Upgrade information

When upgrading the switch to a major new version of AOS-CX, the switch may also require an ISP upgrade for one or multiple firmware devices, which will take additional time. If an ISP update is expected, issue the boot system command for an estimate of the upgrade time. Note that when performing a VSX upgrade, the upgrade may take twice as long for a VSX pair, because the VSX primary/secondary must update sequentially.

Each VSX switch in a pair must run the same version of AOS-CX. If a primary VSX switch is upgraded to 10.10.xxxx, the secondary VSX switch must be immediately upgraded to that same version. If the ISL link is disabled and enabled on VSX switches that are running different versions of AOS-CX, a VSX secondary switch running an older version of AOS-CX may be unable to synch information from the VSX primary, which can cause the port state to become blocked and lead to traffic loss.

Before starting a downgrade to a previous release for 10Ks running with PSM, all configurations that are unsupported and incompatible with the previous release must be removed from the PSM before rolling back the 10Ks to the previous release. Please refer to the latest PSM documentation for supported version and features.

Do not interrupt power to the switch during this important update.

Due to an issue with larger image sizes, a one-step upgrade from some versions of AOS-CX using the WebUI is not supported. This limitation only affects upgrades performed using the switch WebUI, and does not impact upgrades performed using the command-line interface or HPE Aruba Networking Central.

Upgrades requiring two steps:

Original Release

Intermediate Upgrade Release

Final Upgrade Releases

10.10.xxxx-10.12.xxxx

10.13.xxxx

10.16.xxxx

Upgrades requiring one step:

Original Release

Final Upgrade Release

10.13, 10.14 or 10.15

10.16.xxxx

Manual configuration restore for software downgrade

To restore a previous configuration when downgrading to a previous version of software, follow these steps:

  1. Use the show checkpoint command to see the saved checkpoints and ensure that you have a checkpoint that is an exact match of the target software version (see the Image Version column in the output of the command, for example, DL.10.xx.yyyy).

    2. This checkpoint can be the startup-config-backup automatically created during the initial upgrade or any other manually created checkpoint for the target software version.

  2. Copy the backup checkpoint into the startup-config.
  3. Boot the switch to the target version (lower version), making sure to select no when prompted to save the current configuration.

Performing the software upgrade

For additional upgrade and downgrade scenarios, including limitations of automatic upgrade and downgrade scenarios provided by the Configuration Migration Framework (CMF), refer to the AOS-CX 10.16 Fundamentals Guide.

This version may contain a change of BootROM from the current running version. A BootROM update is a non-failsafe update. Do not interrupt power to the switch during the update process or the update could permanently damage the device.

  1. Copy the new image into the non-current boot bank on the switch using your preferred method.
  2. Depending on the version being updated, there may be device component updates needed. Preview any devices updates needed using the boot system <BOOT-BANK> command and entering n when asked to continue.

    For example, if you copied the new image to the secondary boot bank and no device component updates are needed, you will see this:

    switch# boot system secondary

    Default boot image set to secondary.

    Checking if the configuration needs to be saved...

     

    Checking for updates needed to programmable devices...

    Done checking for updates.

     

    This will reboot the entire switch and render it unavailable

    until the process is complete.

    Continue (y/n)? n

    In this example, three device updates will be made upon reboot, one of which is a non-failsafe device:

    switch# boot system secondary

    Default boot image set to secondary.

    Checking if the configuration needs to be saved...

     

    Checking for updates needed to programmable devices...

    Done checking for updates.

     

    2 device(s) need to be updated during the boot process.

    The estimated update time is between 2 and 3 minute(s).

    There may be multiple reboots during the update process.

     

    1 non-failsafe device(s) also need to be updated.

    Please run the 'allow-unsafe-updates' command to enable these updates.

     

    This will reboot the entire switch and render it unavailable

    until the process is complete.

    Continue (y/n)? n

  3. When ready to update the system, if a non-failsafe device update is needed, make sure the system will not have any power interruption during the process. Invoke the allow unsafe updates command to allow updates to proceed after a switch reboot. Proceed to step 4 within the configured time.

    switch# config

    switch(config)# allow-unsafe-updates 30

     

    This command will enable non-failsafe updates of programmable devices for

    the next 30 minutes. You will first need to wait for all line and fabric

    modules to reach the ready state, and then reboot the switch to begin

    applying any needed updates. Ensure that the switch will not lose power,

    be rebooted again, or have any modules removed until all updates have

    finished and all line and fabric modules have returned to the ready state.

     

    WARNING: Interrupting these updates may make the product unusable!

     

    Continue (y/n)? y

     

    Unsafe updates : allowed (less than 30 minute(s) remaining)

  4. Use the boot system <BOOT-BANK> command to initiate the upgrade. On the switch console port an output similar to the following will be displayed as various components are being updated:

    switch# boot system secondary

    Default boot image set to secondary.

    Checking if the configuration needs to be saved...

     

    Checking for updates needed to programmable devices...

    Done checking for updates.

     

    3 device(s) need to be updated during the boot process.

    The estimated update time is between 2 and 3 minute(s).

    There may be multiple reboots during the update process.

     

     

    This will reboot the entire switch and render it unavailable

    until the process is complete.

    Continue (y/n)? y

    The system is going down for reboot.

     

    Looking for SVOS.

     

    Primary SVOS: Checking...Loading...Finding...Verifying...Booting...

     

    ServiceOS Information:

    Version: <serviceOS_number>

    Build Date: yyyy-mm-dd hh:mm:ss PDT

    Build ID: ServiceOS:<serviceOS_number>:6303a2a501ba:202006171659

    SHA: 6303a2a501bad91100d9e71780813c59f19c12fe

     

    Boot Profiles:

     

    0. Service OS Console

    1. Primary Software Image [xx.10.15.1000]

    2. Secondary Software Image [xx.10.16.1006]

     

    Select profile(secondary):

     

    ISP configuration:

    Auto updates : enabled

    Version comparisons : match (upgrade or downgrade)

    Unsafe updates : allowed (less than 29 minute(s) remaining) Advanced: Config path : /fs/nos/isp/config [DEFAULT] Log-file path : /fs/logs/isp [DEFAULT] Write-protection : disabled [DEFAULT] Package selection : 0 [DEFAULT] 3 device(s) need to be updated by the ServiceOS during the boot process. The estimated update time by the ServiceOS is 2 minute(s). There may be multiple reboots during the update process. MODULE 'mc' DEVICE 'svos_primary' : Current version : '<serviceOS_number>' Write-protected : NO Packaged version : '<version>' Package name : '<svos_package_name>' Image filename : '<filename>.svos' Image timestamp : 'Day Mon dd hh:mm:ss yyyy' Image size : 22248723 Version upgrade needed Starting update... Writing... Done. Erasing... Done. Reading... Done. Verifying... Done. Reading... Done. Verifying... Done. Update successful (0.5 seconds). reboot: Restarting system

Multiple components may be updated and several reboots will be triggered during these updates. When all component updates are completed, the switch console port will arrive at the login prompt with a display similar to following:

(C) Copyright 2017-2025 Hewlett Packard Enterprise Development LP

 

RESTRICTED RIGHTS LEGEND

Confidential computer software. Valid license from Hewlett Packard Enterprise

Development LP required for possession, use or copying. Consistent with FAR

12.211 and 12.212, Commercial Computer Software, Computer Software

Documentation, and Technical Data for Commercial Items are licensed to the

U.S. Government under vendor's standard commercial license.

 

We'd like to keep you up to date about:

* Software feature updates

* New product announcements

* Special events

Please register your products now at: https://networkingsupport.hpe.com

 

switch login:

HPE Aruba Networking recommends waiting until all upgrades have completed before making any configuration changes.

AOS-CX 10.16.xx