L3VPN on Cisco ASR9001 IOS XF 4.3.1 (PE router)
Hi all,
I need to know if this configuration is correct on Cisco ASR 9001 to have L3VPN.
This CISCO should be a PE router (other PE router is in another Autonomous System).
RP/0/RSP0/CPU0:ASR9001-2#sh running-config
Mon Oct 6 06:11:16.434 UTC
Building configuration...
!! IOS XR Configuration 4.3.1
!! Last configuration change at Sun Oct 5 08:23:50 2014 by admin
hostname ASR9001-2
telnet vrf default ipv4 server max-servers 100
ptp
clock
domain 1
profile 1
multicast
transport ethernet
port state slave-only
clock operation two-step
profile 2
transport ethernet
vrf vpnv4
address-family ipv4 unicast
import route-target
65000:111
65001:111
export route-target
65000:111
interface Loopback0
ipv4 address 10.85.0.67 255.255.255.255
interface Loopback1
vrf vpnv4
ipv4 address 2.2.2.2 255.255.255.255
interface MgmtEth0/RSP0/CPU0/0
shutdown
interface MgmtEth0/RSP0/CPU0/1
ipv4 address 10.44.107.35 255.255.255.128
interface GigabitEthernet0/0/0/0
shutdown
interface GigabitEthernet0/0/0/1
ptp
profile 2
shutdown
interface GigabitEthernet0/0/0/2
shutdown
interface GigabitEthernet0/0/0/3
shutdown
interface GigabitEthernet0/0/0/4
shutdown
interface GigabitEthernet0/0/0/5
shutdown
interface GigabitEthernet0/0/0/6
shutdown
interface GigabitEthernet0/0/0/7
shutdown
interface GigabitEthernet0/0/0/8
shutdown
interface GigabitEthernet0/0/0/9
shutdown
interface GigabitEthernet0/0/0/10
shutdown
interface GigabitEthernet0/0/0/11
shutdown
interface GigabitEthernet0/0/0/12
shutdown
interface GigabitEthernet0/0/0/13
shutdown
interface GigabitEthernet0/0/0/14
shutdown
interface GigabitEthernet0/0/0/15
shutdown
interface GigabitEthernet0/0/0/16
shutdown
interface GigabitEthernet0/0/0/17
shutdown
interface GigabitEthernet0/0/0/18
shutdown
interface GigabitEthernet0/0/0/19
shutdown
interface TenGigE0/0/1/0
mtu 9216
shutdown
interface TenGigE0/0/1/1
mtu 9000
ptp
profile p1
ipv4 address 10.85.52.5 255.255.255.252
interface TenGigE0/0/1/2
shutdown
interface TenGigE0/0/1/3
mtu 9000
ipv4 address 10.85.52.1 255.255.255.252
interface TenGigE0/0/2/0
shutdown
interface TenGigE0/0/2/1
shutdown
interface TenGigE0/0/2/2
shutdown
interface TenGigE0/0/2/3
shutdown
router static
address-family ipv4 unicast
10.40.0.0/14 10.44.107.1
141.0.0.0/8 10.44.107.1
router ospf 1
router-id 10.85.0.67
mpls ldp sync
mpls ldp auto-config
area 0.0.0.0
mtu-ignore enable
interface Loopback0
passive enable
interface TenGigE0/0/1/1
interface TenGigE0/0/1/3
router bgp 65000
bgp router-id 10.85.0.67
address-family ipv4 unicast
network 10.85.0.67/32
address-family vpnv4 unicast
neighbor 10.85.0.71
remote-as 65000
update-source Loopback0
address-family ipv4 unicast
address-family vpnv4 unicast
neighbor 10.85.0.72
remote-as 65000
update-source Loopback0
address-family ipv4 unicast
address-family vpnv4 unicast
vrf vpnv4
rd 10.85.0.67:111
address-family ipv4 unicast
redistribute connected
redistribute static
mpls ldp
router-id 10.85.0.67
interface TenGigE0/0/1/1
interface TenGigE0/0/1/3
ssh server v2
ssh server session-limit 100
end
"New pin mode is not supported if you are using the RSA native protocol."
I am very aware of this.
"Use the Radius protocol on the RSA Authentication Manager for features like New pin , next token mode etc."
I am also very aware of this too.
However, I do not want to use radius on the
RSA Authentication Manager. I want to use
tacacs+ in the ACS but off-load the
authentication database piece to RSA. I
want to use tacacs because I want to have
separations between Authentication and
Authorization, which is not possible with
radius.
From the router's perspective, it does not
know anything about RSA, it only knows ACS.
Are you saying that even though ACS passes the
credentials to RSA, it is still RSA native
protocol? i.e. udp port 5500?
Thanks.
Similar Messages
-
Nexus 2K to Cisco 2960 IOS Switch
Hi,
I am trying to connect Nexus 2K FEX to Cisco 2960 IOS Switch (Trunk config) and causing spanning tree loop having issues. I am aware that I should't be connecting non host port to 2K FEX but it's corner case. I have done similar setup with Access Port configuration and didn't faced any issues.
Nexus 5K config Config
interface Ethernet107/1/47
switchport mode trunk
switchport trunk allowed vlan 500-501
spanning-tree guard root
spanning-tree bpdufilter enable
interface Ethernet108/1/47
switchport mode trunk
switchport trunk allowed vlan 500-501
spanning-tree guard root
spanning-tree bpdufilter enable
2960-Config
interface GigabitEthernet1/0/47
switchport mode trunk
switchport trunk allowed vlan 500-501
spanning-tree bpdufilter enable
interface GigabitEthernet1/0/48
switchport mode trunk
switchport trunk allowed vlan 500-501
spanning-tree bpdufilter enable
Error Log
%FWM-2-STM_LOOP_DETECT: Loops detected in the network for mac 001b.1700.0130 among ports Eth107/1/47
Eth108/1/47 vlan 500 - Disabling dynamic learn notifications for 180 seconds
Should I configure port as "spanning-tree port type network" and create VPC and "storm-control broadcast level" to stop future occurrence? OR Do i have to configure anything else to prevent spanning-tree loops?
Thanks for your help
RiteshHi,
spanning-tree port type network is used for VPC peer-link. Try creating a new VPC and add ports 107/1/47 and 108/1/47 to it and a Portchannel on the 2960 and test.
HTH -
Can't find the cisco mobile ios type
hello,
i use CCA version 3.2, i want to add a cisco mobile ios to the UC520 system so i installed the cisco jabber in my phone but when i tried to add the extension line of the phone in CCA i don't find the type cisco mobile ios with what type can i define the android phone?Your question is a bit confusing, but it looks like you are asking what phone type you should choose for an android phone?
Android is NOT supported as a Jabber client on the UC5XX series.
iPhone is the only supported platform, and only the voice/voicemail component (no video or chat). iPad/Android/etc are NOT supported at all.
-Dan
Please rate useful posts. -
Hello to everyone,
I write because I have decided to pass from a cisco 2811 with ios 12.4/k9 to a cisco 1941 ios 15/k9, migrating configuration I have a problem with the ZBF.
I do not know if it's a problem of policy or differences between ios.
Could someone help me please?
Thank you all in advance
Regards,
Salvatore
Update: Configuration modified and IOS upgrade.Salvatore,
I don't know what problem exactly you face with your ZBF, but this may help you trbouleshooting your ZBF.
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a0080a63b94.shtml
Thanks! -
Can I use the Cisco license transfer tool to rehost licenses from router 2900 to new router 2900? is not rma process
thank youYes you can.
Alternatively, you can email [email protected] -
Cisco SSL-VPN / webvpn with Cisco 2901 IOS 15.3.3M
Dear Community,
I have a strange issue that I am hoping some of you will be able to assist with.
I am running an environment with the following specifications
Cisco ISR G2 2901 with IOS 15.3.3M
Security Licence enabled
Data Licence enabled
VPN Licence enabled
Cisco ISR G2 2951 with IOS 15.3.3M
Security Licence enabled
Data Licence enabled
SM with ESX server.
Desktop Environment
Windows XP SP3
Internet Explorer 8
Desktop Environment 2
Windows 8
Internet Explorer 10
I have a ESX server set up with a web page on the 2951. The 2901 unit has a SSL VPN / web vpn service set up on it to allow the Desktop Environments to connect to the 2951 web page. The Desktop Environments are not allowed to directly connect to the 2951 router that is why the SSL-VPN / web vpn is used.
This system was initially working with IOS 15.2.4M2 however an update of the IOS was required and now the VPN does not fully function correctly.
PROBLEM: Now the webvpn interface loads with the welcome screen and login. After logging in it has a screen with a link to the webpage on the 2951. When I try open this webpage on the 2951 and the SSL-VPN starts to build I only get half my web page. There seems to be a problem where I only get half a page loading or just a blank page with just HTML headers. I have tried changing the page to just HTML but it still does not display properly. This is with Internet Explorer ( all versions ). With firefox there are no problems but I cannot run this browser as my environment will not allow it.
If anyone can assit me here it would really make my day.
Thanks,
WillCan anyone help with this ?
-
Cisco wlc ios 7.2 with clients windows 8 can not authenticate with 802.1x
Hello my name is Ivan:
I have a solution a unified solution wireless with a cisco wlc 7.2 and ap cisco. My issue is the follow:
My users are using laptops with OS windows 8, and they can not access to the network wireless because they authenticate in to the network using 802.1x wpa/wpa2 with tkip or aes.
I find a bug in the ios of the wlc. The number is CSCua29504. I would not to change the drivers in the laptop to join the users in to the solution.
Please is possible to find any software to do the upgrade in the wlc? Or perhaps we need to do an upgrade in to cisco lightweight access point?
Please help me in this issue.
Regards
IvanBug ID CSCua29504 has been fixed in WLC firmware 7.0.235.3, 7.3.101.X or 7.4.100.X.
So if you are NOT running any one of these codes, then yes. Upgrade your firmware is your solution.
Fixed in: (12)
7.4(100.0),7.4(1.20),7.3(112.0),7.3(101.0),7.3(1.67)
7.2(111.3),7.2(111.1),7.2(110.4),7.0(236.0),7.0(235.3) -
How do you backup a Cisco 2950 IOS image?
I cant find anywhere on Cisco's website on how to do this or anywhere else for that matter.
Hector,
The copy tftp method is the most commonly used method to copy files from flash to a TFTP server or vice versa. But if you have CMS (cluster management suite) instlled on your flash, there will be an associated html folder and many other files that are extracted in flash. To upload these files, along with the IOS image, you will need to use the following command.
archive upload-sw tftp:///IOS-CMS2950.tar
This will compress all the files (IOS and CMS files) together in a tar (compressed) format and upload it to the TFTP server specified by
Copying each of the above files individually will consume a lot of time. -
Cisco IOS XE is vulnerable to CVE-2014-0160 - aka Heartbleed CSCuo19730 on Cisco 4500E IOS XE?
Hello Experts,
I need to find out what exact IOS XE software version on Catalyst 4507E will affect by Heartbleed.
Cisco WS-C4507R+E
WS-X45-SUP7-E
Thanks in advance.@apieper, looking at the bug details, it doesn't look like you are affected.
Conditions:
Cisco IOS XE devices running release 3.11.0S, 3.11.1S or 3.12.0S and with the WebUI interface over HTTPs enabled. No other versions of Cisco IOS XE are affected.
Devices with the WebUI interface enabled and using HTTPs as transport protocol will include the following configuration:
transport-map type persistent webui http-webui
secure-server
ip http secure-server
transport type persistent webui input http-webui
Devices running IOS XE release 3.11.0S, 3.11.1S or 3.12.0S but WITHOUT the WebUI interface enabled, or with the WebUI interface enabled but NOT using HTTPs as transport protocol are NOT AFFECTED by this vulnerability.
Devices running IOS XE release 3.11.0S, 3.11.1S or 3.12.0S and with the HTTPs server enabled (by including in their configuration the line "ip http secure-server") are NOT affected. Both the HTTPs server and the WebUI interface need to be enabled for a device to be vulnerable. -
Hi All ,
Is there any document or a tool to know the vulnerabilities in the
a specific asa version with a specific release?or any site can help
to search on it with a specific version.my version is 8.2(2)17jkickli wrote:Ahmed, curious if you ever figured this out? I clicked on the links above but as you stated earlier, these only list the most recent advisories and do not specifically tell you all of the vulnerabilities are by version. Obviously they have this available for IOS versions but can't seem to find it for ASA/Pix. Did you ever find it?
Cisco Security Advisories and Responses or
Security Intelligence Operations -
Cisco Mobile 8.0 vs Cisco Jabber (iOS)
Strange problem that a few users on my campus started noticing, that I also have been able to replicate. I can sit at my desk (approximately 15ft. from an access point) and make a call with Cisco Jabber. The call will be dropped within 2 minutes consistently. With the same server settings, etc. loaded into Cisco Mobile 8.0 I can make a call to the same number, from the same location and stay connected for 30 minutes or more (as long as I tested). 2 or 3 other iOS users have been able to replicate this problem. At least 2 of us are on iOS 5 and I believe the 3rd user is on IOS 4.3.x.
Ideas?
Thanks
~TomWe're having this same issue. We're running CUCM 8.0.3. Cisco Mobile 8.x worked great - but the latest Jabber for iPhone (8.6.5.18781) is experiencing these issues. We are also running iOS 5.1.1 (the latest).
This is causing alot of frustration for our users as I'm sure it is for other people also.
Thanks,
Jon -
I purchased a Cisco router (2514)from eBay and it came with everything to hook this router up however I was wondering how I can tell what IOS it is running and how I can see what the latest version IOS is available for this router? The documentaion that came w/ the router shows a software v. of 12.2, ROM System Bootstrap v. 11.0(10c) but that means nothing to me since I am kind of jumping in head first.
I found this URL but can't find the info I was looking for unless I missed it.
Thanks for any help.If you do a sh version - for ex: the following is output of one of the router I have here..The ones in bold indicate the version of IOS running on router.
Router>sh ver
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3640-IK9O3S-M), Version 12.2(15)T9, RELEASE SOFTWARE (
fc2)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Sat 01-Nov-03 02:47 by ccai
Image text-base: 0x60008950, data-base: 0x61D88000
ROM: System Bootstrap, Version 11.1(20)AA1, EARLY DEPLOYMENT RELEASE SOFTWARE (f
c1)
GDT3640Int uptime is 8 weeks, 5 days, 11 hours, 31 minutes
System returned to ROM by bus error at PC 0x62395B58, address 0x4953444E at 22:5
1:38 cdt Fri Oct 8 2004
System restarted at 22:54:55 cdt Fri Oct 8 2004
System image file is "flash:c3640-ik9o3s-mz.122-15.T9.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco 3640 (R4700) processor (revision 0x00) with 124928K/6144K bytes of memory.
Processor board ID 14465801
R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
Primary Rate ISDN software, Version 1.1.
Basic Rate ISDN software, Version 1.1.
2 Ethernet/IEEE 802.3 interface(s)
25 Serial network interface(s)
1 ISDN Basic Rate interface(s)
1 Channelized T1/PRI port(s)
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102 -
Cisco 1040 IOS to CAPWAP possible?
I´m looking to a project where we want to start using Autonomous AP with possibility to change to controller based on near future.
Will Cisco Aironet 1040 Series Access Points allow us to change from IOS to CAPWAP when needed? I read some posts about the oposite process (CAPWAP to IOS) so I think it´s possible on both way. Can some one confirm this to me?Hi,
Here is the way we convert the AP from LWAPP to IOS (make sure you are using the right image), example is for 1142 AP..
The image that is on the device is LWAPP one, not the autonomous.. if you want to use the AP in autonomous mode then the image should be W7.. that is..
c1140-k9w7-tar.124-21a.JY.tar not c1140-rcvk9w8-tar.124-23c.JA.tar
I request you to do download any image from the below link and perform the conversion from LWAPP image to autonomous..
http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=IOS+Software&mdfid=282439881&treeName=Wireless&mdfLevel=Model&url=null&modelName=Cisco+Aironet+1140+Access+Point&isPlatform=N&treeMdfId=278875243&modifmdfid=null&imname=&hybrid=Y&imst=N
the methos to convert is..
download TFTPd32 from google and install it on ur PC.. point the image that you have downloaded in the TFTP server..
connect a ethernet cable between ur laptop and AP.. both should be in the same subnet.. and connect a console cable and get the hyperterminal console access and issue the command.. make sure you are able to ping the PC and the AP and vice versa!!
AP>en
AP#debug lwapp console cli or debug capwap console cli
AP#config t
AP(confg)int fa 0
AP(confg-if)ip addr (same subnet as that of the laptop)
AP(confg-if)end
AP#archieve download-sw /force-reload /overwrite tftp:///
AP#archieve download-sw /force-reload /overwrite tftp://<10.0.0.5>/c1140-k9w7-tar.124-21a.JY.tar
The above command will do it for you!!
lemme know if this answered your question..
Regards
Surendra
====
Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull -
Is it possible to use a Cisco 2800 IOS H323 voice gateway for video conferencing over ISDN?
I have seen this page and was wondering if what it says actually is possible and works? I also have got a CUCM 8.6 that I would like to use for call routing via my old 2600XM gatekeeper.
http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/h320gw.html#wp1047659I have seen this page and was wondering if what it says actually is possible and works? I also have got a CUCM 8.6 that I would like to use for call routing via my old 2600XM gatekeeper.
http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/h320gw.html#wp1047659 -
Cisco 4500X IOS upgrade through ISSU
Hi,
I am having 2 number of cisco 4500x switch and configured with VSS
so one switch is active and another switch is standby.
I am panning to upgrade IOS through ISSU
i read in document that it required auto boot enable in switch.
My switch current Configuration register = 0x2101
do i need to change config register or this will ok. If need to change then what will be auto boot and after IOS upgrade do i need to change it again.
Please help....Hello Tarun,
Please find below the steps to perform the ISSU:
ISSU Prerequisites
Before one can perform an ISSU, there are a few prerequisites one must verify for a successful ISSU. The following list explains what is initially required.
• Must be using a redundant Cisco Catalyst 4500 switch with symmetric hardware (that is, supervisors, memory, rommon, NFL daughter card, and so on).
• Both new and old Cisco IOS Software images must be preloaded to the file system on both supervisors.
• SSO must be configured and working properly.
• Config register must be configured to autoboot (that is, the value should have a "2" in the lowest byte).
45010R-203# sh bootvar | i register
Configuration register is 0x2102
Standby Configuration register is 0x2102
Several commands are available to verify if SSO is enabled:
4510R-203# sh module | b Redundancy
Mod Redundancy role Operating mode Redundancy status
----+-------------------+-------------------+-------------------
1 Standby Supervisor SSO Standby hot
2 Active Supervisor SSO Active
45010R-203# sh redundancy states
my state = 13 -ACTIVE
peer state = 8 -STANDBY HOT
Mode = Duplex
Unit = Secondary
Unit ID = 2
Redundancy Mode (Operational) = Stateful Switchover
Redundancy Mode (Configured) = Stateful Switchover
Redundancy State = Stateful Switchover
<snip>
4507R-ISSU# sh run | b redundancy
redundancy
mode sso
As a step prior to the beginning of the ISSU process, the new version of the Cisco IOS Software image needs to be loaded into both the active and standby supervisors' file systems. Both active and standby supervisor need to contain both the new and old images in the file system. In order to store both new and old images, the supervisors should be upgraded to contain sufficient amounts of flash memory prior to the ISSU process.
The new images can be downloaded into both supervisors using commands such as:
copy tftp: bootflash:
copy tftp: slavebootflash:
The example below illustrates this verification:
4510R-203#dir
Directory of bootflash:/
1 -rwx 13636500 Sep 6 2006 03:18:58 -08:00 cat4500-entservices-mz.122-31.SGA
2 -rwx 13747611 Sep 9 2006 03:19:58 -08:00 cat4500-entservices-mz.122-31.SGA1
4510R-203#dir slavebootflash:
Directory of slavebootflash:/
1 -rwx 13636500 Sep 6 2006 03:18:58 -08:00 cat4500-entservices-mz.122-31.SGA
2 -rwx 13747611 Sep 9 2006 03:19:58 -08:00 cat4500-entservices-mz.122-31.SGA1
Once this check is verified, one can now proceed with the ISSU process.
The ISSU process is started by typing the "issu loadversion" command on the active supervisor. This command directs the active supervisor to begin the ISSU process. The active supervisor, through intersupervisor communications, checks that the requested image has been downloaded into both the active and standby supervisors' file systems. If the required images are not present, the command is rejected, and an appropriate warning is generated.
If the "issu loadversion" command is successful, the switch transitions into the "Load Version" ISSU state. The standby supervisor will reset and boot with the new version of the Cisco IOS Software image loaded into the file system.
The following actions take place when the command is implemented:
1. The standby supervisor (B) is reset.
2. The standby supervisor (B) is booted with the new Cisco IOS Software image: Release 12.2(31)SGA1.
3. If both Cisco IOS Software images are declared as compatible, the standby supervisor moves into SSO mode and is fully stateful for all compatible clients and applications. Compatibility allows for in-service software upgrade or downgrade between two versions to succeed with minimal service effect.
4. If both Cisco IOS Software images are incompatible, the system moves into RPR mode, and the ISSU process is terminated with an appropriate message to the user. Images are declared incompatible when "required" clients or applications are not interoperable between two Cisco IOS Software releases.
5. Standby "B" reaches the standby HOT state.
6. The user has an option to abort the ISSU process by issuing the "issu abortversion" command.
7. The "issu loadversion" command also supports a "forced" option that allows the operator to force the system into entering RPR mode when incompatibility is detected.
Note: When performing an ISSU, disable manual switchovers. Performing manual switchovers during the issu process is strongly discouraged. The current implementation does not prevent it, but it does display a warning to the user.
An example of the CLI for implementing the issu loadversion command is displayed below.
On the active supervisor, one would issue the following command:
4510R-203#issu loadversion 1 bootflash:cat4500-entservices-mz.122-31.SGA1 2 slavebootflash: cat4500-entservices-mz.122-31.SGA1
Syntax - issu loadversion active-slot active-image-new standby-slot standby-image-new
The second step of the ISSU process is to perform the issu runversion CLI.
The user can issue the " issu runversion" command when:
1. The ISSU state is "Load Version"; this can be verified with the "show issu state detail" CLI.
2. The standby supervisor is running the new version of the software.
3. The standby supervisor has moved into the "Standby Hot " state.
The following actions take place when the " issu runversion" command is executed:
1. A switchover occurs; that is, the standby (B) becomes the new active, and the old active (A) is rebooted and comes up as a standby.
2. A timer called "Rollback Timer" is started with a previously configured value.
3. Move both supervisors to "Run Version" state.
4. If the command "issu acceptversion" is not issued before the "Rollback timer" fires, then the entire ISSU process is aborted via the automatic rollback.
5. If the active supervisor console connectivity is established and the "issu acceptversion" command is issued, then the rollback timer is stopped.
6. The user has an option to abort the ISSU process by issuing the "issu abortversion" command.
An example of the CLI for implementing the issu runversion command is displayed below:
On the active supervisor, one would issue the following command:
4510R-203#issu runversion 2 slavebootflash:cat4500-entservices-mz.122-31.SGA1
Syntax - issu runversion standby-slot [standby-image-new]
Prior to issuing the `issu acceptversion' command the system will be counting down the rollback timer. If `issu acceptversion' is not completed before rollback timer expires an automatic abort will occur. This command stops the "Rollback Timer." This command serves as a feedback mechanism. This is an optional command and can be skipped in the ISSU process with the "issu commitversion" CLI.
If this command is not issued within 45 minutes (default) from the time the standby supervisor moves into the "Standby Hot" state, it is assumed that the new active supervisor is not reachable and the entire ISSU process is rolled back to the previous version of the software. The acceptversion is not intended for long-term network operation. It is also important to note that none of the features available on the new version will work yet.
The following actions take place when the command is implemented:
1. The "Rollback Timer" is terminated. This means that the rollback timer is not looked at anymore. Therefore, the system can run in this state for an extended period.
2. The user has an option to abort the ISSU process by issuing the command "issu abortversion."
Aborting the ISSU process now causes the newly active supervisor (B) to fail over to the standby supervisor (A) running the old image and will also cause the rebooting supervisor (B) to load the original image. The issu acceptversion halts the rollback timer and helps ensure the ISSU process is not automatically aborted during the process.
An example of the CLI for implementing the issu acceptversion command is displayed below:
On the "New" active supervisor, one would issue the following command:
4510R-203#issu acceptversion 2
% Rollback timer stopped. Please issue the commitversion command.
Syntax - issu acceptversion active-slot-number
This is the last stage of the ISSU procedure. Once the user is satisfied with the new version of software, this must be committed by issuing the "issu commitversion" command. This command resets the standby supervisor and boots it with a new version of the software (same as the active supervisor). This concludes the ISSU process, and the new version of software is permanently committed on both supervisors. Since this is the conclusion of the ISSU process, the system can not be reverted back to the previous version of the software from this point onward as a part of this upgrade cycle. However, if for any reason users wish to go back to the previous version of the software, they can do so by starting a new upgrade/downgrade process.
The following actions take place if the command is implemented:
1. The standby supervisor (A) is reset and booted with the new version of Cisco IOS Software image.
2. The standby supervisor (A) moves into the "Standby Hot" state in SSO mode and is fully stateful for all clients/applications that are compatible.
3. Both supervisors are moved into "Final State," which is the same as "Initial State."
4. Users can initiate switchovers from this point onward.
An example of the CLI for implementing the issu commitversion command is displayed below:
4510R-203#issu commitversion 1
Syntax - issu commitversion standby-slot-number
ISSU Process: issu abortversion
One can abort the ISSU process at any stage manually (prior to issuing the issu commitversion command) by issuing the exec-level issu abortversion command. The ISSU process also aborts on its own if the software detects a failure.
If a user aborts the process after issuing the issu loadversion command, then the standby supervisor engine is reset and reloaded with the original software.
If the process is aborted after a user enters either the issu runversion or issu acceptversion command, then a second switchover is performed to the new standby supervisor engine that is still running the original software version.
The supervisor engine that had been running the new software is reset and reloaded with the original software version. The command is accepted only in "Load Version" or "Run Version" states. In "Load Version" state, the active supervisor is running an old image and the standby supervisor is running new image.
Syntax - issu abortversion active-slot [active-image-new]
Let me know if you have any questions.
Maybe you are looking for
-
Firefox won't open after restart
After I updated Firefox, it will work until I restart my computer. Then it simply won't open at all and will eventually come up with a blank window that doesn't respond. I've had this issue for months and have simply switched to Google Chrome because
-
"An error occurred while reading the configuration"
I updated my Time Capsule (1tb, old) with the new software last night (to 7.4.1 from 7.3.2). The upgrade process seemed to work fine. I then tried to go into the TC with Airport Utility 5.4.1 and when I click on the TC, I get a message that says, 'An
-
ALERT!!!! MANUFACTURER DEFECT IN HAVEN
I had the same issue with the VERIZON SAMSUNG HAVEN as a number of others and everyone at the Verizon store seems to act like this is an unusual problem. It's funny how in a separate blog VERIZON has deemed this problem SOLVED. It's not. There is a
-
Loan:Loan Partner is disappear after upgrade from 4.6C to ECC6
Hey,gus, Anybody have the same problems? When we use t-code:FNVS to display old contract(created in 4.6C),Loan partner is disappar. But I create new contract in ECC6,the loan partner could be showed. Why? Anybody know the answer?How can I do for thi
-
Hardware up-to-date approval?
How long should Apple take for the Hardware up-to-date Program approval? I bought a MBP in late June and qualify for this, but I ordered it directly from Apple via the online store. The UTD online approval only worked if you could enter a purchase si