Upgrading or Downgrading the Cisco Nexus 3500 Series NX-OS Software

This chapter describes how to upgrade or downgrade the Cisco NX-OS software. It contains the following sections:

About the Software Image

Each device is shipped with the Cisco NX-OS software. The Cisco NX-OS software consists a single NXOS software image. Only this image is required to load the Cisco NX-OS operating system. This image runs on all Cisco Nexus 3500 Series switches.


Note


Another type of binary file is the software maintenance upgrade (SMU) package file. SMUs contain fixes for specific defects. They are created to respond to immediate issues and do not include new features. SMU package files are available for download from Cisco.com and generally include the ID number of the resolved defect in the filename. For more information on SMUs, see the Cisco Nexus 3500 Series NX-OS System Management Configuration Guide.


Recommendations for Upgrading the Cisco NX-OS Software

Cisco recommends performing a Nexus Health and Configuration Check before performing an upgrade. The benefits include identification of potential issues, susceptible Field Notices and Security Vulnerabilities, missing recommended configurations and so on. For more information about the procedure, see Perform Nexus Health and Configuration Check.

Prerequisites for Upgrading the Cisco NX-OS Software

Upgrading the Cisco NX-OS software has the following prerequisites:

  • Ensure that everyone who has access to the device or the network is not configuring the device or the network during this time. You cannot configure a device during an upgrade. Use the show configuration session summary command to verify that you have no active configuration sessions.

  • Save, commit, or discard any active configuration sessions before upgrading or downgrading the Cisco NX-OS software image on your device. On a device with dual supervisors, the active supervisor module cannot switch over to the standby supervisor module during the Cisco NX-OS software upgrade if you have an active configuration session.

  • Ensure that the device has a route to the remote server. The device and the remote server must be in the same subnetwork if you do not have a router to route traffic between subnets. To verify connectivity to the remote server, use the ping command.
    switch# ping 172.18.217.1 vrf management
    PING 172.18.217.1 (172.18.217.1): 56 data bytes
    64 bytes from 172.18.217.1: icmp_seq=0 ttl=239 time=106.647 ms
    64 bytes from 172.18.217.1: icmp_seq=1 ttl=239 time=76.807 ms
    64 bytes from 172.18.217.1: icmp_seq=2 ttl=239 time=76.593 ms
    64 bytes from 172.18.217.1: icmp_seq=3 ttl=239 time=81.679 ms
    64 bytes from 172.18.217.1: icmp_seq=4 ttl=239 time=76.5 ms
    
    --- 172.18.217.1 ping statistics ---
    5 packets transmitted, 5 packets received, 0.00% packet loss
    round-trip min/avg/max = 76.5/83.645/106.647 ms
    
    

For more information on configuration sessions, see the Cisco Nexus 3500 Series NX-OS System Management Configuration Guide.

Prerequisites for Downgrading the Cisco NX-OS Software

Downgrading the Cisco NX-OS software has the following prerequisites:

  • Verify the compatibility of the software using the show incompatibility system bootflash:filename command. If an incompatibility exists, disable any features that are incompatible with the downgrade image before downgrading the software.

Cisco NX-OS Software Upgrade Guidelines


Note


The Cisco Nexus 3500 Series NX-OS Release Notes contain specific upgrade guidelines for each release. See the Release Notes for the target upgrade release before starting the upgrade.


Before attempting to upgrade to any software image, follow these guidelines:

  • Schedule the upgrade when your network is stable and steady.

  • Avoid any power interruption, which could corrupt the software image, during the installation procedure.

  • The supervisor module must have connection on the console ports to maintain connectivity when switchovers occur during a software upgrade. See the Hardware Installation Guide for your specific chassis.

  • IGMP snooping must be configured if there is a PIM enabled SVI present for the VLAN. It is recommended to enable IGMP snooping on VLAN first and then enable the PIM on SVI.

  • An upgrade to Cisco NX-OS Release 9.3(1) is supported only from Cisco NX-OS Release 7.0(3)I7(6) or 9.2(3).

  • An NX-OS software upgrade to a target release in the NX-OS 9.3(x) minor release from a source release in the NX-OS 9.2(x) minor release requires a mandatory intermediate upgrade to 9.2(4) before upgrading to the required target release.

  • Cisco Nexus 3548 and 3548-X switches must run a compact NX-OS software image due to limited bootflash space. This compact image can be created using the NX-OS Compact Image procedure; alternatively, a compact NX-OS software image can be downloaded directly from Cisco's Software Download website. This requirement does not apply to the Cisco Nexus 3548-XL switch.

    • The MD5/SHA512 checksum published on Cisco's Software Download website for a compact NX-OS software image may not match the MD5/SHA512 checksum of a compact image created through the NX-OS Compact Image procedure.

  • GIR Maintenance mode is not supported on Cisco Nexus 3500 Platform Switches.

  • Flexlink is supported for Cisco N3K-C3548P-XL (MTC/MTC-CR/MTC-XL) Platform switches.

The following limitations are applicable when you upgrade from Cisco NX-OS Releases 6.0(2)A8(7b), 6.0(2)A8(8), or 6.0(2)A8(9):

  • If Cisco Catalyst devices are connected via a vPC to a pair of Nexus 3500 switches with the vPC peer switch feature enabled, a partial or complete network outage may be caused as a result of the Cisco Catalyst devices error-disabling their port-channel interfaces due to EtherChannel Guard. To prevent this from happening, it is recommended that you must temporarily disable the EtherChannel Guard feature on vPC-connected Cisco Catalyst devices while the Nexus 3500 devices are being upgraded. For more information, see CSCvt02249.

Cisco NX-OS Software Downgrade Guidelines

Before attempting to downgrade to an earlier software release, follow these guidelines:

  • The supervisor module must have connection on the console ports to maintain connectivity when switchovers occur during a software downgrade. See the Hardware Installation Guide for your specific chassis.

  • Cisco NX-OS automatically installs and enables the guest shell by default. However, if the device is reloaded with a Cisco NX-OS image that does not provide guest shell support, the existing guest shell is automatically removed and a %VMAN-2-INVALID_PACKAGE message is issued. As a best practice, remove the guest shell with the guestshell destroy command before downgrading to an earlier Cisco NX-OS image.

  • You can downgrade the switch software from Cisco NX-OS Release 9.3(1) to Cisco NX-OS Release 9.2(3) or 7.0(3)I7(6).

Compact Image for Cisco Nexus 3000, 3100, and 3500

Early models of Cisco Nexus 3000, 3100, and 3500 Series switches with a model number that does not end in -XL have 1.4 to 1.6 gigabytes of storage space allocated to the bootflash. Over time, the file size of NX-OS software images has steadily increased to be over 1 gigabyte. As a result, it is difficult for Nexus 3000, 3100, and 3500 Series switches with a model number that does not end in -XL to simultaneously store more than one full NX-OS binary image at a time. Therefore, administrators cannot follow the standard NX-OS software upgrade procedure on Nexus 3000, 3100, and 3500 Series switches with a model number that does not end in -XL that is used for other Nexus platforms, such as Nexus 5000, 6000, 7000, and 9000 Series switches.

Starting with NX-OS software release 7.0(3)I3(1), the file size of NX-OS software images can be reduced through the NX-OS Compact Image procedure. This is a non-disruptive procedure that does not affect the switch's control plane or ability to forward data plane traffic.

Compact NX-OS Software Images on Cisco's Software Download Website

Compact NX-OS software images are available for download on Cisco's Software Download website for a few NX-OS software releases. These compact images have a published MD5/SHA512 checksum that can be used to verify the integrity of the NX-OS binary image file. The compact NX-OS software images can be downloaded from Cisco's Software Download website for the following NX-OS software releases:

  • 9.3(4) and later

  • 9.2(4)

  • 7.0(3)I7(8) and later


Note


The MD5/SHA512 checksum published on Cisco's Software Download website for a compact NX-OS software image may not match the MD5/SHA512 checksum of a compact image created through the NX-OS Compact Image procedure.


Compact Image to be Run for Different Switch Models

The following table describes the appropriate compact image to be run for each applicable model of switch, using NX-OS software release 9.3(6) as an example.

Table 1. Compact Image Table for Each Cisco Nexus 3000, 3100, and 3500 Series Platform

Switch Model Number

Compact NX-OS Software Image Filename

N3K-C3016Q-40GE

n3000-compact.9.3.6.bin

N3K-C3048TP-1GE

n3000-compact.9.3.6.bin

N3K-C3064PQ-10GX

n3000-compact.9.3.6.bin

N3K-C3064TQ-10GT

n3000-compact.9.3.6.bin

N3K-C3064TQ-32T

n3000-compact.9.3.6.bin

N3K-C3132Q-40GE

n3100-compact.9.3.6.bin

N3K-C3132Q-40GX

n3100-compact.9.3.6.bin

N3K-C3172PQ-10GE

n3100-compact.9.3.6.bin

N3K-C3172TQ-10GT

n3100-compact.9.3.6.bin

N3K-C3172TQ-32T

n3100-compact.9.3.6.bin

N3K-C3524P-10G

n3500-compact.9.3.6.bin

N3K-C3524P-10GX

n3500-compact.9.3.6.bin

N3K-C3548P-10G

n3500-compact.9.3.6.bin

N3K-C3548P-10GX

n3500-compact.9.3.6.bin

NX-OS Compact Image Procedure

There are two ways to initiate the NX-OS Compact Image procedure. The following subsections describe each option in further detail.

NX-OS Compact Image Procedure on Bootflash/USB

Starting with NX-OS software release 7.0(3)I3(1), you can use the install all command with the compact option to initiate the NX-OS Compact Image procedure on an image stored in the switch's bootflash or an attached USB drive. This can also be performed on an NX-OS software image that the switch is currently booted from - however, a minimum of 750MB of free space on the switch's bootflash is required to compact the currently booted image.

An example of how to initiate the NX-OS Compact Image procedure on an NX-OS software image stored on the switch's bootflash is as follows:

switch# install all nxos booftflash:nxos.7.0.3.I7.8.bin compact

NX-OS Compact Image Procedure Through SCP

Starting with NX-OS software release 7.0(3)I5(2), the NX-OS Compact Image procedure can be initiated while copying the image to the switch's bootflash or an attached USB drive with SCP (Secure Copy Protocol) using an additional option in the copy command. The compact option in the copy command overrides the bootflash space limitation as the image is compacted at the time of transferring the image to the switch's bootflash or an attached USB drive. This option is only supported with SCP - other protocols (such as SFTP [Secure File Transfer Protocol] and FTP [File Transfer Protocol]) are not supported.

An example of how to initiate the NX-OS Compact Image procedure while copying an NX-OS software image to the switch's bootflash through SCP is as follows:

switch# copy scp://username@192.0.2.100/nxos.7.0.3.I7.8.bin bootflash:nxos.7.0.3.I7.8.bin compact vrf management

NX-OS Compact Image Procedure Sequence

The sequence of compacting NX-OS software images is important. You cannot compact the currently loaded NX-OS software image if you have another NX-OS software image present on the bootflash due to the limited bootflash size of the switch.

First, you should compact the currently booted image on the bootflash using the NX-OS Compact Image Procedure on Bootflash/USB method previously described. Next, you should copy the desired NX-OS software image to the switch's bootflash using the NX-OS Compact Image Procedure through SCP method previously described, if possible. If this option is not possible, because you are upgrading to an NX-OS software release prior to 7.0(3)I5(2), you should copy the desired NX-OS software image to the switch's bootflash normally, then use the NX-OS Compact Image Procedure on Bootflash/USB method previously described to compact the image.

The minimum required free space to compact a non-booted image is 450MB of free space on the switch's bootflash. If the free space available on the switch's bootflash is less than 450MB after copying the target image, then the target image needs to be compacted using an attached USB drive or through the NX-OS Compact Image Procedure through SCP method previously described.

NX-OS Compact Image Platform Groups

The NX-OS Compact Image procedure described in this document is applicable to three separate platform groups:

  • Nexus 3000 devices (N3K-C3048, N3K-C3064, and so on)

  • Nexus 3100 devices (N3K-C3132, N3K-C3172, and so on)

  • Nexus 3500 devices (N3K-C3524, N3K-C3548, and so on)

A compacted NX-OS binary image file can be re-used among other devices within the same platform group. However, a compact NX-OS binary image file cannot be used on devices that belong to a different platform group.

For example, consider a scenario where you have four Nexus 3000 devices of the following models:

  • N3K-C3048TP-1GE

  • N3K-C3064PQ-10GE

  • N3K-C3172PQ-40GX

  • N3K-C3548P-10G

An NX-OS binary image file compacted on the N3K-C3048TP-1GE can be transferred directly to the bootflash of the N3K-C3064PQ-10GE through a file transfer protocol of your choice (provided there is enough room on the N3K-C3064PQ-10GE). Furthermore, the N3K-C3064PQ-10GE can be upgraded with the use of this compact NX-OS binary image file through a supported method. However, the same compact NX-OS binary image file cannot be used to upgrade the N3K-C3172PQ-40GX and N3K-C3548P-10G devices. The NX-OS Compact Image procedure must be executed on both N3K-C3172PQ-40GX and N3K-C3548P-10G devices separately.

This compatibility between Nexus devices within the same platform group can be used to optimize the NX-OS software upgrade of a large number of devices. For example, if you have 100 N3K-C3048TP-1GE devices, you can use the NX-OS Compact Image procedure on a single device, then transfer the compact NX-OS binary image file to the resulting 99 devices. There is no need to perform the NX-OS Compact Image procedure on all 100 devices.

Booting the Switch from the USB

You can optionally choose to boot the switch from an external flash memory drive at the loader prompt. The supported BIOS version for the Cisco Nexus 3548P-10GX switch is 2.0.8 and for the Cisco Nexus 3548P-10G switch, it is 1.0.11. Following are the various options for loading the image from an external flash memory drive:

  • You can load the image from USB1 when either the USB1 slot is occupied or when both the USB slots are occupied.
    Loader> boot usb1: <image>
  • You can load the image from USB2 only when the USB2 slot is occupied.
    Loader> boot usb2: <image>
  • You can load the image from USB2 when both the USB slots are occupied.
    Loader> boot usb2: <image>
  • You can load the image from USB1 when only the USB1 slot is occupied or when both the USB slots are occupied.

  • You can load the image from USB2 when only the USB2 slot is occupied.

  • You can load the image from USB2 when both the USB slots are occupied.

Upgrading the Cisco NX-OS Software


Note


If an error message appears during the upgrade, the upgrade will fail because of the reason indicated.

Procedure


Step 1

Read the release notes for the software image file for any exceptions to this upgrade procedure. See the Cisco Nexus 3500 Series NX-OS Release Notes.

Step 2

Log in to the device on the console port connection.

Step 3

Ensure that the required space is available for the image files to be copied.

switch# dir bootflash:

Note

 

We recommend that you have the image files for at least one previous release of the Cisco NX-OS software on the device to use if the new image files do not load successfully.

Step 4

If you need more space on the device, delete unnecessary files to make space available.

Step 5

Upgrade the Cisco NX-OS software to new Cisco NX-OS Release.

Step 6

Copy the software images to the device using a transfer protocol. You can use FTP, TFTP, SCP, or SFTP.

switch# copy scp://user@server-ip/image-path/ bootflash: compact vrf management

switch# copy scp://user@scpserver.cisco.com//download/nxos.9.3.1.bin bootflash: compact vrf management

The compact option compresses the image while copying it to the switch’s bootflash or USB drive. SCP is the only protocol that supports the compact option.

Note

 

For Cisco Nexus 3548-XL platform switches, the compact option is not supported. Therefore, copy the software image without the compact option.

Step 7

Check the impact of upgrading the software before actually performing the upgrade.

switch# show install all impact nxos bootflash:nxos.9.3.1.bin


Note

 

In order to accommodate upgrade compatibility from an older software version that is expecting a platform designator, the version string in the output of this command will appear as "9.3(1)I9(1)". The "I9(1)" portion of the string can be safely ignored, and it will disappear post upgrade to 9.3(1). In addition, the compatibility check will show "Wrong image."

Step 8

Save the running configuration to the startup configuration.

switch# copy running-config startup-config

Step 9

Upgrade the Cisco NX-OS software using the install all nxos bootflash:filename [no-reload | non-interruptive | serial] command.

switch# install all nxos bootflash:nxos.9.3.1.bin
 

 

Note

 
If you enter the install all command without specifying a filename, the command performs a compatibility check, notifies you of the modules that will be upgraded, and confirms that you want to continue with the installation. If you choose to proceed, it installs the NXOS software image that is currently running on the switch and upgrades the BIOS of various modules from the running image if required.

Step 10

(Optional) Log in and verify that the device is running the required software version.

switch# show version

Step 11

(Optional) Verify the entire upgrade process.

switch# show install all status

Step 12

(Optional) If necessary, install any licenses to ensure that the required features are available on the device. See the Cisco NX-OS Licensing Guide.


NX-OS Upgrade History

During the life of a Cisco Nexus 3548 switch, many upgrade procedures can be performed. Upgrades can occur for maintenance purposes or to update the operating system to obtain new features. Over time, switches may be updated on numerous occasions. Viewing the types of upgrades and when they occurred can help in troubleshooting issues or simply understanding the history of the switch.

Beginning with Cisco NX-OS Release 9.3(5), Cisco Nexus 3548 switches log all upgrade activity performed over time providing a comprehensive history of these events. The stored upgrade history types are:

  • Cisco NX-OS System Upgrades

  • Electronic Programmable Logic Device (EPLD) Upgrades

  • Software Maintenance Upgrade (SMU) Installations

View the Cisco NX-OS upgrade history by entering the show upgrade history command. The output displays any upgrade activity that previously occurred on the switch and defines the start and end times for each event. The following is an example output of the show upgrade history command:

switch# show upgrade history
TYPE                VERSION   DATE                    STATUS
NXOS EPLD           n3548-    26 Apr 2020 11:37:16    EPLD Upgrade completed
                    epld.9.3.4.img
NXOS EPLD           n3548-    26 Apr 2020 11:32:41    EPLD Upgrade started
                    epld.9.3.4.img
NXOS system image   9.3(5)    24 Mar 2020 20:09:10    Installation End
NXOS system image   9.3(5)    24 Mar 2020 20:05:29    Installation started
NXOS SMU            9.3(5)    03 Mar 2020 23:34:15    Patch activation ended for 
                                                      nxos.libnbproxycli_patch-n3548_
                                                      ALL-1.0.0-9.3.5.lib32_n3548.rpm
NXOS SMU            9.3(5)    03 Mar 2020 23:34:03    Patch activation started for 
                                                      nxos.libnbproxycli_patch-n3548_
                                                      ALL-1.0.0-9.3.5.lib32_n3548.rpm

Downgrading to an Earlier Software Release


Note


If an error message appears during the downgrade, the downgrade will fail because of the reason indicated.

Procedure


Step 1

Read the release notes for the software image file for any exceptions to this downgrade procedure. See the Cisco Nexus 3500 Series NX-OS Release Notes.

Step 2

Log in to the device on the console port connection.

Step 3

Verify that the image files for the downgrade are present on the device bootflash:.

switch# dir bootflash:
...

Step 4

If the software image file is not present, log in to Cisco.com, choose the software image file for your device from the following URL, and download it to a file server: http://software.cisco.com/download/navigator.html.

Note

 

If you need more space on the device bootflash:, use the delete command to remove unnecessary files.

Step 5

Copy the software images to the device using a transfer protocol. You can use FTP, TFTP, SCP, or SFTP.

switch# copy scp://user@server-ip/image-path bootflash: compact vrf management

switch# copy scp://user@scpserver.cisco.com//download/nxos.9.2.3.bin bootflash: compact vrf management

The compact option compresses the image while copying it to the switch’s bootflash or USB drive. SCP is the only protocol that supports the compact option.

Note

 

For Cisco Nexus 3548-XL platform switches, the compact option is not supported. Therefore, copy the software image without the compact option.

Step 6

Check for any software incompatibilities.

switch# show incompatibility nxos bootflash:nxos.9.2.3.bin
Checking incompatible configuration(s) 
No incompatible configurations

The resulting output displays any incompatibilities and remedies.

Step 7

Disable any features that are incompatible with the downgrade images.

Step 8

Save the running configuration to the startup configuration.

switch# copy running-config startup-config

Step 9

Downgrade the Cisco NX-OS software.

switch# install all nxos bootflash:nxos.9.2.3.bin

Note

 
If you enter the install all command without specifying a filename, the command performs a compatibility check, notifies you of the modules that will be upgraded, and confirms that you want to continue with the installation. If you choose to proceed, it installs the NXOS software image that is currently running on the switch and upgrades the BIOS of various modules from the running image if required.

Step 10

(Optional) Log in and verify that the device is running the required software version.

switch# show version

Step 11

(Optional) Display the entire downgrade process.

Example:

switch# show install all status