Apr 29

Don’t forget to change the Registry before upgrading your Cisco 4500-E with a SUP-8E!!!

I recently acquired a brand new Cisco 4506-E with the Supervisor 8-E. The Supervisor came with the latest K9 version software. This was very odd for me, I almost always have to upgrade my new network equipment when I get it. After configuring the switch I relocated it to the wiring closet where it is going to spend the rest of it’s life.

Two days before the scheduled installation, I turned it on to make a couple changes that needed to be made. Once it was booted up, I issued the “show ip int brief” command and the only interfaces that showed up were the tengigabit interfaces on the Supervisor. I did some more digging and found the following error in the log %C4K_CHASSIS-3-BACKPLANESEEPROMREADFAILED. Cisco’s Error Message Decoder stated that the chassis was bad and to return the chassis.

After replacing the chassis, I still had the same error and none of the line cards works. Cisco then sent me a replacement Supervisor 8-E. I installed the replacement Supervisor 8-E, configured it enough to get on the network, then did a TFTP to get the configuration file on it. Knowing it took 5-7 minutes to boot up, I stepped away and when I came back I was able to validate the config loaded (From the console port).

After the chassis was booted up and the configuration was validated I attempted to configure the SSH version and generate the crypto key. The commands where not there. I thought this was very odd because there was only one software version for this platform and the original Supervisor came with the correct version. After checking, this version did not have the SSH feature so I needed to upgrade the switch to Crypto image cat4500es8-universalk9.SPA.03.03.00.XO.151-1.XO.bin. The only difference in the file name is the K9.

I copied the file to the bootflash and changed the boot statement to “boot system flash bootflash:/cat4500es8-universalk9.SPA.03.03.00.XO.151-1.XO.bin”, saved the configuration and reloaded. The switch ignored the boot statement and used the first file in the bootflash. I thought that I had the boot statement wrong, so I tried it without the /, same thing.

After reading the configuration guide I found that the registry needed to be changed to 0X0102. This registry entry tells the switch to read the boot statement. So I entered the following command config-register 0x0102, saved the configuration and reloaded. The switch now booted up with the new image and I was able to configure SSH on the switch.

Like so many other Cisco products, I thought I could simply change the boot statement, save and reload. My assumption failed me on this upgrade. Because of this, I always recommend reading the configuration guides or release notes. Sometimes I get in a hurry and don’t read them. When I do that, I usually get reminded that I need to read the documentation.

Have you found other networking devices that you have to change the config-register to tell it to read the boot statement? If so, please share your experience

Apr 22

Mass upgrades with Cisco Prime Infrastructure 2.0

Cisco Prime Infrastructure (PI) is supposed to make managing your wireless controllers easy. One way that PI helps with the work load is with software upgrades on your wireless LAN controllers (WLC). If you only have a few controllers, the software upgrade is pretty easy and very manageable. Depending on your network, you could have 700 or more controllers to manage. When you have this many controllers, logging into each one to perform a software upgrade is not manageable.

If you have a lot of controllers to upgrade and have to do the upgrade after hours, PI can do it for you. The process is very simple,

1. Select the controllers
2. Schedule the date, time, Reboot Type
3. Select the software image and FTP server (or TFTP)
4. Sleep through the upgrade


Select similar controller models (CONFIGURE –> CONTROLLERS). Make sure the controllers you select can all go to the software version you are moving to. Selecting the controllers in PI could be a challenge. I prefer to sort the controllers by Software Version. If you are moving to (Latest as of the writing of this post), then select the controllers at a lower version.

If you are using the PI Server/Appliance as the FTP server, I found 20 software downloads at a time is about all it can do. If you do more downloads at the same time, the failure rate increases. Do some testing on your network to see if it works better.

After you select your controllers, In the upper right select “DOWNLOAD SOFTWARE (FTP)” then click “GO”.


The next screen will list the controllers you have selected and the current software version.
– Click the radio button next to “Scheduled”.
– Enter a name in the “Task Name” Field
– To the right of “Reboot Type” Click the radio button next to “Automatic”
– This will cause the WLC to reboot after the software has been downloaded and installed.
– Select the Date and Time
– Enter the FTP Username
– Enter the FTP Password
– FTP port defaults to 21


I prefer to use FTP over TFTP because it is more reliable.
– To select an FTP server, click the radio button next to “FTP Server”
– Server Name, Default Server
– Enter the IP address of the FTP server, I use the PI appliance and it enters /localdisk/ftp for the location. That is the location where I have the file.
– No matter what FTP server you use, you need to make sure that it has the file and the username/password work.
– Enter the file name.
– Click “DOWNLOAD”

Now the job is scheduled and will run at the selected time. To view this task go to CONTROLLER –> SCHEDULED CONFIGURATION TASKS –> DOWNLOAD SOFTWARE. Once you are there, look for your task name. You can go to this same location after the job ran to see the results.

You need to do some testing to see how long the download takes. You may want to schedule 20 controllers every 15 minutes throughout your maintenance window. Maybe your FTP server can handle more or less and maybe it takes less or more time.

How do you know what WLC you already have scheduled when you go back to your list to schedule the next group? Cisco made it very simple, they put a little scheduled icon next to the current software version. When you list your controllers (CONFIGURE –> CONTROLLERS) you will see the following image next to the software version of controllers that are already scheduled.

PI Scheduled Job Icon

PI Scheduled Job Icon

I don’t advise doing this over the WAN with 4404 WLCs. I have had 4404s crash while performing an FTP image transfer over a T-1 connection. Cisco does recommend transferring the image over the LAN, not the WAN. On the flip side, I have upgraded hundreds of 2100s WLCs over the WAN with FTP.

Have you performed mass software upgrades with Prime Infrastructure and if so, how did it go?