[Cisco] Upgrading the firmware on a 3560 Switch

Upgrading with the CMS image (.tar file)

The ‘archive download-sw’ command is used to upgrade using a .tar image file.

  • View/Verify the current version of software on the switch:

#show version
ROM: Bootstrap program is C3560 boot loader    BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEE4, RELEASE SOFTWARE (fc1)

  • Verify the amount of free memory:

#dir flash:
Directory of flash:/
2  -rwx         976  Jul 26 2010 13:06:26 -04:00  vlan.dat
4  -rwx        8215  Jun 10 2010 15:28:02 -04:00  config.text
5  -rwx           5  Jun 10 2010 15:28:02 -04:00  private-config.text
7  drwx         192  Feb 28 1993 19:08:52 -05:00  c3560-ipbase-mz.122-35.SE5

32514048 bytes total (23451136 bytes free)

Note: ~23MB is free. The current size of the image file,c3560-ipservicesk9-tar.122-53.SE2.tar, is 15M. Good!

$ du -sh c3560-ipservicesk9-tar.122-53.SE2.tar
15M    c3560-ipservicesk9-tar.122-53.SE2.tar

This means we can save a copy of the current image along side the new image. Hence, we append the command flag ‘/leave-old-sw’ to leave the old sw installed after a successful upgrade. Later on if necessary we can remove the older image.

The TFTP server has the IP: and the upgrade image filename as:c3560-ipservicesk9-tar.122-53.SE2.tar

  • To perform the upgrade issue, login to the switch and become the power-user, then execute:

#archive download-sw /leave-old-sw tftp://

Loading c3560-ipservicesk9-tar.122-53.SE2.tar from (via Vlan1): !!!!…edited…!!!
[OK – 15759360 bytes]

Loading c3560-ipservicesk9-tar.122-53.SE2.tar from (via Vlan1): !!!!…edited…!!!
examining image…
extracting info (110 bytes)
extracting c3560-ipservicesk9-mz.122-53.SE2/info (522 bytes)
extracting info (110 bytes)

Stacking Version Number: 1.43

System Type:             0x00000000
Ios Image File Size:   0x00BEA200
Total Image File Size: 0x00F07A00
Minimum Dram required: 0x08000000
Image Suffix:          ipservicesk9-122-53.SE2
Image Directory:       c3560-ipservicesk9-mz.122-53.SE2
Image Name:            c3560-ipservicesk9-mz.122-53.SE2.bin
Image Feature:         IP|LAYER_3|PLUS|SSH|3DES|MIN_DRAM_MEG=128

Error: The image in the archive which would be used to upgrade
Error: system number 1 does not support the same feature set.

This initial procedure failed because the feature-set of the current, running image, is different from what we are applying. We can override this and force the switch to take our image regardless of feature-set by adding the command ‘/allow-feature-upgrade”:

#archive download-sw /leave-old-sw /allow-feature-upgrade tftp://

That should allow the upgrade procedure to continue uninterrupted. This took me roughly 10 minutes to upgrade a single 3560 switch.

This entry was posted in Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s