Professional Documents
Culture Documents
Switches
V200R010SPH002
Patch Installation Guide
Issue 01
Date 2017-05-22
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulat ed by the contract made bet ween Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. E very effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://e.huawei.com
Contents
2.1 Checklist
Table 2-1 lists the preparations for the patch installation.
Step 2 Download the patch software and version documents of S1720 V200R010SPH002/S2700
V200R010SPH002/S5700 V200R010SPH002/S6720 V200R010SPH002.
Step 3 Verify the downloaded files and check the file information against the following table.
S5700-P-LI-V200R010C00 S5700-P-LI-V200R010C00
SPC600.002.web.7z SPC600.002.web.7z.asc
S5700S-28P-PWR-LI-V200 S5700S-28P-PWR-LI-V200
R010C00SPC600.002.web.7 R010C00SPC600.002.web.7
z z.asc
S5700S-P-LI-V200R010C0 S5700S-P-LI-V200R010C0
0SPC600.002.web.7z 0SPC600.002.web.7z.asc
S5700S-X-LI-V200R010C0 S5700S-X-LI-V200R010C0
0SPC600.002.web.7z 0SPC600.002.web.7z.asc
S5700-TP-LI-V200R010C0 S5700-TP-LI-V200R010C0
0SPC600.002.web.7z 0SPC600.002.web.7z.asc
S5700-X-LI-V200R010C00 S5700-X-LI-V200R010C00
SPC600.002.web.7z SPC600.002.web.7z.asc
S5710-X-LI-V200R010C00 S5710-X-LI-V200R010C00
SPC600.002.web.7z SPC600.002.web.7z.asc
S5720EI-V200R010C00SP S5720EI-V200R010C00SP
C600.002.web.7z C600.002.web.7z.asc
S5720HI-V200R010C00SP S5720HI-V200R010C00SP
C600.002.web.7z C600.002.web.7z.asc
S5720LI-V200R010C00SP S5720LI-V200R010C00SP
C600.002.web.7z C600.002.web.7z.asc
S5720SI-V200R010C00SP S5720SI-V200R010C00SP
----End
Step 1 Check that the running system version matches the patch version.
Step 2 Check whether the switch has patches and view the patch versions.
If no patch is running on the switch, the following information is displayed:
If the Startup patch field has an empty value, the AS does not have a patch. If the AS has
patches, the patch versions are displayed.
----End
If the switch is working properly, the value of the Online field is Present and the value of the
Register field is Registered.
Step 2 (Optional) Before installing a patch to an SVF, check the status of eac h AS.
----End
Run the dir command in the user view to check available space in the flash memory. Ensure
that the available space is sufficient for the SP.
If the available space in the flash memory is insufficient for the patch file, delete redundant
files to free up space.
Before deleting the system software (with the file name extension .cc), configuration file (with the file
name extension .cfg or .zip), license file (with the file name extension .dat), web file (with the file name
extension .web.zip or .web.7z), or patch file (with the file name extension .pat), ensure that they are not
in use.
The files deleted by the delete command are stored in the recycle bin. To restore these files,
run the undelete command. The files in the recycle bin still occupy CF card space. The reset
recycle-bin command permanently deletes all files from the recycle bin.
You can also run the delete /unreserved command to permanently delete files without placing
them in the recycle bin. This command is equivalent to running the delete and reset
recycle-bin commands in sequence.
----End
When a patch file is uploaded or downloaded to a stack, the file must be stored in the flash
memory of the master switch.
The FTP protocol will bring risk to network security. The SFTP or FTPS protocol is recommended.
Enable the FTP service on the switch, and set the FTP user name to ftpuser and password to
Huawei@123.
<Quidway> system-view
[Quidway] ftp server enable
Warning: FTP is not a secure protocol, and it is recommended to use SFTP.
Info: Succeeded in starting the FTP server.
[Quidway] aaa
[Quidway-aaa] local-user ftpuser password cipher Huawei@123
Info: Add a new user.
[Quidway-aaa] local-user ftpuser service-type ftp
[Quidway-aaa] local-user ftpuser ftp-directory flash:/
[Quidway-aaa] local-user ftpuser privilege level 15
[Quidway-aaa] return
This example assumes that the FTP server runs the Windows XP operating system.
Save the patch file to be uploaded in the specified directory (for example, D:\>directory).
Choose Start > Run. Enter cmd, and then press Enter. Enter ftp 1.1.1.1. Enter the user name
and password as prompted, and press Enter. The following information is displayed:
D:\>ftp 1.1.1.1
Connected to 1.1.1.1.
220 FTP service ready.
User (1.1.1.2:(none)): ftpuser
331 Password required for ftpuser.
Password:
230 Logged on.
ftp>
Ensure that the FTP client (PC) and the FTP server (switch) can communicate with each other.
Run the put source-filename [destination-filename] command on the FTP client (PC) to
upload the patch file. After the patch file is uploaded, run the bye command to close the FTP
connection.
ftp> bin
200 Type set to I.
ftp>
ftp> put D:\S5700LI-V200R010SPH0001.pat
200 Port command okay.
150 Opening Binary mode data connection for directory list.
226 Transfer complete.
ftp: 76,194byte(s) received in 2.2370 second(s)85.308Kbyte(s)/sec.
ftp> bye
221 Goodbye.
D:\>
----End
The FTP protocol will bring risk to network security. The SFTP or FTPS protocol is recommended.
Ensure that the FTP client (switch) and the FTP server (PC) can communicate with each other.
Save the patch file to be uploaded in the specified directory (for example, the FTP root
directory) on the FTP server. Use Telnet to log in to the switch through the management
interface. Enter the following information on the operation terminal to log in to the FTP
server.
[ftp] bin
200 Type set to I.
[ftp]
[ftp] get S5700LI-V200R010SPH001.pat
200 Port command successful.
150 Opening data channel for file download from server of S5700LI -V200R010SPH001.pat.
226 Successfully transferred "ES5700LI-V200R010SPH001.pat".
FTP: 76,194byte(s) received in 2.2370 second(s)85.308Kbyte(s)/sec.
[ftp] bye
221 Goodbye .
<Quidway>
----End
Huawei does not provide SFTP server software. Obtain the software and install it before the upgrade.
Ensure that the SFTP client (switch) and the SFTP server (PC) can ping each other.
Save the patch file to be loaded to the SFTP server directory (for example, the SFTP root
directory), log in to the switch from the management interface through Telnet, and enter the
following command on the switch to log in to the SFTP server:
<Quidway> system-view
[Quidway] ssh client first-time enable
[Quidway] sftp 1.1.1.1
Please input the username:sftpuser
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1 ...
Warning: The preferred encryption or digest algorithm is insecure. Using a security
algorithm (AES-256,SHA-256) is recommended.
The server's public key does not match the one catched before.
The server is not authenticated. Continue to access it? [Y/N]:y
Update the server's public key now? [Y/N]: y
<sftp-client> quit
----End
On the S1720&S2700&S5700&S6720, the methods of installing the patch file in a stack and on a
single device are the same. In a stack, you only need to install the patch file on the master switch.
In patch-related commands, the all keyword is mandatory. This keyword indicates the local device in
a standalone environment and indicates all member devices in a stack.
Method 1
Step 1 Load the patch file.
<Quidway> patch load S5700LI-V200R010SPH001.pat all
Info: The patch is being loaded. Please wait for a moment.
Info: Succeeded in loading the patch on the master board.............
Info: Finished loading the patch.
----End
Method 2
Step 1 Load and run the patch file.
<Quidway> patch load S5700LI-V200R010SPH001.pat all run
Info: The patch is being loaded. Please wait for a moment.
Info: Succeeded in running the patch on the master board............ .
Info: Finished loading the patch.
----End
The http server load default command loads the web file in the current system software.
----End
************************************************************************
* Information about hot patch errors is as follows: *
************************************************************************
Slot CurrentVersion
------------------------------------------------------------
*************************************************************** *********
* The hot patch information, as follows: *
************************************************************************
Run the dir command in the user view to check the name and size of the web file on the
switch. Ensure that the web file is correctly uploaded or downloaded.
Run the display current-configuration | include http server load command to check
whether the loaded web file is correct.
Step 2 Open the web browser on the PC, enter the management IP address of the switch, and press
Enter to display the Login page. (Ensure that the PC and switch have a reachable route to
each other.) Enter the web account, password, and select a language for the web system.
Step 3 Click Login or press Enter. The web system homepage is displayed.
----End
Step 3 (Optional) Load the old patch file. For details, see 3.1.3 Loading the Patch File.
Whether this step needs to be performed depends on the result of step 2 in 2.4 Verifying the
Running Version.
If no patch is running on the device before the upgrade, this step is skipped. If patches have
run on the device before the upgrade, load the old patch file.
Step 4 Run the display patch-information command to view patch information. The command
output should be the same as the result of step 2 in 2.4 Verifying the Running Version.
----End
In an SVF system, the patch files of parent and AS need to be transferred to the flash memory
of the parent, and then the patch file of AS is moved to unimng/ in the root directory of the
parent.
The FTP protocol will bring risk to network security. The SFTP or FTPS protocol is recommended.
Enable the FTP service on the switch, and set the FTP user name to ftpuser and password to
Huawei@123.
<Quidway> system-view
[Quidway] ftp server enable
Warning: FTP is not a secure protocol, and it is recommended to use SFTP.
Info: Succeeded in starting the FTP server.
[Quidway] aaa
[Quidway-aaa] local-user ftpuser password cipher Huawei@123
Info: Add a new user.
[Quidway-aaa] local-user ftpuser service-type ftp
[Quidway-aaa] local-user ftpuser ftp-directory flash:/
[Quidway-aaa] local-user ftpuser privilege level 15
[Quidway-aaa] return
<Quidway> system-view
[Quidway] interface vlanif 1
[Quidway-Vlanif1] ip address 1.1.1.1 24
[Quidway-Vlanif1] quit
This example assumes that the FTP server runs the Windows XP operating system.
Save the patch file to be uploaded in the specified directory (for example, D:\>directory).
Choose Start > Run. Enter cmd, and then press Enter. Enter ftp 1.1.1.1. Enter the user name
and password as prompted, and press Enter. The following information is displayed:
D:\>ftp 1.1.1.1
Connected to 1.1.1.1.
220 FTP service ready.
User (1.1.1.2:(none)): ftpuser
331 Password required for ftpuser.
Password:
Ensure that the FTP client (PC) and the FTP server (switch) can communicate with each other.
Run the put source-filename [destination-filename] command on the FTP client (PC) to
upload the patch file. After the patch file is uploaded, run the bye command to close the FTP
connection.
ftp> bin
200 Type set to I.
ftp>
ftp> put D:\S5720HI-V200R010SPH0001.pat
200 Port command okay.
150 Opening Binary mode data connection for directory list.
226 Transfer complete.
ftp: 730,110byte(s) received in 2.2370 second(s)85.308Kbyte(s)/sec.
ftp> put D:\S5700LI-V200R010SPH0001.pat
200 Port command okay.
150 Opening Binary mode data connection for directory list.
226 Transfer complete
D:\>
----End
The FTP protocol will bring risk to network security. The SFTP or FTPS protocol is recommended.
<Quidway> system-view
[Quidway] interface vlanif 1
[Quidway-Vlanif1] ip address 1.1.1.1 24
[Quidway-Vlanif1] quit
Ensure that the FTP client (switch) and the FTP server (PC) can communicate with each other.
Save the patch file to be uploaded in the specified directory (for example, the FTP root
directory) on the FTP server. Use Telnet to log in to the switch through the management
interface. Enter the following information on the operation terminal to log in to the FTP
server.
Run the get source-filename [destination-filename] command on the FTP client (switch) to
download the patch file from the FTP server. After the patch file is downloaded, run the bye
command to close the FTP connection.
[ftp] bin
200 Type set to I.
[ftp]
[ftp] get S5720HI-V200R010SPH001.pat
200 Port command successful.
150 Opening data channel for file download from server of S5720HI-V200R010SPH001.pat.
226 Successfully transferred "S5720HI-V200R010SPH001.pat".
FTP: 730,110byte(s) received in 2.2370 second(s)85.308Kbyte(s)/sec.
[ftp] get S5700LI-V200R010SPH001.pat
200 Port command successful.
150 Opening data channel for file download from server of S5700LI -V200R010SPH001.pat.
226 Successfully transferred "S5700LI-V200R010SPH001.pat".
FTP: 76,194 byte(s) received in 2.2370 second(s) 85.308Kbyte(s)/sec.
[ftp] bye
221 Goodbye .
<Quidway>
----End
Huawei does not provide SFTP server software. Obtain the software and install it before the upgrade.
Ensure that the SFTP client (switch) and the SFTP server (PC) can ping each other.
Save the patch file to be loaded to the SFTP server directory (for example, the SFTP root
directory), log in to the switch from the management interface through Telnet, and enter the
following command on the switch to log in to the SFTP server:
<Quidway> system-view
[Quidway] ssh client first-time enable
[Quidway] sftp 1.1.1.1
Please input the username:sftpuser
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1 ...
Warning: The preferred encryption or digest algorithm is insecure. Using a security
algorithm (AES-256,SHA-256) is recommended.
The server's public key does not match the one catched before.
The server is not authenticated. Continue to access it? [Y/N]:y
Update the server's public key now? [Y/N]: y
Run the get remote-filename [ local-filename ] command on the SFTP client (switch) to
download the patch file from the SFTP server.
----End
Method 1
Step 1 Load the patch file.
----End
Method 2
Step 1 Load and run the patch file.
<Quidway> patch load S5720HI-V200R010SPH001.pat all run
Info: The patch is being loaded. Please wait for a moment....
Info: Succeeded in running the patch on the master board.
Info: The master board does not have kernel patch to be loaded..............
Info: Succeeded in running ENP patch on the master board......
Info: Finished loading the patch.
----End
If the local file server has been configured, skip this step.
<Quidway> system-view
[Quidway] uni-mng
[Quidway-um] upgrade local-ftp-server username admin-uni password Test@1234
[Quidway-um]return
Step 2 Move the patch file of AS to the unimng/ directory in the root directory of the parent.
Step 3 Set the name of the patch file to be loaded to the AS.
<Quidway> system-view
[Quidway] uni-mng
[Quidway-um] as type S5700-P-LI patch S5700LI-V200R010SPH001.pat
[Quidway-um]return
<Quidway>system-view
[Quidway]uni-mng
[Quidway-um] upgrade as all
Warning: This command will start the AS upgrade process. Continue?[Y/N]: y
[Quidway-um]return
When the results (Result fields) on all ASs displays successful, system software has been
successfully loaded to all ASs.
----End
The http server load default command loads the web file in the current system software.
----End
************************************************************************
* Information about hot patch errors is as follows: *
************************************************************************
Slot CurrentVersion
------------------------------------------------------------
************************************************************************
* The hot patch information, as follows: *
************************************************************************
Check whether the Startup patch field displays the name of the required patch file. If an
incorrect patch is loaded, load the correct one.
----End
Run the dir command in the user view to check the name and size of the web file on the
switch. Ensure that the web file is correctly uploaded or downloaded.
Run the display current-configuration | include http server load command to check
whether the loaded web file is correct.
Step 2 Open the web browser on the PC, enter the management IP address of the switch, and press
Enter to display the Login page. (Ensure that the PC and switch have a reachable route to
each other.) Enter the web account, password, and select a language for the web system.
Step 3 Click Login or press Enter. The web system homepage is displayed.
----End
<Quidway>system-view
[Quidway]uni-mng
[Quidway-um]undo as type S5700-P-LI patch
[Quidway-um]patch delete as all
Warning: This command will start to delete the patch of AS. Continue? [Y/N]:y
Info: This operation will take several seconds. Please wait...
[Quidway-um]return
<Quidway>reboot uni-mng
Info: Start to reboot the uni-mng system.
Info: This operation will take several seconds. Please wait....
Warning: Ensure that the configuration file has been saved. This command will re
boot the uni-mng system. Continue? [Y/N]:y
Step 4 (Optional) Load the previous patch file of the parent. For details, see 4.1.3 Loading the Patch
File of Parent.
Whether this step needs to be performed depends on the result of step 2 in 2.4 Verifying the
Running Version.
If no patch is running on the device before the upgrade, this step is skipped. If patches have
run on the device before the upgrade, load the old patch file.
Step 5 Run the display patch-information command to view patch information. The command
output should be the same as the result of step 2 in 2.4 Verifying the Running Version.
Step 6 (Optional) Load the previous patch file of the AS. For details, see 4.1.4 Loading the Patch
File of AS.
Whether this step needs to be performed depends on the result of step 3 in 2.4 Verifying the
Running Version.
If no patch is running on the device before the upgrade, this step is skipped. If patches have
run on the device before the upgrade, load the old patch file.
Step 7 Run the display uni-mng upgrade-info verbose command to view patch information. The
command output should be the same as the result of step 3 in 2.4 Verifying the Running
Version.
----End
F
FTP File Transfer Protocol
S
SFTP Secure File Transfer Protocol