traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Netgrimoire/Periphery/Work/Ducky/ess_3300.md
traveler bb997e2fa7 perephiery
2026-04-12 15:55:45 -05:00

6.6 KiB
Raw Permalink Blame History

title description published date tags editor dateCreated
Voyager SW26G Upgrade Cisco ESS 3300 Upgrade true 2026-03-19T15:46:20.810Z markdown 2026-03-19T15:46:15.200Z

Cisco ESS3300 — IOS XE Software Upgrade Guide

Platform Overview

The Cisco Embedded Services 3300 (ESS3300) is a ruggedized, embedded-form-factor switch running Cisco IOS XE. Software images are stored on the system board flash device (flash:). The ESS3300 supports two boot modes:

  • Install Mode (recommended) — software is expanded into discrete package files; supports rollback
  • Bundle Mode — the switch boots directly from a monolithic .bin file

Note: All procedures in this guide use Install Mode. Cisco recommends Install Mode for all IOS XE upgrades. Verify your current boot mode before proceeding.

1. Pre-Upgrade Checks

Verify Current Software Version and Boot Mode

show version
show boot

Confirm the BOOT variable points to flash:packages.conf (Install Mode). If it shows a .bin file, you are in Bundle Mode — see the Bundle Mode section at the end of this document before proceeding.

Check Switch Health

show module
show environment all
show logging last 100

Resolve any hardware faults, fan alarms, or recurring log errors before proceeding.

Verify Flash Space

IOS XE images typically require 11.5 GB of free flash space. Check available space and clean up inactive packages if necessary:

dir flash:
install remove inactive

Confirm the space is sufficient before copying the new image.

Backup the Running Configuration

copy running-config startup-config
copy running-config flash:backup-config.txt

2. Obtain the IOS XE Image

  1. Navigate to https://software.cisco.com and log in. A valid Cisco service contract is required.
  2. Go to Downloads → Switches → Industrial Ethernet Switches → Embedded Services 3300 Series.
  3. Select the target IOS XE release. Download the appropriate .bin image for the ESS3300 platform.
  4. Record the MD5 checksum from the download page for later verification.

Upgrade Path: Verify that your current release and target release form a supported direct upgrade path. Some versions require an intermediate "stepping stone" release. Refer to the release notes for the target version before proceeding.

3. Transfer the Image to the Switch

Option A — SCP from Windows PC (OpenSSH)

Verify the OpenSSH Server service is running on your PC:

net start sshd

Enable SCP server on the switch:

feature scp-server

From the switch CLI, pull the image from the Windows PC:

copy scp://YourUsername@<PC-IP>/C:/path/to/<image>.bin flash: vrf management

Tip: Place the image in a short path with no spaces, such as C:\ios\, to avoid syntax issues.

Option B — TFTP

From the switch CLI:

copy tftp://<TFTP-Server-IP>/<image>.bin flash: vrf management

Option C — USB Drive

Format the USB drive as FAT32 and copy the image to the root of the drive. Insert the drive into the switch USB port, then from the CLI:

copy usbflash0:<image>.bin flash:

4. Verify the Image Integrity

Confirm the image copied successfully:

dir flash:

Verify the MD5 checksum matches the value from the Cisco download page:

verify /md5 flash:<image>.bin

Do not proceed if the checksum does not match — re-transfer the image.

5. Set the Boot Variable (Install Mode)

Ensure the boot variable is correctly set to packages.conf before installing:

configure terminal
 no boot system
 boot system flash:packages.conf
end
write memory

Verify:

show boot

The BOOT variable line should read flash:packages.conf.

6. Install and Activate the New Image

Run the install command to stage, activate, and commit the new image in a single operation. The switch will reload automatically when prompted — respond y to confirm:

install add file flash:<image>.bin activate commit

The process will:

  1. Expand the .bin into package files on flash
  2. Activate the new packages
  3. Prompt for a reload
  4. Commit the new version as the running baseline on first boot

Important: Do not interrupt the process or remove power during installation or reload.

7. Post-Upgrade Verification

After the switch reloads, verify the upgrade was successful:

show version
show boot
show module
show environment all
show interface status

Confirm that:

  • The IOS XE version matches the target release
  • BOOT variable still shows flash:packages.conf
  • All modules and interfaces are in the expected state
  • No new errors appear in the system log (show logging last 50)

8. Clean Up Old Installation Files

Once the upgrade is confirmed stable, remove inactive packages to reclaim flash space:

install remove inactive

Confirm when prompted.

Bundle Mode Upgrade (Alternative)

If the switch is running in Bundle Mode (boots from a .bin file), use the following procedure instead of the Install Mode steps above:

configure terminal
 no boot system
 boot system flash:<new-image>.bin
end
write memory
reload

After reloading, verify with show version. Note that Bundle Mode does not support rollback. Cisco recommends converting to Install Mode going forward.

Emergency Recovery

If the switch is stuck at the switch: ROMMON prompt or is in a boot loop, use the emergency recovery procedure:

  1. Connect a terminal to the console port (RJ-45 or USB-mini, 9600 baud / 8N1).
  2. Connect port Gi1/3 to a PC running a TFTP server with a valid IOS XE image at the TFTP root.
  3. If in a boot loop, hold the front-panel button for approximately 5 seconds to break the cycle and stop at the switch: prompt.
  4. From the switch: prompt, boot the emergency install image:
switch: boot emgy0:<image>.SPA.bin

Key Reminders

  • Schedule upgrades during a maintenance window. The ESS3300 has no redundant supervisor — traffic will be interrupted during the reload.
  • In a stacked or redundant deployment, upgrade the secondary/standby unit first, then the primary.
  • The boot loader (ROMMON) may be automatically upgraded on the first boot of a new IOS XE release. This is expected behavior and does not indicate a failure.
  • Smart Licensing requires registration after upgrading to a release that introduces Smart Licensing Using Policy (SLUP). Existing licenses remain in evaluation mode until registered.
  • Starting with IOS XE 17.10, certain legacy SSH key exchange and MAC algorithms were removed from the default list. Review the target release notes if SSH access is affected post-upgrade.