFTP server. If using the built-in TFTP server, the server must be running. See Disabling the Cisco PAM TFTP Server for more information.


To load images to a TFTP server using Image Manager, do the following:


Step 1 (Optional) Enable the built-in Cisco PAM TFTP server, if necessary.


NoteThe Cisco PAM TFTP server is enabled by default. Complete these steps only if the server was manually disabled, as described in Disabling the Cisco PAM TFTP Server.

If you are using firmware images located on another TFTP server (not the Cisco PAM server), skip to Step 2.


a. Log in to the Cisco PAM Server Administration utility.

See Logging on to the Cisco PAM Server Administration Utility.

b. Select the Monitoring tab and then select Status, as shown in Figure C-7.

c. If the TFTP Service is Down, click Start.

d. Verify that the TFTP service is Up.

Figure C-7 TFTP Service in "Up" State

Step 2 Log in to the Cisco PAM desktop client.

See Logging in to Cisco PAM.

Step 3 Select Image Manager from the Admin menu

Figure C-8 shows the Image Manager window. Table C-1 describes each field.

Figure C-8 Image Manager

Table C-1 Image Manager Fields

 
Field
Description
1

TFTP server

The IP address of the TFTP server to store image files.

2

Default

Click this button to IP address for the Cisco PAM TFTP server in the TFTP server field.

3

Remote Directory Path

The directory path on the TFTP server where files will be uploaded. The directory is in relation to the TFTP server root directory.

If using the built-in Cisco PAM TFTP server, this field is read-only. Select the directory path using the Remote Browser.

If using a TFTP server other than the build-in Cisco PAM server, this field is editable and you must enter the directory path on the TFTP server where files will be uploaded. The directory path must be valid since Cisco PAM does not validate remote server directories.

Note If this field is empty the image file is uploaded to the TFTP root directory. The default TFTP root directory is /tftpboot for Unix systems.

4

Remote Browser

Selects the directory where files will be uploaded on the built-in Cisco PAM TFTP server. This field is active only if you are using the build-in Cisco PAM server.

Right-click within the field to display and select the following menu options:

Create Directory: Creates a directory.

Delete File/Directory: Enabled when a file or directory is selected. Deletes the file or directory

5

Download Button

Download a selected image on the TFTP server to the local drive.

6

Upload Button

Uploads the selected image file to the specified TFTP server and directory. This button is enabled only when a file is selected in the Local directory browser.

7

Local Image Browser

The Local directory browser specifies the file on a local drive for upload to the TFTP server.

Click the Up button to navigate one level up.

Double-click a folder to view the folder contents.

Select a file to enter the file name and directory path in the Local Directory Path field and enable the Upload button.

8

Local Directory Path

Read-only. Displays the directory path and filename for the file selected in the Local browser. This file will be uploaded to the specified TFTP server.


Step 4 Upload firmware images to either the Cisco PAM TFTP server, or another TFTP server:

Uploading images to the Cisco PAM TFTP Server

a. Click Default to enter the Cisco PAM TFTP server IP address in the TFTP server field.

b. Select the file to be uploaded from the Local file browser. The selected file is automatically entered in the Local Image File field.

c. Use the Remote Browser to select the directory on the Cisco PAM TFTP server where files will be uploaded. This field is inactive if you are using a TFTP server other than the build-in Cisco PAM server.

Right-click within the Remote Browser to select the following menu options:

Create Directory: Creates a new directory on the Cisco PAM TFTP server.

Delete File/Directory: Deletes a selected file or directory.

d. Click Upload to add the file to the TFTP server specified in the TFTP server field.

Uploading Images to a Different TFTP Server (Not the Cisco PAM TFTP Server)

a. Enter the server IP address in the TFTP server field.

b. In the Remote Directory field, enter the TFTP server directory path where the image will be stored. If this field is left blank, then the root TFTP directory is used by default. The default Unix TFTP root directory is /tftpboot.


Note The TFTP server directory path entered in the Remote Directory field must be valid. Cisco PAM does not validate the existence of remote server directories.


c. In the Local file browser field, select the firmware file on a local drive to be uploaded. The directory path and filename are displayed in the Image File field.

d. Click Upload to add the file to the TFTP server specified in the TFTP server field.

Step 5 Continue to Updating the Firmware on Individual Gateway Modules.


Tip To download an image from the TFTP server to a local directory, select the image and local directory, then click the Download button.



Updating the Firmware on All Gateway Modules

This section describes how to upgrade or downgrade all the Gateways configured in a Cisco PAM server.


Tip To upgrade the firmware for a single Gateway module, see Updating the Firmware on Individual Gateway Modules.


Before You Begin

Review the following before upgrading the Gateways.

This procedure loads the same firmware image to all Gateway modules configured in Cisco PAM. If you check the options Set as active image and Reset Gateway, the Gateways will reset with the new image as the active running image.

An Active image is the image that will be operational when the Gateway is reset. A Running image is the firmware image currently used to operate the Gateway.

Gateway modules must have the same firmware version as the Cisco PAM appliance server software. This includes the major version, minor version, maintenance version, and the build number. If any difference in versions exists between the Gateway and the appliance, then only a restricted set of operations (such as image upgrade) can be performed.

Gateways operate normally while the firmware image is being copied from the TFTP server, but are out of service while being reset. When a Gateway is down, the doors for that Gateway remain locked if the lock is fail-secure, and unlocked otherwise. See Understanding Door Modes, Door Schedules, and the First Unlock Feature for more information.

If you deselect the options Set as active image and Reset Gateway, then the firmware image is copied to the Gateways, but is not made the Active or Running image. You must use the File Manager to manually activate the image on each Gateway module, as described in Step 9, and then reset the Gateway as described in Step 10.

Review the recommendations in Select the Following Options When Upgrading Gateway Firmware.

Gateways not configured in Cisco PAM are not impacted by this procedure.

Gateways are upgraded in batches of 5, with a 15 minute delay between batches.

10 minutes after all the Gateways are updated, a summary event is posted to Cisco PAM. Any Gateways that are still in the Issued state are described as upgrade still in progress.

You cannot issue another Bulk Image Upgrade command until the summary event is posted.

Procedure

To upgrade or downgrade the firmware images for all Gateway modules, complete the following steps.


Step 1 Complete the instructions in Uploading Firmware Images to a TFTP Server

Step 2 Log in to the Cisco PAM desktop client.

See Logging in to Cisco PAM.

Step 3 Select Hardware from the Doors menu.

Step 4 Right-click the Access GW Driver and select Bulk Image Upgrade (Figure C-9).

Figure C-9 Bulk Image Upgrade Menu


Tip You can also access the Bulk Image Upgrade command using the Locations & Doors module. Select Locations & Doors from the Doors menu, and then select Gateway Controllers from the View menu. Right-click a location or site and select Bulk Image Upgrade from the menu.


Step 5 In the Bulk Image Upgrade window (Figure C-10), enter the image location and select the upgrade options.

a. Enter the Image Name.

If the image is located on the Cisco PAM TFTP server, click Browse to select a firmware image name.

If the image is located on a different TFTP server, enter the filename manually.

Figure C-10 Bulk Image Upgrade Window

b. Enter the TFTP Server IP address.

The Cisco PAM appliance TFTP server IP address is entered by default.

c. Enter the directory Path on the TFTP server for the firmware image.

Leave this field blank if using the default location for the built-in Cisco PAM TFTP server.

Be sure the path and filename are valid. The administration tool does not verify remote server paths.

d. Select the following options to define what that will occur after the image is loaded to the Gateway:

Set as active image: (checked by default) make the firmware file new Active image for all Gateways. The Active image is the firmware that will become the Running image when the Gateway is reset (see Figure C-14).

Delete configuration: delete the module configuration on all Gateways. The configuration is automatically reloaded when the module establishes communication with the Cisco PAM appliance.

Delete events: delete all events stored on all Gateways.

Reset Gateway: perform a soft reset to powercycle all Gateways. Resetting the Gateway changes the Active image to the Running image. All Gateways will be down during the reset. Uncheck this box to reset the Gateways individually.

Reset time: enter the time in 24-hour notation that the Gateways will begin to reset with the new firmware image. If this field is left blank, the Gateways will begin to reload in batches of 5 when you click OK.


Note See Select the Following Options When Upgrading Gateway Firmware.


Step 6 Click OK to close the window and begin copying the firmware image to the Gateway modules.

Any actions selected in Step 5d are initiated. For example, the default option Set as active image makes the new image Active. The Gateways must still be reset for the image to become the Running image.

Gateways are upgraded in batches of 5, with a 15 minute delay between batches.

When all options are selected, wait an additional 10-15 minutes for the firmware upgrade to complete on each Gateway.


Note If you did not check the Reset Gateway option, the firmware image is copied to the Gateways and defined as Active, but is not made the Running image. See Step 10 and Step 9 to manually activate the image and reset each Gateway module.


Step 7 Verify the upgrade status.

a. In the Hardware module, select the Access GW Driver.

b. In the Extended Status field for the driver, select the Command Status tab, as shown in Figure C-11.

Figure C-11 Bulk Image Upgrade Status

c. Expand the Bulk Image Upgrade entry to view the upgrade status for each Gateway. The possible states include the following:

ISSUED: The upgrade command was issued to the Gateway.

SUCCEEDED: The Gateway image upgrade was successfully completed.

FAILED: The Gateway image upgrade Failed for the reason in the description.

COMPLETED: Cisco PAM cannot determine if the upgrade SUCCEEDED or FAILED. Completed indicates the command execution is complete, but you must manually verify the success or failure of the image upgrade using the File Manager.


Note The status is shown as COMPLETED if the Gateway reboots, and the status is still ISSUED. This can happen if the Gateway has a large number of events in its queue when the module reboots, so the final status is not reported. Right-click the Gateway icon in the Hardware module and select File Manager to view the status of the loaded firmware images.


Step 8 Review the summary event posted to the Cisco PAM Events module.

a. Select Events from the Events & Alarms menu, under the Monitoring sub-menu.

b. Double click the summary event to view details of the Bulk Image Upgrade, as shown in Figure C-12.

Figure C-12 Summary Event for Bulk Upgrade Command


NoteThe summary event is posted 10 minutes after all the Gateways are updated.

Any Gateways that are still in the Issued state are shown as Upgrade in progress in the Data field.

You cannot issue another Bulk Image Upgrade command until all the summary event is posted.


Step 9 (Optional) Use the File Manager to verify the Active and Running firmware image for a Gateway module.


Tip You can also change the Active image using the File Manager.


a. Right-click a Gateway Controller (blue icon) and select File Manager, as shown in Figure C-13.

Figure C-13 File Manager Menu

b. Select the Image tab to display a list of the firmware images currently loaded on the Gateway module, as shown in Figure C-14.

Figure C-14 File Manager Window: Image Tab

Each row displays the following information about the firmware image:

Name: the image filename.

Version: the firmware version number.

Download Time: the time and date when the image was downloaded to the Gateway module.

Active: The Active image will become the Running image when the Gateway is reset. The image marked Yes is the active image on the Gateway.

Running: The Running image is the image currently used to operate the Gateway. The image marked Yes is the current running image on the Gateway.

c. To change the active image, select an image name and click the Active Image button.

This button is available only if the selected file is not the Active image.

d. To make the Active image the Running image, you must reset the Gateway. Right-click on the Gateway icon and select Reset Gateway, as described in Step 10.

e. Click Close to accept the changes and close the window.

Step 10 (Optional) Reset individual Gateways.

This step is necessary if you did not select the option to Reset Gateway in Step 5d. The Active image becomes the Running image only after the Gateway is reset.

To reset the Gateway, do the following:

a. In the Hardware module, right-click a Gateway controller (blue icon).

b. Select Reset Gateway, as shown in Figure C-15.

Figure C-15 Reset Gateway Command


Updating the Firmware on Individual Gateway Modules

You can load more than one firmware image to a Gateway module, and then upgrade or downgrade the firmware by selecting the active image and resetting the Gateway. Select a higher release to upgrade the firmware, or a lower release to downgrade.


Note This section includes instructions for individual Gateways. To upgrade the firmware for all Gateways, see Updating the Firmware on All Gateway Modules.


Before You Begin

Review the following before using the instructions to upgrading an individual Gateway.

This procedure loads the same firmware image to all Gateway modules configured in Cisco PAM. If you check the options Set as active image and Reset Gateway, the Gateways will reset with the new image as the active running image.

An Active image is the image that will be operational when the Gateway is reset. A Running image is the firmware image currently used to operate the Gateway.

Gateways operate normally while the firmware image is being copied from the TFTP server, but are out of service while being reset. When a Gateway is down, the doors for that Gateway remain locked if the lock is fail-secure, and unlocked otherwise. See Understanding Door Modes, Door Schedules, and the First Unlock Feature for more information.

If you deselect the options Set as active image and Reset Gateway, then the firmware image is copied to the Gateway, but is not made the Active or Running image. You must use the File Manager to manually activate the image on each Gateway module, as described in Step 8, and then reset the Gateway, as described in Step 9.

Review the recommendations in Select the Following Options When Upgrading Gateway Firmware.

Procedure


Step 1 Complete the instructions in Uploading Firmware Images to a TFTP Server

Step 2 Log in to the Cisco PAM desktop client.

See Logging in to Cisco PAM.

Step 3 Select Hardware from the Doors menu.

Step 4 Right-click a Gateway Controller (blue icon) and select File Manager (Figure C-16).

Figure C-16 File Manager Menu


Tip You can also access the File Manager using the Locations & Doors module. Select Locations & Doors from the Doors menu, and then select Gateway Controllers from the View menu. Expand a location tree and right-click a Gateway to select File Manager from the menu.


Step 5 Select the Image tab to display a list of the firmware images currently loaded on the Gateway module (Figure C-17).

Figure C-17 File Manager Window: Image Tab

Each row displays information about the firmware image:

Name: the image filename.

Version: the firmware version number.

Download Time: the time and date when the image was downloaded to the Gateway module.

Active: The Active image will become the Running image when the Gateway is reset. The image marked Yes is the active image on the Gateway.

Running: The Running image is the image currently used to operate the Gateway. The image marked Yes is the current running image on the Gateway.

Step 6 Download a new firmware image from a TFTP server, if necessary:

a. Select the Initiate Download button, as shown in Figure C-17.

The Initiate Download Input window appears, as shown in Figure C-18.

Figure C-18 Initiate Download Input Window

b. Enter the Image Name:

If the image is located on the Cisco PAM TFTP server, click Browse (Figure C-18) to select a firmware image name.

If the image is located on a different TFTP server, enter the filename manually.

c. Enter the TFTP Server IP address.

The Cisco PAM appliance TFTP server IP address is entered by default.

d. Enter the directory Path on the TFTP server for the firmware image.

Leave this field blank if using the default location for the built-in Cisco PAM appliance TFTP server.

Be sure the path and filename are valid. The administration tool does not verify remote server paths.

e. Select the following options to define what that will occur after the image is loaded to the Gateway:

Set as active image: (checked by default) make the firmware file new active image. The Active image is the firmware that will become the Running image when the Gateway is reset

Delete configuration: delete the module configuration. The configuration is automatically reloaded when the module establishes communication with the Cisco PAM appliance.

Delete events: delete all events stored on the module.

Reset Gateway: (checked by default) perform a soft reset to powercycle the module. Resetting the Gateway changes the Active image to the Running image. The Gateway will be down during the reset. Uncheck this box to reset the Gateways manually, as described in Step 9.

Reset time: defines when the Gateway reset will occur. If this field is left blank, the Gateway resets immediately after the image is downloaded to the Gateway. You can also enter a time (in 24-hour notation) when the Gateway should reset. This field is used only if the Reset Gateway option is checked.


Note See Select the Following Options When Upgrading Gateway Firmware.


Step 7 Click OK to close the window and copy the firmware image to the Gateway module.

Any actions selected in Step 6e are initiated. For example, the new active image is set and the Gateway module is reset (the Gateway must be reset to activate the new image).

When all options are selected, wait approximately 10-15 minutes for the firmware upgrade to complete.

Step 8 Click Refresh in the File Manager window to refresh the information and verify the Active and Running firmware image (see Figure C-19).

Figure C-19 File Manager Window: Image Tab

Each row displays the following information:

Name: the image filename.

Version: the firmware version number.

Download Time: the time and date when the image was downloaded to the Gateway module.

Active: The Active image will become the Running image when the Gateway is reset. The image marked Yes is the Active image on the Gateway.

Running: The Running image is the image currently used to operate the Gateway. The image marked Yes is the current Running image on the Gateway.

f. (Optional) To change the active image, select an image and click the Active Image button.

This button is available only if the selected file is not the active image. The Active image does not become the Running image until the Gateway is reset.

g. Click Close to accept the changes and close the window.

Step 9 (Optional) Reset the Gateway.

This step is necessary if you did not select the option to Reset Gateway in Step 6e, or want to change the Running image. The Active image becomes the Running image only after the Gateway is reset.

To reset the Gateway, do the following:

a. In the Hardware module, right-click the Gateway controller (blue icon).

b. Select Reset Gateway, as shown in Figure C-20.

Figure C-20 Reset Gateway Command