Upgrading Software and Firmware
This appendix describes how to upgrade or reinstall the Cisco PAM server software, desktop client software, and Gateway module firmware.
Contents
•
Upgrading the Cisco PAM Desktop Software
•
Upgrading the Cisco PAM Server Software
•
Reinstalling the Cisco PAM Server Software from a Recovery CD
•
Upgrading Gateway Firmware Images Using Cisco PAM
–
Uploading Firmware Images to a TFTP Server Using Image Manager
–
Upgrading or Downgrading Gateway Module Firmware Images
Upgrading the Cisco PAM Desktop Software
For instructions to upgrade the Cisco PAM desktop software used to configure devices and access control settings, see Installing or Updating the Cisco PAM Desktop Software, page 5-2.
Upgrading the Cisco PAM Server Software
To upgrade the Cisco PAM server software, you must first stop the server, as described in the following steps.
The following conditions apply when upgrading the Cisco PAM server software:
•
Upgrading a non-redundant Cisco PAM appliance causes system downtime.
•
System downtime can result in a temporary loss of data. Log and other system messages sent from the Cisco Physical Access Gateways and other hardware devices may be dropped during the upgrade process. Cisco recommends performing a manual upgrade only when system usage is low.
•
Software downgrades are not supported.
Note
The Cisco PAM server software is different from the desktop client software. The server software runs the appliance and provides a web administration interface used to configure and manage the server. The desktop (client) software runs on a PC and is used to configure devices and access control settings.
To upgrade the Cisco PAM server software, do the following:
Step 1
Log on to the Cisco PAM appliance, as described in Performing Additional Configuration, Administration, and Monitoring Tasks, page 4-11.
Step 2
Select the Commands tab, and then select Stop Server.
Step 3
Select the Setup tab, and then select Upgrade, as shown in Figure B-1.
Step 4
Click Browse to locate and select the upgrade image.
Figure B-1 Upgrade Window in the Cisco PAM Server Administration Utility
Step 5
Click Upgrade.
Step 6
Select the Commands tab, and then select Start Server.
Step 7
Wait for the server to automatically restart. If the Cisco PAM Server Administration utility disconnects, a browser error message may be shown. Wait for the server to restart and then log in again.
Step 8
Perform a system backup, as described in Appendix A, "Backing Up and Restoring Data".
Note
Always perform a backup after upgrading the server software to preserve critical system data.
Reinstalling the Cisco PAM Server Software from a Recovery CD
Use the recovery CD/DVD included with the Cisco PAM appliance to completely erase the server hard disk and re-install the Cisco PAM server software.
Caution
Reinstalling the server software from a CD/DVD using these instructions permanently erases all data and configurations on the Cisco PAM appliance. You must have at least one backup to restore the server software using the recovery CD. See
Appendix A, "Backing Up and Restoring Data" for more information.
Step 1
Backup the data on your appliance. See Appendix A, "Backing Up and Restoring Data" for more information.
Tip
Backup and restore the server to preserve critical system data and configurations.
Step 2
Insert the Cisco PAM recovery CD into the server DVD-ROM drive.
Step 3
Reboot the Cisco PAM appliance:
a.
Log on to the Cisco PAM appliance, as described in Logging on to the Cisco PAM Server Administration Utility, page 4-2.
a.
Select the Commands tab, and then select Reboot.
Step 4
Wait for the CD to install the Cisco PAM server software. When finished, the server will reboot again.
Step 5
After the server reboots, configure the server as described in Entering the Initial Server Configuration, page 4-4.
Step 6
Perform a system restore, as described in Appendix A, "Backing Up and Restoring Data".
Upgrading Gateway Firmware Images Using Cisco PAM
To upgrade Gateway firmware, upload the firmware image to a TFTP server (such as the built-in Cisco PAM TFTP server), and use the Hardware module to upgrade the firmware on the Gateway Controller.
Tip
You can also upgrade firmware images using a PC directly connected to the Gateway module. See Cisco Physical Access Gateway User Guide for more information.
This section includes the following information:
•
Uploading Firmware Images to a TFTP Server Using Image Manager
•
Upgrading or Downgrading Gateway Module Firmware Images
Uploading Firmware Images to a TFTP Server Using Image Manager
Use Image Manager to load Gateway firmware images to a TFTP server so they can be accessed by Cisco PAM. You can then update the Gateway module firmware as described in Upgrading or Downgrading Gateway Module Firmware Images.
Tip
You can use the built-in Cisco PAM TFTP server to store firmware images, or use a remote TFTP server.
To load images to a TFTP server using Image Manager, do the following:
Step 1
Select Image Manager from the Admin menu, as shown in Figure B-2. See Table B-1 for field descriptions.
Step 2
To upload firmware images to the default Cisco PAM TFTP server:
a.
Click Default to enter the Cisco PAM TFTP server IP address in the TFTP server field.
b.
Select the file to be uploaded from the Local file browser. The selected file is automatically entered in the Image file field.
c.
Use the Remote file browser to select the directory on the Cisco PAM TFTP server where files will be uploaded. This field is inactive if you are using a TFTP server other than the build-in Cisco PAM server.
Right-click within the Remote file browser to select the following menu options:
–
Create Directory: Creates a new directory on the Cisco PAM TFTP server.
–
Delete File/Directory: Deletes a selected file or directory.
d.
In the Local file browser field, select the firmware file on a local drive to be uploaded. The directory path and filename are displayed in the Image File field.
e.
Click Upload to add the file to the TFTP server specified in the TFTP server field.
Step 3
To upload firmware images to a TFTP server other than the default Cisco PAM server:
a.
Enter the server IP address in the TFTP server field.
b.
In the Remote Directory field, enter the TFTP server directory path where the image will be stored. If this field is left blank, then the root TFTP directory is used by default. The default Unix TFTP root directory is /tftpboot
.
Note
The TFTP server directory path entered in the Remote Directory field must be valid. Cisco PAM does not validate the existence of remote server directories.
c.
In the Local file browser field, select the firmware file on a local drive to be uploaded. The directory path and filename are displayed in the Image File field.
d.
Click Upload to add the file to the TFTP server specified in the TFTP server field.
Step 4
Complete the instructions in Upgrading or Downgrading Gateway Module Firmware Images.
Figure B-2 shows the Image Manager window. See Table B-1 for field descriptions.
Figure B-2 Image Manager
Table B-1 Image Manager Fields
|
|
|
|
TFTP server |
The IP address of the TFTP server to store image files. |
|
Default |
Click this button to select the built-in Cisco PAM TFTP server (the server IP address is entered in the TFTP server field). |
|
Image file |
Read-only. Displays the directory path and filename for the file selected in the Local browser. This file will be uploaded to the specified TFTP server. |
|
Remote directory |
The directory path on the TFTP server where files will be uploaded. The directory is in relation to the TFTP server root directory. • If using the built-in Cisco PAM TFTP server., this field is read-only. The directory path is selected using the Remote browser. • If using a TFTP server other than the build-in Cisco PAM server, this field is editable and you must enter the directory path on the TFTP server where files will be uploaded. The directory path must be valid since Cisco PAM does not validate remote server directories. Note If this field is empty the image file is uploaded to the TFTP root directory. The default TFTP root directory is /tftpboot for unix systems. |
|
Local |
The Local directory browser specifies the file on a local drive for upload to the TFTP server. • Click the Up button to navigate one level up. • Double-click a folder to view the folder contents. • Select a file to enter the file name and directory path in the Image file field and enable the Upload button. |
|
Remote |
Selects the directory where files will be uploaded on the built-in Cisco PAM TFTP server. This field is active only if you are using the build-in Cisco PAM server. Right-click within the field to display and select the following menu options: • Create Directory: Creates a directory. • Delete File/Directory: Enabled when a file or directory is selected. Deletes the file or directory |
|
Upload Button |
Uploads the selected image file to the specified TFTP server and directory. This button is enabled only when a file is selected in the Local directory browser. |
Upgrading or Downgrading Gateway Module Firmware Images
Step 1
(Optional) Upload a firmware file image file to the built-in Cisco PAM TFTP server using Image Manager.
Step 2
Open the Hardware module Device view and right-click a Gateway Controller (blue icon).
Step 3
Select File Manager from the menu to open the window shown in Figure B-3.
Figure B-3 File Manager Window: Image Tab
Step 4
Select the Image tab to display a list of the firmware images currently loaded on the Gateway module.
•
Name: file name of the firmware image.
•
Version: the firmware version number.
•
Active: The image marked Yes is the currently active image on the Gateway. To change the active image, select an image name and click the Active Image button. This button is available only if the selected file is not the active image.
Step 5
To download a new firmware image from a file located on a TFTP server, select the Initiate Download button and enter the download settings as shown in Figure B-4.
Figure B-4 Initiate Download Input Window
a.
Click the Browse button to navigate the Cisco PAM appliance TFTP server and select a file. The file appears in the top Image Name field. You can also enter the directory path and filename manually.
b.
Enter the TFTP Server IP address. The Cisco PAM appliance TFTP server IP address is entered by default.
c.
Enter the directory Path on the TFTP server for the firmware image. Leave this field blank if using the default location for the built-in Cisco PAM appliance TFTP server. Be sure the path and filename are valid. The administration tool does not verify remote server paths.
d.
Select the options that will occur after the image is loaded to the Gateway:
–
Set as active image: (checked by default) make the firmware file new active image.
–
Delete credentials: delete the module credentials.
–
Delete configuration: delete the module configuration. The configuration is automatically reloaded when the module established communication with the Cisco PAM appliance.
–
Delete events: delete all events stored on the module.
–
Reset Gateway: (checked by default) perform a soft reset to powercycle the module.
–
Reset time: enter the time in 24-hour notation that the Gateway will reset with the new firmware image. If this field is left blank, the Gateway will reload immediately when the new image is made active.
Step 6
Click OK to close the window and copy the firmware image to the Gateway module. Any actions selected in Step 5 are initiated, including the default selections to set the new image as the active image and reset the Gateway module.