Catalyst 6500 Series SSL Services Module Configuration Note, 2.1
Upgrading the Images
Download this chapter
Upgrading the ImagesUpgrading the Images
Download the complete book
Book-level PDF: Catalyst 6500 Series SSL Services Module Configuration Note, 2.1 Book-level PDF: Catalyst 6500 Series SSL Services Module Configuration Note, 2.1 (PDF - 2 MB)
 Feedback

Table Of Contents

Upgrading the Images

Upgrading the Application Software

Cisco IOS Software

Catalyst Operating System Software

Upgrading the Maintenance Software

Cisco IOS Software

Catalyst OS Software


Upgrading the Images

The compact Flash on the SSL Services Module has two bootable partitions: application partition (AP) and maintenance partition (MP). By default, the application partition boots every time. The application partition contains the binaries necessary to run the SSL image. The maintenance partition is booted if you need to upgrade the application partition.

You can upgrade both the application software and the maintenance software. However, you are not required to upgrade both images at the same time. Refer to the release notes for the SSL Services Module for the latest application partition and maintenance partition software versions.

The entire application and maintenance partitions are stored on the FTP or TFTP server. The images are downloaded and extracted to the application partition or maintenance partition depending on which image is being upgraded.

To upgrade the application partition, change the boot sequence to boot the module from the maintenance partition. To upgrade the maintenance partition, change the boot sequence to boot the module from the application partition. Set the boot sequence for the module using the supervisor engine CLI commands. The maintenance partition downloads and installs the application image. The supervisor engine must be executing the run-time image to provide network access to the maintenance partition.

Before starting the upgrade process, you will need to download the application partition image or maintenance partition image to the TFTP server.

A TFTP or FTP server is required to copy the images. The TFTP server should be connected to the switch, and the port connecting to the TFTP server should be included in any VLAN on the switch.

These sections describe how to upgrade the images:

Upgrading the Application Software.

Upgrading the Maintenance Software.

Note If you are downgrading from SSL software release 2.1 to release 1.x, remove all configurations for features that are introduced in release 2.1 from the startup configuration. These features are not supported in SSL software release 1.x. You could corrupt the proxy service configurations if the startup configuration contains configurations for these features. See Table 1-1 for a list of new features in release 2.1.

Upgrading the Application Software

How you upgrade the application software depends on whether you are using Cisco IOS software or the Catalyst operating system software.

The following sections describe how to upgrade the application software from the CLI for each switch operating system:

Cisco IOS Software

Catalyst Operating System Software

Cisco IOS Software

Note Do not reset the module until the image is upgraded. The total time to upgrade the image takes up to eight minutes.

To upgrade the application partition software, perform this task:

 
Command
Purpose

Step 1  

Router# hw-module module mod 
reset cf:1

Reboots the module from the maintenance partition.

Note It is normal to see messages such as "Press Key" on the module console after entering this command.

Step 2  

Router# show module

Displays that the maintenance partition for the module has booted.

Step 3  

Router# copy tftp: 
pclc#mod-fs:

Downloads the image.

Step 4  

Router# hw-module module mod 
reset

Resets the module.

Note Do not reset the module until the "You can now reset the module" message is displayed on the console. Resetting the module before this message is displayed will cause the upgrade to fail.

Step 5  

Router# show module

Displays that the application partition for the module has booted.

This example shows how to upgrade the application partition software: 

Router# hw-module module 6 reset cf:1

hw mod 6 reset cf:1

Device BOOT variable for reset = <cf:1>

Warning: Device list is not verified.


Proceed with reload of module? [confirm]y


% reset issued for module 6


02:11:18: SP: The PC in slot 6 is shutting down. Please wait ...

02:11:31: SP: PC shutdown completed for module 6

02:11:31: %C6KPWR-SP-4-DISABLED: power to module in slot 6 set off (Reset)

02:14:21: SP: OS_BOOT_STATUS(6) MP OS Boot Status: finished booting

02:14:28: %DIAG-SP-6-RUN_MINIMUM: Module 6: Running Minimum Online Diagnostics...

02:14:34: %DIAG-SP-6-DIAG_OK: Module 6: Passed Online Diagnostics

02:14:34: %OIR-SP-6-INSCARD: Card inserted in slot 6, interfaces are now online


Router# show module

Mod Ports Card Type                              Model              Serial No.

--- ----- -------------------------------------- ------------------ -----------

  1    2  Catalyst 6000 supervisor 2 (Active)    WS-X6K-S2U-MSFC2   SAD055006RZ

  2   48  48 port 10/100 mb RJ45                 WS-X6348-RJ-45     SAL052794UW

  6    1  SSL Module (MP)                        WS-SVC-SSL-1       SAD060702VK


...<output truncated>...


Router# copy tftp: pclc#6-fs:

copy tftp: pclc#6-fs:

Address or name of remote host []? 10.1.1.1


Source filename []? c6svc-ssl-k9y9.1-x-y.bin


Destination filename [c6svc-ssl-k9y9.1-x-y.bin]? 


Accessing tftp://10.1.1.1/c6svc-ssl-k9y9.1-x-y.bin...

Loading c6svc-ssl-k9y9.1-x-y.bin from 10.1.1.1 (via Vlan2): 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


<output truncated>


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[OK - 14918353 bytes]


14918353 bytes copied in 643.232 secs (23193 bytes/sec)

Router# 

02:29:23: %SVCLC-SP-5-STRRECVD: mod 6: <Application upgrade has started>

02:29:23: %SVCLC-SP-5-STRRECVD: mod 6: <Do not reset the module till upgrade completes!!>

02:36:07: %SVCLC-SP-5-STRRECVD: mod 6: <Application upgrade has succeded>

02:36:07: %SVCLC-SP-5-STRRECVD: mod 6: <You can now reset the module>>


Router# hw-module module 6 reset

Device BOOT variable for reset = <empty>

Warning:Device list is not verified.


Proceed with reload of module? [confirm]y

% reset issued for module 6

Router#

02:36:57:SP:The PC in slot 6 is shutting down. Please wait ...

02:37:17:SP:PC shutdown completed for module 6

02:37:17:%C6KPWR-SP-4-DISABLED:power to module in slot 6 set off (Reset)

02:38:39:SP:OS_BOOT_STATUS(6) AP OS Boot Status:finished booting

02:39:27:%DIAG-SP-6-RUN_COMPLETE:Module 6:Running Complete Online Diagnostics...

02:39:29:%DIAG-SP-6-DIAG_OK:Module 6:Passed Online Diagnostics

02:39:29:%OIR-SP-6-INSCARD:Card inserted in slot 6, interfaces are now online


Router# show module


Mod Ports Card Type                              Model              Serial No.

--- ----- -------------------------------------- ------------------ -----------

  1    2  Catalyst 6000 supervisor 2 (Active)    WS-X6K-S2U-MSFC2   SAD055006RZ

  2   48  48 port 10/100 mb RJ45                 WS-X6348-RJ-45     SAL052794UW

  6    1  SSL Module                             WS-SVC-SSL-1       SAD060702VK


...<output truncated>...

Catalyst Operating System Software

Note Do not reset the module until the image is upgraded. The total time to upgrade the image takes up to eight minutes.

To upgrade the application partition software, perform this task:

 
Command
Purpose

Step 1  

Console (enable) set boot device 
cf:1 mod

Sets the module to boot the maintenance partition.

Step 2  

Console (enable) reset mod

Resets the module to the maintenance partition.

Note The SUP_OSBOOTSTATUS system message shows that the maintenance partition (MP) has booted.

Step 3  

Console (enable) session [mod]

Access the MSFC from the switch CLI using a Telnet session1 .

Step 4  

Router# copy tftp: pclc#mod-fs:

Downloads the image.

Step 5  

Router# exit

Exits the MSFC CLI and returns to the switch CLI.

Step 6  

Console (enable) set boot device 
cf:4 mod

Sets the module to boot the application partition.

Step 7  

Console (enable) reset mod

Resets the module to the application partition.

Note Do not reset the module until the "You can now reset the module" message is displayed on the console. Resetting the module before this message is displayed will cause the upgrade to fail.

Note The SUP_OSBOOTSTATUS system message shows that the application partition (AP) has booted.

1 To access the MSFC from the switch CLI directly connected to the supervisor engine console port, enter the switch console mod command. To exit from the MSFC CLI and return to the switch CLI, press Ctrl-C three times at the Router> prompt.

This example shows how to upgrade the application partition software: 

Console> (enable) set boot device cf:1 6

Device BOOT variable = cf:1 

Memory-test set to PARTIAL 

Warning:Device list is not verified but still set in the boot string. 

Console> (enable) 

Console> (enable) reset 6 cf:1

This command will reset module 6. 

Unsaved configuration on module 6 will be lost 

Do you want to continue (y/n) [n]? y 

Module 6 shut down in progress, please don't remove module until shutdown completed. 

Console> (enable) Module 6 shutdown completed. Module resetting... 

2003 Jan 17 08:34:07 %SYS-3-SUP_OSBOOTSTATUS:MP OS Boot Status:finished booting 

2003 Jan 17 08:34:23 %SYS-5-MOD_OK:Module 6 is online 

2003 Jan 17 08:34:23 %DTP-5-TRUNKPORTON:Port 6/1 has become dot1q trunk 

Console> (enable) session 15 

Trying Router-15... 

Connected to Router-15. 

Type ^C^C^C to switch back... 

Router> 


Router# copy tftp: pclc#6-fs:

copy tftp: pclc#6-fs:

Address or name of remote host []? 10.1.1.1


Source filename []? c6svc-ssl-k9y9.1-x-y.bin


Destination filename [c6svc-ssl-k9y9.1-x-y.bin]? 


Accessing tftp://10.1.1.1/c6svc-ssl-k9y9.1-x-y.bin...

Loading c6svc-ssl-k9y9.1-x-y.bin from 10.1.1.1 (via Vlan2): 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


<output truncated>


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[OK - 14918353 bytes]


14918353 bytes copied in 643.232 secs (23193 bytes/sec)

Router# 

02:29:23: %SVCLC-SP-5-STRRECVD: mod 6: <Application upgrade has started>

02:29:23: %SVCLC-SP-5-STRRECVD: mod 6: <Do not reset the module till upgrade completes!!>

02:36:07: %SVCLC-SP-5-STRRECVD: mod 6: <Application upgrade has succeded>

02:36:07: %SVCLC-SP-5-STRRECVD: mod 6: <You can now reset the module>>

Router# exit

Console> (enable) set boot device cf:4 6

Device BOOT variable = cf:4 

Memory-test set to PARTIAL 

Warning:Device list is not verified but still set in the boot string. 

Console> (enable) reset 6 

This command will reset module 6. 

Unsaved configuration on module 6 will be lost 

Do you want to continue (y/n) [n]? y 

Module 6 shut down in progress, please don't remove module until shutdown completed. 

Console> (enable) Module 6 shutdown completed. Module resetting... 

2003 Jan 17 08:36:58 %SYS-3-SUP_OSBOOTSTATUS:AP OS Boot Status:finished booting 

2003 Jan 17 08:37:51 %SYS-5-MOD_OK:Module 6 is online 

2003 Jan 17 08:37:51 %DTP-5-TRUNKPORTON:Port 6/1 has become dot1q trunk

Upgrading the Maintenance Software

How you upgrade the maintenance software depends on whether you are using Cisco IOS software or the Catalyst operating system software.

The following sections describe how to upgrade the maintenance software from the CLI for each switch operating system:

Cisco IOS Software

Catalyst OS Software

Cisco IOS Software

Note Do not reset the module until the image is upgraded. The total time to upgrade the image takes up to eightminutes.

To upgrade the maintenance partition software, perform this task:

 
Command
Purpose

Step 1  

Router# hw-module module mod reset

Reboots the module from the application partition.

Step 2  

Router# copy tftp: pclc#mod-fs:

Downloads the image.

Step 3  

Router# hw-module module mod reset 
cf:1

Resets the module in the maintenance partition.

Note Do not reset the module until the "Upgrade of MP was successful. You can now boot MP" message is displayed on the console. Resetting the module before this message is displayed will cause the upgrade to fail.

Step 4  

Router# show module

Displays that the maintenance partition for the module has booted.

This example shows how to upgrade the maintenance partition software: 

Router# hw module 6 reset 

Device BOOT variable for reset = <empty> 

Warning:Device list is not verified. 

Proceed with reload of module? [confirm]y 

% reset issued for module 6 

Router# 

02:36:57:SP:The PC in slot 6 is shutting down. Please wait ... 

02:37:17:SP:PC shutdown completed for module 6 

02:37:17:%C6KPWR-SP-4-DISABLED:power to module in slot 6 set off (Reset) 

1w0d:SP:OS_BOOT_STATUS(6) AP OS Boot Status:finished booting 

1w0d:%OIR-SP-6-INSCARD:Card inserted in slot 6, interfaces are now online 

Router# copy tftp:pclc#6-fs: 

Address or name of remote host []? 10.1.1.1 

Source filename []? mp.1-2-0-16.bin.gz 

Destination filename [mp.1-2-0-16.bin.gz]? 

Accessing tftp://10.1.1.1/mp.1-2-0-16.bin.gz... 

Loading mp.1-2-0-16.bin.gz from 10.1.1.1 (via Vlan2): 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

<output truncated> 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

[OK - 9818951 bytes] 

9818951 bytes copied in 164.388 secs (59730 bytes/sec) 

ssl-proxy> 

1w0d:%SVCLC-SP-6-STRRECVD:mod 6:<MP upgrade started. Do not reset the card.> 

1w0d:%SVCLC-SP-6-STRRECVD:mod 6:<Upgrade of MP was successful. You can now boot MP.> 

Router# hw mod 6 reset cf:1 

Device BOOT variable for reset = <cf:1> 

Warning:Device list is not verified. 

Proceed with reload of module? [confirm]y 

% reset issued for module 6 

Router# show module 

Mod Ports Card Type                              Model              Serial No. 

--- ----- -------------------------------------- ------------------ ----------- 

1   2     Catalyst 6000 supervisor 2 (Active)    WS-X6K-S2U-MSFC2   SAD055006RZ 

2   48    48 port 10/100 mb RJ45                 WS-X6348-RJ-45     SAL052794UW 

6   1     SSL Module (MP)                       WS-SVC-SSL-1        SAD060702VK 


...<output truncated>...

Catalyst OS Software

Note Do not reset the module until the image is upgraded. The total time to upgrade the image takes up to 8 minutes.

To upgrade the maintenance partition software, perform this task:

 
Command
Purpose

Step 1  

Console (enable) set boot device 
cf:4 mod

Sets the module to boot the application partition.

Step 2  

Console (enable) reset mod

Resets the module to the application partition.

Note The SUP_OSBOOTSTATUS system message shows that the application partition (AP) has booted.

Step 3  

Console (enable) session [mod]

Access the MSFC from the switch CLI using a Telnet session1 .

Step 4  

Router# copy tftp: pclc#mod-fs:

Downloads the image.

Step 5  

Router# exit

Exits the MSFC CLI and returns to the switch CLI.

Step 6  

Console (enable) set boot device 
cf:1 mod

Sets the module to boot the maintenance partition.

Step 7  

Console (enable) reset mod

Resets the module to the maintenance partition.

Note Do not reset the module until the "Upgrade of MP was successful. You can now boot MP" message is displayed on the console. Resetting the module before this message is displayed will cause the upgrade to fail.

Note The SUP_OSBOOTSTATUS system message shows that the maintenance partition (MP) has booted.

1 To access the MSFC from the switch CLI directly connected to the supervisor engine console port, enter the switch console mod command. To exit from the MSFC CLI and return to the switch CLI, press Ctrl-C three times at the Router> prompt.

This example shows how to upgrade the maintenance partition software: 

Console> (enable) set boot device cf:4 6

Device BOOT variable = cf:4 

Memory-test set to PARTIAL 

Warning:Device list is not verified but still set in the boot string. 

Console> (enable) reset 6 

This command will reset module 6. 

Unsaved configuration on module 6 will be lost 

Do you want to continue (y/n) [n]? y 

Module 6 shut down in progress, please don't remove module until shutdown completed. 

Console> (enable) Module 6 shutdown completed. Module resetting... 

2003 Jan 17 08:36:58 %SYS-3-SUP_OSBOOTSTATUS:AP OS Boot Status:finished booting 

2003 Jan 17 08:37:51 %SYS-5-MOD_OK:Module 6 is online 

2003 Jan 17 08:37:51 %DTP-5-TRUNKPORTON:Port 6/1 has become dot1q trunk 

Console> (enable) session 15 

Trying Router-15... 

Connected to Router-15. 

Type ^C^C^C to switch back... 

Router> 

Router# copy tftp:pclc#6-fs:

Address or name of remote host []? 10.1.1.1

Source filename []? mp.1-2-0-16.bin.gz

Destination filename [mp.1-2-0-16.bin.gz]?

Accessing tftp://10.1.1.1/mp.1-2-0-16.bin.gz...

Loading mp.1-2-0-16.bin.gz from 10.1.1.1 (via Vlan2):

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


<output truncated>


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[OK - 9818951 bytes]


9818951 bytes copied in 164.388 secs (59730 bytes/sec)

ssl-proxy>

1w0d:%SVCLC-SP-6-STRRECVD:mod 6:<MP upgrade started. Do not reset the card.>

1w0d:%SVCLC-SP-6-STRRECVD:mod 6:<Upgrade of MP was successful. You can now boot MP.>

Router# exit

Console> (enable) set boot device cf:1 6

Device BOOT variable = cf:1 

Memory-test set to PARTIAL 

Warning:Device list is not verified but still set in the boot string. 

Console> (enable) 

Console> (enable) reset 6 cf:1

This command will reset module 6. 

Unsaved configuration on module 6 will be lost 

Do you want to continue (y/n) [n]? y 

Module 6 shut down in progress, please don't remove module until shutdown completed. 

Console> (enable) Module 6 shutdown completed. Module resetting... 

2003 Jan 17 08:34:07 %SYS-3-SUP_OSBOOTSTATUS:MP OS Boot Status:finished booting 

2003 Jan 17 08:34:23 %SYS-5-MOD_OK:Module 6 is online 

2003 Jan 17 08:34:23 %DTP-5-TRUNKPORTON:Port 6/1 has become dot1q trunk