Friday, November 3, 2023

Cisco Catalyst 8500L IOS-XE 17.6 Upgrade

The Cisco Catalyst 8500 edge platform is the replacement for the Cisco ASR1000 and ASR1001-X series routers.

The C8500L-8S4X platform has 8x 1GE ports and 4x 1/10GE ports in the front chassis.

It has 2x dual power supply unit in the rear chassis.

There's a console (blue) port and dedicated out-of-band RJ45 manageemnt port (LAN icon).

The pull out serial number tag found in the front chassis.


There's an RFID tag found on the right-hand side which can be removed.


 

Below is the initial boot up, show version and show run output.

 

Initializing Hardware ...

Checking for PCIe device presence...done
System integrity status: 0x610
Rom image verified correctly


System Bootstrap, Version 17.4(1r), RELEASE SOFTWARE
Copyright (c) 1994-2020  by cisco Systems, Inc.


Current image running: Boot ROM1

Last reset cause: PowerOn
C8500L-8S4X platform with 15728640 Kbytes of main memory


........
Located c8000aes-universalk9.17.05.01a.SPA.bin
#####################################################################

Package header rev 3 structure detected
IsoSize = 533463040
Performing Integrity Check ...
Performing Signature Verification ...
RSA Signed RELEASE Image Signature Verification Successful.
Image validated
Aug 29 07:44:04.497: %BOOT-5-OPMODE_LOG: R0/0: binos: System booted in AUTONOMOUS mode

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           Cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706


Cisco IOS Software [Bengaluru], c8000aes Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.5.1a, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2021 by Cisco Systems, Inc.
Compiled Sun 11-Apr-21 17:14 by mcpre


This software version supports only Smart Licensing as the software licensing mechanism.


PLEASE READ THE FOLLOWING TERMS CAREFULLY. INSTALLING THE LICENSE OR
LICENSE KEY PROVIDED FOR ANY CISCO SOFTWARE PRODUCT, PRODUCT FEATURE,
AND/OR SUBSEQUENTLY PROVIDED SOFTWARE FEATURES (COLLECTIVELY, THE
"SOFTWARE"), AND/OR USING SUCH SOFTWARE CONSTITUTES YOUR FULL
ACCEPTANCE OF THE FOLLOWING TERMS. YOU MUST NOT PROCEED FURTHER IF YOU
ARE NOT WILLING TO BE BOUND BY ALL THE TERMS SET FORTH HEREIN.

Your use of the Software is subject to the Cisco End User License Agreement
(EULA) and any relevant supplemental terms (SEULA) found at
http://www.cisco.com/c/en/us/about/legal/cloud-and-software/software-terms.html.

You hereby acknowledge and agree that certain Software and/or features are
licensed for a particular term, that the license to such Software and/or
features is valid only for the applicable term and that such Software and/or
features may be shut down or otherwise terminated by Cisco after expiration
of the applicable license term (e.g., 90-day trial period). Cisco reserves
the right to terminate any such Software feature electronically or by any
other means available. While Cisco may provide alerts, it is your sole
responsibility to monitor your usage of any such term Software feature to
ensure that your systems and networks are prepared for a shutdown of the
Software feature.


% Failed to initialize nvram
% Failed to initialize backup nvram

All TCP AO KDF Tests Pass
cisco C8500L-8S4X (1RU) processor with 674359K/6147K bytes of memory.
Processor board ID FLX26041234
Router operating mode: Autonomous
8 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
15728640K bytes of physical memory.
15151103K bytes of eUSB flash at bootflash:.
15269887K bytes of USB hard disk at harddisk:.

No startup-config, starting autoinstall/pnp/ztp...

Autoinstall will terminate if any input is detected on console


         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no

Would you like to terminate autoinstall? [yes]:
No startup-config, starting autoinstall/pnp/ztp...

Autoinstall will terminate if any input is detected on console


Press RETURN to get started!


*Aug 29 07:44:26.887: %IOSXE_RP_NV-3-NV_ACCESS_FAIL: Initial read of NVRAM contents failed
*Aug 29 07:44:28.359: %IOSXE_RP_NV-3-BACKUP_NV_ACCESS_FAIL: Initial read of backup NVRAM contents failed
*Aug 29 07:44:28.881: %SMART_LIC-6-AGENT_ENABLED: Smart Agent for Licensing is enabled
*Aug 29 07:44:28.916: %SMART_LIC-6-EXPORT_CONTROLLED: Usage of export controlled features is not allowed
*Aug 29 07:44:35.486: %CRYPTO_ENGINE-5-CSDL_COMPLIANCE_ENFORCED: Cisco PSB security compliance is being enforced
*Aug 29 07:44:35.584: %CRYPTO_SL_TP_LEVELS-6-ROMMON_VAL: Current rommon value: -1
*Aug 29 07:44:35.724: %CRYPTO_SL_TP_LEVELS-6-VAR_NEW_VALUE: Setting crypto bidir throughput to: 1000000 kbps
*Aug 29 07:44:35.747: %LINK-3-UPDOWN: Interface Lsmpi0, changed state to up
*Aug 29 07:44:35.771: %LINK-3-UPDOWN: Interface EOBC0, changed state to up
*Aug 29 07:44:35.771: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to down
*Aug 29 07:44:35.778: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL GigabitEthernet0 Physical Port Link Down
*Aug 29 07:44:35.783: %LINK-3-UPDOWN: Interface LIIN0, changed state to up
*Aug 29 07:44:35.865: %PNP-6-PNP_DISCOVERY_STARTED: PnP Discovery started
*Aug 29 07:44:35.865: %PNP-6-PNP_GOOD_UDI_UPDATE: Good UDI [PID:C8500L-8S4X,VID:,SN:FLX26041234] identified via (platform-registry)
*Aug 29 07:44:35.865: %PNP-6-PNP_CDP_UPDATE: Device UDI [PID:C8500L-8S4X,VID:,SN:FLX26041234] identified for CDP
*Aug 29 07:44:04.484: %BOOT-5-OPMODE_LOG: R0/0: binos: System booted in AUTONOMOUS mode
*Aug 29 07:44:09.999: %CMRP_PFU-6-FANASSY_INSERTED: R0/0: cmand: Fan Assembly is inserted.
*Aug 29 07:44:10.006: %CMRP_PFU-6-PEM_INSERTED: R0/0: cmand: PEM in slot 1 not operational.
*Aug 29 07:44:11.120: %IOSXE-0-PLATFORM: R0/0: tamd_proc: TAM UDI Authentication successful for PID C8500L-8S4X
*Aug 29 07:44:36.085: %SYS-5-CONFIG_P: Configured programmatically by process MGMT VRF Process from console as vty0
*Aug 29 07:44:37.011: %IOSXE_MGMTVRF-6-CREATE_SUCCESS_INFO: Management vrf Mgmt-intf created with ID 1, ipv4 table-id 0x1, ipv6 table-id 0x1E000001
*Aug 29 07:44:37.061: %LINEPROTO-5-UPDOWN: Line protocol on Interface Lsmpi0, changed state to up
*Aug 29 07:44:37.061: %LINEPROTO-5-UPDOWN: Line protocol on Interface EOBC0, changed state to up
*Aug 29 07:44:37.061: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Aug 29 07:44:37.061: %LINEPROTO-5-UPDOWN: Line protocol on Interface LIIN0, changed state to up
*Aug 29 07:44:37.063: %SYS-5-CONFIG_P: Configured programmatically by process MGMT VRF Process from console as vty0
*Aug 29 07:44:37.177: %IOSXE_RP_ALARM-2-PEM: ASSERT CRITICAL Power Supply Module 1 Power Supply Failure
*Aug 29 07:44:37.380: %ONEP_BASE-6-SS_ENABLED: ONEP: Service set Base was enabled by Default
*Aug 29 07:44:39.203: %SYS-7-NVRAM_INIT_WAIT_TIME: Waited 0 seconds for NVRAM to be available
*Aug 29 07:44:39.206: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/0, interfaces disabled
*Aug 29 07:44:39.207: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/1, interfaces disabled
*Aug 29 07:44:39.210: %SPA_OIR-6-OFFLINECARD: SPA (8xSFP) offline in subslot 0/0
*Aug 29 07:44:39.211: %SPA_OIR-6-OFFLINECARD: SPA (4xSFP+) offline in subslot 0/1
*Aug 29 07:44:39.355: %IOSXE_OIR-6-INSCARD: Card (fp) inserted in slot F0
*Aug 29 07:44:39.355: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
*Aug 29 07:44:39.372: %IOSXE_OIR-6-INSCARD: Card (cc) inserted in slot 0
*Aug 29 07:44:39.372: %IOSXE_OIR-6-ONLINECARD: Card (cc) online in slot 0
*Aug 29 07:44:39.390: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/0
*Aug 29 07:44:39.391: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/1
*Aug 29 07:44:39.456: %IOXN_APP-6-PRE_INIT_DAY0_GS_INFO: Day0 Guestshell pre-initilization API is being invoked
*Aug 29 07:44:39.993: %UICFGEXP-6-SERVER_NOTIFIED_START: R0/0: psd: Server iox has been notified to start
*Aug 29 07:44:45.895: %PNP-6-PNP_BEST_UDI_UPDATE: Best UDI [PID:C8500L-8S4X,VID:V01,SN:FLX26041234] identified via (entity-mibs)
*Aug 29 07:44:46.185: %SPA_OIR-6-ONLINECARD: SPA (8xSFP) online in subslot 0/0
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/0 Transceiver Missing - Link Down
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/1 Transceiver Missing - Link Down
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/2 Transceiver Missing - Link Down
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/3 Transceiver Missing - Link Down
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/4 Transceiver Missing - Link Down
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/5 Transceiver Missing - Link Down
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/6 Transceiver Missing - Link Down
*Aug 29 07:44:46.187: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/0/7 Transceiver Missing - Link Down
*Aug 29 07:44:46.631: %SPA_OIR-6-ONLINECARD: SPA (4xSFP+) online in subslot 0/1
*Aug 29 07:44:46.632: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/1/0 Transceiver Missing - Link Down
*Aug 29 07:44:46.633: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/1/1 Transceiver Missing - Link Down
*Aug 29 07:44:46.633: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/1/2 Transceiver Missing - Link Down
*Aug 29 07:44:46.633: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL xcvr container 0/1/3 Transceiver Missing - Link Down
*Aug 29 07:44:48.409: %TRANSCEIVER-6-INSERTED: C0/0: iomd: transceiver module inserted in Gigabitethernet0/0/0
*Aug 29 07:44:48.624: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/1/0, changed state to down
*Aug 29 07:44:48.449: %TRANSCEIVER-6-INSERTED: C0/0: iomd: transceiver module inserted in Gigabitethernet0/0/1
*Aug 29 07:44:48.489: %TRANSCEIVER-6-INSERTED: C0/0: iomd: transceiver module inserted in Gigabitethernet0/0/2
*Aug 29 07:44:48.529: %TRANSCEIVER-6-INSERTED: C0/0: iomd: transceiver module inserted in Gigabitethernet0/0/3
*Aug 29 07:44:48.638: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/1/1, changed state to down
*Aug 29 07:44:48.639: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/1/2, changed state to down
*Aug 29 07:44:48.640: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/1/3, changed state to down
*Aug 29 07:44:53.625: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/0 Transceiver Missing - Link Down
*Aug 29 07:44:53.645: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL GigabitEthernet0/0/0 Physical Port Link Down
*Aug 29 07:44:53.669: %IOSXE-6-PLATFORM: R0/0: IOx:  App verification successful
*Aug 29 07:44:54.037: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/1 Transceiver Missing - Link Down
*Aug 29 07:44:54.067: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL GigabitEthernet0/0/1 Physical Port Link Down
*Aug 29 07:44:54.468: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/2 Transceiver Missing - Link Down
*Aug 29 07:44:54.499: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL GigabitEthernet0/0/2 Physical Port Link Down
*Aug 29 07:44:55.050: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/3 Transceiver Missing - Link Down
*Aug 29 07:44:55.079: %IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL GigabitEthernet0/0/3 Physical Port Link Down
*Aug 29 07:44:56.459: %SYS-5-CONFIG_P: Configured programmatically by process Setup from console as vty0
*Aug 29 07:44:56.459: %SYS-5-CONFIG_P: Configured programmatically by process Setup from console as vty0
*Aug 29 07:45:00.630: %SYS-5-USERLOG_NOTICE: Message from tty0(user id: ): Device in day0 workflow, some non user-configured options may be enabled by default
*Aug 29 07:45:00.631: %SYS-5-CONFIG_P: Configured programmatically by process Setup from console as vty0
*Aug 29 07:45:02.596: %LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to administratively down
*Aug 29 07:45:02.596: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL GigabitEthernet0/0/0 Physical Port Link Down
*Aug 29 07:45:02.596: %LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to administratively down
*Aug 29 07:45:02.597: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL GigabitEthernet0/0/1 Physical Port Link Down
*Aug 29 07:45:02.597: %LINK-5-CHANGED: Interface GigabitEthernet0/0/2, changed state to administratively down
*Aug 29 07:45:02.597: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL GigabitEthernet0/0/2 Physical Port Link Down
*Aug 29 07:45:02.597: %LINK-5-CHANGED: Interface GigabitEthernet0/0/3, changed state to administratively down
*Aug 29 07:45:02.598: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL GigabitEthernet0/0/3 Physical Port Link Down
*Aug 29 07:45:02.598: %LINK-5-CHANGED: Interface GigabitEthernet0/0/4, changed state to administratively down
*Aug 29 07:45:02.598: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/4 Transceiver Missing - Link Down
*Aug 29 07:45:02.599: %LINK-5-CHANGED: Interface GigabitEthernet0/0/5, changed state to administratively down
*Aug 29 07:45:02.599: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/5 Transceiver Missing - Link Down
*Aug 29 07:45:02.599: %LINK-5-CHANGED: Interface GigabitEthernet0/0/6, changed state to administratively down
*Aug 29 07:45:02.600: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/6 Transceiver Missing - Link Down
*Aug 29 07:45:02.600: %LINK-5-CHANGED: Interface GigabitEthernet0/0/7, changed state to administratively down
*Aug 29 07:45:02.600: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/0/7 Transceiver Missing - Link Down
*Aug 29 07:45:02.600: %LINK-5-CHANGED: Interface TenGigabitEthernet0/1/0, changed state to administratively down
*Aug 29 07:45:02.601: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/1/0 Transceiver Missing - Link Down
*Aug 29 07:45:02.601: %LINK-5-CHANGED: Interface TenGigabitEthernet0/1/1, changed state to administratively down
*Aug 29 07:45:02.601: %IOSXE_RP_ALARM-6-INFO: CLEAR CRITICAL xcvr container 0/1/1 Transceiver Missing - Link Down
*Aug 29 07:45:02.601: %LINK-5-CHANGED: Interface TenGigabitEthernet0/1/2, changed state to administratively down
*Aug 29 07:45:15.905: %PNP-6-PNP_SAVING_TECH_SUMMARY: Saving PnP tech summary (/pnp-tech/pnp-tech-discovery-summary)... Please wait. Do not interrupt.
*Aug 29 07:45:16.034: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*Aug 29 07:45:16.216: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*Aug 29 07:45:16.293: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*Aug 29 07:45:16.413: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*Aug 29 07:45:20.906: %IOXN_APP-6-PRE_INIT_DAY0_GS_INFO: Day0 Guestshell de-initilization API is being invoked
Failed to generate persistent self-signed certificate.
Secure server will use temporary self-signed certificate.
*Aug 29 07:45:28.739: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: CISCO_IDEVID_SUDI created succesfully
*Aug 29 07:45:28.744: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named CISCO_IDEVID_SUDI has been generated or imported by pki-sudi
*Aug 29 07:45:28.753: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: CISCO_IDEVID_SUDI0 created succesfully
*Aug 29 07:45:28.755: %PKI-2-NON_AUTHORITATIVE_CLOCK: PKI functions can not be initialized until an authoritative time source, like NTP, can be obtained.
*Aug 29 07:45:28.756: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: TP-self-signed-3108410732 created succesfully
*Aug 29 07:45:28.775: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*Aug 29 07:45:28.882: %PNP-6-PNP_TECH_SUMMARY_SAVED_OK: PnP tech summary (/pnp-tech/pnp-tech-discovery-summary) saved successfully (elapsed time: 13 seconds).
*Aug 29 07:45:28.883: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Config Wizard)
*Aug 29 07:45:29.205: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named TP-self-signed-3108410732 has been generated or imported by crypto-engine
*Aug 29 07:45:29.206: %SSH-5-ENABLED: SSH 1.99 has been enabled
*Aug 29 07:45:29.237: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified.  Issue "write memory" to save new IOS PKI configuration
*Aug 29 07:45:29.862: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named TP-self-signed-3108410732.server has been generated or imported by crypto-engine
Router>
*Aug 29 07:45:38.490: %IM-6-IOX_ENABLEMENT: R0/0: ioxman: IOX is ready.
*Aug 29 07:45:39.471: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: SLA-TrustPoint created succesfully
*Aug 29 07:45:39.472: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified.  Issue "write memory" to save new IOS PKI configuration
*Aug 29 07:45:39.479: %CALL_HOME-6-CALL_HOME_ENABLED: Call-home is enabled by Smart Agent for Licensing.Guestshell destroyed successfully
*Aug 29 07:45:40.632: %IOXN_APP-6-PRE_INIT_DAY0_GS_INFO: Day0 Guestshell destroyed
*Aug 29 07:45:41.146: %UICFGEXP-6-SERVER_NOTIFIED_STOP: R0/0: psd: Server iox has been notified to stop
*Aug 29 07:45:44.179: %IOXN_APP-6-IOX_START_STOP_REQ: Got IOX DOWN COMPLETE event, invoking registered callback(s)


Router>enable
Router#show version
Cisco IOS XE Software, Version 17.05.01a
Cisco IOS Software [Bengaluru], c8000aes Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.5.1a, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2021 by Cisco Systems, Inc.
Compiled Sun 11-Apr-21 17:14 by mcpre


Cisco IOS-XE software, Copyright (c) 2005-2021 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.


ROM: 17.4(1r)

Router uptime is 1 minute
Uptime for this control processor is 3 minutes
System returned to ROM by PowerOn
System image file is "bootflash:c8000aes-universalk9.17.05.01a.SPA.bin"
Last reload reason: PowerOn


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

License Type: Perpetual
License Level:
Next reload license Level:
License Type: Subscription
License Level:
Next reload license Level:

The current crypto throughput level is 1000000 kbps

Smart Licensing Status: Registration Not Applicable/Not Applicable

cisco C8500L-8S4X (1RU) processor with 674359K/6147K bytes of memory.
Processor board ID FLX26041234
Router operating mode: Autonomous
8 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
15728640K bytes of physical memory.
15151103K bytes of eUSB flash at bootflash:.
15269887K bytes of USB hard disk at harddisk:.

Configuration register is 0x2102


Router#show run
Building configuration...

Current configuration : 6567 bytes
!
! Last configuration change at 07:45:28 UTC Mon Aug 29 2022
!
version 17.5
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !        
 address-family ipv6
 exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
login on-success log
!
!
!
!
!
!
!         
subscriber templating
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-3108410732
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3108410732
 revocation-check none
 rsakeypair TP-self-signed-3108410732
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-3108410732
 certificate self-signed 01
  30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
 

 <OUTPUT TRUNCATED>


  A168612D E89E4A5E 99D69A1C 4BD11204 D1FB33CC 302F1079 05EF016D 1B4475D0
  04BF52A1 469B490C C2AA2797 E3FE54F0 E6CF36E5
        quit
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
 

  <OUTPUT TRUNCATED>


  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
  D697DF7F 28
        quit
!
!
license udi pid C8500L-8S4X sn FLX26041234
memory free low-watermark processor 67422
!
diagnostic bootup level minimal
!
!
redundancy
 mode none
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/1
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/2
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/3
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/4
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/5
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/6
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/7
 no ip address
 shutdown
 negotiation auto
!
interface TenGigabitEthernet0/1/0
 no ip address
 shutdown
!
interface TenGigabitEthernet0/1/1
 no ip address
 shutdown
!
interface TenGigabitEthernet0/1/2
 no ip address
 shutdown
!
interface TenGigabitEthernet0/1/3
 no ip address
 shutdown
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
!
ip tftp source-interface GigabitEthernet0
!
!         
!
!
!
control-plane
!
!
line con 0
 stopbits 1
line aux 0
line vty 0 4
 login
 transport input ssh
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
!         
!
!
!
!
!
end


I performed an IOS-XE upgrade from 17.5.1 to 17.6.3. Note to download the correct C8500 software code. There's C8500 with and without the "L". You can't also downgrade the ROMMON firmware. The current firmware version 17.4(1r) is compatible with 17.6.3.


Router#show platform
Chassis type: C8500L-8S4X

Slot      Type                State                 Insert time (ago)
--------- ------------------- --------------------- -----------------
0         C8500L-8S4X         ok                    5d23h         
 0/0      8xSFP               ok                    5d23h         
 0/1      4xSFP+              ok                    5d23h         
R0        C8500L-8S4X         ok, active            5d23h         
F0        C8500L-8S4X         ok, active            5d23h         
P0        PWR-CH1-400WAC      ok                    5d23h         
P1        PWR-CH1-400WAC      fail, badinput        5d23h         
P2        C8500L-FAN-1R       ok                    5d23h         

Slot      CPLD Version        Firmware Version                        
--------- ------------------- ---------------------------------------
0         20090320            17.4(1r)                            
R0        20090320            17.4(1r)                            
F0        20090320            17.4(1r)    

You can use the C8500L without registering in Smart License server (CSSM) since the Smart licenses are perpetual from factory. Just configure the license boot level network-advantage addon dna-advantage comand and issue a write memory

 
Router#show license summary
License Usage:
  License                 Entitlement Tag               Count Status
  -----------------------------------------------------------------------------
  Router US Export Lic... (DNA_HSEC)                        0 NOT IN USE


Router#show license status
Utility:
  Status: DISABLED

Smart Licensing Using Policy:
  Status: ENABLED

Data Privacy:
  Sending Hostname: yes
    Callhome hostname privacy: DISABLED
    Smart Licensing hostname privacy: DISABLED
  Version privacy: DISABLED

Transport:
  Type: cslu
  Cslu address: <empty>
  Proxy:
    Not Configured

Policy:
  Policy in use: Merged from multiple sources.
  Reporting ACK required: yes (CISCO default)
  Unenforced/Non-Export Perpetual Attributes:
    First report requirement (days): 365 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 90 (CISCO default)
  Unenforced/Non-Export Subscription Attributes:
    First report requirement (days): 90 (CISCO default)
    Reporting frequency (days): 90 (CISCO default)
    Report on change (days): 90 (CISCO default)
  Enforced (Perpetual/Subscription) License Attributes:
    First report requirement (days): 0 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 0 (CISCO default)
  Export (Perpetual/Subscription) License Attributes:
    First report requirement (days): 0 (CISCO default)
    Reporting frequency (days): 0 (CISCO default)
    Report on change (days): 0 (CISCO default)

Miscellaneous:
  Custom Id: <empty>

Usage Reporting:
  Last ACK received: <none>
  Next ACK deadline: <none>
  Reporting push interval: 0 (no reporting)
  Next ACK push check: <none>
  Next report push: <none>
  Last report push: <none>
  Last report file write: <none>

Trust Code Installed: <none>


Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#license ?
  accept     Accept all further License Agreements
  agent      Configure LIC_AGENT
  boot       license boot config commands
  call-home  license call-home config commands
  smart      Smart licensing
  udi        license udi

Router(config)#license boot ?
  level  Change dna license boot level

Router(config)#license boot level ?
  network-advantage  License Level Network-Advantage
  network-premier    License Level Network-Premier

Router(config)#license boot level network-advantage ?
  addon  select add-on to include DNA License
  <cr>   <cr>

Router(config)#license boot level network-advantage addon ?
  dna-advantage  Add-on option DNA-Advantage

Router(config)#license boot level network-advantage addon dna-advantage ?       
  <cr>  <cr>

Router(config)#license boot level network-advantage addon dna-advantage
% use 'write' command to make license boot config take effect on next boot

Router(config)#end
Router#write memory
Building configuration...

*Sep  4 07:53:59.669: %SYS-5-CONFIG_I: Configured from console by console[OK]
Router#
*Sep  4 07:54:05.133: %SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file



I tried to transfer the new IOS-XE using the USB slot (beside the console port) but it wasn't detected and it due to a USB 2.0 bug. So I performed a TFTP file transfer instead.


Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#
*Sep  4 07:58:50.573: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Sep  4 07:58:51.574: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
Router(config)#interface GigabitEthernet0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#end
*Sep  4 07:59:04.350: %SYS-5-CONFIG_I: Configured from console by console
                
Router#ping vrf Mgmt-intf 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms


Router#copy tftp://192.168.1.2/c8000aes-universalk9.17.06.03a.SPA.bin bootflash:
Destination filename [c8000aes-universalk9.17.06.03a.SPA.bin]?
Accessing tftp://192.168.1.2/c8000aes-universalk9.17.06.03a.SPA.bin...
Loading c8000aes-universalk9.17.06.03a.SPA.bin from 192.168.1.2 (via GigabitEthernet0): !!!!!!!!

!!!!!!!!!!!!!!
[OK - 602955853 bytes]

602955853 bytes copied in 384.666 secs (1567479 bytes/sec)

Always verify the MD5 hash and compare it to the hash published in Cisco software download website.


Router#verify /md5 bootflash:/c8000aes-universalk9.17.06.03a.SPA.bin
.............................................................................

.................................................................................................................................Done!
verify /md5 (bootflash:/c8000aes-universalk9.17.06.03a.SPA.bin) = ca26d93cd9adb6d9c2a63f6b30d6290a

Configure the Primary and Secondary IOS-XE boot sequence, save config and issue a reload command for the new code to take effect.


Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#no boot system
Router(config)#boot system flash bootflash:c8000aes-universalk9.17.06.03a.SPA.bin    
Router(config)#boot system flash bootflash:c8000aes-universalk9.17.05.01a.SPA.bin
Router(config)#end
Router#write memory
Building configuration...
[OK]
                                                   

Router#show run | include boot
boot-start-marker
boot system flash bootflash:c8000aes-universalk9.17.06.03a.SPA.bin
boot system flash bootflash:c8000aes-universalk9.17.05.01a.SPA.bin

boot-end-marker
license boot level network-advantage addon dna-advantage
diagnostic bootup level minimal

Router#reload
Proceed with reload? [confirm]

*Sep  4 09:56:03.325: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.

<OUTPUT TRUNCATED>


Router#show version
Cisco IOS XE Software, Version 17.06.03a
Cisco IOS Software [Bengaluru], c8000aes Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.6.3a, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2022 by Cisco Systems, Inc.
Compiled Fri 08-Apr-22 04:50 by mcpre


Cisco IOS-XE software, Copyright (c) 2005-2022 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.


ROM: 17.4(1r)

Router uptime is 2 minutes
Uptime for this control processor is 3 minutes
System returned to ROM by Reload Command
System image file is "bootflash:c8000aes-universalk9.17.06.03a.SPA.bin"
Last reload reason: Reload Command


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

License Type: Perpetual
License Level: network-advantage
Next reload license Level: network-advantage
License Type: Subscription
License Level: dna-advantage
Next reload license Level: dna-advantage

The current crypto throughput level is 1000000 kbps

Smart Licensing Status: Registration Not Applicable/Not Applicable

cisco C8500L-8S4X (1RU) processor with 670322K/6147K bytes of memory.
Processor board ID FLX26041234
Router operating mode: Autonomous
8 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
15728640K bytes of physical memory.
15151103K bytes of eUSB flash at bootflash:.
15269887K bytes of USB hard disk at harddisk:.

Configuration register is 0x2102

No comments:

Post a Comment