If you’re a network administrator, you’re all too familiar with the constant need to apply patches and upgrades to Windows systems–it often seems like a new vulnerability pops up every week. But that doesn’t mean that’s the only part of your network that requires regular upgrades: There’s a seemingly relentless need to upgrade Cisco routers and switches as well.

Unless your organization has a dedicated network management group, the task of upgrading routers and switches often falls rather far down the priority list, particularly when compared to the priority of upgrading Windows systems. Of course, Windows systems tend to have many more vulnerabilities and bugs than Cisco devices, so a higher priority is definitely justifiable.

However, upgrading routers and switches should be higher on your list. Several reasons exist to justify this priority. Here are three of the main reasons:

  • Patch critical vulnerabilities: Just like any other network device or application, Cisco routers and switches are also prone to security holes. And because routers and switches are critical to network infrastructure, you should plug these security holes as soon as possible.
  • Incorporate new features: Unless an update is simply a bug fix, every new release of the Cisco IOS includes new features. Upgrading your routers and switches in a timely manner means you’ll have more features to potentially make your job easier.
  • Stay current: “Staying current” with the latest IOS may sound like a flimsy justification to upgrade, especially when you consider your daily task list. However, when you consider the many different tools that communicate with the router’s IOS, staying current can take on a new importance. For example, if you’re using a SNMP network management tool, it may require your router to run a certain version of the IOS.

Once you’ve accepted the fact that upgrading the router must happen, where do you begin? Perhaps you haven’t upgraded a router in a long time; maybe you’ve never performed an upgrade, and you could definitely use some assistance. To help you out, let’s walk through the process of upgrading a Cisco IOS router, step by step. (While we’ll focus on upgrading a router, the process to upgrade a switch is similar.)

Take inventory

For each of the routers and switches on your network, find out the model, RAM capacity, Flash capacity, and current installed version of the IOS. You can retrieve all this information by using the show version command.

Router# show version

Cisco Internetwork Operating System Software


IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(12), RELEASE SOFTWARE (fc3)


Technical Support: http://www.cisco.com/techsupport


Copyright (c) 1986-2004 by Cisco Systems, Inc.


Compiled Tue 30-Nov-04 02:33 by kellythw


Image text-base: 0x03094EA4, data-base: 0x00001000


ROM: System Bootstrap, Version 11.0(10c)XB1, PLATFORM SPECIFIC RELEASE SOFTWARE (fc1)


BOOTLDR: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c)XB1, PLATFORM SPECIFIC RELEASE SOFTWARE (fc1)


ccie-termserver uptime is 1 week, 5 days, 2 hours, 17 minutes


System returned to ROM by power-on


System restarted at 13:55:11 CDT Wed Apr 20 2005


System image file is "flash:/c2500-is-l.123-12.bin"


cisco AS2511-RJ (68030) processor (revision K) with 14336K/2048K bytes of memory.


Processor board ID 22798335, with hardware revision 00000000


Bridging software.


X.25 software, Version 3.0.0.


1 Ethernet/IEEE 802.3 interface(s)


1 Serial network interface(s)


16 terminal line(s)


32K bytes of non-volatile configuration memory.


16384K bytes of processor board System flash (Read ONLY)


Configuration register is 0x2102

Router#

From the example above, we can see that the router is a Cisco 2511 router, runs IOS 12.3(12), has 16 MB of RAM (14,336K + 2,048K), and has 16 MB of Flash memory.

When it comes to selecting the appropriate IOS image to use for the router upgrade, this information is critical. I suggest storing all this information in a spreadsheet. That way, you can keep the spreadsheet and avoid taking another inventory the next time you have to upgrade.

Find the appropriate IOS image

Next, use the information from your inventory to find the proper IOS images for your routers. Keep in mind that you can get IOS images only from Cisco Systems, and you must have a maintenance contact on the device in question.

In fact, you can’t even access the Cisco’s Software Download Center without entering a username and password. Because of this requirement, I have included screenshots of the Web site to walk you through the process. Figure A shows a screenshot of the home page after you log in to the Software Center.

Figure A

Clicking the Cisco IOS Software link takes you to the Cisco IOS Software Web page, shown in Figure B. Select the Cisco IOS software that you want to upgrade to, which is usually the latest release. However, you may have to resort to an earlier release if you don’t have enough RAM or Flash.

Figure B

For this example, I selected IOS version 12.3. (While version 12.4 is the most recent, this release is still very new.) Selecting the version takes you to a version-specific Web page, which features the release notes, hardware compatibility list, bug list, and more information, as shown in Figure C.

Figure C

Next, click the link to download the software upgrade, and you should see the IOS Upgrade Planner, shown in Figure D. Upgrading a Cisco IOS can be a complex process, and the IOS Upgrade Planner is your best bet to make sure you get the correct IOS for your device, given its model, RAM, Flash, and your feature needs.

Figure D

When using the Cisco IOS Upgrade Planner, you must select three options: the platform, the release, and the software feature set. Keep in mind that not all releases and all feature sets are available for every router model, and there’s always a chance that the feature set you want won’t work on your router. Many times, you’ll need to play around with the feature set to find a version that fits your router.

In addition, it’s vital to enter the correct release in order to make sure you get a stable release. There are several different classifications of releases:

  • GD — a general deployment release, which is the most stable version available
  • ED — an early deployment release, which is a beta release that likely includes more bugs
  • LD — a limited deployment release
  • DF — a deferred release

On production equipment, of course, you need to use GD releases, and you want to find the latest version that has the most patches. For this example, I have an old 2511 router that I want to upgrade from 12.3(12). I’ve selected the router’s platform (2501-2525) and the IP PLUS feature set. These selections limited my choices to only a few versions of the IOS, as shown in Figure E.

Figure E

Next, I selected the version that’s newer than my current one: 12.3.13a (LD). (For the purposes of this example, I’m not concerned with getting a GD release.) The resulting Web page is important because it displays the requirements for this IOS version, as shown in Figure F.

Figure F

Notice that this version requires 16 MB of RAM and 16 MB of Flash. Before proceeding, I need to check my inventory to make sure my routers can support this. Over time, the size of an IOS file grows, and older routers often require RAM and/or Flash upgrades to support the newer IOS.

For this example, I got lucky and don’t need any upgrades. If you’re not that lucky and do need an upgrade, go back and select a different feature set (for example, IP ONLY instead of IP PLUS) that requires less RAM and/or Flash. You can even go back and select a smaller IOS version. But don’t forget that you must have a license for whichever version you select.

Clicking the I Agree button begins the download process. Agreeing to the resulting end-user license agreement (EULA) takes you to the actual page where you can download the upgrade, as shown in Figure G.

Figure G

Click the link to download the upgrade, and the system will ask you where to save the file. I usually save it on my C: drive.

Test the upgrade

If you’re a smaller shop or you’re just performing a single router upgrade, it’s probably not necessary to test anything. However, for midsize to large shops, this process is critical. Follow these steps:

  1. Test the downloaded IOS version on a nonproduction router.
  2. After you’ve completed testing, plan the rollout to remote routers. Because you know the requirements of the IOS version, you should also know whether any routers require RAM or Flash upgrades. Remember that hardware upgrades can significantly increase the time it takes to roll out the new IOS.
  3. Upgrade one router at a time, and schedule the upgrades to take place after hours (including downloading the file to the router). If you don’t have the bandwidth, you may need to send the IOS out on a CD to a local PC to use as your download server, or you may need to send the IOS out on a PCMCIA card that goes into some models of the routers (such as the 3600 series).

Perform the actual upgrade

Now that that you have the IOS, you need a TFTP server to download that IOS to the router. I prefer using a small TFTP server with no install application called TFTPD32.exe, which you can download from the Web for free. However, any TFTP server will suffice, and you can even use another Cisco router as a TFTP server.

Use PING to verify network connectivity between the TFTP server and the router. Then, use the copy tftp flash command, which will ask for the IP (or name) of the TFTP server and the filename of the new IOS.

It will also ask if you want to erase the Flash before copying the file via TFTP. In an IOS upgrade, you typically want to do this before copying over the new IOS. See an example of this process below.

Router# copy tftp flash

Address or name of remote host []? 10.253.1.1


Source filename []? c2500-is-l.123-13a.bin


Destination filename [c2500-is-l.123-13a.bin]?


Accessing tftp://10.253.1.1/c2500-is-l.123-13a.bin...


Erase flash: before copying? [confirm] yes


Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee  ...erased


Loading c2500-is-l.123-13a.bin from 10.253.1.1 (via Serial0/0.1): !!!!!!!!!!!!!!!!!!!!!!!


Verifying checksum...  OK (0xA6B7)


931088 bytes copied in 205.461 secs (4532 bytes/sec)


Router#

[Note: I purposely truncated the size of the file to save time in the copy]

Reload the router

This is the final step in the IOS upgrade process. If you’re working on a production system after hours, immediately reload the router to verify that everything comes back up.

In other situations, however, you might be able to copy the file during the day, but you don’t want to reload the router until later. If this is the case, you can use the reload at command to schedule it.

Double-check that all interfaces function, that communication works through the router to critical hosts, and that the running configuration still contains your commands. A major upgrade can sometimes cause lost or replaced configuration settings.