This video shows how to upgrade the software on an HP ProCurve switch using TFTP.

Dear community, We have several HP 2920-48G-POE+ Switch (J9729A) and we are having a hard time on updating the firmware using the web interface. The current firmware version is: WB., ROM WB.15.04. The HP Procurve 2910al is a sturdy and reliable piece of hardware that can get stuck in the past if software updates are not applied on a regular basis. Purchasing a secondhand 2910al with the firmware stuck in 2009 can lead to a highly annoying upgrade procedure.

This procedure assumes that:

• A software version for the switch has been stored on a TFTP server accessible to the switch. (The software file is typically available from the HP Switch Networking website at www.hp.com/networking/support.)

• The switch is properly connected to your network and has already been configured with a compatible IP address and subnet mask.

• The TFTP server is accessible to the switch via IP.

Hp Switch Firmware

Before you use the procedure, do the following:

• Obtain the IP address of the TFTP server in which the software file has been stored.

• If VLANs are configured on the switch, determine the name of the VLAN in which the TFTP server is operating.

• Determine the name of the software file stored in the TFTP server for the switch (for example, E0820.swi.)

Update Hp Switch Firmware

Syntax

copy tftp flash ip-addressremote-file [ primary | secondary ] [oobm]

Automatically downloads a switch software file to primary or secondary flash. If you do not specify the flash destination, the TFTP download defaults to primary flash.

Example

To download a switch software file named k0800.swi from a TFTP server with the IP address of 10.28.227.103 to primary flash:

Hp Procurve Switch Firmware Update

1. Execute copy as shown below:

   Download command for an OS (switch software)

   When the switch finishes downloading the software file from the server, it displays this progress message:

   Validating and Writing System Software to FLASH ...

2. When the download finishes, you must reboot the switch to implement the newly downloaded software image. To do so, use one of the following commands:

   Syntax

   boot system flash [ primary | secondary ]

   Boots from the selected flash.

   Syntax

   Boots from the flash image and startup-config file. A switch covered in this guide (with multiple configuration files), also uses the current startup-config file.

3. To confirm that the software downloaded correctly, execute show system and check the Firmware revision line.

For information on primary and secondary flash memory and the boot commands, see the Basic Operation Guide.

TFTP is enabled by default on the switch. If TFTP operation has been disabled, you can re-enable it by specifying TFTP client or server functionality with the following command.

Syntax

Syntax

[ no ] tftp [ client | server [ listen oobm | data | both ] ]

Disables/re-enables TFTP for client or server functionality so that the switch can:

• Use TFTP client functionality to access TFTP servers in the network to receive downloaded files.

• Use TFTP server functionality to upload files to other devices on the network.

For switches that have a separate out-of-band management port, the listen parameter in a server configuration allows you to specify whether transfers take place through the out-of-band management (oobm) interface, the data interface, or both.

Operation notes

TFTP at the switch is allows for extensive use of scripts on various customer environments. Such environs, like FW, configurations, backups, and restores all use the TFTP network service.

• SSH/SFTP is needed to secure access to network components.

• Users are allowed to re-enable TFTP and make both TFTP and SFTP work in parallel.

• SFTP support for database of DSNOOPv4, v6 and DHCP Server are also available. To provide a secure way to transfer the database, the SFTP option has been added where the respective database can also be transferred to a SFTP Server.

Enable TFTP client/server

The command ip ssh filetransfer will still disable the TFTP Client and TFTP Server however the user is able to re-enable them. The command will display the following message.

Downloading software automatically from a TFTP server

The auto-tftp command lets you configure the switch to download software automatically from a TFTP server.

Hp 2910al Firmware

At switch startup, the auto-TFTP feature automatically downloads a specified software image to the switch from a specified TFTP server and then reboots the switch. To implement the process, you must first reboot the switch using one of the following methods:

• Enter the boot system flash primary command in the CLI.

• With the default flash boot image set to primary flash (the default), enter the boot or the reload command, or use the reset button on the switch. (To reset the boot image to primary flash, use boot set-default flash primary.)

Syntax

By default, auto-TFTP is disabled. This command configures the switch to automatically download the specified software file from the TFTP server at the specified IP address. The file is downloaded into primary flash memory at switch startup; the switch then automatically reboots from primary flash.

The no form of the command disables auto-TFTP operation by deleting the auto-tftp entry from the startup configuration.

The no auto-tftp command does not affect the current TFTP-enabled configuration on the switch. However, entering the ip ssh filetransfer command automatically disables both auto-tftp and tftp operation.

Note that the menu interface accesses only the primary flash.

1. In the console Main Menu, select Download OS to display the screen in Download OS (software) screen (default values). (The term 'OS' or 'operating system' refers to the switch software):

   Download OS (software) screen (default values)

2. Press [E] (for Edit.)

3. Ensure that the Method field is set to TFTP (the default.)

4. In the TFTP Server field, enter the IP address of the TFTP server in which the software file has been stored.

5. In the Remote File Name field, enter the name of the software file (if you are using a UNIX system, remember that the filename is case-sensitive.)

6. Press [Enter], then [X] (for eXecute) to begin the software download.

   The screen shown in Download OS (software) screen during a download appears:

   Download OS (software) screen during a download

   A 'progress' bar indicates the progress of the download. When the entire software file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH...

7. After the primary flash memory is updated with the new software, you must reboot the switch to implement the newly downloaded software. Return to the Main Menu and press [6] (for Reboot Switch.)

   You will see this prompt:

   Press the space bar once to change No to Yes, then press [Enter] to begin the reboot.

   NOTE: When you use the menu interface to download a switch software, the new image is always stored in primary flash. Also, using the Reboot Switch command in the Main Menu always reboots the switch from primary flash. Rebooting the switch from the CLI provides more options. See the Basic Operation Guide.

8. After you reboot the switch, confirm that the software downloaded correctly:

   1. From the Main Menu, select

   2. Check the Firmware revision line.

Disabling TFTP and auto-TFTP for enhanced security

Using the ip ssh filetransfer command to enable SFTP automatically disables TFTP and auto-TFTP (if either or both are enabled), as shown in Example of switch configuration with SFTP enabled.

Example of switch configuration with SFTP enabled

If you enable SFTP and then later disable it, TFTP and auto-TFTP remain disabled unless they are explicitly re-enabled.

Operating rules are:

• The TFTP feature is enabled by default, and can be enabled or disabled through the CLI, the Menu interface (see Using the Menu interface to disable TFTP), or an SNMP application. Auto-TFTP is disabled by default and must be configured through the CLI.

  Using the Menu interface to disable TFTP

• While SFTP is enabled, TFTP and auto-TFTP cannot be enabled from the CLI. Attempting to enable either non-secure TFTP option while SFTP is enabled produces one of the following messages in the CLI:

  Similarly, while SFTP is enabled, TFTP cannot be enabled using an SNMP management application. Attempting to do so generates an 'inconsistent value' message. (An SNMP management application cannot be used to enable or disable auto-TFTP.)

• To enable SFTP by using an SNMP management application, you must first disable TFTP and, if configured, auto-TFTP on the switch. You can use either an SNMP application or the CLI to disable TFTP, but you must use the CLI to disable auto-TFTP. The following CLI commands disable TFTP and auto-TFTP on the switch.

Once you have confirmed that you have enabled an SSH session (with the show ip ssh command), enter ip ssh filetransfer so that SCP and/or SFTP can run. You can then open your third-party software client application to begin using the SCP or SFTP commands to safely transfer files or issue commands to the switch.

Switch memory allows up to ten public keys. This means the authentication and encryption keys you use for your third-party client SCP/SFTP software can differ from the keys you use for the SSH session, even though both SCP and SFTP use a secure SSH tunnel.

Some clients, such as PSCP (PuTTY SCP), automatically compare switch host keys for you. Other clients require you to manually copy and paste keys to the $HOME/.ssh/known_hosts file. Whatever SCP/SFTP software tool you use, after installing the client software you must verify that the switch host keys are available to the client.

Because the third-party software utilities you may use for SCP/SFTP vary, you should refer to the documentation provided with the utility you select before performing this process.

• When an SFTP client connects, the switch provides a file system displaying all of its available files and folders. No file or directory creation is permitted by the user. Files may be only uploaded or downloaded, according to the permissions mask. All of the necessary files the switch needs are already in place on the switch. You do not need to (nor can you) create new files.

• The switch supports one SFTP session or one SCP session at a time.

• All files have read-write permission. Several SFTP commands, such as create or remove, are not allowed and return an error message. The switch displays the following files:

• When using SFTP to copy a software image onto the switch, the command return takes only a few seconds. However, this does not mean that the transfer is complete, because the switch requires additional time (typically more than one minute) to write the image to flash in the background. To verify the file transfer has been completed, you can use the show flash command or look for a confirmation message in the log, as in the following example:

You can verify secure file transfer operations by checking the switch's event log, or by viewing the error messages sent by the switch that most SCP and SFTP clients print out on their console.

If an ssh connection is broken at the wrong moment (for instance, the link goes away or spanning tree brings down the link), a fatal exception occurs on the switch. If this happens, the switch gracefully exits the session and produces an Event Log message indicating the cause of failure. The following three examples show the error messages that may appear in the log, depending on the type of session that is running (SSH, SCP, or SFTP):

If you attempt to start an SCP (or SFTP) session while a flash write is in progress, the switch does not allow the SCP or SFTP session to start. Depending on the client software in use, the following error message may appear on the client console:

This next example shows the error message that may appear on the client console if a new SCP (or SFTP) session is started from a client before the previous client session has been closed (the switch requires approximately ten seconds to timeout the previous session):

The switch supports only one SFTP session or one SCP session at a time. If a second session is initiated (for example, an SFTP session is running and then an SCP session is attempted), the following error message may appear on the client console:

The switch's USB port (labeled as Auxiliary Port) allows the use of a USB flash drive for copying configuration files to and from the switch. Beginning with software release K_12_XX or later, copy commands that used either tftp or xmodem now include an additional option for usb as a source or destination for file transfers.

Operating rules and restrictions on USB usage are:

• Unformatted USB flash drives must first be formatted on a PC (Windows FAT format.) For devices with multiple partitions, only the first partition is supported. Devices with secure partitions are not supported.

• If they already exist on the device, subdirectories are supported. When specifying a filename , you must enter either the individual file name (if at the root) or the full path name (for example, /subdir/filename.)

• To view the contents of a USB flash drive, use the dir command. This lists all files and directories at the root. To view the contents of a directory, you must specify the subdirectory name (that is, dir subdirectory.)

• The USB port supports connection to a single USB device. USB hubs to add more ports are not supported.