Hw-module Slot Reload



I learned something interesting about the cisco ASA 5558-X chassis & that I thought was interesting;

Hw Module Slot X Oversubscription, casino used in longmire, academias de baile de salsa casino en maracay, poker all time money list wiki Fortune Jackpots 100 Volt Crystals and 500 Vollars for Volt City. To reset a specific node, or to put a node into maintenance mode, use the hw-module location command in System Admin EXEC mode. The force keyword forces an immediate reload or shutdown of the router without waiting for an orderly system shutdown. Hi Team, We need to reset/reload one of the module of our core switch i.e.WS-C6509-E. Moreover, we have tried the command reset 4 (module no.) but it's not working. Please provide us the command to reset the module.


Please reference this image from cisco website of a typical 5558-X chassis.
http://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5585guide/5585Xhw/overview.html#pgfId-1100238
The hw-module slot1 which encompass the IPS also carries the GIGE interfaces gi 1/0-7 and the 10GIGE interfaces as well 1/8-9.
Shutting down the hw-module slot1 will 'DROP'

Hw-module Slot Reloaded

Reloading all interfaces in slot1 and not just the IPS modules.
Take a look at these show outputs;

And the available hardware module commands
Hw-module Slot Reload
1: So the meer issuing of a hw-module #1 shutdown, actually shutdown the whole slot1 and NOT just the IPS
Slot

2: A issuing of a hw-module #1 reload, will not disturb any GIGE interfaces on slot#1
I found this interesting while diagnostic and debugging a buggy IPS module. I have a case open with TAC over these issues. They are looking into it a trying to determine if this is normal behavior.
I found it funny cisco won't let you shutdown slot#0, but they allow slot#1 , and it will bring all interfaces on that slot down including the IPS module that I was trying to trouble shoot.
http://socpuppet.blogspot.com/2015/01/asa-ips-modules-reloads-732-e4.html
Ken Felix
Freelance Network/Security Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( # # )=
@
/
Hw-module Slot Reload

Upgrading a 6500 is pretty straight forward, provided the necessary is done in the right order. I’ve listed the steps I would typically take to fully upgrade a single Cisco-6509-E (single Route-Processor) with a IPSEC VPN SPA blade.

Please lab this if possible BEFORE trying it in a production network. I have illustrated the steps to be taken if some of the known funnies occur during an upgrade. Feel free to use this as a guideline.

Firstly download the IOS and image versions, you need. Obviously do a little homework and check the specific IOS for known bugs using the Bug Toolkit. Don’t just pick any IOS. Make sure all the required features are relatively bug free.

Copy the downloaded files to the following locations:

  • ROMMON firmware to sup-bootflash
  • BOOTLDR to bootflash
  • IOS to flash disk

I always use FTP if possible, due to the higher transfer rates. 10.3.29.239 is connected to the switch and is running a FTP server, expecting a username:password of cisco:pass.


I would recommend verifying the IOS images after copying. It’s relatively easy for the image to get corrupted during copying. No need to waste time with corrupt images, when it can be avoided.

It is generally safe practise to backup the working running-config to a file on flash disk0:

1- Lets start, first upgrade the Rom-Monitor:

Confirm the current boot variables:

2- Specify the new BootLDR to load during boot:

3- Specify the order of the booting images. Firstly the new IOS image, secondly the previous working IOS image. Refer to a previous post, why to do this HERE.

4- Reload the box.

5- If during startup, you encounters config related errors like the ones below, make a note of each command the new IOS didn’t apply:

Do not save the config at any time before reloading using “write mem” or “copy run start”.
Else you will overwrite a working config with the above commands missing.

6- Rename the new IOS file on flash to force the next boot to use the second IOS file listed in boot command along with the working config:

7- If the box has a VPN-SPA blade for offloading IPSEC encryption/decryption, it might be necessary to upgrade the SPA FPD (Field Programmable Devices) code.
Before reloading confirm if the SPA FPD code matches the new IOS version.

The following command will show the current/required version:


8- If the min. required version is higher than the current version, the FPD code must be upgraded. Download the supporting .pkg from from Cisco and copy it to the flash disk:

9- Then upgrade the SIP and the IPSEC SPA

10- Reload the box again. This time the old IOS will be used to boot since the new IOS file is not available. The list of error commands (Point 5) needs to be corrected, either manually or by using notepad. I would suggest using notepad)

11- Copy the running config to your laptop:

12- Edit the config file in notepad. Ensure all the commands are corrected for the new IOS. Here is a list of commands I needed to change with this upgrade:

13- Rename the config-file to something else, and copy the new config-file back to disk0. Confirm there are now two config-files (original and new):

Hw-module Slot Reloading

14-Load the changed config to the startup configuration:

15-Rename the NEW-IOS file back to the original name as listed in the boot command:

Hw-module Slot Reloading Bullets

16-Reload the box the last time. If all was done correctly, everything should be working.

17-Proceed with testing STP, IGP’s, LDP, BGP and VPN’s and Crypto’s.

Hw-module Slot Reloading Equipment

For a good overall look at what the 6500 is doing, use the following command :