Upgrading firmware on Cisco switches is a critical task for maintaining security, performance, and feature compatibility. Whether you’re working with Cisco Catalyst 9200, 9300, 9400, or 9500 series switches, the upgrade process follows a consistent lifecycle—download, transfer, install, verify, and reboot.
This guide explains how to upgrade Cisco switch firmware using USB and TFTP, including StackWise environments, install vs bundle mode, and ROMMON recovery scenarios.
Understanding Cisco IOS XE Firmware Upgrade Methods
Cisco Catalyst 9000 series switches primarily run IOS XE, which supports two upgrade approaches:
1. Install Mode (Recommended)
- Uses
.binimage + packages extraction - Managed via
install add file ... activate commit - Safer and modern approach
- Preferred for Catalyst 9200/9300/9400/9500
2. Bundle Mode (Legacy)
- Boots directly from
.bin - Uses
boot system flash:filename.bin - Older method, less efficient
Most modern Cisco deployments should use Install Mode.
Pre-Upgrade Checklist (Critical Best Practice)
Before upgrading Cisco switch firmware:
Save running configuration:
write memoryVerify free flash space:
dir flash:Check current version:
show versionConfirm StackWise health (if stacked):
show switch
show switch stack-portsBackup configuration externally (TFTP/USB)
Method 1: Upgrade Cisco Switch Firmware Using USB
This method is ideal when TFTP is not available.
Step 1: Prepare USB Drive
- Format USB as FAT32
- Copy Cisco IOS XE image (example):
cat9k_iosxe.17.12.04.SPA.binStep 2: Insert USB into Switch
- Plug USB into master switch USB port (StackWise master)
Step 3: Verify USB Detection
dir usbflash0:If stack-based, it may also appear as:
usbflash1:
Step 4: Copy Image to Flash
For single switch:
copy usbflash0:cat9k_iosxe.17.12.04.SPA.bin flash:For StackWise (recommended redundancy):
copy usbflash0:cat9k_iosxe.17.12.04.SPA.bin flash-1:
copy usbflash0:cat9k_iosxe.17.12.04.SPA.bin flash-2:Step 5: Verify Image Integrity
verify /sha512 flash:cat9k_iosxe.17.12.04.SPA.binCompare with Cisco official checksum.
Step 6: Remove Legacy Boot Variable
conf t
no boot system
boot system flash:packages.conf
end
write memoryStep 7: Install Firmware (Recommended IOS XE Method)
Recommended (Install Mode)
install add file flash:cat9k_iosxe.17.12.04.SPA.bin activate commitThe switch will:
- Extract packages
- Update boot variables
- Reload automatically
Legacy (Bundle Mode)
conf t
boot system flash:cat9k_iosxe.17.12.04.SPA.bin
end
write memory
reloadMethod 2: Upgrade Cisco Switch Firmware Using TFTP
TFTP is widely used in enterprise environments.
Step 1: Ensure Connectivity to TFTP Server
Test reachability:
ping <tftp-server-ip>Step 2: Copy Image from TFTP to Flash
copy tftp: flash:
Address or name of remote host []? <TFTP-IP>
Source filename []? cat9k_iosxe.17.12.04.SPA.bin
Destination filename []? cat9k_iosxe.17.12.04.SPA.binStep 3: Verify File
dir flash:Step 4: Remove Legacy Boot Variable
conf t
no boot system
boot system flash:packages.conf
end
write memoryStep 5: Install or Boot Image
Recommended (Install Mode)
install add file flash:cat9k_iosxe.17.12.04.SPA.bin activate commitLegacy (Bundle Mode)
conf t
boot system flash:cat9k_iosxe.17.12.04.SPA.bin
end
write memory
reloadInstall Mode vs Bundle Mode (Key Difference)
| Feature | Install Mode | Bundle Mode |
|---|---|---|
| Boot type | Packages.conf | .bin file |
| Upgrade method | install add/activate/commit | manual boot |
| Recommended | Yes | No (legacy) |
| Stability | High | Medium |
| Recovery ease | Easy | Moderate |
StackWise Upgrade Considerations (9200 / 9300)
For stacked switches:
- Always upgrade from active/master switch
- Image is synced across members
- Verify stack status:
show switchExpected:
- One Active
- One or more Standby/Members
Stack Upgrade Best Practice
Use install mode:
install add file flash:cat9k_iosxe.bin activate commitCisco automatically:
- Updates all stack members
- Synchronizes version
- Reloads stack as a unit
ROMMON / Switch: Recovery Mode
If boot fails or image is missing, switch may enter:
switch:Manual Boot Command
boot flash:cat9k_iosxe.17.12.04.SPA.binor:
boot flash:packages.confFix Boot Variable (ROMMON)
Set manual boot:
MANUAL_BOOT=yesThen boot image manually.
Disable Manual Boot (Normal Mode)
conf t
no boot manual
end
write memoryBoot Variable Verification
show bootCheck:
- Boot variable points to correct image
- “Manual Boot” is set to no
Common Cisco Firmware Upgrade Issues
1. USB Not Detected
show file systems
show loggingTry:
- Reformat FAT32 USB
- Use different USB port
2. Not Enough Flash Space
install remove inactive
write memoryThen retry upgrade.
3. Boot Loop After Upgrade
Sometimes a Cisco Catalyst switch fails to boot after a firmware upgrade, enters a boot loop, ignores the configured image, or requires password recovery. In these situations, you may need to interrupt the boot sequence and enter ROMMON (ROM Monitor) mode, shown as:
switch:ROMMON allows administrators to manually boot an image, reset boot variables, recover passwords, or repair failed firmware upgrades.
- Method 1 (MODE Button): Connect via console cable, power off the switch, hold the MODE button, power it back on while still holding for 10–15 seconds, then release when the
switch:prompt appears. - Method 2 (BREAK Command): Power-cycle the switch and immediately send a BREAK signal from terminal software (PuTTY: Special Command → Break, SecureCRT: Send Break, Tera Term: Control → Send Break) until the
switch:prompt appears. - Method 3 (
Ctrl+C): During the early boot sequence, repeatedly pressCtrl+Cto interrupt startup, though this method may not work consistently on Catalyst 9000 switches.
Once in ROMMON (switch: prompt), boot the image manually.
boot flash:packages.confor correct .bin file.
4. TFTP Transfer Fails
Check:
- IP reachability
- firewall blocking UDP 69
- correct filename
5. Cisco Switch Saves Config But Returns to Factory Defaults After Reboot
A less obvious issue occurs when:
- write memory succeeds
- copy running-config startup-config succeeds
- But after reboot, the switch loads factory defaults
This often happens after password recovery.
During recovery, administrators may run:
switch: SWITCH_IGNORE_STARTUP_CFG=1This tells the switch to ignore the saved startup configuration.
As a result, the switch behaves like a factory-reset device after every reboot—even though the configuration was saved successfully.
Fix for IOS XE 17.x.x (Catalyst 9000)
Run:
conf t
no system ignore startupconfig switch all
end
copy running-config startup-config
reloadThis disables the ignore-startup behavior across all switch members.
Fix for IOS XE 16.x.x or Older
Older versions use the configuration register:
conf t
switch all config-register 0x102
end
copy running-config startup-config
reloadVerify the Fix
After reboot:
show boot
show running-config
show startup-configConfirm:
- Startup configuration loads correctly
- Config persists after reboot
- Manual boot disabled
- Ignore-startup setting removed
Post-Upgrade Verification
show version
show install summary
show bootConfirm:
- Correct IOS XE version
- Stable uptime
- Install mode active (recommended)
Recommended Upgrade Best Practices
- Always backup config
- Store backup externally (TFTP/USB/cloud)
- Verify compatibility:
- StackWise version consistency
- ROMMON version
- License compatibility
- Schedule maintenance window
- Avoid interrupting install process
FAQ
1. How do I upgrade firmware on Cisco switches using USB?
Copy the IOS XE image to a FAT32 USB, insert into switch, copy to flash, then run install command or boot manually.
2. What is the best method to upgrade Cisco IOS XE?
Install mode using install add file ... activate commit is recommended.
3. Can I upgrade Cisco switch using TFTP?
Yes, TFTP is commonly used to transfer IOS images before installing or booting.
4. What happens if Cisco switch goes to switch prompt?
Use ROMMON boot command or fix boot variable.
