Hw-module Slot Reload
Upgrading a 6500 is pretty straight forward, provided the necessary is done in the right order. I’ve listed the steps I would typically take to fully upgrade a single Cisco-6509-E (single Route-Processor) with a IPSEC VPN SPA blade.
Hw-module subslot reload To restart a shared port adapter (SPA) and its interfaces, use the hw-module subslot reload command in privileged EXEC configuration mode. The command does not have a no form. Hw-module subslot slot / subslot reload. Syntax Description. Find new Online Casino Bonuses from the best casinos around – No Deposit, Bonus Free Spins and Cash Bonus Deals to play slot games and pokies for real money. We’ve taken the leg Hw Module Slot R1 Reload work out of finding the best online casino offers and bonus codes that can Hw Module Slot R1 Reload boost your casino games budget.
Please lab this if possible BEFORE trying it in a production network. I have illustrated the steps to be taken if some of the known funnies occur during an upgrade. Feel free to use this as a guideline.
Firstly download the IOS and image versions, you need. Obviously do a little homework and check the specific IOS for known bugs using the Bug Toolkit. Don’t just pick any IOS. Make sure all the required features are relatively bug free.
Copy the downloaded files to the following locations:
- ROMMON firmware to sup-bootflash
- BOOTLDR to bootflash
- IOS to flash disk
I always use FTP if possible, due to the higher transfer rates. 10.3.29.239 is connected to the switch and is running a FTP server, expecting a username:password of cisco:pass.
I would recommend verifying the IOS images after copying. It’s relatively easy for the image to get corrupted during copying. No need to waste time with corrupt images, when it can be avoided.
It is generally safe practise to backup the working running-config to a file on flash disk0:
1- Lets start, first upgrade the Rom-Monitor:
Confirm the current boot variables:
2- Specify the new BootLDR to load during boot:
3- Specify the order of the booting images. Firstly the new IOS image, secondly the previous working IOS image. Refer to a previous post, why to do this HERE.
4- Reload the box.
5- If during startup, you encounters config related errors like the ones below, make a note of each command the new IOS didn’t apply:
Do not save the config at any time before reloading using “write mem” or “copy run start”.
Else you will overwrite a working config with the above commands missing.
6- Rename the new IOS file on flash to force the next boot to use the second IOS file listed in boot command along with the working config:
7- If the box has a VPN-SPA blade for offloading IPSEC encryption/decryption, it might be necessary to upgrade the SPA FPD (Field Programmable Devices) code.
Before reloading confirm if the SPA FPD code matches the new IOS version.
The following command will show the current/required version:
8- If the min. required version is higher than the current version, the FPD code must be upgraded. Download the supporting .pkg from from Cisco and copy it to the flash disk:
9- Then upgrade the SIP and the IPSEC SPA
10- Reload the box again. This time the old IOS will be used to boot since the new IOS file is not available. The list of error commands (Point 5) needs to be corrected, either manually or by using notepad. I would suggest using notepad)
11- Copy the running config to your laptop:
12- Edit the config file in notepad. Ensure all the commands are corrected for the new IOS. Here is a list of commands I needed to change with this upgrade:
13- Rename the config-file to something else, and copy the new config-file back to disk0. Confirm there are now two config-files (original and new):
14-Load the changed config to the startup configuration:
15-Rename the NEW-IOS file back to the original name as listed in the boot command:
16-Reload the box the last time. If all was done correctly, everything should be working.
17-Proceed with testing STP, IGP’s, LDP, BGP and VPN’s and Crypto’s.
For a good overall look at what the 6500 is doing, use the following command :
I learned something interesting about the cisco ASA 5558-X chassis & that I thought was interesting;Please reference this image from cisco website of a typical 5558-X chassis.
http://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5585guide/5585Xhw/overview.html#pgfId-1100238
The hw-module slot1 which encompass the IPS also carries the GIGE interfaces gi 1/0-7 and the 10GIGE interfaces as well 1/8-9.
Shutting down the hw-module slot1 will 'DROP' all interfaces in slot1 and not just the IPS modules.
Take a look at these show outputs;
And the available hardware module commands
1: So the meer issuing of a hw-module #1 shutdown, actually shutdown the whole slot1 and NOT just the IPS
2: A issuing of a hw-module #1 reload, will not disturb any GIGE interfaces on slot#1
I found this interesting while diagnostic and debugging a buggy IPS module. I have a case open with TAC over these issues. They are looking into it a trying to determine if this is normal behavior.
I found it funny cisco won't let you shutdown slot#0, but they allow slot#1 , and it will bring all interfaces on that slot down including the IPS module that I was trying to trouble shoot.
http://socpuppet.blogspot.com/2015/01/asa-ips-modules-reloads-732-e4.html
Ken Felix
Freelance Network/Security Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( # # )=
Hw-module Slot Reloading Equipment
@Hw-module Slot Reloading
/