vdx-6740 firmware/nos update via ftp, scp, sftp does work.

  • 0
  • 1
  • Question
  • Updated 4 weeks ago
  • Answered
  • (Edited)
hi everyone,

I have a switch from which I can ssh into ftp server, that is on a vlan. Other nodes on that vlan can ftp into that server okey.
The same switch I can ssh into its management interface cannot ping back that node from which I ssh. (that's is weird right?)

Now, when I try "firmware download" (on the vlan, obviously) via ftp, sftp, scp it all fails, example:

sw0# firmware download ftp host 10.5.4.97 directory nos7.2.0a1 user anonymous
Password: *********
Performing system sanity check...
The server is inaccessible or firmware path is invalid. Please make sure the server name or IP address, the user/password and the 
firmware path are valid.

I can see that the switch does not even get to the ftp server, again, I can ssh from the switch to that IP address. SPC does not work neither.

sw0# firmware download scp host 10.5.4.97 directory /home.sysops/appmgr/nos7.2.0a1 user appmgr
Password: ************
Performing system sanity check...
The server is inaccessible or firmware path is invalid. Please make sure the server name or IP address, the user/password and the 
firmware path are valid and the server supports SSH password authentication.


Because it's just my first foray into Brocade I hope, expect, I'm missing something and it's not some bad fault, malfunction on switch's part.

What is it that I am missing, doing wrong?

many thanks, L.
Photo of Pawel Eljasz

Pawel Eljasz

  • 390 Points 250 badge 2x thumb

Posted 1 month ago

  • 0
  • 1
Photo of Yulia Abitbul

Yulia Abitbul, Employee

  • 472 Points 250 badge 2x thumb
Hi L,

For upgrade from FTP server:
1. please try create user/password (sometimes anonymous doesn't work)
2. please try to map nos7.2.0a1 folder as User directory (then use "/" as directory)

Example:
# firmware download ftp host 10.5.4.97 directory / user admin password admin123
You can try ping ftp server from switch
#ping 10.5.4.97 vrf mgmt-vrf
Photo of Pawel Eljasz

Pawel Eljasz

  • 390 Points 250 badge 2x thumb
hi Yulia,

okey, now, why would I want to ping an IP on a vlan from management interface?
Are you saying that firmware updates can only be done via this interface?

And why switch be unsuccessful pinging the client from which I'm sshing into the switch? (and that is direct attach link, no other switches in between, but also the same with other switches in between)


Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,572 Points 20k badge 2x thumb
Because you didn't provide a lot of information about the network e.g. a network diagram or a full switch config we assume things that are not mentioned.

Use the right vrf if it isn't the mgmt one.

If the works use also the vrf option in the download cmd.

https://documentation.extremenetworks.com/networkos/SW/73x/nos-730-command-reference.pdf
Photo of Pawel Eljasz

Pawel Eljasz

  • 390 Points 250 badge 2x thumb
Here is my switch:

sw0# show version 

Network Operating System Software
Network Operating System Version: 6.0.2
Copyright (c) 1995-2015 Brocade Communications Systems, Inc.
Firmware name:      6.0.2e
Build Time:         10:42:08 Apr 10, 2017
Install Time:       12:25:22 May 30, 2017
Kernel:             2.6.34.6

BootProm:           1.0.1
Control Processor:  e500mc with 4096 MB of memory

Slot    Name    Primary/Secondary Versions                         Status
---------------------------------------------------------------------------
SW/0    NOS     6.0.2e                                             ACTIVE*
                6.0.2e                                              
SW/1    NOS     6.0.2e                                             STANDBY
                6.0.2e                                              


                                           
And there is just one vlan with interface and IP 10.5.4.253.
Mgmt iface is 10.214.234.95.

It really should be simple, right?
Because switch cannot even ping anything on mgmt interface that disqualifies it to use for network firmware updates, I assumed, no?

So I use switch's vlan interface with ftp, etc. Not that I use, I assume that switch does it for it's not stupid and since I can ping and ssh from the switch to that 10.5.4.97 server.

It does not seem to be an option for vrf in switch current NOS version.

Again, when I try "firmware download" whether ftp, sftp, scp I'm watching server's end and it does not even look like switch gets to the server !?
Other nodes which are connected to switch on that one single vlan do scp, ftp and sftp to that 10.5.4.97 just fine.
Photo of Pawel Eljasz

Pawel Eljasz

  • 390 Points 250 badge 2x thumb
That above led me to that one quick question - must firmware updates be done ONLY via management interface? I'd expect the answer to be NO - right?
Photo of Yulia Abitbul

Yulia Abitbul, Employee

  • 472 Points 250 badge 2x thumb
You can use  Inband (any port) or Out Of Band (mgmt interface) connectivity for the upgrade, but this interface MUST be in mgmt-vrf (on NOS6.x)
Hard to tell why you can not ping your mgmt interface (different subnet may be), could be any network issue (wrong default gateway or routing problem)
(Edited)
Photo of Pawel Eljasz

Pawel Eljasz

  • 390 Points 250 badge 2x thumb
okey,
Switch's config is pretty vanilla default, I think after a config clearing.

sw0# show ip route
Total number of IP routes: 2
Type Codes - B:BGP D:Connected O:OSPF S:Static +:Leaked route; Cost - Dist/Metric
BGP  Codes - i:iBGP e:eBGP
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2 s:Sham Link
        Destination        Gateway         Port           Cost          Type Uptime
        10.5.4.0/24        DIRECT          Ve 4           0/0           D    5d4h  
        10.5.4.253/32      DIRECT          Ve 4           0/0           D    5d4h  
So, nodes on that vlan, the switch can ping okey.

But mgmt iface I did nothing about in terms of config. If I can ssh to switch via mgmt iface then assume it should work the other way back, no?
No extra configuration, like routing, should be needed to do manually, if at all, no?
And again, to stress, the connection between the node from I ssh to switch's mgmt inface and switch is direct, meaning no other devices in between.

And, how to put an interface into mgmt-vrf ?
(Edited)
Photo of Yulia Abitbul

Yulia Abitbul, Employee

  • 472 Points 250 badge 2x thumb
please try:
sh ip route vrf mgmt-vrf
Photo of Pawel Eljasz

Pawel Eljasz

  • 390 Points 250 badge 2x thumb
here:
sw0# sh ip route vrf mgmt-vrf
Total number of IP routes: 3
Type Codes - B:BGP D:Connected O:OSPF S:Static +:Leaked route; Cost - Dist/Metric
BGP  Codes - i:iBGP e:eBGP
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2 s:Sham Link
        Destination        Gateway         Port           Cost          Type Uptime
        0.0.0.0/0          10.214.234.1    mgmt 1         1/1           S    6d23h 
        10.214.234.0/24    DIRECT          mgmt 1         0/0           D    6d23h 
        10.214.234.95/32   DIRECT          mgmt 1         0/0           D    6d23h

from rs232 terminal session, ping to switch's own mgmt iface:

sw0# ping 10.214.234.95   
Type Control-c to abort
PING 10.214.234.95 (10.214.234.95): 56 data bytes
ping: sendto: Network is unreachable
but can ping from outside, can ssh to it from outside, and...

sw0# show interface Management 
interface Management 1/0
 ip address "static 10.214.234.95/24"
 ip gateway-address 10.214.234.1
 ipv6 ipv6-address [  ]
 ipv6 ipv6-gateways [  ]
 line-speed actual "1000baseT, Duplex: Full"
 line-speed configured Auto
 oper-status up
Photo of Yulia Abitbul

Yulia Abitbul, Employee

  • 472 Points 250 badge 2x thumb
When you try to ping 10.214.234.95 you should specify mgmt-vrf
sw0# ping 10.214.234.95 vrf mgmt-vrf

Photo of Pawel Eljasz

Pawel Eljasz

  • 390 Points 250 badge 2x thumb
Okey, I think I might be getting somewhere, this seems new:

sw0# firmware download ftp directory / host 10.214.234.97 user anonymous password anonymous
Performing system sanity check...

Firmware download not supported. Please change the vcs mode to Logical Chassis and try again.

The preinstall script failed.
Photo of Yulia Abitbul

Yulia Abitbul, Employee

  • 472 Points 250 badge 2x thumb
check your vcs mode with show vcs command:
show vcs
On NOS 7.x only logical-chassis supported, so you need to change mode before upgrade 
Example:
# vcs vcsid 1 rbridge 1 logical-chassis enable
(Edited)
Photo of Pawel Eljasz

Pawel Eljasz

  • 390 Points 250 badge 2x thumb
but I'm on 6.x
Here:

sw0# show vcs
Config Mode    : Local-Only
VCS Mode       : Fabric Cluster
VCS ID         : 10
Total Number of Nodes           : 1
Rbridge-Id       WWN                            Management IP   VCS Status       Fabric Status        HostName
--------------------------------------------------------------------------------------------------------------
1               >10:00:C4:F5:7C:93:70:57*       10.214.234.95   Online           Online               sw0

Do I still need to change?
Photo of Yulia Abitbul

Yulia Abitbul, Employee

  • 472 Points 250 badge 2x thumb
Yes, you are going to upgrade to NOS7.x where only logical-chassis is supported
Photo of Pawel Eljasz

Pawel Eljasz

  • 390 Points 250 badge 2x thumb
now this...

Performing system sanity check...

Firmware download to the target firmware version cannot preserve the configuration. Please specify the default-config option in the command-line for download.

is it necessary and why?
Photo of Yulia Abitbul

Yulia Abitbul, Employee

  • 472 Points 250 badge 2x thumb
You are going from NOS6.0 to 7.2, if you want to keep your config you can upgrade from 6.0 to 7.0 then to 7.1 and then to 7.2. 
Photo of Yulia Abitbul

Yulia Abitbul, Employee

  • 472 Points 250 badge 2x thumb
please review release notes for NOS7.2.0a  "SOFTWARE UPGRADE AND DOWNGRADE" section for more details