Cisco router - IOS version issue
What happend as ISP provider and provide the service but the Cisco router IOS running at low end version. Pls discuss . Thanks
Sorry, I don't understand the question. Can you please elaborate?
Similar Messages
-
Router + IOS version recommendation for WCCP
Hello,
I would like to know the recommended list of router + IOS version to deploy load balancing using WCCPv2 with squid web caches or cisco WAEs, initially in a test environment and later for a production environment.
I have used the following routers and learnt that they are deprecated/EOLed.
Cisco 3600, IOS 12.3(1a); Cisco 2600 IOS 12.3(9a)Hi Govind
You need to bascially validate the amount of bandwidth consumption and the traffic being handled by the router.
Based on the same you can decide on the router platform.
Once you are done with deciding your server platform you can think off going on for the specific ios featuer set which can support WCCP V2 which you can obtain using different tools available out here in CCO.
regds -
Hi, I'm trying to create Site-to-Site VPN between Cisco ASA 5505 and Cisco Router 3945.
I've tried create configuration with and without ASA wizard, but anyway it doesn't work.
Please help me to find where is the issue.
I have two sites and would like to get access from 192.168.83.0 to 192.168.17.0
192.168.17.0 --- S1.S1.S1.S1 (IOS Router) ==================== S2.S2.S2.S2 (ASA 5505) --- 192.168.83.0
Here is my current configuration.
Thanks for your help.
IOS Configuration
version 15.2
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key cisco address 198.0.183.225
crypto isakmp invalid-spi-recovery
crypto ipsec transform-set AES-SET esp-aes esp-sha-hmac
mode transport
crypto map static-map 1 ipsec-isakmp
set peer S2.S2.S2.S2
set transform-set AES-SET
set pfs group2
match address 100
interface GigabitEthernet0/0
ip address S1.S1.S1.S1 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map static-map
interface GigabitEthernet0/1
ip address 192.168.17.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
access-list 100 permit ip 192.168.17.0 0.0.0.255 192.168.83.0 0.0.0.255
ASA Configuration
ASA Version 8.4(3)
interface Ethernet0/0
switchport access vlan 2
interface Vlan1
nameif inside
security-level 100
ip address 192.168.83.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address S2.S2.S2.S2 255.255.255.248
ftp mode passive
same-security-traffic permit intra-interface
object network inside-network
subnet 192.168.83.0 255.255.255.0
object network datacenter
host S1.S1.S1.S1
object network datacenter-network
subnet 192.168.17.0 255.255.255.0
object network NETWORK_OBJ_192.168.83.0_24
subnet 192.168.83.0 255.255.255.0
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny ip any any log
access-list outside_cryptomap extended permit ip 192.168.83.0 255.255.255.0 object datacenter-network
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpn_pool 192.168.83.200-192.168.83.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic inside-network interface
nat (inside,outside) source static inside-network inside-network destination static inside-network inside-network no-proxy-arp route-lookup
nat (inside,outside) source static inside-network inside-network destination static datacenter-network datacenter-network no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.83.0_24 NETWORK_OBJ_192.168.83.0_24 destination static datacenter-network pdatacenter-network no-proxy-arp route-lookup
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 DEFAULT_GATEWAY 1
crypto ipsec ikev1 transform-set vpn-transform-set esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set vpn-transform-set mode transport
crypto ipsec ikev1 transform-set L2L_SET esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set L2L_SET mode transport
crypto dynamic-map dyno 10 set ikev1 transform-set vpn-transform-set
crypto map vpn 1 match address outside_cryptomap
crypto map vpn 1 set pfs
crypto map vpn 1 set peer S1.S1.S1.S1
crypto map vpn 1 set ikev1 transform-set L2L_SET
crypto map vpn 20 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp nat-traversal 3600
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
group-policy GroupPolicy_S1.S1.S1.S1 internal
group-policy GroupPolicy_S1.S1.S1.S1 attributes
vpn-tunnel-protocol ikev1
group-policy remote_vpn_policy internal
group-policy remote_vpn_policy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
username artem password 8xs7XK3To4s5WfTvtKAutA== nt-encrypted
username admin password rqiFSVJFung3fvFZ encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool vpn_pool
default-group-policy remote_vpn_policy
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group S1.S1.S1.S1 type ipsec-l2l
tunnel-group S1.S1.S1.S1 general-attributes
default-group-policy GroupPolicy_S1.S1.S1.S1
tunnel-group S1.S1.S1.S1 ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f55f10c19a0848edd2466d08744556eb
: endThanks for helping me again. I really appreciate.
I don't hve any NAT-exemptions in Cisco IOS Router. Transform-set I will change soon, but I've tried with tunnel mode and it didn't work.
Maybe NAT-exemptions is the issue. Can you advice me which exemptions should be in Cisco IOS Router?
Because on Cisco ASA I guess I have everything.
Here is show crypto session detail
router(config)#do show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: GigabitEthernet0/0
Session status: DOWN
Peer: 198.0.183.225 port 500 fvrf: (none) ivrf: (none)
Desc: (none)
Phase1_id: (none)
IPSEC FLOW: permit ip 192.168.17.0/255.255.255.0 192.168.83.0/255.255.255.0
Active SAs: 0, origin: crypto map
Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
Should I see something in crypto isakmp sa?
pp-border#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
IPv6 Crypto ISAKMP SA
Thanks again for your help. -
Routing / Prod Version - Issue
Gurus
I have one doubt or may be i am not fully clear about it......
We have materials which are externally procured i.e. F & so there is no routing for them. But while doing settlement; we get error that "cannot find master recipe / routing for the order"......Why is it so? Was there some mistake while costing or how to rectify this
Seconly we have few materials with type E which have 2 BOM's & 2 routings but there was no production versions and while settlement it gave same error "cannot find master recipe / routing for the order"......
We have already settled and closed it but how will this impact from finance point of view & how to resolve them for future
Can you please comment on above issues and clear the doubt
RgdsHi vicky
During settlement the cost which are stored in production order should be settled to the FI account. It should be either Credit Or debit account.
For which we have to selecte the appropriate Receivers in settlement profile.
For externally procured items. It should be settled to material account not to the cost center account. Please check.
for your second question please in change mode CO02 . look your prod order details in operation over view and component over view whether BOM and Routing is selected.
Because it cannot tell in final settlement " cannot find master recipe / routing" Error should be in the beginning itself while creating prod order.
Please check again the settlement receivers.
Hope this is clear
Regards
J . Saravan -
NAC Module and Router IOS version
Hi
I have recently purchased two NAC modules for our 3845 ISR's. The routers where running IOS 12.4(3c) ip base so i upgraded to 12.4(21)ip base as instructed. The routers still dont recognise the modules. The cisco data sheet says the routers need IOS 12.4(11)T or above and IP base image or above. If i do show inventory i get NAME: "unknown", DESCR: "unknown" PID: NME-NAC-K9.
Do i need a different IOS image on the routers to activate the modules?
ThanksYes, you need T-train image: 12.4(11)T or 12.4(15)T or 12.4(20)T.
-
Not able to telnet or ssh to outside interface of ASA and Cisco Router
Dear All
Please help me with following question, I have set up testing lab, but still not work.
it is Hub and spoke site to site vpn case, connection between hub and spoke is metro-E, so we are using private ip for outside interface at each site.
Hub -- Juniper SRX
Spoke One - Cisco ASA with version 9.1(5)
spoke two - Cisco router with version 12.3
site to site vpn has been successful established. Customer would like to telnet/ssh to spoke's outside ip from Hub(using Hub's outside interface as source for telnet/ssh), or vise versa. Reason for setting up like this is they wants to be able to make configuration change even when site to site vpn is down. Sound like a easy job to do, I tried for a long time, search this forum and google too, but still not work.
Now I can successfully telnet/ssh to Hub SRX's outside interface from spoke (ASA has no telnet/ssh client, tested using Cisco router).
Anyone has ever done it before, please help to share your exp. Does Cisco ASA or router even support it?
When I tested it, of cause site to site vpn still up and running.
Thanks
YKHello YK,
On this case on the ASA, you should have the following:
CConfiguring Management Access Over a VPN Tunnel
If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different interface, you can identify that interface as a management-access interface. For example, if you enter the ASA from the outside interface, this feature lets you connect to the inside interface using ASDM, SSH, Telnet, or SNMP; or you can ping the inside interface when entering from the outside interface. Management access is available via the following VPN tunnel types: IPsec clients, IPsec LAN-to-LAN, and the AnyConnect SSL VPN client.
To specify an interface as a mangement-only interface, enter the following command:
hostname(config)# management access management_interface
where management_interface specifies the name of the management interface you want to access when entering the security appliance from another interface.
You can define only one management-access interface
Also make sure you have the pertinent configuration for SSH, telnet, ASDM and SNMP(if required), for a quick test you can enable on your lab Test:
SSH
- ssh 0 0 outside
- aaa authentication ssh console LOCAL
- Make sure you have a default RSA key, or create a new one either ways, with this command:
*crypto key generate rsa modulus 2048
Telnet
- telnet 0 0 outside
- aaa authentication telnet console LOCAL
Afterwards, if this works you can define the subnets that should be permitted.
On the router:
!--- Step 1: Configure the hostname if you have not previously done so.
hostname Router
!--- aaa new-model causes the local username and password on the router
!--- to be used in the absence of other AAA statements.
aaa new-model
username cisco password 0 cisco
!--- Step 2: Configure the router's DNS domain.
ip domain-name yourdomain.com
!--- Step 3: Generate an SSH key to be used with SSH.
crypto key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 3
!--- Step 4: By default the vtys' transport is Telnet. In this case,
!--- Telnet and SSH is supported with transport input all
line vty 0 4
transport input All
*!--- Instead of aaa new-model, the login local command may be used.
no aaa new-model
line vty 0 4
login local
Let me know how it works out!
Please don't forget to Rate and mark as correct the helpful Post!
David Castro,
Regards, -
802.1X Switch IOS version
Hi,
I' have realy big layer two access network made of etherogenius Cisco switch with different IOS version and train.
My customer bought ISE (ADVANCED AND BASE LICENSE).
As far I read on DS it is seem that if you have Minimum IOS release 12.2(52) SE you are able to perform COA, reading DS with more attention I notice that cisco raccomend IOS versione 12.2(55)SE3 why ? does it means COA does not work with 12.2(52)SE ?
But more important :
I need a minimum IOS release to perform 802.1x on my wired network ?Carlo,
Here is the guide that states 12.2(52)SE but the foot note states that for 802.1x authentication you need 12.2(55)SE.
http://www.cisco.com/en/US/docs/security/ise/1.1/compatibility/ise_sdt.html#wp55038
After checking the release notes this solution falls under the Cisco Trustsec which is supported on 12.2(55)SE, there are several features released in 12.2(55)SE such has vlan assignment in multi-auth mode that makes it much easier for Cisco help generate initial configs for their customers.
Here are the release notes:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_55_se/release/notes/OL23054.html#wp1047679
Thanks,
Tarik admani -
hi here my router configuration with memory details,i need to upgrade to 15.1 but i uploaded the 15.1 os by using TFTP server but not upgraded.server returned error?
Router#show version
Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(1c), RELEASE SO
FTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Tue 25-Oct-05 17:10 by evmiller
ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)
Router uptime is 0 minutes
System returned to ROM by power-on
System image file is "flash:c1841-ipbase-mz.124-1c.bin"
Cisco 1841 (revision 6.0) with 114688K/16384K bytes of memory.
Processor board ID FHK10411A72
2 FastEthernet interfaces
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
Router#show flash:
-#- --length-- -----date/time------ path
1 13937472 Oct 15 2006 06:32:34 +00:00 c1841-ipbase-mz.124-1c.bin
2 1821 Oct 15 2006 06:46:38 +00:00 sdmconfig-18xx.cfg
3 4734464 Oct 15 2006 06:47:28 +00:00 sdm.tar
4 833024 Oct 15 2006 06:48:00 +00:00 es.tar
5 1052160 Oct 15 2006 06:48:34 +00:00 common.tar
6 1038 Oct 15 2006 06:48:58 +00:00 home.shtml
7 102400 Oct 15 2006 06:49:24 +00:00 home.tar
8 491213 Oct 15 2006 06:49:50 +00:00 128MB.sdf
9 1684577 Oct 15 2006 06:50:30 +00:00 securedesktop-ios-3.1.1.27-k9.pkg
10 398305 Oct 15 2006 06:51:06 +00:00 sslclient-win-1.1.0.154.pkg
8679424 bytes available (23252992 bytes used)
Router#dir flash:
Directory of flash:/
1 -rw- 13937472 Oct 15 2006 06:32:34 +00:00 c1841-ipbase-mz.124-1c.bin
2 -rw- 1821 Oct 15 2006 06:46:38 +00:00 sdmconfig-18xx.cfg
3 -rw- 4734464 Oct 15 2006 06:47:28 +00:00 sdm.tar
4 -rw- 833024 Oct 15 2006 06:48:00 +00:00 es.tar
5 -rw- 1052160 Oct 15 2006 06:48:34 +00:00 common.tar
6 -rw- 1038 Oct 15 2006 06:48:58 +00:00 home.shtml
7 -rw- 102400 Oct 15 2006 06:49:24 +00:00 home.tar
8 -rw- 491213 Oct 15 2006 06:49:50 +00:00 128MB.sdf
9 -rw- 1684577 Oct 15 2006 06:50:30 +00:00 securedesktop-ios-3.1.1.27
-k9.pkg
10 -rw- 398305 Oct 15 2006 06:51:06 +00:00 sslclient-win-1.1.0.154.pk
g
31932416 bytes total (8679424 bytes free)
Router#dir nvram:
Directory of nvram:/
190 -rw- 633 <no date> startup-config
191 ---- 5 <no date> private-config
192 -rw- 633 <no date> underlying-config
1 -rw- 0 <no date> ifIndex-table
2 ---- 12 <no date> persistent-data
196600 bytes total (193862 bytes free)thank you,
i have deleted my flash using command "delete flash:"
before i deleting my IOS i issued show flash: and it lists all files with IOS file.
after i delete the flash then i downloaded IOS image to flash after that i gave the show flash command and i m only able to see IOS image ,not the below files"i.e:sdmconfig-2811.cfg,es.tar,common.tar,home.shtml,home.tar,128MB.sdf,securedesktop-ios-3.1.1.45-k9.pkg,sslclient-win-1.1.4.176.pkg"
could you plz tell me what are these files,
in my new flash i m having my IOS only,the above bolded files are not present.Is it a problem?
Router#sho flas
-#- --length-- -----date/time------ path
1 40617068 May 2 2008 05:38:36 +00:00 c2800nm-advipservicesk9-mz.124-9.T7.bi
n
2 2748 May 2 2008 05:49:56 +00:00 sdmconfig-2811.cfg
3 931840 May 2 2008 05:50:14 +00:00 es.tar
4 1505280 May 2 2008 05:50:36 +00:00 common.tar
5 1038 May 2 2008 05:50:52 +00:00 home.shtml
6 112640 May 2 2008 05:51:06 +00:00 home.tar
7 527849 May 2 2008 05:51:24 +00:00 128MB.sdf
8 1697952 May 2 2008 05:51:48 +00:00 securedesktop-ios-3.1.1.45-k9.pkg
9 415956 May 2 2008 05:52:08 +00:00 sslclient-win-1.1.4.176.pkg
18186240 bytes available (45830144 bytes used) -
Cisco 4500X IOS upgrade through ISSU
Hi,
I am having 2 number of cisco 4500x switch and configured with VSS
so one switch is active and another switch is standby.
I am panning to upgrade IOS through ISSU
i read in document that it required auto boot enable in switch.
My switch current Configuration register = 0x2101
do i need to change config register or this will ok. If need to change then what will be auto boot and after IOS upgrade do i need to change it again.
Please help....Hello Tarun,
Please find below the steps to perform the ISSU:
ISSU Prerequisites
Before one can perform an ISSU, there are a few prerequisites one must verify for a successful ISSU. The following list explains what is initially required.
• Must be using a redundant Cisco Catalyst 4500 switch with symmetric hardware (that is, supervisors, memory, rommon, NFL daughter card, and so on).
• Both new and old Cisco IOS Software images must be preloaded to the file system on both supervisors.
• SSO must be configured and working properly.
• Config register must be configured to autoboot (that is, the value should have a "2" in the lowest byte).
45010R-203# sh bootvar | i register
Configuration register is 0x2102
Standby Configuration register is 0x2102
Several commands are available to verify if SSO is enabled:
4510R-203# sh module | b Redundancy
Mod Redundancy role Operating mode Redundancy status
----+-------------------+-------------------+-------------------
1 Standby Supervisor SSO Standby hot
2 Active Supervisor SSO Active
45010R-203# sh redundancy states
my state = 13 -ACTIVE
peer state = 8 -STANDBY HOT
Mode = Duplex
Unit = Secondary
Unit ID = 2
Redundancy Mode (Operational) = Stateful Switchover
Redundancy Mode (Configured) = Stateful Switchover
Redundancy State = Stateful Switchover
<snip>
4507R-ISSU# sh run | b redundancy
redundancy
mode sso
As a step prior to the beginning of the ISSU process, the new version of the Cisco IOS Software image needs to be loaded into both the active and standby supervisors' file systems. Both active and standby supervisor need to contain both the new and old images in the file system. In order to store both new and old images, the supervisors should be upgraded to contain sufficient amounts of flash memory prior to the ISSU process.
The new images can be downloaded into both supervisors using commands such as:
copy tftp: bootflash:
copy tftp: slavebootflash:
The example below illustrates this verification:
4510R-203#dir
Directory of bootflash:/
1 -rwx 13636500 Sep 6 2006 03:18:58 -08:00 cat4500-entservices-mz.122-31.SGA
2 -rwx 13747611 Sep 9 2006 03:19:58 -08:00 cat4500-entservices-mz.122-31.SGA1
4510R-203#dir slavebootflash:
Directory of slavebootflash:/
1 -rwx 13636500 Sep 6 2006 03:18:58 -08:00 cat4500-entservices-mz.122-31.SGA
2 -rwx 13747611 Sep 9 2006 03:19:58 -08:00 cat4500-entservices-mz.122-31.SGA1
Once this check is verified, one can now proceed with the ISSU process.
The ISSU process is started by typing the "issu loadversion" command on the active supervisor. This command directs the active supervisor to begin the ISSU process. The active supervisor, through intersupervisor communications, checks that the requested image has been downloaded into both the active and standby supervisors' file systems. If the required images are not present, the command is rejected, and an appropriate warning is generated.
If the "issu loadversion" command is successful, the switch transitions into the "Load Version" ISSU state. The standby supervisor will reset and boot with the new version of the Cisco IOS Software image loaded into the file system.
The following actions take place when the command is implemented:
1. The standby supervisor (B) is reset.
2. The standby supervisor (B) is booted with the new Cisco IOS Software image: Release 12.2(31)SGA1.
3. If both Cisco IOS Software images are declared as compatible, the standby supervisor moves into SSO mode and is fully stateful for all compatible clients and applications. Compatibility allows for in-service software upgrade or downgrade between two versions to succeed with minimal service effect.
4. If both Cisco IOS Software images are incompatible, the system moves into RPR mode, and the ISSU process is terminated with an appropriate message to the user. Images are declared incompatible when "required" clients or applications are not interoperable between two Cisco IOS Software releases.
5. Standby "B" reaches the standby HOT state.
6. The user has an option to abort the ISSU process by issuing the "issu abortversion" command.
7. The "issu loadversion" command also supports a "forced" option that allows the operator to force the system into entering RPR mode when incompatibility is detected.
Note: When performing an ISSU, disable manual switchovers. Performing manual switchovers during the issu process is strongly discouraged. The current implementation does not prevent it, but it does display a warning to the user.
An example of the CLI for implementing the issu loadversion command is displayed below.
On the active supervisor, one would issue the following command:
4510R-203#issu loadversion 1 bootflash:cat4500-entservices-mz.122-31.SGA1 2 slavebootflash: cat4500-entservices-mz.122-31.SGA1
Syntax - issu loadversion active-slot active-image-new standby-slot standby-image-new
The second step of the ISSU process is to perform the issu runversion CLI.
The user can issue the " issu runversion" command when:
1. The ISSU state is "Load Version"; this can be verified with the "show issu state detail" CLI.
2. The standby supervisor is running the new version of the software.
3. The standby supervisor has moved into the "Standby Hot " state.
The following actions take place when the " issu runversion" command is executed:
1. A switchover occurs; that is, the standby (B) becomes the new active, and the old active (A) is rebooted and comes up as a standby.
2. A timer called "Rollback Timer" is started with a previously configured value.
3. Move both supervisors to "Run Version" state.
4. If the command "issu acceptversion" is not issued before the "Rollback timer" fires, then the entire ISSU process is aborted via the automatic rollback.
5. If the active supervisor console connectivity is established and the "issu acceptversion" command is issued, then the rollback timer is stopped.
6. The user has an option to abort the ISSU process by issuing the "issu abortversion" command.
An example of the CLI for implementing the issu runversion command is displayed below:
On the active supervisor, one would issue the following command:
4510R-203#issu runversion 2 slavebootflash:cat4500-entservices-mz.122-31.SGA1
Syntax - issu runversion standby-slot [standby-image-new]
Prior to issuing the `issu acceptversion' command the system will be counting down the rollback timer. If `issu acceptversion' is not completed before rollback timer expires an automatic abort will occur. This command stops the "Rollback Timer." This command serves as a feedback mechanism. This is an optional command and can be skipped in the ISSU process with the "issu commitversion" CLI.
If this command is not issued within 45 minutes (default) from the time the standby supervisor moves into the "Standby Hot" state, it is assumed that the new active supervisor is not reachable and the entire ISSU process is rolled back to the previous version of the software. The acceptversion is not intended for long-term network operation. It is also important to note that none of the features available on the new version will work yet.
The following actions take place when the command is implemented:
1. The "Rollback Timer" is terminated. This means that the rollback timer is not looked at anymore. Therefore, the system can run in this state for an extended period.
2. The user has an option to abort the ISSU process by issuing the command "issu abortversion."
Aborting the ISSU process now causes the newly active supervisor (B) to fail over to the standby supervisor (A) running the old image and will also cause the rebooting supervisor (B) to load the original image. The issu acceptversion halts the rollback timer and helps ensure the ISSU process is not automatically aborted during the process.
An example of the CLI for implementing the issu acceptversion command is displayed below:
On the "New" active supervisor, one would issue the following command:
4510R-203#issu acceptversion 2
% Rollback timer stopped. Please issue the commitversion command.
Syntax - issu acceptversion active-slot-number
This is the last stage of the ISSU procedure. Once the user is satisfied with the new version of software, this must be committed by issuing the "issu commitversion" command. This command resets the standby supervisor and boots it with a new version of the software (same as the active supervisor). This concludes the ISSU process, and the new version of software is permanently committed on both supervisors. Since this is the conclusion of the ISSU process, the system can not be reverted back to the previous version of the software from this point onward as a part of this upgrade cycle. However, if for any reason users wish to go back to the previous version of the software, they can do so by starting a new upgrade/downgrade process.
The following actions take place if the command is implemented:
1. The standby supervisor (A) is reset and booted with the new version of Cisco IOS Software image.
2. The standby supervisor (A) moves into the "Standby Hot" state in SSO mode and is fully stateful for all clients/applications that are compatible.
3. Both supervisors are moved into "Final State," which is the same as "Initial State."
4. Users can initiate switchovers from this point onward.
An example of the CLI for implementing the issu commitversion command is displayed below:
4510R-203#issu commitversion 1
Syntax - issu commitversion standby-slot-number
ISSU Process: issu abortversion
One can abort the ISSU process at any stage manually (prior to issuing the issu commitversion command) by issuing the exec-level issu abortversion command. The ISSU process also aborts on its own if the software detects a failure.
If a user aborts the process after issuing the issu loadversion command, then the standby supervisor engine is reset and reloaded with the original software.
If the process is aborted after a user enters either the issu runversion or issu acceptversion command, then a second switchover is performed to the new standby supervisor engine that is still running the original software version.
The supervisor engine that had been running the new software is reset and reloaded with the original software version. The command is accepted only in "Load Version" or "Run Version" states. In "Load Version" state, the active supervisor is running an old image and the standby supervisor is running new image.
Syntax - issu abortversion active-slot [active-image-new]
Let me know if you have any questions. -
Router platform and IOS version to support MPLS
I have few Cisco 2621 routers and one 3640 router, could I use these router to create a MPLS VPN lab? if so , what is the minimum IOS version required?
Thanks in advance.The minimum hardware and software image tu support MPLS can be found at www.cisco.com/go/fn select search by feature and in the search box put MPLS (Multiprotocol Label Switching) there you can find the platform and IOS to support basic MPLS, but you need to consider the fact that supporting MPLS special features like AToM can only be supported on some 7200, 7500, 7600, 10000 and 12000, http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide_chapter09186a0080153e64.html#1030652
-
I want to upgrade the IOS of my Cisco 2821 from Version 12.4(11) to v 15.1 (XB), but I have CCME v 4.2 (0), is there any problem if I only upgrade the IOS and leave the CCME as it ?
ThanksCME is part of the IOS, so you can't upgrade the IOS seperately from CME.
That said, if this is a production environment you should proceed with caution and be prepared to roll back as you may find bugs, etc.
You should also look at release notes and make sure your phone firmware will still work or needs to be upgraded too.
Brandon -
How can I achieve IOS content filtering using a Cisco router
Good day Everybody.
I would like to set up content filtering using IOS on my Cisco router. I already know how to do URL filtering but I want to restrict access to sites based on categories.
Is this possible without having to introduce an external device?Natively in IOS this is not possible. However you can configure CWS (Cisco Web Security). The router will forward web requests to a cloud based web security service.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps10142/ps11720/data_sheet_c78-729637.html -
WRVS4400S Cisco Router to Fortinet VPN Issue
I created the VPN between WRCS4400N and Fortinet 111c and tunnel is up. When i am pinging my cisco subnet (10.0.20.0) from fortinet, its pinging. But when i am pinging fortinet (10.0.1.8) or any ip of this subnet from cisco router its not pinging.
I have real IP on my Fortinet and dyndns on Cisco Router. The simple diagram is attached for my vpn network. I think its routing issue, i have to add route in cisco router but i don't know what route i have to add there in order work the vpn perfectly. kindly help...Hi Muhammad,
since this question is about a product in the Cisco Small Business / Linksys range, I suggest you move it to the community, where you will have a better chance of getting expert advice.
best regards,
Herbert
Cisco Moderator -
IOS 7.1. Unable to join the network (Cisco Router)
I have an iPhone 5s (iOS 7.1. GM - Public). My phone and wifi connections worked fine until last week.
Now when I have tried connecting to my home wifi network (using CISCO router; other wifi connections are working normally), my phone is giving me the message "enter the password" and there is an username too. So, it is impossible to connect to wifi network - "unable to join the network".
I tried to Reset Network Settings on iPhone, and Restore an iPhone (over iTunes), reset cisco router to factory settings etc. without success.. any idea what could be wrong?Hi kopacev!
You may need to make sure that your router settings conform to the suggested settings in the following article for best performance:
iOS and OS X: Recommended settings for Wi-Fi routers and access points
http://support.apple.com/kb/ht4199
Thanks for being a part of the Apple Support Communities!
Cheers,
Braden -
I have 3 1941 Routers with IOS version 15.1(4)M3(MD). I noticed that the latest releases are into the 15.5's but the stable recommended ones are 15.4's. My question is that are there any pre-req's or suggested upgrades paths before getting 15.3.3M5(MD)? Also same goes for the next stable one 15.4.3M2(ED) and I do know the differences between ED and MD just wasn't sure of the orders. Any help is appreciated.
Does it matter in a security sense for this choice?
It matters to me. If I use an IOS with a "K9" this means I can run SSH and other crypto-related commands. Very useful.
Also is the rommon upgrade update the bootstrap or is it another software type?
When you boot up an appliance, the bootstrap is run FIRST before the IOS gets loaded into the memory. So it's another type of software upgrade. If you are smart, you can upgrade the bootstrap AND the IOS with one reboot of the appliance. And this is how it's done:
1. Copy the IOS into the appliance. Do everything you need to do, like change the boot variable string (if required) but DO NOT REBOOT the appliance just yet;
2. Upgrade the ROMmon using the command: upgrade rom-monitor file tftp://<TFTP IP address>/bootstrap_filename
When you upgrade the bootstrap the router will automatically reboot the appliance. So, one reboot only.
Maybe you are looking for
-
Problem opening logic 9 in Mountain Lion
Hi there Just bought a new 13" Pro and wondered if anyone else has had problems opening Logic in Mountain Lion. The whole of Logic Studio has been successfully moved across with Migration asssistant, except Logic Pro itself whichwon't open because: '
-
Hi Gurus 1 )According to my understanding can I say All objects in a request will be locked if the request is not released. All objects in a request will be unlocked if the request is released. 2 )My question is what locks the objects. 3)Any other ca
-
We are using Oracle 9iAS enterprise Edition with OC4J. The version is 1.0.2.2.1 . When I run huge SQL query throgh java servlet agains Oracle Database, oc4j crashes with following error. Unexpected Signal : 10 occurred at PC=0xfe5892a8 Function name=
-
i have a season pass for a tv show and it is preventing me from updating my country of location for the store sicne I moved from USA to UK. how do I cancel a season pass?
-
Inspiration Browser update.
I never downloaded the Inspration Browser only Photoshop Elements. Now there's an update? How do I get it?