Tag Archives: Upgrade

Cisco Firepower Forbidden- you don’t have permission to access

After re-image FPR2110 from FTD to ASA9.8.2, the chassis (FXOS) mgmt interface UI become unaccesible giving the following error “Forbidden- you don’t have permission to access / on this server”.

In a nutshell, i could access FXOS via SSH and ASA (SSH & HTTPS) but the FXOS Chassis Management was broken. After spend some time, the only way to get this sorted was upgrade for the version 9.9.x

After upgrade, everything was working again.

 

Upgrade Cisco Blade Switch

Applying a major upgrade between 12.x and 15.x code, backup your config first before go ahead!

Checking the actual version

 

SW01#sh ver | i IOS
Cisco IOS Software, CBS30X0 Software (CBS30X0-LANBASEK9-M), Version 12.2(35)SE, RELEASE SOFTWARE (fc2)SW01#show boot
BOOT path-list      : flash:cbs30x0-lanbase-mz.122-35.SE/cbs30x0-lanbase-mz.122-35.SE.bin
Config file         : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break        : no
Manual Boot         : no
HELPER path-list    :
Auto upgrade        : yes
Auto upgrade path   :

Downloading and extracting the TAR file from your TFTP

SW01#download-sw tftp:10.1.0.103/cbs30x0-ipbase-tar.150-2.SE6.tar
Loading cbs30x0-ipbase-tar.150-2.SE6.tar from 10.1.0.103 (via FastEthernet0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(omitted for brevity)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK – 15073280 bytes]

Loading cbs30x0-ipbase-tar.150-2.SE6.tar from 10.1.0.103 (via FastEthernet0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(omitted for brevity)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
examining image…
extracting info (107 bytes)
extracting cbs30x0-ipbase-mz.150-2.SE6/info (372 bytes)
extracting info (107 bytes)

Stacking Version Number: 1.49

System Type:             0x00000000
Ios Image File Size:   0x00BEF200
Total Image File Size: 0x00E60200
Minimum Dram required: 0x08000000
Image Suffix:          ipbase-150-2.SE6
Image Directory:       cbs30x0-ipbase-mz.150-2.SE6
Image Name:            cbs30x0-ipbase-mz.150-2.SE6.bin
Image Feature:         IP|LAYER_3|MIN_DRAM_MEG=128

Old image for switch 1: unknown

Extracting images from archive into flash…
cbs30x0-ipbase-mz.150-2.SE6/ (directory)
extracting cbs30x0-ipbase-mz.150-2.SE6/info (372 bytes)
cbs30x0-ipbase-mz.150-2.SE6/html/ (directory)
extracting cbs30x0-ipbase-mz.150-2.SE6/html/frmwrkResource.htm (950 bytes)
extracting cbs30x0-ipbase-mz.150-2.SE6/html/menu.shtml (8324 bytes)
extracting cbs30x0-ipbase-mz.150-2.SE6/html/portstats.js (8142 bytes)
(omitted for brevity)
extracting cbs30x0-ipbase-mz.150-2.SE6/cbs30x0-ipbase-mz.150-2.SE6.bin (12505683 bytes)
extracting info (107 bytes)

Installing (renaming): `flash:update/cbs30x0-ipbase-mz.150-2.SE6′ ->
`flash:cbs30x0-ipbase-mz.150-2.SE6′
New software image installed in flash:cbs30x0-ipbase-mz.150-2.SE6

All software images installed.

Boot updated with the new image & Reboot

SW01#show boot
BOOT path-list      : flash:cbs30x0-ipbase-mz.150-2.SE6/cbs30x0-ipbase-mz.150-2.SE6.bin
Config file         : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break        : no
Manual Boot         : no
HELPER path-list    :
Auto upgrade        : yes
Auto upgrade path   :SW01#reload
Proceed with reload? [confirm]

New code is Live!

SW01#sh ver | i IOS
Cisco IOS Software, CBS30X0 Software (CBS30X0-IPBASE-M), Version 15.0(2)SE6, RELEASE SOFTWARE (fc2)

Compare the running config with the Backup one we did previously zero differences, so another successful upgrade!

Upgrade Cisco ASA 8.3

Efectuar upgrade de firmware nos Cisco ASA para a versão superior à 8.3 não é uma tarefa fácil devido ás diversas dependências existentes: memória RAM, Configs (ACL, NATs), Steps entre versões.

Aqui ficam alguns links para analisar antes de efectuar o Upgrade:

https://supportforums.cisco.com/docs/DOC-12690

http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html