Pkafkas
asked on
How to update the firmware on an HP ProCurve Ethernet Switch with a USB drive?
Hello:
I have previously updated Juniper switches; but, I have never updated HP ProCurve Switches. The command lines are different and I wanted to verify my research before I proceed with any updates. We do not have any spare switches for our production network.
I have created some notes based on the information found in http://evilrouters.net/2008/12/14/upgrading-hp-procurve-firmware-via-usb-flash-drive/ .
I have also attached a word document that I created providing a little bit more detail, for the process that plan to use. Please let me know if my plan (word document) is correct. If the plan is not correct then please provide me your suggestions on the correct process.
Thank you,
How-to-update-the-firmware-on-an-HP-ProC
I have previously updated Juniper switches; but, I have never updated HP ProCurve Switches. The command lines are different and I wanted to verify my research before I proceed with any updates. We do not have any spare switches for our production network.
I have created some notes based on the information found in http://evilrouters.net/2008/12/14/upgrading-hp-procurve-firmware-via-usb-flash-drive/ .
I have also attached a word document that I created providing a little bit more detail, for the process that plan to use. Please let me know if my plan (word document) is correct. If the plan is not correct then please provide me your suggestions on the correct process.
Thank you,
How-to-update-the-firmware-on-an-HP-ProC
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Where may I download the correct firmware versions?
I started searching on HP's web site and I found the following link:
https://h10145.www1.hpe.com/Downloads/DownloadSoftware.aspx?SoftwareReleaseUId=12042&ProductNumber=J9147A&lang=en&cc=us&prodSeriesId=3901671&OrderNumber=&PurchaseDate=
Version:
W.15.14.0012
Build date: 31-Mar-2015
Posted date: 01-May-2015
Size: 8.90 MB
I started searching on HP's web site and I found the following link:
https://h10145.www1.hpe.com/Downloads/DownloadSoftware.aspx?SoftwareReleaseUId=12042&ProductNumber=J9147A&lang=en&cc=us&prodSeriesId=3901671&OrderNumber=&PurchaseDate=
Version:
W.15.14.0012
Build date: 31-Mar-2015
Posted date: 01-May-2015
Size: 8.90 MB
ASKER
Hello Mr. Johnson, I do not see any text in your comment.
I also did not notice any changes to my original document except for the title on the first page being a little bit bigger. is there anything else that you wanted to share?
I also did not notice any changes to my original document except for the title on the first page being a little bit bigger. is there anything else that you wanted to share?
ASKER
According to the release notes, on the webpage: https://h10145.www1.hpe.com/Downloads/DownloadSoftware.aspx?SoftwareReleaseUId=12042&ProductNumber=J9147A&lang=en&cc=us&prodSeriesId=3901671&OrderNumber=&PurchaseDate=
It was stated that the following products are associated with the download:
Supported products:
J9145A HP 2910-24G AL SWITCH
J9146A HP 2910-24G-POE+ AL SWITCH
J9147A HP 2910-48G AL SWITCH
J9148A HP 2910-48G-POE+ AL SWITCH
IMPORTANT: This software includes an update to BootROM W.14.06.
If your switch has an older version of BootROM, the BootROM will be
updated with this software. Do not interrupt power to the switch
during this important update!
++++++++++++++++++++++++++ ++++++++++ ++++++++++ +++
Digital Signature Note: Beginning with W.15.09, the switch software includes a digital signature. However, if this software is downloaded by an earlier software version that does not understand digital signatures, the earlier software will remove the digital signature before storing the new software in flash.
In order to have digitally-signed software in the switch, you must boot the switch into W.15.09 or later software, and then re-download the W.15.09 or later software into the same flash it is already in (primary or secondary). Because the switch is now using a software version that understands digital signatures, the signature is not stripped during the download.
Use the verify signature flash command to see if the software has a digital signature. After entering the command, if the software is digitally signed the switch does nothing for approximately 30 seconds, then responds. If the software is not digitally signed, the switch responds in approximately 10 seconds.
-------------------
Hence if I am understanding the above notes correctly , since we are updating from an earlier version "W.14.04" we must upload the new firmware 2 times fro the digital signature to stay.
It was stated that the following products are associated with the download:
Supported products:
J9145A HP 2910-24G AL SWITCH
J9146A HP 2910-24G-POE+ AL SWITCH
J9147A HP 2910-48G AL SWITCH
J9148A HP 2910-48G-POE+ AL SWITCH
IMPORTANT: This software includes an update to BootROM W.14.06.
If your switch has an older version of BootROM, the BootROM will be
updated with this software. Do not interrupt power to the switch
during this important update!
++++++++++++++++++++++++++
Digital Signature Note: Beginning with W.15.09, the switch software includes a digital signature. However, if this software is downloaded by an earlier software version that does not understand digital signatures, the earlier software will remove the digital signature before storing the new software in flash.
In order to have digitally-signed software in the switch, you must boot the switch into W.15.09 or later software, and then re-download the W.15.09 or later software into the same flash it is already in (primary or secondary). Because the switch is now using a software version that understands digital signatures, the signature is not stripped during the download.
Use the verify signature flash command to see if the software has a digital signature. After entering the command, if the software is digitally signed the switch does nothing for approximately 30 seconds, then responds. If the software is not digitally signed, the switch responds in approximately 10 seconds.
-------------------
Hence if I am understanding the above notes correctly , since we are updating from an earlier version "W.14.04" we must upload the new firmware 2 times fro the digital signature to stay.
ASKER
I have made some adjustments to my document to include the dual installation. This dual installation is a surprise and i would prefer that I understand the necessary steps involved before I begin the process.
Please see the attached document and let me know if it is correct or if any adjustments are required.
Thank you,
How-to-update-the-firmware-on-an-HP-ProC
Please see the attached document and let me know if it is correct or if any adjustments are required.
Thank you,
How-to-update-the-firmware-on-an-HP-ProC
ASKER
Hopefully this word document will be compliant and everyone can review it.
thefirmwareHP.docx
thefirmwareHP.docx
ASKER
How to update the firmware on an HP ProCurve Ethernet Switch with a USB drive.
I am creating these notes in reference to: http://evilrouters.net/2008/12/14/upgrading-hp-procurve-firmware-via-usb-flash-drive/
Pre-requistes:
• Create a backup configuration of the switch before you make any changes.
• Be able to connect to the switch from an SSH connection (putty) from a laptop/PC.
o Serial Connection (just in case)
o IP connection
• Plan a maintenance window because the switch will need to be rebooted.
• Download the new correct firmware (.swi file) from a reliable source.
• Functional USB drive that you can use (try saving a copy of a config to it, just to be sure).
Where may I find the current firmware files (.swi) for the following HP ProCurve Switches:
1. 2910al-48G (J9147A) //GB Ethernet Switch
2. 2910al-48G (J9148A) //POE + Switch
3. 2910al-24G (J9145A) //GB Ethernet Switch
https://h10145.www1.hpe.com/Downloads/DownloadSoftware.aspx?SoftwareReleaseUId=12042&ProductNumber=J9147A&lang=en&cc=us&prodSeriesId=3901671&OrderNumber=&PurchaseDate=
Supported products:
J9145A HP 2910-24G AL SWITCH
J9146A HP 2910-24G-POE+ AL SWITCH
J9147A HP 2910-48G AL SWITCH
J9148A HP 2910-48G-POE+ AL SWITCH
The actual file is named: W_15_14_0012.swi
The version that these switches are currently running is:
>show version<enter>
Image stamp: /sw/code/build/sbm(t4a)
Nov 5 2009 18:02:07
W.14.38
51
Boot Image: Primary
Yes, they all produce identical results when I run the above mentioned command.
The version of FLASH that these switches are currently running is:
>show flash<enter>
Image Size(Bytes) Date Version
----- ---------- -------- -------
Primary Image : 8482560 11/05/09 W.14.38
Secondary Image : 8482560 11/05/09 W.14.38
Boot Rom Version: W.14.04
Default Boot : Primary
Since, in this case, both primary/secondary have the same type of FLASH image, I will overwrite the primary only. That way the secondary will be ready if we need to revert back.
After I copy the new image to the Primary location I will then reboot the switch, with the new software.
If you run the ‘dir’ command, that reads the usb drive only.
Make sure that you can ping the switch before the update.
Make sure the web interface is functional before the update.
in order to have digitally-signed software in the switch, you must boot the switch into W.15.09 or later software, and then re-download the W.15.09 or later software into the same flash it is already in (primary or secondary). Because the switch is now using a software version that understands digital signatures, the signature is not stripped during the download.
To actually upgrade the switch.
1. Save the .swi file to the USB drive.
2. Plug in the USB drive to the HP ProCurve Switch.
3. Begin running continuous pings on the Ip address of the switch.
4. Logon to the Switch, as admin, with an SSH connection (Putty.exe)
a. Enable the ‘config’ privileges >config<enter>
5. Type >verify signature flash<enter>
a. To verify if the software has a digital signature.
b. The command, if the software is digitally signed the switch does nothing for approximately 30 seconds, then responds.
c. If the software is not digitally signed, the switch responds in approximately 10 seconds.
6. Copy the file from the usb drive: >copy usb flash W_15_14_0012.swi primary<enter>
a. A warning message will come up stating that the previous image will be overwritten, do you want to continue? (y).
b. Then, a message stating that the system software is validating and being written to the Filesytem show come up in the CLI.
7. When the copy has completed, please remove the usb drive.
8. Then reboot the switch.
a. >boot system flash primary<enter>
b. >y<enter> to proceed.
9. Monitor the continuous pings that were started from step 3.
10. Time the restart process, it should take about 1 minute to reboot.
11. Wait 1 more minute before you test the switch’s functionality.
12. I would wait 2 minute after you receive ping replies before you attempt to connect to the Web Interface of the switch.
13. Type >verify signature flash<enter>
a. Because the switch is now using a software version that understands digital signatures, the signature is not stripped during the download.
14. Repeat Steps 6-12 to complete the update.
If there is a problem reboot the switch from the secondary location by typing:
>boot system flash secondary<enter>
I am creating these notes in reference to: http://evilrouters.net/2008/12/14/upgrading-hp-procurve-firmware-via-usb-flash-drive/
Pre-requistes:
• Create a backup configuration of the switch before you make any changes.
• Be able to connect to the switch from an SSH connection (putty) from a laptop/PC.
o Serial Connection (just in case)
o IP connection
• Plan a maintenance window because the switch will need to be rebooted.
• Download the new correct firmware (.swi file) from a reliable source.
• Functional USB drive that you can use (try saving a copy of a config to it, just to be sure).
Where may I find the current firmware files (.swi) for the following HP ProCurve Switches:
1. 2910al-48G (J9147A) //GB Ethernet Switch
2. 2910al-48G (J9148A) //POE + Switch
3. 2910al-24G (J9145A) //GB Ethernet Switch
https://h10145.www1.hpe.com/Downloads/DownloadSoftware.aspx?SoftwareReleaseUId=12042&ProductNumber=J9147A&lang=en&cc=us&prodSeriesId=3901671&OrderNumber=&PurchaseDate=
Supported products:
J9145A HP 2910-24G AL SWITCH
J9146A HP 2910-24G-POE+ AL SWITCH
J9147A HP 2910-48G AL SWITCH
J9148A HP 2910-48G-POE+ AL SWITCH
The actual file is named: W_15_14_0012.swi
The version that these switches are currently running is:
>show version<enter>
Image stamp: /sw/code/build/sbm(t4a)
Nov 5 2009 18:02:07
W.14.38
51
Boot Image: Primary
Yes, they all produce identical results when I run the above mentioned command.
The version of FLASH that these switches are currently running is:
>show flash<enter>
Image Size(Bytes) Date Version
----- ---------- -------- -------
Primary Image : 8482560 11/05/09 W.14.38
Secondary Image : 8482560 11/05/09 W.14.38
Boot Rom Version: W.14.04
Default Boot : Primary
Since, in this case, both primary/secondary have the same type of FLASH image, I will overwrite the primary only. That way the secondary will be ready if we need to revert back.
After I copy the new image to the Primary location I will then reboot the switch, with the new software.
If you run the ‘dir’ command, that reads the usb drive only.
Make sure that you can ping the switch before the update.
Make sure the web interface is functional before the update.
in order to have digitally-signed software in the switch, you must boot the switch into W.15.09 or later software, and then re-download the W.15.09 or later software into the same flash it is already in (primary or secondary). Because the switch is now using a software version that understands digital signatures, the signature is not stripped during the download.
To actually upgrade the switch.
1. Save the .swi file to the USB drive.
2. Plug in the USB drive to the HP ProCurve Switch.
3. Begin running continuous pings on the Ip address of the switch.
4. Logon to the Switch, as admin, with an SSH connection (Putty.exe)
a. Enable the ‘config’ privileges >config<enter>
5. Type >verify signature flash<enter>
a. To verify if the software has a digital signature.
b. The command, if the software is digitally signed the switch does nothing for approximately 30 seconds, then responds.
c. If the software is not digitally signed, the switch responds in approximately 10 seconds.
6. Copy the file from the usb drive: >copy usb flash W_15_14_0012.swi primary<enter>
a. A warning message will come up stating that the previous image will be overwritten, do you want to continue? (y).
b. Then, a message stating that the system software is validating and being written to the Filesytem show come up in the CLI.
7. When the copy has completed, please remove the usb drive.
8. Then reboot the switch.
a. >boot system flash primary<enter>
b. >y<enter> to proceed.
9. Monitor the continuous pings that were started from step 3.
10. Time the restart process, it should take about 1 minute to reboot.
11. Wait 1 more minute before you test the switch’s functionality.
12. I would wait 2 minute after you receive ping replies before you attempt to connect to the Web Interface of the switch.
13. Type >verify signature flash<enter>
a. Because the switch is now using a software version that understands digital signatures, the signature is not stripped during the download.
14. Repeat Steps 6-12 to complete the update.
If there is a problem reboot the switch from the secondary location by typing:
>boot system flash secondary<enter>
ASKER
it appears that I will have to just do it and then see what happens.
ASKER
My notes worked like a champ; but the correct syntax to check the signature was:
Type >verify signature flash primary<enter>
>(config)# verify signature flash primary
Signature is valid
Type >verify signature flash primary<enter>
>(config)# verify signature flash primary
Signature is valid
ASKER