Cisco Catalyst 9300 Switch IOS-XE Upgrade (INSTALL Mode) – Complete Guide with Rollback

Introduction

Cisco Catalyst 9300 switches run IOS-XE using a modular software architecture. In INSTALL mode, the switch boots from packages.conf, which references multiple extracted software packages. INSTALL mode is the default and recommended mode for Catalyst 9300 switches.

This article provides a complete, production-safe IOS-XE upgrade procedure including configuration backup, flash cleanup, image transfer, MD5 validation, installation, post-upgrade verification, and rollback or downgrade options.

Prerequisites

• Approved maintenance window
• Console or out-of-band access available
• Correct IOS-XE image downloaded from Cisco Software Portal
• Configuration backup completed
• Switch running in INSTALL mode
• Sufficient flash space available (minimum 3-4 GB recommended)
• Verify switch stack members are all in ready state (if applicable)

Verify Current Image and Install Mode

show version
  

Confirm the system image file points to flash:packages.conf. This confirms the switch is operating in INSTALL mode.

show install summary
  

This command displays the currently active and committed software packages. Note the version shown under "Committed" - this is what you'll rollback to if needed.

Backup Configuration

copy running-config startup-config
copy startup-config tftp:
  

Important: Also backup the startup-config to an external location (TFTP/FTP/USB) before proceeding with the upgrade.

Recommended operational verification commands:

show run
show ip interface brief
show interface status
show vlan brief
show spanning-tree
show etherchannel summary
show cdp neighbors
show ip route
  

Document current switch behavior, interface status, and routing information. This baseline will help verify functionality after the upgrade.

Identify Current and New IOS-XE Image

Example reference:

Current Image: cat9k_iosxe.16.12.10.bin
New Image:     cat9k_iosxe.17.09.04.bin
  

Always choose a Cisco-recommended or Gold Star release for production environments. Verify compatibility with your hardware and current feature set on Cisco's website.

Note: Major version upgrades (e.g., 16.x to 17.x) may require reviewing release notes for configuration changes or deprecated features.

Check Flash Space

dir flash:
  

Look for available bytes. Catalyst 9300 typically requires 3-4 GB of free space for IOS-XE image installation and extraction.

show file systems
  

This command displays all available storage and their current usage.

Remove Inactive Packages

install remove inactive
  

This command safely removes unused software packages and is the Cisco-recommended method for freeing flash space. This will delete old packages that are no longer active or committed.

Warning: This operation is irreversible. Ensure you have the old .bin image file backed up externally if you need to downgrade later.

Forcefully Delete Unwanted Files or Directories

In some cases, additional files such as crash logs or incomplete directories may remain in flash. These can be removed manually if required to free up additional space.

delete /force flash:filename
delete /force /recursive flash:directory-name
  

Example commands:

delete /force flash:core*.gz
delete /force /recursive flash:crashinfo
delete /force /recursive flash:.installer
  

Critical Warning: Do NOT delete the following:

• packages.conf - Boot configuration file
• Any .bin files currently in use
• .pkg files in the active packages directory
• nvram: contents

Transfer IOS-XE Image to the Switch

Transfer Using TFTP

Ensure the TFTP server is reachable from the switch.

Example TFTP Server IP: 192.168.1.10

copy tftp: flash:
  

When prompted, enter:

Address or name of remote host? 192.168.1.10
Source filename? cat9k_iosxe.17.09.04.bin
Destination filename? cat9k_iosxe.17.09.04.bin
  

The transfer may take 10-20 minutes depending on network speed and file size. Monitor the progress and do not interrupt the transfer.

Transfer Using SCP (Recommended for faster transfer)

copy scp://username@192.168.1.10/cat9k_iosxe.17.09.04.bin flash:
  

Transfer Using USB

USB requirements: FAT32 format, maximum 8GB (some models support up to 16GB), image placed in root directory.

dir usbflash0:
copy usbflash0:cat9k_iosxe.17.09.04.bin flash:
  

Note: USB transfer is slower than network transfer but useful when network access is limited.

Verify Image Integrity Using MD5

Download the MD5 checksum from Cisco Software Portal alongside the image. This step is critical to ensure the file was not corrupted during transfer.

Example MD5 value from Cisco Software Portal:

9f3a6c9c6b2e1f0c3a5d4e7b8a1c2d3e
  

verify /md5 flash:cat9k_iosxe.17.09.04.bin 9f3a6c9c6b2e1f0c3a5d4e7b8a1c2d3e
  

If the MD5 hash matches, you'll see: "Verified"
If it doesn't match, delete the file and re-transfer it.

Alternative: If you don't have the MD5 hash, you can compute it:

verify /md5 flash:cat9k_iosxe.17.09.04.bin
  

Then compare this value with the one published on Cisco's website.

Install the New IOS-XE Image

The install command in IOS-XE performs three operations: ADD, ACTIVATE, and COMMIT. You can do them separately or combined in a single command.

Method 1: Single Command (Recommended for Simplicity)

install add file flash:cat9k_iosxe.17.09.04.bin activate commit
  

This single command performs all three steps:

• ADD: Extracts and verifies the packages
• ACTIVATE: Sets the new version as active
• COMMIT: Makes the change permanent

The switch will automatically reload after committing. The reload typically takes 5-10 minutes.

Method 2: Step-by-Step (Recommended for Testing)

This method allows you to test before committing.

install add file flash:cat9k_iosxe.17.09.04.bin activate
  

After the switch reloads and you verify everything is working correctly:

install commit
  

Important: If you do NOT run "install commit", the switch will rollback to the previous version on the next reload. This provides a safety mechanism for testing.

For Switch Stacks

When upgrading a switch stack, use the following command to upgrade all members:

install add file flash:cat9k_iosxe.17.09.04.bin activate commit switch all
  

This ensures all stack members are upgraded together. The entire stack will reload.

Post-Upgrade Verification

After the switch reloads, perform comprehensive verification to ensure the upgrade was successful and all services are functioning correctly.

Basic Verification

show version
  

Verify the new IOS-XE version is displayed.

show install summary
  

Verify the output shows:

• Active: Your new version
• Committed: Your new version (if you ran install commit)

Hardware and Stack Verification

show switch
show module
show environment all
  

Verify all stack members are present and in "Ready" state. Check for any environmental alarms.

Interface and Service Verification

show interface status
show ip interface brief
show interface description
show etherchannel summary
show spanning-tree
show vlan brief
  

Compare with your pre-upgrade baseline. All interfaces should be in the same state as before the upgrade.

Routing and Protocol Verification

show ip route
show ip ospf neighbor
show ip bgp summary
show cdp neighbors
show lldp neighbors
  

System Health Check

show processes cpu sorted
show memory statistics
show logging
  

Review logs for any critical errors. CPU and memory usage should be normal.

Check Install Log

show install log
  

Review the installation log for any errors or warnings during the upgrade process.

Verify Boot Configuration (Post-Upgrade)

After successful upgrade and verification, confirm the boot configuration is correct:

show boot
  

The output should show BOOT variable = flash:packages.conf

If it's not set correctly, configure it:

conf t
boot system flash:packages.conf
end
write memory
  

Note: In INSTALL mode, this should already be configured, but it's good practice to verify after major upgrades.

Rollback or Downgrade Procedure

If issues arise after the upgrade, you have multiple options to revert to the previous version. The method you use depends on whether you committed the change and how much time has passed since the upgrade.

Option 1: Rollback to Previously Committed Version (Recommended)

If you ran "install commit" and want to rollback to the last committed version:

show install rollback
  

This command shows available rollback points. Then execute:

install rollback to committed
  

The switch will revert to the last committed IOS-XE version and reload automatically. This is the cleanest and safest rollback method.

Option 2: Rollback to Base (Factory Install)

install rollback to base
  

This reverts to the base software package that was installed at the factory or the first install. Use this only if absolutely necessary.

Option 3: Automatic Rollback (If Not Committed)

If you activated the new version but did NOT run "install commit", simply reload the switch:

reload
  

The switch will automatically rollback to the previously committed version. This is why testing before committing is recommended.

Option 4: Manual Downgrade Using Older Image

If rollback commands don't work or the old version was removed, you'll need to manually install the previous version:

install add file flash:cat9k_iosxe.16.12.10.bin activate commit
  

Note: This requires the old .bin file to still be present in flash. If you deleted it, you'll need to transfer it again from your backup location.

Emergency Recovery: BUNDLE Mode Boot

If the switch fails to boot after upgrade, you can boot directly from the .bin file as a temporary measure:

1. During boot, press CTRL+C or the BREAK key to enter ROMMON mode
2. Set the boot variable:

   boot flash:cat9k_iosxe.16.12.10.bin
         

3. After the switch boots, reinstall properly in INSTALL mode

Warning: BUNDLE mode is not recommended for production use. It's only for emergency recovery.

Post-Rollback Verification

After performing a rollback, verify the system is stable:

show version
show install summary
show switch
show interface status
show logging
  

Document the reason for rollback and review any errors encountered before attempting the upgrade again.

Cleanup After Successful Upgrade

Once you've confirmed the upgrade is stable and committed (typically after 24-48 hours of monitoring), clean up old files:

install remove inactive
  

Optionally, if you're confident in the new version and don't need the old .bin file for rollback, you can delete it:

delete /force flash:cat9k_iosxe.16.12.10.bin
  

Recommendation: Keep the old .bin file backed up externally for at least 30 days in case emergency downgrade is needed.

Common Mistakes to Avoid

• Skipping configuration backup: Always backup to an external location
• Deleting packages.conf: Never delete this file - it's critical for boot
• Booting directly from .bin in BUNDLE mode: Not recommended for production
• Skipping MD5 verification: Corrupted images can cause boot failures
• Not planning rollback before upgrade: Always have a rollback plan
• Running "install remove inactive" before testing: This deletes your rollback option
• Not verifying stack member status: All members must be ready before upgrade
• Insufficient flash space: Can cause installation failures mid-process
• Not documenting baseline state: Makes post-upgrade verification difficult
• Upgrading without a maintenance window: Upgrades require reload = downtime

Best Practices Summary

• Always perform upgrades during approved maintenance windows
• Have console access available during the entire process
• Use step-by-step installation for critical production switches (activate without commit, test, then commit)
• Keep old .bin file in flash until you're confident in the new version
• Document every step and capture show command outputs
• Test rollback procedure in a lab environment first if possible
• Monitor the switch for at least 24 hours after upgrade before removing old packages
• Review Cisco release notes for known issues before upgrading
• Ensure all stack members are running the same version
• Keep external backups of both configurations and images

Troubleshooting Common Issues

Switch Stuck at "Loading packages"

If the switch hangs during boot, wait at least 15-20 minutes. Package extraction can take time on first boot.

Insufficient Flash Space Error

Delete unnecessary files or run "install remove inactive" before starting. If still insufficient, you may need to delete the old .bin file temporarily.

Stack Member Version Mismatch

install add file flash:cat9k_iosxe.17.09.04.bin activate commit switch all
  

This ensures all stack members upgrade together.

Switch Boots to Old Version After Upgrade

You likely forgot to run "install commit". The switch auto-rollbacked on reload. Re-run the install command and don't forget to commit.

Can't Find Packages After Upgrade

Check if packages.conf is present and correctly referenced in boot config. Verify with "show boot" command.

Conclusion

Upgrading a Cisco Catalyst 9300 switch in INSTALL mode is a controlled and reliable process when Cisco best practices are followed. Proper preparation, flash cleanup, verified image transfer, careful installation, thorough post-upgrade verification, and having a tested rollback plan ensure minimal downtime and fast recovery if issues occur.

The key to success is preparation and documentation. Always have a rollback plan, maintain external backups, and never rush through the verification steps. The install mode architecture in IOS-XE provides excellent rollback capabilities - use them to your advantage by testing before committing changes.

Remember: install rollback to committed is your friend when things don't go as planned. Test in a lab environment first, and always schedule adequate maintenance windows for production upgrades.