Saturday, March 2, 2024

Cisco BGP neighbor shutdown Command

To administratively shutdown a BGP neighbor in a Cisco router, issue a neighbor <BGP PEER IP> shutdown command under the BGP routing process. This will stop the BGP route exchange with the BGP neighbor/peer and it's often useful when performing a maintenance such as policy change with the peer/upstream ISP.

R1#show run | sec router bgp

router bgp 64001

 bgp router-id 62.19.10.15

 bgp log-neighbor-changes

 no bgp default ipv4-unicast

 neighbor 62.19.10.16 remote-as 700

 neighbor 62.19.10.16 description ISP

 neighbor 62.19.10.16 password cisco123

 neighbor 62.19.10.16 update-source GigabitEthernet0/0

 neighbor 62.19.10.16 version 4

 

<OUTPUT TRUNCATED>

 

 

R1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config-router)#neighbor 62.19.10.16 ?

  ao                         TCP-AO authentication

  bmp-activate               Activate the BMP monitoring for a BGP peer

  cluster-id                 Configure Route-Reflector Cluster-id (peers may reset)

  description                Neighbor specific description

  disable-connected-check    one-hop away EBGP peer using loopback address

  dont-capability-negotiate  Send Capability parameters in Open

  ebgp-multihop              Allow EBGP neighbors not on directly connected networks

  fall-over                  session fall on peer route lost

  ha-mode                    high availability mode

  inherit                    Inherit a template

  local-as                   Specify a local-as number

  log-neighbor-changes       Log neighbor up/down and reset reason

  password                   Set a password

  path-attribute             BGP optional attribute filtering

  peer-group                 Member of the peer-group

  remote-as                  Specify a BGP neighbor

  shutdown                   Administratively shut down this neighbor

  timers                     BGP per neighbor timers

  transport                  Transport options

  ttl-security               BGP ttl security check

  update                     Modify update processing

  update-source              Source of routing updates

  version                    Set the BGP version to match a neighbor

 

R1(config-router)#neighbor 62.19.10.16 shutdown

R1(config-router)#end

 

R1#show run | sec router bgp

router bgp 64001

 bgp router-id 62.19.10.15

 bgp log-neighbor-changes

 no bgp default ipv4-unicast

 neighbor 62.19.10.16 remote-as 700

 neighbor 62.19.10.16 description ISP

 neighbor 62.19.10.16 shutdown

 neighbor 62.19.10.16 password cisco123

 neighbor 62.19.10.16 update-source GigabitEthernet0/0

 neighbor 62.19.10.16 version 4

 

<OUTPUT TRUNCATED>

 

 

R1#show ip bgp summary

BGP router identifier 62.19.10.15, local AS number 64001

BGP table version is 394500023, main routing table version 394500023

860025 network entries using 213286200 bytes of memory

1720036 path entries using 233924896 bytes of memory

431848/148584 BGP path/bestpath attribute entries using 120917440 bytes of memory

240343 BGP AS-PATH entries using 11369538 bytes of memory

25898 BGP community entries using 3703042 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 583201116 total bytes of memory

BGP activity 19138181/18274056 prefixes, 156266333/154546297 paths, scan interval 60 secs

 

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

62.19.10.16     4          700       0       0        1    0    0 00:00:28 Idle (Admin)

 

 

R1#show ip bgp neighbor 62.19.10.16

BGP neighbor is 62.19.10.16,  remote AS 700, external link

 Description: ISP

 Administratively shut down

  BGP version 4, remote router ID 0.0.0.0

  BGP state = Idle, down for 00:00:43

  Neighbor sessions:

    0 active, is not multisession capable (disabled)

    Stateful switchover support enabled: NO

  Do log neighbor state changes (via global configuration)

  Default minimum time between advertisement runs is 30 seconds

 

<OUTPUT TRUNCATED>

 

 

To re-enable the BGP neighbor, just use the 'no' form of the said command.

 

R1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#router bgp 64001

R1(config-router)#no neighbor 62.19.10.16 shutdown

R1(config-router)#end

 

R1#show run | sec router bgp

router bgp 64001

 bgp router-id 62.19.10.15

 bgp log-neighbor-changes

 no bgp default ipv4-unicast

 neighbor 62.19.10.16 remote-as 700

 neighbor 62.19.10.16 description ISP

 neighbor 62.19.10.16 password cisco123

 neighbor 62.19.10.16 update-source GigabitEthernet0/0

 neighbor 62.19.10.16 version 4

 <OUTPUT TRUNCATED>

 

Friday, February 2, 2024

Cisco Switch VTP Version 3

The VLAN Trunking Protocol (VTP) version 3 is backwards compatible with version 2 but not with version 1. VTP version 3 supports Extended VLAN range (1006-4094), Private VLAN (PVLAN), Multiple Spanning Tree (MST), encrypt/hash VTP password and many more.

The main command for checking VTP info in a Cisco switch is show vtp status. The current VTP version is 1.

SW01#show vtp status

VTP Version capable             : 1 to 3

VTP version running             : 1

VTP Domain Name                 :

VTP Pruning Mode                : Disabled

VTP Traps Generation            : Disabled

Device ID                       : aabb.cc00.0200

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

Local updater ID is 0.0.0.0 (no valid interface found)

 

Feature VLAN:

--------------

VTP Operating Mode                : Server

Maximum VLANs supported locally   : 1005

Number of existing VLANs          : 5

Configuration Revision            : 0

MD5 digest                        : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD

                                    0x56 0x9D 0x4A 0x3E 0xA5 0x69 0x35 0xBC

 

 

Before changing to VTP version 3, you'll need to set the VTP domain first.

 

SW01#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

SW01(config)#vtp version ?

  <1-3>  Set the administrative domain VTP version number

 

SW01(config)#vtp version 3

Cannot set the version to 3 because domain name is not configured

SW01(config)#

SW01(config)#vtp domain LAB

Changing VTP domain name from NULL to LAB

SW01(config)#

SW01(config)#vtp version 3

SW01(config)#

SW01(config)#vlan 99

VTP VLAN configuration not allowed when device is not the primary server for vlan database.

SW01(config)#

SW01(config)#end

 

 

In order to add/create Layer 2 VLANs, set the switch to VTP Primary using the privilege EXEC command vtp primary.

 

SW01#vtp ?

  password  Set the password for the VTP administrative domain.

  primary   Make the system as the primary server

  pruning   Set the administrative domain to permit pruning.

  version   Set the adminstrative domain VTP version

 

SW01#vtp primary ?

  force  Do not check for conflicting devices

  mst    MST feature

  vlan   Vlan feature

  <cr>

 

SW01#vtp primary

This system is becoming primary server for feature vlan

No conflicting VTP3 devices found.

Do you want to continue? [confirm]

SW01#

*Jan 29 02:57:46.373: %SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: aabb.cc00.0200 has become the primary server for the VLAN VTP feature

 

 

SW01#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

SW01(config)#vlan 99

SW01(config-vlan)#name TEST

SW01(config-vlan)#end

 

SW01#show vtp status

VTP Version capable             : 1 to 3

VTP version running             : 3

VTP Domain Name                 : LAB

VTP Pruning Mode                : Disabled

VTP Traps Generation            : Disabled

Device ID                       : aabb.cc00.0200

 

Feature VLAN:

--------------

VTP Operating Mode                : Primary Server

Number of existing VLANs          : 6

Number of existing extended VLANs : 0

Maximum VLANs supported locally   : 4096

Configuration Revision            : 2

Primary ID                        : aabb.cc00.0200

Primary Description               : SW01

MD5 digest                        : 0x69 0x34 0x9F 0x61 0x0A 0xF0 0x29 0x1F

                                    0xAE 0xDB 0xFA 0x70 0xCA 0x10 0x50 0x35

 

 

Feature MST:

--------------

VTP Operating Mode                : Transparent

         

 

Feature UNKNOWN:

--------------

VTP Operating Mode                : Transparent

 

 

SW01#show vlan brief

 

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Et0/0, Et0/3, Et1/0, Et1/1

                                                Et1/2, Et1/3, Et2/0, Et2/1

                                                Et2/2, Et2/3, Et3/0, Et3/1

                                                Et3/2, Et3/3

99   TEST                             active   

1002 fddi-default                     act/unsup

1003 trcrf-default                    act/unsup

1004 fddinet-default                  act/unsup

1005 trbrf-default                    act/unsup

 

The VTP password is shown in plain text. In VTP version 3, you can "hide" or hash the password.

SW01#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

SW01(config)#vtp password cisco123

Setting device VTP password to cisco123

SW01(config)#do show vtp password

VTP Password: cisco123

 

SW01(config)#vtp password ?

  WORD  The ascii password for the VTP administrative domain.

 

SW01(config)#vtp password cisco123 ?

  hidden  Set the VTP password hidden option

  secret  Specify the vtp password in encrypted form

  <cr>

 

SW01(config)#vtp password cisco123 hidden

Setting device VTP password 

SW01(config)#

SW01(config)#do sh vtp password         

VTP Password: DD9E88A11A75B21E42627A20F00FD980

 

 

If you're adding another switch, just copy/paste the hashed string and use the keyword secret.

 

SW02(config)#vtp password DD9E88A11A75B21E42627A20F00FD980 secret

 

Wednesday, January 3, 2024

Configure NetFlow in Cisco NCS 540 IOS-XR

Here's a link for the steps in configuring NetFlow (version 9) in a Cisco NCS 540 IOS-XR.

Step 1

Create and configure an exporter map.

Step 2

Create and configure a monitor map and a sampler map.

Note 

The monitor map must reference the exporter map you created in Step 1. If you do not apply an exporter-map to the monitor-map, the flow records are not exported, and aging is done according to the cache parameters specified in the monitor-map.

Step 3

Apply the monitor map and sampler map to an interface.

 

There are some caveats in configuring NetFlow in a Cisco IOS-XR:


  • Do not use the management interface to export the NetFlow packets.
  • NetFlow can be configured only in the ingress direction. 
  • A source interface must always be configured. If you do not configure a source interface, the exporter will remain in a disabled state.
  • Only export format Version 9 and IPFIX is supported.
  • A valid record map name must always be configured for every flow monitor map.
  • NetFlow is not supported on Bridge Virtual Interface (BVI).
  • NetFlow is not supported on sub-interfaces.
  • NetFlow on sub-interface routed via BVI is not supported.
  • Destination-based Netflow accounting is not supported, only IPv4, IPv6 and MPLS record types are supported under monitor-map.
  • Output interface field is not updated in data and flow records when the traffic is routed through ACL based forwarding (ABF).
  • Output interface field is not updated in data and flow records for the multicast traffic.
  • Output interface, source and destination prefix lengths fields are not set in data and flow records for GRE transit traffic.
  • For Netflow IPFIX315, configure the hw-module profile netflow ipfix315 command.
  • If IPFIX315 is enabled on a line card then all the ports on that line card should have IPFIX315 configured.
  • For hw-module profile qos hqos-enable , NetFlow does not give the output interface for cases like L2 bridging, xconnect, IPFIX, and so on.
  • L4 header port numbers are supported only for TCP and UDP.
  • NetFlow does not give the output interface for traffic terminating on GRE tunnel.

  

Here's a sample NetFlow configuration template. It's similar to the legacy IOS IP accounting feature.

 

flow exporter-map <EXPORTER MAP NAME>
 destination <NETFLOW ANALYZER IP>
 transport udp 2055
 source <SOURCE INTERFACE>
version v9
  template data timeout 60
  template options timeout 60
  options interface-table
  options sampler-table

sampler-map <SAMPLER MAP NAME>
 random 1 out-of 500

flow monitor-map <MONITOR MAP NAME>
 record mpls ipv4-fields
 exporter <EXPORTER MAP NAME>
 cache entries 1000000
 cache timeout active 60
 cache timeout inactive 30
 cache timeout rate-limit 2000

commit

interface GigabitEthernet0/0/0/x
 flow mpls monitor <MONITOR MAP NAME> sampler <SAMPLER MAP NAME>

commit


show flow exporter <EXPORTER MAP NAME> location 0/0/CPU0

show flow monitor <MONITOR MAP NAME> cache format table location
0/0/CPU0


RP/0/RP0/CPU0:NCS540#show flow monitor MONITOR cache format table location 0/0/CPU0
Thu Dec 21 22:18:21.552 UTC
Cache summary for Flow Monitor MONITOR:
Cache size:                          65535
Current entries:                        13
Flows added:                            25
Flows not added:                         0
Ager Polls:                            573
  - Active timeout                      12
  - Inactive timeout                     0
  - Immediate                            0
  - TCP FIN flag                         0
  - Emergency aged                       0
  - Counter wrap aged                    0
  - Total                               12
Periodic export:
  - Counter wrap                         0
  - TCP FIN flag                         0
Flows exported                           0

LabelType Prefix/Length      Label1-EXP-S     Label2-EXP-S     Label3-EXP-S     Label4-EXP-S     Label5-EXP-S     Label6-EXP-S     InputInterface  OutputInterface ForwardStatus        FirstSwitched   LastSwitched    ByteCount    PacketCount  Dir SamplerID  IPV4SrcAddr      IPV4DstAddr      IPV4TOS  IPV4Prot L4SrcPort  L4DestPort L4TCPFlags   InputVRFID                        OutputVRFID                       BGPNextHopV4     
      LDP 10.14.6.35/32       24088-5-0        14724-5-1           -                -                -                -          Gi0/0/0/19      Gi0/0/0/1       Fwd                  08 16:44:31:287 08 16:45:20:486 2600         10           Ing 1          10.1.1.5         172.16.4.13   0xb8     udp      4790       4790       0            default                           default                           0.0.0.0          

<OUTPUT TRUNCATED>


Friday, November 3, 2023

Cisco Catalyst 8500L IOS-XE 17.6 Upgrade

The Cisco Catalyst 8500 edge platform is the replacement for the Cisco ASR1000 and ASR1001-X series routers.

The C8500L-8S4X platform has 8x 1GE ports and 4x 1/10GE ports in the front chassis.

It has 2x dual power supply unit in the rear chassis.

There's a console (blue) port and dedicated out-of-band RJ45 manageemnt port (LAN icon).

The pull out serial number tag found in the front chassis.


There's an RFID tag found on the right-hand side which can be removed.


 

Below is the initial boot up, show version and show run output.

 

Initializing Hardware ...

Checking for PCIe device presence...done
System integrity status: 0x610
Rom image verified correctly


System Bootstrap, Version 17.4(1r), RELEASE SOFTWARE
Copyright (c) 1994-2020  by cisco Systems, Inc.


Current image running: Boot ROM1

Last reset cause: PowerOn
C8500L-8S4X platform with 15728640 Kbytes of main memory


........
Located c8000aes-universalk9.17.05.01a.SPA.bin
#####################################################################

Package header rev 3 structure detected
IsoSize = 533463040
Performing Integrity Check ...
Performing Signature Verification ...
RSA Signed RELEASE Image Signature Verification Successful.
Image validated
Aug 29 07:44:04.497: %BOOT-5-OPMODE_LOG: R0/0: binos: System booted in AUTONOMOUS mode

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           Cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706


Cisco IOS Software [Bengaluru], c8000aes Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.5.1a, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2021 by Cisco Systems, Inc.
Compiled Sun 11-Apr-21 17:14 by mcpre


This software version supports only Smart Licensing as the software licensing mechanism.


PLEASE READ THE FOLLOWING TERMS CAREFULLY. INSTALLING THE LICENSE OR
LICENSE KEY PROVIDED FOR ANY CISCO SOFTWARE PRODUCT, PRODUCT FEATURE,
AND/OR SUBSEQUENTLY PROVIDED SOFTWARE FEATURES (COLLECTIVELY, THE
"SOFTWARE"), AND/OR USING SUCH SOFTWARE CONSTITUTES YOUR FULL
ACCEPTANCE OF THE FOLLOWING TERMS. YOU MUST NOT PROCEED FURTHER IF YOU
ARE NOT WILLING TO BE BOUND BY ALL THE TERMS SET FORTH HEREIN.

Your use of the Software is subject to the Cisco End User License Agreement
(EULA) and any relevant supplemental terms (SEULA) found at
http://www.cisco.com/c/en/us/about/legal/cloud-and-software/software-terms.html.

You hereby acknowledge and agree that certain Software and/or features are
licensed for a particular term, that the license to such Software and/or
features is valid only for the applicable term and that such Software and/or
features may be shut down or otherwise terminated by Cisco after expiration
of the applicable license term (e.g., 90-day trial period). Cisco reserves
the right to terminate any such Software feature electronically or by any
other means available. While Cisco may provide alerts, it is your sole
responsibility to monitor your usage of any such term Software feature to
ensure that your systems and networks are prepared for a shutdown of the
Software feature.


% Failed to initialize nvram
% Failed to initialize backup nvram

All TCP AO KDF Tests Pass
cisco C8500L-8S4X (1RU) processor with 674359K/6147K bytes of memory.
Processor board ID FLX26041234
Router operating mode: Autonomous
8 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
15728640K bytes of physical memory.
15151103K bytes of eUSB flash at bootflash:.
15269887K bytes of USB hard disk at harddisk:.

No startup-config, starting autoinstall/pnp/ztp...

Autoinstall will terminate if any input is detected on console


         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no

Would you like to terminate autoinstall? [yes]:
No startup-config, starting autoinstall/pnp/ztp...

Autoinstall will terminate if any input is detected on console


Press RETURN to get started!


*Aug 29 07:44:26.887: %IOSXE_RP_NV-3-NV_ACCESS_FAIL: Initial read of NVRAM contents failed
*Aug 29 07:44:28.359: %IOSXE_RP_NV-3-BACKUP_NV_ACCESS_FAIL: Initial read of backup NVRAM contents failed
*Aug 29 07:44:28.881: %SMART_LIC-6-AGENT_ENABLED: Smart Agent for Licensing is enabled
*Aug 29 07:44:28.916: %SMART_LIC-6-EXPORT_CONTROLLED: Usage of export controlled features is not allowed
*Aug 29 07:44:35.486: %CRYPTO_ENGINE-5-CSDL_COMPLIANCE_ENFORCED: Cisco PSB security compliance is being enforced
*Aug 29 07:44:35.584: %CRYPTO_SL_TP_LEVELS-6-ROMMON_VAL: Current rommon value: -1
*Aug 29 07:44:35.724: %CRYPTO_SL_TP_LEVELS-6-VAR_NEW_VALUE: Setting crypto bidir throughput to: 1000000 kbps
*Aug 29 07:44:35.747: %LINK-3-UPDOWN: Interface Lsmpi0, changed state to up
*Aug 29 07:44:35.771: %LINK-3-UPDOWN: Interface EOBC0, changed state to up
*Aug 29 07:44:35.771: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to down
*Aug 29 07:44:35.778: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL GigabitEthernet0 Physical Port Link Down
*Aug 29 07:44:35.783: %LINK-3-UPDOWN: Interface LIIN0, changed state to up
*Aug 29 07:44:35.865: %PNP-6-PNP_DISCOVERY_STARTED: PnP Discovery started
*Aug 29 07:44:35.865: %PNP-6-PNP_GOOD_UDI_UPDATE: Good UDI [PID:C8500L-8S4X,VID:,SN:FLX26041234] identified via (platform-registry)
*Aug 29 07:44:35.865: %PNP-6-PNP_CDP_UPDATE: Device UDI [PID:C8500L-8S4X,VID:,SN:FLX26041234] identified for CDP
*Aug 29 07:44:04.484: %BOOT-5-OPMODE_LOG: R0/0: binos: System booted in AUTONOMOUS mode
*Aug 29 07:44:09.999: %CMRP_PFU-6-FANASSY_INSERTED: R0/0: cmand: Fan Assembly is inserted.
*Aug 29 07:44:10.006: %CMRP_PFU-6-PEM_INSERTED: R0/0: cmand: PEM in slot 1 not operational.
*Aug 29 07:44:11.120: %IOSXE-0-PLATFORM: R0/0: tamd_proc: TAM UDI Authentication successful for PID C8500L-8S4X
*Aug 29 07:44:36.085: %SYS-5-CONFIG_P: Configured programmatically by process MGMT VRF Process from console as vty0
*Aug 29 07:44:37.011: %IOSXE_MGMTVRF-6-CREATE_SUCCESS_INFO: Management vrf Mgmt-intf created with ID 1, ipv4 table-id 0x1, ipv6 table-id 0x1E000001
*Aug 29 07:44:37.061: %LINEPROTO-5-UPDOWN: Line protocol on Interface Lsmpi0, changed state to up
*Aug 29 07:44:37.061: %LINEPROTO-5-UPDOWN: Line protocol on Interface EOBC0, changed state to up
*Aug 29 07:44:37.061: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Aug 29 07:44:37.061: %LINEPROTO-5-UPDOWN: Line protocol on Interface LIIN0, changed state to up
*Aug 29 07:44:37.063: %SYS-5-CONFIG_P: Configured programmatically by process MGMT VRF Process from console as vty0
*Aug 29 07:44:37.177: %IOSXE_RP_ALARM-2-PEM: ASSERT CRITICAL Power Supply Module 1 Power Supply Failure
*Aug 29 07:44:37.380: %ONEP_BASE-6-SS_ENABLED: ONEP: Service set Base was enabled by Default
*Aug 29 07:44:39.203: %SYS-7-NVRAM_INIT_WAIT_TIME: Waited 0 seconds for NVRAM to be available
*Aug 29 07:44:39.206: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/0, interfaces disabled
*Aug 29 07:44:39.207: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/1, interfaces disabled
*Aug 29 07:44:39.210: %SPA_OIR-6-OFFLINECARD: SPA (8xSFP) offline in subslot 0/0
*Aug 29 07:44:39.211: %SPA_OIR-6-OFFLINECARD: SPA (4xSFP+) offline in subslot 0/1
*Aug 29 07:44:39.355: %IOSXE_OIR-6-INSCARD: Card (fp) inserted in slot F0
*Aug 29 07:44:39.355: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
*Aug 29 07:44:39.372: %IOSXE_OIR-6-INSCARD: Card (cc) inserted in slot 0
*Aug 29 07:44:39.372: %IOSXE_OIR-6-ONLINECARD: Card (cc) online in slot 0
*Aug 29 07:44:39.390: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/0
*Aug 29 07:44:39.391: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/1
*Aug 29 07:44:39.456: %IOXN_APP-6-PRE_INIT_DAY0_GS_INFO: Day0 Guestshell pre-initilization API is being invoked
*Aug 29 07:44:39.993: %UICFGEXP-6-SERVER_NOTIFIED_START: R0/0: psd: Server iox has been notified to start
*Aug 29 07:44:45.895: %PNP-6-PNP_BEST_UDI_UPDATE: Best UDI [PID:C8500L-8S4X,VID:V01,SN:FLX26041234] identified via (entity-mibs)
*Aug 29 07:44:46.185: %SPA_OIR-6-ONLINECARD: SPA (8xSFP) online in subslot 0/0
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/0 Transceiver Missing - Link Down
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/1 Transceiver Missing - Link Down
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/2 Transceiver Missing - Link Down
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/3 Transceiver Missing - Link Down
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/4 Transceiver Missing - Link Down
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/5 Transceiver Missing - Link Down
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/6 Transceiver Missing - Link Down
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/7 Transceiver Missing - Link Down
*Aug 29 07:44:46.631: %SPA_OIR-6-ONLINECARD: SPA (4xSFP+) online in subslot 0/1
*Aug 29 07:44:46.632: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/1/0 Transceiver Missing - Link Down
*Aug 29 07:44:46.633: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/1/1 Transceiver Missing - Link Down
*Aug 29 07:44:46.633: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/1/2 Transceiver Missing - Link Down
*Aug 29 07:44:46.633: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/1/3 Transceiver Missing - Link Down
*Aug 29 07:44:48.409: %TRANSCEIVER-6-INSERTED: C0/0: iomd: transceiver module inserted in Gigabitethernet0/0/0
*Aug 29 07:44:48.624: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/1/0, changed state to down
*Aug 29 07:44:48.449: %TRANSCEIVER-6-INSERTED: C0/0: iomd: transceiver module inserted in Gigabitethernet0/0/1
*Aug 29 07:44:48.489: %TRANSCEIVER-6-INSERTED: C0/0: iomd: transceiver module inserted in Gigabitethernet0/0/2
*Aug 29 07:44:48.529: %TRANSCEIVER-6-INSERTED: C0/0: iomd: transceiver module inserted in Gigabitethernet0/0/3
*Aug 29 07:44:48.638: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/1/1, changed state to down
*Aug 29 07:44:48.639: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/1/2, changed state to down
*Aug 29 07:44:48.640: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/1/3, changed state to down
*Aug 29 07:44:53.625: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/0 Transceiver Missing - Link Down
*Aug 29 07:44:53.645: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL GigabitEthernet0/0/0 Physical Port Link Down
*Aug 29 07:44:53.669: %IOSXE-6-PLATFORM: R0/0: IOx:  App verification successful
*Aug 29 07:44:54.037: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/1 Transceiver Missing - Link Down
*Aug 29 07:44:54.067: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL GigabitEthernet0/0/1 Physical Port Link Down
*Aug 29 07:44:54.468: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/2 Transceiver Missing - Link Down
*Aug 29 07:44:54.499: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL GigabitEthernet0/0/2 Physical Port Link Down
*Aug 29 07:44:55.050: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/3 Transceiver Missing - Link Down
*Aug 29 07:44:55.079: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL GigabitEthernet0/0/3 Physical Port Link Down
*Aug 29 07:44:56.459: %SYS-5-CONFIG_P: Configured programmatically by process Setup from console as vty0
*Aug 29 07:44:56.459: %SYS-5-CONFIG_P: Configured programmatically by process Setup from console as vty0
*Aug 29 07:45:00.630: %SYS-5-USERLOG_NOTICE: Message from tty0(user id: ): Device in day0 workflow, some non user-configured options may be enabled by default
*Aug 29 07:45:00.631: %SYS-5-CONFIG_P: Configured programmatically by process Setup from console as vty0
*Aug 29 07:45:02.596: %LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to administratively down
*Aug 29 07:45:02.596: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL GigabitEthernet0/0/0 Physical Port Link Down
*Aug 29 07:45:02.596: %LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to administratively down
*Aug 29 07:45:02.597: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL GigabitEthernet0/0/1 Physical Port Link Down
*Aug 29 07:45:02.597: %LINK-5-CHANGED: Interface GigabitEthernet0/0/2, changed state to administratively down
*Aug 29 07:45:02.597: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL GigabitEthernet0/0/2 Physical Port Link Down
*Aug 29 07:45:02.597: %LINK-5-CHANGED: Interface GigabitEthernet0/0/3, changed state to administratively down
*Aug 29 07:45:02.598: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL GigabitEthernet0/0/3 Physical Port Link Down
*Aug 29 07:45:02.598: %LINK-5-CHANGED: Interface GigabitEthernet0/0/4, changed state to administratively down
*Aug 29 07:45:02.598: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/4 Transceiver Missing - Link Down
*Aug 29 07:45:02.599: %LINK-5-CHANGED: Interface GigabitEthernet0/0/5, changed state to administratively down
*Aug 29 07:45:02.599: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/5 Transceiver Missing - Link Down
*Aug 29 07:45:02.599: %LINK-5-CHANGED: Interface GigabitEthernet0/0/6, changed state to administratively down
*Aug 29 07:45:02.600: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/6 Transceiver Missing - Link Down
*Aug 29 07:45:02.600: %LINK-5-CHANGED: Interface GigabitEthernet0/0/7, changed state to administratively down
*Aug 29 07:45:02.600: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/7 Transceiver Missing - Link Down
*Aug 29 07:45:02.600: %LINK-5-CHANGED: Interface TenGigabitEthernet0/1/0, changed state to administratively down
*Aug 29 07:45:02.601: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/1/0 Transceiver Missing - Link Down
*Aug 29 07:45:02.601: %LINK-5-CHANGED: Interface TenGigabitEthernet0/1/1, changed state to administratively down
*Aug 29 07:45:02.601: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/1/1 Transceiver Missing - Link Down
*Aug 29 07:45:02.601: %LINK-5-CHANGED: Interface TenGigabitEthernet0/1/2, changed state to administratively down
*Aug 29 07:45:15.905: %PNP-6-PNP_SAVING_TECH_SUMMARY: Saving PnP tech summary (/pnp-tech/pnp-tech-discovery-summary)... Please wait. Do not interrupt.
*Aug 29 07:45:16.034: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*Aug 29 07:45:16.216: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*Aug 29 07:45:16.293: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*Aug 29 07:45:16.413: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*Aug 29 07:45:20.906: %IOXN_APP-6-PRE_INIT_DAY0_GS_INFO: Day0 Guestshell de-initilization API is being invoked
Failed to generate persistent self-signed certificate.
Secure server will use temporary self-signed certificate.
*Aug 29 07:45:28.739: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: CISCO_IDEVID_SUDI created succesfully
*Aug 29 07:45:28.744: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named CISCO_IDEVID_SUDI has been generated or imported by pki-sudi
*Aug 29 07:45:28.753: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: CISCO_IDEVID_SUDI0 created succesfully
*Aug 29 07:45:28.755: %PKI-2-NON_AUTHORITATIVE_CLOCK: PKI functions can not be initialized until an authoritative time source, like NTP, can be obtained.
*Aug 29 07:45:28.756: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: TP-self-signed-3108410732 created succesfully
*Aug 29 07:45:28.775: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*Aug 29 07:45:28.882: %PNP-6-PNP_TECH_SUMMARY_SAVED_OK: PnP tech summary (/pnp-tech/pnp-tech-discovery-summary) saved successfully (elapsed time: 13 seconds).
*Aug 29 07:45:28.883: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Config Wizard)
*Aug 29 07:45:29.205: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named TP-self-signed-3108410732 has been generated or imported by crypto-engine
*Aug 29 07:45:29.206: %SSH-5-ENABLED: SSH 1.99 has been enabled
*Aug 29 07:45:29.237: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified.  Issue "write memory" to save new IOS PKI configuration
*Aug 29 07:45:29.862: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named TP-self-signed-3108410732.server has been generated or imported by crypto-engine
Router>
*Aug 29 07:45:38.490: %IM-6-IOX_ENABLEMENT: R0/0: ioxman: IOX is ready.
*Aug 29 07:45:39.471: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: SLA-TrustPoint created succesfully
*Aug 29 07:45:39.472: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified.  Issue "write memory" to save new IOS PKI configuration
*Aug 29 07:45:39.479: %CALL_HOME-6-CALL_HOME_ENABLED: Call-home is enabled by Smart Agent for Licensing.Guestshell destroyed successfully
*Aug 29 07:45:40.632: %IOXN_APP-6-PRE_INIT_DAY0_GS_INFO: Day0 Guestshell destroyed
*Aug 29 07:45:41.146: %UICFGEXP-6-SERVER_NOTIFIED_STOP: R0/0: psd: Server iox has been notified to stop
*Aug 29 07:45:44.179: %IOXN_APP-6-IOX_START_STOP_REQ: Got IOX DOWN COMPLETE event, invoking registered callback(s)


Router>enable
Router#show version
Cisco IOS XE Software, Version 17.05.01a
Cisco IOS Software [Bengaluru], c8000aes Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.5.1a, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2021 by Cisco Systems, Inc.
Compiled Sun 11-Apr-21 17:14 by mcpre


Cisco IOS-XE software, Copyright (c) 2005-2021 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.


ROM: 17.4(1r)

Router uptime is 1 minute
Uptime for this control processor is 3 minutes
System returned to ROM by PowerOn
System image file is "bootflash:c8000aes-universalk9.17.05.01a.SPA.bin"
Last reload reason: PowerOn


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

License Type: Perpetual
License Level:
Next reload license Level:
License Type: Subscription
License Level:
Next reload license Level:

The current crypto throughput level is 1000000 kbps

Smart Licensing Status: Registration Not Applicable/Not Applicable

cisco C8500L-8S4X (1RU) processor with 674359K/6147K bytes of memory.
Processor board ID FLX26041234
Router operating mode: Autonomous
8 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
15728640K bytes of physical memory.
15151103K bytes of eUSB flash at bootflash:.
15269887K bytes of USB hard disk at harddisk:.

Configuration register is 0x2102


Router#show run
Building configuration...

Current configuration : 6567 bytes
!
! Last configuration change at 07:45:28 UTC Mon Aug 29 2022
!
version 17.5
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !        
 address-family ipv6
 exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
login on-success log
!
!
!
!
!
!
!         
subscriber templating
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-3108410732
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3108410732
 revocation-check none
 rsakeypair TP-self-signed-3108410732
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-3108410732
 certificate self-signed 01
  30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
 

 <OUTPUT TRUNCATED>


  A168612D E89E4A5E 99D69A1C 4BD11204 D1FB33CC 302F1079 05EF016D 1B4475D0
  04BF52A1 469B490C C2AA2797 E3FE54F0 E6CF36E5
        quit
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
 

  <OUTPUT TRUNCATED>


  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
  D697DF7F 28
        quit
!
!
license udi pid C8500L-8S4X sn FLX26041234
memory free low-watermark processor 67422
!
diagnostic bootup level minimal
!
!
redundancy
 mode none
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/1
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/2
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/3
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/4
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/5
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/6
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/7
 no ip address
 shutdown
 negotiation auto
!
interface TenGigabitEthernet0/1/0
 no ip address
 shutdown
!
interface TenGigabitEthernet0/1/1
 no ip address
 shutdown
!
interface TenGigabitEthernet0/1/2
 no ip address
 shutdown
!
interface TenGigabitEthernet0/1/3
 no ip address
 shutdown
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
!
ip tftp source-interface GigabitEthernet0
!
!         
!
!
!
control-plane
!
!
line con 0
 stopbits 1
line aux 0
line vty 0 4
 login
 transport input ssh
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
!         
!
!
!
!
!
end


I performed an IOS-XE upgrade from 17.5.1 to 17.6.3. Note to download the correct C8500 software code. There's C8500 with and without the "L". You can't also downgrade the ROMMON firmware. The current firmware version 17.4(1r) is compatible with 17.6.3.


Router#show platform
Chassis type: C8500L-8S4X

Slot      Type                State                 Insert time (ago)
--------- ------------------- --------------------- -----------------
0         C8500L-8S4X         ok                    5d23h         
 0/0      8xSFP               ok                    5d23h         
 0/1      4xSFP+              ok                    5d23h         
R0        C8500L-8S4X         ok, active            5d23h         
F0        C8500L-8S4X         ok, active            5d23h         
P0        PWR-CH1-400WAC      ok                    5d23h         
P1        PWR-CH1-400WAC      fail, badinput        5d23h         
P2        C8500L-FAN-1R       ok                    5d23h         

Slot      CPLD Version        Firmware Version                        
--------- ------------------- ---------------------------------------
0         20090320            17.4(1r)                            
R0        20090320            17.4(1r)                            
F0        20090320            17.4(1r)    

You can use the C8500L without registering in Smart License server (CSSM) since the Smart licenses are perpetual from factory. Just configure the license boot level network-advantage addon dna-advantage comand and issue a write memory

 
Router#show license summary
License Usage:
  License                 Entitlement Tag               Count Status
  -----------------------------------------------------------------------------
  Router US Export Lic... (DNA_HSEC)                        0 NOT IN USE


Router#show license status
Utility:
  Status: DISABLED

Smart Licensing Using Policy:
  Status: ENABLED

Data Privacy:
  Sending Hostname: yes
    Callhome hostname privacy: DISABLED
    Smart Licensing hostname privacy: DISABLED
  Version privacy: DISABLED

Transport:
  Type: cslu
  Cslu address: <empty>
  Proxy:
    Not Configured

Policy:
  Policy in use: Merged from multiple sources.
  Reporting ACK required: yes (CISCO default)
  Unenforced/Non-Export Perpetual Attributes:
    First report requirement (days): 365 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 90 (CISCO default)
  Unenforced/Non-Export Subscription Attributes:
    First report requirement (days): 90 (CISCO default)
    Reporting frequency (days): 90 (CISCO default)
    Report on change (days): 90 (CISCO default)
  Enforced (Perpetual/Subscription) License Attributes:
    First report requirement (days): 0 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 0 (CISCO default)
  Export (Perpetual/Subscription) License Attributes:
    First report requirement (days): 0 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 0 (CISCO default)

Miscellaneous:
  Custom Id: <empty>

Usage Reporting:
  Last ACK received: <none>
  Next ACK deadline: <none>
  Reporting push interval: 0 (no reporting)
  Next ACK push check: <none>
  Next report push: <none>
  Last report push: <none>
  Last report file write: <none>

Trust Code Installed: <none>


Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#license ?
  accept     Accept all further License Agreements
  agent      Configure LIC_AGENT
  boot       license boot config commands
  call-home  license call-home config commands
  smart      Smart licensing
  udi        license udi

Router(config)#license boot ?
  level  Change dna license boot level

Router(config)#license boot level ?
  network-advantage  License Level Network-Advantage
  network-premier    License Level Network-Premier

Router(config)#license boot level network-advantage ?
  addon  select add-on to include DNA License
  <cr>   <cr>

Router(config)#license boot level network-advantage addon ?
  dna-advantage  Add-on option DNA-Advantage

Router(config)#license boot level network-advantage addon dna-advantage ?       
  <cr>  <cr>

Router(config)#license boot level network-advantage addon dna-advantage
% use 'write' command to make license boot config take effect on next boot

Router(config)#end
Router#write memory
Building configuration...

*Sep  4 07:53:59.669: %SYS-5-CONFIG_I: Configured from console by console[OK]
Router#
*Sep  4 07:54:05.133: %SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file



I tried to transfer the new IOS-XE using the USB slot (beside the console port) but it wasn't detected and it due to a USB 2.0 bug. So I performed a TFTP file transfer instead.


Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#
*Sep  4 07:58:50.573: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Sep  4 07:58:51.574: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
Router(config)#interface GigabitEthernet0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#end
*Sep  4 07:59:04.350: %SYS-5-CONFIG_I: Configured from console by console
                
Router#ping vrf Mgmt-intf 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms


Router#copy tftp://192.168.1.2/c8000aes-universalk9.17.06.03a.SPA.bin bootflash:
Destination filename [c8000aes-universalk9.17.06.03a.SPA.bin]?
Accessing tftp://192.168.1.2/c8000aes-universalk9.17.06.03a.SPA.bin...
Loading c8000aes-universalk9.17.06.03a.SPA.bin from 192.168.1.2 (via GigabitEthernet0): !!!!!!!!

!!!!!!!!!!!!!!
[OK - 602955853 bytes]

602955853 bytes copied in 384.666 secs (1567479 bytes/sec)

Always verify the MD5 hash and compare it to the hash published in Cisco software download website.


Router#verify /md5 bootflash:/c8000aes-universalk9.17.06.03a.SPA.bin
.............................................................................

.................................................................................................................................Done!
verify /md5 (bootflash:/c8000aes-universalk9.17.06.03a.SPA.bin) = ca26d93cd9adb6d9c2a63f6b30d6290a

Configure the Primary and Secondary IOS-XE boot sequence, save config and issue a reload command for the new code to take effect.


Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#no boot system
Router(config)#boot system flash bootflash:c8000aes-universalk9.17.06.03a.SPA.bin    
Router(config)#boot system flash bootflash:c8000aes-universalk9.17.05.01a.SPA.bin
Router(config)#end
Router#write memory
Building configuration...
[OK]
                                                   

Router#show run | include boot
boot-start-marker
boot system flash bootflash:c8000aes-universalk9.17.06.03a.SPA.bin
boot system flash bootflash:c8000aes-universalk9.17.05.01a.SPA.bin

boot-end-marker
license boot level network-advantage addon dna-advantage
diagnostic bootup level minimal

Router#reload
Proceed with reload? [confirm]

*Sep  4 09:56:03.325: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.

<OUTPUT TRUNCATED>


Router#show version
Cisco IOS XE Software, Version 17.06.03a
Cisco IOS Software [Bengaluru], c8000aes Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.6.3a, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2022 by Cisco Systems, Inc.
Compiled Fri 08-Apr-22 04:50 by mcpre


Cisco IOS-XE software, Copyright (c) 2005-2022 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.


ROM: 17.4(1r)

Router uptime is 2 minutes
Uptime for this control processor is 3 minutes
System returned to ROM by Reload Command
System image file is "bootflash:c8000aes-universalk9.17.06.03a.SPA.bin"
Last reload reason: Reload Command


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

License Type: Perpetual
License Level: network-advantage
Next reload license Level: network-advantage
License Type: Subscription
License Level: dna-advantage
Next reload license Level: dna-advantage

The current crypto throughput level is 1000000 kbps

Smart Licensing Status: Registration Not Applicable/Not Applicable

cisco C8500L-8S4X (1RU) processor with 670322K/6147K bytes of memory.
Processor board ID FLX26041234
Router operating mode: Autonomous
8 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
15728640K bytes of physical memory.
15151103K bytes of eUSB flash at bootflash:.
15269887K bytes of USB hard disk at harddisk:.

Configuration register is 0x2102