Update device firmware using Configlets in Site24x7's Network Configuration Manager (NCM) to ensure faster execution, consistent updates, and simplified management across your entire network.
Secure, reliable firmware updates at scale
Routers and switches are the backbone of your network, and running them on outdated firmware can quietly hold performance back. Updating the device firmware to the latest version provides immediate value by enhancing stability, unlocking new capabilities, and refining device behavior in real-world network conditions—all without additional costs. Just as importantly, updates resolve known issues and patch vulnerabilities that could put your network at risk.
Firmware patch management using Configlets
Site24x7's NCM primarily handles patch management via firmware vulnerability management and automated firmware updates via Configlets. Configlets enable you to execute firmware update commands by connecting to the device CLI.
- Identification: The NCM Firmware Vulnerabilities Dashboard displays exposed devices. You can click a specific vulnerability to see the recommended patch or firmware version.
- Preparation: You must download the required OS image (patch) from the vendor and place it in the Site24x7OnPremisePoller/NetworkPlus/tftp_files directory or on another TFTP server accessible by the devices.
- Execution: You can create a Configlet (or use the Cisco IOS Firmware Upgrade Configlet for Cisco devices) containing the specific commands to copy the image from the server to the device and reload it. This Configlet can then be executed on a single device or on a group of devices to perform a bulk patch update.
Prerequisites
Before applying a firmware update using Configlets, it’s important to validate that the device is ready for the update:
- Start by checking the memory availability. The router must have enough disk or flash space to store the new firmware image, along with sufficient dynamic RAM to run it. If the memory requirements are not met, the device may fail to boot after the update.
- Next, confirm the hardware compatibility. The new firmware version should fully support all existing interfaces and installed modules on the router.
- Finally, review the software feature compatibility to ensure the new firmware version includes every feature currently in use.
Note: Skipping these checks can lead to unexpected behavior or service disruptions after the update.
How to perform firmware updates
To perform a firmware update from our NCM tool, add a Configlet. While providing the details for the Script Execution Mode, select Advanced from the drop-down menu. Provide values for the rest of the fields and click Save Configlet.
Advanced script execution enables you to run a sequence of interrelated commands on a device within a single, controlled workflow. You can trigger firmware updates instantly when needed or schedule them to run at a later time that fits your maintenance window. Simply create a template with the necessary commands and reuse it to carry out repeatable tasks across multiple devices, saving time while ensuring consistency.
Use case: Performing a Cisco Internetwork Operating System update
After confirming that all prerequisites are in place, you can proceed with the firmware update on your Cisco device:
- Begin by downloading the required Cisco Internetwork Operating System (IOS) image to the TFTP server configured in NCM.
- Next, ensure the TFTP server can communicate with the router. The router interface and the TFTP server should be on the same IP subnet, or a valid default gateway must be configured to enable connectivity.
- Once connectivity is verified, transfer the Cisco IOS image from the TFTP server to the router.
- After the image is copied successfully, save the device configuration and reload the router.
When the reboot is complete, the router will come up running the new IOS version.
A sample command for copying an IOS image to the router
Below is a sample command required for copying an IOS image to your Cisco router:
2600>enable
Password:xxxxx
2600#copy tftp: flash:
Address or name of remote host []? 10.10.10.2
!--- 10.10.10.2 is the IP address of the TFTP server
Source filename []? c2600-adventerprisek9-mz.124-12.bin
Destination filename [c2600-adventerprisek9-mz.124-12.bin]?
Accessing tftp://10.10.10.2/c2600-adventerprisek9-mz.124-12.bin...
Erase flash: before copying? [confirm]y
!--- If there is not enough memory available, erase the Flash.
!--- If you have sufficient memory you can type n and press enter
Erasing the flash filesystem will remove all files! Continue? [confirm]y
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee eeeeeeeeee ...erased
Erase of flash: complete
Loading c2600-adventerprisek9-mz.124-12.bin from 10.10.10.2 (via Ethernet0/0): !!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
![OK - 29654656/49807356 bytes]
Verifying checksum... OK (0xAC8A)
29654656 bytes copied in 56.88 secs (80383 bytes/sec)
The terminal output above illustrates a sample of the commands executed through a Telnet or PuTTY session during the process.
Corresponding Configlet commands
Below are the equivalent Configlet commands used in NCM to perform the firmware update:
<command prompt="]?">copy tftp: flash:</command>
<command prompt="]?">$TFTP_SERVER_IP</command>
<command prompt="]?">$SOURCE_FILE_NAME</command>
<command prompt="confirm">$DESTINATION_FILE_NAME</command>
<command timeout="120" suffix="$NO_ENTER">y</command>
After defining the commands, you can apply the Configlets in bulk across multiple devices to carry out firmware updates at scale.
Extend Configlets beyond firmware updates
Configlets are not limited to updates alone. They can also be used to run corrective commands, resolve configuration issues, and roll out large-scale changes consistently. To proactively secure your network, explore the firmware vulnerability management feature to identify exposed devices and remediate risks before they impact operations.