IOS XE image upgrades (Cloud Monitoring for Catalyst switches)

Introduction

 

Cloud Monitoring for Catalyst allows upgrading the version of IOS XE on a monitored Catalyst switch using a simple centralized interface in Dashboard.

 

Prerequisites:

• The switch(es) to upgrade must already be onboarded and connected to Dashboard. More information about Cloud Monitoring and how to onboard is available at: https://documentation.meraki.com/Cloud_Monitoring_for_Catalyst.

• The switch must currently be in install mode. Upgrades from bundle mode are not currently supported. More details are available at: https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-series-switches/216231-upgrade-guide-for-cisco-catalyst-9000-sw.html.

• The switch is running a version lower than IOS XE 17.9.5. Downgrades are not currently supported.

  • If desired, downgrades can be performed manually: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-9/release_notes/ol-17-9-9300/upgrading_the_switch_software.html#task_dkx_gm3_jmb

• Switches must be permitted to access the destination below corresponding to the Dashboard region of the network:

  • North America: 9200-s3sdk-ciscodnacloud.s3.us-west-2.amazonaws.com (TCP 443)

  • Europe: mm-prd-ciscodnacloud-eu.s3.eu-central-1.amazonaws.com (TCP 443)

  • Asia/Pacific: mm-prd-ciscodnacloud-ap.s3.ap-southeast-1.amazonaws.com (TCP 443)

(See known issues below regarding TCP 80 firewall requirement.)

• Switches must have an active DNA Advantage or DNA Essentials license.

 

Caveats/known issues:

• Image upgrade in Dashboard is not currently topology-aware. If simultaneous upgrades are initiated, and one of these switches is in the upstream path of another, the process could fail on a downstream switch.

• Image upgrade is currently only supported with a target version of IOS XE 17.9.4a or IOS XE 17.9.5.

• Detection of install mode requires use of a package file named packages.conf. Alternate package file names are not currently supported and will result in an error that the switch is not currently in install mode.

• In some circumstances, the switch may attempt to download the IOS XE image from the cloud using TCP 80 instead of TCP 443. However, all communication is encrypted using HTTPS. Due to this issue, failed downloads may result if an upstream firewall is blocking TCP 80 outbound traffic.

• Connections to the cloud may fail when the default route is sourced directly from a port-channel interface

 

Preparing for IOS XE upgrades

 

To ensure your switch upgrades successfully, confirm there is sufficient free space available in flash memory:

• Catalyst 9200 series switches require at least 1 GB of free space.

• Catalyst 9300 and 9500 series switches require at least 2.5 GB of free space.

 

Available space and current file sizes can be verified using dir flash:

 

To assist with cleanup of unused image and package files in flash memory, the install remove inactive  command can be used. This will permanently delete any system image and package files not currently in use by IOS XE.

 

 

Performing IOS XE upgrades

 

A new section is available for Cloud Monitored devices. Within Organization -> Firmware Upgrades, the Schedule Upgrades tab contains a section for Cloud Monitored.

 

 

Within the Cloud Monitoring section, select one or more switches to upgrade. Up to 10 switches can be selected simultaneously. Stacked switches are represented as a single device, and all members will be upgraded.

 

Click Schedule Upgrade and confirm the desired target version for each switch.

 

Select if you would like to perform the upgrade now or schedule a future time. Note that all time selections are in the timezone assigned to the network in Dashboard.

 

 

After confirming, the status can be viewed in the status column. Upgrades can be canceled before starting but not while in progress. For upgrades initiated using “upgrade now”, there is a five minute delay to permit cancellation before the process begins.

 

 

When the process begins, checks are performed to determine if the switch is eligible for an upgrade based on its current version. Available free space, license status, and ensuring the switch is currently in install mode will also be verified.

 

After the image upgrade begins in Dashboard, the .bin file will be downloaded to the switch from the cloud, the upgrade will be performed, and the switch will be reloaded. The switch will show as disconnected from Dashboard while it reloads and may take a few minutes to update version information after reconnecting.

 

The total time will vary depending on download speed.

 

 

---