Cisco 6503 - Catalyst Firewall Security Sys White Paper - Page 9
Browse online or download pdf White Paper for Switch Cisco 6503 - Catalyst Firewall Security Sys. Cisco 6503 - Catalyst Firewall Security Sys 19 pages. Catalyst 6500 series chassis and module power and heat values
Also for Cisco 6503 - Catalyst Firewall Security Sys: Product Bulletin (6 pages), Supplementary Manual (3 pages), Datasheet (30 pages), Technical Information (16 pages)
The image synchronization feature of Cisco Catalyst OS provides software consistency between supervisor engines, but it
does not allow for software upgrades without taking the system offline for an extended period of time. To perform the upgrade,
the active supervisor engine requires a reset to load the new version of software. It then synchronizes the software images to
the standby supervisor engine. Typically, this must be performed during a scheduled downtime or maintenance window
because the entire system needs to be warm booted. Also note that the Cisco IOS Software on the MSFC is not a part of this
synchronization process.
Supervisor Engine Versioning Feature
Versioning is the second portion of the Cisco Catalyst OS High Availability feature and is dependent on having the High
Availability feature enabled in a dual supervisor engine configuration. As such, it allows different but compatible images to
be running on the active and standby supervisor engines, which disables the default supervisor image synchronization process.
The application of this feature is to allow a software upgrade in real time by using the supervisor switchover of the High
Availability feature. This allows not only the upgrading of Cisco Catalyst OS software without rebooting the device, but also
the ability to maintain a previously used and tested version of the Cisco Catalyst OS on the standby supervisor engine as a
fallback plan if the software upgrade fails. There is no restriction on the image version that either supervisor engine can run,
so upgrading or downgrading of the Catalyst OS images is possible.
If two different image versions are running, the system will determine if they are compatible. The active and standby
supervisor engines exchange image version information to determine if the two software images are compatible. Image
versions are defined as one of three options: compatible, incompatible, or upgradable. Compatible versions imply that stateful
protocol redundancy can be supported between the different images. All configuration settings made to the NVRAM on the
active supervisor engine can be sent to the standby supervisor. Two Cisco Catalyst OS versions are incompatible if
synchronizing the protocol state databases between the two versions is not possible. If two software images are incompatible,
the software upgrade process will affect the system operation (that is, be greater than the one- to three-second switchover time
of a high-availability switchover) and no NVRAM configuration changes will be synchronized between supervisor engines.
A special case of incompatible versions is referred to as upgradable. In this scenario, the high-availability supervisor
switchover is not available, but configuration changes to the NVRAM on the active supervisor engine can be synchronized to
the standby supervisor engine. This is a special case because it allows two different software versions to run with synchronized
configurations but without the capability for a failover.
If the Cisco Catalyst OS software images are not compatible, the high-availability switchover will not be possible. The
operational status output from the command show system highavailability should be monitored to determine the
high-availability compatibility of two Cisco Catalyst OS images. The operational status can either be ON or OFF, with some
system specific status messages. The following output shows that high availability is enabled and that the Cisco Catalyst OS
versions are high-availability-compatible (Op-status: ON).
Sup-A> (enable) show system highavailability
Highavailability: enabled
Highavailability versioning: disabled
Highavailability Operational-status: ON
As a general practice, it is recommended that high-availability versioning be enabled only when upgrading the Cisco Catalyst
OS software. The traditional image synchronization process (high-availability versioning disabled) should be implemented
for normal operating conditions. Generally speaking, high-availability compatible images are only available between
maintenance releases of the Cisco Catalyst OS software. A maintenance release is a new version of software with incremental
feature upgrades and bug fixes such as upgrading from version 5.5.1 to version 5.5.2. Major releases will not be
high-availability compatible. The release notes include a high-availability compatibility listing at the following URL:
Cisco Systems, Inc.
All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 9 of 19