Cisco C9200堆叠升级系统(带外管理)

前言

网上关于新型号的堆叠升级内容不是很多,并且用带外管理升级也略有不同,此处做个记录
环境:两台C9200L-48T-4X通过堆叠线进行堆叠,所有的外部管理均通过带外管理口进行管理
整体升级过程大致如下:
Cisco C9200堆叠升级系统(带外管理)_第1张图片

升级流程

前期准备

升级工具准备:

  • 终端
  • Console线
  • TFTP工具(个人习惯Tftpd64,当然3CD之类的也ok)
    镜像准备:
    镜像准备主要注意两个问题,一个是版本的选择上,无特殊情况尽量选择官方的Suggested Release版本,另外镜像分普通版本和NPE版本,按照我的理解,首先强加密在普通的交换场景中用不到,同时也需要额外的授权支持,另外国内有可能不售卖这种NPE的授权(由于我们的信息安全原因很多国外产品的强加密都不会在国内售卖),因此我们就选择普通版本的就可以了
    Cisco C9200堆叠升级系统(带外管理)_第2张图片
    附官方对于NPE的解释:

Universal images with the universalk9_npe" designation in the image name: The strong enforcement of encryption capabilities provided by Cisco Software Activation satisfies requirements for the export of encryption capabilities. However, some countries have import requirements that require that the platform does not support any strong crypto functionality such as payload cryptography. To satisfy the import requirements of those countries, the `npe’ universal image does not support any strong payload encryption. This image supports security features like Zone-Based Firewall, Intrusion Prevention through SECNPE-K9 license.

导入镜像升级

确认当前堆叠两台交换机的当前版本(16.12.4)

Server-SW#show version 
Switch Ports Model              SW Version        SW Image              Mode   
------ ----- -----              ----------        ----------            ----   
*    1 52    C9200L-48T-4X      16.12.4           CAT9K_LITE_IOSXE      INSTALL
     2 52    C9200L-48T-4X      16.12.4           CAT9K_LITE_IOSXE      INSTALL

从tftp服务器拷贝到两台交换机,这边有两个注意点:

  1. C92的带外MGT口不在interface里,不加参数的情况下不会走带外管理接口,因此要添加vrf Mgmt-vrf
  2. 堆叠的两台交换机的本地flash路径会自动增加-1和-2
Server-SW#copy tftp: flash-1: vrf Mgmt-vrf
Address or name of remote host [10.66.17.100]?
Source filename [cat9k_lite_iosxe.17.06.03.SPA.bin]?
Destination filename [cat9k_lite_iosxe.17.06.03.SPA.bin]? 
Accessing tftp://10.66.17.100/cat9k_lite_iosxe.17.06.03.SPA.bin...
Loading cat9k_lite_iosxe.17.06.03.SPA.bin from 10.66.17.100 (via GigabitEthernet0/0): !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 526556147 bytes]

传输完成后确认在flash中能看到镜像

Server-SW#dir flash-1:
Directory of flash:/

24300  -rw-              736  Oct 13 2021 05:40:01 +00:00  vlan.dat
24316  -rw-                0   Sep 5 2022 04:16:10 +00:00  dope_hist
24291  drwx             4096   Sep 5 2022 04:13:55 +00:00  .installer
24293  -rw-              370   Sep 5 2022 04:13:57 +00:00  bootloader_evt_handle.log
24294  drwx             4096   Nov 6 2020 19:35:59 +00:00  core
56673  drwx             4096   Sep 2 2022 15:14:22 +00:00  .prst_sync
72865  drwx             4096   Nov 6 2020 19:48:22 +00:00  .rollback_timer
56676  drwx             4096   Nov 6 2020 19:34:36 +00:00  tech_support
56695  drwx             4096   Sep 5 2022 04:14:15 +00:00  dc_profile_dir
24290  -rw-             2130   Sep 5 2022 04:14:17 +00:00  boothelper.log
24296  -rw-           132108   Sep 5 2022 04:14:29 +00:00  memleak.tcl
24298  drwx             4096   Nov 6 2020 19:38:51 +00:00  .dbpersist
56697  drwx             4096   Nov 6 2020 19:35:37 +00:00  onep
89057  drwx             4096   Sep 5 2022 04:15:34 +00:00  license_evlog
24319  -rw-          2097152  Sep 28 2022 09:45:51 +00:00  nvram_config
24301  -rw-          2097152  Sep 28 2022 09:45:51 +00:00  nvram_config_bkup
24302  -rw-              862   Sep 5 2022 04:16:10 +00:00  rdope_out.txt
24303  -rw-               89   Sep 5 2022 04:16:07 +00:00  rdope.log
24304  -rw-               35  Mar 18 2021 07:47:07 +00:00  pnp-tech-time
24305  -rw-           146611  Mar 18 2021 07:47:13 +00:00  pnp-tech-discovery-summary
89066  -rw-             4883   Nov 6 2020 19:44:17 +00:00  packages.conf
24311  -rw-              736   Sep 5 2022 04:17:54 +00:00  stby-vlan.dat
89067  -rw-        391255060   Nov 6 2020 19:43:21 +00:00  cat9k_lite-rpbase.16.12.04.SPA.pkg
89070  -rw-         40633301   Nov 6 2020 19:44:17 +00:00  cat9k_lite-rpboot.16.12.04.SPA.pkg
89068  -rw-          4576276   Nov 6 2020 19:43:22 +00:00  cat9k_lite-srdriver.16.12.04.SPA.pkg
89069  -rw-         10171408   Nov 6 2020 19:43:23 +00:00  cat9k_lite-webui.16.12.04.SPA.pkg
24292  -rw-             2130   Sep 2 2022 15:13:07 +00:00  boothelper.log.old
24309  -rw-        526556147  Oct 14 2022 13:24:34 +00:00  cat9k_lite_iosxe.17.06.03.SPA.bin

1956839424 bytes total (874840064 bytes free)

按同样的方式上传到flash-2

Server-SW#copy tftp: flash-2: vrf Mgmt-vrf

启动并确认升级状态

将两台交换机的启动项统一改为新镜像

Server-SW(config)#boot system switch all flash:cat9k_lite_iosxe.17.06.03.SPA.bin

确认新启动项是否为新镜像

Server-SW#show boot system 
---------------------------
Switch 1
---------------------------
Current Boot Variables:
BOOT variable = flash:cat9k_lite_iosxe.17.06.03.SPA.bin;

Boot Variables on next reload:
BOOT variable = flash:packages.conf;
Manual Boot = no
Enable Break = no
Boot Mode = DEVICE
iPXE Timeout = 0
---------------------------
Switch 2
---------------------------
Current Boot Variables:
BOOT variable = flash:cat9k_lite_iosxe.17.06.03.SPA.bin;

Boot Variables on next reload:
BOOT variable = flash:packages.conf;
Manual Boot = no
Enable Break = no
Boot Mode = DEVICE
iPXE Timeout = 0

保存并重启,两台堆叠交换机依次进行重启,整个过程要点时间,耐心等待

Server-SW#wr mem
Server-SW#reload 
Reload command is being issued on Active unit, this will reload the whole stack
Proceed with reload? [confirm]

重启完成后确认下当前运行版本

Server-SW#show version 
Switch Ports Model              SW Version        SW Image              Mode   
------ ----- -----              ----------        ----------            ----   
*    1 52    C9200L-48T-4X      17.06.03          CAT9K_LITE_IOSXE      BUNDLE 
     2 52    C9200L-48T-4X      17.06.03          CAT9K_LITE_IOSXE      BUNDLE 

你可能感兴趣的:(网络及安全,网络安全)