Recently during upgrading the IOS-XE versions on a few 4500x VSS clusters, I also had to upgrade the ROMMON version
to make them ISSU compatible for later IOS-XE releases.
Below I described the steps:
First check the upgrade path here:
We follow the console upgrade path because the switch will shutdown, and you need to manually pull the power cords and put them back.
It is recommended to upgrade the ROMMON onsite in case of problems.
Copy the new ROMMON to the bootflash (primary) and slavebootflash (standby)
Also check the current ROMMON version and make sure that the files are available on the flash so we can always go back in case of problems.
Beware with downgrading the ROMMON because the ROMMON is hardware version specific and you can break the switch with it when going to low.
The specific upgrade path is described below:
Attached your console cable to the standby node.
SSH into the primary and execute the follow command:
redundacy reload peer
press Ctrl-C to stop the boot process on the standby node, then re-enter ROMMON mode
Boot from the new rommon upgrade file:
The switch now starts the ROMMON upgrade process. It can take approx 20 minutes to finish.
The switch can shutdown if you upgrade from SG10 to SG11 or SG14, see cisco bug > CSCut66603
If this happens, take out the power cords (the power supply status led will be flashing) and re-seat them again.
The primary switch will now alert that there is an incompatibility detected in the log:
Aug 6 10:35:29: %INSTALLER-3-ISSU_OP_ERR: 1 installer: Not in ISSU, service incompatibility detected, reloading the standby Aug 6 10:35:29: %RF-5-RF_TERMINAL_STATE: 1 ha_mgr: Terminal state reached for (SSO)
The secondary switch will try to connect to the VSS but since the ROMMON version is different from the primary node it will fail this process and reboot.
Repeat the above upgrade steps for the primary node. All network connections which were still available on the primary node will disconnect.
After the primary switch is rebooted, the secondary node will probably become primary VSS master and part of the connectivity will be restored.
After the primary switch is upgraded and rebooted, it should reconnect itself as secondary node in the VSS cluster.
Verify on the primary node if the switch is back with redundancy
show issu state
You can also check the current ROMMON version when its loaded
SWITCH22#show version Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.06.07.E RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2017 by Cisco Systems, Inc. Compiled Wed 12-Jul-17 13:41 by prod_rel_team Cisco IOS-XE software, Copyright (c) 2005-2015 by cisco Systems, Inc. All rights reserved. Certain components of Cisco IOS-XE software are licensed under the GNU General Public License ("GPL") Version 2.0. The software code licensed under GPL Version 2.0 is free software that comes with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such GPL code under the terms of GPL Version 2.0. (http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the documentation or "License Notice" file accompanying the IOS-XE software, or the applicable URL provided on the flyer accompanying the IOS-XE software. ROM: 15.0(1r)SG11 SWITCH22 uptime is 23 hours, 57 minutes Uptime for this control processor is 23 hours, 58 minutes System returned to ROM by reload System restarted at 11:20:07 CEST Mon Aug 6 2018 System image file is "bootflash:/cat4500e-universalk9.SPA.03.06.07.E.152-2.E7.bin" Jawa Revision 2, Winter Revision 0x0.0x41