Extreme Networks

M_Nees · ‎12-09-2016

We have a X450-G2 with 16.1.3.6.

This switch is the router of a branch. Unfortunately the router-transfer nentwork is not part of VPN IPSec SA. So we have several problems with services which using the route-based source interface to reach some services.

For syslog, radius and snmp it is possible to define the correct source interface ip.

But sntp is current not possible.

Another problem is bringing firmware update to this switch - download image and download url NOR "tftp get" supports specifying a source interface.Last change to use a local PC for update. Maybe other or smarter suggestions ?

16.1.x Web interface does also not support a firmware update. (21.x. support that - but patch level is to low for me needs regarding system stability)

So any ideas to get sntp running or bringing a new firmware to that switch ?

Regards,
Matthias

StephanH · ‎05-09-2017

Hello,

according to the GTAC "download url file://" for upgrades is only supported with 16.2 and newer versions. Therefore an update via winscp is not available with version 16.1

Regards
Stephan

Regards Stephan

MichaelR1 · ‎03-23-2017

I have tested the problem with an older firmware version because I broke that for a customer. I have now the 16.1.3.6patch1-9 on run and would like to update on summitX-16.1.3.6-patch1-11.

The file I have copied with WinSCP but do not get run:

Firmware-Test.8 # download url file:///usr/local/cfg/summix-16.1.3.5... VR VR-Mgmt
Note: The inactive partition (secondary) will be used for installation.
Do you want to install image after downloading? (y - yes, n - no, - cancel) Yes

Downloading to SwitchError: Failed to download image - Error: File could not be unwrapped.

Firmware-Test.10 # ls
drw-r--r-- 2 root root 1024 Mar 15 09:53 dhcp
drw-r--r-- 2 root root 1024 Mar 15 09:52 lost+found
-rw-rw-rw- 1 root root 376968 Mar 21 09:11 primary.cfg
-rw-r--r-- 1 root root 65782864 Mar 21 09:12 summitX-16.1.3.6-patch1-11.xos
drwxr-xr-x 2 root root 1024 Mar 20 09:57 vmt

1K-blocks Used Available Use%
181576 70530 111046 39%

In the log I see only

03/23/2017 10:27:38.64 Download of image finished with status failure - Error: File could not be unwrapped.

03/23/2017 10:27:38.60 Upgrade failed, script: Can not validate image
03/23/2017 10:27:38.03 Download image from hostname ip address file name file:///usr/local/cfg/summix-16.1.3.5... VR VR-Mgmt

Someone an idea?

Thank you for reply

Bastian_Sprotte · ‎01-10-2017

Matthias,

i found the correct way to make it,

use scp/ winscp and copy the exos file to the file system from your switch.
the config/ folder is the link to /usr/local/cfg which has the file located.
with that known, start download the url as below

#
##
###

BAstian.175 # download url file:///usr/local/cfg/summitX-22.1.0.36.xos
01/10/2017 14:51:33.35 134.141.136.138 (telnet) admin: download url file:///usr/local/cfg/summitX-22.1.0.36.xos
Note: The inactive partition (secondary) will be used for installation.
Do you want to install image after downloading? (y - yes, n - no, - cancel) Yes

Downloading to Switch01/10/2017 14:51:35.52 Download image from hostname ip address file name file:///usr/local/cfg/summitX-22.1.0.36.xos VR VR-Mgmt
......................................................................................................................................................
01/10/2017 14:52:00.58 Download of image finished with status success; Image integrity check passed.
Installing to secondary partition!

Installing to Switch01/10/2017 14:52:01.08 Upgrade status Start upgrade timer
......................................................................................................................................................................
01/10/2017 14:53:29.81 Image installation finished with status success.
Image installed successfully
This image will be used only after rebooting the switch!
BAstian.176 #

#

Erik_Auerswald · ‎12-18-2016

Hello jeronimo,

it is not always possible or desirable to use the management port. In the example given by Matthias in his question on top, at least another port on the VPN gateway would be needed. If more than one switch is needed at the branch, at least one additional switch is needed for the out-of-band management. And how do you manage the out-of-band management?

Enterasys added source interface/IP configuration to the SecureStacks EOS for this use case (a small site, LAN routing on LAN switch instead of provider router, remote management needed). Enterasys implemented the default management IP for CoreFlow EOS to keep the existing networks working despite the unified IP stack of EOS version 7 and later.

EOS customers might want to replace some of their switches with EXOS devices, but they can only do so if the EXOS switch can be made to work similarly to the EOS switch.

Cisco IOS implements source interface/IP configuration seemingly since forever. Routers and multilayer switches are usually managed through a loopback interface. I have not seen one customer using the out-of-band management port on Cisco Catalyst 2k or 3k switches. Many Cisco routers do not have a management port at all.

I have seen EXOS customers use the management port, but I have not yet seen a network exclusively using out-of-band management, there have always been some switches configured for in-band management (not just the out-of-band management network devices, which need to be managed in-band as well). Many EXOS customer installations do not use the management port at all.

Best regards,
Erik

Extreme Networks

EXOS specifiy source interface for sntp, download image or download url

EXOS specifiy source interface for sntp, download image or download url