Upgrade Cisco 4500 Switches IOS and ROMM and Failed to Enable VSS (Virtual Switching System) - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Sunday, November 5, 2017

Upgrade Cisco 4500 Switches IOS and ROMM and Failed to Enable VSS (Virtual Switching System)

In one of my clients environment, there are two Cisco 4510 running and HSRP has been configured. It has been discussed to upgrade it to VSS (Virtual Switching System) during last a couple of months. The main driven to get VSS is to have dual homed hosts run Etherchannel to connect to those two 4510R+E switches. Obviously converting the core switches to VSS (and having MEC - Multichassis EtherChannel - configured in dist/access switches) helps you to improve overall performance as both fabric will be active in VSS and traffic load-balanced. No more STP blocking port in the dist/access switches, while getting chassis-level redundancy.

There were a try to implement VSS but failed. All steps were recorded here to future reference since it is still working on. The Error messages show IOS version mismatch although both 4510R+E are having same IOS version:

*Oct 22 13:49:30.890: %C4K_REDUNDANCY-2-IOS_VERSION_CHECK_FAIL: STANDBY:IOS version mismatch. Active supervisor version is 15.2(2)E6 (cat4500es8-UNIVERSALK9-M). Standby supervisor version is 15.2(2)E6 (cat4500es8-UNIVERSALK9-M). Redundancy feature may not work as expected.



Virtual Switching System 1440
Compared to Traditional Network Design

High Availability Network Design
Simplified Using Virtual Switching System

VSS (Virtual Switching System) can remove the need for Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP), and Gateway Load Balancing Protocol (GLBP). Major benefits include following points based on Cisco VSS Q&A:
1. VSS increases operational efficiency by simplifying the network, reducing switch management overhead by at least 50 percent.
• Single point of management, IP address, and routing instance for the Cisco Catalyst virtual switch
• Multichassis EtherChannel® (MEC) is a Layer 2 multipathing technology that creates simplified loop-free topologies, eliminating the dependency on Spanning Tree Protocol, which can still be activated to protect strictly against any user misconfiguration.
• Flexible deployment options. The underlying physical switches do not have to be colocated. The two physical switches are connected with standard 10 Gigabit Ethernet interfaces and as such can be located any distance based on the distance limitation of the chosen 10 Gigabit Ethernet optics.
2. VSS boosts nonstop communications.
• Interchassis stateful failover results in no disruption to applications that rely on network state information (for example, forwarding table info, NetFlow, Network Address Translation [NAT], authentication, and authorization). VSS eliminates L2/L3 protocol reconvergence if a virtual switch member fails, resulting in deterministic subsecond virtual switch recovery.
• Utilizes EtherChannel (802.3ad or Port Aggregation Protocol (PAgP) for deterministic subsecond Layer 2 link recovery, removing the dependency on Spanning Tree Protocol for link recovery.



Pre-requirements check:

1. VSS support Supervisor Engine 7-E, Supervisor Engine 7L-E, Supervisor Engine 8-E, Supervisor Engine 8L-E, Catalyst 4500-X
Notes:
  • The two chassis must have the same number of slots. However, +E and -E chassis can be mixed.
  • All supervisor engines or systems in a VSS must match precisely.


2. Software requires Cisco IOS XE 3.4.0SG and ROMMON IOS Version 15.0(1r) SG7 later

CSW001#sh ver
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500es8-UNIVERSALK9-M), Version 03.03.01.XO RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Wed 30-Apr-14 02:55 by prod_rel_team



Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.



ROM: 15.1(1r)SG1
CSW001 uptime is 43 weeks, 6 days, 17 hours, 24 minutes
Uptime for this control processor is 43 weeks, 6 days, 17 hours, 26 minutes
System returned to ROM by power-on
System restarted at 16:51:38 UTC Sun Dec 18 2016
System image file is "bootflash:/cat4500es8-universalk9.SPA.03.03.01.XO.151-1.XO1.bin"
Jawa Revision 3, RadTrooper Revision 0x0.0x41, Conan Revision 0x1449

Last reload reason: power-on



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
[email protected].


License Information for 'WS-X45-SUP8-E'
    License Level: ipbase   Type: Permanent
    Next reboot license Level: ipbase

cisco WS-C4510R+E (P5040) processor (revision 2) with 4194304K bytes of physical memory.
Processor board ID FXS174Q1KV
P5040 CPU at 2.2GHz, Supervisor 8-E
Last reset from PowerUp
21 Virtual Ethernet interfaces
288 Gigabit Ethernet interfaces
32 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

Configuration register is 0x2102







CSW001#show inventory 
NAME: "Switch System", DESCR: "Cisco Systems, Inc. WS-C4510R+E 10 slot switch "
PID: WS-C4510R+E       , VID: V06  , SN: FXS1749Q1KV

NAME: "Clock Module", DESCR: "Clock Module"
PID: WS-X4K-CLOCK-E    , VID: V01  , SN: FXS174704Y3

NAME: "Mux Buffer 1 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-EX=      , VID:      , SN: FXS174701AK

NAME: "Mux Buffer 2 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-EX=      , VID:      , SN: FXS17470156

NAME: "Mux Buffer 3 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-EX=      , VID:      , SN: FXS174701Z9

NAME: "Mux Buffer 4 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-EX=      , VID:      , SN: FXS174701Z8

NAME: "Mux Buffer 7 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-EX=      , VID:      , SN: FXS174701ML

NAME: "Mux Buffer 8 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-EX=      , VID:      , SN: FXS17470440

NAME: "Mux Buffer 9 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-EX=      , VID:      , SN: FXS17470446

NAME: "Mux Buffer 10 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-EX=      , VID:      , SN: FXS17470443

NAME: "Linecard(slot 1)", DESCR: "10/100/1000BaseT (RJ45) with 48 10/100/1000 BaseT  EEE ports"
PID: WS-X4748-RJ45-E   , VID: V01  , SN: CAT1737L5CP

NAME: "Linecard(slot 2)", DESCR: "10GE SFP+ with 12 SFP+ ports"
PID: WS-X4712-SFP+E    , VID: V03  , SN: CAT2012L6AR

NAME: "TenGigabitEthernet2/1", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: FNS20500RTQ

NAME: "TenGigabitEthernet2/2", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: FNS20500RUU

NAME: "TenGigabitEthernet2/7", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: AVD2045A5V5

NAME: "TenGigabitEthernet2/8", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: AVD2044AASP

NAME: "TenGigabitEthernet2/9", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: FNS20500S9Z

NAME: "TenGigabitEthernet2/11", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: AVD211696KD

NAME: "TenGigabitEthernet2/12", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: FNS20500T5N

NAME: "Linecard(slot 3)", DESCR: "10/100/1000BaseT (RJ45)+V E Series with 48 10/100/1000 baseT Premium PoE ports (Cisco/IEEE)"
PID: WS-X4748-RJ45V+E  , VID: V03  , SN: CAT1746L5RN

NAME: "Linecard(slot 4)", DESCR: "10/100/1000BaseT (RJ45) with 48 10/100/1000 baseT "
PID: WS-X4648-RJ45-E   , VID: V03  , SN: JAE17410F8D

NAME: "Supervisor(slot 5)", DESCR: "Sup 8-E 10GE (SFP+), 1000BaseX (SFP) with 8 SFP+ Ports"
PID: WS-X45-SUP8-E     , VID: V02  , SN: CAT1749L63E

NAME: "TenGigabitEthernet5/1", DESCR: "1000BaseT"
PID: Unspecified       , VID:      , SN: AGM181620YC

NAME: "TenGigabitEthernet5/5", DESCR: "10GBase-CU-3M"
PID: SFP-H10GB-CU3M    , VID: V03  , SN: MOC16420DQ7

NAME: "TenGigabitEthernet5/6", DESCR: "10GBase-CU-3M"
PID: SFP-H10GB-CU3M    , VID: V03  , SN: MOC1732024K

NAME: "TenGigabitEthernet5/7", DESCR: "10GBase-CU-1M"
PID: SFP-H10GB-CU1M    , VID: V03  , SN: TED1547A3NX

NAME: "TenGigabitEthernet5/8", DESCR: "10GBase-CU-1M"
PID: SFP-H10GB-CU1M    , VID: V03  , SN: TED1547A3NS

NAME: "Linecard(slot 7)", DESCR: "10/100/1000BaseT (RJ45) with 48 10/100/1000 baseT "
PID: WS-X4648-RJ45-E   , VID: V03  , SN: JAE17410AF6

NAME: "Linecard(slot 8)", DESCR: "10GE SFP+ with 12 SFP+ ports"
PID: WS-X4712-SFP+E    , VID: V03  , SN: CAT1741L4FU

NAME: "TenGigabitEthernet8/1", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: FNS17380FRK

NAME: "TenGigabitEthernet8/2", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: FNS1738103Z

NAME: "TenGigabitEthernet8/3", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: FNS1738102N

NAME: "TenGigabitEthernet8/4", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: FNS17381055

NAME: "TenGigabitEthernet8/5", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: FNS1738104N

NAME: "TenGigabitEthernet8/6", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: FNS17380FTE

NAME: "TenGigabitEthernet8/7", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: FNS17380P9A

NAME: "TenGigabitEthernet8/8", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: FNS18040EBM

NAME: "TenGigabitEthernet8/9", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: FNS18041XTG

NAME: "TenGigabitEthernet8/10", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: FNS18041XV9

NAME: "TenGigabitEthernet8/11", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: AVA1736AU90

NAME: "TenGigabitEthernet8/12", DESCR: "SFP-10Gbase-SR"
PID: SFP-10G-SR        , VID: V03  , SN: AVA1736AZ2D

NAME: "Linecard(slot 9)", DESCR: "10/100/1000BaseT (RJ45) with 48 10/100/1000 baseT "
PID: WS-X4648-RJ45-E   , VID: V03  , SN: JAE17410F1K

NAME: "Linecard(slot 10)", DESCR: "10/100/1000BaseT (RJ45) with 48 10/100/1000 BaseT  EEE ports"
PID: WS-X4748-RJ45-E   , VID: V02  , SN: CAT1806L2H6

NAME: "FanTray 1", DESCR: "FanTray"
PID: WS-X4582+E        , VID: V02  , SN: FXS1749Q1UD

NAME: "Power Supply 1", DESCR: "Power Supply ( AC 6000W )"
PID: PWR-C45-6000ACV   , VID: V03  , SN: AZS17430ECA

NAME: "Power Supply 2", DESCR: "Power Supply ( AC 6000W )"
PID: PWR-C45-6000ACV   , VID: V03  , SN: AZS17430EBW

CSW001#sh module 
Chassis Type : WS-C4510R+E

Power consumed by backplane : 40 Watts

Mod Ports Card Type                              Model              Serial No.
---+-----+--------------------------------------+------------------+-----------
 1    48  10/100/1000BaseT EEE (RJ45)            WS-X4748-RJ45-E    CAT1737L5CP 
 2    12  10GE SFP+                              WS-X4712-SFP+E     CAT2012L6AR 
 3    48  10/100/1000BaseT Premium POE E Series  WS-X4748-RJ45V+E   CAT1746L5RN 
 4    48  10/100/1000BaseT (RJ45)                WS-X4648-RJ45-E    JAE17410F8D 
 5     8  Sup 8-E 10GE (SFP+), 1000BaseX (SFP)   WS-X45-SUP8-E      CAT1749L63E 
 7    48  10/100/1000BaseT (RJ45)                WS-X4648-RJ45-E    JAE17410AF6 
 8    12  10GE SFP+                              WS-X4712-SFP+E     CAT1741L4FU 
 9    48  10/100/1000BaseT (RJ45)                WS-X4648-RJ45-E    JAE17410F1K 
10    48  10/100/1000BaseT EEE (RJ45)            WS-X4748-RJ45-E    CAT1806L2H6 

 M MAC addresses                    Hw  Fw           Sw               Status
--+--------------------------------+---+------------+----------------+---------
 1 885a.9244.69c0 to 885a.9244.69ef 1.1                               Ok       
 2 0078.881d.b4d8 to 0078.881d.b4e3 2.0                               Ok       
 3 24e9.b3f4.9988 to 24e9.b3f4.99b7 1.3                               Ok       
 4 e4c7.22df.d9da to e4c7.22df.da09 2.1                               Ok       
 5 24e9.b3fb.a4c0 to 24e9.b3fb.a4c7 1.0 15.1(1r)SG10 03.03.01.XO      Ok       
 7 e4c7.22df.b42a to e4c7.22df.b459 2.1                               Ok       
 8 78da.6e56.3ad0 to 78da.6e56.3adb 2.0                               Ok       
 9 e4c7.22df.d01a to e4c7.22df.d049 2.1                               Ok       
10 7426.ac47.9dcc to 7426.ac47.9dfb 1.2                               Ok       

Mod  Redundancy role     Operating mode      Redundancy status
----+-------------------+-------------------+----------------------------------
 5   Active Supervisor   SSO                 Active            



3. License Requirement:



CSW001#show license image levels 
Module name        Image level  Priority  Configured  Valid license
--------------------------------------------------------------------
WS-X45-SUP8-E      entservices  1         NO          entservices             
                   ipbase       2         NO          ipbase                  
                   lanbase      3         NO          lanbase                 

Module Name     Role           Current Level     Reboot Level
--------------------------------------------------------------------
WS-X45-SUP8-E   Active         ipbase            ipbase    




CSW001#sho bootflash:
-#- --length-- ---------date/time--------- path
  1  185761868 Dec 26 2013 14:35:01 +00:00 cat4500es8-universalk9.SPA.03.03.00.XO.151-1.XO.bin
  2  185800924 Jul 03 2014 12:25:55 +00:00 cat4500es8-universalk9.SPA.03.03.01.XO.151-1.XO1.bin
  3    1903552 Oct 20 2017 13:53:59 +00:00 firmwareupgrade-151_1r_SG10.SPA
  4  195894252 Oct 20 2017 14:07:27 +00:00 cat4500es8-universal.SPA.03.06.06.E.152-2.E6.bin

1048748032 bytes available (572698624 bytes used)

CSW001#verify /md5 bootflash:cat4500es8-universal.SPA.03.06.06.E.152-2.E6$ bootflash:cat4500es8-universal.SPA.03.06.06.E.152-2.E6.bin
........................................................................................................................................................................................
(Omitted)
...................................................Done!
verify /md5 (bootflash:cat4500es8-universal.SPA.03.06.06.E.152-2.E6.bin) = 5beb7c27af2a02b60dae818811e2a229
CSW001#verify /md5 bootflash:firmwareupgrade-151_1r_SG10.SPA a5cef468e1e6$:firmwareupgrade-151_1r_SG10.SPA a5cef468e1e61e73dfd2accdc07edb57  
.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Done!
Verified (bootflash:firmwareupgrade-151_1r_SG10.SPA) = a5cef468e1e61e73dfd2accdc07edb57





Upgrade ROMMON 
from 151_1r_SG1 to 151_1r_SG10.
CSW001# wr mem
Building configuration...
Compressed configuration from 53002 bytes to 17948 bytes[OK]
CSW001#reload
Proceed with reload? [confirm]

<Sun Oct 22 10:28:24 2017> Message from sysmgr: Reason Code:[3] Reset Reason:Reset/Reload requested by [console]^C^C^CFAILURE: syslogd shutdown
^H^H^HFAILURE: rpc.mountd shutdown
FAILURE: nfsd shutdown
^H^H^H^H^H^H^H^H
/bin/kill: 13665: No such process
/bin/kill: 13666: No such process
^C^C^C^H/bin/kill: 13773: No such process
/bin/kill: 13774: No such process
/etc/rc6.d/S01reboot: line 198: umount_cisco_filesystems: command not found
Please stand by while rebooting the system...
Restarting system.


Verifying FPGA (P) Signature ....................... PASSED
Verifying ROMMON (P) Signature ......... PASSED


************************************************************
*                                                          *
* Rom Monitor                                              *
* Copyright (c) 2012-2013 by Cisco Systems, Inc.           *
* All rights reserved.                                     *
*                                                          *
************************************************************

Rom Monitor (P) Version 15.1(1r)SG1 
Compiled Wed 14-Aug-13 17:15 [RLS]
 
System       : WS-X45-SUP8-E  Slot [5]
Chassis      : WS-C4510R*E    Mod  [1][2][3][4][7][8][9][10]
Revision     : CPU 2.0   BOARD 4.0   FPGA 3.15F2.9155
Memory       : 4096 MB
Date         : Sun Oct 22 10:29:06 2017


 Type Control-C to prevent autobooting....
 [CTRL-C]

 Autoboot cancelled.........!!!
rommon 0 >






rommon 0 >boot bootflash:firmwareupgrade-151_1r_SG10.SPA
Loading image !

 Checking digital signature....
 [bootflash:/firmwareupgrade-151_1r_SG10.SPA]
 Digitally Signed Release Software with key version A



************************************************************
*                                                          *
* Firmware Upgrade Utility                                 *
* Copyright (c) 2012-2017 by cisco Systems, Inc.           *
* All rights reserved.                                     *
*                                                          *
************************************************************
Version 15.1(1r)SG10
Compiled Fri 05-May-17 19:37 [RLS]


WS-X45-SUP8-E system detected
Unpacking keys:>

Image Name : Cat4K_PKeyStorage  
Image size : 65536 bytes 

Uncompressing image...

Image Name : Cat4K_RKeyStorage  
Image size : 65536 bytes 

Uncompressing image...
PKey[R] MD5 : af8b02b29f8f4a678436eff2a57cfa7f
BKey[R] MD5 : af8b02b29f8f4a678436eff2a57cfa7f
RKey[R] MD5 : 9a3b7cc91a840dccd2a74b2637295933

Programming Keys:>
----
****

Verifying Keys:>
PKey[W] MD5 : af8b02b29f8f4a678436eff2a57cfa7f
BKey[W] MD5 : af8b02b29f8f4a678436eff2a57cfa7f
RKey[W] MD5 : 9a3b7cc91a840dccd2a74b2637295933

Unpacking Golden ROMMON:>

Image Name : Cat4K_WSX45SUP8E_GROM_SIG  
Image size : 692 bytes 

Uncompressing image...

Image Name : Cat4K_WSX45SUP8E_GROM_BIN  
Image size : 557764 bytes 

Uncompressing image...

Validating Golden ROMMON:>

Cat4K_WSX45SUP8E_GROM_BIN: Digitally signed image Release with key version A

ROMMON[R] MD5 : b000f7d0a807df55d0a6b270ef947578

Programming ROMMON:>
---------
*********


Verifying ROMMON:>
.........
ROMMON[W] MD5 : b000f7d0a807df55d0a6b270ef947578

Unpacking Golden FPGA:>

Image Name : Cat4K_WSX45SUP8E_FPGA_HDR  
Image size : 56 bytes 

Uncompressing image...

Image Name : Cat4K_WSX45SUP8E_FPGA_GSG  
Image size : 692 bytes 

Uncompressing image...

Image Name : Cat4K_WSX45SUP8E_FPGA_GLD  
Image size : 1485236 bytes 

Uncompressing image...

Validating Golden FPGA:>

Cat4K_WSX45SUP8E_FPGA_GLD: Digitally signed image Release with key version A

FPGA[R] MD5 : b2d1602348cde87538ff7c01c87b00aa

Programming Golden FPGA:>
-----------------------
***********************
Verifying Golden FPGA:>
.......................
FPGA[W] MD5 : b2d1602348cde87538ff7c01c87b00aa

Unpacking FPGA:>

Image Name : Cat4K_WSX45SUP8E_FPGA_SIG  
Image size : 692 bytes 

Uncompressing image...

Image Name : Cat4K_WSX45SUP8E_FPGA_BIN  
Image size : 1485236 bytes 

Uncompressing image...

Validating FPGA:>

Cat4K_WSX45SUP8E_FPGA_BIN: Digitally signed image Release with key version A

FPGA[R] MD5 : d479b9601d832da6fdffbabc1b31bb22

Programming FPGA:>
-----------------------
***********************
Verifying FPGA:>
.......................
FPGA[W] MD5 : d479b9601d832da6fdffbabc1b31bb22

Unpacking ROMMON:>

Image Name : Cat4K_WSX45SUP8E_PROM_SIG  
Image size : 692 bytes 

Uncompressing image...

Image Name : Cat4K_WSX45SUP8E_PROM_BIN  
Image size : 524288 bytes 

Uncompressing image...

Validating ROMMON:>

Cat4K_WSX45SUP8E_PROM_BIN: Digitally signed image Release with key version A

ROMMON[R] MD5 : 3f90d435c804f93a2320712a34ada4a7

Programming ROMMON:>
---------
*********


Verifying ROMMON:>
.........
ROMMON[W] MD5 : 3f90d435c804f93a2320712a34ada4a7

[S] Resetting System !!!!


Verifying FPGA (P) Signature ....................... PASSED
Verifying ROMMON (P) Signature ......... PASSED


************************************************************
*                                                          *
* Rom Monitor                                              *
* Copyright (c) 2012-2017 by cisco Systems, Inc.           *
* All rights reserved.                                     *
*                                                          *
************************************************************

Rom Monitor (P) Version 15.1(1r)SG10 
Compiled Fri 05-May-17 19:31 [RLS]
 
System       : WS-X45-SUP8-E  Slot [5]
Chassis      : WS-C4510R*E    Mod  [1][2][3][4][7][8][9][10]
Revision     : CPU 2.0   BOARD 4.0   FPGA 3.33B9.94B7
Memory       : 4096 MB
Date         : Sun Oct 22 10:30:50 2017




 ***** The system will autoboot in 5 seconds *****


 Type Control-C to prevent autobooting....
. . . . . 

 config-register = 0x2102 
 Autobooting using BOOT variable specified file.....

 Current BOOT file is --- bootflash:/cat4500es8-universalk9.SPA.03.03.01.XO.151-1.XO1.bin 
Loading image !!!!!!!!!!!!!!!!!!!!

 Checking digital signature....
 [bootflash:/cat4500es8-universalk9.SPA.03.03.01.XO.151-1.XO1.bin]
 Digitally Signed Release Software with key version A

Rommon reg: 0x00084F80
Reset2Reg: 0x0C200000

Image load status: 0x00000000
########
 Conan controller 0x0498FA9B..0x04C268B4 Size:0x00CAC5EC @ 
####
 Radtrooper controller 0x047F3F00..0x0498FA9A Size:0x00661EDC @ 
 Link: 0x00000080-0x16000000 
 Program Done!
##############################
Freescale FM module (Jul 31 2013:13:42:18)
Starting System Services
Calculating module dependencies ...
RTNETLINK answers: Invalid argument
Oct 22 10:32:03 %IOSXE-2-PLATFORM: process kernel: Freescale FM module (Jul 31 2013:13:42:18)
Oct 22 10:32:03 %IOSXE-3-PLATFORM: process kernel: PME2: fsl_pme2_db_init: not on ctrl-plane
No Mountpoints DefinedOct 22 10:32:08 %IOSXE-3-PLATFORM: process sshd[4650]: error: Bind to port 22 on :: failed: Address already in use.

diagsk10-post version 6.1.0.0

prod: WS-X45-SUP8-E part: 73-14915-04 serial: CAT1749L63E


Power-on-self-test for Module 5: WS-X45-SUP8-E

CPU Subsystem Tests ... 
 seeprom: Pass

Traffic: L3 Loopback ... 
 Test Results: Pass

Traffic: L2 Loopback ... 
 Test Results: Pass
post done
Exiting to ios...
Loading virtuclock as vuclock
Loading gsbu64atomic as gdb64atomic
Loading gsbu64atomic
Starting IOS Services
AIPC Module Loaded...
Platform Manager: acquire hwlock chassis()
Platform Manager: starting in standalone mode

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706



Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500es8-UNIVERSALK9-M), Version 03.03.01.XO RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Wed 30-Apr-14 02:55 by prod_rel_team

Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.




This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
[email protected].

cisco WS-C4510R+E (P5040) processor (revision 2) with 4194304K bytes of physical memory.
Processor board ID FXS1749Q1KV
P5040 CPU at 2.2GHz, Supervisor 8-E
Last reset from Reload
1 Virtual Ethernet interface
288 Gigabit Ethernet interfaces
32 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.



Press RETURN to get started!



User Access Verification

Username: AdminUser1
Password: 

CSW001>en
Password: 
CSW001#
CSW001#show ver
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500es8-UNIVERSALK9-M), Version 03.03.01.XO RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Wed 30-Apr-14 02:55 by prod_rel_team



Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.



ROM: 15.1(1r)SG10
CSW001 uptime is 2 minutes
Uptime for this control processor is 4 minutes
System returned to ROM by reload
System restarted at 10:33:40 UTC Sun Oct 22 2017
System image file is "bootflash:/cat4500es8-universalk9.SPA.03.03.01.XO.151-1.XO1.bin"
Jawa Revision 3, RadTrooper Revision 0x0.0x41, Conan Revision 0x1449

Last reload reason: Reload command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
[email protected].


License Information for 'WS-X45-SUP8-E'
    License Level: ipbase   Type: Permanent
    Next reboot license Level: ipbase

cisco WS-C4510R+E (P5040) processor (revision 2) with 4194304K bytes of physical memory.
Processor board ID FXS1749Q1KV
P5040 CPU at 2.2GHz, Supervisor 8-E
Last reset from Reload
21 Virtual Ethernet interfaces
288 Gigabit Ethernet interfaces
32 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

Configuration register is 0x2102



Upgrade IOS
From 151-1.XO1 to 152-2.E6


CSW001#sh run | i boot
boot-start-marker
boot system flash bootflash:/cat4500es8-universalk9.SPA.03.03.01.XO.151-1.XO1.bin
boot-end-marker
ip dhcp bootp ignore
snmp-server enable traps entity-diag boot-up-fail hm-test-recover hm-thresh-reached scheduled-test-fail
CSW001#
CSW001(config)#no boot system flash bootflash:/cat4500es8-universalk9.SPA$/cat4500es8-universalk9.SPA.03.03.01.XO.151-1.XO1.bin      
CSW001(config)#boot system flash bootflash:/cat4500es8-universal.SPA.03.0$tflash:/cat4500es8-universal.SPA.03.06.06.E.152-2.E6.bin  
CSW001#reload
Proceed with reload? [confirm]

CSW001#sh ver
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch  Software (cat4500es8-UNIVERSAL-M), Version 03.06.06.E RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Sat 17-Dec-16 04:35 by prod_rel_team



Cisco IOS-XE software, Copyright (c) 2005-2015 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.



ROM: 15.1(1r)SG10
CSW002 uptime is 2 minutes
Uptime for this control processor is 4 minutes
System returned to ROM by reload
System image file is "bootflash:/cat4500es8-universal.SPA.03.06.06.E.152-2.E6.bin"
Jawa Revision 3, RadTrooper Revision 0x0.0x41, Conan Revision 0x1449

Last reload reason: Reload command



License Information for 'WS-X45-SUP8-E'
    License Level: ipbase   Type: Permanent
    Next reboot license Level: ipbase

cisco WS-C4510R+E (P5040) processor (revision 2) with 4194304K bytes of physical memory.
Processor board ID FXS1749Q1L6
P5040 CPU at 2.2GHz, Supervisor 8-E
Last reset from Reload
20 Virtual Ethernet interfaces
288 Gigabit Ethernet interfaces
32 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.
          
Configuration register is 0x2102




Configure VSS

Assign the Virtual Switch Domain and Switch number

CSW001#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
CSW001(config)#default int range TenGigabitEthernet5/5-8
CSW001(config)#int range  TenGigabitEthernet5/5-8
CSW001(config-if-range)#switchport mode trunk
CSW001(config-if-range)#channel-group 2 mode on
Creating a port-channel interface Port-channel 2

CSW001(config-if-range)#int port-channel 2
CSW001(config-if)#switchport
CSW001(config-if)#switch virtual domain 10
Domain ID 10 config will take effect only
after the exec command 'switch convert mode virtual' is issued

CSW001(config-vs-domain)#switch 1
CSW001(config-vs-domain)#
CSW001(config-vs-domain)#
CSW001(config-vs-domain)#
CSW001(config-vs-domain)#exit
CSW001(config)#int port-channel 2
CSW001(config-if)#switch virtual link 1
WARNING:Port channel number for VSL on both chassis should not be same
MESSAGE:
You are configuring VSL on interface Po2.
There are member ports already attached to the port channel.
Remove all member ports before configuring as VSL Port-Channel.

CSW001(config-if)#do sh run int po2
Building configuration...

Current configuration : 66 bytes
!
interface Port-channel2
 switchport
 switchport mode trunk
end

CSW001(config-if)#default int range TenGigabitEthernet5/5-8
CSW001(config)#
CSW001(config)#
CSW001(config)#
CSW001(config)#int port-channel 2
CSW001(config-if)#switchport
CSW001(config-if)#switch virtual link 1
WARNING:Port channel number for VSL on both chassis should not be same
CSW001#copy run start
Destination filename [startup-config]? 
Building configuration...
Compressed configuration from 55645 bytes to 19679 bytes[OK]

CSW001#switch convert mode virtual 

This command will convert all interface names
to naming convention "interface-type switch-number/slot/port",
save the running config to startup-config and 
reload the switch.
Do you want to proceed? [yes/no]: y
Converting interface names
Building configuration...
Compressed configuration from 56306 bytes to 19719 bytes[OK]
Saved startup config to bootflash:  ****
Rebooting the switch

<Sun Oct 22 13:28:24 2017> Message from sysmgr: Reason Code:[3] Reset Reason:Reset/Reload requested by [console]. [Reload command]
umount: /proc/fs/nfsd: not mounted


Verify
On CSW001:

CSW001#show switch virtual 

Executing the command on VSS member switch role = VSS Active, id = 1


Switch mode                  : Virtual Switch
Virtual switch domain number : 10
Local switch number          : 1
Local switch operational role: Virtual Switch Active
Peer switch number           : 2
Peer switch operational role : Virtual Switch Standby
Cannot execute command on peer supervisor because it is not in SSO Standby state
CSW001#show swit
WARNING: Interface TenGigabitEthernet2/5/5 placed in restricted config mode. All extraneous configs removed!ch vi
WARNING: Interface TenGigabitEthernet2/5/6 placed in restricted config mode. All extraneous configs removed!rtu
WARNING: Interface TenGigabitEthernet2/5/7 placed in restricted config mode. All extraneous configs removed!
WARNING: Interface TenGigabitEthernet2/5/8 placed in restricted config mode. All extraneous configs removed!
CSW001#show switch virtual 
******************** WARNING ********************
* Config on Active changed due to new info      *
* from Standby. Saving original config on       *
* Active as startup-config.saved_vs-TIMESTAMP.  *
*************************************************

Saved startup config to bootflash:  ****
Building configuration...
Compressed configuration from 68981 byte                    
CSW001#
CSW001#show switch virtu
CSW001#show switch virtual 

Executing the command on VSS member switch role = VSS Active, id = 1


Switch mode                  : Virtual Switch
Virtual switch domain number : 10
Local switch number          : 1
Local switch operational role: Virtual Switch Active
Peer switch number           : 2
Peer switch operational role : Virtual Switch Standby
Cannot execute command on peer supervisor because it is not in SSO Standby state
CSW001#show switch virtual link

Executing the command on VSS member switch role = VSS Active, id = 1


VSL Status : UP
VSL Uptime : 2 minutes
VSL Control Link : Te1/5/5  
VSL Encryption : Configured Mode - Off, Operational Mode - Off

Cannot execute command on peer supervisor because it is not in SSO Standby state
CSW001#show switch virtual link

Executing the command on VSS member switch role = VSS Active, id = 1


VSL Status : DOWN
VSL Uptime : -
VSL Control Link : -
VSL Encryption : Configured Mode - Off, Operational Mode - Off

Cannot execute command on peer supervisor because it is not in SSO Standby state
CSW001#show switch virtual link

Executing the command on VSS member switch role = VSS Active, id = 1
CSW001#show switch virtual link port-channel 

Executing the command on VSS member switch role = VSS Active, id = 1


Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      N - not in use, no aggregation
        f - failed to allocate aggregator

        M - not in use, no aggregation due to minimum links not met
        m - not in use, port not aggregated due to minimum links not met
        u - unsuitable for bundling
        d - default port

        w - waiting to be aggregated
 
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-------------------
2      Po2(SD)          -        Te1/5/5(D)  Te1/5/6(D)  Te1/5/7(D)  
                                 Te1/5/8(D)  
3      Po3(SD)          -        Te2/5/5(D)  Te2/5/6(D)  Te2/5/7(D)  
                                 Te2/5/8(D)  

Cannot execute command on peer supervisor because it is not in SSO Standby state



Errors 
On CSW002::

*Oct 22 13:42:26.629: %C4K_IOSINTF-5-LMPHWSESSIONSTATE: Lmp HW session UP on slot 15 port 8.
*Oct 22 13:42:26.647: %C4K_IOSINTF-5-LMPHWSESSIONSTATE: Lmp HW session UP on slot 15 port 7.
*Oct 22 13:42:26.661: %C4K_IOSINTF-5-LMPHWSESSIONSTATE: Lmp HW session UP on slot 15 port 6.
*Oct 22 13:42:26.681: %C4K_IOSINTF-5-LMPHWSESSIONSTATE: Lmp HW session UP on slot 15 port 5.
*Oct 22 13:42:42.644: %VSLP-5-VSL_UP:  Ready for control traffic

*Oct 22 13:42:46.646: %VSLP-5-RRP_ROLE_RESOLVED: Role resolved as STANDBY by VSLP
*Oct 22 13:43:24.024: %C4K_REDUNDANCY-2-IOS_VERSION_CHECK_FAIL: STANDBY:IOS version mismatch. Active supervisor version is 15.2(2)E6 (cat4500es8-UNIVERSALK9-M). Standby supervisor version is 15.2(2)E6 (cat4500es8-UNIVERSALK9-M). Redundancy feature may not work as expected.
*Oct 22 13:43:24.024: %C4K_REDUNDANCY-2-NON_SYMMETRICAL_REDUNDANT_SYSTEM: STANDBY:STANDBY supervisor will operate in fallback redundancy mode rpr.
*Oct 22 13:43:28.062: %C4K_REDUNDANCY-3-COMMUNICATION: STANDBY:Communication with the peer Supervisor has been established
*Oct 22 13:43:29.093: %C4K_REDUNDANCY-2-VS_REBOOT_ON_RPR_FALLBACK: STANDBY:Supervisor in virtual-switch configuration cannot operate in redundancy mode RPR, will be reset
*Oct 22 13:43:29.184: %RF-5-RF_RELOAD: STANDBY:Self Reload. Reason: Virtual-switch fallback to RPR
*Oct 22 13:43:29.230: %SYS-5-RELOAD: STANDBY:Reload requested by Platform redundancy manager. Reload Reason: Virtual-switch fallback to RPR.
<Sun Oct 22 13:43:29 2017> Message from sysmgr: Reason Code:[3] Reset Reason:Reset/Reload requested by [console]. [Reload command]
umount: /proc/fs/nfsd: not mounted
/tmp/sw/mount/cat4500es8-base.SPA.03.06.06E.pkg:m
/tmp/sw/mount/cat4500es8-base.SPA.03.06.06E.pkg:m
Please stand by while rebooting the system...
Restarting system.


Verifying FPGA (P) Signature ....................... PASSED
Verifying ROMMON (P) Signature ......... PASSED


************************************************************
*                                                          *
* Rom Monitor                                              *
* Copyright (c) 2012-2017 by cisco Systems, Inc.           *
* All rights reserved.                                     *
*                                                          *
************************************************************

Rom Monitor (P) Version 15.1(1r)SG10 
Compiled Fri 05-May-17 19:31 [RLS]
 
System       : WS-X45-SUP8-E  Slot [5]
Chassis      : WS-C4510R*E    Mod  [1][2][3][4][7][8][9][10]
Revision     : CPU 2.0   BOARD 4.0   FPGA 3.33B9.94B7
Memory       : 4096 MB
Date         : Sun Oct 22 13:44:16 2017




 ***** The system will autoboot in 5 seconds *****


 Type Control-C to prevent autobooting....
. . . . . 

 config-register = 0x2102 
 Autobooting using BOOT variable specified file.....

 Current BOOT file is --- bootflash:/cat4500es8-universalk9.SPA.03.06.06.E.152-2.E6.bin 
Loading image !!!!!!!!!!!!!!!!!!!!!!

 Checking digital signature....
 [mem:/cat4500es8-firmware]
 Digitally Signed Release Software with key version A


Rommon reg: 0x00084F80
Reset2Reg: 0x0C200000
########
 Conan controller 0x36AA2900..0x36D39719 Size: 0x00CAC5EC @
####
 Radtrooper controller 0x36906D64..0x36AA28FE Size: 0x00661EDC @
 Link: 0x00000080-0x16000000 
 Program Done!

 Checking digital signature....
 [mem:/cat4500es8-base]
 Digitally Signed Release Software with key version A

###########
pci 0000:00:00.0: ignoring class b20 (doesn't match header type 01)
pci 0001:02:00.0: ignoring class b20 (doesn't match header type 01)
pci 0002:04:00.0: ignoring class b20 (doesn't match header type 01)
audit: cannot initialize inotify handle
mmc0: Got command interrupt 0x00030000 even though no command operation was in progress.
PME2: fsl_pme2_db_init: not on ctrl-plane
All packages are Digitally Signed
Starting System Services
Oct 22 13:45:23 %IOSXE-3-PLATFORM: process kernel: mmc0: Got command interrupt 0x00030000 even though no command operation was in progress.
Oct 22 13:45:23 %IOSXE-3-PLATFORM: process kernel: PME2: fsl_pme2_db_init: not on ctrl-plane

diagsk10-post version 6.1.0.0

prod: WS-X45-SUP8-E part: 73-14915-04 serial: CAT1746L6BQ


Power-on-self-test for Module 5: WS-X45-SUP8-E

CPU Subsystem Tests ... 
 seeprom: Pass

Traffic: L3 Loopback ... 
 Test Results: Pass

Traffic: L2 Loopback ... 
 Test Results: Pass
post done(71 secs)
Exiting to ios...
Loading gsbu64atomic as gdb64atomic
Using 15 for MTS slot
Platform Manager: starting in VSS mode (chassis id 2, in-chassis active)

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706



Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch  Software (cat4500es8-UNIVERSALK9-M), Version 03.06.06.E RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Sat 17-Dec-16 03:54 by prod_rel_team

Cisco IOS-XE software, Copyright (c) 2005-2015 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.



Initializing as Virtual Switch STANDBY processor
 ^
% Invalid input detected at '^' marker.

*Oct 22 13:48:34.535: %C4K_IOSINTF-5-LMPHWSESSIONSTATE: Lmp HW session UP on slot 15 port 5.
*Oct 22 13:48:34.569: %C4K_IOSINTF-5-LMPHWSESSIONSTATE: Lmp HW session UP on slot 15 port 8.
*Oct 22 13:48:34.582: %C4K_IOSINTF-5-LMPHWSESSIONSTATE: Lmp HW session UP on slot 15 port 7.
*Oct 22 13:48:34.596: %C4K_IOSINTF-5-LMPHWSESSIONSTATE: Lmp HW session UP on slot 15 port 6.
*Oct 22 13:48:50.575: %VSLP-5-VSL_UP:  Ready for control traffic

*Oct 22 13:48:53.591: %VSLP-5-RRP_ROLE_RESOLVED: Role resolved as STANDBY by VSLP
*Oct 22 13:49:30.890: %C4K_REDUNDANCY-2-IOS_VERSION_CHECK_FAIL: STANDBY:IOS version mismatch. Active supervisor version is 15.2(2)E6 (cat4500es8-UNIVERSALK9-M). Standby supervisor version is 15.2(2)E6 (cat4500es8-UNIVERSALK9-M). Redundancy feature may not work as expected.
*Oct 22 13:49:30.890: %C4K_REDUNDANCY-2-NON_SYMMETRICAL_REDUNDANT_SYSTEM: STANDBY:STANDBY supervisor will operate in fallback redundancy mode rpr.
*Oct 22 13:49:34.917: %C4K_REDUNDANCY-3-COMMUNICATION: STANDBY:Communication with the peer Supervisor has been established
*Oct 22 13:49:35.581: %C4K_REDUNDANCY-2-VS_REBOOT_ON_RPR_FALLBACK: STANDBY:Supervisor in virtual-switch configuration cannot operate in redundancy mode RPR, will be reset
*Oct 22 13:49:35.675: %RF-5-RF_RELOAD: STANDBY:Self Reload. Reason: Virtual-switch fallback to RPR
*Oct 22 13:49:35.713: %SYS-5-RELOAD: STANDBY:Reload requested by Platform redundancy manager. Reload Reason: Virtual-switch fallback to RPR.
<Sun Oct 22 13:49:35 2017> Message from sysmgr: Reason Code:[3] Reset Reason:Reset/Reload requested by [console]. [Reload command]
umount: /proc/fs/nfsd: not mounted
/tmp/sw/mount/cat4500es8-base.SPA.03.06.06E.pkg:m
/tmp/sw/mount/cat4500es8-base.SPA.03.06.06E.pkg:m
Please stand by while rebooting the system...
Restarting system.



Troubleshooting and Fix:

Here are some solutions I found online although it is not my case.

Case 1:
The issue was that the standby sup had two images -- a K9 image and a non-K9 image -- while the active sup just had the K9 image. The config register was 0x2101, which told the switch to boot the first IOS in bootflash/slavebootflash. So when the switch was booting up, the active sup was using the only IOS in the bootflash (the K9 image) while the standby sup was using the first identified IOS in the slavebootflash (non-K9). As a result, there were differnet IOSs running in each.
The issue was evident in the 'sh redundancy' and 'sh log' commands:
Switch#show redundancyRedundant System Information :------------------------------Hardware Mode = DuplexConfigured Redundancy Mode = Stateful SwitchoverOperating Redundancy Mode = RPRReason: UnknownMaintenance Mode = DisabledCommunications = Up
Current Processor Information :------------------------------Active Location = slot 5Current Software state = ACTIVEUptime in current state = 1 week, 1 day, 43 minutesImage Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.01.01.SG RELEASE SOFTWARE (fc1)BOOT = bootflash:cat4500e-universalk9.SPA.03.01.01.SG.150-1.XO1.bin,1;Configuration register = 0x2101
Peer Processor Information :------------------------------Standby Location = slot 6Current Software state = STANDBY COLDUptime in current state = 1 week, 1 day, 43 minutesImage Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.01.01.SG RELEASE SOFTWARE (fc1)BOOT = bootflash:cat4500e-universalk9.SPA.03.01.01.SG.150-1.XO1.bin,1;Configuration register = 0x2101


Switch# sh log*Sep 2 14:52:05.490 UTC: %C4K_REDUNDANCY-2-IOS_VERSION_CHECK_FAIL: IOS version mismatch. Active supervisor version is 15.0(1)XO1 (cat4500e-UNIVERSALK9-M). Standby supervisor version is 15.0(1)XO1 (cat4500e-UNIVERSAL-M). Redundancy feature may not work as expected.

Case 2:
Found another similar support topic at Cisco support community. It has same error message as I have on standby switch CSW002.

Here are solution suggested by Tarun Vyas.

Best way to use IOS upgrade in 4500X without ISSU(no downtime required but recommended to do it in maintenance window)
Method of Procedure
IOS Upgrade Cisco 4500x (VSS)
Pre-upgrade activity.
  • Config backup of both of device
  • IOS backup of current IOS (In case required, will put current IOS again for roll back purpose.)
Below Command output.
  • Show version - Register value should be  (config-register 0x2102)
  • Show inventory
  • Show environment
  • dir bootflash:
  • dir slavebootflash:
  • show bootvar
  • show switch virtual
  • show redundancy
  • show switch virtual slot-map
  • show module
  • show log
  • show run start

Upgrade IOS in 4500x (VSS configured)1. IOS download in bootflash and slave bootflash:
  • Copy tftp: bootflash:
2. Check IOS in bootflash
  • dir bootflash:
  • dir slavebootflash:
3. Very with MD5 command
  • Show version - Register value should be (config-register 0x2102)
  • verify bootflash: cat4500e-universalk9.SPA.03.06.05.E.152-2.E5.bin
  • verify slavebootflash: cat4500e-universalk9.SPA.03.06.05.E.152-2.E5.bin
  • 71a13a0fa109fa731743c199e7a29479 MD5 value for this IOS
4. Set the boot path for current IOS and verify path is set
  • no boot system bootflash:cat4500e- universalk9.SPA.03.04.05.SG.151-2.SG5.bin
  • boot system bootflash: cat4500e-universalk9.SPA.03.06.05.E.152-2.E5.bin
  • write
  • show bootvar
5. Standby switch will be reloading for IOS upgrade in standby device.
  • redundancy reload peer
  • show module (after peer come up)
     we will verify current IOS in peer switch with show module command6. Now master device will be reloaded for IOS upgrade.
  • redundancy force-switchover
This will reload the active unit and force switchover to standby[confirm]
Preparing for switchover...
7. After primary device come up will verify IOS in both of device.
  • Show inventory
  • Show version
  • Show environment
  • dir bootflash:
  • dir slavebootflash:
  • show bootvar
  • show switch virtual
  • show redundancy
  • show switch virtual slot-map
  • show module
  • show log


Case 3 - my Case:
My case is similar as both but not exactly same. First thing, both our switches are using same IOS. I am pretty much sure about it. What we found is the legacy configuration in both switches has interference the vss process. Also most important part, cold start both switches.  Once we have cleared the configuration and reconfigured it to VSS , it worked after cold re-started both switches. After that, we copied the configuration one by one in.



CSW002#write erase 
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
CSWO3002#show bootvar
BOOT variable = bootflash:/cat4500es8-universalk9.SPA.03.06.07.E.152-2.E7.bin,1;
CONFIG_FILE variable does not exist
BOOTLDR variable does not exist
Configuration register is 0x2102

Standby not ready to show bootvar





CSW001#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
CSW001(config)#switch virtual domain 10
Domain ID 10 config will take effect only
after the exec command 'switch convert mode virtual' is issued

CSW001(config-vs-domain)#switch 1
CSW001(config-vs-domain)#exit
CSW001(config)#int port-channel 2
CSW001(config-if)#switchport
CSW001(config-if)#switch virtual link 1
WARNING:Port channel number for VSL on both chassis should not be same

CSW001(config-if)#no shut
CSW001(config-if)#exit
CSW001(config)#default int range TenGigabitEthernet5/5-8
CSW001(config)#int range  TenGigabitEthernet5/5-8
CSW001(config-if-range)#channel-group 2 mode on
WARNING: Interface TenGigabitEthernet5/5 placed in restricted config mode. All extraneous configs removed!
WARNING: Interface TenGigabitEthernet5/6 placed in restricted config mode. All extraneous configs removed!
WARNING: Interface TenGigabitEthernet5/7 placed in restricted config mode. All extraneous configs removed!
WARNING: Interface TenGigabitEthernet5/8 placed in restricted config mode. All extraneous configs removed!
CSW001(config-if-range)#
CSW001#switch convert mode virtual 

This command will convert all interface names
to naming convention "interface-type switch-number/slot/port",
save the running config to startup-config and 
reload the switch.
Do you want to proceed? [yes/no]: yes
Converting interface namesWarning: Attempting to overwrite an NVRAM configuration previously written
by a different version of the system image.
Overwrite the previous NVRAM configuration?[confirm]
Building configuration...
Compressed configuration from 54678 bytes to 19194 bytes[OK]
Saved startup config to bootflash:  ****
Rebooting the switch

<Sun Nov 19 10:18:18 2017> Message from sysmgr: Reason Code:[3] Reset Reason:Reset/Reload requested by [console]. [Reload command]
umount: /proc/fs/nfsd: not mounted
/etc/rc6.d/S01reboot: line 198: umount_cisco_filesystems: command not found
Please stand by while rebooting the system...
Restarting system.


Verifying FPGA (P) Signature ....................... PASSED
Verifying ROMMON (P) Signature ......... PASSED


************************************************************
*                                                          *
* Rom Monitor                                              *
* Copyright (c) 2012-2017 by cisco Systems, Inc.           *
* All rights reserved.                                     *
*                                                          *
************************************************************

Rom Monitor (P) Version 15.1(1r)SG10 
Compiled Fri 05-May-17 19:31 [RLS]
 
System       : WS-X45-SUP8-E  Slot [5]
Chassis      : WS-C4510R*E    Mod  [1][2][3][4][7][8][9][10]
Revision     : CPU 2.0   BOARD 4.0   FPGA 3.33B9.94B7
Memory       : 4096 MB
Date         : Sun Nov 19 10:19:05 2017




 ***** The system will autoboot in 5 seconds *****


CSW001>en
Password: 
CSW001#
CSW001#
CSW001#
CSW001#
CSW001#show switch vir
CSW001#show switch virtual role

Executing the command on VSS member switch role = VSS Active, id = 1

RRP information for Instance 1

--------------------------------------------------------------------
Valid  Flags   Peer      Preferred  Reserved
               Count     Peer       Peer

--------------------------------------------------------------------
TRUE    V        0           0          0

Switch  Switch Status  Preempt       Priority  Role     Local   Remote
        Number         Oper(Conf)    Oper(Conf)         SID     SID
--------------------------------------------------------------------
LOCAL   1      UP      FALSE(N )     100(100)  ACTIVE   0       0   

Peer 0 represents the local switch

Flags : V - Valid 
In dual-active recovery mode: No

Cannot execute command on peer supervisor because it is not in SSO Standby state

   
CSW001#
CSW001#show switch virtual 

Executing the command on VSS member switch role = VSS Active, id = 1


Switch mode                  : Virtual Switch
Virtual switch domain number : 10
Local switch number          : 1
Local switch operational role: Virtual Switch Active
Cannot execute command on peer supervisor because it is not in SSO Standby state





Switch(config-if)#switch virtual link 2
WARNING:Port channel number for VSL on both chassis should not be same

Switch(config-if)#no shut
Switch(config-if)#exit
Switch(config)#
*Nov 19 10:37:41.879: %SPANTREE-6-PORTDEL_ALL_VLANS: Port-channel3 deleted from all Vlans 
Switch(config)#
Switch(config)#
Switch(config)#
Switch(config)#int range TenGigabitEthernet5/5-8
Switch(config-if-range)#channel-group 3 mode on
Switch(config-if-range)#do sh run int po3
Building configuration...

Current configuration : 113 bytes
!
interface Port-channel3
 switchport
 switchport mode trunk
 switchport nonegotiate
 switch virtual link 2
end


Switch#switch convert mode virtual 

This command will convert all interface names
to naming convention "interface-type switch-number/slot/port",
save the running config to startup-config and 
reload the switch.
Do you want to proceed? [yes/no]: y 
Converting interface names
Building configuration...
Compressed configuration from 15746 bytes to 4354 bytes[OK]
Saved startup config to bootflash:  ****
Rebooting the switch


CSW001#sh switch virt

Executing the command on VSS member switch role = VSS Active, id = 1


Switch mode                  : Virtual Switch
Virtual switch domain number : 10
Local switch number          : 1
Local switch operational role: Virtual Switch Active
Peer switch number           : 2
Peer switch operational role : Virtual Switch Standby

Executing the command on VSS member switch role = VSS Standby, id = 2


Switch mode                  : Virtual Switch
Virtual switch domain number : 10
Local switch number          : 2
Local switch operational role: Virtual Switch Standby
Peer switch number           : 1
Peer switch operational role : Virtual Switch Active
CSW001#
CSW001#
CSW001#sh redund     
Redundant System Information :

------------------------------
       Available system uptime = 4 minutes
Switchovers system experienced = 0
              Standby failures = 0
        Last switchover reason = none

                 Hardware Mode = Duplex
    Configured Redundancy Mode = Stateful Switchover
     Operating Redundancy Mode = Stateful Switchover
              Maintenance Mode = Disabled
                Communications = Up

Current Processor Information :
------------------------------
               Active Location = slot 1/5
        Current Software state = ACTIVE
       Uptime in current state = 2 minutes
                 Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch  Software (cat4500es8-UNIVERSALK9-M), Version 03.06.07.E RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 12-Jul-17 21:28 by pr
               BOOT = bootflash:/cat4500es8-universalk9.SPA.03.06.07.E.152-2.E7.bin,1;
        Configuration register = 0x2102

Peer Processor Information :
------------------------------
              Standby Location = slot 2/5
        Current Software state = STANDBY HOT
       Uptime in current state = 0 minute
                 Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch  Software (cat4500es8-UNIVERSALK9-M), Version 03.06.07.E RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 12-Jul-17 21:28 by 
               BOOT = bootflash:/cat4500es8-universalk9.SPA.03.06.07.E.152-2.E7.bin,1;
        Configuration register = 0x2102





References:



No comments:

Post a Comment