Cisco IOS XE – Install the New release 16.1.1 (Denali) on 3850

Cisco continues its strategy to merge the whole Campus Switch platform to a single Image, the newest step in this process is IOS XE 16.1.1. Currently only available for the Cat3k Platform (3650, 3850) but releases for the other Catalyst platforms should follow.

In this post i show you how to upgrade your Cisco 3650/3850 Switch from 3.x to 16.1.1

Frist, grab the software here:
IOS XE Denali 16.1.1 on Cisco.com

Just copy it to your switch

Switch#copy ftp://x:x@10.32.31.15/cat3k_caa-universalk9.16.01.01.SPA.bin flash:
Destination filename [cat3k_caa-universalk9.16.01.01.SPA.bin]?
Accessing ftp://*****:*****@10.32.31.15/cat3k_caa-universalk9.16.01.01.SPA.bin...!!!!!!!
*Dec 16 08:22:42.371: Loading cat3k_caa-universalk9.16.01.01.SPA.bin !!!!!!!!!!!!!...
...
!!!
[OK - 469677062/4096 bytes]

469677062 bytes copied in 432.250 secs (1086587 bytes/sec)

After that you can install the OS as always

Switch#software install file flash:cat3k_caa-universalk9.16.01.01.SPA.bin new
Preparing install operation ...
[1]: Starting install operation
[1]: Expanding bundle flash:cat3k_caa-universalk9.16.01.01.SPA.bin
[1]: Copying package files
[1]: Package files copied
[1]: Finished expanding bundle flash:cat3k_caa-universalk9.16.01.01.SPA.bin
[1]: Verifying and copying expanded package files to flash:
[1]: Verified and copied expanded package files to flash:
[1]: Starting compatibility checks
[1]: Finished compatibility checks
[1]: Starting application pre-installation processing
[1]: Finished application pre-installation processing
[1]: Old files list:
    Removed cat3k_caa-base.SPA.03.03.05SE.pkg
    Removed cat3k_caa-drivers.SPA.03.03.05SE.pkg
    Removed cat3k_caa-infra.SPA.03.03.05SE.pkg
    Removed cat3k_caa-iosd-universalk9.SPA.150-1.EZ5.pkg
    Removed cat3k_caa-platform.SPA.03.03.05SE.pkg
    Removed cat3k_caa-wcm.SPA.10.1.150.0.pkg
[1]: New files list:
    Added cat3k_caa-rpbase.16.01.01E.SPA.pkg
    Added cat3k_caa-srdriver.16.01.01E.SPA.pkg
    Added cat3k_caa-wcm.16.01.01E.SPA.pkg
    Added cat3k_caa-webui.16.01.01E.SPA.pkg
[1]: Creating pending provisioning file
[1]: Finished installing software.  New software will load on reboot.
[1]: Committing provisioning file

[1]: Do you want to proceed with reload? [yes/no]: yes

System configuration has been modified. Save? [yes/no]: yes
Building configuration...
Compressed configuration from 2991 bytes to 1553 bytes[OK]
[1]: Reloading

It takes some time to boot up again, after that you can see the new Version is running

Switch Ports Model              SW Version        SW Image              Mode
------ ----- -----              ----------        ----------            ----
*    1 32    WS-C3850-24P       Denali 16.1.1     CAT3K_CAA-UNIVERSALK9 INSTALL

After that i created a user with priv 15

Switch(config)#username cisco privilege 15 secret cisco

Now you can head to the new WebGui, i attached two impressions of the new GUI. Compared to the old cisco switch GUIs it looks really nice. But if it ever is used?… 🙂

Cisco IOS XE 16.1.1 Interface Configuration Part 1

Cisco IOS XE 16.1.1 Interface Configuration Part 2

Recognise the Production Date of your Cisco Equipment based on the Serial

Today i learnt that the Production Year and Week is ‘hidden’ in the Cisco Serials 🙂

The format of the serial is always like ‘xxxYYWWxxxx’, ‘YY’ is Code for the Year, but not the Year itself! ‘WW’ is the week of manufacture.

Year Codes
Code Year
01 1997
02 1998
03 1999
04 2000
05 2001
06 2002
07 2003
08 2004
09 2005
10 2006
11 2007
12 2008
13 2009
14 2010
15 2011
16 2012
17 2013
18 2014
19 2015
20 2016

 

Week Codes
Code Week
1-5 January
6-9 February
10-14 March
15-18 April
19-22 May
23-27 June
28-31 July
32-35 August
36-40 September
41-44 October
45-48 November
49-52 December

Cisco ACI – New Features in Release 1.1(2h)

Cisco just released the newest Cisco ACI Software called 1.1(2h).

Feature Description Guidelines and Restrictions
AES encryption for configuration files As of release 1.1(2), the secure properties of APIC configuration files can be encrypted by enabling AES-256 encryption. AES encryption is a global configuration option; all secure properties conform to the AES configuration setting. It is not possible to export just a portion of the ACI fabric such as a tenant configuration with AES encryption.
SCVMM clustering support You can now install the APIC SCVMM agent on a Highly Available System Center Virtual Machine Manager (SCVMM). None.
Windows Azure Pack with L3out support Windows Azure Pack tenants can now configure their networks to connect outside of the fabric. This is done by establishing a security contract to L3ExtOut for both incoming and outgoing traffic.

See the Cisco ACI Virtualization Guide for more information.
None.
ACI Optimizer After entering your network requirements in an Optimizer Config Template, the ACI Optimizer tells you how many leafs you will need for your network and suggests how to deploy each application and external EPG on each leaf without violating any constraints. Also, after entering your existing topology in an Optimizer Config Template, the ACI Optimizer helps you determine if you have what you need, if you are exceeding any limitations, and suggests how to deploy each application and external EPG on each leaf. When using the ACI Optimizer, Scale constraints may be violated if the given topology is not enough.
VMware vSphere 6.0 support ACI now supports VMware vCenter 6.0. 

See the Cisco ACI Virtualization Guide for more information.
The vCenter 6.0 feature of vMotion across a vCenter/datacenter is not supported.

Definitly notable is the VMware vSphere 6.0 support!

Source:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/release/notes/apic_rn_112h.html

Link to the Software:
https://software.cisco.com/download/release.html?mdfid=285968390&softwareid=286278832&release=1.1(2h)&relind=null&rellifecycle=null&reltype=null&i=rn

Cisco ACI – AVS Upgrade through CLI

Frist grab the release from the cisco page here

Then put it through scp from you Download place to the ESX Server

scp CiscoAVS_1.5-5.2.1.SV3.1.5-pkg.zip root@10.32.5.150:/tmp
Password:
CiscoAVS_1.5-5.2.1.SV3.1.5-pkg.zip 100% 35MB 806.2KB/s 00:45

Next you Login to the ESX through SSH and check the current version

~ # vemcmd show version
VEM Version: 5.2.1.3.1.3.0-3.2.1
System Version: VMware ESXi 5.5.0 Releasebuild-2068190
ESX Version Update Level: 0

Then i unzipped the archives and upgraded the vib

cd /tmp/
unzip CiscoAVS_1.5-5.2.1.SV3.1.5-pkg.zip
unzip CiscoAVS_1.5-5.2.1.SV3.1.5.zip
cd ~
esxcli software vib update -v /tmp/CiscoAVS_1.5-5.2.1.SV3.1.5/cross_cisco-vem-v197-5.2.1.3.1.5.0-3.2.1.vib --maintenance-mode

And thats it, i’m now running the new AVS Version

~ # vemcmd show version
VEM Version: 5.2.1.3.1.5.0-3.2.1
OpFlex SDK Version: 1.1(1j)
System Version: VMware ESXi 5.5.0 Releasebuild-2068190
ESX Version Update Level: 2

FTP Server under Mac OS X

Today a colleague of mine (Thanks Alex Passfall) showed me a simple ftp server under mac:

pip2 install twisted # if not already
sudo twistd -n ftp -p 21 -r Downloads

After that you can access all the files in the specified directory through ftp. Awesome stuff!


aci-lab-as01#copy ftp://10.32.32.184/file.lic .
Destination filename [file.lic]?
Accessing ftp://10.32.32.184/file.lic...
Loading file.lic !
[OK - 814/4096 bytes]

814 bytes copied in 0.084 secs (9690 bytes/sec)

Thanks @Samuel Heinrich for spell checking 😉

Cisco WLC – IOS Based WLC AP Count through SNMP (5760, 3850, 3650)

I had a hard time to find the correct OID and ended with doing a snmpwalk and try to find the right OID with a grep…
But i think i made it 🙂

Crosschecked on 2 5760 Clusters and i got the correct count on both, also tried to reboot some APs and the count seems correct to me.
Note: I use 3.6.1 so maybe you get a different result with another software version.

1.3.6.1.4.1.9.9.999999.1.1.1.11.0

Interesting is that i found two other OIDs that report the same value.

1.3.6.1.4.1.9.9.999999.1.1.1.17.0
1.3.6.1.4.1.9.9.999999.1.1.1.18.0

Cisco ACS – Patch Install error (% Manifest file not found in the bundle)

I’m sure that it’s not the first time i felt for this …
Tried to install a ACS Patch this morning and got an error:
% Manifest file not found in the bundle

First i used the wrong command:
patch install 5-4-0-46-5.tar.gpg FTP

ACS01/admin# patch install 5-4-0-46-5.tar.gpg FTP
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application Patch installation...
% Manifest file not found in the bundle

Easy solution, use the right command! 🙂
acs patch install 5-4-0-46-5.tar.gpg repository FTP

ACS01/admin# acs patch install 5-4-0-46-5.tar.gpg repository FTP
Installing ACS patch requires a restart of ACS services. Continue?  (yes/no) yes
Calculating disk size for /opt/CSCOacs/patches
Total size of patch files are 1079 M.
Max Size defined for patch files are 1000 M.
WARNING: Patch of size 1079 M exceeds the allowed quota of 1000 M.
This will not prohibit patch installation process as long as there is enough disk space.
Please note that this indicates you should consider moving ACS to a higher disk space machine
Stopping ACS.
Stopping Management and View...............................................................
Stopping Runtime.........................
Stopping Database.....
Stopping Ntpd....
Cleanup..
Stopping log forwarding .....
Installing patch version '5.4.0.46.5'
Installing ADE-OS 1.2 patch.  Please wait...
Decompressing patch files 5.4.0.46.5 ...
About to install files
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
/opt/CSCOacs/patches/5-4-0-46-5
Patch '5-4-0-46-5' version '5.4.0.46.5' successfully installed
Starting ACS ....

To verify that ACS processes are running, use the
'show application status acs' command.

Cisco ACI – Upgrade your ACI Fabric (1.0(2j) to 1.0(3f))

I did a upgrade of our ACI Lab Fabric last week and documented all the steps. The upgrade is really straightforward, but hopefully this guide still helps you 🙂

First you have to catch the desired Software, get them directly from cisco. You need APIC Release image for 1.0(3f) release (aci-apic-dk9.1.0.3f.iso) and the Cisco Nexus 9000 Series ACI Mode Switch Software Release 11.0(3f) (aci-n9000-dk9.11.0.3f.bin). Get them here:
Cisco ACI Version 1.0(3f)

I always check the MD5 sum, just to be sure that everything went right with my download.

$ md5 aci-apic-dk9.1.0.3f.iso
MD5 (aci-apic-dk9.1.0.3f.iso) = 6e747378ec4225ead0f27cb23aa54f02
Cisco ACI 1.0(3f) MD5 Hash

Cisco ACI 1.0(3f) MD5 Hash

The MD5 hash looks right. Check the same for the Nexus 9000 Image!

(more…)