Notices
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website.
Acknowledgments
Release Notes
Description
This release note covers software versions for the ArubaOS-CX 10.00 branch of the software.
If you run the
show version
command on the 8320, the version number will display TL.10.00.xxxx, where
xxxx is the minor version number.
ArubaOS-CX is a new, modern, fully programmable operating system built using a database-centric design that ensures higher availability and dynamic software process changes for reduced downtime. In addition to robust hardware reliability, the ArubaOS-CX operating system includes additional software elements not available with traditional systems, including the features included in the Enhancements section of this release note.
Version 10.00.0006 was the initial build of major version 10.00 software.
Product series supported by this software:
Aruba 8320 Switch Series
Important information
Version history
All released versions are fully supported by Hewlett Packard Enterprise, unless noted in the table.
Version number | Release date | Based on | Remarks |
---|---|---|---|
10.00.0019 | 2018-07-19 | 10.00.0018 | Released, fully supported, and posted on the web. |
10.00.0018 | 2018-05-18 | 10.00.0017 | Released, fully supported, and posted on the web. |
10.00.0017 | n/a | 10.00.0016 | Never released. |
10.00.0016 | 2018-05-01 | 10.00.0015 | Released, fully supported, and posted on the web. |
10.00.0015 | 2018-04-23 | 10.00.0014 | Released, fully supported, and posted on the web. |
10.00.0014 | 2018-04-06 | 10.00.0013 | Released, fully supported, and posted on the web. |
10.00.0013 | 2018-03-28 | 10.00.0012 | Released, fully supported, and posted on the web. |
10.00.0012 | 2018-03-13 | 10.00.0011 | Released, fully supported, and posted on the web. |
10.00.0011 | n/a | 10.00.0010 | Never released. |
10.00.0010 | 2018-02-28 | 10.00.0008 | Released, fully supported, and posted on the web. |
10.00.0009 | n/a | Never built. | |
10.00.0008 | 2018-02-15 | 10.00.0007 | Released, fully supported, and posted on the web. |
10.00.0007 | 2018-01-29 | 10.00.0006 | Released, fully supported, and posted on the web. |
10.00.0006 | 2018-01-10 | Initial release of ArubaOS-CX 10.00 for the 8320 switch. Released, fully supported, and posted on the web. |
Products supported
This release applies to the following product models:
Product number | Description |
---|---|
JL479A | Aruba 8320 48p 10G SFP/SFP+ and 6p 40G QSFP+ with X472 5 Fans 2 Power Supply Switch Bundle |
JL579A | Aruba 8320 32p 40G QSFP+ with X472 5 Fans 2 Power Supply Switch Bundle |
JL581A | Aruba 8320 48p 1G/10GBASE-T and 6p 40G QSFP+ with X472 5 Fans 2 Power Supply Switch Bundle |
Compatibility/interoperability
The switch web agent supports the following web browsers:
Browser | Minimum supported versions |
---|---|
Edge (Windows) | 38 |
Chrome (Ubuntu) | 54 (desktop) 56 (mobile) |
Firefox (Ubuntu) | 52 |
Safari (MacOS, IOS Only) | 10 |
Internet Explorer is not supported.
The following table provides information on compatibility of the switches found in this release note with network management software:
Management software | Supported version(s) |
---|---|
Airwave | 8.2.6 |
Network Automation | 10.10, 10.11, 10.20, 10.21, 10.30, 10.40 |
Network Node Manager i | 10.10, 10.20, 10.21, 10.30, 10.40 |
IMC | 7.3 (E0506P05) |
For more information, see the respective software manuals.
Minimum supported software versions
If your switch or module is not listed in the below table, it runs on all versions of the software.
Product number | Product name | Minimum software version |
---|---|---|
JL579A | Aruba 8320 32p 40G QSFP+ with X472 5 Fans 2 Power Supply Switch Bundle | 10.00.0008 |
JL581A | Aruba 8320 48p 1G/10GBASE-T and 6p 40G QSFP+ with X472 5 Fans 2 Power Supply Switch Bundle | 10.00.0013 |
Q9G82A | Aruba 40G QSFP+ LC ER4 40km SMF XCVR | 10.00.0018 |
Enhancements
This section lists enhancements added to this branch of the software.
Software enhancements are listed in reverse-chronological order, with the newest on the top of the list. Unless otherwise noted, each software version listed includes all enhancements added in earlier versions.
Version 10.00.0019
No enhancements were included in version 10.00.0019.
Version 10.00.0018
Transceivers
Version 10.00.0017
Version 10.00.0017 was never released.
Version 10.00.0016
No enhancements were included in version 10.00.0016.
Version 10.00.0015
No enhancements were included in version 10.00.0015.
Version 10.00.0014
No enhancements were included in version 10.00.0014.
Version 10.00.0013
Hardware support
PVST convergence
PVST interoperability
Version 10.00.0012
No enhancements were included in version 10.00.0012.
Version 10.00.0011
Version 10.00.0011 was never released.
Version 10.00.0010
No enhancements were included in version 10.00.0010.
Version 10.00.0009
Version 10.00.0009 was never built.
Version 10.00.0008
Hardware support
Version 10.00.0007
VLAN names
Web UI and REST certificates
Version 10.00.0006
Checkpoint configuration management
Aruba Network Analytics Engine: AI for Networking
The Aruba Network Analytics Engine is a first-of-a-kind built-in framework for network assurance and remediation. Combining the full automation and deep visibility capabilities of the ArubaOS-CX operating system, this unique framework allows monitoring, troubleshooting, and network data collection through simple scripting agents.
ArubaOS-CX REST API
Switches running the ArubaOS-CX software are fully programmable with a REST (Representational State Transfer) API, allowing easy integration with other devices both on premises and in the cloud. This programmability, combined with the Aruba Network Analytics Engine, accelerates network administrator's understanding of, and response to, network issues. The ArubaOS-CX REST API enables programmatic access to the ArubaOS-CX database at the heart of the switch. Because everything in the switch is modeled in a structured way, coupled with its programmability, it's capable of being highly automated. By using a structured model, changes to the content and formatting of the CLI output do not affect the programs you write.
VLAN configuration display on trunk interface
Support was added to display VLAN configurations on a trunk interface. To display the configuration, use the
show interface trunk
command. For example:
switch# show interface trunk ---------------------------------------------------------------------- Port Native VLAN Trunk VLANs ---------------------------------------------------------------------- 1/1/17 None 10,20,30,40 1/1/19 20 20,30
VLAN custom description
Other software features
Other software features found in this release include the following:
Category | Features |
---|---|
Layer 2 | IEEE 802.3 Long frame (1518 to 1536 bytes) Jumbo frame (1536 to 9216 bytes) VLAN IEEE 802.1Q IEEE 802.1p RSTP (802.1w) MSTP (802.1s) LACP (802.3ad) Mirroring RPVST+ Loop Protect LLDP MVRP |
Layer 3 | ARP IP datagram forwarding IP options TCP (RFC 793) UDP (RFC 768) ICMP IPv6 ND IPv6 FIB Layer 3 routing interface VRF Lite |
Routing | IPv4 routing:
IPv6 routing:
|
Multicast | IGMP snooping IGMP v2/v3 PIM-SM |
ACL & QoS | Remarking 802.1p, DSCP, IP precedence, and local precedence by ACL rule Mapping 802.1p, DSCP, IP precedence, or local precedence to output queue Strict Priority Basic ACL Advanced ACL Rate limiting Deficit Weighted Round Robin (DWRR) Port priority |
Management | SNMP v2/v3 Public MIBs Private (Enterprise) MIBs Syslog/Debug Airwave IMC CLI Dual-image Console login SSH login Web UI sFlow Control Plane Policing |
Application protocols | Ping DNS client DHCP client DHCP relay TFTP client SFTP client NTP client |
High Availability | VRRP MCLAG |
Security | RADIUS TACACS+ |
Fixes
This section lists released builds that include fixes found in this branch of the software. Software fixes are listed in reverse-chronological order, with the newest on the top of the list. Unless otherwise noted, each software version listed includes all fixes added in earlier versions.
The Symptom statement describes what a user might experience if this is seen on the network. The Scenario statement provides additional environment details and trigger summaries. When available, the Workaround statement provides a workaround to the issue for customers who decide not to update to this version of software.
The number that precedes the fix description is used for tracking purposes.
Version 10.00.0019
CPU Utilization
CR_35960
Symptom: The switch reports incorrect CPU utilization in the output of the
show system
command.
Scenario: In certain conditions, the switch may fail to update the true CPU utilization information in the output of the
show system
command and keep reporting the last recorded value.
Workaround: Make a change to the polling interval of the system resources utilization using the
system resource-utilization poll-interval
command to get it out of the stuck state.
The default value for poll-interval is 10, hence toggle to some other value and then revert it back to 10. For example:
switch(config)# system resource-utilization poll-interval 15 switch(config)# system resource-utilization poll-interval 10
Version 10.00.0018
MCLAG
CR_30910
Version 10.00.0017
Version 10.00.0017 was never released.
Version 10.00.0016
MCLAG
CR_32753
Version 10.00.0015
CPU Utilization
CR_28803
DHCP Relay
CR_32077
Event Log
CR_31967
LEDs
CR_31773
CR_31779
Symptom: Port LED shows incorrect activity status for some of the 1G ports.
Scenario: When there is network activity on the 1G port, the port activity LED does not indicate the correct state. When the cable is removed while traffic is running through the port, the activity LED shows an inconsistent state.
Workaround: There is no functional impact on traffic.
Spanning Tree
CR_32336
Symptom: In certain cases, spanning tree fails to converge.
Scenario: When an interface participating in the spanning tree is changed from L2 to L3 and back to L2 interface, spanning tree may fail to converge.
Workaround: Disable and re-enable spanning tree whenever converting an L2 interface to an L3 interface.
Transceivers
CR_29206
Symptom: Switch Interface remains stuck in "waiting for link state".
State information: Waiting for link
interface <port-list> shutdown no shutdown
Version 10.00.0014
MCLAG
CR_31769
Symptom: The switch crashes and reboots when configuring MC-LAG.
Scenario: When adding a switch port to a multi-chassis interface, after removing the same port from the inter-switch-link (ISL) interface, the switch may crash and reboot.
Workaround: Add another port to the ISL interface, before configuring the previous port to a multi-chassis interface.
CR_31957
Symptom: The switch event logs show frequent additions and deletions of L3 host entries.
|ops-switchd|1710|LOG_INFO|AMM|-|Deleted L3 host entry for ip 10.121.2.20 |ops-switchd|1708|LOG_INFO|AMM|-|Added L3 host entry for ip 10.121.2.20
Spanning Tree
CR_31376
Symptom: The network experiences spanning-tree instability issues.
Scenario: In a mixed spanning-tree topology with an ArubaOS-CX switch running RPVST on VLAN 1 and interoperating with a peer device running RSTP or RPVST, the spanning-tree may experience instability issues and frequent topology changes (TCN).
Workaround: Disable and re-enable the extended system-id on the ArubaOS-CX switch.
Version 10.00.0013
Event Log
CR_30649
Symptom: The switch event log reports a crash for the 'rsyslogd' process.
Scenario: In certain conditions, the switch may report in event logs a crash for "rsyslogd" process in a message similar to:
rsyslogd crashed due to signal:6
Workaround: The process will automatically restart after the crash and generate a core dump file listed in the
show core-dump all
command.
Jumbo Frames
CR_30683
Multicast
CR_22901
CR_31167
Symptom: The switch enters a hung state and fails to reboot or failover to the second management module (if running on a chassis switch with dual management modules).
Scenario: When multiple IGMP reports for well known multicast group addresses are received, over time the switch may enter into a hung state and fail to reboot the switch to the second management module (if running on a chassis switch with dual management modules).
Workaround: Monitor switch memory utilization and if it is observed to increase over time, manually reboot the entire switch or switch over to the second management module to prevent entering the hung state. If the switch is already in a hung state, reboot the switch to clear the hung state.
Routing
CR_30663
SNMP
CR_31123
Symptom: The SNMP process randomly crashes.
Scenario: When there are simultaneous SNMP queries processed by the switch, such as SNMP walks and
show tech
collection, the SNMP process may crash and generate a core file listed in the
show core-dump all
command.
Workaround: The SNMP process will restart immediately after the crash.
Spanning Tree
CR_30621
Symptom: Spanning tree enters an inconsistent state.
Scenario: After a switch reboot, the switch interfaces participating in the spanning tree path may be incorrectly initialized causing the spanning tree topology to enter into an inconsistent state and potentially cause network loops.
switch(config)# no spanning-tree switch(config)# spanning-tree
Version 10.00.0012
ACLs
CR_28709
Symptom: The switch is not able to apply certain ACLs.
Scenario: When an ACL in configured with VLAN rules (e.g.: "permit any any any vlan 40"), the switch does not apply the ACL and it returns an error message similar to
configuration does not match active configuration. run 'access-list all reset' to reset all access-lists to match active configuration.
Workaround: Remove the ACL rule for VLAN. Please note, that packets will not be filtered on VLAN tags.
DHCP Relay
CR_29443
Symptom: The DHCP-relay debug message displays with an incorrect severity level.
hpe-relay[1555]: debug|LOG_ERR|AMM|1/5|DHCPRELAY|DHCPRELAY|Packet discarded on interface ABDC as Interface IP address is 0.
Workaround: This is a debug message indicating the valid reason for the packet discard.
LEDs
CR_29982
Symptom: Switch LEDs incorrectly report the associated event or component state.
after a switch is initialized following a boot. The global status LED on the front panel is lit solid-amber instead of solid-green.
when a switch component fails. The global status LED on the front panel does not display as slow-flashing-amber simultaneously with the failing component LED, such as transceiver, power supply, and fan.
when a power supply fault is detected. The power supply LED on the front panel shows solid-amber instead of slow-flashing-amber.
Workaround: Use the
show environment fan | led | power-supply | temperature
command for more details on the operation status of the respective component. The switch component alerts are also reported in the output of the
show events
command.
MCLAG
CR_30430
Symptom: The switch experiences traffic loss on non-ECMP next-hop routes.
Scenario: After one of the MCLAG nodes is rebooted, the switch may fail to redirect non-ECMP next-hop routes over the MCLAG and the switch may experience traffic loss on these links.
Workaround: Disable the affected non-ECMP links or reboot both MCLAG switches to clear the state.
TACACS
CR_30213
Symptom: The SSH daemon crashes with an error similar to
signal - 11
.
aaa authentication login default tacacs local service = exec { PRIV-LVL = 15 }
Workaround: Use RADIUS authentication for switch SSH access or configure the "priv-lvl" TACACS+ attribute in lower case.
Version 10.00.0011
Version 10.00.0011 was never released.
Version 10.00.0010
No fixes were included in version 10.00.0010.
Version 10.00.0009
Version 10.00.0009 was never built.
Version 10.00.0008
DHCPv6
CR_29827
Symptom: Network clients are not able to obtain an IPv6 address from some DHCPv6 servers.
Scenario: When the switch is configured as a DHCPv6 relay agent, network clients may not be able to obtain an IPv6 address from some DHCPv6 servers.
Workaround: Do not allow the DHCP server to use the UDP source port from the packet forwarded by the agent.
LAG
CR_27723
Symptom: The switch interface displays a
lacp-block
state.
Scenario: When using a 1000SX transceiver in an LAG interface, the switch interface may get stuck in
lacp-block
status in the output of the CLI command
show lacp interfaces
after a switch reboot. For example:
Actor details of all interfaces: ------------------------------------------------------------------------------ Intf Aggr Port Port State System-id System Aggr Forwarding Name Id Pri Pri Key State ------------------------------------------------------------------------------ 1/1/1 lag1(mc)1029 1 ALFNCD 98:f2:b3:68:01:30 65534 1 up 1/1/2 lag2(mc)1037 1 ALFOE 98:f2:b3:68:01:30 65534 2 lacp-block 1/1/3 lag3(mc)1012 1 ALFNCD 98:f2:b3:68:01:30 65534 3 up
Workaround: Turn the interface on the peer side where this issue is seen OFF and then ON.
SNMP
CR_29892
Symptom/Scenario: When running multiple and repetitive SNMP queries, the switch memory utilization may increase over time.
Workaround: If observed switch memory utilization increasing over time, disable the SNMP agent on the switch using the
no snmp-service vrf mgmt | default
command and then re-enable the agent using the
snmp-service vrf mgmt | default
command.
Spanning Tree
CR_29754
Symptom: The switch incorrectly places ports in "blocking" state.
Scenario: In an MSTP configuration, if an event (such as disabling or disconnecting a port) is causing a topology change, switch ports may be incorrectly placed in "blocking" state, potentially causing two switches to become root and preventing the spanning-tree topology from properly converging. When this condition happens, the received and sent BPDU counters do not match in the output of the
show spanning-tree detail
command.
Workaround: Rebooting the switch will clear the incorrect port status and allow the spanning tree topology to properly converge.
Transceivers
CR_27891
CR_29072
Symptom: The switch is not be able to identify 40G transceiver JH231A with part number 1990-4554.
Scenario: When 40G transceiver JH231A with part number 1990-4554 is inserted in the switch port, the transceiver is not properly identified in the output of the
show interface transceiver
or
show interface brief
commands and the interface is not linked up.
1/1/32 unknown ?? ?? ??
Workaround: Use a transceiver with part number 1990-4557 instead of 1990-4554.
Version 10.00.0007
ARP
CR_28891
Symptom: In certain conditions, the switch experiences traffic loss.
Scenario: In a switch configured in an MCLAG topology with VRRP, when there is a MAC or ARP aging event or when the events are cleared using the
clear mac-address [ port | vlan ]
<PORTNAME | VLAN-ID>
or
clear arp
commands, the switch may experience traffic drops.
Workaround: Reboot the switch.
BGP
CR_22531
Symptom: Unable to remove the password for a BGP neighbor.
Scenario: When attempting to remove the BGP neighbor password using the
no neighbor
<ip-address> password
<password-string>
command, the configured password is not removed.
Workaround: Remove the
<password-string>
from the command, using just
no neighbor
<ip-address> password
.
CR_22993
Classifier
CR_28867
VLAN
CR_28993
Issues and workarounds
The following are known open issues with this branch of the software.
The Symptom statement describes what a user might experience if this is seen on the network. The Scenario statement provides additional environment details and trigger summaries. When available, the Workaround statement provides a workaround to the issue.
ARP
CR_25306
CR_25334
Symptom: Total number of neighbors is greater than the configured cache limit.
Scenario: Neighbor addition to the ARP table is not guaranteed when the amount of total neighbors is greater than the configured cache limit.
Workaround: Limit the total number of neighbors to be within the configured cache limit of 128K.
Jumbo Frames
CR_25546
L3 Addressing
CR_12008
CR_23936
LAG
CR_24779
Symptom: LAG assignments across multiple VRFs are impacted following configuration replay from a saved checkpoint with port-vrf assignment configurations.
Scenario: LAG assignments across multiple VRFs are retained even though the VRFs were deleted and the startup configuration was copied to the running configuration.
Workaround: Reboot the switch after the configuration from a checkpoint has been restored.
Multicast
CR_23498
NAE
CR_24268
OSPF
CR_08491
Transceivers
CR_27112
Symptom: The switch does not properly indicate the presence of a bad or unsupported transceiver.
Scenario: When a bad or unsupported transceiver is present in the switch, the switch does not trigger a blinking amber LED and it does not generate the error message indicating the faulty or unsupported transceiver.
Workaround: The link status is down when there is a bad or unsupported transceiver. Use the
show interface brief
command to confirm the interface is not available. Replace the bad or unsupported transceiver.
VRRP
CR_24910
Symptom: Unable to configure same IPv6 link local address as primary virtual IP address under different VRFs.
Scenario: Unique virtual link local addresses have to be configured for all VRRP IPv6 instances irrespective of VRF.
Workaround: Do not use the same virtual link local address across different VRFs.
Feature caveats
Feature | Description |
---|---|
IGMP Snooping and MCLAG | IGMP Snooping and MCLAG are mutually exclusive within a VLAN. |
MVRP and MCLAG | MVRP is mutually exclusive with MCLAG. |
MCLAG and STP (RPVST+ or MSTP) | Spanning Tree (RPVST+ and MSTP) is mutually exclusive with MCLAG. |
RPVST+ and MSTP | Spanning Tree can only run in MSTP or RPVST+ mode. |
RPVST+ and MVRP | RPVST+ is mutually exclusive with MVRP. |
VRRP and Proxy ARP | VRRP is mutually exclusive with Proxy ARP on the same interface. |
IGMP/PIM on Loopback and GRE interfaces | PIM and IGMP cannot be enabled on Loopback and GRE interfaces. |
Supportability | Syslog server configuration is supported on the default VRF for access over data ports. |
Counters | Layer 3 Route-only port counters are not enabled by default. Enabling them will reduce ipv4 route scale to 80K. |
UDLD | For a UDLD-enabled interface to not lose traffic during a failover operation, the result of multiplying 'interval' and 'retries' should be at least 8 seconds. The default values are 7000 ms (interval) x 4 (retries) = 28 seconds. |
Network Analytics Engine (NAE) | Agents monitoring a resource that has column type enum with a list of strings (as opposed to a single string enum) is not supported. |
Network Analytics Engine (NAE) | The following tables are not supported for NAE scripts: OSPF_Route, OSPF_LSA, OSPF_Neighbor, BGP_Route. |
Network Analytics Engine (NAE) | Network Analytics Engine (NAE) agents execute Command Line Interface (CLI) actions as 'admin' user, so they have permission to run any command by default. However, when the authentication, authorization and accounting (AAA) feature is enabled, the same restrictions applied to 'admin' will also apply to NAE agents. Keep that in mind when configuring the AAA service, e.g. TACACS+, and make sure to give admin user permission to run all commands needed by enabled agents. Otherwise, some CLI commands may be denied and their outputs won't be available. Actions other than CLI won't be affected and will execute normally. Also, NAE agents won't authenticate, thus the AAA service configuration must not block authorization for unauthenticated 'admin' user. ClearPass doesn't support such configuration, so it cannot be used as a TACACS+ server. |
Classifiers | IPv4 egress ACLs can be applied only to route-only ports. |
Classifiers | Classifier policies, IPv6 and MAC ACLs are not supported on egress. |
Classifiers | DSCP remarking is performed only on routed packets. |
Classifiers | For security ACLs, HPE strongly encourages modifications be done as a two step process: Bring down the port and then modify. |
Classifiers | Policies containing both MAC and IPv6 classes are not allowed. |
Classifiers | Egress ACL logging is not supported. |
REST | REST supports the 'admin' and 'operator' roles but does not work with TACACS+ command authorization. |
REST | With the exception of ACLs and VLANs, REST APIs using POST/PUT/DELETE are not validated before performing the function. Therefore, to avoid unintended results or side effects, HPE recommends testing the API write action first. |
Upgrade information
Version 10.00.0019 uses ServiceOS TL.01.01.0004.
Do not interrupt power to the switch during this important update.
File transfer methods
The switches support several methods for transferring files to and from a physically connected device or via the network, including TFTP, SFTP, and USB. This section explains how to download and run new switch software.
Enabling the management port
You must be in the config context to enable the management port. If you have reset your switch to factory defaults, execute the following commands to enable the management port, after getting into the config context.
The management port is connected and configured to use DHCP for obtaining the IP address. Both TFTP and SFTP use the management port to download the image onto the switch.
File transfer setup
TFTP
Before using TFTP to transfer the software to the switch, make sure:
A software version for the switch has been stored on a TFTP server accessible to the switch via management port. (The software file is typically available from the Switch Networking website at http://www.hpe.com/networking/support.)
The switch is properly connected to your network via the management port and has already been configured with a compatible IP address and subnet mask.
- The TFTP server is accessible to the switch via IP. Before you proceed, complete the following:
Obtain the IP address of the TFTP server in which the software file has been stored.
Determine the name of the software file stored in the TFTP server for the switch (for example, ArubaOS-CX_8320_10_01_0001.swi.)
If your TFTP server is a UNIX workstation, ensure that the case (upper or lower) that you specify for the filename is the same case as the characters in the software filenames on the server.
SFTP
For some situations you may want to use a secure method to issue commands or copy files to the switch. By opening a secure, encrypted SSH session and enabling IP SSH file transfer, you can then use a third-party software application to take advantage of SFTP. SFTP provide a secure alternative to TFTP for transferring information that may be sensitive (like switch configuration files) to and from the switch. Essentially, you are creating a secure SSH tunnel as a way to transfer files with SFTP channels.
Before using SFTP to transfer the software to the switch, make sure:
A software version for the switch has been stored on a computer accessible to the switch via management port. (The software file is typically available from the Switch Networking website at http://www.hpe.com/networking/support.)
The switch is properly connected to your network via the management port and has already been configured with a compatible IP address and subnet mask.
- The computer containing the software image is accessible to the switch via IP. Before you proceed, complete the following:
Obtain the IP address of the computer on which the software file has been stored.
Determine the name of the software file stored on the computer for the switch (for example, ArubaOS-CX_8320_10_01_0001.swi.)
Establish a secure encrypted tunnel between the switch and the computer containing the software update file (for more information, see the Fundamentals Guide for your switch).
NOTE:This is a one-time procedure. If you have already setup a secure tunnel, you can skip this step.
Enable secure file transfer using the
ssh server vrf <VRF-name>
command (for more information, see the Command-Line Interface Guide for your switch).switch(config)# ssh server vrf mgmt
USB
Before using USB to transfer the software to the switch, make sure to:
Store a software version on a USB flash drive.
Insert the USB device into the switch's USB port.
Determine the name of the software file stored on the USB flash drive.
Enable USB on the switch:
switch(config)# usb switch(config)# do usb mount switch(config)# do show usb Enabled: Yes Mounted: Yes
Copying the software and rebooting the switch
Hewlett Packard Enterprise security policy
Fixes for security vulnerabilities are not documented in manuals, release notes, or other forms of product documentation.
A Security Bulletin is released when all vulnerable products still in support life have publicly available images that contain the fix for the security vulnerability.
Finding Security Bulletins
- Go to the HPE Support Center - Hewlett Packard Enterprise at www.hpe.com/support/hpesc.
- Enter your product name or number and click Go.
- Select your product from the list of results.
- Click the Top issues & solutions tab.
- Click the Advisories, bulletins & notices link.
Security Bulletin subscription service
You can sign up at http://www.hpe.com/support/Subscriber_Choice to initiate a subscription to receive future Hewlett Packard Enterprise Security Bulletin alerts via email.
Websites
Networking Websites
- Hewlett Packard Enterprise Networking Information Library
- Hewlett Packard Enterprise Networking Software
- Hewlett Packard Enterprise Networking website
- Hewlett Packard Enterprise My Networking website
- Hewlett Packard Enterprise My Networking Portal
- Hewlett Packard Enterprise Networking Warranty
General websites
- Hewlett Packard Enterprise Information Library
For additional websites, see Support and other resources.
Support and other resources
Accessing Hewlett Packard Enterprise Support
For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website:
To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website:
Information to collect
Technical support registration number (if applicable)
Product name, model or version, and serial number
Operating system name and version
Firmware version
Error messages
Product-specific reports and logs
Add-on products or components
Third-party products or components
Accessing updates
Some software products provide a mechanism for accessing software updates through the product interface. Review your product documentation to identify the recommended software update method.
To download product updates:
- Hewlett Packard Enterprise Support Center
- www.hpe.com/support/hpesc
- Hewlett Packard Enterprise Support Center: Software downloads
- www.hpe.com/support/downloads
- Software Depot
- www.hpe.com/support/softwaredepot
To subscribe to eNewsletters and alerts:
To view and update your entitlements, and to link your contracts and warranties with your profile, go to the Hewlett Packard Enterprise Support Center More Information on Access to Support Materials page:
Access to some updates might require product entitlement when accessed through the Hewlett Packard Enterprise Support Center. You must have an HPE Passport set up with relevant entitlements.
Customer self repair
Hewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product. If a CSR part needs to be replaced, it will be shipped directly to you so that you can install it at your convenience. Some parts do not qualify for CSR. Your Hewlett Packard Enterprise authorized service provider will determine whether a repair can be accomplished by CSR.
For more information about CSR, contact your local service provider or go to the CSR website:
Remote support
Remote support is available with supported devices as part of your warranty or contractual support agreement. It provides intelligent event diagnosis, and automatic, secure submission of hardware event notifications to Hewlett Packard Enterprise, which will initiate a fast and accurate resolution based on your product's service level. Hewlett Packard Enterprise strongly recommends that you register your device for remote support.
If your product includes additional remote support details, use search to locate that information.
Remote support and Proactive Care information
- HPE Get Connected
- www.hpe.com/services/getconnected
- HPE Proactive Care services
- www.hpe.com/services/proactivecare
- HPE Proactive Care service: Supported products list
- www.hpe.com/services/proactivecaresupportedproducts
- HPE Proactive Care advanced service: Supported products list
- www.hpe.com/services/proactivecareadvancedsupportedproducts
Proactive Care customer information
- Proactive Care central
- www.hpe.com/services/proactivecarecentral
- Proactive Care service activation
- www.hpe.com/services/proactivecarecentralgetstarted
Warranty information
To view the warranty information for your product, see the links provided below:
- HPE ProLiant and IA-32 Servers and Options
- www.hpe.com/support/ProLiantServers-Warranties
- HPE Enterprise and Cloudline Servers
- www.hpe.com/support/EnterpriseServers-Warranties
- HPE Storage Products
- www.hpe.com/support/Storage-Warranties
- HPE Networking Products
- www.hpe.com/support/Networking-Warranties
Regulatory information
To view the regulatory information for your product, view the Safety and Compliance Information for Server, Storage, Power, Networking, and Rack Products, available at the Hewlett Packard Enterprise Support Center:
Additional regulatory information
Hewlett Packard Enterprise is committed to providing our customers with information about the chemical substances in our products as needed to comply with legal requirements such as REACH (Regulation EC No 1907/2006 of the European Parliament and the Council). A chemical information report for this product can be found at:
For Hewlett Packard Enterprise product environmental and safety information and compliance data, including RoHS and REACH, see:
For Hewlett Packard Enterprise environmental information, including company programs, product recycling, and energy efficiency, see:
Documentation feedback
Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title, part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.