Notices

The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.

Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website.

Acknowledgments

Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

ArubaOS-CX 10.01 Release Notes

Description

This release note covers software versions for the ArubaOS-CX 10.01 branch of the software.

NOTE:

If you run the show version command on the 8320, the version number will display TL.10.01.xxxx, where xxxx is the minor version number.

ArubaOS-CX is a new, modern, fully programmable operating system built using a database-centric design that ensures higher availability and dynamic software process changes for reduced downtime. In addition to robust hardware reliability, the ArubaOS-CX operating system includes additional software elements not available with traditional systems, including the features included in the Enhancements section of this release note.

Version 10.01.0001 is the initial build of major version 10.01 software.

Product series supported by this software:

  • Aruba 8320 Switch Series

Important information

To avoid damage to your equipment, do not interrupt power to the switch during a software update.

Version TL.10.01.0011 includes new ServiceOS TL.01.02.0003 and updates for a number of components.

If you are upgrading from version 10.00.0018 or earlier, read through the entire upgrade procedure before proceeding.

IMPORTANT:

If you are upgrading from version 10.00 and the switch is configured with MCLAG, VSX reconfiguration is required after the upgrade. Network downtime is required for this upgrade. For more information on upgrading from MCLAG to VSX, see the ArubaOS-CX Virtual Switching Extension (VSX) Guide.

  1. Upon first time booting to TL.10.01.0001, the ServiceOS update will start. At the switch console port an output similar to following will be displayed:

    Boot Profiles:
    
    0. Service OS Console
    1. Primary Software Image [TL.10.01.0011]
    2. Secondary Software Image [TL.10.00.0007]
    
    Select profile(primary): 
    1 device(s) need to be updated by the ServiceOS during the boot process.
    The estimated update time by the ServiceOS is 1 minute(s).
    There may be multiple reboots during the update process.
    MODULE 'mc' DEVICE 'svos_primary' :
        Current version  : 'TL.01.01.0004'
        Packaged version : 'TL.01.02.0003'
        Package name     : 'svos'
        Image filename   : 'TL_01_02_0003.svos'
        Image timestamp  : 'Fri Dec  8 11:40:00 2017'
        Image size       : 29924431
        Version upgrade needed
    
    Starting update...
    
  2. Multiple components will be updated and several reboots will be triggered during these updates. When all components updates are complete, at the switch console port an output similar to following will be displayed:

    Name: ArubaOS-CX
         Version: TL.10.01.0011
       Build Id: ArubaOS-CX:TL.10.01.0001:e8a625fdd5e8:201801291849
      Build Date: 2018-01-29 10:59:28 PST
    
    Extracting Image...
    Loading Image...
    Done.
    kexec_core: Starting new kernel
    
  3. After all components completed the updates the switch console will arrive to login prompt.

    ArubaOS-CX TL.10.01.0011 8320 ttyS1
    
    8320 login:
    IMPORTANT:

    HPE does not recommend performing any configuration changes until all upgrades have completed.

Version history

All released versions are fully supported by Hewlett Packard Enterprise, unless noted in the table.

Version number Release date Based on Remarks
10.01.0011 2018-08-15 10.01.0001 Released, fully supported, and posted on the web.
10.01.0001 2018-07-12 10.00.0006 Initial release of ArubaOS-CX 10.01 for the 8320 switch. Released, fully supported, and posted on the web.

Products supported

This release applies to the following product models:

Product number Description
JL479A Aruba 8320 48p 10G SFP/SFP+ and 6p 40G QSFP+ with X472 5 Fans 2 Power Supply Switch Bundle
JL579A Aruba 8320 32p 40G QSFP+ with X472 5 Fans 2 Power Supply Switch Bundle
JL581A Aruba 8320 48p 1G/10GBASE-T and 6p 40G QSFP+ with X472 5 Fans 2 Power Supply Switch Bundle

Compatibility/interoperability

The switch web agent supports the following web browsers:

Browser Minimum supported versions
Edge (Windows)

38

Chrome (Ubuntu)

54 (desktop)

56 (mobile)

Firefox (Ubuntu)

52

Safari (MacOS, IOS Only)

10

NOTE:

Internet Explorer is not supported.

The following table provides information on compatibility of the switches found in this release note with network management software:

Management software Supported version(s)
Airwave  
Network Automation 10.10, 10.11, 10.20, 10.21, 10.30, 10.40
Network Node Manager i 10.10, 10.20, 10.21, 10.30, 10.40
IMC  
NOTE:

For more information, see the respective software manuals.

Minimum supported software versions

NOTE:

If your switch or module is not listed in the below table, it runs on all versions of the software.

Product number Product name Minimum software version
JL579A Aruba 8320 32p 40G QSFP+ with X472 5 Fans 2 Power Supply Switch Bundle 10.00.0008
JL581A Aruba 8320 48p 1G/10GBASE-T and 6p 40G QSFP+ with X472 5 Fans 2 Power Supply Switch Bundle 10.00.0013
Q9G82A Aruba 40G QSFP+ LC ER4 40km SMF XCVR 10.00.0018
JL563A Aruba 10GBASE-T SFP+ RJ45 30m Cat6A XCVR 10.01.0011

Enhancements

This section lists enhancements added to this branch of the software.

Software enhancements are listed in reverse-chronological order, with the newest on the top of the list. Unless otherwise noted, each software version listed includes all enhancements added in earlier versions.

Version 10.01.0011

Transceivers

Support for the Aruba 10GBASE-T SFP+ RJ45 30m Cat6A XCVR (JL563A) transceivers has been added.

NOTE:

JL563A is only allowed for use in ports 1 thru 12. Maximum of 12 transceivers per JL479A Aruba 8320 48p 10G SFP/SFP+ and 6p 40G QSFP+ with X472 5 Fans 2 Power Supply Switch Bundle.

Version 10.01.0001

Aruba Virtual Switching Extension

Aruba Virtual Switching Extension (VSX) is a Virtualized Core and Aggregation solution designed to meet the high availability, virtualization, and simplicity needs unique to the core of the network. It is designed for high availability. Aruba VSX enables a distributed and redundant architecture that is highly available during upgrades inherently by architecture design. Operationally, Aruba VSX includes features to ensure enhanced and robust configuration and consistency checking and capabilities to make upgrades minimally disruptive.

BFD

Bidirectional Forward Detection for BGP, OSPFv2, Static Route and VRRP enables sub-second failure detection for rapid routing protocol rebalancing.

BGP

The following enhancements were added:

  • Autonomous-System-Wide (4-Byte) Unique BGP Identifier for BGP-4 (RFC 6286)
  • TTL Security
  • Next-Hop Address tracking
  • Textual Representation of Autonomous System (AS) (RFC 5396)
  • Regex for IP Community list
  • Multiple AS Path enable
  • Routemap: 4-byte AS Path
  • Routemap: Allow set for multiple Individual Community Number
  • Enhanced Route Refresh Capability for BGP-4 (RFC 7313)
  • Autonomous System (AS) Reservation for Private Use (RFC 6696)

ICMP

Added toggles for turning ICMP Redirects and Unreachables on and off. Disabling Redirect and Unreachable messages is a common security hardening best practice

Inter VRF route leaking

Enables dynamic and static route leaking between VRFs. This feature allows the switch to share core services across VRFs and other use cases.

LAGs

Added support for MTU on LAG interfaces. When MTU is set for a LAG interface, the configured value is propagated to all port members of the LAG interface. If a member is removed from a LAG interface, the MTU value is reverted to the default for the respective member. An interface cannot add a member to a LAG when the LAG MTU value is higher than the maximum MTU value allowed for the physical interface.

Network Analytics Engine

New NAE solution agents, automatic baselining, and analytic data collectors are introduced in this build. Enhancements to scripts and the engine, which allow the user to compare ratio of rates and take action and improves routing protocol support for OSPF and BGP, are also included.

OSPF

The following enhancements were added:

  • IPsec authentication support

  • Route map support (v2 and v3)

  • Reference bandwidth updated for 100G speeds (v2 and v3)

  • RFC 4222 support to enable more reliable OSPF processing in high load scenarios (v2 and v3)

  • Area range aggregation Type-3/Type-7 address ranges (v3)

  • Virtual links (v3)

  • Configuration of virtual link parameters hello-interval, dead-interval, retransmit-interval, transit-delay, etc. (v3)

  • NSSA (v3)

PIM-SM

Added support of Graceful Restart in the PIM-SM protocol to speed up multicast routing failover.

SPAN to a LAG

Enabled ability to configure a LAG port as the destination of a port SPAN.

Static ARP and Static MAC

Added the ability to set static ARP and MAC addresses.

TACACS Accounting

Enabled accounting with TACACS ensuring all commands get logged to the TACACS server and are interoperable with ClearPass and other TACACS servers.

Fixes

This section lists released builds that include fixes found in this branch of the software. Software fixes are listed in reverse-chronological order, with the newest on the top of the list. Unless otherwise noted, each software version listed includes all fixes added in earlier versions.

The Symptom statement describes what a user might experience if this is seen on the network. The Scenario statement provides additional environment details and trigger summaries. When available, the Workaround statement provides a workaround to the issue for customers who decide not to update to this version of software.

NOTE:

The number that precedes the fix description is used for tracking purposes.

Version 10.01.0011

DHCP Relay

CR_37060

Symptom: In certain conditions, clients are unable to obtain a DHCP IP address.

Scenario: When the switch is configured for DHCP relay and the DHCP server is sending DHCP options with lengths greater than 127, the DHCP relay agent fails to correctly relay the DHCP packet to the clients and may trigger high CPU utilization.

Workaround: Reduce the length of DHCP options sent by the DHCP server.

L3 Addressing

CR_23936

Symptom: IPv6 RA is not advertised by the device.

Scenario: IPv6 RA is not advertised when configuring more than 120 VLANs with 8 IPv6 prefixes assigned to each VLAN.

Workaround: Limit the IPv6 RA-enabled VLAN below 120.

Multicast

CR_23498

Symptom/Scenario: Configuring a default static route for all subnets causes multicast traffic loss.

Workaround: Configure a static route for each subnet. Alternatively, use OSPF/BGP for unicast routing.

CR_37731

Symptom: The Multicast Group Membership Discovery daemon (MGMDD) process fails.

Scenario: When version change from default 3 to 2 occurs on a VLAN interface, followed by version change on VLAN IGMP Snooping, the multicast group membership discovery process may fail.

PIM

CR_37322

Symptom: The switch fails to learn certain multicast routes.

Scenario: When the switch is configured with PIM static RP, it may fail to correctly learn default mroutes.

Workaround: Add a static direct route to RP for every VRF.

CR_37519

Symptom: Multicast fails on a non-default VRF.

Scenario: The switch does not honor the direct or static route to reach the Rendezvous Point (RP) configured for a non-default VRF.

Workaround: Disable and re-enable PIM.

SNMP

CR_36117

Symptom: The switch fails SNMPv3 user authentication.

Scenario: After updating the SNMPv3 user password in the switch configuration, the switch fails to authenticate the SNMPv3 user with the new configured password.

Workaround: Remove the SNMPv3 user from switch configuration and re-add with the new password,

CR_37471

Symptom/Scenario: The switch reports an erroneous value in SNMP OID 1.3.6.1.2.1.2.2.1.8, when the switch port is in an UP state.

Version 10.01.0001

ARP

CR_25306

Symptom: IPv6 neighbor entry is updated with the wrong VLAN.

Scenario: When multiple parallel L3 links exist between the same physical neighbors, the IPv6 neighbor entry is updated with the wrong VLAN.

Workaround: Use L2 LAGs with SVI or L3 LAGs between the same physical neighbors.

Config

CR_36595

Symptom: The switch fails to download ceratin configurations from a remote server.

Scenario: When a switch configuration file includes user-defined strings, such as (but not limited to) route-map names and banner strings, with special character #, the switch may fail to download the configuration file in a CLI format to the switch running-config from a remote server using SCP/SFTP.

Workaround: Use JSON type for switch configuration backup and restore from a remote server or use configuration checkpoint to save and restore the switch configuration when special character # is needed.

CPU Utilization

CR_35960

Symptom: The switch reports incorrect CPU utilization in the output of the show system command.

Scenario: In certain conditions, the switch may fail to update the true CPU utilization information in the output of the show system command and keep reporting the last recorded value.

Workaround: Make a change to the polling interval of the system resources utilization using the system resource-utilization poll-interval command to get it out of the stuck state.

The default value for poll-interval is 10, hence toggle to some other value and then revert it back to 10. For example:

switch(config)# system resource-utilization poll-interval 15
switch(config)# system resource-utilization poll-interval 10

LAG

CR_24779

Symptom: LAG assignments across multiple VRFs are impacted following configuration replay from a saved checkpoint with port-vrf assignment configurations.

Scenario: LAG assignments across multiple VRFs are retained even though the VRFs were deleted and the startup configuration was copied to the running configuration.

Workaround: Reboot the switch after the configuration from a checkpoint has been restored.

NAE

CR_24268

Symptom: Network Analytics Engine (NAE) Agents report missing or inaccurate data.

Scenario: When the client and switch UTC times are mismatched, NAE reports missing or inaccurate data.

Workaround: Make sure the client and the switch translate to the same UTC time.

SNMPv3

CR_36512

Symptom: The switch fails authentication during SNMPv3 discovery.

Scenario: After changing the authentication and/or privacy protocol of an existing SNMPv3 user, the SNMPv3 user authentication fails. For example:

Change from: snmpv3 user username auth md5 auth-pass passpass priv des priv-pass passpass

Change to: snmpv3 user username auth sha auth-pass passpass priv aes priv-pass passpass

Workaround: Remove the SNMPv3 user and re-add it with the new authentication and/or privacy protocol using the no form of the command. For example:

no snmpv3 user username auth md5 auth-pass passpass priv aes priv-pass passpass
snmpv3 user username auth sha auth-pass passpass priv aes priv-pass passpass

Issues and workarounds

The following are known open issues with this branch of the software.

The Symptom statement describes what a user might experience if this is seen on the network. The Scenario statement provides additional environment details and trigger summaries. When available, the Workaround statement provides a workaround to the issue.

ARP

CR_25334

Symptom: Total number of neighbors is greater than the configured cache limit.

Scenario: Neighbor addition to the ARP table is not guaranteed when the amount of total neighbors is greater than the configured cache limit.

Workaround: Limit the total number of neighbors to be within the configured cache limit of 128K.

Config

CR_37884

Symptom: Copying a configuration file in CLI format from server to switch startup-config fails with an error message.

Scenario: When copying a configuration file from server to switch startup-config in CLI format fails with the error message DryRun: writeVtyCliCmd timeout waiting on writeJSON regeneration failed - try after sometime. Copying the same configuration into the running-config works.

Workaround: On a switch without any configuration, the workaround is to copy the config file into running-config. If the switch has a configuration that should be replaced, then user must delete the existing configuration, reboot, then copy the config into running-config. For example, copy tftp://<server-ip>/<file-path> running-config vrf <vrf-name>.

Jumbo Frames

CR_25546

Symptom: Traffic larger than configured MTU is dropped.

Scenario: When packet size is bigger than the configured egress interface MTU, packets are not fragmented and thus dropped.

Workaround: Configure the MTU on the egress interface such that fragmentation will not occur.

L3 Addressing

CR_12008

Symptom/Scenario: The switch does not send out RA Packets with lifetime=0 values before rebooting.

Workaround: Do one of the following:
  1. Configure minimum values for lifetime and advertisement intervals.

  2. Have multiple gateway routers and enable IPv6 Neighbor Unreachability Detection (NUD) on hosts.

Multicast

CR_37873

Symptom: Multicast routes are not learned when using an interface as a default route. For example: ip route 0.0.0.0/0 1/2/16.

Scenario: Multicast will not do RPF neighbor calculation, since it is not able to resolve the next hop IP from just an outgoing interface.

Workaround: Use only IP-based static routes to configure the next hop routes for Multicast, not interfaces. For example: ip route 0.0.0.0/0 30.1.1.1.

OSPF

CR_08491

Symptom/Scenario: OSPFv2 and OSPFv3 do not support detailed LSA show commands.

Workaround: Use the diag command, instead.

CR_37954

Symptom: OSPFv3 neighbor ship is broken after ISL flap on VSX-Secondary.

Scenario: OSPFv3 neighbor ship is broken after ISL Flap on VSX-Secondary on Active Forwarding. OSPFv3 not forming between VSX-Secondary and router after ISL flap.

Workaround: Disable and re-enable the SVI attached to the VSX Interfaces (Active-forwarded SVIs) using the shutdown and no shutdown commands.

Transceivers

CR_27112

Symptom: The switch does not properly indicate the presence of a bad or unsupported transceiver.

Scenario: When a bad or unsupported transceiver is present in the switch, the switch does not trigger a blinking amber LED and it does not generate the error message indicating the faulty or unsupported transceiver.

Workaround: The link status is down when there is a bad or unsupported transceiver. Use the show interface brief command to confirm the interface is not available. Replace the bad or unsupported transceiver.

CR_36115

Symptom: JL563A 10Gb transceivers fail in the waiting for link state.

Scenario: After hotswapping from a 1Gb transceiver to the JL536A 10Gb SFP+ transceiver, the new transceiver fails to obtain a link.

Workaround: Disable the port using the shutdown command and then re-enable it with the no shutdown command.

VRRP

CR_24910

Symptom: Unable to configure same IPv6 link local address as primary virtual IP address under different VRFs.

Scenario: Unique virtual link local addresses have to be configured for all VRRP IPv6 instances irrespective of VRF.

Workaround: Do not use the same virtual link local address across different VRFs.

VSX

CR_37952

Symptom: OSPF neighbor ship is down.

Scenario: After an ISL flap, OSPFv3 neighbor ship over SVI is stuck in Exstart/Exchange state for more than five minutes, causing the OSPF neighbor ship to be down.

Workaround: Disable and re-enable the SVI with the shutdown and no shutdown commands.

Feature caveats

Feature Description
MVRP and MCLAG MVRP is mutually exclusive with MCLAG.
MCLAG and STP (RPVST+ or MSTP) Spanning Tree (RPVST+ and MSTP) is mutually exclusive with MCLAG.
RPVST+ and MSTP Spanning Tree can only run in MSTP or RPVST+ mode.
RPVST+ and MVRP RPVST+ is mutually exclusive with MVRP.
VRRP and Proxy ARP VRRP is mutually exclusive with Proxy ARP on the same interface.
IGMP/PIM on Loopback and GRE interfaces PIM and IGMP cannot be enabled on Loopback and GRE interfaces.
Counters Layer 3 Route-only port counters are not enabled by default. Enabling them will reduce ipv4 route scale to 80K.
Network Analytics Engine (NAE) Agents monitoring a resource that has column type enum with a list of strings (as opposed to a single string enum) is not supported.
Network Analytics Engine (NAE) The following tables are not supported for NAE scripts: OSPF_Route, OSPF_LSA, OSPF_Neighbor, BGP_Route.
Network Analytics Engine (NAE) Network Analytics Engine (NAE) agents execute Command Line Interface (CLI) actions as 'admin' user, so they have permission to run any command by default. However, when the authentication, authorization and accounting (AAA) feature is enabled, the same restrictions applied to 'admin' will also apply to NAE agents. Keep that in mind when configuring the AAA service, e.g. TACACS+, and make sure to give admin user permission to run all commands needed by enabled agents. Otherwise, some CLI commands may be denied and their outputs won't be available. Actions other than CLI won't be affected and will execute normally. Also, NAE agents won't authenticate, thus the AAA service configuration must not block authorization for unauthenticated 'admin' user. ClearPass doesn't support such configuration, so it cannot be used as a TACACS+ server.
Classifiers IPv4 egress ACLs can be applied only to route-only ports.
Classifiers Classifier policies, IPv6 and MAC ACLs are not supported on egress.
Classifiers DSCP remarking is performed only on routed packets.
Classifiers For security ACLs, HPE strongly encourages modifications be done as a two step process: Bring down the port and then modify.
Classifiers Policies containing both MAC and IPv6 classes are not allowed.
Classifiers Egress ACL logging is not supported.
REST REST supports the 'admin' and 'operator' roles but does not work with TACACS+ command authorization.
REST With the exception of ACLs and VLANs, REST APIs using POST/PUT/DELETE are not validated before performing the function. Therefore, to avoid unintended results or side effects, HPE recommends testing the API write action first.
VSX VSX active-forwarding only works when the L3 interface is IPv4. Enabling it on an interface that has dual-stack or IPv6 may result in traffic losses.

Upgrade information

IMPORTANT:

Do not interrupt power to the switch during this important update.

IMPORTANT:

If you are upgrading from version 10.00 and the switch is configured with MCLAG, VSX reconfiguration is required after the upgrade. Network downtime is required for this upgrade. For more information on upgrading from MCLAG to VSX, see the ArubaOS-CX Virtual Switching Extension (VSX) Guide.

File transfer methods

The switches support several methods for transferring files to and from a physically connected device or via the network, including TFTP, SFTP, and USB. This section explains how to download and run new switch software.

File transfer setup

TFTP

Before using TFTP to transfer the software to the switch, make sure:

  • A software version for the switch has been stored on a TFTP server accessible to the switch via management port. (The software file is typically available from the Switch Networking website at http://www.hpe.com/networking/support.)

  • The switch is properly connected to your network via the management port and has already been configured with a compatible IP address and subnet mask.

  • The TFTP server is accessible to the switch via IP. Before you proceed, complete the following:
    • Obtain the IP address of the TFTP server in which the software file has been stored.

NOTE:

If your TFTP server is a UNIX workstation, ensure that the case (upper or lower) that you specify for the filename is the same case as the characters in the software filenames on the server.

SFTP

For some situations you may want to use a secure method to issue commands or copy files to the switch. By opening a secure, encrypted SSH session and enabling IP SSH file transfer, you can then use a third-party software application to take advantage of SFTP. SFTP provide a secure alternative to TFTP for transferring information that may be sensitive (like switch configuration files) to and from the switch. Essentially, you are creating a secure SSH tunnel as a way to transfer files with SFTP channels.

Before using SFTP to transfer the software to the switch, make sure:

  • A software version for the switch has been stored on a computer accessible to the switch via management port. (The software file is typically available from the Switch Networking website at http://www.hpe.com/networking/support.)

  • The switch is properly connected to your network via the management port and has already been configured with a compatible IP address and subnet mask.

  • The computer containing the software image is accessible to the switch via IP. Before you proceed, complete the following:
    • Obtain the IP address of the computer on which the software file has been stored.

  • Establish a secure encrypted tunnel between the switch and the computer containing the software update file (for more information, see the Fundamentals Guide for your switch).

    NOTE:

    This is a one-time procedure. If you have already setup a secure tunnel, you can skip this step.

  • Enable secure file transfer using the ssh server vrf <VRF-name> command (for more information, see the Command-Line Interface Guide for your switch).

    switch(config)# ssh server vrf mgmt
USB

Before using USB to transfer the software to the switch, make sure to:

  • Store a software version on a USB flash drive.

  • Determine the name of the software file stored on the USB flash drive.

  • Enable USB on the switch:

    switch(config)# usb 
    switch(config)# do usb mount
    switch(config)# do show usb
    Enabled: Yes
    Mounted: Yes

Copying the software and rebooting the switch

Procedure
  1. Copy the software to the secondary flash on the switch using the copy <remote-URL> {primary | secondary} [vrf <VRF-name>] command (for more information, see the Command-Line Interface Guide for your switch).
    • For TFTP:

    • For SFTP:

    • For USB:

    When the switch finishes downloading the software file, it displays this progress message:

    Verifying and writing system firmware…
  2. When the installation finishes, confirm the version and the file saved to disk are what was transferred. Do this using the show images command (for more information, see the Command-Line Interface Guide for your switch).
  3. You must reboot the switch to implement the newly downloaded software image using the boot system [primary | secondary | serviceos] command (for more information, see the Command-Line Interface Guide for your switch).
    switch# boot system
    Checking for updates needed to programmable devices...
    Done checking for updates.
    
    46 device(s) need to be updated during the boot process.
    The estimated update time is 28 minute(s).
    There may be multiple reboots during the update process.
    
    
    This will reboot the entire switch and render it unavailable
    until the process is complete.
    
    Continue (y/n)? y
    The system is going down for reboot.
  4. Upon successful reboot, execute the show system command and verify the correct firmware revision.

Hewlett Packard Enterprise security policy

A Security Bulletin is the first published notification of security vulnerabilities and is the only communication vehicle for security vulnerabilities.
  • Fixes for security vulnerabilities are not documented in manuals, release notes, or other forms of product documentation.

  • A Security Bulletin is released when all vulnerable products still in support life have publicly available images that contain the fix for the security vulnerability.

Finding Security Bulletins

Procedure
  1. Go to the HPE Support Center - Hewlett Packard Enterprise at www.hpe.com/support/hpesc.
  2. Enter your product name or number and click Go.
  3. Select your product from the list of results.
  4. Click the Top issues & solutions tab.
  5. Click the Advisories, bulletins & notices link.

Websites

Networking Websites

Hewlett Packard Enterprise Networking Information Library

www.hpe.com/networking/resourcefinder

Hewlett Packard Enterprise Networking Software

www.hpe.com/networking/software

Hewlett Packard Enterprise Networking website

www.hpe.com/info/networking

Hewlett Packard Enterprise My Networking website

www.hpe.com/networking/support

Hewlett Packard Enterprise My Networking Portal

www.hpe.com/networking/mynetworking

Hewlett Packard Enterprise Networking Warranty

www.hpe.com/networking/warranty

General websites

Hewlett Packard Enterprise Information Library

www.hpe.com/info/EIL

For additional websites, see Support and other resources.

Support and other resources

Accessing Hewlett Packard Enterprise Support

Information to collect

  • Technical support registration number (if applicable)

  • Product name, model or version, and serial number

  • Operating system name and version

  • Firmware version

  • Error messages

  • Product-specific reports and logs

  • Add-on products or components

  • Third-party products or components

Accessing updates

IMPORTANT:

Access to some updates might require product entitlement when accessed through the Hewlett Packard Enterprise Support Center. You must have an HPE Passport set up with relevant entitlements.

Customer self repair

Hewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product. If a CSR part needs to be replaced, it will be shipped directly to you so that you can install it at your convenience. Some parts do not qualify for CSR. Your Hewlett Packard Enterprise authorized service provider will determine whether a repair can be accomplished by CSR.

For more information about CSR, contact your local service provider or go to the CSR website:

http://www.hpe.com/support/selfrepair

Remote support

Remote support is available with supported devices as part of your warranty or contractual support agreement. It provides intelligent event diagnosis, and automatic, secure submission of hardware event notifications to Hewlett Packard Enterprise, which will initiate a fast and accurate resolution based on your product's service level. Hewlett Packard Enterprise strongly recommends that you register your device for remote support.

If your product includes additional remote support details, use search to locate that information.

Remote support and Proactive Care information

HPE Get Connected
www.hpe.com/services/getconnected
HPE Proactive Care services
www.hpe.com/services/proactivecare
HPE Proactive Care service: Supported products list
www.hpe.com/services/proactivecaresupportedproducts
HPE Proactive Care advanced service: Supported products list
www.hpe.com/services/proactivecareadvancedsupportedproducts

Proactive Care customer information

Proactive Care central
www.hpe.com/services/proactivecarecentral
Proactive Care service activation
www.hpe.com/services/proactivecarecentralgetstarted

Regulatory information

To view the regulatory information for your product, view the Safety and Compliance Information for Server, Storage, Power, Networking, and Rack Products, available at the Hewlett Packard Enterprise Support Center:

www.hpe.com/support/Safety-Compliance-EnterpriseProducts

Additional regulatory information

Hewlett Packard Enterprise is committed to providing our customers with information about the chemical substances in our products as needed to comply with legal requirements such as REACH (Regulation EC No 1907/2006 of the European Parliament and the Council). A chemical information report for this product can be found at:

www.hpe.com/info/reach

For Hewlett Packard Enterprise product environmental and safety information and compliance data, including RoHS and REACH, see:

www.hpe.com/info/ecodata

For Hewlett Packard Enterprise environmental information, including company programs, product recycling, and energy efficiency, see:

www.hpe.com/info/environment

Documentation feedback

Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title, part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.