Login
| Title | Size | Downloads |
|---|---|---|
| S5130SEIG-CMW710-R8307P10_HS03-MD5.rar | 0.24 KB | |
| S5130SEIG-CMW710-R8307P10_HS03.zip | 93.08 MB | |
| H3C S5130SEIG-CMW710-R8307P10_HS03 Release Notes.pdf | 1.04 MB |
H3C S5130SEIG-CMW710-R8307P10&HS03 Release Notes |
|
|
Copyright © 2024 New H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd. The information in this document is subject to change without notice. |
|
Contents
Hardware and software compatibility matrix· 1
Upgrade restrictions and guidelines· 3
Software feature and command updates· 4
Operation changes in R307P10&HS03~R8307P10· 4
Operation changes in R8307P08· 4
Registering and installing licenses· 5
Open problems and workarounds· 6
Resolved problems in R307P10&HS03· 6
Resolved problems in R8307P10· 7
Resolved problems in R8307P09· 9
Resolved problems in R8307P08· 9
Appendix B Fixed security vulnerabilities· 14
Fixed security vulnerabilities in R8307P10· 14
Appendix C Upgrading software· 17
System software file types· 17
Setting up the upgrade environment 18
Downloading software images to the master switch· 20
Upgrading from the Boot menu· 23
Accessing the basic Boot menu· 25
Accessing the extended Boot menu· 26
Upgrading Comware images from the Boot menu· 28
Upgrading Boot ROM from the Boot menu· 36
Managing files from the Boot menu· 42
List of tables
Table 2 Hardware and software compatibility matrix· 1
Table 3 ISSU version compatibility matrix· 3
Table 5 Main Software features of the S5590-EI series· 11
Table 6 Minimum free storage space requirements· 24
Table 8 Basic Boot ROM menu options· 26
Table 9 BASIC ASSISTANT menu options· 26
Table 10 Extended Boot ROM menu options· 27
Table 11 EXTENDED ASSISTANT menu options· 28
Table 12 TFTP parameter description· 28
Table 13 FTP parameter description· 30
Table 14 TFTP parameter description· 37
Table 15 FTP parameter description· 38
Introduction
This document describes the features, restrictions and guidelines, open problems, and workarounds for version S5130SEIG-CMW710-R8307P10&HS03. Before you use this version on a live network, back up the configuration and test the version to avoid software upgrade affecting your live network.
Use this document in conjunction with the documents listed in "Related documentation."
Version information
Version number
H3C Comware Software, Version 7.1.070, Release 8307P10&HS03.
| NOTE: To identify the version number (see Note①), execute the display version command in any view. |
Version history
| IMPORTANT: The software feature changes listed in the version history table for each version are not complete. To obtain complete information about all software feature changes in each version, see the Software Feature Changes document for this release notes. |
Version number | Last version | Branch version | Release date | Release type | Remarks |
R8307P10&HS03 | R8307P10 | B70D064SP | 2024-07-08 | Release version | None |
R8307P10 | R8307P08 | B70D064SP | 2024-02-06 | Release version | None |
R8307P08 | First release | B70D064SP | 2023-12-06 | Release version | None |
Hardware and software compatibility matrix
| CAUTION: To avoid an upgrade failure, use Table 2 to verify the hardware and software compatibility before performing an upgrade. |
Table 2 Hardware and software compatibility matrix
Item | Specifications |
Product family | S5130S-36S-PWR-EI-G S5130S-54S-EI-G S5130S-36S-EI-G S5130S-36F-EI-G S5130S-54S-PWR-EI-G S5130S-52MS-EI-G S5130S-32MS-PWR-EI-G S5130S-32MS-EI-G S5130S-52MS-PWR-EI-G |
Memory | 2G |
Flash | 4G |
Boot ROM version | Version 103 or higher (Note: Execute the display version command in any view to view the version information. Please see Note②) |
Host software | S5130SEIG-CMW710-R307P10&HS03.ipe (See the MD5 file.) |
iMC version | iMC BIMS 7.3(E0506H01) iMC EAD7.3(E0611P10) iMC EIA 7.3(E0611P13) iMC NTA 7.3(E0707L06) iMC PLAT 7.3(E0705P12) iMC QoSM 7.3(E0505P01) iMC SHM 7.3(E0707L06) iNode PC 7.3(E0585) |
Remark | None |
Sample: To display the host software and Boot ROM version of the S5130SEIG上, perform the following:
<H3C> display version
H3C Comware Software, Version 7.1.070, Release 8108P24 ------- Note①
Copyright (c) 2004-2022 New H3C Technologies Co., Ltd. All rights reserved.
H3C S5130S-54S-PWR-EI-G uptime is 0 weeks, 0 days, 0 hours, 2 minutes
Last reboot reason : Cold reboot
Boot image: flash:/s5130seig-cmw710-boot-r8108p24.bin
Boot image version: 7.1.070, Release 8108P22
Compiled Jul 04 2022 11:00:00
System image: flash:/s5130seig-cmw710-system-r8108p24.bin
System image version: 7.1.070, Release 8108P24
Compiled Jul 04 2022 11:00:00
Slot 1:
Uptime is 0 weeks,0 days,0 hours,2 minutes
BOARD TYPE: S5130S-54S-PWR-EI-G
DRAM: 1024M bytes
FLASH: 3432M bytes
PCB Version: VER.B
Bootrom Version: 102 ------ Note②
CPLD 1 Version: 001
Power CPLD Version: None
Release Version: S5130SEIG-8108P24
Patch Version: None
Reboot Cause: ColdReboot
[SubSlot 0] 48GE+PoE+6SFP Plus
ISSU upgrade type matrix
ISSU provides compatible upgrade and incompatible upgrade, depending on the compatibility between software versions. Table 3 provides the approved ISSU upgrade types only between the current version and the history versions within the past 18 months. This matrix does not include history versions that are 18 months earlier than the current version, for which, no ISSU upgrade verification was performed.
For more information about ISSU, see the fundamentals configuration guide for the device.
Table 3 ISSU version compatibility matrix
Current version | History version | Compatibility |
S5130SEIG-CMW710-R307P10&HS03 | S5130SEIG-CMW710-R8307P10 | Incompatibility |
Upgrade advice
As a best practice, upgrade to this version as long as possible.
Upgrade restrictions and guidelines
Before performing a software upgrade, it is important to refer to the Software Feature Changes document for any feature changes in the new version. Also check the most recent version of the related documents (see "Related documentation") available on the H3C website for more information about feature configuration and commands.
Hardware feature updates
R8307P10&HS03~R8307P10
None
R8307P08
First release
Software feature and command updates
For more information about the software feature and command update history, see H3C S5130SEIG-CMW710-R307P10&HS03 Release Notes (Software Feature Changes).
MIB updates
Item | MIB file | Module | Description |
S5130SEIG-CMW710-R307P10&HS03~S5130SEIG-CMW710-R8307P10 | |||
New | None | None | None |
Modified | None | None |
|
S5130SEIG-CMW710-R8307P08 | |||
New | First release | First release | First release |
Modified | First release | First release | First release |
Operation changes
Operation changes in R307P10&HS03~R8307P10
None
Operation changes in R8307P08
First release.
Restrictions and cautions
Before performing a software upgrade, it is important to refer to the Software Feature Changes document for any feature changes in the new version. Also check the most recent version of the related documents (see "Related documentation") available on the H3C website for more information about feature configuration and commands.
When you use this version of software, make sure you fully understand the restrictions and cautions described in this section.
Restrictions
Hardware
None
Software
None
Network
None
Cautions
Hardware
None
Software
The MAC addresses in incoming untagged packets are learned in both the VLAN and the VXLAN after you configure a mapping between the outer VLAN ID of the AC and the PVID and then modify the PVID.
Network
None
Licensing
About licensing
H3C offers licensing options for you to deploy features and expand resource capacity on an as needed basis. To use license-based features, purchase licenses from H3C and install the licenses. For more information about the license-based features and licenses available for them, see H3C Switches License Matrixes.
Registering and installing licenses
To register and transfer licenses, access H3C license services at http://www.h3c.com/en/License.
For information about registering licenses, installing activation files, and transferring licenses, see H3C Switches and Routers Licensing Guide.
Some switches support the license for the unified wired and wireless access controller feature. You can purchase licenses to add the number of APs to be managed. For more information, see H3C Comware 7 or 9 Wireless Products Licensing Guide.
Open problems and workarounds
202402050774
· Symptom: The ARP packets for an ARP attack detection entry are not filtered on a Layer 3 Ethernet interface.
· Condition: This symptom occurs if you change the handling method for ARP attack detection from filter to monitor before the ARP attack detection entry ages out.
· Workaround: None.
202402011906
· Symptom: BFD session is not UP.
· Condition: Configure a BFD session with authentication, delete the BFD authentication, immediately remove the BFD configuration, and then configure other BFD sessions.
· Workaround:
¡ After deleting the BFD session configuration, then delete the BFD authentication.
¡ After deleting the BFD authentication, check if the hardware is already enabled by using the display bfd session verbose command, then proceed to delete the configuration of the BFD session.
List of resolved problems
Resolved problems in R307P10&HS03
202404281472
· Symptom: If a transceiver module is installed in the device, the peer will become up during the device reboot process. After the shutdown command is executed and then transceiver module is removed and installed again in the device, the peer also becomes up.
· Condition: This symptom might occur when the following conditions are met:
¡ A transceiver module is installed in the device and then the device is restarted.
¡ The shutdown command is executed and then transceiver module is removed and installed again in the device.
202405050003
· Symptom: If a port is brought up or shut down and then enabled, traffic transmission and receiving exceptions might occur at a very small probability.
· Condition: This symptom might occur if you re-enable a port after it comes up or goes down.
202404300614
· Symptom: The Telnet operation failed.
· Condition: This symptom occurs if an IP subnet-based VLAN is configured on a port of the device.
202404300610
· Symptom: An aggregation member port cannot learn ARP entries.
· Condition: This symptom occurs if the port is a member of an aggregation group configured with an IP subnet-based VLAN.
202404270178
· Symptom: The peer device becomes up during the restart process of the local device if a copper port on the device is connected to a peer device and the local device is restarted.
· Condition: This symptom might occur if a copper port on the device is connected to a peer
202404300596
· Symptom: The switch reboots when receiving multicast packets with destination address 239.255.255.250.
· Condition: This symptom might occur if Layer 3 multicast is enabled and the output interface of the multicast entry is flapped.
Resolved problems in R8307P10
202312052029
· Symptom: The gRPC server failed to collect information from the vlan/vlanusernto1mapping sensor path.
· Condition: This symptom occurs when you configure gRPC subscription and the vlan/vlanusernto1mapping sensor path.
202401220378
· Symptom: The device interface panel view cannot be displayed on the Web interface.
· Condition: This symptom occurs if you log in to the Web interface of the device and then view the device interface panel.
202401242141
· Symptom: If you change the detection time from 500 ms to 100 ms, and then switch to hardware BFD, BFD session switchover fails and the software BFD session state still remains.
· Condition: This symptom occurs if you modify BFD parameter settings.
202401190577
· Symptom: After the status of a BFD MAD session is changed, the BFD MAD session starts operating in hardware mode and the BFD MAD function stops taking effect.
· Condition: This symptom might occur if the following conditions exist:
¡ BFD MAD is configured for an IRF fabric.
¡ The initial state of the related BFD session is changed from active to passive and then back to active.
202401151711
· Symptom: PIM register messages are continuously broadcast over the peer link.
· Condition: This symptom occurs if an M-LAG system in an M-LAG network receives multicast packets.
202401050710
· Symptom: After a DHCP lease expires, DNS server address information is repeatedly refreshed.
· Condition: This symptom might occur if the following conditions exist:
¡ No DNS server address is configured on an output interface.
¡ The output interface is enabled to obtain an address through DHCP, and a dynamic DNS server address is obtained.
202310231740
· Symptom: MAC address residues exist on the device.
· Condition: This symptom occurs under the following conditions:
a. Approximately 8000 MAC and 802.1X authentication users log in with authorization VSIs.
b. The users frequently log in and log out.
c. Log out all the users after a period of time.
202401231627
· Symptom: The output power provided by the PSR1300-54D-B DC power supply is insufficient.
· Condition: This symptom might occur if the PSR1300-54D-B DC power supply is used.
202401050702
· Symptom: The memory resources occupied by a BGP process continues to grow.
· Condition: This symptom might occur if the following conditions exist:
a. Frequent route updates occur on the local device.
b. The related BGP peers receive UPDATE messages so slowly that many UPDATE messages queue up on the local device and wait to be advertised.
202312250180
· Symptom: Memory is leaked.
· Condition: This symptom occurs if you execute the undo netanalysis rocev2 mode and netanalysis rocev2 vxlan-ip statistics acl commands repeatedly.
202401060591
· Symptom: RoCEv2 traffic statistics collection and global RoCEv2 packet loss analysis for a VXLAN tunnel do not take effect.
· Condition: This symptom occurs if the specified ACL for RoCEv2 traffic statistics collection contains too many rules.
202401050017
· Symptom: When you run automated scripts, PBR ECMP often fails to execute rules correctly.
· Condition: This symptom occurs when automated scripts are triggered.
202401241282
· Symptom: The controller failed to synchronously deploy the configuration.
· Condition: This symptom occurs if a leaf device comes online and is incorporated in the AD-Campus environment and has the ipv6 forwarding-conversational-learning command executed.
202401050316
· Symptom: The commit process on the master device has a memory leak of 560 bytes.
· Condition: This symptom might occur if a master/subordinate switchover is performed in an IRF fabric where bulk interfaces are configured (such as line or VLAN).
202312190850
· Symptom: An access leaf that does not have a DHCP client discards the DHCP OFFER packets, resulting in address allocation failure.
· Condition: This symptom might occur in a distributed gateway network if an access leaf that does not have a DHCP client receives a response from the DHCP server.
202312212158
· Symptom: Residual BFD session information exists.
· Condition: This symptom occurs if you perform the following operations:
a. Configure BFD for BGP in the BGP instance.
b. Configure static BFD globally.
c. Delete the static BFD configuration.
d. Delete the BFD for BGP configuration.
202311141523
· Symptom: In a VXLAN network, all VTEPs have a large number of unnecessary NS/NA packets on the tunnel side. As a result, the CPU usage is high.
· Condition: This symptom occurs if the centralized gateway device is disabling from learning the ND entries on the tunnel side and configured with local ND proxy.
202310240312
· Symptom: On an EVPN DRNI system with a tunnel peer link, the peer-link tunnel goes up slowly or even cannot go up.
· Condition: This symptom might occur if default VXLAN decapsulation is enabled for the IP address of loopback 0 and the IP address is the source IP addresses of non-peer-link VXLAN tunnels.
Resolved problems in R8307P09
None
Resolved problems in R8307P08
First release.
Troubleshooting resources
To obtain troubleshooting resources for the product:
1. Access Technical Documents at http://www.h3c.com/en/Technical_Documents.
2. Select the device category and model.
3. Select the Maintain or Maintenance menu.
Related documentation
· H3C Switch Series Installation Guide
· H3C S5130S-HI-G[S5130S-EI-G Switch Series Configuration Guides
· H3C S5130S-HI-G[S5130S-EI-G Switch Series Command References[l(1]
Technical support
To obtain technical assistance, contact H3C by using one of the following methods:
· Email:
h3cts@h3c.com (countries and regions except Hong Kong, China)
service_hk@h3c.com (Hong Kong, China)
· Technical support hotline number. To obtain your local technical support hotline number, go to the H3C Service Hotlines website: https://www.h3c.com/en/Support/Online_Help/Service_Hotlines/
To access documentation, go to the H3C website at http://www.h3c.com/en/.
· Please refer to H3C S130EIG Switch Series Installation Guide
Table 5 Main Software features of the S5590-EI series
Feature | S5130S-36S-PWR-EI-G S5130S-54S-EI-G S5130S-36S-EI-G S5130S-36F-EI-G S5130S-54S-PWR-EI-G S5130S-52MS-EI-G S5130S-32MS-PWR-EI-G S5130S-32MS-EI-G S5130S-52MS-PWR-EI-G |
Ethernet | 802.1Q DLDP LLDP Static MAC address Blackhole MAC address MAC learning limit Port mirroring Flow mirroring Port-isolation 802.1d(STP)/802.1w(RSTP)/802.1s(MSTP) Static aggregation Dynamic aggregation |
IP routing | Static routing RIPv1/v2 and RIPng OSPFv1/v2/v3 BGP and BGP4+ for IPv6 Equal-cost multi-path routing (ECMP) and policy routing VRRP/VRRPv3 |
Multicast | IGMP v1/v2/v3 and MLD v1/v2 IGMP Snooping v1/v2/v3 and MLD Snooping v1/v2 PIM-DM, PIM-SM and PIM-SSM PIM6-DM, PIM6-SM and PIM6-SSM |
ACL/QoS | Layer 2 to Layer 4 packet filtering Bi-directional ACLs (inbound and outbound) Traffic classification based on source MAC, destination MAC, source IP, destination IP, TCP/UDP port, and VLAN VLAN-based ACL issuing 802.1p priority and DSCP priority Time range-based ACL Rate limit for receiving and transmitting packets (a minimum CIR of 8 Kbps) Packet redirection Committed Access Rate (CAR) Flexible queue scheduling algorithms based on both port and queue, including SP, WRR, and SP+WRR |
SDN/Openflow | OpenFlow 1.3 Multiple controllers (equal/master/slave controller role) Concurrent processing of multiple flow tables Group table Meter |
MPLS | Support MCE |
IRF2 | IRF2 Distributed device management, distributed link aggregation, and distributed resilient routing Stacking through standard Ethernet interfaces Local device stacking and remote device stacking |
Security | Hierarchical user management and password protection MAC-based authentication 802.1X Storm constrain Guest VLAN AAA authentication RADIUS authentication HWTACACS SSH 2.0 Port isolation Port security EAD Dynamic ARP detection BPDU guard and root guard uRPF IP/Port/MAC binding Plaintext authentication and MD5 authentication for OSPF and RIPv2 packets Public Key Infrastructure (PKI) IP Source Guard |
Management and maintenance | Configuration through CLI, Telnet, and console port SNMP v1/v2/v3 Remote Monitoring (RMON) alarm, event, and history recording IMC network management system System log, alarming based on severity, debugging information output NTP, SNTP Power, fan, and temperature alarming Ping and Tracert Virtual Cable Test (VCT) Device Link Detection Protocol (DLDP) LLDP, LLDP-MED Loopback detection |
Reliability | STP, RSTP, MSTP BPDU protection, root protection, loop protection, support PVST LACP DLDP RRPP ERPS (Ethernet Ring Protection Protocol) SmartLink VRRP |
Appendix B Fixed security vulnerabilities
Fixed security vulnerabilities in R8307P10
CVE-2021-3753
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
CVE-2021-3739
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability.
CVE-2021-45868
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.
CVE-2022-1011
A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too.
CVE-2022-0854
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
CVE-2022-0492
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
CVE-2021-4002
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
CVE-2022-25375
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
CVE-2020-7469
In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free.
CVE-2020-25577
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow.
CVE-2020-8284
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port and this way potentially make curl extract information about services that are otherwise private and not disclosed for example doing port scanning and service banner extractions.
CVE-2020-8285
Curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
CVE-2021-22924
"libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate."
CVE-2021-22925
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
CVE-2022-39028
Telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
CNVD-2019-23102/CVE-2019-10638/HSVD-202103-0 (5560x写过)
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.
CVE-2021-29629
In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively.
CVE-2021-29628
In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be disabled for the duration of the system call. This weakness could be combined with other kernel bugs to craft an exploit.
CVE-2021-29626
In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel. 5.5 MEDIUM
CVE-2021-29627
In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free.
CVE-2020-25584
In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail.
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer.
CVE-2020-7464
In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs.
CVE-2020-25578
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems. 5.3 MEDIUM
CVE-2020-25579
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes.
The following information describes how to upgrade software while the router is operating normally or when the router cannot correctly start up.
System software images are in .bin format (for example, main.bin) and run at startup. You can set a system software image as a main, backup, or secure image.
At startup, the router always attempts to boot first with the main system software image. If the attempt fails, for example, because the image file is corrupted, the router tries to boot with the backup system software image. If the attempt still fails, the router tries to boot with the secure system software image. If all attempts fail, the router displays a failure message.
You can upgrade system software by using one of the following methods:
Upgrade method | Remarks |
Upgrading from the CLI | · You must reboot the router to complete the upgrade. · This method can interrupt ongoing network services. |
Upgrading from the Boot menu | Use this method when the router cannot correctly start up. |
Example:
| IMPORTANT: Before you perform an IRF master/subordinate switchover or active/standby MPU switchover, verify that the device is in stable state. |
1. Verify that the system state, redundancy state, and state of each slot are stable.
<Sysname> display system stable state
System state :Stable
Redundancy state :Stable
Slot CPU Role State
1 0 Active Stable
2. If the device is unstable, use the following commands to troubleshoot the issue:
¡ Use the display device command to verify that the device is operating correctly.
¡ Use the display ha service-group command to verify that bulk backup has been finished for all modules.
¡ Use the display system internal process state command in probe view to verify that services are running correctly.
3. If a slot persists in unstable state or there are other unrecoverable issues, contact the technical support.
Setting up the upgrade environment
Before you upgrade system software, complete the following tasks:
· Set up the upgrade environment as shown in Figure 1.
· Configure routes to make sure that the router and the file server can reach each other.
· Run a TFTP or FTP server on the file server.
· Log in to the CLI of the router through the console port.
· Copy the upgrade file to the file server and correctly set the working directory on the TFTP or FTP server.
· Make sure that the upgrade has minimal impact on the network services. During the upgrade, the router cannot provide any services.
Figure 1 Setting up the upgrade environment
This section uses a two-member IRF fabric as an example to describe how to upgrade software from the CLI. If you have more than two subordinate switches, repeat the steps for the subordinate switch to upgrade their software. If you are upgrading a standalone switch, ignore the steps for upgrading the subordinate switch. For more information about setting up and configuring an IRF fabric, see the installation guide and Virtual Technologies configuration guide for the H3C S5560X-EI switch series.
Before you upgrade software, complete the following tasks:
4. Log in to the IRF fabric through Telnet or the console port. (Details not shown.)
5. Identify the number of IRF members, each member switch's role, and IRF member ID.
<Sysname> display irf
MemberID Role Priority CPU-Mac Description
*+1 Master 2 0023-8927-afdc ---
2 Standby 1 0023-8927-af43 ---
--------------------------------------------------
* indicates the device is the master.
+ indicates the device through which the user logs in.
The Bridge MAC of the IRF is: 0023-8927-afdb
Auto upgrade : no
Mac persistent : 6 min
Domain ID : 0
6. Verify that each IRF member switch has sufficient storage space for the upgrade images.
| IMPORTANT: Each IRF member switch must have free storage space that is at least two times the size of the upgrade image file. |
# Identify the free flash space of the master switch.
<Sysname> dir
Directory of flash:
0 -rw- 41424 Aug 23 2013 02:23:44 startup.mdb
1 -rw- 3792 Aug 23 2013 02:23:44 startup.cfg
2 -rw- 53555200 Aug 23 2013 09:53:48 system.bin
3 drw- - Aug 23 2013 00:00:07 seclog
4 drw- - Aug 23 2013 00:00:07 diagfile
5 drw- - Aug 23 2013 00:00:07 logfile
6 -rw- 9959424 Aug 23 2013 09:53:48 boot.bin
7 -rw- 9012224 Aug 23 2013 09:53:48 backup.bin
524288 KB total (453416 KB free)
# Identify the free flash space of each subordinate switch, for example, switch 2.
<Sysname> dir slot2#flash:/
Directory of slot2#flash:/
0 -rw- 41424 Jan 01 2011 02:23:44 startup.mdb
1 -rw- 3792 Jan 01 2011 02:23:44 startup.cfg
2 -rw- 93871104 Aug 23 2013 16:00:08 system.bin
3 drw- - Jan 01 2011 00:00:07 seclog
4 drw- - Jan 01 2011 00:00:07 diagfile
5 drw- - Jan 02 2011 00:00:07 logfile
6 -rw- 13611008 Aug 23 2013 15:59:00 boot.bin
7 -rw- 9012224 Nov 25 2011 09:53:48 backup.bin
524288 KB total (453416 KB free)
7. Compare the free flash space of each member switch with the size of the software file to load. If the space is sufficient, start the upgrade process. If not, go to the next step.
8. Delete unused files in the flash memory to free space:
| CAUTION: · To avoid data loss, do not delete the current configuration file. For information about the current configuration file, use the display startup command. · The delete /unreserved file-url command deletes a file permanently and the action cannot be undone. · The delete file-url command moves a file to the recycle bin and the file still occupies storage space. To free the storage space, first execute the undelete command to restore the file, and then execute the delete /unreserved file-url command. |
# Delete unused files from the flash memory of the master switch.
<Sysname> delete /unreserved flash:/backup.bin
The file cannot be restored. Delete flash:/backup.bin?[Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file flash:/backup.bin...Done.
# Delete unused files from the flash memory of the subordinate switch.
<Sysname> delete /unreserved slot2#flash:/backup.bin
The file cannot be restored. Delete slot2#flash:/backup.bin?[Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file slot2#flash:/backup.bin...Done.
Downloading software images to the master switch
Before you start upgrading software images packages, make sure you have downloaded the upgrading software files to the root directory in flash memory. This section describes downloading an .ipe software file as an example.
The following are ways to download, upload, or copy files to the master switch:
· FTP download from a server
· FTP upload from a client
· TFTP download from a server
Prerequisites
If FTP or TFTP is used, the IRF fabric and the PC working as the FTP/TFTP server or FTP client can reach each other.
Prepare the FTP server or TFTP server program yourself for the PC. The switch series does not come with these software programs.
You can use the switch as an FTP client to download files from an FTP server.
To download a file from an FTP server, for example, the server at 10.10.110.1:
9. Run an FTP server program on the server, configure an FTP username and password, specify the working directory and copy the file, for example, newest.ipe, to the directory.
10. Execute the ftp command in user view on the IRF fabric to access the FTP server.
<Sysname> ftp 10.10.110.1
Trying 10.10.110.1...
Press CTRL+C to abort
Connected to 10.10.110.1(10.10.110.1).
220 FTP service ready.
User (10.10.110.1:(none)):username
331 Password required for username.
Password:
230 User logged in.
11. Enable the binary transfer mode.
ftp> binary
200 Type set to I.
12. Execute the get command in FTP client view to download the file from the FTP server.
ftp> get newest.ipe
227 Entering Passive Mode (10,10,110,1,17,97).
125 BINARY mode data connection already open, transfer starting for /newest.ipe
226 Transfer complete.
32133120 bytes received in 35 seconds (896. 0 kbyte/s)
ftp> bye
221 Server closing.
You can use the IRF fabric as an FTP server and upload files from a client to the IRF fabric.
To FTP upload a file from a client:
On the IRF fabric:
13. Enable FTP server.
<Sysname> system-view
[Sysname] ftp server enable
14. Configure a local FTP user account:
# Create the user account.
[Sysname] local-user abc
# Set its password and specify the FTP service.
[Sysname-luser-manage-abc] password simple pwd
[Sysname-luser-manage-abc] service-type ftp
# Assign the network-admin user role to the user account for uploading file to the working directory of the server.
[Sysname-luser-manage-abc] authorization-attribute user-role network-admin
[Sysname-luser-manage-abc] quit
[Sysname] quit
On the PC:
15. Log in to the IRF fabric (the FTP server) in FTP mode.
c:\> ftp 1.1.1.1
Connected to 1.1.1.1.
220 FTP service ready.
User(1.1.1.1:(none)):abc
331 Password required for abc.
Password:
230 User logged in.
16. Enable the binary file transfer mode.
ftp> binary
200 TYPE is now 8-bit binary.
17. Upload the file (for example, newest.ipe) to the root directory of the flash memory on the master switch.
ftp> put newest.ipe
200 PORT command successful
150 Connecting to port 10002
226 File successfully transferred
ftp: 32133120 bytes sent in 64.58 secs (497.60 Kbytes/sec).
To download a file from a TFTP server, for example, the server at 10.10.110.1:
18. Run a TFTP server program on the server, specify the working directory, and copy the file, for example, newest.ipe, to the directory.
19. On the IRF fabric, execute the tftp command in user view to download the file to the root directory of the flash memory on the master switch.
<Sysname> tftp 10.10.110.1 get newest.ipe
Press CTRL+C to abort.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 30.6M 0 30.6M 0 0 143k 0 --:--:-- 0:03:38 --:--:-- 142k
To upgrade the software images:
20. Specify the upgrade image file (newest.ipe in this example) used at the next startup for the master switch, and assign the M attribute to the boot and system images in the file.
<Sysname> boot-loader file flash:/newest.ipe slot 1 main
Verifying image file..........Done.
Images in IPE:
boot.bin
system.bin
This command will set the main startup software images. Continue? [Y/N]:y
Add images to target slot.
Decompressing file boot.bin to flash:/boot.bin....................Done.
Decompressing file system.bin to flash:/system.bin................Done.
The images that have passed all examinations will be used as the main startup so
ftware images at the next reboot on slot 1.
21. Specify the upgrade image file as the main startup image file for each subordinate switch. This example uses IRF member 2. (The subordinate switches will automatically copy the file to the root directory of their flash memories.)
<Sysname> boot-loader file flash:/newest.ipe slot 2 main
Verifying image file..........Done.
Images in IPE:
boot.bin
system.bin
This command will set the main startup software images. Continue? [Y/N]:y
Add images to target slot.
Decompressing file boot.bin to flash:/boot.bin....................Done.
Decompressing file system.bin to flash:/system.bin................Done.
The images that have passed all examinations will be used as the main startup so
ftware images at the next reboot on slot 2.
22. Enable the software auto-update function.
<Sysname> system-view
[Sysname] irf auto-update enable
[Sysname] quit
This function checks the software versions of member switches for inconsistency with the master switch. If a subordinate switch is using a different software version than the master, the function propagates the current software images of the master to the subordinate as main startup images. The function prevents software version inconsistency from causing the IRF setup failure.
23. Save the current configuration in any view to prevent data loss.
<Sysname> save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait.................
Saved the current configuration to mainboard device successfully.
Slot 2:
Save next configuration file successfully.
24. Reboot the IRF fabric to complete the upgrade.
<Sysname> reboot
Start to check configuration with next startup configuration file, please wait.
........DONE!
This command will reboot the device. Continue? [Y/N]:y
Now rebooting, please wait...
The system automatically loads the .bin boot and system images in the .ipe file and sets them as the startup software images.
25. Execute the display version command in any view to verify that the current main software images have been updated (details not shown).
| NOTE: The system automatically checks the compatibility of the Boot ROM image and the boot and system images during the reboot. If you are prompted that the Boot ROM image in the upgrade image file is different than the current Boot ROM image, upgrade both the basic and extended sections of the Boot ROM image for compatibility. If you choose to not upgrade the Boot ROM image, the system will ask for an upgrade at the next reboot performed by powering on the switch or rebooting from the CLI (promptly or as scheduled). If you fail to make any choice in the required time, the system upgrades the entire Boot ROM image. |
In this approach, you must access the Boot menu of each member switch to upgrade their software one by one. If you are upgrading software images for an IRF fabric, using the CLI is a better choice.
| TIP: Upgrading through the Ethernet port is faster than through the console port. |
Make sure the prerequisites are met before you start upgrading software from the Boot menu.
Setting up the upgrade environment
1. Use a console cable to connect the console terminal (for example, a PC) to the console port on the switch.
2. Connect the Ethernet port on the switch to the file server.
| NOTE: The file server and the configuration terminal can be co-located. |
3. Run a terminal emulator program on the console terminal and set the following terminal settings:
¡ Bits per second—9,600
¡ Data bits—8
¡ Parity—None
¡ Stop bits—1
¡ Flow control—None
¡ Emulation—VT100
Preparing for the TFTP or FTP transfer
To use TFTP or FTP:
· Run a TFTP or FTP server program on the file server or the console terminal.
· Copy the upgrade file to the file server.
· Correctly set the working directory on the TFTP or FTP server.
· Make sure the file server and the switch can reach each other.
Verifying that sufficient storage space is available
| IMPORTANT: For the switch to start up correctly, do not delete the main startup software images when you free storage space before upgrading Boot ROM. On the Boot menu, the main startup software images are marked with an asterisk (*). |
When you upgrade software, make sure each member switch has sufficient free storage space for the upgrade file, as shown in Table 6.
Table 6 Minimum free storage space requirements
Upgraded images | Minimum free storage space requirements |
Comware images | Two times the size of the Comware upgrade package file. |
Boot ROM | Same size as the Boot ROM upgrade image file. |
If no sufficient space is available, delete unused files as described in “Managing files from the Boot menu.”
Scheduling the upgrade time
During the upgrade, the switch cannot provide any services. You must make sure the upgrade has a minimal impact on the network services.
Starting......
Press Ctrl+D to access BASIC BOOT MENU
Press Ctrl+E to start flash test
********************************************************************************
* *
* H3C BOOTROM, Version 105 *
* *
********************************************************************************
Copyright (c) 2004-2016 New H3C Technologies Co., Ltd.
Creation Date : Aug 9 2016, 11:29:29
CPU Clock Speed : 800MHz
Memory Size : 2048MB
Flash Size : 512MB
CPLD Version : 002
PCB Version : Ver.B
Mac Address : 703d155618b0
Press Ctrl+B to access EXTENDED BOOT MENU...1
Press one of the shortcut key combinations at prompt.
Shortcut keys | Prompt message | Function | Remarks |
Ctrl+B | Press Ctrl+B to enter Extended Boot menu... | Accesses the extended Boot menu. | Press the keys within 1 second (in fast startup mode) or 5 seconds (in full startup mode) after the message appears. You can upgrade and manage system software and Boot ROM from this menu. |
Ctrl+D | Press Ctrl+D to access BASIC BOOT MENU | Accesses the basic Boot menu. | Press the keys within 1 seconds after the message appears. You can upgrade Boot ROM or access the extended Boot ROM segment from this menu. |
If the extended Boot ROM segment has corrupted, you can repair or upgrade it from the basic Boot menu.
Press Ctrl+D within 1 seconds after the "Press Ctrl+D to access BASIC BOOT MENU" prompt message appears. If you fail to do this within the time limit, the system starts to run the extended Boot ROM segment.
********************************************************************************
* *
* H3C BOOTROM, Version 105 *
* *
********************************************************************************
BASIC BOOT MENU
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
4. Boot extended BootRom
0. Reboot
Ctrl+U: Access BASIC ASSISTANT MENU
Enter your choice(0-4):
Table 8 Basic Boot ROM menu options
Option | Task |
1. Update full BootRom | Update the entire Boot ROM, including the basic segment and the extended segment. To do so, you must use XMODEM and the console port. For more information, see Using XMODEM to upgrade Boot ROM through the console port. |
2. Update extended BootRom | Update the extended Boot ROM segment. To do so, you must use XMODEM and the console port. For more information, see Using XMODEM to upgrade Boot ROM through the console port. |
3. Update basic BootRom | Update the basic Boot ROM segment. To do so, you must use XMODEM and the console port. For more information, see Using XMODEM to upgrade Boot ROM through the console port. |
4. Boot extended BootRom | Access the extended Boot ROM segment. For more information, see Accessing the extended Boot menu. |
0. Reboot | Reboot the switch. |
Ctrl+U: Access BASIC ASSISTANT MENU | Press Ctrl + U to access the BASIC ASSISTANT menu (see Table 9). |
Table 9 BASIC ASSISTANT menu options
Option | Task |
1. RAM Test | Perform a RAM self-test. |
0. Return to boot menu | Return to the basic Boot menu. |
Accessing the extended Boot menu
Press Ctrl+B within 1 second (in fast startup mode) or 5 seconds (in full startup mode) after the "Press Ctrl-B to enter Extended Boot menu..." prompt message appears. If you fail to do this, the system starts decompressing the system software.
Alternatively, you can enter 4 in the basic Boot menu to access the extended Boot menu.
The "Password recovery capability is enabled." or "Password recovery capability is disabled." message appears, followed by the extended Boot menu. Availability of some menu options depends on the state of password recovery capability (see Table 10). For more information about password recovery capability, see Fundamentals Configuration Guide in H3C S5560X-EI Switch Series Configuration Guides.
Password recovery capability is enabled.
EXTENDED BOOT MENU
1. Download image to flash
2. Select image to boot
3. Display all files in flash
4. Delete file from flash
5. Restore to factory default configuration
6. Enter BootRom upgrade menu
7. Skip current system configuration
8. Set switch startup mode
0. Reboot
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format file system
Ctrl+P: Change authentication for console login
Ctrl+R: Download image to SDRAM and run
Enter your choice(0-8):
Table 10 Extended Boot ROM menu options
Option | Tasks |
1. Download image to flash | Download a software image file to the flash. |
2. Select image to boot | · Specify the main and backup software image file for the next startup. · Specify the main and backup configuration files for the next startup. This task can be performed only if password recovery capability is enabled. |
3. Display all files in flash | Display files on the flash. |
4. Delete file from flash | Delete files to free storage space. |
5. Restore to factory default configuration | Delete the current next-startup configuration files and restore the factory-default configuration. This option is available only if password recovery capability is disabled. |
6. Enter BootRom upgrade menu | Access the Boot ROM upgrade menu. |
7. Skip current system configuration | Start the switch without loading any configuration file. This is a one-time operation and takes effect only for the first system boot or reboot after you choose this option. This option is available only if password recovery capability is enabled. |
8. Set switch startup mode | Set the startup mode to fast startup mode or full startup mode. |
0. Reboot | Reboot the switch. |
Ctrl+F: Format file system | Format the current storage medium. |
Ctrl+P: Change authentication for console login | Skip the authentication for console login. This is a one-time operation and takes effect only for the first system boot or reboot after you choose this option. This option is available only if password recovery capability is enabled. |
Ctrl+R: Download image to SDRAM and run | Download a system software image and start the switch with the image. This option is available only if password recovery capability is enabled. |
Ctrl+Z: Access EXTENDED ASSISTANT MENU | Access the EXTENDED ASSISTANT MENU. For options in the menu, see Table 11. |
Table 11 EXTENDED ASSISTANT menu options
Option | Task |
1. Display Memory | Display data in the memory. |
2. Search Memory | Search the memory for a specific data segment. |
0. Return to boot menu | Return to the extended Boot ROM menu. |
Upgrading Comware images from the Boot menu
You can use the following methods to upgrade Comware images:
· Using TFTP to upgrade software images through the Ethernet port
· Using FTP to upgrade software images through the Ethernet port
· Using XMODEM to upgrade software through the console port
Using TFTP to upgrade software images through the Ethernet port
1. Enter 1 in the Boot menu to access the file transfer protocol submenu.
1. Set TFTP protocol parameters
2. Set FTP protocol parameters
3. Set XMODEM protocol parameters
0. Return to boot menu
Enter your choice(0-3):
2. Enter 1 to set the TFTP parameters.
Load File Name :update.ipe
Server IP Address :192.168.0.3
Local IP Address :192.168.0.2
Subnet Mask :255.255.255.0
Gateway IP Address :0.0.0.0
Table 12 TFTP parameter description
Item | Description |
Load File Name | Name of the file to download (for example, update.ipe). |
Server IP Address | IP address of the TFTP server (for example, 192.168.0.3). |
Local IP Address | IP address of the switch (for example, 192.168.0.2). |
Subnet Mask | Subnet mask of the switch (for example, 255.255.255.0). |
Gateway IP Address | IP address of the gateway (in this example, no gateway is required because the server and the switch are on the same subnet). |
| NOTE: · To use the default setting for a field, press Enter without entering any value. · If the switch and the server are on different subnets, you must specify a gateway address for the switch. |
3. Enter all required parameters, and enter Y to confirm the settings. The following prompt appears:
Are you sure to download file to flash? Yes or No (Y/N):Y
4. Enter Y to start downloading the image file. To return to the Boot menu without downloading the upgrade file, enter N.
Loading.........................................................................
................................................................................
................................................................................
................................................................Done!
5. Enter the M (main), B (backup), or N (none) attribute for the images. In this example, assign the main attribute to the images.
Please input the file attribute (Main/Backup/None) M
Image file boot.bin is self-decompressing...
Free space: 534980608 bytes
Writing flash...................................................................
................................................................................
...................................................................Done!
Image file system.bin is self-decompressing...
Free space: 525981696 bytes
Writing flash...................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
.......................................................................Done!
| NOTE: · The switch always attempts to boot with the main images first. If the attempt fails, for example, because the main images are not available, the switch tries to boot with the backup images. An image with the none attribute is only stored in flash memory for backup. To use it at reboot, you must change its attribute to main or backup. · If an image with the same attribute as the image you are loading is already in the flash memory, the attribute of the old image changes to none after the new image becomes valid. |
6. Enter 0 in the Boot menu to reboot the switch with the new software images.
EXTENDED BOOT MENU
1. Download image to flash
2. Select image to boot
3. Display all files in flash
4. Delete file from flash
5. Restore to factory default configuration
6. Enter BootRom upgrade menu
7. Skip current system configuration
8. Set switch startup mode
0. Reboot
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format file system
Ctrl+P: Change authentication for console login
Ctrl+R: Download image to SDRAM and run
Enter your choice(0-8): 0
Using FTP to upgrade software images through the Ethernet port
1. Enter 1 in the Boot menu to access the file transfer protocol submenu.
1. Set TFTP protocol parameters
2. Set FTP protocol parameters
3. Set XMODEM protocol parameters
0. Return to boot menu
Enter your choice(0-3):
2. Enter 2 to set the FTP parameters.
Load File Name :update.ipe
Server IP Address :192.168.0.3
Local IP Address :192.168.0.2
Subnet Mask :255.255.255.0
Gateway IP Address :0.0.0.0
FTP User Name :switch
FTP User Password :***
Table 13 FTP parameter description
Item | Description |
Load File Name | Name of the file to download (for example, update.ipe). |
Server IP Address | IP address of the FTP server (for example, 192.168.0.3). |
Local IP Address | IP address of the switch (for example, 192.168.0.2). |
Subnet Mask | Subnet mask of the switch (for example, 255.255.255.0). |
Gateway IP Address | IP address of the gateway (in this example, no gateway is required because the server and the switch are on the same subnet). |
FTP User Name | Username for accessing the FTP server, which must be the same as configured on the FTP server. |
FTP User Password | Password for accessing the FTP server, which must be the same as configured on the FTP server. |
| NOTE: · To use the default setting for a field, press Enter without entering any value. · If the switch and the server are on different subnets, you must specify a gateway address for the switch. |
3. Enter all required parameters, and enter Y to confirm the settings. The following prompt appears:
Are you sure to download file to flash? Yes or No (Y/N):Y
4. Enter Y to start downloading the image file. To return to the Boot menu without downloading the upgrade file, enter N.
Loading.........................................................................
................................................................................
................................................................................
................................................................Done!
5. Enter the M (main), B (backup), or N (none) attribute for the images. In this example, assign the main attribute to the images.
Please input the file attribute (Main/Backup/None) M
Image file boot.bin is self-decompressing...
Free space: 534980608 bytes
Writing flash...................................................................
................................................................................
...................................................................Done!
Image file system.bin is self-decompressing...
Free space: 525981696 bytes
Writing flash...................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
.......................................................................Done!
EXTENDED BOOT MENU
1. Download image to flash
2. Select image to boot
3. Display all files in flash
4. Delete file from flash
5. Restore to factory default configuration
6. Enter BootRom upgrade menu
7. Skip current system configuration
8. Set switch startup mode
0. Reboot
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format file system
Ctrl+P: Change authentication for console login
Ctrl+R: Download image to SDRAM and run
Enter your choice(0-8):0
| NOTE: · The switch always attempts to boot with the main images first. If the attempt fails, for example, because the main images not available, the switch tries to boot with the backup images. An image with the none attribute is only stored in flash memory for backup. To use it at reboot, you must change its attribute to main or backup. · If an image with the same attribute as the image you are loading is already in the flash memory, the attribute of the old image changes to none after the new image becomes valid. |
6. Enter 0 in the Boot menu to reboot the switch with the new software images.
Using XMODEM to upgrade software through the console port
XMODEM download through the console port is slower than TFTP or FTP download through the Ethernet port. To save time, use the Ethernet port as long as possible.
1. Enter 1 in the Boot menu to access the file transfer protocol submenu.
1. Set TFTP protocol parameters
2. Set FTP protocol parameters
3. Set XMODEM protocol parameters
0. Return to boot menu
Enter your choice(0-3):
2. Enter 3 to set the XMODEM download baud rate.
Please select your download baudrate:
1.* 9600
2. 19200
3. 38400
4. 57600
5. 115200
0. Return to boot menu
Enter your choice(0-5):5
3. Select an appropriate download rate, for example, enter 5 to select 115200 bps.
Download baudrate is 115200 bps
Please change the terminal's baudrate to 115200 bps and select XMODEM protocol
Press enter key when ready
4. Set the serial port on the terminal to use the same baud rate and protocol as the console port. If you select 9600 bps as the download rate for the console port, skip this task.
a. Select Call > Disconnect in the HyperTerminal window to disconnect the terminal from the switch.
Figure 2 Disconnecting the terminal from the switch
b. Select File > Properties, and in the Properties dialog box, click Configure.
Figure 3 Properties dialog box
c. Select 115200 from the Bits per second list and click OK.
Figure 4 Modifying the baud rate
d. Select Call > Call to reestablish the connection.
Figure 5 Reestablishing the connection
5. Press Enter. The following prompt appears:
Are you sure to download file to flash? Yes or No (Y/N):Y
6. Enter Y to start downloading the file. (To return to the Boot menu, enter N.)
Now please start transfer file with XMODEM protocol
If you want to exit, Press <Ctrl+X>
Loading ...CCCCCCCCCCCCCCCCCCCCCCCCC
7. Select Transfer > Send File in the HyperTerminal window.
Figure 6 Transfer menu
8. In the dialog box that appears, click Browse to select the source file, and select Xmodem from the Protocol list.
Figure 7 File transmission dialog box
9. Click Send. The following dialog box appears:
Figure 8 File transfer progress
10. Enter the M (main), B (backup), or N (none) attribute for the images. In this example, assign the main attribute to the images.
Please input the file attribute (Main/Backup/None) m
The boot.bin image is self-decompressing...
# At the Load File name prompt, enter a name for the boot image to be saved to flash memory.
Load File name : default_file boot-update.bin (At the prompt,
Free space: 470519808 bytes
Writing flash...................................................................
.............Done!
The system-update.bin image is self-decompressing...
# At the Load File name prompt, enter a name for the system image to be saved to flash memory.
Load File name : default_file system-update.bin
Free space: 461522944 bytes
Writing flash...................................................................
.............Done!
Your baudrate should be set to 9600 bps again!
Press enter key when ready
| NOTE: · The switch always attempts to boot with the main images first. If the attempt fails, for example, because the main images not available, the switch tries to boot with the backup images. An image with the none attribute is only stored in the flash memory for backup. To use it at reboot, you must change its attribute to main or backup. · If an image with the same attribute as the image you are loading is already in flash memory, the attribute of the old image changes to none after the new image becomes valid. |
11. If the baud rate of the HyperTerminal is not 9600 bps, restore it to 9600 bps as described in step a. If the baud rate is 9600 bps, skip this step.
| NOTE: The console port rate reverts to 9600 bps at a reboot. If you have changed the baud rate, you must perform this step so you can access the switch through the console port after a reboot. |
EXTENDED BOOT MENU
1. Download image to flash
2. Select image to boot
3. Display all files in flash
4. Delete file from flash
5. Restore to factory default configuration
6. Enter BootRom upgrade menu
7. Skip current system configuration
8. Set switch startup mode
0. Reboot
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format file system
Ctrl+P: Change authentication for console login
Ctrl+R: Download image to SDRAM and run
Enter your choice(0-8): 0
12. Enter 0 in the Boot menu to reboot the system with the new software images.
Upgrading Boot ROM from the Boot menu
You can use the following methods to upgrade the Boot ROM image:
· Using TFTP to upgrade Boot ROM through the Ethernet port
· Using FTP to upgrade Boot ROM through the Ethernet port
· Using XMODEM to upgrade Boot ROM through the console port
Using TFTP to upgrade Boot ROM through the Ethernet port
1. Enter 6 in the Boot menu to access the Boot ROM update menu.
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
2. Enter 1 in the Boot ROM update menu to upgrade the full Boot ROM.
The file transfer protocol submenu appears:
1. Set TFTP protocol parameters
2. Set FTP protocol parameters
3. Set XMODEM protocol parameters
0. Return to boot menu
Enter your choice(0-3):
3. Enter 1 to set the TFTP parameters.
Load File Name :update.btm
Server IP Address :192.168.0.3
Local IP Address :192.168.0.2
Subnet Mask :255.255.255.0
Gateway IP Address :0.0.0.0
Table 14 TFTP parameter description
Item | Description |
Load File Name | Name of the file to download (for example, update.btm). |
Server IP Address | IP address of the TFTP server (for example, 192.168.0.3). |
Local IP Address | IP address of the switch (for example, 192.168.0.2). |
Subnet Mask | Subnet mask of the switch (for example, 255.255.255.0). |
Gateway IP Address | IP address of the gateway (in this example, no gateway is required because the server and the switch are on the same subnet). |
| NOTE: · To use the default setting for a field, press Enter without entering any value. · If the switch and the server are on different subnets, you must specify a gateway address for the switch. |
4. Enter all required parameters and press Enter to start downloading the file.
Loading.................................................Done!
5. Enter Y at the prompt to upgrade the basic Boot ROM section.
Will you Update Basic BootRom? (Y/N):Y
Updating Basic BootRom...........Done.
6. Enter Y at the prompt to upgrade the extended Boot ROM section.
Updating extended BootRom? (Y/N):Y
Updating extended BootRom.........Done.
7. Enter 0 in the Boot ROM update menu to return to the Boot menu.
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
8. Enter 0 in the Boot menu to reboot the switch with the new Boot ROM image.
Using FTP to upgrade Boot ROM through the Ethernet port
1. Enter 6 in the Boot menu to access the Boot ROM update menu.
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
2. Enter 1 in the Boot ROM update menu to upgrade the full Boot ROM.
The file transfer protocol submenu appears:
1. Set TFTP protocol parameters
2. Set FTP protocol parameters
3. Set XMODEM protocol parameters
0. Return to boot menu
Enter your choice(0-3):
3. Enter 2 to set the FTP parameters.
Load File Name :update.btm
Server IP Address :192.168.0.3
Local IP Address :192.168.0.2
Subnet Mask :255.255.255.0
Gateway IP Address :0.0.0.0
FTP User Name :switch
FTP User Password :123
Table 15 FTP parameter description
Item | Description |
Load File Name | Name of the file to download (for example, update.btm). |
Server IP Address | IP address of the FTP server (for example, 192.168.0.3). |
Local IP Address | IP address of the switch (for example, 192.168.0.2). |
Subnet Mask | Subnet mask of the switch (for example, 255.255.255.0). |
Gateway IP Address | IP address of the gateway (in this example, no gateway is required because the server and the switch are on the same subnet). |
FTP User Name | Username for accessing the FTP server, which must be the same as configured on the FTP server. |
FTP User Password | Password for accessing the FTP server, which must be the same as configured on the FTP server. |
| NOTE: · To use the default setting for a field, press Enter without entering any value. · If the switch and the server are on different subnets, you must specify a gateway address for the switch. |
4. Enter all required parameters and press Enter to start downloading the file.
Loading.................................................Done!
5. Enter Y at the prompt to upgrade the basic Boot ROM section.
Will you Update Basic BootRom? (Y/N):Y
Updating Basic BootRom...........Done.
6. Enter Y at the prompt to upgrade the extended Boot ROM section.
Updating extended BootRom? (Y/N):Y
Updating extended BootRom.........Done.
7. Enter 0 in the Boot ROM update menu to return to the Boot menu.
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
8. Enter 0 in the Boot menu to reboot the switch with the new Boot ROM image.
Using XMODEM to upgrade Boot ROM through the console port
XMODEM download through the console port is slower than TFTP or FTP download through the Ethernet port. To save time, use the Ethernet port as long as possible.
1. Enter 6 in the Boot menu to access the Boot ROM update menu.
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
2. Enter 1 in the Boot ROM update menu to upgrade the full Boot ROM.
The file transfer protocol submenu appears:
1. Set TFTP protocol parameters
2. Set FTP protocol parameters
3. Set XMODEM protocol parameters
0. Return to boot menu
Enter your choice(0-3):
3. Enter 3 to set the XMODEM download baud rate.
Please select your download baudrate:
1.* 9600
2. 19200
3. 38400
4. 57600
5. 115200
0. Return to boot menu
Enter your choice(0-5):5
4. Select an appropriate download rate, for example, enter 5 to select 115200 bps.
Download baudrate is 115200 bps
Please change the terminal's baudrate to 115200 bps and select XMODEM protocol
Press enter key when ready
5. Set the serial port on the terminal to use the same baud rate and protocol as the console port. If you select 9600 bps as the download rate for the console port, skip this task.
a. Select Call > Disconnect in the HyperTerminal window to disconnect the terminal from the switch.
Figure 9 Disconnecting the terminal from the switch
b. Select File > Properties, and in the Properties dialog box, click Configure.
Figure 10 Properties dialog box
c. Select 115200 from the Bits per second list and click OK.
Figure 11 Modifying the baud rate
d. Select Call > Call to reestablish the connection.
Figure 12 Reestablishing the connection
6. Press Enter to start downloading the file.
Now please start transfer file with XMODEM protocol
If you want to exit, Press <Ctrl+X>
Loading ...CCCCCCCCCCCCCCCCCCCCCCCCC
7. Select Transfer > Send File in the HyperTerminal window.
Figure 13 Transfer menu
8. In the dialog box that appears, click Browse to select the source file, and select Xmodem from the Protocol list.
Figure 14 File transmission dialog box
9. Click Send. The following dialog box appears:
Figure 15 File transfer progress
10. Enter Y at the prompt to upgrade the basic Boot ROM section.
Loading ...CCCCCCCCCCCCCC ...Done!
Will you Update Basic BootRom? (Y/N):Y
Updating Basic BootRom...........Done.
11. Enter Y at the prompt to upgrade the extended Boot ROM section.
Updating extended BootRom? (Y/N):Y
Updating extended BootRom.........Done.
12. If the baud rate of the HyperTerminal is not 9600 bps, restore it to 9600 bps at the prompt, as described in step a. If the baud rate is 9600 bps, skip this step.
Please change the terminal's baudrate to 9600 bps, press ENTER when ready.
| NOTE: The console port rate reverts to 9600 bps at a reboot. If you have changed the baud rate, you must perform this step so you can access the switch through the console port after a reboot. |
13. Press Enter to access the Boot ROM update menu.
14. Enter 0 in the Boot ROM update menu to return to the Boot menu.
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
15. Enter 0 in the Boot menu to reboot the switch with the new Boot ROM image.
Managing files from the Boot menu
From the Boot menu, you can display files in flash memory to check for obsolete files, incorrect files, or space insufficiency, delete files to release storage space, or change the attributes of software images.
Displaying all files
Enter 3 in the Boot menu to display all files in flash memory and identify the free space size.
EXTENDED BOOT MENU
1. Download image to flash
2. Select image to boot
3. Display all files in flash
4. Delete file from flash
5. Restore to factory default configuration
6. Enter BootRom upgrade menu
7. Skip current system configuration
8. Set switch startup mode
0. Reboot
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format file system
Ctrl+P: Change authentication for console login
Ctrl+R: Download image to SDRAM and run
Enter your choice(0-8): 3
The following is a sample output:
Display all file(s) in flash:
File Number File Size(bytes) File Name
================================================================================
1 8177 flash:/testbackup.cfg
2(*) 53555200 flash:/system.bin
3(*) 9959424 flash:/boot.bin
4 3678 flash:/startup.cfg_backup
5 30033 flash:/default.mdb
6 42424 flash:/startup.mdb
7 18 flash:/.pathfile
8 232311 flash:/logfile/logfile.log
9 5981 flash:/startup.cfg_back
10(*) 6098 flash:/startup.cfg
11 20 flash:/.snmpboots
Free space: 464298848 bytes
The current image is boot.bin
(*)-with main attribute
(b)-with backup attribute
(*b)-with both main and backup attribute
Deleting files
If storage space is insufficient, delete obsolete files to free up storage space.
To delete files:
1. Enter 4 in the Boot menu:
Deleting the file in flash:
File Number File Size(bytes) File Name
================================================================================
1 8177 flash:/testbackup.cfg
2(*) 53555200 flash:/system.bin
3(*) 9959424 flash:/boot.bin
4 3678 flash:/startup.cfg_backup
5 30033 flash:/default.mdb
6 42424 flash:/startup.mdb
7 18 flash:/.pathfile
8 232311 flash:/logfile/logfile.log
9 5981 flash:/startup.cfg_back
10(*) 6098 flash:/startup.cfg
11 20 flash:/.snmpboots
Free space: 464298848 bytes
The current image is boot.bin
(*)-with main attribute
(b)-with backup attribute
(*b)-with both main and backup attribute
2. Enter the number of the file to delete. For example, enter 1 to select the file testbackup.cfg.
Please input the file number to change: 1
3. Enter Y at the confirmation prompt.
The file you selected is testbackup.cfg,Delete it? (Y/N):Y
Deleting....................................Done!
Changing the attribute of software images
Software image attributes include main (M), backup (B), and none (N). System software and boot software can each have multiple none-attribute images but only one main image and one backup image on the switch. You can assign both the M and B attributes to one image. If the M or B attribute you are assigning has been assigned to another image, the assignment removes the attribute from that image. If the removed attribute is the sole attribute of the image, its attribute changes to N.
For example, the system image system.bin has the M attribute and the system image system-update.bin has the B attribute. After you assign the M attribute to system-update.bin, the attribute of system-update.bin changes to M+B and the attribute of system.bin changes to N.
To change the attribute of a system or boot image:
1. Enter 2 in the Boot menu.
EXTENDED BOOT MENU
1. Download image to flash
2. Select image to boot
3. Display all files in flash
4. Delete file from flash
5. Restore to factory default configuration
6. Enter BootRom upgrade menu
7. Skip current system configuration
8. Set switch startup mode
0. Reboot
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format file system
Ctrl+P: Change authentication for console login
Ctrl+R: Download image to SDRAM and run
Enter your choice(0-8): 2
2. 1 or 2 at the prompt to set the attribute of a software image. (The following output is based on the option 2. To set the attribute of a configuration file, enter 3.)
1. Set image file
2. Set bin file
3. Set configuration file
0. Return to boot menu
Enter your choice(0-3): 2
File Number File Size(bytes) File Name
================================================================================
1(*) 53555200 flash:/system.bin
2(*) 9959424 flash:/boot.bin
3 13105152 flash:/boot-update.bin
4 91273216 flash:/system-update.bin
Free space: 417177920 bytes
(*)-with main attribute
(b)-with backup attribute
(*b)-with both main and backup attribute
Note:Select .bin files. One but only one boot image and system image must be included.
3. Enter the number of the file you are working with. For example, enter 3 to select the boot image boot-update.bin. and enter 4 to select the system image system-update.bin.
Enter file No.(Allows multiple selection):3
Enter another file No.(0-Finish choice):4
4. Enter 0 to finish the selection.
Enter another file No.(0-Finish choice):0
You have selected:
flash:/boot-update.bin
flash:/system-update.bin
5. Enter M or B to change its attribute to main or backup. If you change its attribute to M, the attribute of boot.bin changes to none.
Please input the file attribute (Main/Backup) M
This operation may take several minutes. Please wait....
Next time, boot-update.bin will become default boot file!
Next time, system-update.bin will become default boot file!
Set the file attribute success!
Handling software upgrade failures
If a software upgrade fails, the system runs the old software version.
To handle a software upgrade failure:
1. Verify that the software release is compatible with the switch model and the correct file is used.
2. Verify that the software release and the Boot ROM release are compatible. For software and Boot ROM compatibility, see the hardware and software compatibility matrix in the correct release notes.
3. Check the physical ports for a loose or incorrect connection.
4. If you are using the console port for file transfer, check the HyperTerminal settings (including the baud rate and data bits) for any wrong setting.
5. Check the file transfer settings:
¡ If XMODEM is used, you must set the same baud rate for the terminal as for the console port.
¡ If TFTP is used, you must enter the same server IP addresses, file name, and working directory as set on the TFTP server.
¡ If FTP is used, you must enter the same FTP server IP address, source file name, working directory, and FTP username and password as set on the FTP server.
6. Check the FTP or TFTP server for any incorrect setting.
7. Check that the storage device has sufficient space for the upgrade file.
