The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.

Software upgrade methods

You can use one of the following methods to upgrade system software:

Upgrading method	Software types	Remarks
Upgrading from the CLI:
Upgrading the software	· BootWare image · System software image (excluding patches)	This method is disruptive. You must reboot the entire device to complete the upgrade.
Installing hotfixes	System software image	Hotfixes repair software defects without requiring a reboot or service interruption. Hotfixes do not add new features to system software images.
Upgrading from the BootWare menus	· BootWare image · System software image	Use this method when the device cannot correctly start up. For information about this upgrading method, see the release notes for your device.

This chapter covers only upgrading the software and installing hotfixes from the CLI.

Upgrading BootWare

Step	Command	Remarks
1. Use FTP or TFTP to transfer the BootWare image to the root directory of the storage medium on the device.	See "Configuring FTP" or "Configuring TFTP."	Make sure the image file is saved in the root directory of the storage medium.
2. Read, restore, back up, or upgrade BootWare on the device in user view.	bootrom { backup \| read \| restore \| update file file-url } [ all \| part ]	If neither the all keyword nor the part keyword is specified, the operation applies to the entire BootWare image. In FIPS mode, the BootWare image file must pass authenticity verification before the bootrom update file file-url command can be executed.
3. Reboot the device.	reboot	N/A

Upgrading system software

Step	Command	Remarks
1. Use FTP or TFTP to transfer the system software image to the root directory of the storage medium on the device.	See "Configuring FTP" or "Configuring TFTP."	The image file must be saved in the root directory for a successful upgrade.
2. Specify the file as the startup system software image in user view.	boot-loader file file-url { main \| backup }	In FIPS mode, the file must pass authenticity verification before it can be set as a startup system software image file.
3. Reboot the device.	reboot	N/A

Installing hotfixes

Hotfixes (called "patches" in this document) repair software defects without requiring a system reboot.

Basic concepts

This section describes the basic patch concepts.

Patch, patch file, and patch package file

A patch fixes certain software defects.

A patch file contains one or more patches. After being loaded from the storage medium to the patch memory area, each patch is assigned a unique number, which starts from 1. For example, if a patch file has three patches, they are numbered 1, 2, and 3.

A patch package file contains patch files for multiple modules. It enables you to use one command to bulk-fix bugs for multiple modules.

Incremental patch

Incremental patches are dependent on previous patches and cannot separately run. For example, if a patch file has three patches, patch 3 can be running only after patch 1 and 2 take effect. You cannot run patch 3 separately.

Patches that have been released are all incremental patches.

Common patch and temporary patch

Common patches are formally released to users.

Temporary patches are interim solutions that are provided to fix critical bugs. They are not formally released.

A common patch always includes the functions of its previous temporary patches. The system deletes all the temporary patches before loading the common patch.

Patch states

A patch is in IDLE, DEACTIVE, ACTIVE, or RUNNING state, depending on the patch manipulation command.

Patch manipulation commands include patch load (load), patch active (run temporarily), patch run (confirm running), patch deactive (stop running), patch delete (delete), patch install (install), and undo patch install (uninstall).

For example, if you execute the patch active command, patches in DEACTIVE state change to the ACTIVE state.

Figure 2 shows the patch manipulation commands and how they affect the patch state.

IMPORTANT:

Patch state information is saved in the patchstate file on the storage medium. To make sure the device can correctly find the patches, do not edit, delete, move the file, or change the file name.

Figure 2 Impact of patch manipulation commands on patch state

IDLE state

Patches that have not been loaded are in IDLE state. You cannot install or run these patches. As shown in Figure 3, the patch memory area can load up to eight patches.

The patch memory area supports up to 200 patches.

Figure 3 Patches that are not loaded to the patch memory area

DEACTIVE state

Patches in DEACTIVE state have been loaded to the patch memory area but have not yet run in the system. For example, suppose that the patch file you are loading has seven patches. After the seven patches successfully pass the version check and CRC check, they are loaded to the patch memory area and are in DEACTIVE state. In the patch area, patch states are as shown in Figure 4.

Figure 4 Patch states in the patch memory area after a patch file is loaded

ACTIVE state

Patches in ACTIVE state run temporarily in the system and become DEACTIVE at a reboot. For example, for the seven patches in Figure 4, if you activate the first five patches, their states change from DEACTIVE to ACTIVE. Figure 5 shows the patch states in the system.

The patches that are in ACTIVE state change to the DEACTIVE state at a reboot.

Figure 5 Patches are activated

RUNNING state

After you confirm ACTIVE patches, their states change to RUNNING and persist after a reboot. In contrast to ACTIVE patches, RUNNING patches continue to take effect after a reboot. For example, if you confirm the first three patches in Figure 5, their state changes from ACTIVE to RUNNING, and the RUNNING state persists after a reboot. Figure 6 shows the patch states in the system.

Figure 6 Patches in RUNNING state

Patch installation task list

Task	Remarks
Installing patches: · Installing and running a patch in one step · Installing a patch step by step	Use either method. Step-by-step patch installation allows you to control the patch status.

Uninstalling a patch step by step	Optional.

Installation prerequisites

To ensure a successful patch operation and normal device operation after the patch installation:

· Make sure each patch file you are installing matches the device model and software version.

· Save patch files or patch package files to the root directory of the storage medium on the device.

· Correctly name a patch file in the patch_PATCH-FlAG suffix.bin format. The PATCH-FLAG suffix is predefined and must be the same as the letters (digits are excluded) displayed for the Version field in the output from the display patch information command. If a patch file is not correctly named, the system cannot identify the file.

The default system patch file name is patch_mpu.bin for all WLAN-supported cards except for the WX3000E/WX5540E switching engine and the WX6103 switch interface board.

Installing and running a patch in one step

To install and run patches in one step, use the patch install command. This command changes the state of installed patches from IDLE to ACTIVE or RUNNING, depending on your choice.

When executing the patch install command, you must choose to run installed patches or disable running them after a reboot. If you choose to have installed patches continue to run after a reboot, the installed patches are set in RUNNING state and remain in this state after a reboot. If not, the installed patches are set in ACTIVE state and change to the DEACTIVE state at a reboot.

To install and run patches in one step:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Install patches in one step.	patch install { patch-location \| file patch-package }	· patch-location: Specifies the directory where the patch file is located. · file patch-package: Specifies a patch package file name. In FIPS mode, the patch file or patch package file must pass authenticity verification before this command can be executed.

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Install patches in one step.

patch install { patch-location | file patch-package }

· patch-location: Specifies the directory where the patch file is located.

· file patch-package: Specifies a patch package file name.

In FIPS mode, the patch file or patch package file must pass authenticity verification before this command can be executed.

If you execute the patch install patch-location command, the directory specified for the patch-location argument replaces the directory specified with the patch location command after the upgrade is complete.

If you execute the patch install file patch-package command, the directory specified with the patch location command does not change.

To uninstall all ACTIVE and RUNNING patches in one step, use the undo patch install command. For information about the step-by-step patch uninstall method, see "Uninstalling a patch step by step."

Installing a patch step by step

In contrast to the one-step patch installation method, step-by-step patch installation enables you to control patch status during the patch installation process.

Step-by-step patch installation task list

Task	Remarks
Configuring the patch file location	Optional. To install a patch package, skip this step.
Loading a patch file	Required.
Activating patches	Required.
Confirming ACTIVE patches	Optional.

Configuring the patch file location

The patch file location must be the root directory of the storage medium.

To configure the patch file location:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Configure the patch file location.	patch location patch-location	By default, the system loads patch files from the root directory of the storage medium.

NOTE:

Loading a patch file

You must load the correct patch file before performing any patch installation operations.

If you install a patch from a patch file, the system loads the patch file from the patch file location, which is the root directory of the storage medium.

If you install a patch from a patch package, the system finds the correct patch file in the patch package file and loads the patch file.

IMPORTANT:

Set the file transfer mode to binary mode before using FTP or TFTP to upload or download patch files. Otherwise, patch files cannot be parsed properly.

To load a patch file:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Load the patch file from the storage medium to the patch memory area.	patch load [ file patch-package ]	In FIPS mode, the patch file or patch package file must pass authenticity verification before this command can be executed.

Activating patches

Activating a patch changes its state to ACTIVE. An ACTIVE patch runs in memory until a reboot occurs. To have a patch continue to run after a reboot, you must change its state to RUNNING.

To activate patches:

Step	Command
1. Enter system view.	system-view
2. Activate patches.	patch active [ patch-number ]

Confirming ACTIVE patches

To have an ACTIVE patch continue to run after a reboot, perform the task in this section.

After you confirm an ACTIVE patch, its state changes to RUNNING and persists after a reboot.

To confirm ACTIVE patches:

Step	Command
1. Enter system view.	system-view
2. Confirm ACTIVE patches.	patch run [ patch-number ]

Uninstalling a patch step by step

To uninstall a patch step by step, you must first stop running the patch and then remove it from the patch memory area.

Stopping running patches

When you stop running a patch, the patch state becomes DEACTIVE, and the system runs the way it did before the patch was installed.

To stop running patches:

Step	Command
1. Enter system view.	system-view
2. Stop running patches.	patch deactive [ patch-number ]

Removing patches from the patch memory area

After being removed from the patch memory area, a patch is still retained in IDLE state in the storage medium. The system runs the way it did before the patch was installed.

To remove patches from the patch memory area:

Step	Command
1. Enter system view.	system-view
2. Remove patches from the patch memory area.	patch delete [ patch-number ]

Displaying and maintaining software upgrade

Task	Command	Remarks
Display information about the system software image.	display boot-loader [ \| { begin \| exclude \| include } regular-expression ]	Available in any view.
Display information about the patch package.	display patch [ \| { begin \| exclude \| include } regular-expression ]	Available in any view.
Display patch information.	display patch information [ \| { begin \| exclude \| include } regular-expression ]	Available in any view.

Software upgrade examples

Upgrading the system software

Network requirement

As shown in Figure 7, the current system software version of the AC is soft-version1. The latest system software image soft-version2.bin and the latest configuration file new-config.cfg are both saved in the aaa directory of the FTP server. The AC and the FTP server can reach each other. You can log in to the AC through Telnet.

Upgrade the software version of the AC to soft-version2 and configuration file to new-config during an off-peak period.

Figure 7 Network diagram

Configuration procedure

1. Configure the FTP server (configuration varies with different types of servers):

# Set access parameters for the FTP client (including enabling the FTP server function, setting the FTP username to aaa and password to hello, and assigning the FTP user the right to access the cfa0:/aaa directory).

<FTP-server> system-view

[FTP-server] ftp server enable

[FTP-server] local-user aaa

[FTP-server-luser-aaa] password cipher hello

[FTP-server-luser-aaa] service-type ftp

[FTP-server-luser-aaa] authorization-attribute work-directory cfa0:/aaa

# Create a .txt batch command file on the FTP server for automatic software upgrade. In this example, the file name is auto-update.txt. The following is the file content:

return

startup saved-configuration new-config.cfg

boot-loader file soft-version2.bin main

reboot

2. Configure the AC:

# Log in to the FTP server. (The prompt may vary with servers.)

<AC> ftp 2.2.2.2

Trying 2.2.2.2 ...

Press CTRL+K to abort

Connected to 2.2.2.2.

220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user

User(2.2.2.2:(none)):aaa

331 Give me your password, please

Password:

230 Logged in successfully

[ftp]

# Download auto-update.txt from the FTP server.

[ftp] ascii

[ftp] get auto-update.txt

# Download new-config.cfg from the FTP server.

[ftp]get new-config.cfg

# Download soft-version2.bin from the FTP server.

[ftp] binary

[ftp] get soft-version2.bin

[ftp] bye

<AC>

# Change the file extension of auto-update.txt to .bat.

<AC> rename auto-update.txt auto-update.bat

# Use the more command to verify that the file content is correct. (Details not shown.)

# Schedule an automatic software upgrade job for 3 a.m.

<AC> system-view

[AC] job autoupdate

[AC-job-autoupdate] view system

[AC-job-autoupdate] time 1 one-off at 03:00 command execute auto-update.bat

3. After the scheduled job is completed, use the display version command to verify the upgrade. (Details not shown.)

Installing patches

Network requirements

Download a patch file from a TFTP server to fix bugs on the AC in Figure 8. The patch file patch_mpu.bin is saved on the TFTP server. The AC and the TFTP server can reach each other.

Figure 8 Network diagram

Configuration procedure

1. Configure the TFTP server:

# Enable the TFTP server function. (Details not shown.)

# Save the patch file patch_mpu.bin to the working directory on the TFTP server. (Details not shown.)

2. Configure the AC:

# Use the save command to save the running configuration. (Details not shown.)

# Examine the storage medium on the AC for space insufficiency. If the free space is not sufficient for the patches, delete unused files. (Details not shown.)

# Load the patch file patch_mpu.bin from the TFTP server to the root directory of the device's storage medium.

<AC> tftp 2.2.2.2 get patch_mpu.bin

# Install the patches.

<AC> system-view

[AC] patch install cfa0:

Patches will be installed. Continue? [Y/N]:y

Do you want to continue running patches after reboot? [Y/N]:y

Installing patches........

Installation completed, and patches will continue to run after reboot.

Dealing with password loss

CAUTION:

Dealing with console login password loss and user privilege level password loss from BootWare menus is disruptive.

How to deal with console login password loss and user privilege level password loss depends on the state of password recovery capability (see Figure 9). You can use one of the following methods to deal with password loss:

· Dealing with console login password loss when password recovery capability is enabled

· Dealing with user privilege level password loss when password recovery capability is enabled

· Dealing with password loss when password recovery capability is disabled

If password recovery capability is enabled, dealing with password loss does not delete the next-startup configuration file.

If password recovery capability is disabled, dealing with password loss deletes the next-startup configuration file and the device starts up with the factory-default configuration.

Figure 9 shows the process for dealing with password loss events.

Figure 9 Dealing with password loss

Disabling password recovery capability

Password recovery capability controls console user access to the device configuration and SDRAM from BootWare menus.

If password recovery capability is enabled, a console user can access the device configuration without authentication to reconfigure new passwords.

If password recovery capability is disabled, a console user must restore the factory-default configuration before configuring new passwords. Restoring the factory-default configuration deletes the next-startup configuration file.

To enhance system security, disable password recovery capability.

To disable password recovery capability:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Disable password recovery capability.	undo password-recovery enable	By default, password recovery capability is enabled.

Examining the state of password recovery capability

1. Reboot the device. The following information appears:

System is starting...

Press Ctrl+D to access BASIC-BOOTWARE MENU

Booting Normal Extend BootWare.

The Extend BootWare is self-decompressing.......................Done!

****************************************************************************

* *

* H3C WX3010E BootWare, Version 2.01 *

* *

****************************************************************************

Compiled Date : Jan 28 2013

CPU Type : XLS208

CPU L1 Cache : 32KB

CPU Clock Speed : 750MHz

Memory Type : DDR2 SDRAM

Memory Size : 512MB

Memory Speed : 533MHz

BootWare Size : 512KB

Flash Size : 16MB

cfa0 Size : 999MB

CPLD Version : 002

PCB Version : Ver.A

BootWare Validating...

Press Ctrl+B to enter extended boot menu..

2. Press Enter to access the EXTEND-BOOTWARE menu.

The output displays the EXTEND-BOOTWARE menu, including the state of password recovery capability.

Password recovery capability is enabled.

Note: The current operating device is cfa0

Enter < Storage Device Operation > to select device.

===========================<EXTEND-BOOTWARE MENU>===========================

|<1> Boot System |

|<2> Enter Serial SubMenu |

|<3> Enter Ethernet SubMenu |

|<4> File Control |

|<5> Restore to Factory Default Configuration |

|<6> Skip Current System Configuration |

|<7> BootWare Operation Menu |

|<8> Clear Super Password |

|<9> Storage Device Operation |

|<0> Reboot |

============================================================================

Ctrl+Z: Access EXTEND-ASSISTANT MENU

Ctrl+F: Format File System

Enter your choice(0-9):

Dealing with console login password loss when password recovery capability is enabled

1. Reboot the device to access the EXTEND-BOOTWARE menu, and then enter 6.

Password recovery capability is enabled.

Note: The current operating device is cfa0

Enter < Storage Device Operation > to select device.

===========================<EXTEND-BOOTWARE MENU>===========================

|<1> Boot System |

|<2> Enter Serial SubMenu |

|<3> Enter Ethernet SubMenu |

|<4> File Control |

|<5> Restore to Factory Default Configuration |

|<6> Skip Current System Configuration |

|<7> BootWare Operation Menu |

|<8> Clear Super Password |

|<9> Storage Device Operation |

|<0> Reboot |

============================================================================

Ctrl+Z: Access EXTEND-ASSISTANT MENU

Ctrl+F: Format File System

Enter your choice(0-9): 6

After the configuration skipping flag is set successfully, the following message appears:

Flag Set Success.

2. When the EXTEND-BOOTWARE menu appears again, enter 0 to reboot the device.

The device starts up with empty configuration.

3. To use the configuration in the original next-startup configuration file, perform a configuration rollback in system view. Skip this step if you want to begin with empty configuration.

<Sysname> system-view

[Sysname] configuration replace file startup.cfg

Current configuration will be lost, save current configuration? [Y/N]:n

Info: Now replacing the current configuration. Please wait...

Info: Succeeded in replacing current configuration with the file startup.cfg.

4. Configure a new console login password.

For security purposes, the password is always saved in ciphertext to the configuration file, regardless of whether you enter the password in ciphertext or plain text.

<Sysname> system-view

[Sysname] user-interface console 0

[Sysname-ui-console0] authentication-mode password

[Sysname-ui-console0] set authentication password cipher 123456

[Sysname-ui-console0] quit

5. For the settings to take effect at reboot, save the configuration.

[Sysname] save

Dealing with user privilege level password loss when password recovery capability is enabled

1. Reboot the device to access the EXTEND-BOOTWARE menu, and then enter 8.

Password recovery capability is enabled.

Note: The current operating device is cfa0

Enter < Storage Device Operation > to select device.

===========================<EXTEND-BOOTWARE MENU>===========================

|<1> Boot System |

|<2> Enter Serial SubMenu |

|<3> Enter Ethernet SubMenu |

|<4> File Control |

|<5> Restore to Factory Default Configuration |

|<6> Skip Current System Configuration |

|<7> BootWare Operation Menu |

|<8> Clear Super Password |

|<9> Storage Device Operation |

|<0> Reboot |

============================================================================

Ctrl+Z: Access EXTEND-ASSISTANT MENU

Ctrl+F: Format File System

Enter your choice(0-9): 8

The device deletes the user privilege level password configuration commands from the next-startup configuration file. After the operation is completed, the following message appears:

Clear Super Password Success!

2. When the EXTEND-BOOTWARE menu appears again, enter 0 to reboot the device.

The device starts up with the next-startup configuration file.

3. Configure new passwords for user privilege levels.

For security purposes, the password is always saved in ciphertext to the configuration file, regardless of whether you enter the password in ciphertext or plain text.

<Sysname> system-view

[Sysname] super password cipher 123456

4. For the settings to take effect at reboot, save the configuration.

[Sysname] save