6

Is there a way to upgrade a Cisco Catalyst 9300 switch to a new software version without the switch automatically reloading as part of the initial install process? With other switches (eg Cisco Catalyst 3850) I could do the software install and then it would prompt you with something like 'Software install complete. Do you want to reload now?'. You could hit 'n' and reload the switch at a later time eg out of hours. But when I recently did a software upgrade for our newer Catalyst 9300 switches from 16.12.04 to 17.03.04 the switch reloaded automatically straight away (luckily it was not a live switch!).

During the install there is a warning that comes up saying

This operation may require a reload of the system. Do you want to proceed? [y/n]

If you hit 'y' then it completes the install and reboots immediately afterwards. There is no further prompt to reload, below is the end of the process.

16128+0 records in
16128+0 records out
8257536 bytes (8.3 MB, 7.9 MiB) copied, 8.50053 s, 971 kB/s
SUCCESS: Upgrade_Service finished
Install will reload the system now!
SUCCESS: install_add_activate_commit  Fri Dec 10 11:08:36 GMT 2021

The first time I tried installing I hit 'n' but that just seemed to cancel the install.

Looking at the Cisco doc for 9300 software upgrades I thought I had found the answer with the command

install add file bootflash:cat9k_iosxe.x.x.x.SPA.bin activate commit prompt-level none

I thought there would be an option to choose a value other than none, but there isnt.

Is there a way around this?

Jesse P.
  • 4,690
  • 1
  • 10
  • 14
The Footsie
  • 381
  • 1
  • 10
  • 1
    Not really answering your question but why are you installing the update if you’re not ready to reboot and actually use it? Why not just wait to do it when you ARE ready to reboot? – Jesse P. Dec 16 '21 at 16:39
  • 1
    Some higher end devices support ISSU -- in service software update. The 3850 doesn't. I suspect the cat9300's don't either. – Ricky Dec 16 '21 at 16:59
  • @Ricky Correct. 9200 and 9300 do not support ISSU. https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-series-switches/216231-upgrade-guide-for-cisco-catalyst-9000-sw.html#anc30 – Jesse P. Dec 16 '21 at 17:29
  • @JesseP. if 2am is the only downtime I can get for the reload I trust Cisco enough from experience to do the install during the preceding day and '#reload in 10:00' instead of having to get up and start the process at 2am. – The Footsie Dec 16 '21 at 20:37
  • 1
    @TheFootsie You can do the whole process automatically at 2AM if you make use of EEM to script out the commands and answer the prompt(s). – Jesse P. Dec 16 '21 at 20:42

1 Answers1

5

There is no way to postpone (or avoid altogether) the reload while updating the switches. As mentioned in a comment, as somewhat of a side note, some models support ISSU which, when used with devices containing dual supervisors, allows you to perform updates without reloading the device. Catalyst 9200 and 9300 models do not support ISSU. The 9300 models do support reloadfast, to decrease the amount of time needed for a reboot but that comes with its own risks, in that all stack members will reload at the same time and could potentially cause problems depending on which one becomes the stack master if you haven’t properly set priorities beforehand.

If reloading immediately after the update process is completed is an issue (for whatever reason), your only option is to put off updating until a date and time when you can reload with minimal interruption.

As I mentioned in the comments, performing the entire process automatically via EEM (Embedded Event Manager) is another option, so that upgrades can be done after hours without user interaction. Here is an example of an upgrade script and link to other example scripts.

event manager applet UPGRADE authorization bypass
event none maxrun 300
action 0001 cli command "enable"
action 0002 cli command "term length 0"
action 0020 cli command "install add file flash:cat9k_iosxe.16.06.02.SPA.bin activate commit" pattern "y\/n"
action 0030 cli command "y" pattern "y\/n"
action 0040 syslog msg  "Reloading device to upgrade code"
action 0050 cli command "y"

You can refer to this link (which you appear to have already partially read) for further details and procedures of general upgrade processes on Catalyst 9000-series switches.

Jesse P.
  • 4,690
  • 1
  • 10
  • 14
  • 1
    I think the question is more about doing an upgrade without *immediate* reboot, not *any* reboot at all. – Zac67 Dec 16 '21 at 19:58
  • @Zac67 I know, which is why I said what I said in the comments before I posted my answer. I edited the answer to make it suitable for both situations. – Jesse P. Dec 16 '21 at 19:59
  • @Zac 67 is correct, I'm not asking about avoiding the reload, just postponing it for a few hours. I have read the document and it doesnt answer my question, possibly because **#install add file...** doesnt have the feature at all. However in doing a sanity check I have found that the command for the software install on the 3850 is different (**#request platform software...**) and, perhaps crucially, depreciated (but possibly still working) on the 9300. Which is frustrating. – The Footsie Dec 16 '21 at 20:37
  • @TheFootsie I know, and that’s why I already said that I knew what you meant, and also why I edited my answer to accommodate both scenarios. And, yes, it is always a pain point that Cisco is constantly creating more differences between software/firmware command sets, such as what you mentioned. They do try to explain that it’s sometimes due to different people or teams work working on each release, but I don’t buy that excuse. – Jesse P. Dec 16 '21 at 20:40
  • Thanks @JesseP. for your input, in trawling through the release notes I understand the newer command a bit better and you cant upgrade without the **activate** command which reloads the switch once it has completed. I think scripting will be the workaround. – The Footsie Dec 16 '21 at 22:44
  • 1
    @TheFootsie No problem. EEM is fairly easy to use, and I’ve used it many times to make changes that would kick me out of the device, such as moving an IP address from a base interface to a sub-interface, etc. With EEM I could make all of the changes and then hop back in once completed. – Jesse P. Dec 16 '21 at 22:47