Upgrading to Cisco IOS XE Release

Upgrading from Cisco IOS XE Release 16.6 to Cisco IOS XE Release 17.x.x

If the ROMMON version is 15.6(24r)S and the Cisco IOS XE release is 16.6.x, the router fails in the auto upgrade process during the migration to Cisco IOS XE release 17.x.x resulting in a continous boot loop. As a workaround, ensure that you upgrade the ROMMON version to 15.6(46r)S before migrating to Cisco IOS XE release 17.x.x.

This issue on the router failure is specific to the following PIDs: ASR-920-12SZ-IM, ASR-920U-12SZ-IM, ASR-920-12SZ-IM-CC, ASR-920-24SZ-IM, ASR-920-24SZ-M, ASR-920-24TZ-M, and A900-RSP2A-128.

Follow these steps to upgrade from 15.6(24r)S to 15.6(46r)S:

  1. Copy the ROMMON pkg file asr920_15_6_46r_s_rommon.pkg to the bootflash on the Cisco ASR 920 router.

  2. Use the upgrade rom-monitor filename asr920_15_6_46r_s_rommon.pkg all command to upgrade the version.

    Example:

    Router#upgrade rom-monitor filename bootflash: asr920_15_6_46r_s_rommon.pkg  all

Upgrade rom-monitor on Route-Processor 0
Target copying rom-monitor image file
...
ROMMON upgrade complete.
To make the new ROMMON permanent, you must restart the RP.
Router#reload  <-- Reloads the active  router processor and boot the IOS 17.x.x image

. . .

  3. Reload the router, boot the router with any IOS version of 16.x.x.

    Example:

    System Bootstrap, Version 15.6(24r)S, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2018 by cisco Systems, Inc.
Compiled Thu 30-Aug-18 06:23 by pallavik
Boot ROM1
Last reset cause: RSP-Board
Rommon upgrade requested
Flash upgrade reset 1 in progress
.......
System Bootstrap, Version 15.6(46r)S, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2020 by cisco Systems, Inc.
Compiled Tue 19-May-20 22:55 by pallavik
*Upgrade in progress* Boot ROM0
Last reset cause: BootRomUpgrade
link status 0
link status 0
UEA platform with 3670016 Kbytes of main memory

We're coming up from a flash upgrade reset cookie
rommon 1 >

  4. Once the router is up, verify if the ROMMON version is upgraded to 15.6(46r)S.

    Example:

    Router#show platform
...
Slot CPLD Version Firmware Version
--------- ------------------- ---------------------------------------
R0 19071012 15.6(46r)S <-- Rommon version depends on the type of
system
F0 19071012 15.6(46r)S

  5. If the ROMMON is upgraded to 15.6(46r)S, install the IOS XE 17.x.x universal image, save the configuration, and reload the device.

    The router comes up with the new Cisco IOS XE version 17.x.x.


Note

During migration to Cisco IOS XE version 17.x.x, the ROMMON auto-upgrade and FPGA upgrade completes in two reloads.

Upgrading from Cisco IOS XE Release 3.x to Release 16.x

Bootflash Space Requirements

The dual-rate functionality requires a minimum of 10 MB available space in bootflash memory on Cisco ASR 920 Series Router (ASR-920-12CZ-A, ASR-920-12CZ-D, ASR-920-4SZ-A, ASR-920-4SZ-D, ASR-920-10SZ-PD, ASR-920-8S4Z-PD, and ASR-920-12SZ-IM).


Note
Always use bootflash instead of flash on all the system operations.

Restrictions for Upgrading from Cisco IOS XE Release 3.x to Cisco IOS XE Release 16.x

  • Upgrading from Cisco IOS Release 3.x to Cisco IOS Release 16.x is only supported with consolidated mode.

  • Upgrading from Cisco IOS Release 3.x to to Cisco IOS Release 16.x using sub-package mode is not supported and vice-versa.

  • Extracting the Cisco IOS XE Release 16.x image in Cisco IOS XE Release 3.x is not supported, and vice versa.

Upgrading from Cisco IOS XE Release 3.x to Cisco IOS XE 16.x


Note

A full upgrade procedure may require reloading the system repeatedly (around two times). Use the show version command, after each reload to verify the image version and license level.

Before you begin

  • Download the Cisco IOS XE 16.x image from Cisco.com.


    Note

    Cisco IOS XE Release 16.5.1 and onwards is supported.

  • Download the ROMMON release from Cisco.com.


Note

The sytem automatically reboot twice, on a FGPA upgrade.

Procedure

Step 1

Backup the running configuration.

Example:


Router# copy running-config bootflash:demo.cfg 
Destination filename [demo.cfg]?
1834 bytes copied in 0.112 secs (16375 bytes/sec)

Step 2

Upgrade the ROMMON image.

Example:

Router# upgrade rom-monitor filename bootflash:<rommon-file-name>.pkg all

Upgrade rom-monitor on Router-Processor 0
Target copying rom-monitor image file
. . .
ROMMON upgrade complete
To make the new ROMMON permanent, you must restart the linecard

Router# reload <-- Reloads the active  router processor and boot the IOS 3.x image
. . .
Router# show platform
. . .

Slot      CPLD Version        Firmware Version                        
--------- ------------------- --------------------------------------- 
R0        16040627            15.6(14r)S   --- Rommon version depends on the type of system                       
R1        16112128            15.6(14r)S                          
F0        16040627            15.6(14r)S                          
F1        16112128            15.6(14r)S

Step 3

Install the IOS XE 16.x universal image, save the configuration, and reload the device.

Example:

Router# configure terminal
Router(config)# no boot system bootflash:previous_image.bin <-- Removes the previous boot statement
Router(config)# boot system bootflash:16.x-universal-image.bin <-- Adds the new boot statement
Router(config)# end
Router# write
Building configuration….
[OK]
Router# reload <-- Reload the active  router processor and boot the IOS XE 16.x Universal image

Step 4

Restore the backup configuration to the running configuration.

Example:

Router# copy bootflash:demo.cfg running-config
Destination filename [running-config]?

Router# config terminal
Router(config)# no boot system bootflash:previous_image.bin <-- Removes the previous boot statement
Router(config)# end
Router# write
Building configuration….
[OK]

Secure SD Card Configuration

Table 1. Feature History

Feature Name

Release Information

Description

Secure SD Card Configuration

 Cisco IOS XE Bengaluru 17.4.1

The features uses the following command to provide enhanced security to the routers:

platform secure-cfg

When you enable the command, the router does not boot if the SD card is replaced, swapped, or modified externally. Thus, you cannot format the SD card externally and this prevents the misuse of the router.

Effective with Cisco IOS XE Bengaluru Release 17.4.1, use the platform secure-cfg command to provide enhanced security to the routers. When you enable the command, the router does not boot if the SD card is replaced, swapped, or modified externally. Thus, you cannot format the SD card externally and this prevents the misuse of the router.

This feature is applicable on the Cisco ASR-920-24SZ-IM, Cisco ASR-920-24SZ-M, Cisco ASR-920-24TZ-M, Cisco ASR 920-10SZ-PD (OD), Cisco ASR-920-12CZ-A/ASR-920-12CZ-D, and Cisco ASR-920-4SZ-A/ASR-920-4SZ-D routers.

To enable the platform secure-cfg command: 

Router#enable
Router#configure terminal
Router(conf)#platform secure-cfg
Router(conf)#end
Router# write memory

Use the following command to verify that the platform secure-cfg command is enabled. 

Router#show running-config | i secure-cfg 
platform secure-cfg