Introduction
This document describes how to upgrade the firmware on a Cisco MDS 9000 Series Multilayer Director Switch (MDS).
Background Information
Tip: For more detailed information about the procedure that is described in this document, refer to the appropriate Cisco MDS 9000 NX-OS and SAN-OS Software Install and Upgrade Guide.
Non-Disruptive Upgrades Overview
All MDS switches support non-disruptive upgrades and downgrades subject to limitations listed in the MDS release notes.
On 97xx Series MDS with dual supervisors, during the firmware upgrade, the new code is loaded on the standby supervisor. A switchover then occurs in order to make the standby supervisor that runs the new code active. The code is then loaded on the previously active supervisor, and it becomes the new standby supervisor. The data plane continues to pass fiber channel traffic. The modules then non-disruptively start the upgrade process at the lowest numbered module and proceed to the highest.
On a 91xx, 92xx, or 93xx Series MDS, which has only one supervisor, the supervisor (control plane) is reloaded non-disruptively after the upgrade is completed. The data plane continues to pass fiber channel traffic.
If you intend to upgrade via Telnet, Secure Shell (SSH), or Simple Network Management Protocol (SNMP) (Fabric Manager/Device Manager), ensure that you have an Ethernet connection to both of the supervisors. When the supervisor non-disruptively restarts, your terminal session is lost. You must reconnect to the switch. You connect to the previous standby supervisor now.
Note: Cisco recommends that firmware upgrades be completed from the local console.
Upgrade Firmware
Complete these steps in order to upgrade the firmware:
- Read the MDS Release Notes for the version to which you intend to upgrade. Optionally, review the Release Notes between the old and new firmware levels so that you can learn about the changes. There is a table in the Release Notes that provides the non-disruptive upgrade path. Be sure to read the caveats and notifications in the Release Notes.
- Copy the running configuration and the startup configuration so that you have a backup in the event that you have made a change that you did not save:
MDS9148V# copy running-config startup-config
- Enter this command in order to copy the running configuration to the bootflash, which ensures that there is a copy that can be used for backup and in order to check that the bootflash is not read-only (This is rare, but an error against the flash can cause this.):
MDS9148V# copy running-config bootflash:$(SWITCHNAME)-$(TIMESTAMP).bkup
Here is an example of the output on the bootflash:
MDS9148V-2023-03-23-04.27.00.bkup
- Save a copy of a Show Tech-Support Detail. This contains the current switch configuration, log files, and state of all interfaces. If there was an issue during or after an upgrade, having the state of the switch prior to the upgrade helps in troubleshooting, and reduces the time to diagnose an issue.
MDS9148V# term redirect zip
MDS9148V# show tech-support details > $(SWITCHNAME)-$(TIMESTAMP)-sh_ts_det-log.gz
Tip: For more information about collecting show tech-support details, you can refer to this whitepaper.
- Copy the configuration that you just saved to your TFTP server. This accomplishes three things: it verifies that you have an operational TFTP server, it verifies that you can reach the server over the IP network, and it places a copy of the configuration in a location that is external to the switch so that you have a backup in the event of a switch failure.
Tip: There are many free TFTP servers available on the Internet. FTP, SFTP, and SCP can also be used. You can push or pull files from the switch if using the local admin user and enable switch features sftp-server or scp-server.
Enter the copy bootflash: tftp:
command in order to copy the configuration to the TFTP server. Here is an example:
MDS9148V# copy bootflash: tftp:
<prompts for file name> MDS9148V-2023-03-23-04.27.00.bkup
<prompt for tftp server name or ip address> 192.168.1.1
- Copy the show tech-support detail to your TFTP server. Here is an example:
MDS9148V# copy bootflash: tftp:
<prompts for file name> MDS9148V-2023-03-23-04.27.59-sh_ts_det-log.gz
<prompt for tftp server name or ip address> 192.168.1.1
- Verify that you have a copy of the current firmware on your TFTP server so that you have a backup in the event that you must return to the original version. If you do not, copy it from the switch to the TFTP server at this time.
Here are some examples:
MDS9148V# copy bootflash: tftp:
<prompts for file name> m9148v-s8ek9-kickstart-mz.9.3.1.bin
<prompt for tftp server name or ip address> 192.168.1.1
MDS9148V# copy bootflash: tftp:
<prompts for file name> m9148v-s8ek9-mz.9.3.1.bin
<prompt for tftp server name or ip address> 192.168.1.1
Note: For the prompts for file name
entries, use your actual current version.
- Download the new NX-OS version from the Cisco Download Software page. You need both a kickstart and a system image. Place them on the TFTP server in the default TFTP directory.
Cisco provides two types of firmware. Payload Non-Crypto, also known as Non-Payload Encryption (NPE), releases are for countries or governments that the United States Department of Commerce have listed as on a non-export list of software that includes encryption. Certain advanced troubleshooting abilities are not included in NPE releases. NPE releases can also limit the ability for Cisco to provide workarounds or hot fixes. Only customers that fall under the export restrictions are to be running NPE releases.
You can use this table in order to choose your switch series, and then you can choose the switch model:
Cisco MDS Series Switch Type |
Naming Convention
|
MDS 9132T Series
|
File name begins with m9100-s6ek9
|
MDS 9148S Series
|
File name begins with m9100-s5ek9
|
MDS 9148T Series
|
File name begins with m9148-s6ek9
|
MDS 9148V Series
|
File name begins with m9148v-s8ek9
|
MDS 9220i Series
|
File name begins with m9220-s7ek9
|
MDS 9250i Series
|
File name begins with m9250-s5ek9
|
MDS 9396S Series
|
FIle name begins with m9300-s1ek9
|
MDS 9396T Series
|
FIle name begins with m9300-s2ek9
|
MDS 9710, 9706, and 9718 Series Supervisor Module-3
|
File name begins with m9700-sf3ek9
|
MDS 9710, 9706, and 9718 Series Supervisor Module-4
|
File name begins with m9700-sf4ek9
|
Here is an example that uses the MDS 9148V Series firmware kickstart and system software Version 9.3(2a):
m9148v-s8ek9-kickstart-mz.9.3.2a.bin
m9148v-s8ek9-mz.9.3.2a.bin
Note: On the Cisco download page, hover the filename in order to get the Message Digest5 (MD5)
.
- Verify that there is enough free space on the bootflash in order for the new images to be added. If not, you must erase at least the system image file. Keep the kickstart image so that in the event of a malfunction, you can get the switch to a point where you can load (TFTP) a new image. Once you have upgraded, you can delete the old version.
Enter this command in order to check the bootflash free space:
MDS9148V# dir bootflash:
Additionally, if you run a dual-supervisor switch, enter this command in order to check that there is enough free space on the standby supervisor as well:
MDS9148V# dir bootflash://sup-standby/
- Download the new images to the bootflash on the switch from TFTP server:
MDS9148V# copy tftp: bootflash:
<prompts for file name> m9148v-s8ek9-kickstart-mz.9.3.2a.bin
<prompt for tftp server name or ip address> 192.168.1.1
MDS9148V# copy tftp: bootflash:
<prompts for file name> m9148v-s8ek9-mz.9.3.2a.bin
<prompt for tftp server name or ip address> 192.168.1.1
Enter this command into the CLI in order to verify the checksum and the MD5 checksum:
Valid MD5 checksum example:
MDS9148V# show version image m9148v-s8ek9-mz.9.3.2a.bin
MD5 Verification Passed
image name: m9148v-s8ek9-mz.9.3.2a.bin
bios: v1.05.0(05/14/2022)
system: version 9.3(2a)
compiled: 4/25/2023 12:00:00 [05/12/2023 18:58:57]
Example of MD5 checksum that is invalid, and needs to be re-downloaded.
MDS9148V# show version image m9148v-s8ek9-mz.9.3.2a.bin
MD5 Verification Failed
Image integrity check failed
- Enter this command into the CLI in order to view the impact of this new code installation, check the images, and ensure that they are compatible with the switch:
MDS9148V# show install all impact kickstart bootflash:m9148v-s8ek9-kickstart-mz.9.3.2a.bin
system bootflash:m9148v-s8ek9-mz.9.3.2a.bin
Tip: This command must be entered as a single line, not two seperate lines. This command is not used for the installation, but it can be used in order to verify the installation process and provide a report showing the versions coming from and going to. It also displays if this upgrade is disruptive or non-disruptive when time comes to execute the upgrade.
Note: All file transfer sessions (like SFTP/SCP) to the switch must be closed before beginning the upgrade/downgrade process. Any open file transfer sessions can cause the switch to disruptively reload at the time of ISSU/D. See Cisco bug ID CSCvo22269 and Cisco bug ID CSCvu52058 for more information. Clients have complained that MobaXterm opens a SFTP session when opening a SSH session, and can prevent the upgrade from occuring.
- As an optional step, you can enter the
show incompatibility system bootflash:m9148v-s8ek9-mz.9.3.2a.bin
command into the CLI to check for incompatabilities betwNX-OS releases, and any switch switch events that would prevent the upgrade from upgrading. Here is an example:
MDS9148V# show incompatibility system bootflash:m9148v-s8ek9-mz.9.3.2a.bin
Cisco Fabric Services (CFS)
The following configurations on active are incompatible with the system image:
1) Service : cfs , Capability : CAP_FEATURE_CFS_ENABLED_DEVICE_ALIAS
Description : CFS - Distribution is enabled for DEVICE-ALIAS
Capability requirement : STRICT
Disable command : no device-alias distribute
- Enter this command into the CLI in order to install the firmware:
MDS9148V# install all kickstart bootflash:m9148v-s8ek9-kickstart-mz.9.3.2a.bin
system bootflash:m9148v-s8ek9-mz.9.3.2a.bin
Tip: The previous command is to be entered on a single command line. Ensure that you monitor the impact table closely.
- If having to upgrade through multiple hops to get to your target firmware version, repeat the whole process from Step 1. It is important to always read the Release Notes, Save backups of the running config, and Collect show tech-support details between reach MDS release when making multiple hops.