PDF(752.8 KB) View with Adobe Reader on a variety of devices
Updated:April 29, 2020
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
For information about open issues with the software and past opens that are resolved now, see .
Introduction
Cisco Catalyst 3850 Series Switches are the next generation of enterprise class stackable access layer switches, with the new and improved 480-Gbps StackWise-480 and Cisco StackPower. Security and application visibility and control are natively built into the switch.
Cisco Catalyst 3850 Series Switches also support full IEEE 802.3 at Power over Ethernet Plus (PoE+), modular and field replaceable network modules, redundant fans, and power supplies. Cisco Catalyst 3850 Series Switches enhance productivity by enabling applications such as IP telephony and video for a true borderless network experience.
Cisco IOS XE, Cisco IOS XE Denali 16.x.x, and now Cisco IOS XE Everest 16.x.x, represent the continuing evolution of the preeminent Cisco IOS operating system. The Cisco IOS XE architecture and well-defined set of APIs extend the Cisco IOS software to improve portability across platforms and extensibility outside the Cisco IOS environment. The Cisco IOS XE software retains the same look and feel of the Cisco IOS software, while providing enhanced future-proofing and improved functionality.
Whats New in Cisco IOS XE Everest 16.6.10
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.9
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.8
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.7
There are no new hardware or software features in this release.
What’s New in Cisco IOS XE Everest 16.6.6
There are no new hardware or software features in this release.
What’s New in Cisco IOS XE Everest 16.6.5
There are no new hardware or software features in this release.
What’s New in Cisco IOS XE Everest 16.6.4a
There are no new hardware or software features in this release.
What’s New in Cisco IOS XE Everest 16.6.4
There are no new hardware or software features in this release.
What’s New in Cisco IOS XE Everest 16.6.3
Software Features in Cisco IOS XE Everest 16.6.3
Feature Name
Description
Remote Authentication Dial-in User Service (RADIUS) over Datagram Transport Layer Security protocol (DTLS)
RADIUS over Datagram Transport Layer Security protocol (DTLS) provides encryption services over RADIUS, which is transported over a secure tunnel. RADIUS over DTLS is implemented in both client and server. Client side controls radius authentication, authorization, and accounting (AAA) and server side controls Change of Authorization (CoA).
Cisco QSFP to SFP or SFP+ Adapter (Cisco QSA Module)
Cisco Catalyst 3850 Series Switches support the Cisco QSA Module, which is a pluggable adapter that converts a QSFP port in to an SFP+ port. You can connect only an SFP+ module.
A backward compatible mode, equivalent to not having CDP support. When the feature is enabled, CDP packets are received and transmitted unchanged. Received packets are not processed; no packets are generated. In this mode, 'bump-in-the-wire' behavior is applied to CDP packets.
Cisco NSF works with the Stateful switchover (SSO) feature to minimize the amount of time a network is unavailable to its users following a switchover.
Dual-active-detection using Enhanced Port Aggregation Protocol (ePAGP)
A network system virtualization technology that pairs two switches into one virtual switch to simplify operational efficiency with a single control and management plane. The feature supports:
Minimum Latency Load Balancing—Here, in a Cisco StackWise Virtual setup, Multichassis EtherChannel forwards traffic over the local link, irrespective of the hash result.
Dual-active-detection using ePAgP—Involves detection of a dual-active scenario using PAgP on Multichassis EtherChannel, between the switches in a Cisco StackWise Virtual setup.
On Cisco Catalyst 3850 Series Switches, Cisco StackWise Virtual was first introduced in Cisco IOS XE Denali 16.3.3, but the feature was not supported in Cisco IOS XE Everest 16.5.1a. It is available again with this release.
Note The feature is available only on the WS-C3850-48XS-S, WS-C3850-48XS-E, WS-C3850-48XS-F-S, and WS-C3850-48XS-F-E models of the series.
Internet Group Management Protocol (IGMP) Explicit Tracking
Enables a multicast device to explicitly track the membership of all multicast hosts in a particular multiaccess network. The explicit tracking of hosts, groups, and channels enables the device to keep track of each individual host that is joined to a particular group or channel.
Provides a filtering mechanism to solve the high IP-Scalable Group Tag (SGT) bindings scale issue. When bindings are exported or imported, filters are provided on a per-peer basis or globally (applicable to all SXP connections) with an option to filter either as a listener or a speaker. The filtering can also be done based on IP prefixes or SGT.
Allows a service provider to support two or more VPNs with overlapping IP addresses using one interface. VRF-Lite uses input interfaces to distinguish routes for different VPNs and forms virtual packet-forwarding tables by associating one or more Layer 3 interfaces with each VRF.
Locator ID Separator Protocol (LISP) Extranet Support and Source Group Access Control List (SGACL) Cell Statistics
LISP Extranet Support—Refers to subscriber to provider communication across instance IDs in a LISP network. With LISP Extranet support, hosts in VRF “A”, for example, can access shared resources in VRF “B”.
SGACL Cell Statistics—An enhancement in the show cts role-based counters ipv4 command, to display all SGACL enforcement statistics for IPv4, providing visibility at the cell level.
external BGP (eBGP) and internal BGP (iBGP) OR eiBGP
IPv6 Provider Edge over MPLS (6PE)
IPv6 VPN Provider Edge over MPLS (6VPE)
The following MPLS features are introduced in this release:
EoMPLS—One of the Any Transport over MPLS (AToM) transport types. EoMPLS provides a tunneling mechanism for Ethernet traffic through an MPLS-enabled Layer 3 core. It encapsulates Ethernet protocol data units (PDUs) inside MPLS packets and uses label stacking to forward them across the MPLS network.
VPLS—A class of VPN that supports the connection of multiple sites in a single bridged domain over a managed IP/MPLS network. VPLS uses the provider core to join multiple attachment circuits together, to simulate a virtual bridge that connects the multiple attachment circuits together.
EIGRP MPLS VPN PE-CE SoO—Introduces the capability to filter MPLS Virtual Private Network (VPN) traffic on a per-site basis for Enhanced Interior Gateway Routing Protocol (EIGRP) networks. SoO filtering is configured at the interface level and is used to manage MPLS VPN traffic, and to prevent transient routing loops from occurring in complex and mixed network topologies.
Route Target Rewrite—Allows the replacement of route targets on incoming and outgoing Border Gateway Protocol (BGP) updates. Route targets are carried as extended community attributes in BGP Virtual Private Network IP Version 4 (VPNv4) updates. Route target extended community attributes are used to identify a set of sites and VPN routing and forwarding (VRF) instances that can receive routes with a configured route target.
eiBGP— Enables you to configure multipath load balancing with both eBGP and iBGP paths in Border Gateway Protocol (BGP) networks that are configured to use MPLS VPNs. The feature provides improved load balancing deployment and service offering capabilities and is useful for multi-homed autonomous systems and Provider Edge (PE) routers that import both eBGP and iBGP paths from multihomed and stub networks.
6PE—A technique that provides global IPv6 reachability over IPv4 MPLS. It allows one shared routing table for all other devices. 6PE allows IPv6 domains to communicate with one another over the IPv4 without an explicit tunnel setup, requiring only one IPv4 address per IPv6 domain.
6VPE—A mechanism to use the IPv4 backbone to provide VPN IPv6 services. 6VPE is like a regular IPv4 MPLS-VPN provider edge, with an addition of IPv6 support within VRF. It provides logically separate routing table entries for VPN member devices.
Programmability features introduced or enhanced in this release:
ZTP—Now supports HTTP file download along with TFTP file download.
Model-Driven Telemetry—Provides a mechanism to stream data from a Model-Driven Telemetry-capable device, to a destination. The data to be streamed is driven through subscription. The feature is enabled automatically, when NETCONF-YANG is started on a device.
In-Service Model Update package— Updates YANG data models on a device.
Revision statements embedded in the YANG files indicate if there has been a model revision. The README.md file in the same github location highlights changes that have been made in the release.
With this feature, when an active switch fails, the standby switch starts up in a fully-initialized state and synchronizes with the persistent configuration and the running configuration of the active switch. The new active switch uses existing Layer 2 switching information to continue forwarding traffic.
Removes all the customer specific data that has been added to the device since the time of its shipping.
Enter the factory-reset all command to erase all the content from the NVRAM, all Cisco IOS images including the current boot image, boot variables, startup and running configuration data, and user data. The Onboard Failure Logging (OBFL) logs and the crash information are also deleted.
No system configuration is required to use the factory reset command. Use the command with all options enabled.
Do not unplug the power or interrupt the factory reset operation.
The system reloads to perform the Factory Reset. Note that after this operation, you can load the IOS image either through a USB or TFTP.
Use cases for the feature:
Return Material Authorization (RMA) for a device—If you have to return a device to Cisco for RMA, remove all customer-specific data before obtaining a RMA certificate for the device.
Recovering the compromised device—If the key material or credentials stored on a device is compromised, reset the device to factory configuration and then reconfigure the device.
The Enterprise Fabric provides end-to-end enterprise-wide segmentation, flexible subnet addressing, and controller-based networking with uniform enterprise-wide policy and mobility. It moves the enterprise network from current VLAN-centric architecture to a user group-based enterprise architecture, with flexible Layer 2 extensions within and across sites.
Features introduced and updated on the Web UI in this release:
DNS Proxy Support
Troubleshooting- Audit Device Configuration
Troubleshooting- Debug Bundle
Important Notes
Starting with Cisco IOS XE Denali 16.1.x, a DHCP client that includes option 61 (used by DHCP clients to specify their unique client identifier) in their DHCP discover/offer packet must accept the response message with option 61 from the DHCP server/relay. A client that fails to accept the response message with option 61, is not in compliance with RFC 6842 and requires a firmware upgrade.
Converged Access (CA) is not supported beyond Cisco IOS XE Denali 16.3.x.
On the Cisco Catalyst 3850 Series Switches, CA is supported in the Cisco IOS XE Denali 16.3.x software release, which has extended support for 40 months.
Starting with Cisco IOS XE Denali 16.3.x, Secure Shell (SSH) Version 1 is deprecated. Use SSH Version 2 instead.
Cisco Plug-In for OpenFlow (OpenFlow 1.0 and 1.3) is available in Cisco IOS XE Release 3.7.3E, but is not supported in Cisco IOS XE Everest 16.5.1a.
The following features are not supported in Cisco IOS XE Everest 16.6.x:
– 802.1x Configurable username and password for MAB
– AAA: TACACS over IPv6 Transport
– Auto QoS for Video endpoints
– Cisco Group Management Protocol (CGMP)
– Cisco TrustSec 802.1x
– Cisco TrustSec Critical Auth
– Cisco TrustSec for IPv6
– CNS Config Agent
– Command Switch Redundancy
– Device classifier for ASP
– DHCP snooping ASCII circuit ID
– DHCPv6 Relay Source Configuration
– DVMRP Tunneling
– Dynamic Access Ports
– EX SFP Support (GLC-EX-SMD)
– Fallback bridging for non-IP traffic
– Fast SSID support for guest access WLANs
– IEEE 802.1X-2010 with 802.1AE support
– Improvements in QoS policing rates
– Ingress Strict Priority Queuing (Expedite)
– Stack ports buffer is not shared as part of the shared pool. The dedicated buffer for stack ports can only be used by stack ports.
– IP-in-IP (IPIP) Tunneling
– IPsec
– IPSLA Media Operation
– IPv6 IKEv2 / IPSecv3
– IPv6 Ready Logo phase II - Host
– IPv6 Static Route support on LAN Base images
– IPv6 Strict Host Mode Support
– Layer 2 Tunneling Protocol Enhancements
– Link-State Tracking
– Mesh, FlexConnect, and OfficeExtend access point deployment
– Medianet
– MSE 8.x is not supported with Cisco IOS XE Denali 16.x.x.
– Passive Monitoring
– Per VLAN Policy & Per Port Policer
– Performance Monitor (Phase 1)
– Port Security on EtherChannel
– Pragmatic General Multicast (PGM)
– RFC 4292 IP-FORWARD-MIB (IPv6 only)
– RFC 4293 IP-MIB (IPv6 only)
– RFC4292/RFC4293 MIBs for IPv6 traffic
– RFC5460 DHCPv6 Bulk Leasequery
– Trust Boundary Configuration
– UniDirectional Link Routing (UDLR)
– VACL Logging of access denied
– VRF-Aware Web-Based Authentication
– Web-Based Authentication without SVI
– Weighted Random Early Detect (WRED)
Supported Hardware
Catalyst 3850 Switch Models
Table 1 Catalyst 3850 Switch Models
Switch Model
Cisco IOS Image
Description
WS-C3850-24T-L
LAN Base
Cisco Catalyst 3850 Stackable 24 10/100/1000 Ethernet ports, with 350-WAC power supply 1 RU, LAN Base feature set (StackPower cables must be purchased separately)
WS-C3850-48T-L
LAN Base
Cisco Catalyst 3850 Stackable 48 10/100/1000 Ethernet ports, with 350-WAC power supply 1 RU, LAN Base feature set (StackPower cables must be purchased separately)
WS-C3850-24P-L
LAN Base
Cisco Catalyst 3850 Stackable 24 10/100/1000 Ethernet PoE+ ports, with 715-WAC power supply 1 RU, LAN Base feature set (StackPower cables must be purchased separately)
WS-C3850-48P-L
LAN Base
Cisco Catalyst 3850 Stackable 48 10/100/1000 Ethernet PoE+ ports, with 715-WAC power supply 1 RU, LAN Base feature set (StackPower cables must be purchased separately)
WS-C3850-48F-L
LAN Base
Cisco Catalyst 3850 Stackable 48 10/100/1000 Ethernet PoE+ ports, with 1100-WAC power supply 1 RU, LAN Base feature set (StackPower cables must be purchased separately)
WS-C3850-12X48U-L
LAN Base
Stackable 12 100M/1G/2.5G/5G/10G and 36 1G UPoE ports, 1 network module slot, 1100 W power supply
WS-C3850-24XU-L
LAN Base
Stackable 24 100M/1G/2.5G/5G/10G UPoE ports, 1 network module slot, 1100 W AC power supply 1RU
WS-C3850-24T-S
IP Base
Cisco Catalyst 3850 Stackable 24 10/100/1000 Ethernet ports, with 350-WAC power supply 1 RU, IP Base feature set
WS-C3850-48T-S
IP Base
Cisco Catalyst 3850 Stackable 48 10/100/1000 Ethernet ports, with 350-WAC power supply 1 RU, IP Base feature set
WS-C3850-24P-S
IP Base
Cisco Catalyst 3850 Stackable 24 10/100/1000 Ethernet PoE+ ports, with 715-WAC power supply 1 RU, IP Base feature set
WS-C3850-48P-S
IP Base
Cisco Catalyst 3850 Stackable 48 10/100/1000 Ethernet PoE+ ports, with 715-WAC power supply 1 RU, IP Base feature set
WS-C3850-48F-S
IP Base
Cisco Catalyst 3850 Stackable 48 10/100/1000 Ethernet PoE+ ports, with 1100-WAC power supply, 1 RU.
WS-C3850-24PW-S
IP Base
Cisco Catalyst 3850 24-port PoE IP Base with 5-access point license
WS-C3850-48PW-S
IP Base
Cisco Catalyst 3850 48-port PoE IP Base with 5-access point license
Catalyst 3850 12-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 350 W power supply
WS-C3850-16XS-S
IP Base
Catalyst 3850 16-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 350 W power supply.
16 ports are available when the C3850-NM-4-10G network module is plugged into the WS-C3850-12XS-S switch.
WS-C3850-24XS-S
IP Base
Catalyst 3850 24-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 715 W power supply.
WS-C3850-32XS-S
IP Base
Catalyst 3850 32-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 715 W power supply.
32 ports are available when the C3850-NM-8-10G network module is plugged into the WS-C3850-24XS-S switch.
WS-C3850-48XS-S
IP Base
Standalone Cisco Catalyst 3850 Switch, that supports SFP+ transceivers, 48 ports that support up to 10G, and 4 QSFP ports that support up to 40G, and 750WAC front-to-back power supply. 1 RU.
WS-C3850-48XS-F-S
IP Base
Standalone Cisco Catalyst 3850 Switch that supports SFP+ transceivers, 48 ports that support up to 10G, and 4 QSFP ports that support up to 40G, and 750WAC back-to-front power supply. 1 RU.
WS-C3850-12X48U-S
IP Base
Stackable 12 100M/1G/2.5G/5G/10G and 36 1 G UPoE ports, 1 network module slot, 1100 W power supply
WS-C3850-24XU-S
IP Base
Stackable 24 100M/1G/2.5G/5G/10G UPoE ports, 1 network module slot, 1100 W AC power supply 1RU
WS-C3850-24T-E
IP Services
Cisco Catalyst 3850 Stackable 24 10/100/1000 Ethernet ports, with 350-WAC power supply 1 RU, IP Services feature set
WS-C3850-48T-E
IP Services
Cisco Catalyst 3850 Stackable 48 10/100/1000 Ethernet ports, with 350-WAC power supply 1 RU, IP Services feature set
WS-C3850-24P-E
IP Services
Cisco Catalyst 3850 Stackable 24 10/100/1000 Ethernet PoE+ ports, with 715-WAC power supply 1 RU, IP Services feature set
WS-C3850-48P-E
IP Services
Cisco Catalyst 3850 Stackable 48 10/100/1000 Ethernet PoE+ ports, with 715-WAC power supply 1 RU, IP Services feature set
WS-C3850-48F-E
IP Services
Cisco Catalyst 3850 Stackable 48 10/100/1000 Ethernet PoE+ ports, with 1100-WAC power supply 1 RU, IP Services feature set
Catalyst 3850 12-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 350 -W power supply
WS-C3850-16XS-E
IP Services
Catalyst 3850 16-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 350 W power supply
16 ports are available when the C3850-NM-4-10G network module is plugged into the WS-C3850-12XS-E switch.
WS-C3850-24XS-E
IP Services
Catalyst 3850 24-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 715 W power supply
WS-C3850-32XS-E
IP Services
Catalyst 3850 32-port SFP+ transceiver, 1 network module slot, support for up to 10 G SFP+, 715 W power supply
32 ports are available when the C3850-NM-8-10G network module is plugged into the WS-C3850-24XS-E switch
WS-C3850-12X48U-E
IP Services
Stackable 12 100M/1G/2.5G/5G/10G and 36 1 G UPoE ports, 1 network module slot, 1100 W power supply
WS-C3850-24XU-E
IP Services
Stackable 24 100M/1G/2.5G/5G/10G UPoE ports, 1 network module slot, 1100 W AC power supply 1RU
WS-C3850-48XS-E
IP Services
Standalone Cisco Catalyst 3850 Switch that supports SFP+ transceivers, 48 ports that support up to 10G, and 4 QSFP ports that support up to 40G, and 750 WAC front-to-back power supply. 1 RU.
WS-C3850-48XS-F-E
IP Services
Standalone Cisco Catalyst 3850 Switch that supports SFP+ transceivers, 48 ports that support up to 10G, and 4 QSFP ports that support up to 40G, and 750WAC back-to-front power supply. 1 RU.
Network Modules
Table 2 lists the three optional uplink network modules with 1-Gigabit and 10-Gigabit slots. You should only operate the switch with either a network module or a blank module installed.
Table 2 Supported Network Modules
Network Module
Description
C3850-NM-4-1G
This module has four 1 G SFP module slots. Any combination of standard SFP modules are supported. SFP+ modules are not supported.
If you insert an SFP+ module in the 1G network module, the SFP+ module does not operate, and the switch logs an error message.
Note This is supported on the following switch models:
– WS-C3850-24T/P/U
– WS-C3850-48T/F/P/U
– WS-C3850-12X48U
– WS-C3850-24XU
– WS-C3850-12S
– WS-C3850-24S
C3850-NM-2-10G
This module has four slots:
Two slots (left side) support only 1 G SFP modules and two slots (right side) support either 1 G SFP or 10 G SFP modules.
Note This is supported on the following switch models:
– WS-C3850-24T/P/U
– WS-C3850-48T/F/P/U
– WS-C3850-12X48U
– WS-C3850-24XU
– WS-C3850-12S
– WS-C3850-24S
C3850-NM-4-10G
This module has four 10 G slots or four 1 G slots.
Note This is supported on the following switch models:
– WS-C3850-48T/F/P/U
– WS-C3850-12X48U
– WS-C3850-24XU
– WS-C3850-12XS
– WS-C3850-24XS
C3850-NM-8-10G
This module has eight 10 G slots with an SFP+ port in each slot. Each port supports a 1 G or 10 G connection
Note This is supported on the following switch models:
– WS-C3850-12X48U
– WS-C3850-24XU
– WS-C3850-24XS
C3850-NM-2-40G
This module has two 40 G slots with a QSFP+ connector in each slot.
Note This is supported on the following switch models:
– WS-C3850-12X48U
– WS-C3850-24XU
– WS-C3850-24XS
Optics Modules
Catalyst switches support a wide range of optics. Because the list of supported optics is updated on a regular basis, consult the tables at this URL for the latest (SFP) compatibility information:
2.The Cisco IOS XE Denali 16.2.1 features are not available with 3.0.2, but 3.0.2 is compatible with Cisco IOS XE Denali 16.2.1.
3.Cisco 5700 (with Cisco IOS XE Release 03.06.03E/Cisco IOS XE Release 03.07.02E) inter-operates as a Peer MC with Catalyst 3850 running Cisco IOS XE Denali 16.1.1.
4.Because of SHA-2 certificate implementation, MSE 7.6 is not compatible with Cisco IOS XE Release 3.6E and later. Therefore, we recommend that you upgrade to MSE 8.0.
5.If MSE is deployed on your network, we recommend that you upgrade to Cisco Prime Infrastructure 2.1.2.
6.Cisco WLC Release 7.6 is not compatible with Cisco Prime Infrastructure 2.0.
7.Prime Infrastructure 2.0 enables you to manage Cisco WLC 7.5.102.0 with the features of Cisco WLC 7.4.110.0 and earlier releases. Prime Infrastructure 2.0 does not support any features of Cisco WLC 7.5.102.0 including the new AP platforms.
– Microsoft Internet Explorer—Versions 10 and later (On Windows)
– Microsoft Internet Explorer—Version 11 or later (On Windows 7 and Windows XP), and Microsoft Edge (On Windows 10)
– Safari—Version 7 and later (On Mac)
Finding the Software Version and Feature Set
The package files for the Cisco IOS XE software are stored on the system board flash device (flash:).
You can use the show version privileged EXEC command to see the software version that is running on your switch.
Note Although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license.
You can also use the dir filesystem : privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
Note You cannot use the Web UI to install, upgrade to, or downgrade from Cisco IOS XE Denali 16.x.x or Cisco IOS XE Everest 16.x.x.
Table 6 Software Installation CLI Commands
Cisco IOS XE 3.xE
Switch# software ?
auto-upgrade
Initiate auto upgrade for switches running incompatible software
clean
Clean unused package files from local media
commit
Commit the provisioned software and cancel the automatic rollback timer
expand
Expand a software bundle to local storage, default location is where the bundle currently resides
install
Install software
rollback
Rollback the committed software
Cisco IOS XE Denali and Everest 16.x.x Commands
Switch# request platform software package ?
clean
Clean unnecessary package files from media
copy
Copy package to media
describe
Describe package content
expand
Expand all-in-one package to media
install
Package installation
uninstall
Package uninstall
verify
Verify ISSU software package compatibility
Automatic Boot Loader Upgrade
When you upgrade from any prior IOS 3.xE release to an IOS XE 16.x.x release for the first time, the boot loader may be automatically upgraded, based on the hardware version of the switch. If the boot loader is automatically upgraded, it will take effect on the next reload. If you go back to an IOS 3.xE release, your boot loader will not be downgraded. The updated boot loader supports all previous IOS 3.xE releases.
For subsequent IOS XE 16.x.x releases, if there is a new bootloader in that release, it may be automatically upgraded based on the hardware version of the switch when you boot up your switch with the new image for the first time.
Caution Do not power cycle your switch during the upgrade.
Table 7 Automatic Boot Loader Response
Scenario
Automatic Boot Loader Response
If you boot Cisco IOS XE Everest 16.6.2, or Cisco IOS XE Everest 16.6.3, or Cisco IOS XE Everest 16.6.4, or Cisco IOS XE Everest 16.6.4a, or Cisco IOS XE Everest 16.6.5, or Cisco IOS XE Everest 16.6.6, or Cisco IOS XE Everest 16.6.7, or Cisco IOS XE Everest 16.6.8,
or Cisco IOS XE Everest 16.6.9,
or Cisco IOS XE Everest 16.6.10
for the first time
The boot loader may be upgraded to version 4.68. For example:
BOOTLDR: CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 4.68, RELEASE SOFTWARE (P)
If the automatic boot loader upgrade occurs, while booting, you will see the following on the console:
%IOSXEBOOT-Wed-###: (rp/0): Nov 2 20:46:19 Universal 2016 PLEASE DO NOT POWER CYCLE ### BOOT LOADER UPGRADING
During an IOS image upgrade or downgrade on a PoE or UPoE switch, the microcode is updated to reflect applicable feature enhancements and bug fixes. Do not restart the switch during the upgrade or downgrade process.
With the Cisco IOS XE Denali 16.x.x and the Cisco IOS XE Everest 16.x.x releases, it takes approximately an additional 4 minutes to complete the microcode upgrade in addition to the normal reload time. The microcode update occurs only during an image upgrade or downgrade on PoE or UPoE switches. It does not occur during switch reloads or on non-PoE switches.
The following console messages are displayed during microcode upgrade:
Front-end Microcode IMG MGR: found 4 microcode images for 1 device.
Image for front-end 0: /tmp/microcode_update/front_end/fe_type_6_0
Image for front-end 0: /tmp/microcode_update/front_end/fe_type_6_1
Image for front-end 0: /tmp/microcode_update/front_end/fe_type_6_2
Image for front-end 0: /tmp/microcode_update/front_end/fe_type_6_3
Front-end Microcode IMG MGR: Preparing to program device microcode...
Front-end Microcode IMG MGR: Preparing to program device[0]...594412 bytes....
Skipped[0].
Front-end Microcode IMG MGR: Preparing to program device[0]...381758 bytes.
373203016 bytes copied in 80.662 secs (4626927 bytes/sec)
Switch#
Step 3 Use the dir flash command to confirm that the image has been successfully copied to flash.
Switch# dir flash:*.bin
Directory of flash:/
32339 -rw- 373217171 May 26 2017 13:52:53 -07:00 cat3k_caa-universalk9.16.06.01.SPA.bin
1562509312 bytes total (731021312 bytes free)
Switch#
Software Install Image to Flash
Step 4 Use the software install command with the ‘ new ’ and ‘ force ’ options to expand the target image to flash. You can point to the source image on your TFTP server or in flash if you have it copied to flash.
Switch# software install file flash:cat3k_caa-universalk9.16.06.01.SPA.bin new force
Preparing install operation...
[1]: Copying software from active switch 1 to switches 2,3,4
[1 2 3 4]: Finished installing software. New software will load on reboot.
[1 2 3 4]: Committing provisioning file
[1 2 3 4]: Do you want to proceed with reload? [yes/no]: yes
[1 2 3 4]: Reloading
Switch#
Note Old files listed in the logs should be removed using the request platform software package clean switch all command, after reload
Reload
Step 5 If you said ‘Yes’ to the prompt in software install and your switches are configured with auto boot, the stack will automatically boot up with the new image. If not, you can manually boot flash:packages.conf
switch: boot flash:packages.conf
Note When you boot the new image, it will automatically update the boot loader.
Step 6 When the new image boots up, you can verify the version of the new image, by checking show version
Step 7 After you have successfully installed the image, you no longer need the.bin image and the file can be deleted from flash of each switch if it was copied to flash.
Upgrading from Cisco IOS XE 3.xE to Cisco IOS XE Denali 16.x.x, or Cisco IOS XE Everest 16.6.x in Bundle Mode
Follow these instructions to upgrade from Cisco IOS XE 3.xE to Cisco IOS XE Denali 16.x.x, or Cisco IOS XE Everest 16.6.x in bundle mode:
Copy New Image to Stack
Note You cannot boot Cisco IOS XE Denali 16.x.x or Cisco IOS XE Everest 16.x.x via TFTP for the first time with a Cisco IOS XE 3.xE boot loader. The Cisco IOS XE 3.xE boot loaders have a limitation, which prevents the booting of an image larger than 400MB via the TFTP server. Since Cisco IOS XE Denali 16.x.x and Cisco IOS XE Everest 16.x.x images are larger than 400MB, you must boot the image via flash.
Step 1 Make sure your TFTP server is reachable from IOS via GigabitEthernet0/0.
Switch# show run | i tftp
ip tftp source-interface GigabitEthernet0/0
ip tftp blocksize 8192
Switch#
Switch# show run | i ip route vrf
ip route vrf Mgmt-vrf 5.0.0.0 255.0.0.0 5.30.0.1
Switch#
Switch# show run int GigabitEthernet0/0
Building configuration...
Current configuration : 115 bytes
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 5.30.12.121 255.255.0.0
negotiation auto
end
Switch#
Switch# ping vrf Mgmt-vrf ip 5.28.11.250
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.28.11.250, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
Step 2 Copy the image from your TFTP server to flash.
Move from Cisco IOS XE Everest 16.x.x Bundle Mode to Install Mode
Step 11 Ensure you have enough space in flash to expand a new image by cleaning up old installation files. This command will erase your Cisco IOS XE Everest 16.x.x bin image file, so ensure that you copy it to your Active again.
Use the switch all option to clean up all switches in your stack.
Switch# request platform software package clean switch all file flash:
373203016 bytes copied in 80.662 secs (4626927 bytes/sec)
Switch#
Step 13 Use the request platform software package expand switch all file flash:image.bin auto-copy command to expand the target image to flash and move from bundle mode to install mode. You can point to the source image on your TFTP server or in flash if you have it copied to flash.
Use the switch all option to upgrade all switches in your stack Use the auto-copy option to copy the.bin image from flash: to all other switches in your stack
Step 15 Edit the boot variable to point to the new image.
Switch(config)# boot system flash:packages.conf
Step 16 Use the write memory command to save the configuration change.
Switch# write memory
Step 17 Use the show boot command to confirm that your boot variable is pointing to the new image
Switch# show boot
---------------------------
Switch 1
---------------------------
Current Boot Variables:
BOOT variable = flash:packages.conf;
Boot Variables on next reload:
BOOT variable = flash:packages.conf;
Manual Boot = yes
Enable Break = yes
Switch#
Reload
Step 18 Reload the switch
Switch# reload
Step 19 If your switches are configured with auto boot, the stack will automatically boot up with the new image. If not, you can manually boot flash:packages.conf
switch:boot flash:packages.conf
Step 20 When the new image boots up, you can verify the version of the new image, by checking show version
373203016 bytes copied in 80.662 secs (4626927 bytes/sec)
Switch#
Step 3 Use the dir flash command to confirm that the image has been successfully copied to flash.
Switch# dir flash:*.bin
Directory of flash:/
32339 -rw- 373217171 May 26 2017 13:52:53 -07:00 cat3k_caa-universalk9.16.06.01.SPA.bin
1562509312 bytes total (731021312 bytes free)
Switch#
Set Boot Variable
Step 4 Use the boot system flash:packages.conf command to set the boot variable.
Switch(config)# boot system flash:packages.conf
Switch(config)# exit
Use the write memory command to save boot settings.
Switch# write memory
Use this command to verify BOOT variable = flash:packages.conf
Switch# show boot system
Software Install Image to Flash
Step 5 Use the request platform software package install switch all file flash: new auto-copy command to install the target image to flash. We recommend copying the image to a TFTP server or the flash drive of the active switch.
If you point to an image on the flash or USB drive of a member switch (instead of the active), you must specify the exact flash or USB drive - otherwise installation fails. For example, if the image is on the flash drive of member switch 3:
Switch# request platform software package install switch all file flash-3:cat3k_caa-universalk9.16.06.01.SPA.bin new auto-copy
[3]: Copying flash-3: cat3k_caa-universalk9.16.03.05.SPA.bin from switch 3 to switch 1 2 4
<output truncated>
Note Use the switch all option to upgrade all switches in your stack You must use the new option when you upgrade from Cisco IOS XE Denali 16.1.x, 16.2.x or 16.3.1 to Cisco IOS XE Everest 16.5.1a. (There are packaging changes in the different 16.x.x releases.) Use the auto-copy option to copy the.bin image from flash: to all other switches in your stack
Note When you execute the command, the following message is displayed: Unknown package type 21 This is expected and does not affectthe upgrade. See CSCux82059
Switch# request platform software package install switch all file flash:cat3k_caa-universalk9.16.06.01.SPA.bin new auto-copy
SUCCESS: Software provisioned. New software will load on reboot.
[1]: Finished install successful on switch 1
[2]: install package(s) on switch 2
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-rpbase.16.01.01E.SPA.pkg
Removed cat3k_caa-srdriver.16.01.01E.SPA.pkg
Removed cat3k_caa-wcm.16.01.01E.SPA.pkg
Removed cat3k_caa-webui.16.01.01E.SPA.pkg
New files list:
Added cat3k_caa-rpbase.16.06.01.SPA.pkg
Added cat3k_caa-rpcore.16.06.01.SPA.pkg
Added cat3k_caa-srdriver.16.06.01.SPA.pkg
Added cat3k_caa-guestshell.16.06.01.SPA.pkg
Added cat3k_caa-webui.16.06.01.SPA.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[2]: Finished install successful on switch 2
[3]: install package(s) on switch 3
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-rpbase.16.01.01E.SPA.pkg
Removed cat3k_caa-srdriver.16.01.01E.SPA.pkg
Removed cat3k_caa-wcm.16.01.01E.SPA.pkg
Removed cat3k_caa-webui.16.01.01E.SPA.pkg
New files list:
Added cat3k_caa-rpbase.16.06.01.SPA.pkg
Added cat3k_caa-rpcore.16.06.01.SPA.pkg
Added cat3k_caa-srdriver.16.06.01.SPA.pkg
Added cat3k_caa-guestshell.16.06.01.SPA.pkg
Added cat3k_caa-webui.16.06.01.SPA.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[3]: Finished install successful on switch 3
[4]: install package(s) on switch 4
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-rpbase.16.01.01E.SPA.pkg
Removed cat3k_caa-srdriver.16.01.01E.SPA.pkg
Removed cat3k_caa-wcm.16.01.01E.SPA.pkg
Removed cat3k_caa-webui.16.01.01E.SPA.pkg
New files list:
Added cat3k_caa-rpbase.16.06.01.SPA.pkg
Added cat3k_caa-rpcore.16.06.01.SPA.pkg
Added cat3k_caa-srdriver.16.06.01.SPA.pkg
Added cat3k_caa-guestshell.16.06.01.SPA.pkg
Added cat3k_caa-webui.16.06.01.SPA.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[4]: Finished install successful on switch 4
Checking status of install on [1 2 3 4]
[1 2 3 4]: Finished install in switch 1 2 3 4
SUCCESS: Finished install: Success on [1 2 3 4]
Switch#
Note Old files listed in the logs will not be removed from flash.
Step 6 After you have successfully installed the software, verify that the flash partition has five new.pkg files and one updated packages.conf file. See sample output below:
Switch# dir flash:*.pkg
Directory of flash:/*.pkg
Directory of flash:/
7747 -rw-281076014 Mar 27 2016 22:15:50 +00:00 cat3k_caa-rpbase.16.01.01E.SPA.pkg
7748 -rw-7197312 Mar 27 2016 22:15:51 +00:00 cat3k_caa-srdriver.16.01.01E.SPA.pkg
7749 -rw-166767220 Mar 27 2016 22:15:51 +00:00 cat3k_caa-wcm.16.01.01E.SPA.pkg
7750 -rw-14631548 Mar 27 2016 22:15:51 +00:00 cat3k_caa-webui.16.01.01E.SPA.pkg
31000-rw-22173354 Aug 1 2016 04:40:38 -07:00 cat3k_caa-rpbase.16.06.01.SPA.pkg
30996-rw-266177140 Aug 1 2016 04:40:36 -07:00 cat3k_caa-rpcore.16.06.01.SPA.pkg
30998-rw-9067132 Aug 1 2016 04:40:37 -07:00 cat3k_caa-srdriver.16.06.01.SPA.pkg
30999-rw-178403952 Aug 1 2016 04:40:38 -07:00 cat3k_caa-guestshell.16.06.01.SPA.pkg
30997-rw-13333112 Aug 1 2016 04:40:37 -07:00 cat3k_caa-webui.16.06.01.SPA.pkg
1621966848 bytes total (132620288 bytes free)
Switch#
Switch# dir flash:*.conf
Directory of flash:/packages.conf
32342 -rw- 4690 May 26 2017 14:58:12 -07:00 packages.conf
1562509312 bytes total (730988544 bytes free)
Switch#
Step 7 After you have successfully installed the image, you no longer need the.bin image. If you copied the file to flash
1. Enter the dir flash:*.bin command to check if it is still saved in the the flash of each switch.
2. If an image is still saved, you can delete it, if not, it has been deleted as part of the install operation and you can skip this step.
Switch# dir flash:*.bin
Directory of flash:/
32339-rw-373217171 May 26 2017 13:52:53 -07:00 cat3k_caa-universalk9.16.06.01.SPA.bin
Step 9 If the switch is configured with auto boot, then the stack automatically boots up with the new image. If not, you can manually boot flash:packages.conf
switch:boot flash:packages.conf
Step 10 When the new image boots up, you can verify the version of the new image, by using the show version command:
Upgrading or Downgrading from Cisco IOS XE Everest 16.6.x to a Cisco IOS XE 16.x.x Release in Install Mode
Follow these instructions to upgrade from Cisco IOS XE Everest 16.6.x to a future Cisco IOS XE 16.x.x release in Install mode, or to downgrade from Cisco IOS XE Everest 16.6.x to an earlier Cisco IOS XE Denali 16.x.x or Cisco IOS XE Everest 16.x.x release in install mode. Sample output in the example is of an upgrade scenario; the same steps apply when you downgrade as well.
Clean Up
Step 1 Ensure you have enough space in flash to expand a new image by cleaning up old installation files.
Use the switch all option to clean up all switches in your stack.
Switch# request platform software package clean switch all file flash:
Running command on switch 1
Cleaning up unnecessary package files
Scanning boot directory for packages... done.
Preparing packages list to delete...
packages.conf
File is in use, will not delete.
cat3k_caa-rpbase.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-rpcore.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-srdriver.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-guestshell.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-webui.16.06.01.SPA.pkg
File is in use, will not delete.
done.
SUCCESS: No extra package or provisioning files found on media. Nothing to clean.
Running command on switch 2
Cleaning up unnecessary package files
Scanning boot directory for packages... done.
Preparing packages list to delete...
packages.conf
File is in use, will not delete.
cat3k_caa-rpbase.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-rpcore.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-srdriver.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-guestshell.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-webui.16.06.01.SPA.pkg
File is in use, will not delete.
done.
SUCCESS: No extra package or provisioning files found on media. Nothing to clean.
Running command on switch 3
Cleaning up unnecessary package files
Scanning boot directory for packages... done.
Preparing packages list to delete...
packages.conf
File is in use, will not delete.
cat3k_caa-rpbase.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-rpcore.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-srdriver.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-guestshell.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-webui.16.06.01.SPA.pkg
File is in use, will not delete.
done.
SUCCESS: No extra package or provisioning files found on media. Nothing to clean.
Running command on switch 4
Cleaning up unnecessary package files
Scanning boot directory for packages... done.
Preparing packages list to delete...
packages.conf
File is in use, will not delete.
cat3k_caa-rpbase.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-rpcore.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-srdriver.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-guestshell.16.06.01.SPA.pkg
File is in use, will not delete.
cat3k_caa-webui.16.06.01.SPA.pkg
File is in use, will not delete.
done.
SUCCESS: No extra package or provisioning files found on media. Nothing to clean.
Switch#
Copy New Image to Stack
Step 2 Copy the new image to flash: (or skip this step if you want to use the new image from your TFTP server)
465466221 bytes copied in 118.175 secs (3938788 bytes/sec)
Switch#
Step 3 Use the dir flash command to confirm that the image has been successfully copied to flash.
Switch# dir flash:*.bin
Directory of flash:/*.bin
Directory of flash:/
7759-rw-465466221 Aug 1 2016 04:35:43 +00:00 cat3k_caa-universalk9.16.08.01.SPA.bin
1621966848 bytes total (598597632 bytes free)
Switch#
Set Boot Variable
Step 4 Use the boot system flash:packages.conf command to set the boot variable.
Switch(config)# boot system flash:packages.conf
Switch(config)# exit
Use the write memory command to save boot settings.
Switch# write memory
Use this command to verify BOOT variable = flash:packages.conf
Switch# show boot system
Software Install Image to Flash
Step 5 Use the request platform software package install switch all file flash: auto-copy command to install the target image to flash. We recommend copying the image to a TFTP server or the flash drive of the active switch.
If you point to an image on the flash or USB drive of a member switch (instead of the active), you must specify the exact flash or USB drive - otherwise installation fails. For example, if the image is on the flash drive of member switch 3:
Switch# request platform software package install switch all file flash-3:cat3k_caa-universalk9.16.03.05.SPA.bin new auto-copy
[3]: Copying flash-3: cat3k_caa-universalk9.16.03.05.SPA.bin from switch 3 to switch 1 2 4
<output truncated>
Note Use the switch all option to upgrade all switches in your stack Use the auto-copy option to copy the.bin image from flash: to all other switches in your stack
SUCCESS: Software provisioned. New software will load on reboot.
[1]: Finished install successful on switch 1
[2]: install package(s) on switch 2
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-rpbase.16.06.01.SPA.pkg
Removed cat3k_caa-rpcore.16.06.01.SPA.pkg
Removed cat3k_caa-srdriver.16.06.01.SPA.pkg
Removed cat3k_caa-guestshell.16.06.01.SPA.pkg
Removed cat3k_caa-webui.16.06.01.SPA.pkg
New files list:
Added cat3k_caa-rpbase.16.08.01.SPA.pkg
Added cat3k_caa-rpcore.16.08.01.SPA.pkg
Added cat3k_caa-srdriver.16.08.01.SPA.pkg
Added cat3k_caa-guestshell.16.08.01.SPA.pkg
Added cat3k_caa-webui.16.08.01.SPA.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[2]: Finished install successful on switch 2
[3]: install package(s) on switch 3
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-rpbase.16.06.01.SPA.pkg
Removed cat3k_caa-rpcore.16.06.01.SPA.pkg
Removed cat3k_caa-srdriver.16.06.01.SPA.pkg
Removed cat3k_caa-guestshell.16.06.01.SPA.pkg
Removed cat3k_caa-webui.16.06.01.SPA.pkg
New files list:
Added cat3k_caa-rpbase.16.08.01.SPA.pkg
Added cat3k_caa-rpcore.16.08.01.SPA.pkg
Added cat3k_caa-srdriver.16.08.01.SPA.pkg
Added cat3k_caa-guestshell.16.08.01.SPA.pkg
Added cat3k_caa-webui.16.08.01.SPA.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[3]: Finished install successful on switch 3
[4]: install package(s) on switch 4
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-rpbase.16.06.01.SPA.pkg
Removed cat3k_caa-rpcore.16.06.01.SPA.pkg
Removed cat3k_caa-srdriver.16.06.01.SPA.pkg
Removed cat3k_caa-guestshell.16.06.01.SPA.pkg
Removed cat3k_caa-webui.16.06.01.SPA.pkg
New files list:
Added cat3k_caa-rpbase.16.08.01.SPA.pkg
Added cat3k_caa-rpcore.16.08.01.SPA.pkg
Added cat3k_caa-srdriver.16.08.01.SPA.pkg
Added cat3k_caa-guestshell.16.08.01.SPA A.pkg
Added cat3k_caa-webui.16.08.01.SPA.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[4]: Finished install successful on switch 4
Checking status of install on [1 2 3 4]
[1 2 3 4]: Finished install in switch 1 2 3 4
SUCCESS: Finished install: Success on [1 2 3 4]
Switch#
Note Old files listed in the logs will not be removed from flash.
Step 6 After the software has been successfully installed, verify that the flash partition has five new .pkg files and 1 updated packages.conf file. See sample output below.
Switch# dir flash:*.pkg
Directory of flash:/*.pkg
Directory of flash:/
7761-rw-21906269 Aug 1 2016 04:45:48 +00:00 cat3k_caa-rpbase.16.06.01.SPA.pkg
7765-rw-253160056 Aug 1 2016 04:45:50 +00:00 cat3k_caa-rpcore.16.06.01.SPA.pkg
7763-rw-7328384 Aug 1 2016 04:45:49 +00:00 cat3k_caa-srdriver.16.06.01.SPA.pkg
7762-rw-165657204 Aug 1 2016 04:45:49 +00:00 cat3k_caa-guestshell.16.06.01.SPA.pkg
7764-rw-17408636 Aug 1 2016 04:45:49 +00:00 cat3k_caa-webui.16.06.01.SPA.pkg
7749-rw-21902119 Aug 1 2016 06:09:38 +00:00 cat3k_caa-rpbase.16.08.01.SPA.pkg
7760-rw-253094520 Aug 1 2016 06:09:41 +00:00 cat3k_caa-rpcore.16.08.01.SPA.pkg
7755-rw-7326336 Aug 1 2016 06:09:39 +00:00 cat3k_caa-srdriver.16.08.01.SPA.pkg
7750-rw-165667444 Aug 1 2016 06:09:39 +00:00 cat3k_caa-guestshell.16.08.01.SPA.pkg
7759-rw-16829052 Aug 1 2016 06:09:39 +00:00 cat3k_caa-webui.16.08.01.SPA.pkg
1621966848 bytes total (137928704 bytes free)
Switch#
Switch# dir flash:*.conf
Directory of flash:/*.conf
Directory of flash:/
7766-rw-5137 Aug 1 2016 06:10:39 +00:00 cat3k_caa-universalk9.16.08.01.SPA.conf
7769-rw-5125 Aug 1 2016 06:11:19 +00:00 packages.conf
1621966848 bytes total (137928704 bytes free)
Switch#
Reload
Step 7 Reload the switch
Switch# reload
Step 8 If your switches are configured with auto boot, then the stack will automatically boot up with the new image. If not, you can manually boot flash:packages.conf
switch: boot flash:packages.conf
Note When you boot the new image, it will automatically update the boot loader.
Step 9 When the new image boots up, you can verify the version of the new image, using the show version command.
Downgrade from Cisco IOS XE 16.x.x to Cisco IOS XE 3.xE in Install Mode
Follow these instructions to downgrade from Cisco IOS XE 16.x.x to older Cisco IOS XE 3.xE releases in Install Mode.
Clean Up
Step 1 Ensure you have enough space in flash to expand a new image by cleaning up old installation files.
Use the switch all option to clean up all switches in your stack.
Switch# request platform software package clean switch all file flash:
311154824 bytes copied in 68.781 secs (4523849 bytes/sec)
Switch#
Step 3 Use the dir flash command to confirm that the image has been successfully copied to flash.
Switch# dir flash:*.bin
Directory of flash:/*.bin
Directory of flash:/
47718-rw-311154824 Nov 25 2015 18:17:21 +00:00
cat3k_caa-universalk9.SPA.03.07.02.E.152-3.E2.bin
3458338816 bytes total (2468995072 bytes free)
Switch#
Downgrade Software Image
Step 4 Use the request platform software package install command with the new option to downgrade your stack. You can point to the source image on your tftp server or in flash if you have it copied to flash.
Use the switch all option is needed to upgrade all switches in your stack. Use the auto-copy option to copy the.bin image from flash: to all other switches in your stack.
Switch# request platform software package install switch all file flash:cat3k_caa-
universalk9.SPA.03.07.02.E.152-3.E2.bin new auto-copy
SUCCESS: Software provisioned. New software will load on reboot.
[1]: Finished install successful on switch 1
[2]: install package(s) on switch 2
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-rpbase.16.05.01a.SPA.pkg
Removed cat3k_caa-rpcore.16.05.01a.SPA.pkg
Removed cat3k_caa-srdriver.16.05.01a.SPA.pkg
Removed cat3k_caa-guestshell.16.05.01a.SPA.pkg
Removed cat3k_caa-webui.16.05.01a.SPA.pkg
New files list:
Added cat3k_caa-base.SPA.03.07.02E.pkg
Added cat3k_caa-drivers.SPA.03.07.02E.pkg
Added cat3k_caa-infra.SPA.03.07.02E.pkg
Added cat3k_caa-iosd-universalk9.SPA.152-3.E2.pkg
Added cat3k_caa-platform.SPA.03.07.02E.pkg
Added cat3k_caa-wcm.SPA.10.3.120.0.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[2]: Finished install successful on switch 2
[3]: install package(s) on switch 3
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-rpbase.16.05.01a.SPA.pkg
Removed cat3k_caa-rpcore.16.05.01a.SPA.pkg
Removed cat3k_caa-srdriver.16.05.01a.SPA.pkg
Removed cat3k_caa-guestshell.16.05.01a.SPA.pkg
Removed cat3k_caa-webui.16.05.01a.SPA.pkg
New files list:
Added cat3k_caa-base.SPA.03.07.02E.pkg
Added cat3k_caa-drivers.SPA.03.07.02E.pkg
Added cat3k_caa-infra.SPA.03.07.02E.pkg
Added cat3k_caa-iosd-universalk9.SPA.152-3.E2.pkg
Added cat3k_caa-platform.SPA.03.07.02E.pkg
Added cat3k_caa-wcm.SPA.10.3.120.0.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[3]: Finished install successful on switch 3
[4]: install package(s) on switch 4
--- Starting list of software package changes ---
Old files list:
Removed cat3k_caa-rpbase.16.05.01a.SPA.pkg
Removed cat3k_caa-rpcore.16.05.01a.SPA.pkg
Removed cat3k_caa-srdriver.16.05.01a.SPA.pkg
Removed cat3k_caa-guestshell.16.05.01a.SPA.pkg
Removed cat3k_caa-webui.16.05.01a.SPA.pkg
New files list:
Added cat3k_caa-base.SPA.03.07.02E.pkg
Added cat3k_caa-drivers.SPA.03.07.02E.pkg
Added cat3k_caa-infra.SPA.03.07.02E.pkg
Added cat3k_caa-iosd-universalk9.SPA.152-3.E2.pkg
Added cat3k_caa-platform.SPA.03.07.02E.pkg
Added cat3k_caa-wcm.SPA.10.3.120.0.pkg
Finished list of software package changes
SUCCESS: Software provisioned. New software will load on reboot.
[4]: Finished install successful on switch 4
Checking status of install on [1 2 3 4]
[1 2 3 4]: Finished install in switch 1 2 3 4
SUCCESS: Finished install: Success on [1 2 3 4]
Note The old files listed in the logs should be removed using the software clean command, after reload
Step 5 After you have successfully installed the image, you no longer need the.bin image and the file can be deleted from flash of each switch if you copied it to flash.
Step 7 If your switches are configured with auto boot, then the stack will automatically boot up with the new image. If not, you can manually boot flash:packages.conf
Switch: boot flash:packages.conf
Note When you downgrade to a Cisco IOS XE 3.xE image, your boot loader will not automatically downgrade. It will remain updated. The new boot loader can support booting both Cisco IOS XE 3.xE releases as well as Cisco IOS XE Denali 16.x.x and Cisco IOS XE Everest 16.x.x releases.
Downgrade from Cisco IOS XE 16.x.x to Cisco IOS XE 3.xE in Bundle Mode
Follow these instructions to downgrade from Cisco IOS XE 16.x.x in Bundle mode to an older Cisco IOS XE 3.xE release in Bundle mode.
Copy New Image to Stack
Step 1 Make sure your TFTP server is reachable from IOS via GigabitEthernet0/0.
Switch# show run | i tftp
ip tftp source-interface GigabitEthernet0/0
ip tftp blocksize 8192
Switch#
Switch# show run | i ip route vrf
ip route vrf Mgmt-vrf 5.0.0.0 255.0.0.0 5.30.0.1
Switch#
Switch# show run int GigabitEthernet0/0
Building configuration...
Current configuration : 115 bytes
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 5.30.12.121 255.255.0.0
negotiation auto
end
Switch#
Switch# ping vrf Mgmt-vrf ip 5.28.11.250
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.28.11.250, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
Step 2 Copy the image from your TFTP server to flash.
Step 9 If your switches are configured with auto boot, the stack will automatically boot up with the new image. If not, you can manually boot flash:cat3k_caa-universalk9.SPA.03.07.02.E.152-3.E2.bin
Note When you downgrade to a Cisco IOS XE 3.xE image, your boot loader will remain updated, and will automatically be downgraded. The new boot loader can support booting both Cisco IOS XE 3.x releases as well as Cisco IOS XE Denali 16.x.x and Cisco IOS XE Everest 16.x.x releases.
Step 10 When the new image boots up, you can verify the version of the new image, by checking show version
Move from Cisco IOS XE 3.xE Bundle Mode to Install Mode
Step 11 Ensure you have enough space in flash to expand a new image by cleaning up old installation files. This command will erase your Cisco IOS XE 3.xE bin image file, so ensure that you copy it to your Active again.
Switch# software clean file flash:
Preparing clean operation...
[1 2 3 4]: Cleaning up unnecessary package files
[1 2 3 4]: Preparing packages list to delete...
[1]: Files that will be deleted:
cat3k_caa-rpbase.16.05.01a.SPA.pkg
cat3k_caa-rpcore.16.05.01a.SPA.pkg
cat3k_caa-srdriver.16.05.01a.SPA.pkg
cat3k_caa-universalk9.16.05.01a.SPA.bin
cat3k_caa-guestshell.16.05.01a.SPA.pkg
cat3k_caa-webui.16.05.01a.SPA.pkg
packages.conf
[2]: Files that will be deleted:
cat3k_caa-rpbase.16.05.01a.SPA.pkg
cat3k_caa-rpcore.16.05.01a.SPA.pkg
cat3k_caa-srdriver.16.05.01a.SPA.pkg
cat3k_caa-universalk9.16.05.01a.SPA.bin
cat3k_caa-guestshell.16.05.01a.SPA.pkg
cat3k_caa-webui.16.05.01a.SPA.pkg
packages.conf
[3]: Files that will be deleted:
cat3k_caa-rpbase.16.05.01a.SPA.pkg
cat3k_caa-rpcore.16.05.01a.SPA.pkg
cat3k_caa-srdriver.16.05.01a.SPA.pkg
cat3k_caa-universalk9.16.05.01a.SPA.bin
cat3k_caa-guestshell.16.05.01a.SPA.pkg
cat3k_caa-webui.16.05.01a.SPA.pkg
packages.conf
[4]: Files that will be deleted:
cat3k_caa-rpbase.16.05.01a.SPA.pkg
cat3k_caa-rpcore.16.05.01a.SPA.pkg
cat3k_caa-srdriver.16.05.01a.SPA.pkg
cat3k_caa-universalk9.16.05.01a.SPA.bin
cat3k_caa-guestshell.16.05.01a.SPA.pkg
cat3k_caa-webui.16.05.01a.SPA.pkg
packages.conf
[1 2 3 4]: Do you want to proceed with the deletion? [yes/no]: yes
[1 2 3 4]: Clean up completed
Switch#
Step 12 Copy the image from your TFTP server to flash
311154824 bytes copied in 68.781 secs (4523849 bytes/sec)
Switch#
Step 13 Use the software expand command to expand the target image to flash and move from bundle mode to install mode. You can point to the source image on your TFTP server or in flash if you have it copied to flash.
Step 15 Edit the boot variable to point to the new image.
Switch(config)# boot system flash:packages.conf
Step 16 Use the write memory command to save the configuration change.
Switch# write memory
Step 17 Use the show boot command to confirm that your boot variable is pointing to the new image
Switch# show boot
---------------------------
Switch 1
---------------------------
Current Boot Variables:
BOOT variable = flash:packages.conf;
Boot Variables on next reload:
BOOT variable = flash:packages.conf;
Manual Boot = yes
Enable Break = yes
Switch#
Reload
Step 18 Reload the switch
Switch# reload
Step 19 If your switches are configured with auto boot, the stack will automatically boot up with the new image. If not, you can manually boot flash:packages.conf
switch:boot flash:packages.conf
Step 20 When the new image boots up, you can verify the version of the new image, by checking show version
Step 21 After you have successfully installed the image, you no longer need the.bin image and the file can be deleted from the flash of each switch if you had copied to flash.
The EXEC mode Right to Use License command allows you to activate or deactivate feature set licenses. This command provides options to activate or deactivate any license supported on the platform.
license right-to-use activate ipbase all acceptEULA
Activate IP Base license on all the switches in the stack.
Enter acceptEULA to indicate acceptance.
2
show license right-to-use
Check the reboot license level is ipbase for all the switches.
3
reload
Reboots the switch to boot with ipbase.
Changing the License Level of License Mismatch Switch from Active’s Console
If the license mismatch switch has a lower license level than other switches in the stack, and the stack is running at IP Services and the mismatch switch is booted with IP Base license.
Step
Command
Purpose
1
show switch
Get the switch number in license mismatch state.
2
show license right-to-use mismatch
Check the license level of the license mismatch switch.
Activate IP Services license on all the mismatch switches in the stack.
Enter acceptEULA to indicate acceptance.
4
reload slot switch-id
Reboot the license mismatch switch to boot with ipservices and join the stack.
If the license mismatch switch has a higher license level than other switches in the stack, and the stack is running at IP Base and the mismatch switch is booted with IP Services license.
Step
Command
Purpose
1
show switch
Get the switch number in license mismatch state.
2
show license right-to-use mismatch
Check the license level of the license mismatch switch.
Activate IP Base license on the license mismatch switch.
Enter acceptEULA to indicate acceptance.
4
reload slot switch-id
Reboots the license mismatch switch to boot with ipbase and join the stack.
Feature Sets
The Cisco Catalyst 3850 Series Switches supports three different feature sets:
LAN Base feature set—Provides basic Layer 2+ features, including access control lists (ACLs) and quality of service (QoS), up to 255 VLANs, support for routing protocols (Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Policy-Based Routing (PBR), Protocol Independent Multicast Stub Routing (PIM Stub Routing) with IPv4 and IPv6, and routed access with IPv4 and IPv6 (OSPF — up to 1000 routes, Multicast — up to 1000 routes).
IP Base feature set—Provides Layer 2+ and basic Layer 3 features (enterprise-class intelligent services). These features include access control lists (ACLs), quality of service (QoS), static routing, Enhanced Interior Gateway Routing Protocol (EIGRP) stub routing, IP multicast routing, RIP, basic IPv6 management, the OSPF Protocol (for routed access only). The license supports up to 4094 VLANs.
IP Services feature set—Provides a richer set of enterprise-class intelligent services and full IPv6 support. It includes IP Base features plus Layer 3 routing (IP unicast routing and IP multicast routing). The IP Services feature set includes protocols such as the EIGRP, OSPF Protocol. The license supports up to 4094 VLANs.
For more information about the features, see the product data sheet at this URL:
Control Plane Policing (CoPP)—Starting with Cisco IOS XE Everest 16.6.4, the show run command does not display information about classes configured under system-cpp policy, when they are left at default values. Use the show policy-map system-cpp-policy or the s how policy-map control-plane commands in privileged EXEC mode instead.
Smart Install—The feature is deprecated starting with Cisco IOS XE Everest 16.5.1a. The commands are visible on the CLI until Cisco IOS XE Everest 16.6.1, but the feature is not supported. Enter the no vstack command in global configuration mode and disable the feature. Starting from Cisco IOS XE Everest 16.6.2, the vstack command is not available on the CLI.
Limitations for YANG data modeling—A maximum of 20 simultaneous NETCONF sessions are supported.
Restrictions for QoS:
– When configuring QoS queuing policy, the sum of the queuing buffer should not exceed 100%.
– For QoS policies, only switched virtual interfaces (SVI) are supported for logical interfaces.
– QoS policies are not supported for port-channel interfaces, tunnel interfaces, and other logical interfaces.
Starting with Cisco IOS XE Denali 16.3.1, Centralized Management Mode (CMM) is no longer supported.
You cannot configure NetFlow export using the Ethernet Management port (GigabitEthernet0/0).
Flex Links are not supported. We recommend that you use spanning tree protocol (STP) as the alternative.
Outdoor access points are supported only when they are in Local mode.
Restrictions for Cisco TrustSec:
– Dynamic SGACL download is limited to 6KB per destination group tag (DGT).
– Cisco TrustSec can be configured only on physical interfaces, not on logical interfaces.
– Cisco TrustSec cannot be configured on a pure bridging domain with IPSG feature enabled. You must either enable IP routing or disable the IPSG feature in the bridging domain.
Restriction for VLAN: It is advisable to have well-defined segregation while defining data and voice domain during switch configuration and to maintain a data VLAN different from voice VLAN across the switch stack. If the same VLAN is configured for data and voice domains on an interface, the resulting high CPU utilization might affect the device.
When a logging discriminator is configured and applied to a device, memory leak is seen under heavy syslog or debug output. The rate of the leak is dependent on the quantity of logs produced. In extreme cases, the device may crash. As a workaround, disable the logging discriminator on the device.
For the WS-C3850-12X48U-L, WS-C3850-12X48U-S and WS-C3850-12X48U-E switch models, a maximum of 28 ports are available for UPoE connections.
When the device is running SCP (Secure Copy Protocol) and SSH cryptographic operations, expect high CPU until the SCP read process is completed. SCP supports file transfers between hosts on a network and uses SSH for the transfer.
Since SCP and SSH operations are currently not supported on the hardware crypto engine, running encryption and decryption process in software causes high CPU. The SCP and SSH processes can show as much as 40 or 50 percent CPU usage, but they do not cause the device to shutdown.
Caveats
Caveats describe unexpected behavior in Cisco IOS releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.
The Bug Search Tool (BST) allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The BST is designed to improve the effectiveness in network risk management and device troubleshooting. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of a caveat, click on the identifier.
Open Caveats in Cisco IOS XE Everest 16.6.x
The following are the open caveats in this release.
Choose Product Support > Switches. Then choose your product and click Troubleshoot and Alerts to find information for the problem that you are experiencing.
Related Documentation
Cisco IOS XE Denali 16.x.x documentation at this URL:
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What’s New in Cisco Product Documentation, which lists all new and revised Cisco Technical documentation, as an RSS feed and deliver content directly to your desktop using a read application. The RSS feeds are a free service.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
802.1x Configurable username and password for MAB
Feedback