Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!
If you're a network administrator, you're all too familiar with the constant need to apply patches and upgrades to Windows systems—it often seems like a new vulnerability pops up every week. But that doesn't mean that's the only part of your network that requires regular upgrades: There's a seemingly relentless need to upgrade Cisco routers and switches as well.
Unless your organization has a dedicated network management group, the task of upgrading routers and switches often falls rather far down the priority list, particularly when compared to the priority of upgrading Windows systems. Of course, Windows systems tend to have many more vulnerabilities and bugs than Cisco devices, so a higher priority is definitely justifiable.
However, upgrading routers and switches should be higher on your list. Several reasons exist to justify this priority. Here are three of the main reasons:
- Patch critical vulnerabilities: Just like any other network device or application, Cisco routers and switches are also prone to security holes. And because routers and switches are critical to network infrastructure, you should plug these security holes as soon as possible.
- Incorporate new features: Unless an update is simply a bug fix, every new release of the Cisco IOS includes new features. Upgrading your routers and switches in a timely manner means you'll have more features to potentially make your job easier.
- Stay current: "Staying current" with the latest IOS may sound like a flimsy justification to upgrade, especially when you consider your daily task list. However, when you consider the many different tools that communicate with the router's IOS, staying current can take on a new importance. For example, if you're using a SNMP network management tool, it may require your router to run a certain version of the IOS.
Once you've accepted the fact that upgrading the router must happen, where do you begin? Perhaps you haven't upgraded a router in a long time; maybe you've never performed an upgrade, and you could definitely use some assistance. To help you out, let's walk through the process of upgrading a Cisco IOS router, step by step. (While we'll focus on upgrading a router, the process to upgrade a switch is similar.)
For each of the routers and switches on your network, find out the model, RAM capacity, Flash capacity, and current installed version of the IOS. You can retrieve all of this information by using the show version command.
Listing A shows an example of this process. From this example, we can see that the router is a Cisco 2511 router, runs IOS 12.3(12), has 16 MB of RAM (14,336K + 2,048K), and has 16 MB of Flash memory.
When it comes to selecting the appropriate IOS image to use for the router upgrade, this information is critical. I suggest storing all of this information in a spreadsheet. That way, you can keep the spreadsheet and avoid taking another inventory the next time you have to upgrade.
Find the appropriate IOS image
Next, use the information from your inventory to find the proper IOS images for your routers. Keep in mind that you can only get IOS images from Cisco Systems, and you must have a maintenance contact on the device in question.
In fact, you can't even access the Cisco's Software Download Center without entering a username and password. Because of this requirement, I have included screenshots of the Web site to walk you through the process. Click the Figure A thumbnail for a screenshot of the home page after you log into the Software Center.
Clicking the Cisco IOS Software link takes you to the Cisco IOS Software Web page. Click the Figure B thumbnail for a screenshot of this Web page. Select the Cisco IOS software that you want to upgrade to, which is usually the latest release. However, you may have to resort to an earlier release if you don't have enough RAM or Flash.
For this example, I selected IOS version 12.3. (While version 12.4 is the most recent, this release is still very new.) Selecting the version takes you to a version-specific Web page, which features the release notes, hardware compatibility list, bug list, and more information. Click the Figure C thumbnail for a screenshot of this Web page.
Next, click the link to download the software upgrade, and you should see the IOS Upgrade Planner. Upgrading a Cisco IOS can be a complex process, and the IOS Upgrade Planner is your best bet to make sure you get the correct IOS for your device, given its model, RAM, Flash, and your feature needs. Click the Figure D thumbnail for a screenshot of the IOS Upgrade Planner.
When using the Cisco IOS Upgrade Planner, you must select three options: the platform, the release, and the software feature set. Keep in mind that not all releases and all feature sets are available for every router model, and there's always a chance that the feature set you want won't work on your router. Many times, you'll need to play around with the feature set to find a version that fits your router.
In addition, it's vital to enter the correct release in order to make sure you get a stable release. There are several different classifications of releases:
- GD stands for a general deployment release, which is the most stable version available.
- ED stands for an early deployment release, which is a beta release that likely includes more bugs.
- LD stands for a limited deployment release.
- DF stands for a deferred release.
On production equipment, of course, you need to use GD releases, and you want to find the latest version that has the most patches. For this example, I have an old 2511 router that I want to upgrade from 12.3(12). I've selected the router's platform (2501-2525) and the IP PLUS feature set. These selections limited my choices to only a few versions of the IOS. Click the Figure E thumbnail for a screenshot of these selections.
Next, I selected the version that's newer than my current one: 12.3.13a (LD). (For the purposes of this example, I'm not concerned with getting a GD release.) The resulting Web page is important because it displays the requirements for this IOS version. Click the Figure F thumbnail for a screenshot of this Web page.
Notice that this version requires 16 MB of RAM and 16 MB of Flash. Before proceeding, I need to check my inventory to make sure my routers can support this. Over time, the size of an IOS file grows, and older routers often require RAM and/or Flash upgrades to support the newer IOS.
For this example, I got lucky and don't need any upgrades. If you're not that lucky and do need an upgrade, go back and select a different feature set (for example, IP ONLY instead of IP PLUS) that requires less RAM and/or Flash. You can even go back and select a smaller IOS version. But don't forget that you must have a license for whichever version you select.
Clicking the I Agree button begins the download process. Agreeing to the resulting end-user license agreement (EULA) takes you to the actual page where you can download the upgrade. Click the Figure G thumbnail for a screenshot of this download page.
Click the link to download the upgrade, and the system will ask you where to save the file. I usually save it on my C: drive.
Test the upgrade
If you're a smaller shop or you're just performing a single router upgrade, it's probably not necessary to test anything. However, for midsize to large shops, this process is critical. Follow these steps:
- Test the downloaded IOS version on a nonproduction router.
- After you've completed testing, plan the rollout to remote routers. Because you know the requirements of the IOS version, you should also know whether any routers require RAM or Flash upgrades. Remember that hardware upgrades can significantly increase the time it takes to roll out the new IOS.
- Upgrade one router at a time, and schedule the upgrades to take place after hours (including downloading the file to the router). If you don't have the bandwidth, you may need to send the IOS out on a CD to a local PC to use as your download server, or you may need to send the IOS out on a PCMCIA card that goes into some models of the routers (such as the 3600 series).
Perform the actual upgrade
Now that that you have the IOS, you need a TFTP server to download that IOS to the router. I prefer using a small TFTP server with no install application called TFTPD32.exe, which you can download from the Web for free. However, any TFTP server will suffice, and you can even use another Cisco router as a TFTP server.
Use PING to verify network connectivity between the TFTP server and the router. Then, use the copy tftp flash command, which will ask for the IP (or name) of the TFTP server and the filename of the new IOS.
It will also ask if you want to erase the Flash before copying the file via TFTP. In an IOS upgrade, you typically want to do this before copying over the new IOS. Listing B shows an example of this process.
Reload the router
This is the final step in the IOS upgrade process. If you're working on a production system after hours, immediately reload the router to verify that everything comes back up.
In other situations, however, you might be able to copy the file during the day, but you don't want to reload the router until later. If this is the case, you can use the reload at command to schedule it.
Double-check that all interfaces function, that communication works through the router to critical hosts, and that the running configuration still contains your commands. A major upgrade can sometimes cause lost or replaced configuration settings.
David Davis has worked in the IT industry for 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.