Header Only - DO NOT REMOVE - Extreme Networks

vdx-6740 firmware/nos update via ftp, scp, sftp does work.


hi everyone,

I have a switch from which I can ssh into ftp server, that is on a vlan. Other nodes on that vlan can ftp into that server okey.
The same switch I can ssh into its management interface cannot ping back that node from which I ssh. (that's is weird right?)

Now, when I try "firmware download" (on the vlan, obviously) via ftp, sftp, scp it all fails, example:

sw0# firmware download ftp host 10.5.4.97 directory nos7.2.0a1 user anonymous
Password: *********
Performing system sanity check...
The server is inaccessible or firmware path is invalid. Please make sure the server name or IP address, the user/password and the
firmware path are valid.

I can see that the switch does not even get to the ftp server, again, I can ssh from the switch to that IP address. SPC does not work neither.

sw0# firmware download scp host 10.5.4.97 directory /home.sysops/appmgr/nos7.2.0a1 user appmgr
Password: ************
Performing system sanity check...
The server is inaccessible or firmware path is invalid. Please make sure the server name or IP address, the user/password and the
firmware path are valid and the server supports SSH password authentication.

Because it's just my first foray into Brocade I hope, expect, I'm missing something and it's not some bad fault, malfunction on switch's part.

What is it that I am missing, doing wrong?

many thanks, L.

19 replies

Userlevel 1
Hi L,

For upgrade from FTP server:
1. please try create user/password (sometimes anonymous doesn't work)
2. please try to map nos7.2.0a1 folder as User directory (then use "/" as directory)

Example:
# firmware download ftp host 10.5.4.97 directory / user admin password admin123 [/code]You can try ping ftp server from switch
#ping 10.5.4.97 vrf mgmt-vrf[/code]
hi Yulia,

okey, now, why would I want to ping an IP on a vlan from management interface?
Are you saying that firmware updates can only be done via this interface?

And why switch be unsuccessful pinging the client from which I'm sshing into the switch? (and that is direct attach link, no other switches in between, but also the same with other switches in between)
Userlevel 7
Pawel Eljasz wrote:

hi Yulia,

okey, now, why would I want to ping an IP on a vlan from management interface?
Are you saying that firmware updates can only be done via this interface?

And why switch be unsuccessful pinging the client from which I'm sshing into the switch? (and that is direct attach link, no other switches in between, but also the same with other switches in between)

Because you didn't provide a lot of information about the network e.g. a network diagram or a full switch config we assume things that are not mentioned.

Use the right vrf if it isn't the mgmt one.

If the works use also the vrf option in the download cmd.

https://documentation.extremenetworks.com/networkos/SW/73x/nos-730-command-reference.pdf
Pawel Eljasz wrote:

hi Yulia,

okey, now, why would I want to ping an IP on a vlan from management interface?
Are you saying that firmware updates can only be done via this interface?

And why switch be unsuccessful pinging the client from which I'm sshing into the switch? (and that is direct attach link, no other switches in between, but also the same with other switches in between)

Here is my switch:

sw0# show version Network Operating System Software Network Operating System Version: 6.0.2 Copyright (c) 1995-2015 Brocade Communications Systems, Inc. Firmware name: 6.0.2e Build Time: 10:42:08 Apr 10, 2017 Install Time: 12:25:22 May 30, 2017 Kernel: 2.6.34.6 BootProm: 1.0.1 Control Processor: e500mc with 4096 MB of memory Slot Name Primary/Secondary Versions Status --------------------------------------------------------------------------- SW/0 NOS 6.0.2e ACTIVE* 6.0.2e SW/1 NOS 6.0.2e STANDBY 6.0.2e [/code]And there is just one vlan with interface and IP 10.5.4.253.
Mgmt iface is 10.214.234.95.

It really should be simple, right?
Because switch cannot even ping anything on mgmt interface that disqualifies it to use for network firmware updates, I assumed, no?

So I use switch's vlan interface with ftp, etc. Not that I use, I assume that switch does it for it's not stupid and since I can ping and ssh from the switch to that 10.5.4.97 server.

It does not seem to be an option for vrf in switch current NOS version.

Again, when I try "firmware download" whether ftp, sftp, scp I'm watching server's end and it does not even look like switch gets to the server !?
Other nodes which are connected to switch on that one single vlan do scp, ftp and sftp to that 10.5.4.97 just fine.
That above led me to that one quick question - must firmware updates be done ONLY via management interface? I'd expect the answer to be NO - right?
Userlevel 1
Pawel Eljasz wrote:

That above led me to that one quick question - must firmware updates be done ONLY via management interface? I'd expect the answer to be NO - right?

Yes, on NOS6.x upgrade should be via mgmt vrf, on NOS7.x you can choose which vrf to use.
Pawel Eljasz wrote:

That above led me to that one quick question - must firmware updates be done ONLY via management interface? I'd expect the answer to be NO - right?

Any chance this could be clarified ultimately?

You see, mgmt iface does not want to get anywhere, no ping no ssh via mgmt iface - would you have suggestions as to why?

And vlan iface does ssh out but "firmware update" via ftp, sfp, sftp on vlan fails with errors as above.

If your "should" means "must" then at least I know I should stop trying with updates via vlan iface - which would probably be worst as, again, mgmt iface does not want to ping anything and I have no! idea why that is.
Userlevel 1
Pawel Eljasz wrote:

That above led me to that one quick question - must firmware updates be done ONLY via management interface? I'd expect the answer to be NO - right?

You can use Inband (any port) or Out Of Band (mgmt interface) connectivity for the upgrade, but this interface MUST be in mgmt-vrf (on NOS6.x)
Hard to tell why you can not ping your mgmt interface (different subnet may be), could be any network issue (wrong default gateway or routing problem)
Pawel Eljasz wrote:

That above led me to that one quick question - must firmware updates be done ONLY via management interface? I'd expect the answer to be NO - right?

okey,
Switch's config is pretty vanilla default, I think after a config clearing.

sw0# show ip route Total number of IP routes: 2 Type Codes - B:BGP D:Connected O:OSPF S:Static +:Leaked route; Cost - Dist/Metric BGP Codes - i:iBGP e:eBGP OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2 s:Sham Link Destination Gateway Port Cost Type Uptime 10.5.4.0/24 DIRECT Ve 4 0/0 D 5d4h 10.5.4.253/32 DIRECT Ve 4 0/0 D 5d4h [/code]So, nodes on that vlan, the switch can ping okey.

But mgmt iface I did nothing about in terms of config. If I can ssh to switch via mgmt iface then assume it should work the other way back, no?
No extra configuration, like routing, should be needed to do manually, if at all, no?
And again, to stress, the connection between the node from I ssh to switch's mgmt inface and switch is direct, meaning no other devices in between.

And, how to put an interface into mgmt-vrf ?
Userlevel 1
Pawel Eljasz wrote:

That above led me to that one quick question - must firmware updates be done ONLY via management interface? I'd expect the answer to be NO - right?

please try:
sh ip route vrf mgmt-vrf[/code]
Pawel Eljasz wrote:

That above led me to that one quick question - must firmware updates be done ONLY via management interface? I'd expect the answer to be NO - right?

here:
sw0# sh ip route vrf mgmt-vrf Total number of IP routes: 3 Type Codes - B:BGP D:Connected O:OSPF S:Static +:Leaked route; Cost - Dist/Metric BGP Codes - i:iBGP e:eBGP OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2 s:Sham Link Destination Gateway Port Cost Type Uptime 0.0.0.0/0 10.214.234.1 mgmt 1 1/1 S 6d23h 10.214.234.0/24 DIRECT mgmt 1 0/0 D 6d23h 10.214.234.95/32 DIRECT mgmt 1 0/0 D 6d23h[/code]
from rs232 terminal session, ping to switch's own mgmt iface:

sw0# ping 10.214.234.95 Type Control-c to abort PING 10.214.234.95 (10.214.234.95): 56 data bytes ping: sendto: Network is unreachable [/code]but can ping from outside, can ssh to it from outside, and...

sw0# show interface Management interface Management 1/0 ip address "static 10.214.234.95/24" ip gateway-address 10.214.234.1 ipv6 ipv6-address [ ] ipv6 ipv6-gateways [ ] line-speed actual "1000baseT, Duplex: Full" line-speed configured Auto oper-status up[/code]
Userlevel 1
Pawel Eljasz wrote:

That above led me to that one quick question - must firmware updates be done ONLY via management interface? I'd expect the answer to be NO - right?

When you try to ping 10.214.234.95 you should specify mgmt-vrf
sw0# ping 10.214.234.95 vrf mgmt-vrf[/code]
Okey, I think I might be getting somewhere, this seems new:

sw0# firmware download ftp directory / host 10.214.234.97 user anonymous password anonymous Performing system sanity check... Firmware download not supported. Please change the vcs mode to Logical Chassis and try again. The preinstall script failed.
[/code]
Userlevel 1
check your vcs mode with show vcs command:
show vcs[/code]On NOS 7.x only logical-chassis supported, so you need to change mode before upgrade
Example:
# vcs vcsid 1 rbridge 1 logical-chassis enable[/code]
but I'm on 6.x
Here:

sw0# show vcs Config Mode : Local-Only VCS Mode : Fabric Cluster VCS ID : 10 Total Number of Nodes : 1 Rbridge-Id WWN Management IP VCS Status Fabric Status HostName -------------------------------------------------------------------------------------------------------------- 1 >10:00:C4:F5:7C:93:70:57* 10.214.234.95 Online Online sw0 [/code]Do I still need to change?
Userlevel 1
Pawel Eljasz wrote:

but I'm on 6.x
Here:

sw0# show vcs Config Mode : Local-Only VCS Mode : Fabric Cluster VCS ID : 10 Total Number of Nodes : 1 Rbridge-Id WWN Management IP VCS Status Fabric Status HostName -------------------------------------------------------------------------------------------------------------- 1 >10:00:C4:F5:7C:93:70:57* 10.214.234.95 Online Online sw0 [/code]Do I still need to change?

Yes, you are going to upgrade to NOS7.x where only logical-chassis is supported
Userlevel 1
sw0# sh vcs
Config Mode : Distributed
VCS Mode : Logical Chassis
VCS ID : 1
VCS GUID : 00000000000000000000000000000000
Total Number of Nodes : 1
Rbridge-Id WWN Management IP VCS Status Fabric Status HostName
--------------------------------------------------------------------------------------------------------------
1 >10:00:00:xx:xx:xx:xx:xx* 10.1.1.54 Online Online sw0[/code]
now this...

Performing system sanity check... Firmware download to the target firmware version cannot preserve the configuration. Please specify the default-config option in the command-line for download. [/code]is it necessary and why?
Userlevel 1
You are going from NOS6.0 to 7.2, if you want to keep your config you can upgrade from 6.0 to 7.0 then to 7.1 and then to 7.2.
Userlevel 1
please review release notes for NOS7.2.0a "SOFTWARE UPGRADE AND DOWNGRADE" section for more details

Reply