Catalyst 6500 Series Software Configuration Guide, 8.7 - Working with System Software Images [Cisco Catalyst 6500 Series Switches]

Table Of Contents

Working with System Software Images

Software Image Naming Conventions

Upgrading the EPLD Images

Upgrading the Supervisor Engine EPLD Image

Upgrading the Nonsupervisor Engine Module EPLD Images

Comparing File Transfer Protocols

Downloading the Software Images Using FTP or TFTP

Understanding How FTP and TFTP Software Image Downloads Work

Specifying the FTP Username and Password

Preparing to Download an Image Using FTP or TFTP

Downloading the Supervisor Engine Images Using FTP or TFTP

Downloading the Switching Module Images Using FTP or TFTP

FTP and TFTP Download Procedures Example

Supervisor Engine Image Download Example

Single Module Image Download Example

Multiple Module Image Download Example

Uploading the System Software Images to an FTP or TFTP Server

Preparing to Upload an Image to an FTP or TFTP Server

Uploading the Software Images to an FTP or TFTP Server

Downloading the System Software Images Using rcp

Preparing to Download an Image Using rcp

Downloading the Supervisor Engine Images Using rcp

Downloading the Switching Module Images Using rcp

Example rcp Download Procedures

Supervisor Engine Image rcp Download Example

Single Module Image rcp Download Example

Multiple Module Image rcp Download Example

Uploading the System Software Images to an rcp Server

Preparing to Upload an Image to an rcp Server

Uploading the Software Images to an rcp Server

Downloading the Crypto Images Using SCP

Preparing to Download an Image Using SCP

Downloading the Crypto Images Using SCP

Example SCP Download Procedure

Uploading the Crypto Images to an SCP Server

Preparing to Upload an Image to an SCP Server

Uploading the Crypto Images to an SCP Server

Downloading the Crypto Images Using SFTP

Uploading the Crypto Images to an SFTP Server

Downloading the Software Images Over a Serial Connection on the Console Port

Preparing to Download an Image Using Kermit

Downloading the Software Images Using Kermit (PC Procedure)

Downloading the Software Images Using Kermit (UNIX Procedure)

Example Serial Software Image Download Procedures

PC Serial Download Procedure Example

UNIX Workstation Serial Download Procedure Example

Downloading a System Image Using Xmodem or Ymodem

Verifying the Software Images

Working with System Software Images

This chapter describes how to work with system software image files on the Catalyst 6500 series switches.

Note For complete syntax and usage information for the commands that are used in this chapter, refer to the Catalyst 6500 Series Switch Command Reference publication.

This chapter consists of these sections:

•Software Image Naming Conventions

•Comparing File Transfer Protocols

•Upgrading the EPLD Images

•Downloading the Software Images Using FTP or TFTP

•Uploading the System Software Images to an FTP or TFTP Server

•Downloading the System Software Images Using rcp

•Uploading the System Software Images to an rcp Server

•Downloading the Crypto Images Using SCP

•Uploading the Crypto Images to an SCP Server

•Downloading the Crypto Images Using SFTP

•Uploading the Crypto Images to an SFTP Server

•Downloading the Software Images Over a Serial Connection on the Console Port

•Downloading a System Image Using Xmodem or Ymodem

•Verifying the Software Images

Software Image Naming Conventions

The software images on the Catalyst 6500 series switches use the following naming conventions (software release 7.3(1) images for a Supervisor Engine 2 are used in the examples):

•7.3(1) flash image (standard)—cat6000-sup2k8.7-3-1.bin

•7.3(1) flash image (CiscoView)—cat6000-sup2cvk8.7-3-1.bin

•7.3(1) flash image (Secure Shell)—cat6000-sup2k9.7-3-1.bin

•7.3(1) flash image (Secure Shell and CiscoView)—cat6000-sup2cvk9.7-3-1.bin

Note The sup2cvk8, sup2k9, and sup2cvk9 designations are as follows: sup2cvk8 is a CiscoView image, sup2k9 is a Secure Shell image, and sup2cvk9 is a Secure Shell and CiscoView image.

Upgrading the EPLD Images

Note The supervisor engine EPLD upgrades are supported only on Supervisor Engine 2 and Supervisor Engine 720. The nonsupervisor engine module (switching modules and service modules) EPLD upgrades are supported using Supervisor Engine 1, Supervisor Engine 2, or Supervisor Engine 720.

The EPLD image for Supervisor Engine 2 and Supervisor Engine 720 is included in the Catalyst supervisor engine software image. The EPLD image for the nonsupervisor engine modules is provided in a separate downloadable image.

Upgrading the Supervisor Engine EPLD Image

The supervisor engine EPLD upgrade is performed automatically when you reset or power cycle the switch. You can use the set system supervisor-update command to modify the EPLD upgrade process. By default, the supervisor engine EPLD upgrade is disabled. In the automatic mode, the system checks the version level of the bundled EPLD image and performs the upgrade if the bundled EPLD image version is greater than the existing version. If you specify the force keyword, the system upgrades the existing EPLD image with the bundled EPLD image regardless of the version level. After a forced upgrade, the configuration reverts back to the automatic default setting. The disable keyword disables the automatic EPLD upgrade process.

To upgrade the supervisor engine EPLD image, perform this task in privileged mode:

Task

Command

Step 1

Upgrade the supervisor engine EPLD image.

set system supervisor-update {automatic | disable | force}

Step 2

Verify the supervisor engine EPLD image upgrade.

show system supervisor-update

This example shows how to specify the automatic keyword for the EPLD upgrades:
Console> (enable) set system supervisor-update automatic
Down-rev supervisor EPLD's will be re-programmed next reset. 
Console> (enable)
This example shows how to specify the force keyword for the EPLD upgrades:
Console> (enable) set system supervisor-update force
Supervisor EPLD's will synchronize to the image bundle during the next reset.
Console> (enable) 
This example shows how to disable the EPLD upgrades:
Console> (enable) set system supervisor-update disable
Supervisor EPLD update during reset is disabled.
Console> (enable) 
This example shows how to display the EPLD upgrade configuration:
Console> (enable) show system supervisor-update
Supervisor EPLD update: disabled
Console> (enable)
Upgrading the Nonsupervisor Engine Module EPLD Images

Caution Do not power off or reset the switch or module during the upgrade process. Powering off or resetting the switch or module could leave the module in an unusable state.

Note Before you begin the procedures in this chapter, make sure that you have downloaded the new EPLD upgrade image to the supervisor engine flash memory (bootflash: or slot0:).

You can upgrade the nonsupervisor engine module EPLD image by using the download command with the epld keyword. If you enter the download epld file command without specifying a module, the new EPLD image is downloaded to all compatible modules where the new EPLD image version is greater than the existing version on the module. If you use the download epld file mod command with the force keyword, the existing EPLD image on a module is upgraded with the new EPLD image regardless of the existing version level.

To upgrade the EPLD on the nonsupervisor engine modules (switching modules and service modules), perform this task in privileged mode:

Task

Command

Step 1

Upgrade the nonsupervisor engine EPLD image.

download epld file

download epld file mod [force]

Step 2

Verify the EPLD upgrade process configuration.

show version epld mod

This example shows how to upgrade the EPLD image on the module in slot 5:
Console> (enable) download epld aq_cr128_art.bin 5 force
CCCCCC
Device found requiring upgrade in slot 5.
########################################################
#                   W A R N I N G                      #
#                                                      #
# Any disruptions to the module during programming may #
# leave the module or system in an inconsistent state. #
# Please ensure that the system or module does not get #
# switched off or reset during the programming process.#
# Programming may take a minute or two, depending on   #
# the number of devices updated.  Please wait for the  #
# module to come back online before continuing.        #
#                                                      #
#                   W A R N I N G                      #
########################################################
This command may reset module 5.
Updating fabric modules may significantly affect system performance while the update is 
occurring.
Do you wish to update the devices in slot 5 (y/n) [n]? y
Updating programmable devices in slot 5. This may take a minute...
Programming successful, updating EPLD revisions.
2002 Aug 09 06:32:22 %SYS-4-NVLOG:EpldUpdate:Module 5 EPLD A updated from rev 1 to rev 1
Waiting for module to come online.
..........2002 Aug 09 06:32:33 %SYS-5-MOD_OK:Module 5 is online
.
################################################################################
                E P L D   P R O G R A M M I N G   C O M P L E T E
    Found 1 devices requiring upgrades, 1 attempted, 1 updated, 0 failed
################################################################################
Console> (enable) 2002 Aug 09 06:32:34 %SYS-4-NVLOG:EpldUpdate:Module 5 EPLD A s
prom updated to rev 1
Console> (enable)
Comparing File Transfer Protocols

Table 27-1 compares the supported file transfer protocols.

Table 27-1 Comparison of File Transfer Protocols

Requirement

TFTP

RCP

FTP

SCP

SFTP

Username needed

No

Yes

Yes

Yes

Yes

Password needed

No

No

Yes

Yes¹

Yes

Can run as a client

Yes

Yes

Yes

Yes

Yes

Can run as a server

Yes

No

No

No

No

Secure authentication

N/A

No

No

Yes

Yes

Secure file transfer

No

No

No

Yes

Yes

Available in the standard flash images

Yes

Yes

Yes

No

No

Available in crypto images

Yes

Yes

Yes

Yes

Yes

¹SCP authentication through ".shosts" can be used to avoid login but most SSH publications recommend not using it due to security concerns.

Downloading the Software Images Using FTP or TFTP

These sections describe how to download the system software images to the switch supervisor engine and to the intelligent modules:

•Understanding How FTP and TFTP Software Image Downloads Work

•Specifying the FTP Username and Password

•Preparing to Download an Image Using FTP or TFTP

•Downloading the Supervisor Engine Images Using FTP or TFTP

•Downloading the Switching Module Images Using FTP or TFTP

•FTP and TFTP Download Procedures Example

Understanding How FTP and TFTP Software Image Downloads Work

You can download the system software images to the switch using the File Transfer Protocol (FTP) or Trivial File Transfer Protocol (TFTP). TFTP allows you to download the system image files over the network from a TFTP server. FTP allows you to download the system image files over the network from a FTP server.

Some modules, such as the ATM modules, have their own onboard flash memory. When you download a software image file, the switch checks the header of the image file to determine the type of software image.

Depending on the type of software image that you are downloading, one of the following occurs:

•Supervisor engine software image—The image file is downloaded to the supervisor engine flash memory. You can store multiple image files on the flash memory system devices (such as boot flash and Flash PC cards).

•Intelligent module software images—If you specified a module number, the image file is downloaded to the specified module only (if the image file is designed for the specified module type). If you do not specify a module number, the image file is downloaded to every module of the appropriate type. The file is relayed packet by packet to the appropriate modules using the Inter-Process Communications protocol that is internal to the system, with communication taking place across the switching bus. Downloading a software image to multiple modules significantly speeds up the process of updating the software on multiple modules of the same type.

Note For more information on working with the system software image files on the flash file system, see Chapter 26, "Working With the Flash File System."

Specifying the FTP Username and Password

FTP allows you to specify a username and password to be used for the FTP connection.

To specify the username and password, perform these steps:

Step 1 Enter the set ftp username new_ftp_username command.

Step 2 Enter the set ftp password command.

This example shows how to set the FTP username:
Console> (enable) set ftp username doc_people
ftp username set to doc_people
This example shows how to set the FTP password:
Console> (enable) set ftp password 
Enter password for User 'doc_people':
Retype password for User 'doc_people':
ftp password set.
This example shows how to clear the FTP username:
Console> (enable) clear ftp username
This example shows how to clear the FTP password:
Console> (enable) clear ftp password
You can also connect to an FTP server using passive mode. In passive mode, the client initiates the connection to the server. To use passive mode, enter the set ftp passive command.

Preparing to Download an Image Using FTP or TFTP

Before you begin downloading a software image using FTP or TFTP, do the following:

•Verify that the workstation acting as the TFTP server is configured properly. When using TFTP on a Sun workstation, verify that the /etc/inetd.conf file contains this line:
tftp dgram udp wait root /usr/etc/in.tftpd in.tftpd -p -s /tftpboot
Verify that the /etc/services file contains this line:
tftp 69/udp
When using FTP on a Sun workstation, verify that the /etc/inetd.conf file contains this line:
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd 
Verify that the /etc/services file contains this line:
ftp 21/udp
Note You must restart the inetd daemon after modifying the /etc/inetd.conf and /etc/services files. To restart the daemon, either stop the inetd process and restart it, or enter a fastboot command (on the SunOS 4.x) or a reboot command (on Solaris 2.x or SunOS 5.x). Refer to the documentation for your workstation for more information on using the FTP or TFTP daemon.

•Verify that the switch has a route to the FTP or TFTP server. The switch and the FTP or TFTP server must be in the same subnetwork if you do not have a router to route the traffic between the subnets. Check connectivity to the FTP or TFTP server by entering the ping command.

•Verify that the software image to be downloaded is in the correct directory on the FTP or TFTP server.

•Verify that the permissions on the file are set correctly. The permissions on the file should be set to world-read.

•Note that a power interruption (or other problem) during the download procedure can corrupt the flash code. If the flash code is corrupted, you can connect to the switch through the console port and boot from an uncorrupted system image on a Flash PC card.

Downloading the Supervisor Engine Images Using FTP or TFTP

Note If you have a redundant supervisor engine, you cannot download a system image directly from an FTP or TFTP server to the flash memory on the standby supervisor engine. When you download the image to the active supervisor engine, the standby supervisor engine synchronizes automatically with the new image. In addition, you cannot copy an image from the standby supervisor engine to the active supervisor engine.

To download a supervisor engine software image to the switch from an FTP or TFTP server, perform these steps:

Step 1 Copy the software image file to the appropriate FTP or TFTP directory on the workstation.

Step 2 Log into the switch through the console port or through a Telnet session. If you log in using Telnet, your Telnet session disconnects when you reset the switch to run the new software.

Step 3 Enter the copy ftp flash or copy tftp flash command. When prompted, enter the IP address or host name of the TFTP server and the name of the file to download. On those platforms that support the flash file system, you are also prompted for the flash device to which to copy the file and the destination filename.

The switch downloads the image file from the FTP or TFTP server to the specified flash device.

Note The switch remains operational while the image downloads.

Step 4 Modify the BOOT environment variable using the set boot system flash device:filename prepend command, so that the new image boots when you reset the switch. Specify the flash device (device:) and the filename of the downloaded image (filename).

Step 5 Reset the switch by entering the reset system command. If you are connected to the switch through Telnet, your Telnet session disconnects.

During startup, the flash memory on the supervisor engine is reprogrammed with the new flash code.

Step 6 When the switch reboots, enter the show version command to check the version of the code on the switch.

Note For examples that show the complete FTP or TFTP download procedures for the various supervisor engine and switch types, see the "FTP and TFTP Download Procedures Example" section.

Downloading the Switching Module Images Using FTP or TFTP

To download a software image to an intelligent module, perform these steps:

Step 1 Copy the software image file to the appropriate FTP or TFTP directory on the workstation.

Step 2 Log into the switch through the console port or a Telnet session. If you log in using Telnet, your Telnet session might disconnect when you reset the modules to run the new software.

Step 3 If there is only one module of the type that is appropriate for the image, or if there are multiple modules of the same type and you want to update the image on all of them, enter the copy ftp flash or copy tftp flash command. When prompted, enter the IP address or the host name of the TFTP server, the name of the file to download, the flash device to which to copy the file, and the destination filename.

Step 4 If there are multiple modules of the type that is appropriate for the image but you only want to update a single module, enter the copy ftp m/bootflash: or copy tftp m/bootflash: command, where m is the number of the module to which to download the software image.

Note If you do not specify a module number, the switch examines the header of the image file to determine to which modules the software is downloaded. The image is then downloaded to all the modules of that type.

The switch downloads the image file, erases the flash memory on the appropriate modules, and reprograms the flash memory with the downloaded flash code.

Note All modules in the switch remain operational while the image downloads.

Step 5 Reset the appropriate modules by entering the reset mod command. If you are connected through Telnet, your Telnet session disconnects if you reset the module through which your connection was made.

Step 6 When the upgraded modules come online, enter the show version [mod] command to check the version of the code on the switch.

Note For examples that show the complete procedures on FTP and TFTP downloads to the intelligent modules, see the "Single Module Image Download Example" section and the "Multiple Module Image Download Example" section.

FTP and TFTP Download Procedures Example

These sections show example TFP and TFTP download procedures:

•Supervisor Engine Image Download Example

•Single Module Image Download Example

•Multiple Module Image Download Example

Supervisor Engine Image Download Example

Note For a procedure on downloading a supervisor engine software image from an FTP or TFTP server, see the "Downloading the Supervisor Engine Images Using FTP or TFTP" section.

This example shows a complete TFTP download procedure of a supervisor engine software image to a Catalyst 6500 series switch:
Console> (enable) copy tftp flash
IP address or name of remote host []? 172.20.52.3
Name of file to copy from []? cat6000-sup.5-2-1-CSX.bin
Flash device [bootflash]?
Name of file to copy to [cat6000-sup.5-2-1-CSX.bin]?
4369664 bytes available on device bootflash, proceed (y/n) [n]? y
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCC
File has been copied successfully.
Console> (enable) set boot system flash bootflash:cat6000-sup.5-2-1-CSX.bin
BOOT variable = bootflash:cat6000-sup.5-2-1-CSX.bin,1;
Console> (enable) reset system
This command will reset the system.
Do you want to continue (y/n) [n]? y
Console> (enable) 07/21/1998,13:51:39:SYS-5:System reset from Console//
System Bootstrap, Version 4.2
Copyright (c) 1994-1998 by cisco Systems, Inc.
c6k_sup1 processor with 32768 Kbytes of main memory
Autoboot executing command: "boot bootflash:cat6000-sup.5-2-1-CSX.bin"
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCC
Uncompressing file:  ###########################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
#############
System Power On Diagnostics
DRAM Size ....................32 MB
Testing DRAM..................Passed
Verifying Text segment .......Passed
NVRAM Size ...................512 KB
Saving NVRAM .................
Testing NVRAM ................Passed
Restoring NVRAM...............
Level2 Cache ..................Present
Level2 Cache test..............Passed
Leaving power_on_diags
Cafe Daughter Present.
EOBC link up
Boot image: bootflash:cat6000-sup.5-2-1-CSX.bin
Flash Size = 0X1000000, num_flash_sectors = 64
readCafe2Version: 0x00000001
RIn Local Test Mode, Pinnacle Synch Retries: 2
Running System Diagnostics from this Supervisor (Module 1)
This may take up to 2 minutes....please wait
Cisco Systems Console
Enter password:
07/21/1998,13:52:51:SYS-5:Module 1 is online
07/21/1998,13:53:11:SYS-5:Module 4 is online
07/21/1998,13:53:11:SYS-5:Module 5 is online
07/21/1998,13:53:14:PAGP-5:Port 1/1 joined bridge port 1/1.
07/21/1998,13:53:14:PAGP-5:Port 1/2 joined bridge port 1/2.
07/21/1998,13:53:40:SYS-5:Module 2 is online
07/21/1998,13:53:45:SYS-5:Module 3 is online
Console>
This example shows a complete FTP download procedure of a supervisor engine software image to a Catalyst 6500 series switch:
Console> (enable) copy ftp flash
IP address or name of remote host []? 172.20.52.3
Name of file to copy from []? cat6000-sup2k8.7-7-1.bin 
Flash device [bootflash]?
Name of file to copy to [cat6000-sup2k8.7-7-1.bin ]?
4369664 bytes available on device bootflash, proceed (y/n) [n]? y
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCC
File has been copied successfully.
Console> (enable) set boot system flash bootflash: cat6000-sup2k8.7-7-1.bin 
BOOT variable = bootflash:cat6000-sup2k8.7-7-1.bin,1;
Console> (enable) reset system
This command will reset the system.
Do you want to continue (y/n) [n]? y
Console> (enable) 04/29/2003,13:51:39:SYS-5:System reset from Console//
System Bootstrap, Version 4.2
Copyright (c) 1994-1998 by cisco Systems, Inc.
c6k_sup1 processor with 32768 Kbytes of main memory
Autoboot executing command: "boot bootflash:cat6000-sup2k8.7-7-1.bin,1"
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCC
Uncompressing file:  ###########################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
#############
System Power On Diagnostics
DRAM Size ....................32 MB
Testing DRAM..................Passed
Verifying Text segment .......Passed
NVRAM Size ...................512 KB
Saving NVRAM .................
Testing NVRAM ................Passed
Restoring NVRAM...............
Level2 Cache ..................Present
Level2 Cache test..............Passed
Leaving power_on_diags
Cafe Daughter Present.
EOBC link up
Boot image: bootflash:cat6000-sup2k8.7-7-1.bin,1
Flash Size = 0X1000000, num_flash_sectors = 64
readCafe2Version: 0x00000001
RIn Local Test Mode, Pinnacle Synch Retries: 2
Running System Diagnostics from this Supervisor (Module 1)
This may take up to 2 minutes....please wait
Cisco Systems Console
Enter password:
07/21/1998,13:52:51:SYS-5:Module 1 is online
07/21/1998,13:53:11:SYS-5:Module 4 is online
07/21/1998,13:53:11:SYS-5:Module 5 is online
07/21/1998,13:53:14:PAGP-5:Port 1/1 joined bridge port 1/1.
07/21/1998,13:53:14:PAGP-5:Port 1/2 joined bridge port 1/2.
07/21/1998,13:53:40:SYS-5:Module 2 is online
07/21/1998,13:53:45:SYS-5:Module 3 is online
Console>
Single Module Image Download Example

Note For a procedure on downloading the software images to the intelligent modules, see the "Downloading the Switching Module Images Using FTP or TFTP" section.

This example shows a complete TFTP download procedure of an ATM software image to a single ATM module:
Console> (enable) show version 4
Mod Port Model      Serial #  Versions
--- ---- ---------- --------- ----------------------------------------
4   1    WS-X6101   003414855 Hw : 1.2
                              Fw : 1.3
                              Sw : 3.2(6)
Console> (enable) copy tftp 4/flash
IP address or name of remote host []? 172.20.52.3
Name of file to copy from []? cat6000-atm.3-2-7.bin
Download image tftp:cat6000-atm.3-2-7.bin to Module 4 FLASH (y/n) [n]? y
This command will reset Download Module(s) you selected.
Do you wish to continue download flash (y/n) [n]? y
-
Download done for module 4, please wait for it to come online
File has been copied successfully.
Console> (enable) 07/21/1998,13:13:54:SYS-5:Module 4 is online
Console> (enable) show version 4
Mod Port Model      Serial #  Versions
--- ---- ---------- --------- ----------------------------------------
4   1    WS-X6101   003414855 Hw : 1.2
                              Fw : 1.3
                              Sw : 3.2(7)
Console> (enable)
This example shows a complete FTP download procedure of an ATM software image to a single ATM module:
Console> (enable) show version 4
Mod Port Model      Serial #  Versions
--- ---- ---------- --------- ----------------------------------------
4   1    WS-X6101   003414855 Hw : 1.2
                              Fw : 1.3
                              Sw : 3.2(6)
Console> (enable) copy ftp 4/flash
IP address or name of remote host []? 172.20.52.3
Name of file to copy from []? c6atm-lc-mz.121-14.E1.bin
Download image tftp:c6atm-lc-mz.121-14.E1.bin to Module 4 FLASH (y/n) [n]? y
This command will reset Download Module(s) you selected.
Do you wish to continue download flash (y/n) [n]? y
-
Download done for module 4, please wait for it to come online
File has been copied successfully.
Console> (enable) 04/29/2003,13:13:54:SYS-5:Module 4 is online
Console> (enable) show version 4
Mod Port Model      Serial #  Versions
--- ---- ---------- --------- ----------------------------------------
4   1    WS-X6101   003414855 Hw : 1.2
                              Fw : 1.3
                              Sw : 3.2(7)
Console> (enable)
Multiple Module Image Download Example

Note For a procedure on downloading the software images to the intelligent modules, see the "Downloading the Switching Module Images Using FTP or TFTP" section.

This example shows a complete TFTP download procedure of an ATM software image to multiple ATM modules:
Console> (enable) show version 4
Mod Port Model      Serial #  Versions
--- ---- ---------- --------- ----------------------------------------
4   1    WS-X6101   003414855 Hw : 1.2
                              Fw : 1.3
                              Sw : 3.2(6)
Console> (enable) show version 5
Mod Port Model      Serial #  Versions
--- ---- ---------- --------- ----------------------------------------
5   1    WS-X6101   003414463 Hw : 1.2
                              Fw : 1.3
                              Sw : 3.2(6)
Console> (enable) copy tftp flash
IP address or name of remote host []? 172.20.52.3
Name of file to copy from []? cat6000-atm.3-2-7.bin
Download image tftp:cat6000-atm.3-2-7.bin to Module 4 FLASH (y/n) [n]? y
Download image tftp:cat6000-atm.3-2-7.bin to Module 5 FLASH (y/n) [n]? y
This command will reset Download Module(s) you selected.
Do you wish to continue download flash (y/n) [n]? y
-
Download done for module 4, please wait for it to come online
Download done for module 5, please wait for it to come online
File has been copied successfully.
Console> (enable) 07/21/1998,12:25:10:SYS-5:Module 4 is online
07/21/1998,12:25:10:SYS-5:Module 5 is online
Console> (enable) show version 4
Mod Port Model      Serial #  Versions
--- ---- ---------- --------- ----------------------------------------
4   1    WS-X6101   003414855 Hw : 1.2
                              Fw : 1.3
                              Sw : 3.2(7)
Console> (enable) show version 5
Mod Port Model      Serial #  Versions
--- ---- ---------- --------- ----------------------------------------
5   1    WS-X6101   003414463 Hw : 1.2
                              Fw : 1.3
                              Sw : 3.2(7)
Console> (enable)
Uploading the System Software Images to an FTP or TFTP Server

These sections describe how to upload the system software images from a switch to an FTP or TFTP server:

•Preparing to Upload an Image to an FTP or TFTP Server

•Uploading the Software Images to an FTP or TFTP Server

Note For more information on working with the system software image files on the flash file system, see Chapter 26, "Working With the Flash File System."

Preparing to Upload an Image to an FTP or TFTP Server

Before you attempt to upload a software image to an FTP or TFTP server, do the following:

•Verify that the workstation acting as the FTP or TFTP server is configured properly. When using FTP on a Sun workstation, make sure that the /etc/inetd.conf file contains this line:
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd
Verify that the /etc/services file contains this line:
ftp 21/udp
When using TFTP on a Sun workstation, verify that the /etc/inetd.conf file contains this line:
tftp dgram udp wait root /usr/etc/in.tftpd in.tftpd -p -s /tftpboot
Verify that the /etc/services file contains this line:
tftp 69/udp
Note You must restart the inetd daemon after modifying the /etc/inetd.conf and /etc/services files. To restart the daemon, either stop the inetd process and restart it, or enter a fastboot command (on the SunOS 4.x) or a reboot command (on Solaris 2.x or SunOS 5.x). Refer to the documentation for your workstation for more information on using the TFTP daemon.

•Verify that the switch has a route to the FTP or TFTP server. The switch and the FTP or TFTP server must be in the same subnetwork if you do not have a router to route the traffic between the subnets. Check the connectivity to the FTP or TFTP server by entering the ping command.

•Note that you might need to create an empty file on the FTP or TFTP server before uploading the image. To create an empty file, enter the touch filename command, where filename is the name of the file that you will use when uploading the image to the server.

•If you are overwriting an existing file (including an empty file, if you had to create one), verify that the permissions on the file are set correctly. The permissions on the file should be world-write.

Uploading the Software Images to an FTP or TFTP Server

To upload a software image on a switch to an FTP or TFTP server for storage, perform these steps:

Step 1 Log into the switch through the console port or a Telnet session.

Step 2 Upload the software image to the FTP or TFTP server with the copy flash ftp or copy flash tftp command. When prompted, specify the FTP or TFTP server address and destination filename. On those platforms that support the flash file systems, you are first prompted for the flash device and the source filename. If desired, you can enter the copy file-id ftp or copy file-id tftp command on these platforms.

The software image is uploaded to the FTP or TFTP server.

This example shows how to upload the supervisor engine software image using TFTP:
Console> (enable) copy flash tftp
Flash device [bootflash]? slot0:
Name of file to copy from []? cat6000-sup.5-4-1.bin
IP address or name of remote host [172.20.52.3]? 172.20.52.10
Name of file to copy to [cat6000-sup.5-4-1.bin]? 
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC|
File has been copied successfully.
Console> (enable) 
Downloading the System Software Images Using rcp

These sections describe how to download the system software images to the switch supervisor engine and to the intelligent modules:

•Preparing to Download an Image Using rcp

•Downloading the Supervisor Engine Images Using rcp

•Downloading the Switching Module Images Using rcp

•Example rcp Download Procedures

Preparing to Download an Image Using rcp

Before you begin downloading a software image using rcp, do the following:

•Verify that the workstation acting as the rcp server supports the remote shell (rsh).

•Verify that the switch has a route to the rcp server. The switch and the rcp server must be in the same subnetwork if you do not have a router to route the traffic between the subnets. Check the connectivity to the rcp server by entering the ping command.

•If you are accessing the switch through the console or a Telnet session without a valid username, make sure that the current rcp username is the one that you want to use for the rcp download. You can enter the show users command to view the current valid username. If you do not want to use the current username, create a new rcp username by entering the set rcp username command. The new username will be stored in NVRAM. If you are accessing the switch through a Telnet session with a valid username, this username will be used and there is no need to set the rcp username.

•A power interruption (or other problem) during the download procedure can corrupt the flash code. If the flash code is corrupted, you can connect to the switch through the console port and boot from an uncorrupted system image on a Flash PC card.

Downloading the Supervisor Engine Images Using rcp

To download a supervisor engine software image to the switch from an rcp server, perform these steps:

Step 1 Copy the software image file to the appropriate rcp directory on the workstation.

Step 2 Log into the switch through the console port or through a Telnet session. If you log in using Telnet, your Telnet session disconnects when you reset the switch to run the new software.

Step 3 Download the software image from the rcp server by entering the copy rcp flash command. When prompted, enter the IP address or host name of the rcp server and the name of the file to download. On those platforms that support the flash file system, you are also prompted for the flash device to which to copy the file and the destination filename.

The switch downloads the image file from the rcp server.

Note The switch remains operational while the image downloads.

Step 4 Modify the BOOT environment variable by entering the set boot system flash device:filename prepend command, so that the new image boots when you reset the switch. Specify the flash device (device:) and the filename of the downloaded image (filename).

Step 5 Reset the switch by entering the reset system command. If you are connected to the switch through Telnet, your Telnet session disconnects.

During startup, the flash memory on the supervisor engine is reprogrammed with the new flash code.

Step 6 When the switch reboots, enter the show version command to check the version of the code on the switch.

Downloading the Switching Module Images Using rcp

To download a software image to an intelligent module on a Catalyst 6500 series switch, perform these steps:

Step 1 Copy the software image file to the appropriate rcp directory on the workstation.

Step 2 Log into the switch through the console port or a Telnet session. If you log in using Telnet, your Telnet session might disconnect when you reset the modules to run the new software.

Step 3 Enter the command that is appropriate for your switch and supervisor engine to download the software image from the rcp server:

•If there is only one module of the type that is appropriate for the image, or if there are multiple modules of the same type and you want to update the image on all of them, enter the copy rcp flash command. When prompted, enter the IP address or host name of the rcp server, the name of the file to download, the flash device to which to copy the file, and the destination filename.

•If there are multiple modules of the type that is appropriate for the image but you only want to update a single module, enter the copy rcp | m/bootflash: command, where m is the number of the module to which to download the software image. If you do not specify the module, all the modules of the same type will be updated.

Note If you do not specify a module number, the switch examines the header of the image file to determine to which modules the software is downloaded. The image is then downloaded to all the modules of that type.

The switch downloads the image file, erases the flash memory on the appropriate modules, and reprograms the flash memory with the downloaded flash code.

Note All the modules in the switch remain operational while the image downloads.

Step 4 Reset the appropriate modules using the reset mod command. If you are connected through Telnet, your Telnet session disconnects if you reset the module through which your connection was made.

Step 5 When the upgraded modules come online, enter the show version [mod] command to check the version of the code on the switch.

Example rcp Download Procedures

These sections show example rcp download procedures:

•Supervisor Engine Image rcp Download Example

•Single Module Image rcp Download Example

•Multiple Module Image rcp Download Example

Supervisor Engine Image rcp Download Example

Note For a procedure on downloading a supervisor engine software image from an rcp server, see the "Downloading the Supervisor Engine Images Using rcp" section.

This example shows a complete rcp download procedure of a supervisor engine software image to a Catalyst 6500 series switch:
Console> (enable) copy rcp flash
IP address or name of remote host []? 172.20.52.3
Name of file to copy from []? cat6000-sup.5-2-1-csx.bin
Flash device [bootflash]?
Name of file to copy to [cat6000-sup.5-2-1-csx.bin]?
4369664 bytes available on device bootflash, proceed (y/n) [n]? y
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCC
File has been copied successfully.
Console> (enable) set boot system flash bootflash:cat6000-sup.5-2-1-csx.bin prepend
BOOT variable = bootflash:cat6000-sup.5-2-1-csx.bin,1;bootflash:cat6000-sup.5-2-
1-csx.bin,1;
Console> (enable) reset system
This command will reset the system.
Do you want to continue (y/n) [n]? y
Console> (enable) 09/2/1999,13:51:39:SYS-5:System reset from Console//
System Bootstrap, Version 4.2
Copyright (c) 1994-1999 by cisco Systems, Inc.
Presto processor with 32768 Kbytes of main memory
Autoboot executing command: "boot bootflash:cat6000-sup.5-2-1-csx.bin"
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCC
Uncompressing file:  ###########################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
#############
System Power On Diagnostics
DRAM Size ....................32 MB
Testing DRAM..................Passed
Verifying Text segment .......Passed
NVRAM Size ...................512 KB
Saving NVRAM .................
Testing NVRAM ................Passed
Restoring NVRAM...............
Level2 Cache ..................Present
Level2 Cache test..............Passed
Leaving power_on_diags
Cafe Daughter Present.
EOBC link up
Boot image: bootflash:cat6000-sup.5-2-1-CSX.bin
Flash Size = 0X1000000, num_flash_sectors = 64
readCafe2Version: 0x00000001
RIn Local Test Mode, Pinnacle Synch Retries: 2
Running System Diagnostics from this Supervisor (Module 1)
This may take up to 2 minutes....please wait
Cisco Systems Console
Enter password:
09/2/1999,13:52:51:SYS-5:Module 1 is online
09/2/1999,13:53:11:SYS-5:Module 4 is online
09/2/1999,13:53:11:SYS-5:Module 5 is online
09/2/1999,13:53:14:PAGP-5:Port 1/1 joined bridge port 1/1.
09/2/1999,13:53:14:PAGP-5:Port 1/2 joined bridge port 1/2.
09/2/1999,13:53:40:SYS-5:Module 2 is online
09/2/1999,13:53:45:SYS-5:Module 3 is online
Console> (enable)
Single Module Image rcp Download Example

Note For a procedure on downloading the software images to the intelligent modules, see the "Downloading the Switching Module Images Using rcp" section.

This example shows a complete rcp download procedure of an ATM software image to a single ATM module:
Console> (enable) show version 4
Mod Port Model      Serial #  Versions
--- ---- ---------- --------- ----------------------------------------
4   1    WS-X6101   003414855 Hw : 1.2
                              Fw : 1.3
                              Sw : 3.2(6)
Console> (enable) copy rcp 4/flash
IP address or name of remote host []? 172.20.52.3
Name of file to copy from []? cat6000-atm.3-2-7.bin
Download image rcp:cat6000-atm.3-2-7.bin to Module 4 FLASH (y/n) [n]? y
This command will reset Download Module(s) you selected.
Do you wish to continue download flash (y/n) [n]? y
Download done for module 4, please wait for it to come online
File has been copied successfully.
Console> (enable) 09/2/1999,13:13:54:SYS-5:Module 4 is online
Console> (enable) show version 4
Mod Port Model      Serial #  Versions
--- ---- ---------- --------- ----------------------------------------
4   1    WS-X6101   003414855 Hw : 1.2
                              Fw : 1.3
                              Sw : 3.2(7)
Console> (enable)
Multiple Module Image rcp Download Example

Note For a procedure on downloading the software images to the intelligent modules, see the "Downloading the Switching Module Images Using rcp" section.

This example shows a complete rcp download procedure of an ATM software image to multiple ATM modules:
Console> (enable) show version 4
Mod Port Model      Serial #  Versions
--- ---- ---------- --------- ----------------------------------------
4   1    WS-X6101   003414855 Hw : 1.2
                              Fw : 1.3
                              Sw : 3.2(6)
Console> (enable) show version 5
Mod Port Model      Serial #  Versions
--- ---- ---------- --------- ----------------------------------------
5   1    WS-X6101   003414463 Hw : 1.2
                              Fw : 1.3
                              Sw : 3.2(6)
Console> (enable) copy rcp flash
IP address or name of remote host []? 172.20.52.3
Name of file to copy from []? cat6000-atm.3-2-7.bin
Download image rcp:cat6000-atm.3-2-7.bin to Module 4 FLASH (y/n) [n]? y
Download image rcp:cat6000-atm.3-2-7.bin to Module 5 FLASH (y/n) [n]? y
This command will reset Download Module(s) you selected.
Do you wish to continue download flash (y/n) [n]? y
-
Download done for module 4, please wait for it to come online
Download done for module 5, please wait for it to come online
File has been copied successfully.
Console> (enable) 09/2/1999,12:25:10:SYS-5:Module 4 is online
09/2/1999,12:25:10:SYS-5:Module 5 is online
Console> (enable) show version 4
Mod Port Model      Serial #  Versions
--- ---- ---------- --------- ----------------------------------------
4   1    WS-X6101   003414855 Hw : 1.2
                              Fw : 1.3
                              Sw : 3.2(7)
Console> (enable) show version 5
Mod Port Model      Serial #  Versions
--- ---- ---------- --------- ----------------------------------------
5   1    WS-X6101   003414463 Hw : 1.2
                              Fw : 1.3
                              Sw : 3.2(7)
Console> (enable)
Uploading the System Software Images to an rcp Server

These sections describe how to upload the system software images from a switch to an rcp server:

•Preparing to Upload an Image to an rcp Server

•Uploading the Software Images to an rcp Server

Note For more information on working with the system software image files on the flash file system, see Chapter 26, "Working With the Flash File System."

Preparing to Upload an Image to an rcp Server

Before you attempt to upload a software image to an rcp server, do the following:

•Verify that the workstation acting as the rcp server is configured properly.

•Verify that the switch has a route to the rcp server. The switch and the rcp server must be in the same subnetwork if you do not have a router to route the traffic between the subnets. Check the connectivity to the rcp server by entering the ping command.

•If you are overwriting an existing file (including an empty file, if you had to create one), verify that the permissions on the file are set correctly. The permissions on the file should be set to write for the specific username.

Uploading the Software Images to an rcp Server

To upload a software image on a switch to an rcp server for storage, perform these steps:

Step 1 Log into the switch through the console port or a Telnet session.

Step 2 Upload the software image to the rcp server using the copy flash rcp command. When prompted, specify the rcp server address and destination filename. On those platforms that support the flash file systems, you are first prompted for the flash device and source filename. If desired, you can use the copy file-id rcp command on these platforms.

The software image is uploaded to the rcp server.

This example shows how to upload the supervisor engine software image to an rcp server:
Console> (enable) copy flash rcp
Flash device [bootflash]? slot0:
Name of file to copy from []? cat6000-sup.5-3-1.bin
IP address or name of remote host [172.20.52.3]? 172.20.52.10
Name of file to copy to [cat6000-sup.5-3-1.bin]? 
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC|
File has been copied successfully.
Console> (enable) 
Downloading the Crypto Images Using SCP

The Secure Copy (SCP) provides a secure and authenticated method for copying the crypto image files. SCP relies on Secure Shell (SSH) and requires that AAA authorization be configured so that the system can determine whether the user has the correct privilege level.

SCP allows a user who has appropriate authorization to copy a crypto file to and from the system by using the copy command. An authorized network administrator may also perform this action from a workstation.

Because SCP relies on SSH for its secure transport, the system must have an RSA key pair. You must configure and enable SSH and configure authentication and authorization correctly before you can enable SCP. For information on configuring AAA, see Chapter 39, "Configuring the Switch Access Using AAA."

These sections describe how to download the system software crypto images to the switch supervisor engine:

•Preparing to Download an Image Using SCP

•Downloading the Crypto Images Using SCP

•Example SCP Download Procedure

Preparing to Download an Image Using SCP

Before you begin downloading a software image using SCP, do the following:

•Verify that the workstation acting as the SCP server supports the secure shell (SSH).

•Verify that the server supports a command shell that has an SSH v1 or SSH v2-compatible scp command available.

Note With software release 8.6(1) and later releases, SCP supports SSH v2.

•Verify that the switch has a route to the SCP server. The switch and the SCP server must be in the same subnetwork if you do not have a router to route the traffic between the subnets. Check the connectivity to the SCP server using the ping command.

•A power interruption (or other problem) during the download procedure can corrupt the flash code. If the flash code is corrupted, you can connect to the switch through the console port and boot from an uncorrupted system image on a Flash PC card.

Downloading the Crypto Images Using SCP

To download a supervisor engine software image to the switch from an SCP server, perform these steps:

Step 1 Copy the software image file to the appropriate SCP directory on the workstation.

Step 2 Log into the switch through the console port or through an SSH session. If you log in using Telnet, your Telnet session disconnects when you reset the switch to run the new software.

Step 3 Download the software image from the SCP server by entering the copy scp flash command. When prompted, enter the IP address or host name of the SCP server and the name of the file to download. On those platforms that support the flash file system, you are also prompted for the flash device to which to copy the file and the destination filename.

The switch downloads the image file from the SCP server.

Note The switch remains operational while the image downloads.

Step 4 Modify the BOOT environment variable by entering the set boot system flash device:filename prepend command, so that the new image boots when you reset the switch. Specify the flash device (device:) and the filename of the downloaded image (filename).

Step 5 Reset the switch by entering the reset system command. If you are connected to the switch through Telnet, your Telnet session disconnects.

During startup, the flash memory on the supervisor engine is reprogrammed with the new flash code.

Step 6 When the switch reboots, enter the show version command to check the version of the code on the switch.

Example SCP Download Procedure

This example shows a complete SCP download procedure of a crypto image to a Catalyst 6500 series switch:
Console> (enable) copy scp flash
IP address or name of remote host []? 172.20.52.3
Name of file to copy from []? cat6000-sup720cvk9.8-3-1.bin
Username for scp[bob]? 
Password for User bob[]:
Flash device [bootflash]?
Name of file to copy to [cat6000-sup720cvk9.8-3-1.bin]?
4369664 bytes available on device bootflash, proceed (y/n) [n]? y
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCC
File has been copied successfully.
Console> (enable) set boot system flash bootflash:cat6000-sup720cvk9.8-3-1.bin prepend
BOOT variable = 
bootflash:cat6000-sup720cvk9.8-3-1.bin,1;bootflash:cat6000-sup720cvk9.8-3-1.bin
1-csx.bin,1;
Console> (enable) reset system
This command will reset the system.
Do you want to continue (y/n) [n]? y
Console> (enable) 11/25/2003,13:51:39:SYS-5:System reset from Console//
System Bootstrap, Version 4.2
Copyright (c) 1994-2003 by cisco Systems, Inc.
Presto processor with 32768 Kbytes of main memory
Autoboot executing command: "boot bootflash:cat6000-sup720cvk9.8-3-1.bin"
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCC
Uncompressing file:  ###########################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
#############
System Power On Diagnostics
DRAM Size ....................32 MB
Testing DRAM..................Passed
Verifying Text segment .......Passed
NVRAM Size ...................512 KB
Saving NVRAM .................
Testing NVRAM ................Passed
Restoring NVRAM...............
Level2 Cache ..................Present
Level2 Cache test..............Passed
Leaving power_on_diags
Cafe Daughter Present.
EOBC link up
Boot image: cat6000-sup720cvk9.8-3-1.bin
Flash Size = 0X1000000, num_flash_sectors = 64
readCafe2Version: 0x00000001
RIn Local Test Mode, Pinnacle Synch Retries: 2
Running System Diagnostics from this Supervisor (Module 1)
This may take up to 2 minutes....please wait
Cisco Systems Console
Enter password:
11/25/2003,13:52:51:SYS-5:Module 1 is online
11/25/2003,13:53:11:SYS-5:Module 4 is online
11/25/2003,13:53:11:SYS-5:Module 5 is online
11/25/2003,13:53:14:PAGP-5:Port 1/1 joined bridge port 1/1.
11/25/2003,13:53:14:PAGP-5:Port 1/2 joined bridge port 1/2.
11/25/2003,13:53:40:SYS-5:Module 2 is online
11/25/2003,13:53:45:SYS-5:Module 3 is online
Console> (enable)
Uploading the Crypto Images to an SCP Server

These sections describe how to upload the system software images from a switch to an SCP server:

•Preparing to Upload an Image to an SCP Server

•Uploading the Crypto Images to an SCP Server

Note For more information on working with the system software image files on the flash file system, see Chapter 26, "Working With the Flash File System."

Preparing to Upload an Image to an SCP Server

Before you attempt to upload a software image to an SCP server, do the following:

•Verify that the workstation acting as the SCP server is configured properly.

•Verify that the switch has a route to the SCP server. The switch and the SCP server must be in the same subnetwork if you do not have a router to route the traffic between the subnets. Check the connectivity to the rcp server by entering the ping command.

•If you are overwriting an existing file (including an empty file, if you had to create one), verify that the permissions on the file are set correctly. The permissions on the file should be set to write for the specific username.

Uploading the Crypto Images to an SCP Server

To upload a crypto image on a switch to an SCP server for storage, perform these steps:

Step 1 Log into the switch through the console port or an SSH session.

Step 2 Upload the software image to the rcp server by entering the copy flash scp command. When prompted, specify the SCP server address and destination filename. On those platforms that support the flash file systems, you are first prompted for the flash device and source filename. If desired, you can enter the copy file-id scp command on these platforms.

The image is uploaded to the SCP server.

This example shows how to upload the crypto image to an SCP server:
Console> (enable) copy bootflash scp
Flash device [bootflash]? slot0:
Name of file to copy from []? cat6000-sup720cvk9.8-3-1.bin
Username for scp[bob]? 
Password for User bob[]:
IP address or name of remote host [172.20.52.3]? 172.20.52.10
Name of file to copy to [cat6000-sup720cvk9.8-3-1.bin]? 
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC|
File has been copied successfully.
Console> (enable) . 
Downloading the Crypto Images Using SFTP

Note The Secure File Transfer Protocol (SFTP) is available only in crypto images.

FTP provides a file transfer capability, but with FTP, passwords and data files are transferred in plain text. SFTP provides a secure encrypted channel for passwords and data transmission across the network.

SFTP uses the SSH protocol for establishing a secure channel between the client and the server. SFTP is supported only with SSHv2. SFTP with SSHv1 is not supported.

SFTP client functionality is supported. SFTP server functionality is not supported.

To download a supervisor engine crypto software image to the switch from an SFTP server, perform these steps:

Step 1 Verify that the switch has a route to the SFTP server. The switch and the SFTP server must be in the same subnetwork if you do not have a router to route the traffic between the subnets. Check the connectivity to the SFTP server by entering the ping command.

Step 2 Copy the software image file to the appropriate SFTP directory on the workstation.

Step 3 Log into the switch through the console port or through a Telnet session. If you log in using Telnet, your Telnet session disconnects when you reset the switch to run the new software.

Step 4 Enter the copy sftp destination command. When prompted, enter the IP address or hostname of the SFTP server and the name of the file to download. You are also prompted for the flash device to which to copy the file and the destination filename. Enter your username and password. The switch downloads the image file from the SFTP server to the specified flash device.

Note The switch remains operational while the image downloads.

Step 5 Modify the BOOT environment variable by entering the set boot system flash device:filename prepend command, so that the new image boots when you reset the switch. Specify the flash device (device:) and the filename of the downloaded image (filename).

Step 6 Reset the switch by entering the reset system command. If you are connected to the switch through Telnet, your Telnet session disconnects.

During startup, the flash memory on the supervisor engine is reprogrammed with the new flash code.

Step 7 When the switch reboots, enter the show version command to check the version of the code on the switch.

Uploading the Crypto Images to an SFTP Server

To upload a supervisor engine crypto software image from the switch to an SFTP server, perform these steps:

Step 1 Log into the switch through the console port or a Telnet session.

Step 2 Upload the software image to the SFTP server with the copy source sftp command. When prompted, specify the SFTP server address and destination filename. You are first prompted for the flash device and the source filename. Enter your username and password. The switch uploads the image file from the flash device on the switch to the SFTP server.

Note In the examples below, you can stop the copy process by entering Control+C at any time.

This example shows how to download a software image from an SFTP server to the switch:
Console> (enable) copy sftp <switch name>
IP address or name of remote host [10.6.1.10]? 
Name of file to copy from [/tmp/bob/test2]? 
Username for sftp[]? <username>
Password for User bob[]: <password>
37562980 bytes available on device bootflash, proceed (y/n) [n]? y
File has been copied successfully.
Console> (enable) copy sftp bootflash:
IP address or name of remote host []? <IP address>
Username for sftp[bob]? 
Password for User bob[]:
Name of file to copy from []? <filename>
Can not open source file scp:/tmp/tin/test2 (SCP authentication error)
Copy from switch to SFTP Server
copy <source> sftp
Copying a file to an SFTP server is similar. You will be asked for the destination host and pathname and the copy process will occur without additional confirmation.
Console> (enable) copy bootflash:test2 sftp
IP address or name of remote host [10.6.1.10]? 
Name of file to copy to [/tmp/bob/test2]? 
Username for sftp[bob]? 
Password for User bob[]:
CCC/
File has been copied successfully.
Downloading the Software Images Over a Serial Connection on the Console Port

These sections describe how to perform a serial download of the software images over the supervisor engine console port using Kermit, which is a popular file-transfer and terminal-emulation software program:

•Preparing to Download an Image Using Kermit

•Downloading the Software Images Using Kermit (PC Procedure)

•Downloading the Software Images Using Kermit (UNIX Procedure)

•Example Serial Software Image Download Procedures

Preparing to Download an Image Using Kermit

Before you begin a serial download of a software image using Kermit, do the following:

•On a UNIX workstation, verify that your shell window is local (not an rlogin window to a different workstation).

•Verify that the supervisor engine console port is connected to a serial port on your PC or workstation with a serial cable.

•Verify that the Kermit software is installed on your PC or workstation.

•Verify that the line speed settings are the same on the PC or workstation and on the switch:

–On the switch, you can change the console port speed by entering the set system baud rate command. The default baud rate is 9600 baud.

–On the PC or workstation, you can change the baud rate of the serial port by entering the set speed rate command at the Kermit> prompt.

Caution To prevent communication problems, do not use a speed greater than 19,200 baud.

•Ensure that Kermit is using the proper serial port by doing the following:

–On a PC, specify the serial port by entering the set port comx command, where x is the PC serial port number (1 through 8) that you connected to the switch.

–On a UNIX workstation, specify the serial port by entering the set port /dev/ttyx command, where x is the serial port (a or b) that you connected to the switch.

Downloading the Software Images Using Kermit (PC Procedure)

Note This procedure applies to the PC serial downloads only. For information on performing a serial download on a UNIX workstation, see the "Downloading the Software Images Using Kermit (UNIX Procedure)" section.

To perform a serial download of a software image over the supervisor engine console port, perform these steps:

Step 1 Copy the software image file to the directory where Kermit is loaded.

Step 2 Start Kermit on the PC.

Note Before continuing, ensure that the line speed is correct and that you have selected the proper serial line, as described in the "Preparing to Download an Image Using Kermit" section.

Step 3 At the Kermit> prompt, enter the connect command to connect to the switch. If your line and speed are set correctly, the switch Console> prompt appears.

Step 4 Enter the enable command to enter privileged mode.

Step 5 Enter the download serial command. The file is downloaded to module 1 by default.

Step 6 When prompted, confirm the download.

Step 7 Enter the escape sequence Ctrl-]-c by holding down the Ctrl key while you press ], and then press c.

Step 8 At the Kermit> prompt, enter the send filename command to send the file to the switch.

The switch downloads the image file, erases the flash memory on the supervisor engine or the appropriate module, and reprograms the flash memory with the downloaded flash code.

Note The switch remains operational while the image downloads.

Step 9 When the Kermit> prompt reappears, enter the connect command to return to the switch Console> prompt. You will see the status information as the switch erases and reprograms the flash memory.

Note If you enter the connect command more than 2 minutes after the Kermit> prompt reappears, you might see only a Console> prompt instead of the status information about erasing and programming flash code.

Step 10 Reset the switch using the reset system command.

Step 11 When the switch reboots, enter the show version [mod] command to check the version of the code on the switch.

Note For an example that shows a complete serial download procedure using Kermit on a PC, see the "PC Serial Download Procedure Example" section.

Downloading the Software Images Using Kermit (UNIX Procedure)

Note This procedure applies to the UNIX serial downloads only. For information on performing a serial download on a PC, see the "Downloading the Software Images Using Kermit (PC Procedure)" section.

Use this procedure to perform a serial download of a software image over the supervisor engine console port.

To copy the software to the workstation, log in as root, and perform these steps:

Step 1 Copy the software image file to your home directory.

Step 2 At the UNIX command prompt, start Kermit by entering the kermit command (make sure that the directory where Kermit is installed is included in the $PATH environment variable on the workstation).

Note Before continuing, ensure that the line speed is correct and that you have selected the proper serial line, as described in the "Preparing to Download an Image Using Kermit" section.

Step 3 At the C-Kermit> prompt, enter the connect command to connect to the switch. If your line and speed are set correctly, the switch Console> prompt appears.

Step 4 Enter the enable command to enter privileged mode.

Step 5 Enter the download serial command. The file downloads to module 1 by default.

Step 6 When prompted, confirm the download.

Step 7 Enter the escape sequence Ctrl-\-c by holding down the Ctrl key while you press \, and then press c.

Step 8 At the Kermit> prompt, enter the send filename command to send the file to the switch.

You can monitor the progress of the download by pressing the a key at any time during the Kermit download. A dot appears onscreen for every four packets that are transferred. If there is a problem transferring the file, one or more of the following letter codes appear:

•T—Kermit timed out.

•N—Kermit is not acknowledging the switch download process.

•E—Kermit detected an error in the progress of the transaction.

The switch downloads the image file, erases the flash memory on the supervisor engine or the appropriate module, and reprograms the flash memory with the downloaded flash code.

Note The switch remains operational while the image downloads.

Step 9 Press Return to return to the C-Kermit> prompt. When the Kermit> prompt reappears, enter the connect command to return to the switch Console> prompt. You will see the status information as the switch erases and reprograms the flash memory.

Note If you enter the connect command more than 2 minutes after the Kermit> prompt reappears, you might see only a Console> prompt instead of the status information about erasing and programming flash code.

Step 10 Reset the switch by entering the reset system command.

Step 11 When the switch reboots, enter the show version [mod] command to check the version of the code on the switch.

Note For an example that shows a complete serial download procedure using Kermit on a UNIX workstation, see the "UNIX Workstation Serial Download Procedure Example" section.

Example Serial Software Image Download Procedures

These sections show the example serial download procedures over the supervisor engine console port using Kermit:

•PC Serial Download Procedure Example

•UNIX Workstation Serial Download Procedure Example

PC Serial Download Procedure Example

This screen output shows an example of a complete serial download procedure on a PC:
C:\ copy A:\*.*
copying c6509_xx.bin
C:\ kermit
Kermit, 4C(057) 06 Apr 98, 4.2 BSD
Type ? for help
Kermit> set port com1
Kermit> set speed 9600
Kermit> connect
Connecting to com1,speed 9600.
The escape character is ^] (ASCII 29).
Type the escape character followed by C to get back,
or followed by ? to see other options
Console> enable
Console> (enable) download serial
Download CBI image via console port (y/n) [n]? y
Waiting for DOWNLOAD!
Return to your local Machine by typing its escape sequence
Issue Kermit send command from there[ Send `Filename`]
<CONTROL-] c to return to Local Machine>
Kermit> send c6509_xx.bin
          File name: c6509_xx.bin
 KBytes transferred: xxxx
Percent transferred: 100%
            Sending: Complete
  Number of Packets: xxxx
  Number of retries: None
         Last error: None
       Last warning: None
Kermit> connect
Finished network download.  (1136844 bytes)
Flash erase in progress ... Erase done
Programming Flash:  Flash Programming Complete
Flash erase in progress ... Erase done
Programming Flash:  Flash Programming Complete
Flash erase in progress ... Erase done
Programming Flash:  Flash Programming Complete
Flash erase in progress ... Erase done
Programming Flash:  Flash Programming Complete
Flash erase in progress ... Erase done
Programming Flash:  Flash Programming Complete
Flash erase in progress ... Erase done
Programming Flash:  Flash Programming Complete
Flash erase in progress ... Erase done
Programming Flash:  Flash Programming Complete
The system needs to be reset to run the new image.
Cisco Systems Console 
Enter password: 
Mon Apr 06, 1998, 14:35:08 
Console>
UNIX Workstation Serial Download Procedure Example

This screen output shows an example of a complete serial download procedure on a UNIX workstation:
workstation% cd /tmp
workstation% tar -xvfp /dev/rfd0
c5009_xx.bin, 1156046 bytes, 2258 tape blocks
workstation% ls -la
total 1150
drwxrwsrwt  5 bin           512 Sep 28 04:15 .
drwxr-xr-x 18 root         1536 Sep 27 15:41 ..
-r--r--r--  1 60000     1156046 Jul 18 10:32 c5009_xx.bin
workstation% kermit
C-Kermit, 4E(072) 06 Apr 98, SUNOS 4.x
Type ? for help
C-Kermit> set line /dev/ttya
C-Kermit> set speed 9600
/dev/ttya: 9600 baud
C-Kermit> connect
Connecting thru /dev/ttya, speed 9600.
The escape character is CTRL-\ (28).
Type the escape character followed by C to get back,
or followed by ? to see other options.
Console> enable
Console> (enable) download serial c5009_xx.bin
Download CBI image via console port (y/n) [n]? y
Waiting for DOWNLOAD!
Return to your local Machine by typing its escape sequence
Issue Kermit send command from there[ Send `Filename`]
[Back at Local System]
C-Kermit> send c5009_xx.bin
SF
c5009_xx.bin => c5009_xx.bin, Size: 1156046
CTRL-F to cancel file,  CTRL-R to resend current packet
CTRL-B to cancel batch, CTRL-A for status report: 
..........................................................................................
....................................
*** Display Truncated ***
...............................................................
.................................... [OK]
ZB?
C-Kermit> connect
Connecting thru /dev/ttya, speed 9600.
The escape character is CTRL-\ (28).
Type the escape character followed by C to get back,
or followed by ? to see other options.
Download OK
Initializing Flash
Programming Flash
Base....Code....Length....Time....Done
Cisco Systems Console
Enter password:
Mon Apr 06, 1998, 17:35:08
Console>
Downloading a System Image Using Xmodem or Ymodem

When you need a system image on the switch, but the switch does not have network access and you do not have a software image on a Flash PC card, you can download an image from a local or remote computer (such as a PC, UNIX workstation, or Macintosh) through the console port using the Xmodem or Ymodem protocol.

The Xmodem and Ymodem protocols are used to transfer files and are included in applications such as Windows 3.1 (TERMINAL.EXE), Windows 95 (HyperTerminal), Windows NT 3.5x (TERMINAL.EXE), Windows NT 4.0 (HyperTerminal), and Linux UNIX freeware (minicom).

The Xmodem and Ymodem downloads are slow. Use them only when the switch does not have network access. You can speed up the transfer by setting the console port speed to 38400 bps.

The Xmodem and Ymodem file transfers are performed from the ROM monitor with this command:
xmodem [-y] [-c] [-s data-rate]
where -y uses the Ymodem protocol, -c provides CRC-16 checksumming, and -s sets the console port data rate.

The computer from which you transfer the supervisor engine software image must run terminal emulation software that supports the Xmodem or Ymodem protocol.

This procedure shows a file transfer using the Xmodem protocol. To use the Ymodem protocol, include the -y keyword with the xmodem command.

Caution A modem connection from the telephone network to your console port can introduce security issues that you should consider before enabling the connection. For example, the remote users can dial into your modem and access the switch configuration settings.

Caution If you have redundant supervisor engines, you must remove the second (redundant) supervisor engine before you perform this procedure. The image that is downloaded through Xmodem is not saved to memory; therefore, after the download if you have two supervisor engines that are installed and attempt to reboot the active supervisor engine with the downloaded image, the redundant supervisor engine will take over and synchronize with the active supervisor engine. The downloaded image will not be booted.

Step 1 Place a supervisor engine software image on the computer's hard drive. You can download an image from Cisco.com (see the "Preface"section for details).

Step 2 To download from a local computer, connect the console port (port mode switch in the in position) to a serial port on the computer using a null-modem cable. The console port speed must match the speed that is configured on the local computer.

Note If you are transferring from a local computer, you may need to configure the terminal emulation program to ignore the RTS/DTR signals.

Step 3 To download from a remote computer, do the following:

a. Connect a modem to the console port and to the telephone network.

b. Note that the modem and console port must communicate at the same speed, which can be from 1200 to 38400 bps, depending on the speed that is supported by your modem. Enter the confreg ROM monitor command to configure the console port transmission speed.

c. Connect a modem to the remote computer and to the telephone network and configure it for the same speed as the supervisor engine.

d. Dial the number of the supervisor engine modem from the remote computer.

Step 4 Enter the xmodem command at the ROM-monitor prompt in the terminal emulation window:
rommon > xmodem -s 38400 -c
Step 5 Start an Xmodem or Ymodem send operation with the computer's terminal emulation software. The computer downloads the system image to the supervisor engine. See your terminal emulation software application manual for instructions on how to execute a Xmodem or Ymodem file transfer.

After the new image is completely downloaded, the ROM monitor boots it.

Note Downloading an image through the console port does not create an image file on any of the flash devices. The downloaded image resides only in memory. You cannot save the image in memory as a file.

Step 6 After the download, the console port returns to 9600, which is the default baud rate. If the download took place at other than 9600 baud, you must change the remote computer's baud rate back to 9600 baud.

Step 7 Establish network connectivity to the switch to copy an image file from a TFTP server to one of the flash devices.

Verifying the Software Images

Note This feature is not supported on Supervisor Engine 1.

Because a software image goes through a sequence of transfers before it is copied into the memory of the switch, the integrity of the image is at risk each time that it is downloaded from Cisco.com. The image size and checksum are automatically checked when the image is copied, but these types of checks do not ensure that the downloaded image has not been corrupted. To ensure the integrity of any images that you download, use the set image-verification command. You can set image verification to work when booting, after the image has been copied, or before a system reset.

To enable the image verification, perform this task in privileged mode:

Task

Command

Step 1

Enable the image verification.

set image-verification [boot | copy | reset] enable

Step 2

Verify the image verification setting.

show image-verification

This example shows how to enable the image verification upon a switch reset:
Console> (enable) set image-verification reset enable
Console> (enable)
This example shows how to verify the image verification settings:
Console> (enable) show image-verification
Image Verification Status:
Boot:  Disable
Copy:  Disable
Reset: Enable
Console> (enable)