ASA 5585-X Update the CX SSP Module

KB ID 0001005 

Problem

Every piece of documentation I found on upgrading CX SSP modules was for doing so on models other than the ASA5585-X. The (current) latest CLI guide says;

“For the ASA 5585-X hardware module, you must install or upgrade your image from within the ASA CX module. See the ASA CX module documentation for more information.”

Yeah good luck finding that!

Solution

Before I saw the information above I tried to upgrade the CX module from the ASA and this is the error you get when you try;

[box]PetesASA(config)# hw-module module 1 recover configure url tftp://10.0.41.100/asacx-5500x-boot-9.3.1.1-112.img
ERROR: Module in slot 1 does not support recovery[/box]

Then, I tried the update from within the CX module, and got the following error;

[box] asacx>system upgrade ftp://10.0.41.100/asacx-sys-9.3.1.1-112.pkg
Verifying

111
Upgrade aborted.

[/box]

Note: If you have not already found out, the default username is admin and the default password is Admin123.

Turns out that was an error in 3CDaemon that I use as an FTP server, once I fixed that, I was cooking on gas.

Upgrade the ASA 5585-X CX SSP Module

1. Connect to the CX modules console port, and you can view the version.

[box] Cisco ASA CX 9.1.2
This product contains cryptographic features and is subject to United States
and local country laws governing import, export, transfer and use. Delivery
of Cisco cryptographic products does not imply third-party authority to import,
export, distribute or use encryption. Importers, exporters, distributors and
users are responsible for compliance with U.S. and local country laws. By using
this product you agree to comply with applicable laws and regulations. If you
are unable to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg
If you require further assistance please contact us by sending email to
export@cisco.com.

You can access the Web UI from your browser using the following URL(s):
https://192.168.8.8/

asacx login:

[/box]

2. Now the CX module has its default IP of 192.168.8.8, I need to change this, I’ll do that from command line on the ASA like so.

[box] PetesASA(config)# session 1 do setup host ip 10.0.41.34/24,10.1.41.1

Syntax

session 1 do setup host ip {IP Address}/{Subnet Mask},{Default Gateway}

[/box]

3. At this point make sure that Management port 1/0 on the CX module is connected to the network.

4. You can simply ping the new IP, or view it in the ASDM. (Note: here you can also view the CX software version).

5. Now the CX module and your FTP server are on the same network, and you have downloaded the CX software from Cisco, you can perform the upgrade, (from the console session on the CX module).

Note: Don’t press any keys (unless asked to), while this is going on, or it has a habit of aborting!

[box] asacx>system upgrade ftp://10.0.41.100/asacx-sys-9.3.1.1-112.pkg
Verifying
Downloading
Extracting
Package Detail
Description: Cisco ASA-CX 9.3.1.1-112 System Upgrade
Requires reboot: Yes

NOTE: If this device is being managed by a PRSM server, you must also apply the same upgrade package to the PRSM server or you will not be able to deploy configurations from the PRSM server to this device.

Do you want to continue with upgrade? [y]:y

Doing so might leave system in unusable state.

Upgrading
Starting upgrade process …[ 459.563380] kjournald starting. Commit interval 5 seconds
[ 459.648202] EXT3 FS on sde3, internal journal
[ 459.700274] EXT3-fs: mounted filesystem with ordered data mode.

Populating new system image
Copying over new application components
Cleaning up old application components

Reboot is required to complete the upgrade. Press ‘Enter’ to reboot the system. {Enter}

Broadcast message from root (console) (Fri Oct 3 08:20:59 2014):

The system is going down for reboot NOW!

[/box]

6. Post reboot you can see the new version from the console connection.

[box] Cisco ASA CX 9.3.1.1
This product contains cryptographic features and is subject to United States
and local country laws governing import, export, transfer and use. Delivery
of Cisco cryptographic products does not imply third-party authority to import,
export, distribute or use encryption. Importers, exporters, distributors and
users are responsible for compliance with U.S. and local country laws. By using
this product you agree to comply with applicable laws and regulations. If you
are unable to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg
If you require further assistance please contact us by sending email to
export@cisco.com.

You can access the Web UI from your browser using the following URL(s):
https://10.0.41.34/
https://[fe80::5af3:9cff:fe05:d2e4]/

asacx login:

[/box]

You can also check the version has updated from within the ASDM.

 

Related Articles, References, Credits, or External Links

NA

 

HP / 3COM – Setup the V1910-24G Switch

KB ID 0000495 Dtd 20/08/11

Problem

I was surprised this week when I went to fit one of these switches, I know HP bought 3Com some time ago but when I popped open the HP box I did not expect to see a 3Com switch.

Anyway, heres a very quick run down on initial setup (assign IP and secure the system passwords).

Solution

1. On the chassis locate the sticker with the serial number on it, on here it will show you the IP address that its set to by default, this is an IP in the 169.254.x.x range so providing you have a laptop/PC set up for DHCP simply connect it to the Switch (any port) and you can open a web browser session to it.

2. Default access is user name admin with a blank password.

3. To change the password, select Users >Modify.

4. Select the admin user and change the password below. Note: You can add additional users here as well.

5. To change the management IP address, select Network > VLAN Interface > Modify.

6. Out of the box you will only have one VLAN, change the setting to manual.

7. Set the required IP and Subnet mask > Apply (At this point you will be kicked out of the management console, connect the switch to your live network and you will be able to connect to its new address).

 

Related Articles, References, Credits, or External Links

NA