Cisco CSC – Upgrade the Operating System

KB ID 0000807 

Problem

Upgrading the operating system on the CSC module is pretty straight forward, as long as you have a valid support agreement for your hardware and a CCO account you can download the updates straight from Cisco (here).

Solution

WARNING: It’s rare that you can update straight to the latest version, by all means try, and the CSC module will simply error if it will not accept the version you are trying to update to.

WARNING 2: This may involve some downtime, especially if your CSC module is configured to fail-closed, you may wish to set it to fail-open during the upgrade to minimise disruption. Unless you have a dual failover firewall solution, in which case scroll down.

CSC fail open or closed

You can do this via command line if you wish, but it’s a lot simpler to do via the web console. You will need to download your updated software (with the .pkg extension NOT the .bin extension).

CSC operating system

Once downloaded, log into the web portal of the CSC module https://{IP-Address}:8443 > Administration > Product Upgrade > Browse > Locate your update > Upload > Go an have a coffee, it will take a while.

CSC System Upgrade

Upgrading CSC Modules in a Failover Pair

If you have firewalls deployed in failover, then you will have two CSC modules to upgrade.

1. Just for ease I’m showing the command line and the web console view. Start by upgrading the CSC module in the Secondary Standby firewall, here I’m upgrading 6.3.1172.0 to 6.3.1172.4.

CSC Failover upgrade

2. Now I take the same module to 6.6.1125.0.

CSC Filover upgrade no downtime

3. Once I know the system has updated and is back online, I jump onto the Primary Active firewall and force a failover to the Secondary Standby firewall.

Check module status with;

show module 1 detail

To force failover, on the Primary Active firewall.

configure terminal
no failover active

CSC System Upgrade Force Failover

4. Note: At this point the screen looks the same as above, but ‘physically’ the firewalls have swapped over, the Primary is now Standby and can be updated. Below I’m upgrading from 6.2.1599.0 to 6.2.1599.6.

CSC System Upgrade

5. Now we can see both modules are running the latest (at time of writing), product version.

CSC System Upgrade Product Version

6. Now to fail back simply issue the following command an the Secondary Active firewall;

configure terminal
no failover active

CSC System Upgrade

7. You can also check the versions match with the following command;

show failover

Show Failover result

Related Articles, References, Credits, or External Links

NA

Author: Migrated

Share This Post On