HPE / Aruba switches firmware testing

Discussion in 'Networking, Telephony & Internet' started by phrosty-boi, Dec 7, 2019.

  1. phrosty-boi

    phrosty-boi Member

    Joined:
    Jun 27, 2003
    Messages:
    1,102
    Location:
    Altona North
    Hi all,
    I've been tasked with the wonderful job of updating firmware on our switches after a recent network and security review
    Unfortunately we're multi site and I'm obviously nervous about doing this remotely in case the new firmware update goes wrong
    Do the HPE / Aruba switches have some built in function to run a firmware upgrade say to secondary, boot from that secondary and if you can't confirm the update is working automatically reboot from the old firmware?
    I know Juniper gear has something like this but for the device config (commit check or similar I think it's called) - is there a way to do this with a way to easily get the switch back working without being onsite in case things go south?
    My previous job I never had issues with HPE firmware going wrong, but it was a single site school so we had easy physical access if need be
     
  2. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    5,006
    ill ask a different question is there anything specific you require out of the firmware upgrade? ie is there a point?
     
    Hive likes this.
  3. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    6,125
    Location:
    NSW
    The HP switches we have do primary/secondary
     
  4. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,385
    Location:
    Brisbane
    Sounds like it's the result of a security review. (Someone likely suggested the ancient wisdom of "patch yo shit").

    Yes. The firmware download will contain links to documentation on best practices. Read them head to toe before touching critical stuff (and see if you can practice on something unimportant).
     
  5. fad

    fad Member

    Joined:
    Jun 26, 2001
    Messages:
    2,614
    Location:
    City, Canberra, Australia
    I would suggest doing the firmware upgrade from a local box. Don’t upgrade over the site links.
     
    Slug69 and Pugs like this.
  6. ir0nhide

    ir0nhide Member

    Joined:
    Oct 24, 2003
    Messages:
    4,595
    Location:
    Adelaide
    Bastion host with 4G :thumbup:
     
    Hive likes this.
  7. Matthew kane

    Matthew kane Member

    Joined:
    Jan 27, 2014
    Messages:
    3,153
    What Aruba switches?
     
  8. OP
    OP
    phrosty-boi

    phrosty-boi Member

    Joined:
    Jun 27, 2003
    Messages:
    1,102
    Location:
    Altona North
    hey all,
    been a couple of weeks since posting and I've been a bit slack being on OCAU (sorry)
    yes the requirement is due to security review, knew the firmware was ancient when I started not long ago
    we have a mix of predominantly 2920 and 2930 HPE / Aruba gear
    we've got a server replacement project happening as well so I'll be visiting the firmware on site switches as I go, all these switches have a primary and secondary firmware so I'll be doing the secondary firmware first and booting from that and testing etc
    thanks for the ideas though, looks like I've got some reading to do on the more detailed aspects of aruba gear and firmware updates, if not for this round of updates but for down the track management of it
     
  9. Skitza

    Skitza Member

    Joined:
    Jun 28, 2001
    Messages:
    3,773
    Location:
    In your street
    Patch primary, boot from primary.. don't be a pussy :p

    In all honesty, patching HP switches is probably the easiest in the world. Some might require an intermediate firmware before going to the latest if it's ancient,ancient but other than that, pretty straight forward.
     
  10. OP
    OP
    phrosty-boi

    phrosty-boi Member

    Joined:
    Jun 27, 2003
    Messages:
    1,102
    Location:
    Altona North
    haha Skitza you're brave or crazy mate
    In my previous job I'd have done exactly that in the holiday break (school tech), we actually had procurves on ancient firmware from 2011 and upgraded them straight to the latest available, no issues except a double reboot to update the bootrom
    wholeheartedly agree they are the easiest to patch, with the exception of the older 3com / H3C ones which were a complete nightmare
     
  11. MR CHILLED

    MR CHILLED D'oh!

    Joined:
    Jan 2, 2002
    Messages:
    160,205
    Location:
    Omicron Persei 8
    What are they? We use them here at work, along with nighthawks to pipe into our corporate network and intranet via personal computers. Just like being at work but on your own pc at home.
     
  12. Matthew kane

    Matthew kane Member

    Joined:
    Jan 27, 2014
    Messages:
    3,153
    Wasn't asking what they are as I deal with Aruba AP's everyday. Was asking what models.
     
  13. OP
    OP
    phrosty-boi

    phrosty-boi Member

    Joined:
    Jun 27, 2003
    Messages:
    1,102
    Location:
    Altona North
    most of the actual "Aruba" gear is 2930F, we've also got some of the older HPE branded 2920 series as well
    I've decided that it will all be done onsite, as we have site visits this year for another project, once we've got them all on the same versions we can maintain them more easily with our scheduled visits each year, though the idea of using the OOB management port is a good one to look into for the smaller sites
     

Share This Page

Advertisement: