Perform a Complete Reimage for FXOS in Firepower 4100 and 9300 Series

Available Languages

Download Options

  • PDF     (883.2 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (1.0 MB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (1.8 MB)
    View on Kindle device or Kindle app on multiple devices
Updated:August 15, 2024
Document ID:220603

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to reformat the entire system, erase the images, and return it to its factory default settings. 

    Requirements

    -TFTP Server connection to the management interface on the Firepower

    -Console Connection to the device

    Components Used

    -Firepower 4100 or 9300 Series

    -TFTP Server

    -Recovery Image Software Bundle, the recovery images include three separate files (K.ickstart, Manager, System). For example, next are the recovery images for FXOS 2.13(0.212)

      -Recovery image (kickstart) for FX-OS 2.13(0.212)

      -Recovery image (manager) for FX-OS 2.13(0.212)

      -Recovery image (system) for FX-OS 2.13(0.212)

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    NoteAfter performing this procedure, the admin password is reset to Admin123.

    Before you begin

    • In the event that the Supervisor onboard flash becomes corrupted and the system is no longer able to boot successfully, you can use this procedure to recover the system.
    • To complete this process, you must TFTP boot a kickstart image, reformat the flash, download a new system and reboot the Supervisor.

    Procedure

    Step 1.

     Access to ROMMON prompt

    1. Connect to the console port.

    2. Reboot the system.
      The system starts the boot process and displays a countdown timer.

    3. Press theEscapekey during the countdown to enter ROMMON mode

    CLI Output

    Step 2.

    Boot the system with the kickstarter image via TFTP

    1. Set the correct parameters for the management interface, address, netmask, and gateway.

      CLI Output

    b. Use the set command to verify the information on the management interface.

    CLI Output

    c. Copy the kickstart image to a TFTP directory that is accessible from your Firepower4100/9300 chassis via the management interface.

    CLI Output



    NoteYou can also boot the kickstart from ROMMON using a USB media device inserted into the USB slot on the front panel of the Firepower4100/9300 chassis. If the USB device is inserted while the system is running, reboot the system before it recognizes the USB device.

    Step 3.

    After the kickstart image is loaded, reformat the flash using the init system command.

    CLI Output

    NoteThe "init system" command erases the contents of the flash, including all software images downloaded to the system and all configurations on the system. Ittakes about 20-30 minutes to complete the process.

    Step 4.

    Download the recovery images for the Firepower 4100/9300 chassis.

    1. You must set the management IP address and gateway to download the recovery image.

    CLI Output

    NoteThese images cannot be downloaded via USB.

    b. Copy all three recovery images from the remote server to the bootflash.

    c. Specify the URL of the file to import the images using one of the next syntaxes:

    • ftp://username@hostname/path/image_name
    • scp://username@hostname/path/image_name
    • sftp://username@hostname/path/image_name
    • tftp://hostname/path/image_name

    CLI Output

    d. After the images have been successfully copied to the Firepower 4100/9300 chassis, make a symlink to the manager image from nuova-sim-mgmt-nsg.0.1.0.001.bin. This link tells the loading mechanism which manager image to load.

    The symlink name must always be nuova-sim-mgmt-nsg.0.1.0.001.bin regardless of what image you are trying to load.

    CLI Output

    Step 5.

    Reload the switch.

    CLI Output

    Step 6.

    Boot from kickstart and system images.

    CLI Output

    Note: You can see license manager error messages while loading the system image. You can safely ignore these messages.


    Step 7.

    After the image loads, the system prompt you to enter the initial configuration settings. For more information, see Initial Configuration Using Console Port.

    CLI Output

    Step 8.

    Login to the system using the credentials that were already set.

    Step 9.

    Download the platform bundle image for use with the Firepower 4100/9300 chassis.

    CLI Output

    Step 10.

    1. Enter auto-install mode.
    2. Install the FXOS platform bundle.
    3. The system first verifies the software package that you want to install. The system informs you of any incompatibility between currently installed applications and the specified FXOS platform software package.
    4. Enter yesto confirm that you want to proceed with the installation, or enter noto cancel the installation.

    CLI Output

    Step 11.

    Monitoring the installation.

    CLI Output

    Step 12.

    If the Platform Bundle image that you installed corresponds with the images you used for recovering your system, you must manually activate the kickstart and system images so that they are going to be used when loading the system in the future.

    Automatic activation does not occur when installing a Platform Bundle that has the same images as the recovery images that were used.

    1. Set the scope for fabric-interconnect a:
    2. Use the show version command to display the running kernel version and the running system version. Use these strings to activate the image.

    NoteIf the Startup-Kern-Vers and Startup-Sys-Vers are already set and match the Running-Kern-Vers and Running-Sys-Vers, you do not need to activate the images and can proceed to Step 13.

    c. Enter the next command to activate the images.activate firmware kernel-version <running_kernel_version> system-version <running_system_version>

    CLI Output

    NoteThe server status can change to "Disk Failed." You do not need to worry about this message and can continue with this procedure.

    Step 13.

    Reboot the system.

    CLI Output

    NoteThe system power down each security module/engine before finally powering down and then restarting the Firepower4100/9300 chassis. This process takes approximately 5-10 minutes.

    Step 14.

    Monitor the system status. The server status must go from "Discovery" to "Config" and then finally to "Ok".

    CLI Output

    Revision History

    Revision Publish Date Comments
    2.0
    15-Aug-2024
    Recertification
    1.0
    21-Jul-2023
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Eder Pacheco
      Technical Consulting Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products