PicOS® Quick Deployment Guide

09 gen. 2026 - PicOS® Quick Deployment Guide 1. Getting Started with PicOS® 1.1 Understanding PicOS® 1.1.1 About the Quick Deployment Guide PicOS® Quick Deployment Guide provides a high-level introduction to PicOS® and explains basic concepts and operational principles for working with PicOS® network devices. In this guide, we explain the basics of PicOS®, including: Understanding the network operating system software How to access PicOS® network devices How to perform the initial device configuration, including the root password, hostname, management and loopback interfaces, user accounts, and backup router configuration 1.1.2 Operating system infrastructure PicOS® includes processes that run on the device, including IP routing, Ethernet switching, management interfaces, and various other functions. PicOS® runs on the routing engine. The routing engine kernel coordinates communication between software processes and provides a link to the packet forwarding engine. Using the CLI, you can configure device functions and set network interface properties. After activating the software configuration, the CLI user interface is used to monitor and manage operations, as well as diagnose protocol and network connectivity issues. Routing Engine and Packet Forwarding Engine A PicOS® network router or switch has two main software processing components: Packet Forwarding Engine – Handles packets, applies filters, routing policies, and other functions, and forwards packets to the next hop on the route to their final destination. Routing Engine – Provides three primary functions: Maintains the routing table used by network devices and controls the routing protocols running on the device. Performs packet forwarding by providing route lookup, filtering, and switching for incoming packets, then directing outgoing packets to the appropriate interface for transmission onto the network. Provides control and monitoring functions for the device. 1.2 Access a PicOS® Network Device 1.2.1 Overview of PicOS® Network Device Initial Configuration After installing and starting a PicOS® Networks device, you can begin the initial configuration. All devices come pre-installed with a version of PicOS®. The procedures in this guide show you how to connect the device to the network without enabling traffic forwarding. For complete information on enabling traffic forwarding, including examples, refer to the Software Configuration Guide. Notes: For an overview of PicOS® and detailed information on configuration statements and CLI commands, refer to PicOS® Configuration Guide V4.4.5. By default, console access to the device is enabled. Initially, connect to the device using the Console Port. Before configuring the device, gather the following information: The name the device will use on the network The IP address and prefix length information for the Ethernet interface The IP address of the default gateway The most common method for configuring the device is using CLI commands. 1.2.2 Console Port Overview The Console Port allows access to a device running PicOS®, regardless of its state, unless the device is completely powered off. By connecting to the Console Port, you can access the device at the root level without relying on a network connection. The Console Port connection provides continuous direct access to the device, which is typically available even if the primary network fails. We recommend using the Console Port connection for all PicOS® and software package upgrades, as this connection remains open during the upgrade process, allowing you to monitor status and progress. Other network-based connections, such as SSH or Telnet, are usually interrupted during a software upgrade, which may result in the loss of status updates or error messages. 1.2.3 How to Access a PicOS® Network Device for the First Time When you power on a device running PicOS®, it automatically starts up. To perform the initial configuration, you must connect a terminal or laptop to the device via the Console Port. By default, console port access to the device is enabled. However, remote management access and all management protocols (such as Telnet, FTP, and SSH) are disabled by default. First Time Access to the Network Device: a) Connect your laptop or desktop computer to the Console Port on the front panel of the device. Port Settings Use the following port settings to connect a terminal or a computer to the switch console port: Baud rate: 115200 Data bits: 8 Stop bits: 1 Note: The default width for terminal sessions through the Console Port is 80 characters. This means that the terminal client width should be at least 80 characters to properly use the Console Port. Most terminal clients have a default width of 80 characters. b) Power on the device and wait for it to boot. The software will start automatically. Once the boot process is complete, you will see the PicOS login: prompt on the console. c) Log in as the user admin. By default, PicOS® has two users: root and admin. On the first login, you must manually set the password for the admin account. The user should use pica8 as the password on the first login. After that, the system will prompt the user to change the default password. The new password must be a string of 8 to 512 case-sensitive characters. PicOS login: admin Password: (input default password "pica8") You are required to change your password immediately (administrator enforced) Changing password for admin. Current password: (input "pica8" again) New password: (input new password: the new password should be no less than eight characters) Retype new password: (input new password again) Linux PicOS 5.10.23 #2 SMP Mon Aug 12 09:14:57 CST 2024 x86_64 Synchronizing configuration...OK. Welcome to PicOS admin@PicOS> d) After the switch boots up, it automatically enters the PicOS® CLI. admin@PicOS> e) Type configure to access CLI configuration mode admin@PicOS> configure admin@PicOS# 1.3 Device Hostname 1.3.1 Hostname Overview Almost every device in a network has a hostname. The hostname is the name used to identify the device on the network. It is easier to remember than an IP address. When you first boot a PicOS® network device, the default hostname is PicOS®. The PicOS® prompt indicates that the device is loading the new PicOS® software from the factory settings. By definition, such devices do not have a configured hostname. As an administrator, you need to follow naming conventions for devices. One convention is to name the device based on its location, such as: germany-berlin-R1. Make sure the hostname is unique within the local network so that users can connect to the device using that hostname. You do not need to make the local hostname globally unique. In PicOS®, the hostname can contain any combination of letters, numbers, and hyphens. Special characters are not allowed. As a best practice, use short and meaningful hostnames because long hostnames are difficult to type and remember. 1.3.2 Configure the Device Hostname A host name distinguishes one device from another. The default host name is the system name PicOS®. You can modify the host name as required. a) In the configuration mode, specify or modify a host name for the switch. set system hostname b) set system hostname commit c) Verifying the Configuration After the configuration is completed, in the configuration mode, use run show system name command to view the new host name. d) Other Configurations To reset the hostname to default, use delete system hostname command. 1.4 Management Ethernet and Loopback Interfaces 1.4.1 Management Ethernet Interface Overview The management interface is the primary interface for remotely accessing the device. Typically, the management interface does not connect to the in-band network but instead connects to the device’s internal network. As a system administrator, you can use the management interface to access the device through the network using utilities such as SSH and Telnet. You can configure the device from anywhere, regardless of its physical location. SNMP can use the management interface to collect statistics from the device. Authorized users and management systems use the management interface to connect to the device over the network. Some PicOS® network devices have dedicated management ports on the front panel. For other types of platforms, you can configure the management interface on one of the network interfaces. You can dedicate this interface to management, or share it with other traffic. You must configure the management interface before users can access it. To set up the management interface, you need information such as its IP address, prefix, and next hop. We recommend configuring the device so that traffic is not routed between the management interface and other ports. On many devices running PicOS®, traffic cannot be routed between the management interface and other ports. Therefore, you should choose an IP address with a separate prefix (network mask) in a separate (logical) network. For devices running PicOS®, the management Ethernet interface is typically named ETH0. 1.4.2 Configure Management Interface PicOS® switches provide one or two Ethernet management ports for switch configuration and out-of-band network management. See Figure 1, which shows the console and management ports of the PicOS®-3930 switch. The port labeled ETHERNET is the management port, while the port labeled CONSOLE is the console port. Figure 1. Console and Management Ports image.png Configure IP Address for Management Interface To facilitate the device management and meet the requirement of separating the management traffic from the data traffic, the switch supports the in-band or out-of-band management interface with the factory default IP address 192.168.1.1/24. If the switch cannot obtain the IP address through DHCP, the factory default IP address is valid, and you can access it through PCs in the same network segment. Besides, you can manually configure the IP address as needed. a) In the configuration mode, specify the IP address for management interface. set system management-ethernet eth0 ip-address {IPv4 | IPv6} set l3-interface vlan-interface inband-mgmt address prefix-length b) Commit the configuration. commit c) Verifying the Configuration After the configuration is completed, in the configuration mode, use run show system management-ethernet command to view the MAC address, IP address, state and traffic statistics. d) Other Configurations To clear the configuration of management interface, use delete system management-ethernet eth0 ip-address command. 1.4.3 Loopback Interface Overview The Internet Protocol (IP) specifies a loopback network with the address range (IPv4) 127.0.0.0/8. Most IP implementations support a loopback interface (lo0) to represent the loopback facility. Any traffic sent by computer programs to the loopback network is sent to the same computer. The most commonly used IP addresses on the loopback network are 127.0.0.1 (IPv4) and ::1 (IPv6). The standard domain name for this address is localhost. You can use the loopback interface to identify the device. While you can use any interface address to determine if the device is online, the loopback address is the preferred method. Even though interfaces may be removed or have their addresses changed due to changes in the network topology, the loopback address will never change. When you ping a single interface address, the result does not always reflect the health of the device. For example, a mismatch in the subnet configuration at both ends of a point-to-point link can make the link appear down. Pinging an interface to check if a device is online may lead to misleading results. The interface could be unavailable due to issues unrelated to the device’s configuration or operation. The loopback interface helps address these issues. Benefits Since the loopback address never changes, it is the best way to identify a device on the network. The loopback interface is always up and accessible as long as there is a route to that IP address in the IP routing table. Thus, it can be used for diagnostics and troubleshooting. Protocols such as OSPF use the loopback address to determine protocol-specific attributes of the device or network. Additionally, certain commands (e.g., ping mpls) require the loopback address to function properly. 1.4.4 Loopback Interface Configuration The loopback interface is always Up to ensure network reliability. The loopback interface has the following features: The loopback interface is always Up and has the loopback feature. The loopback interface can be configured with the mask of all 1s. Based on the preceding features, the loopback interface has the following applications. The IP address of a loopback interface is specified as the source address of packets to improve network reliability. When no Router ID is configured for dynamic routing protocols, the maximum IP address of the loopback interface is configured as the router ID automatically. a) In the configuration mode, specify the name and IP address for the loopback interface. set l3-interface loopback address prefix-length 32 set l3-interface loopback address prefix-length 128 b) Commit the configuration. commit c) Verifying the Configuration After the configuration is completed, in the configuration mode, use run show l3-interface loopback command to view the state, IP address, description and traffic statistics. d) Other Configurations By default, the loopback interface is enabled when created. To disable the loopback interface, use set l3-interface loopback disable command. To clear the configuration of loopback interface, use delete l3-interface loopback interface command. 1.5 Initial User Account 1.5.1 User Account Overview User accounts provide a way for users to access the device. For each account, you can define the user's login name, password, and any other user information. While it is common to use a remote authentication server to centrally store user information, it is also a good practice to configure at least one non-root user on each device. This way, you can still access the device even if the connection to the remote authentication server is interrupted. This non-root user is typically given a generic name, such as admin. 1.5.2 Configure User Account in the Configuration Group Here are two types of user accounts: super-user and read-only. The newly created user account, by default, is read-only. NOTE: "net-admin" is not allowed to use when configuring a username. Creating a User Class and Password admin@XorPlus# set system login user ychen authentication plain-text-password pica8 admin@XorPlus#set system login user ychen class super-user admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Login Announcement after Login admin@XorPlus# set system login announcement "welcome the switch-1101" admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Multi-line Login Announcement after Login The following example configures a multi-line announcement which will be printed on the teminal after user login. admin@XorPlus# set system login multiline-announcement 1 message "**********************************************" admin@XorPlus# set system login multiline-announcement 2 message "Welcome to the system！" admin@XorPlus# set system login multiline-announcement 3 message "**********************************************" admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Login Banner before Login admin@XorPlus# set system login banner "Hello! Welcome!" admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Multi-line Login Banner before Login The following example configures a multi-line banner which will be printed on the teminal before user login. admin@Xorplus# set system login multiline-banner 1 message "*********************NOTICE***********************" admin@Xorplus# set system login multiline-banner 2 message "This is a property of Pica8." admin@Xorplus# set system login multiline-banner 3 message "All users log-in are subject to company monitoring!" admin@Xorplus# set system login multiline-banner 4 message "**************************************************" admin@Xorplus# commit 1.5.3 Enable Remote Access Services Configuring the SSH Connection Limit admin@XorPlus# set system services ssh protocol-version v2 admin@XorPlus# set system services ssh connection-limit 5 admin@XorPlus# commit Waiting for merging configuration. Commit OK. Save done. admin@XorPlus# Enabling and Disabling Inband Service By default, SSH with inband interfaces are disabled. You can enable inband services by entering the command below. Set the L3 VLAN interface VLAN400 in the default VRF as the in-band management port. admin@Xorplus# set system inband vlan-interface VLAN400 admin@Xorplus# commit Set the loopback interface IP in the default VRF as the in-band management IP. admin@Xorplus# set system inband loopback 192.168.10.1 admin@Xorplus# commit Set the routed interface rif-ge3 in the default VRF as the in-band management port. admin@Xorplus# set system inband routed-interface rif-ge3 admin@Xorplus# commit Configuring the Idle Timeout for SSH User admin@Xorplus# set system services ssh idle-timeout 60 admin@XorPlus# commit Waiting for merging configuration. Commit OK. Save done. admin@XorPlus# Configuring the Port Number of the SSH server Users can use this command to configure the new port number of SSH server to prevent attackers from accessing the standard port of SSH service and ensure security. The default listening port number of the SSH server is 22. Note that, if the modified port number is not 22, the client needs to specify port number when logging in using SSH. admin@Xorplus# set system services ssh port 30 admin@Xorplus# commit Enabling Telnet Service The PicOS® switch supports functioning as a telnet server. To enable the telnet server function, users can enable the telnet service. The following command enables telnet service on the device. NOTEs: Telnet service is insecure. Do not enable a telnet server if you don't know what exactly it may mean. Limit to a maximum of 20 connections within 10 seconds. Terminate the session in 60 seconds if the connection is not successful. admin@PicOS# set system services telnet disable false admin@PicOS# commit 2. PicOS® Overview When using ONIE installer to install PicOS®, the installer reinstalls the software, rebuilds all the PicOS® file system. This can erase the configuration files and system logs from the previous installation. After a successful ONIE installation of PicOS® 4.x, the system generates multiple system partitions including PicOS® (partition size: 2G), PicOS®2 (partition size: 2G) and User-Data partitions. Among them, PicOS® and PicOS®2 are two independent system boot partitions. One of them is the active partition on which the running system resides, and the other is the inactive partition. The two-system-boot-partition feature allows the system to revert to a previous version of the installed software package when the it fails to upgrade PicOS® by using upgrade2 command. The ONIE installer removes all partitions to rebuild a brand new OS only when there is no User-Data partition. However, if there exists a User-Data partition (for example, install a new version 4.0.1 from the old one 4.0.0), the ONIE installer only rewrites the "PicOS®" partition, installs the new installation package to this partition and sets the system on "PicOS®" partition as the default and sole boot system. User-Data partition is a reserved partition which is not affected by ONIE installer and upgrade unless user manually removes it. User-Data partition uses all the available space left on the disk. Users can use this partition to store files and data. This document describes how to install PicOS® 4.x software using ONIE installer. 3. Install, Upgrade, and Downgrade PicOS® Software 3.1 Overview of Software Installation and Upgrade 3.1.1 What is ONIE ONIE (Open Network Install Environment) is an open source project of OCP (Open Compute Project). ONIE provides the environment to install any network operating system on a bare metal network switch. ONIE liberates users from captive pre-installed network operating systems, like the Cisco IOS, and provides them with a choice. ONIE is a small Linux operating system that comes pre-installed as firmware on bare metal network switches. ONIE acts as an enhanced boot loader, extending the features provided by U-Boot. ONIE is used to install PicOS® on compatible switches. The bare metal switches listed in the PicOS® Hardware Compatibility List must be pre-loaded with ONIE prior to installing PicOS®. 3.2 Preparation for Software Installation and Upgrade The installation methods used to install a new PicOS® are traditional installation and nos-boot-mode installation. You can choose a suitable installation method that is convenient and appropriate for your installation environment. If you want to install PicOS® through a console port, refer to PicOS® Configuration Guide V4.4.5. If you want to install the PicOS® through a non-console port (through the management port), refer to PicOS® Configuration Guide V4.4.5. Notes： You need to log in through the console port of the switch and perform the ONIE installation. Other NOSes including user data will be removed when install PicOS® under ONIE environment. When the ONIE installer is used to downgrade the PicOS® version from version 4.x to PicOS® 3.x or lower versions, we first need to use ONIE to uninstall the higher version PicOS® before proceeding with installing PicOS® 3.x or a lower version. On the ARM platform, execute the onie_uninstaller command at the ONIE prompt to uninstall the current version PicOS®. On the x86 platform, select the "ONIE: Uninstall OS" option in the GRUB menu to uninstall the current version PicOS®. If you enter GRUB rescue mode and the switch has GPT format partition, you can use the following commands to reset the GRUB boot variable to enter ONIE GRUB and then install PicOS®. grub rescue> set prefix=(hd0,gpt2)/grub grub rescue> set root=(hd0,gpt2) grub rescue> insmod normal grub rescue> normal Do not plug in the USB disk during onie-nos-installer process until ONIE starts up. If you have plugged in the USB disk before the installation operation, ONIE will find the installer on the USB disk when beginning the installation. On AS4610 series switches, when installation is complete, the installer will display: Please take out the usb disc, then remove the USB disk within 10 seconds after installation successful, and before machine restarts. All X86 platforms share one installation and upgrade package with the name fixed as: onie-installer-PicOS-VERSION-x86.bin, where VERSION is the release version. X86 platform are listed below: FS N9550-32D FS N8520-32D FS N9550-32D FS N8610-32D FS N8610-64D FS N9550-64D FS N8550-64C FS N5850-48S6Q FS N8550-48B8C FS S5580-48Y FS S5890-32C FS N8560-32C FS N8550-32C FS N8550-64C FS N8560-64C FS N8550-24CD8D FS S6860-24CD8D FS N5570-48S6C Edgecore AS4625-54P Edgecore AS4625-54T Edgecore AS4630-54TE Edgecore AS4630-54NPE Edgecore AS4630-54PE Edgecore AS5712-54X Edgecore AS5812-54T Edgecore AS5812-54X Edgecore AS7312-54X Edgecore AS7312-54XS Edgecore AS7326-56X Edgecore AS7712-32X Edgecore AS7726-32X Edgecore AS6812-32X Edgecore AS7816-64X Edgecore AS5835-54X Edgecore AS5835-54T Edgecore AS9716-32D Edgecore AS9726-32DB Edgecore AS9737-32DB Edgecore AS9736-64D DELL N3248P-ON DELL N3248PXE-ON DELL N3248TE-ON DELL N3224PX-ON DELL N3224P-ON DELL N3248X-ON DELL S4048-ON DELL S4148F-ON DELL S4148T-ON DELL S4128F-ON DELL S5224F-ON DELL S5296F-ON DELL S5212F-ON DELL S5248F-ON DELL S5232F-ON DELL Z9100-ON DELL Z9264F-ON DELL N3224T-ON DELL S4128T-ON DELL N3224F-ON DELL N2224PX-ON DELL N2224X-ON DELL N2248PX-ON DELL N2248X-ON DELL N3208PX-ON Delta AG7648 Delta AG5648 v1-R Delta AG9032v1 3.3 Upgrade and Downgrade Software 3.3.1 Traditional Installation NOTE： You need to log in through the console port of the switch and perform the ONIE installation described in this section. The installation method described in this section only applies to platforms that have pre-installed ONIE. 3.3.2 Manual Installation Process The following example describes the installation of PicOS® via manual installation method. Step1 Make sure that the installation package of .bin file has been load to the server (server could be HTTP, TFTP, or an FTP server or the switch local directory depending on the actual installation environment). Step2 Enter ONIE installation environment. The process is different on the following two types of platforms: ARM Platforms (AS4610 Series Switches) a) Verify that the switch is pre-loaded with ONIE, which will be used to load PicOS® on the switch. Power on the switch and interrupt the boot sequence by pressing any key when the following line is shown: Hit any key to stop autoboot: b) User will then reach the U-Boot command prompt indicated by ->. Run the printenv command at the U-Boot prompt. If the information displayed contains keywords like onie_initargs and onie_machine, the switch is pre-loaded with ONIE. LOADER->printenv active=image1 autoload=no baudrate=115200 bootcmd=run check_boot_reason;run PicOS_bootcmd;run onie_bootcmd bootdelay=10 check_boot_reason=if test -n $onie_boot_reason; then setenv onie_bootargs boot_reason=$onie_boot_reason; run onie_bootcmd; fi; consoledev=ttyS0 dhcp_user-class=arm-accton_as4610_54-r0_uboot dhcp_vendor-class-identifier=arm-accton_as4610_54-r0 ethact=eth-0 ethaddr=00:18:23:30:E7:8F fdtaddr=0xc00000 fpboot=setenv bootargs console=${consoledev},${baudrate} maxcpus=2 mem=1024M root=/dev/ram ${mtdparts} ubi.mtd=4 ethaddr=$ethaddr quiet gatewayip=192.168.0.1 initrd_high=0x80000000 ipaddr=192.168.0.1 loadaddr=0x70000000 loads_echo=1 mfg=mfg mfgdiags=run fpboot ; nand read ${loadaddr} diags ; bootm ${loadaddr} mfgdiags_recovery=nand read ${loadaddr} diags2 ; nand erase.part diags ; nand write ${loadaddr} diags mtdids=nand0=nand_iproc.0 mtdparts=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) netmask=255.255.255.0 nos_bootcmd=true onie_args=run onie_initargs onie_platformargs onie_bootcmd=echo Loading Open Network Install Environment ...; echo Platform: $onie_platform ; echo Version : $onie_version ; nand read $loadaddr $onie_start 0x00c00000 && run onie_args && bootm ${loadaddr} onie_dropbear_dss_host_key=begin-base64@600@d#AAAAB3NzaC1kc3MAAACBAIN7HOS7UGtQ+RS9R5Rdim9s4iadCBQ9SEFnHJZ2#ulK15hN2p1BOJ1Mf4qb/oHFGIt8hvopq157ejsJcSPuR9scXE2aYQO7r1+Ie#1MKoR3HyEFKgPhNUr0qYNiIaWGw2UUXivLUlhjmaPhjItsttb6AezNB6N1ap#TmIeEUse0NQBAAAAFQDndwbRrSsw6G/W4wd0LJVAjuyq2QAAAIAe/zGPyPNn#UwwV+i+j3l1W9IFhjA/ovXfX7PQtjHB7OJcInSpOA2gXLXHU2kYDkn+ymJQI#8Tn558nLHq64n9hIJzwaQH4ajMipBNwqR0WtpPXEaow9InDzjs+qFY0HAcTv#7DMEY9BGiJAUUSSCSFZ9dEYHIWUdk6WIpDUMX4b2ewAAAIB6bC+fHzr+Qaet#GjzynI0tApbzyydXKuIiIH6EDh2QEaP0E+TSxJ+C4xfyBAp1j0kvj0IYWR2P#H9ur0RaxDaCmKwIQs1gTJh/137Yd+OsqEV3JnrZxlEKk2DmI5c2wrGtl4oUp#XJfc+viahpFeCsGzsqGHHADWNsjlpKt457QCuQAAABUAk5406cTH4nZO0qlj#6irYf4WA65E=#====# onie_dropbear_rsa_host_key=begin-base64@600@r#AAAAB3NzaC1yc2EAAAADAQABAAAAgQCMTqwNhnJpuSLYAdRA/jjm1lyBaJF1#ovs3Hp0G7XkYnY4+JNPTCYgnmfMQnM83PQncuy89AqehJ2V22LGjpRiqT56K#MRr+hQoSWEbAObRd1azZF45pbxiQaQiQxNzIKbHDDWlGlycXfv8w9ZCElbxj#Ja7bkwmwg9EsBlW0d5u0BQAAAIAFr0FOyfn0OR1FiatvF624Aorcbl9oV/pc#JRghGfl8SxPihizz4bC7xAPCUkwd9ZHi+M2E6AjhIV69xjFKS0vYuQplvl8G#9R8YsnmP5B45TyLE3dW5V2/g+LQERQdFpRaSsPqEPHSlXPq4XHLGLRFItEBt#ohp41Qm+eA6efsAMIQAAAEEA4Y90xi8N1SuwjRk53fqpP8dC+FPnU850XtC1#cKG0rBt6v9qD+BTxxfE6GEpYM+N0fLyECbgBjA2LQF6CG3G15QAAAEEAnz3v#3POrcsMK2LkSNjWzAhzUqOWyOaNlhcvgh+2Xfj2tHyOTpZ09gCm483v1rui9#63uYu4QQurpATrHMcLIjoQ==#====# onie_initargs=setenv bootargs quiet console=$consoledev,$baudrate onie_machine=accton_as4610_54 onie_machine_rev=0 onie_platform=arm-accton_as4610_54-r0 onie_platformargs=setenv bootargs $bootargs serial_num=${serial#} ${platformargs} eth_addr=$ethaddr $onie_bootargs $onie_debugargs onie_recovery=nand read ${loadaddr} onie2 ; nand erase.part onie ; nand write ${loadaddr} onie onie_rescue=setenv onie_boot_reason rescue && boot onie_start=onie onie_sz.b=0x00c00000 onie_uninstall=setenv onie_boot_reason uninstall && boot onie_update=setenv onie_boot_reason update && boot onie_vendor_id=27658 onie_version=master-201603091701-dirty PicOS_bootcmd=usb start;run platformargs;setenv bootargs root=/dev/sda1 rw noinitrd console=$consoledev,$baudrate rootdelay=10 $mtdparts;ext2load usb 0:1 $loadaddr boot/uImage;bootm $loadaddr platform=accton_as4610_54 platformargs=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) maxcpus=2 mem=1024M ramdiskaddr=0x3000000 serial#=A626P1DL174300014 serverip=192.168.0.10 stderr=serial stdin=serial stdout=serial ubifscfg=ubi part nand0,4 0x0; ubifsmount fs ver=U-Boot 2012.10-gcbef171 (Mar 09 2016 - 17:01:14) - ONIE master-201603091701-dirty Environment size: 3992/65532 bytes c) From U-Boot prompt, boot ONIE in rescue mode. LOADER-> run onie_rescue x86 Platform On x86 platform, it uses GRUB menu to install OS via ONIE. a) Reboot the system, and enter ONIE installation environment from the GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. b) From GRUB prompt, choose ONIE: Rescue to Install OS, boot ONIE in rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ |*ONIE: Install OS | | ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step3 Run onie-nos-install command as follows to manually install PicOS®. Install via TFTP ONIE# onie-nos-install tftp:///PicOS.bin Install via FTP When installing via FTP, you need to type username and password of the FTP server on which the image file is loaded. ONIE# onie-nos-install ftp://username:password@/PicOS.bin Install via HTTP ONIE# onie-nos-install http:///PicOS.bin Install from Local Directory a) In ONIE rescue mode, copy the image file to the current directory. ONIE# scp username@/PicOS.bin . b) Run onie-nos-install command to start installation. ONIE# onie-nos-install PicOS.bin For example, ONIE:/ # onie-nos-install onie-installer-PicOS-4.0.0-8b1219e112-x86.bin discover: Rescue mode detected. No discover stopped. ONIE: Executing installer: onie-installer-PicOS-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. [1] PicOS L2/L3 (default) [2] PicOS Open vSwitch/OpenFlow Enter your choice (1,2):1 PicOS L2/L3 is selected. ONIE installation will overwrite the configuration file of existing system. It is recommended to follow the upgrade procedure to upgrade the system. Press any key to stop the installation... 10 9 8 7 6 5 4 3 2 1 ... The installer runs automatically, before start installation, it will prompt to choose the option to make PicOS® to boot into L2/L3 or OVS mode. If not selected, then PicOS® boots into L2/L3. After finishing installation, the device reboots automatically, the system then comes up running the new network operating system. NOTEs： After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.3 Automatic Installation Process The automatic installation process uses the DHCP message exchange process to download and install software packages. Step1 Make sure the switch is connected to DHCP and HTTP servers and the PicOS® installation software package is downloaded to the HTTP server. a) DHCP server configuration: define the path of the installation package and then start DHCP server service: host pica8-3922 { hardware ethernet 70:72:cf:12:34:56; fixed-address 192.168.2.50; option default-url = "http://192.168.2.42/onie-installer-PicOS-4.0.0-8b1219e112-x86.bin"; b) Check if the .bin installation file is loaded onto the HTTP server: root@dev:/var/www# ls index.html onie-installer-powerpc.bin Step2 Install PicOS® via ONIE. The process is different on the following two types of platforms: ARM Platforms (AS4610 Series Switches) a) Verify that the switch is pre-loaded with ONIE, which will be used to load PicOS® on the switch. Power on the switch and interrupt the boot sequence by pressing any key when the following line is shown: Hit any key to stop autoboot: b) User will then reach the U-Boot command prompt indicated by ->. Run the printenv command at the U-Boot prompt. If the information displayed contains keywords like onie_initargs and onie_machine, the switch is pre-loaded with ONIE. LOADER-> printenv active=image1 autoload=no baudrate=115200 bootcmd=run check_boot_reason;run PicOS_bootcmd;run onie_bootcmd bootdelay=10 check_boot_reason=if test -n $onie_boot_reason; then setenv onie_bootargs boot_reason=$onie_boot_reason; run onie_bootcmd; fi; consoledev=ttyS0 dhcp_user-class=arm-accton_as4610_54-r0_uboot dhcp_vendor-class-identifier=arm-accton_as4610_54-r0 ethact=eth-0 ethaddr=00:18:23:30:E7:8F fdtaddr=0xc00000 fpboot=setenv bootargs console=${consoledev},${baudrate} maxcpus=2 mem=1024M root=/dev/ram ${mtdparts} ubi.mtd=4 ethaddr=$ethaddr quiet gatewayip=192.168.0.1 initrd_high=0x80000000 ipaddr=192.168.0.1 loadaddr=0x70000000 loads_echo=1 mfg=mfg mfgdiags=run fpboot ; nand read ${loadaddr} diags ; bootm ${loadaddr} mfgdiags_recovery=nand read ${loadaddr} diags2 ; nand erase.part diags ; nand write ${loadaddr} diags mtdids=nand0=nand_iproc.0 mtdparts=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) netmask=255.255.255.0 nos_bootcmd=true onie_args=run onie_initargs onie_platformargs onie_bootcmd=echo Loading Open Network Install Environment ...; echo Platform: $onie_platform ; echo Version : $onie_version ; nand read $loadaddr $onie_start 0x00c00000 && run onie_args && bootm ${loadaddr} onie_dropbear_dss_host_key=begin-base64@600@d#AAAAB3NzaC1kc3MAAACBAIN7HOS7UGtQ+RS9R5Rdim9s4iadCBQ9SEFnHJZ2#ulK15hN2p1BOJ1Mf4qb/oHFGIt8hvopq157ejsJcSPuR9scXE2aYQO7r1+Ie#1MKoR3HyEFKgPhNUr0qYNiIaWGw2UUXivLUlhjmaPhjItsttb6AezNB6N1ap#TmIeEUse0NQBAAAAFQDndwbRrSsw6G/W4wd0LJVAjuyq2QAAAIAe/zGPyPNn#UwwV+i+j3l1W9IFhjA/ovXfX7PQtjHB7OJcInSpOA2gXLXHU2kYDkn+ymJQI#8Tn558nLHq64n9hIJzwaQH4ajMipBNwqR0WtpPXEaow9InDzjs+qFY0HAcTv#7DMEY9BGiJAUUSSCSFZ9dEYHIWUdk6WIpDUMX4b2ewAAAIB6bC+fHzr+Qaet#GjzynI0tApbzyydXKuIiIH6EDh2QEaP0E+TSxJ+C4xfyBAp1j0kvj0IYWR2P#H9ur0RaxDaCmKwIQs1gTJh/137Yd+OsqEV3JnrZxlEKk2DmI5c2wrGtl4oUp#XJfc+viahpFeCsGzsqGHHADWNsjlpKt457QCuQAAABUAk5406cTH4nZO0qlj#6irYf4WA65E=#====# onie_dropbear_rsa_host_key=begin-base64@600@r#AAAAB3NzaC1yc2EAAAADAQABAAAAgQCMTqwNhnJpuSLYAdRA/jjm1lyBaJF1#ovs3Hp0G7XkYnY4+JNPTCYgnmfMQnM83PQncuy89AqehJ2V22LGjpRiqT56K#MRr+hQoSWEbAObRd1azZF45pbxiQaQiQxNzIKbHDDWlGlycXfv8w9ZCElbxj#Ja7bkwmwg9EsBlW0d5u0BQAAAIAFr0FOyfn0OR1FiatvF624Aorcbl9oV/pc#JRghGfl8SxPihizz4bC7xAPCUkwd9ZHi+M2E6AjhIV69xjFKS0vYuQplvl8G#9R8YsnmP5B45TyLE3dW5V2/g+LQERQdFpRaSsPqEPHSlXPq4XHLGLRFItEBt#ohp41Qm+eA6efsAMIQAAAEEA4Y90xi8N1SuwjRk53fqpP8dC+FPnU850XtC1#cKG0rBt6v9qD+BTxxfE6GEpYM+N0fLyECbgBjA2LQF6CG3G15QAAAEEAnz3v#3POrcsMK2LkSNjWzAhzUqOWyOaNlhcvgh+2Xfj2tHyOTpZ09gCm483v1rui9#63uYu4QQurpATrHMcLIjoQ==#====# onie_initargs=setenv bootargs quiet console=$consoledev,$baudrate onie_machine=accton_as4610_54 onie_machine_rev=0 onie_platform=arm-accton_as4610_54-r0 onie_platformargs=setenv bootargs $bootargs serial_num=${serial#} ${platformargs} eth_addr=$ethaddr $onie_bootargs $onie_debugargs onie_recovery=nand read ${loadaddr} onie2 ; nand erase.part onie ; nand write ${loadaddr} onie onie_rescue=setenv onie_boot_reason rescue && boot onie_start=onie onie_sz.b=0x00c00000 onie_uninstall=setenv onie_boot_reason uninstall && boot onie_update=setenv onie_boot_reason update && boot onie_vendor_id=27658 onie_version=master-201603091701-dirty PicOS_bootcmd=usb start;run platformargs;setenv bootargs root=/dev/sda1 rw noinitrd console=$consoledev,$baudrate rootdelay=10 $mtdparts;ext2load usb 0:1 $loadaddr boot/uImage;bootm $loadaddr platform=accton_as4610_54 platformargs=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) maxcpus=2 mem=1024M ramdiskaddr=0x3000000 serial#=A626P1DL174300014 serverip=192.168.0.10 stderr=serial stdin=serial stdout=serial ubifscfg=ubi part nand0,4 0x0; ubifsmount fs ver=U-Boot 2012.10-gcbef171 (Mar 09 2016 - 17:01:14) - ONIE master-201603091701-dirty Environment size: 3992/65532 bytes c) Input command run onie_bootcmd, which will automatically install PicOS® on the switch. LOADER -> run onie_bootcmd Loading Open Network Install Environment ... Platform: arm-accton_as4610_54-r0 Version : 2021.09.00.03 WARNING: adjusting available memory to 30000000 ## Booting kernel from Legacy Image at 02000000 ... Image Name: as4610_54x.1.6.1.3 Image Type: ARM Linux Multi-File Image (gzip compressed) Data Size: 3514311 Bytes = 3.4 MiB Load Address: 00000000 Entry Point: 00000000 Contents: Image 0: 2762367 Bytes = 2.6 MiB Image 1: 733576 Bytes = 716.4 KiB Image 2: 18351 Bytes = 17.9 KiB Verifying Checksum ... OK ## Loading init Ramdisk from multi component Legacy Image at 02000000 ... ## Flattened Device Tree from multi component Image at 02000000 Booting using the fdt at 0x02355858 Uncompressing Multi-File Image ... OK Loading Ramdisk to 2ff4c000, end 2ffff188 ... OK Loading Device Tree to 03ff8000, end 03fff7ae ... OK Cannot reserve gpages without hugetlb enabled setup_arch: bootmem as4610_54x_setup_arch() arch: exit pci 0000:00:00.0: ignoring class b20 (doesn't match header type 01) sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through ONIE: Using DHCPv4 addr: eth0: 192.168.2.77 / 255.255.255.0 discover: installer mode detected. Running installer. Please press Enter to activate this console. ONIE: Using DHCPv4 addr: eth0: 192.168.2.77 / 255.255.255.0 ONIE: Starting ONIE Service Discovery ONIE: Executing installer: http://192.168.2.42/onie-installer-PicOS-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. PicOS installation .............................................. ./var/local/ ./var/run Setup PicOS environment ... .............................................. XorPlus login: admin Password: You are required to change your password immediately (root enforced) Changing password for admin. (current) UNIX password: Enter new UNIX password: Retype new UNIX password: admin@XorPlus$ x86 Platform On x86 platform, it uses GRUB menu to choose install OS via ONIE. a) Reboot the system, and enter ONIE installation environment from the GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. b) From GRUB prompt, choose ONIE: Rescue to Install OS, boot ONIE in rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ |*ONIE: Install OS | | ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ The installer runs and will reboot the system after installation is complete. NOTEs： After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.4 Nos-boot-mode Installation NOTE： The installation method described in this section applies to installation through both the console port and the management port. The installation method described in this section only applies to platforms that have pre-installed ONIE. The installation methods described in PicOS® Configuration Guide V4.4.5 must be performed through the console port. If you want to install the system through a non-console port, you can use the nos-boot-mode command to perform the installation which is described in this section. Usage of nos-boot-mode command: admin@Xorplus$sudo nos-boot-mode USAGE install or uninstall NOS(es) SYNOPSIS nos-boot-mode [install|uninstall] DESCRIPTION install- Install NOS uninstall- Remove all NOS(es) including PicOS® When nos-boot-mode install command is executed, PicOS® will switch to ONIE install mode, and the user should go on to complete the subsequent installation. The steps for the manual installation process and the automatic installation process using the nos-boot-mode install command are described below. When nos-boot-mode unsinstall command is executed, the system will remove all NOS(es) including PicOS® from the device. Therefore, it is suggested to use the nos-boot-mode unsinstall command with caution. 3.3.5 Manual Installation Process Step1 Make sure that the installation package of .bin file has been loaded to the server (server could be HTTP, TFTP, or an FTP server or the switch local directory depending on the actual installation environment). Step2 Execute the nos-boot-mode install command to enter ONIE installation environment. admin@Xorplus:~$ sudo nos-boot-mode install Step3 Type “yes” when the below prompt is shown, which will take the system will to ONIE install mode. Type 'yes' to install NOS! Type 'no' to exit [no]/yes: Step4 Run onie-nos-install command as follows to manually install PicOS®. Install via TFTP ONIE# onie-nos-install tftp:///PicOS.bin Install via FTP When installing via FTP, you need to type in the username and password for the FTP server on which the image file is loaded. ONIE# onie-nos-install ftp://username:password@/PicOS.bin Install via HTTP ONIE# onie-nos-install http:///PicOS.bin Install from Local Directory a) In ONIE rescue mode, copy the image file to the current directory. ONIE# scp username@/PicOS.bin . b) Run onie-nos-install command to start installation. ONIE# onie-nos-install PicOS.bin For example, ONIE:/ # onie-nos-install onie-installer-PicOS-4.0.0-8b1219e112-x86.bin discover: Rescue mode detected. No discover stopped. ONIE: Executing installer: onie-installer-PicOS-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. [1] PicOS L2/L3 (default) [2] PicOS Open vSwitch/OpenFlow Enter your choice (1,2):1 PicOS L2/L3 is selected. ONIE installation will overwrite the configuration file of existing system. It is recommended to follow the upgrade procedure to upgrade the system. Press any key to stop the installation... 10 9 8 7 6 5 4 3 2 1 ... The installer runs automatically, before start installation, it will prompt to choose the option to make PicOS® to boot into L2/L3 or OVS mode. If not selected, then PicOS® boots into L2/L3. After finishing installation, the device reboots automatically, the system then comes up running the new network operating system. NOTEs： After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.6 Automated Installation Process The automatic installation process uses the DHCP message exchange process to download and install software packages. Step1 Make sure the switch is connected to DHCP and HTTP servers, and the PicOS® installation software package is downloaded to the HTTP server. a) DHCP server configuration: define the path of the installation package and then start DHCP server service: host pica8-3922 { hardware ethernet 70:72:cf:12:34:56; fixed-address 192.168.2.50; option default-url = "http://192.168.2.42/onie-installer-PicOS-4.0.0-8b1219e112-x86.bin"; } b) Check if the .bin installation file is loaded onto the HTTP server: root@dev:/var/www# ls index.html onie-installer-powerpc.bin Step2 Execute the nos-boot-mode install command to enter ONIE installation environment. admin@Xorplus$ sudo nos-boot-mode install Step3 Type “yes” when the below prompt is shown, and the system will automatically complete the installation. Type 'yes' to install NOS! Type 'no' to exit [no]/yes: The installer runs automatically and will reboot the system after installation is completed. NOTEs： After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.7 Verifying Version after Installation After system reboots automatically, the system will come up running the new network operating system. admin@Xorplus> show version Copyright (C) 2009-2022 Pica8, Inc. =================================== Hardware Model : as7312_54x Linux System Version/Revision : 4.0.0/8b1219e112 Linux System Released Date : 5/18/2021 L2/L3 Version/Revision : 4.0.0/8b1219e112 L2/L3 Released Date : 5/18/2021 OVS/OF Version/Revision : 4.0.0/8b1219e112 OVS/OF Released Date : 5/18/2021 3.3.8 Appendix: Troubleshooting Installation/Upgrade Failure on AS7326-56X Installation or upgrade failure (for example, the switches cannot boot up after install) may occur on the old AS7326-56X hardware models (revision is R01F and before). When booting PicOS® on AS7326-56X and detect hardware rev R01F, the system will log a warning message to prompt the hardware revision R01F is a pre-production hardware reversion: "This hardware revision R01F is a pre-production hardware rev, PicOS® has applied a work around to work with PicOS®. Support will be provided on a best effort basis". To work around the issue, first we need to check the “Label Revision”. If it is an old hardware model (revision is R01F or before), then, we can perform the following provided solution after installation/upgrade to solve the problem. 3.3.9 Check Label Revision Under ONIE prompt, run “onie_syseeprom” to get the “Label Revision”. ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 166 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 04/27/2019 02:10:06 Label Revision 0x27 4 R01B Platform Name 0x28 27 x86_64-accton_as7326_56x-r0 ONIE Version 0x29 13 2018.05.00.05 Manufacturer 0x2B 6 Accton Diag Version 0x2E 7 0.0.1.0 Base MAC Address 0x24 6 80:A2:35:81:D5:F0 Serial Number 0x23 14 732656X1916012 Country Code 0x2C 2 TW Part Number 0x22 13 FP4ZZ7656005A Product Name 0x21 15 7326-56X-O-AC-F MAC Addresses 0x2A 2 256 Vendor Name 0x2D 6 Accton CRC-32 0xFE 4 0xC3D3F2DE Checksum is valid. ONIE:/ # 3.3.10 Solution You can follow the steps below after installation/upgrade, to fix the problem of installation and upgrade failure on the old AS7326-56X hardware model (revision R01F or before). Step1 Power cycle the switch. Step2 From the GRUB menu, choose “ONIE” to enter ONIE GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. Step3 From ONIE GRUB menu, choose “ONIE: Rescue” to launch ONIE in Rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ | ONIE: Install OS | |*ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step4 Press Enter to display the ONIE prompt. Step5 Mount PicOS® partition with label is “PicOS”. ONIE:/ # blkid /dev/sda7: LABEL="User-Data" UUID="be63cef8-4560-4c48-ab5a-8f7ced5a950b" /dev/sda6: LABEL="PicOS2" UUID="f589e53f-4cd1-44ba-8384-f339f4e2b2ac" /dev/sda5: LABEL="PicOS" UUID="8ca5f7ed-5a15-4a2a-944c-4d8872647bf5" /dev/sda4: LABEL="PicOS-GRUB" UUID="782a1372-4b66-4783-b920-dab1df8ec6e4" /dev/sda3: LABEL="ACCTON-DIAG" UUID="3e4117d0-1926-472a-9d9e-08883df83d40" /dev/sda2: LABEL="ONIE-BOOT" UUID="1a90abd8-f065-4f7a-90a0-af122b8805fa" ONIE:/ # ONIE:/ # mount /dev/sda5 /mnt Step6 Execute the following command to modify the I2C access address. ONIE:/ # sed -I "s/0x57/0x56/" /mnt/etc/rc_hw.sh ONIE:/ # sync Step7 Unmount the PicOS® partition. ONIE:/ # unmount /dev/sda5 Step8 Reboot the switch. ONIE:/ # reboot 4. Zero Touch Configuration 4.1 Overview of ZTP 4.1.1 ZTP Fundamentals NOTEs: Currently, the IPv6 ZTP is not supported. You are suggested to implement ZTP for unconfigured devices, or the error prompts may appear. Before using ZTP, you should configure the switch with two partitions of active partition and backup partition. The active partition can be used for upgrade and the backup partition can be used to save the current version, which can make sure the original version can be recovered once the upgrade is failed. ZTP (Zero Touch Provisioning) is a technology for automated upgrade and configuration of unconfigured network devices. You can automatically upgrade and configure devices with the provision script of ZTP before the PicOS® is up, obtaining the required configuration information without manual intervention, including IP addresses, routing, security policies, etc. When large numbers of switches need to be upgraded to new versions or issued with configuration files, you can use ZTP to reduce labor costs and improve deployment efficiency. It can implement fast, accurate and reliable device deployment. ZTP Process Figure 2. ZTP Workflow of White-Box Switches image.png After a switch is powered on, the switch sends DHCP Discover to get an IP address, and the DHCP server provides the switch with an IP address. The switch sends a request to the DHCP server, and the DHCP server sends a response including the HTTP server address. The switch sends an HTTP request to the HTTP server to get the shell script, and the HTTP server sends an HTTP response with the shell script. The switch executes the shell script to complete the ZTP deployment, including downloading a PicOS image, installing PicOS and its license, registering with the AmpCon-Campus server, updating switch configurations, and rebooting the switch. 4.1.2 DHCP Configuration of ZTP Option Parameters The DHCP server obtains network configuration information required by ZTP through option parameters. The request packets sent by DHCP client carry option 55, and the reply packets responded by DHCP server carry option 7, 66 and 67. The function of option parameters is shown as below. Table 1. Option description Option Description Carrier 55 Specifies the network configuration parameters need to be obtained from the server. It includes the boot file name, TFTP server address, Syslog server address and gateway. Client 7 Specifies the IP address of Syslog server. Server 66 Specifies the IP address of TFTP(HTTP) server allocated for the client. Server 67 Specifies the boot file name allocated for the client. Server DHCP Server Configuration When the switch is served as the DHCP server, you can configure the DHCP server through PicOS® commands (suggested) or Linux commands. PicOS® command Here is an example of configuring the DHCP server through PicOS® commands, which specifies the IP address of Syslog server as 192.168.10.1, the IP address of TFTP server as 192.168.10.1, and the working path of provision script on the TFTP server as ./provision.sh. For detailed information of related commands, see Configuring DHCP server. admin@PicOS# set protocols dhcp server pool pool1 log-server 192.168.10.1 admin@PicOS# set protocols dhcp server pool pool1 tftp-server 192.168.10.2 admin@PicOS# set protocols dhcp server pool pool1 bootfile-name file-path ./provision.sh admin@PicOS# commit Linux command Here is an example of configuring the DHCP server through Linux commands. host pica8-pxxxx {*************************//////////////////////////////////////////////////////////////////////////////////////// hardware ethernet 08:9e:01:62:d5:62; option bootfile-name "pica8/provision.script"; option tftp-server-name "xx.xx.xx.xx"; option log-servers xx.xx.xx.xx; fixed-address xx.xx.xx.xx; } The elements of the segment above are described below: host: the host name of the PicOS® switch. hardware ethernet: the MAC address of the PicOS® switch. bootfile-name: the file name of the shell scripts and its path relative to the TFTP root directory. tftp-server-name: the IP address of the TFTP server. log-servers: the IP address of the log server that will receive logs from ZTP. fixed-address: optional. Configure a fixed IP address as management IP of the switch. PicOS® switches send a vendor-class-identifier to the DHCP server in the format of pica8-pxxxx where xxxx is the switch model. It is possible for the customer to use the vendor-class-identifier to identify PicOS® switches. 4.1.3 Provision Script The provision script describes what is required and how to execute when you upgrade and configure PicOS® through ZTP. You can customize the provision script through running the generate_script file. The generate_script is provided in the format of Shell and Python, and you can click generate_script.py or generate_script.sh to download. The detailed contents are shown as below. import os def prompt_choice(): print("""Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file "picos_start.conf" from file server 9. Get PicOS configuration file "pica_startup.boot" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file "ovs-vswitchd.conf.db" from file server""") return input("Enter your choice: ") def generate_script(): config_commands = [] while True: choice = prompt_choice() if choice == 'done': break if choice == '1': ip = input("Enter syslog server IP address: ") config_commands.append(f"add_remote_syslog_server {ip}") elif choice == '2': ip = input("Enter the syslog server IP address to remove: ") config_commands.append(f"remove_remote_syslog_server {ip}") elif choice == '3': remote_file_name = input("Enter file name in TFTP server: ") local_file_name = input("Enter file name with path in local: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"tftp_get_file {remote_file_name} {local_file_name} {ip}") elif choice == '4': local_file_name = input("Enter file name with path in local: ") file_name = input("Enter file name with HTTP server URL:: ") config_commands.append(f"http_get_file {local_file_name} {file_name}") elif choice == '5': config_commands.append("ztp_enable") elif choice == '6': config_commands.append("ztp_disable") elif choice == '7': file_name = input("Enter tftp file name or http url: ") revision = input("Enter the software revision of the image: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f'if [ "$revision" != "{revision}" ]; then get_picos_image {file_name} {ip}; fi') elif choice == '8': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_picos_startup_file {file_name} {ip}") elif choice == '9': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_l2l3_config_file {file_name} {ip}") elif choice == '10': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"l2l3_load_config {file_name} {ip}") elif choice == '11': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_ovs_config_file {file_name} {ip}") else: print("Invalid choice, please try again.") print("\n") # Generate Shell script script_name = "provision.sh" with open(script_name, 'w') as script_file: script_file.write("#!/bin/bash\n") script_file.write("source /usr/bin/ztp-functions.sh\n") script_file.write("\n") for command in config_commands: script_file.write(f"{command}\n") print(f"\nGenerated Shell script has been saved as {script_name}") # Run script generation program generate_script() #!/bin/bash function prompt_choice() { echo "Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file \"picos_start.conf\" from file server 9. Get PicOS configuration file \"pica_startup.boot\" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file \"ovs-vswitchd.conf.db\" from file server" read -rp "Enter your choice: " choice } function generate_script() { local config_commands=() local revision="" while true; do prompt_choice case $choice in 1) read -rp "Enter syslog server IP address: " ip config_commands+=("add_remote_syslog_server $ip") ;; 2) read -rp "Enter the syslog server IP address to remove: " ip config_commands+=("remove_remote_syslog_server $ip") ;; 3) read -rp "Enter file name in TFTP server: " remote_file_name read -rp "Enter file name with path in local: " local_file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("tftp_get_file $remote_file_name $local_file_name $ip") ;; 4) read -rp "Enter file name with path in local: " local_file_name read -rp "Enter file name with HTTP server URL: " file_name config_commands+=("http_get_file $local_file_name $file_name") ;; 5) config_commands+=("ztp_enable") ;; 6) config_commands+=("ztp_disable") ;; 7) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter the software revision of the image:" revision read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("if [ \"\$revision\" != \"$revision\" ]; then get_picos_image $file_name $ip; fi") ;; 8) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_picos_startup_file $file_name $ip") ;; 9) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_l2l3_config_file $file_name $ip") ;; 10) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("l2l3_load_config $file_name $ip") ;; 11) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_ovs_config_file $file_name $ip") ;; done) break ;; *) echo "Invalid choice, please try again." ;; esac printf "\n" done # Generate Shell script local script_name="provision.sh" { echo "#!/bin/bash" echo "source /usr/bin/ztp-functions.sh" echo "" for command in "${config_commands[@]}"; do echo "$command" done } > "$script_name" printf "\n" echo "Generated Shell script has been saved as $script_name" } # Run script generation program generate_script Generate Script in the Shell Format Shell Script Content #!/bin/bash function prompt_choice() { echo "Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file \"PicOS_start.conf\" from file server 9. Get PicOS configuration file \"pica_startup.boot\" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file \"ovs-vswitchd.conf.db\" from file server" read -rp "Enter your choice: " choice } function generate_script() { local config_commands=() local revision="" while true; do prompt_choice case $choice in 1) read -rp "Enter syslog server IP address: " ip config_commands+=("add_remote_syslog_server $ip") ;; 2) read -rp "Enter the syslog server IP address to remove: " ip config_commands+=("remove_remote_syslog_server $ip") ;; 3) read -rp "Enter file name in TFTP server: " remote_file_name read -rp "Enter file name with path in local: " local_file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("tftp_get_file $remote_file_name $local_file_name $ip") ;; 4) read -rp "Enter file name with path in local: " local_file_name read -rp "Enter file name with HTTP server URL: " file_name config_commands+=("http_get_file $local_file_name $file_name") ;; 5) config_commands+=("ztp_enable") ;; 6) config_commands+=("ztp_disable") ;; 7) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter the software revision of the image:" revision read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("if [ \"\$revision\" != \"$revision\" ]; then get_PicOS_image $file_name $ip; fi") ;; 8) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_PicOS_startup_file $file_name $ip") ;; 9) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_l2l3_config_file $file_name $ip") ;; 10) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("l2l3_load_config $file_name $ip") ;; 11) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_ovs_config_file $file_name $ip") ;; done) break ;; *) echo "Invalid choice, please try again." ;; esac printf "\n" done # Generate Shell script local script_name="provision.sh" { echo "#!/bin/bash" echo "source /usr/bin/ztp-functions.sh" echo "" for command in "${config_commands[@]}"; do echo "$command" done } > "$script_name" printf "\n" echo "Generated Shell script has been saved as $script_name" } # Run script generation program generate_script Option Description of Shell Script NOTEs: Make sure that names of all files configured in the script is the same with files placed in the file server, or the switch cannot obtain them successfully. The IP address of TFTP server from DHCP server will be valid if it is not configured in the script. Option Description Example Add remote Syslog server Specify the IPv4 address of the Syslog server. Open 1 image.png The IPv4 address of Syslog server is configured as 10.10.30.1. Remove remote Syslog server Delete the IPv4 address of the Syslog server.10.10.30.1 Open 2 image.png The IPv4 address 10.10.30.1 of Syslog server is deleted. Get file from TFTP server Download a file with specified name from the TFTP server with a specified IP address and path, and save it in local with another specified name. Note： The path /cftmp is valid if you don’t specify the local path here. Open 3 image.png The file remote-file.txt in the TFTP server 10.10.30.2 is downloaded and is saved in local as local-file.txt. Get file from HTTP server Download a file with specified name from the HTTP server with a specified URL and save it in local with another specified name. Note： The root path is valid if you don’t specify the local path here. Open 4 image.png The file remote-file.txt in the HTTP server 10.10.30.2 is downloaded and is saved in local as local-file.txt. Enable ZTP auto-run when switch boot up Enable ZTP function after completing this ZTP process. Note： You are suggested to configure this option at last, or it may be invalid. Open 5 image.png Disable ZTP auto-run when switch boot up Disable ZTP function after completing this ZTP process. Note： You are suggested to configure this option at last, or it may be invalid. Open 6 image.png Get PicOS® image from file server and upgrade Download the PicOS® image from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Then, upgrade the switch to the new version. Notes： You should specify the version number to make sure the switch only upgrades one time. You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 7 image.png The image onie-installer-PicOS-9.8.7-main-43d73dd983-x86v.bin in the working path of the TFTP server 10.10.30.2 is downloaded, and the switch is upgraded to this new version with the version number 43d73dd983. Get PicOS® startup file "PicOS_start.conf" from file server Download the PicOS® startup file PicOS_start.conf from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Note： You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 8 image.png The file PicOS_start.conf from the HTTP server 10.10.30.3 is downloaded. Get PicOS® configuration file "pica_startup.boot" from file server Download the L2/l3 configuration file pica_startup.boot from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Note： You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 9 image.png The file pica_startup.boot from the HTTP server 10.10.30.3 is downloaded. Get file with PicOS® L2/L3 CLI commands list and execute these commands Download the L2/l3 command file from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Notes： You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. You can modify the file ztpl2l3_cfg.cli as needed. For example, if you need to specify VLAN 10 and VLAN 20, you can configure as follows:set vlans vlan-id 20 set vlans vlan-id 30 Open 10 image.png he file ztpl2l3_cfg.cli in the working directory of the TFTP server 10.10.30.2 is downloaded. Get PicOS® OVS configuration file "ovs-vswitchd.conf.db" from file server Download the OVS configuration file ovs-vswitchd.conf.db from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Notes： You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 11 image.png The file ovs-vswitchd.conf.db from the HTTP server 10.10.30.3 is downloaded. Generate Script in the Python Format Python Script Content import os def prompt_choice(): print("""Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file "PicOS_start.conf" from file server 9. Get PicOS configuration file "pica_startup.boot" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file "ovs-vswitchd.conf.db" from file server""") return input("Enter your choice: ") def generate_script(): config_commands = [] while True: choice = prompt_choice() if choice == 'done': break if choice == '1': ip = input("Enter syslog server IP address: ") config_commands.append(f"add_remote_syslog_server {ip}") elif choice == '2': ip = input("Enter the syslog server IP address to remove: ") config_commands.append(f"remove_remote_syslog_server {ip}") elif choice == '3': remote_file_name = input("Enter file name in TFTP server: ") local_file_name = input("Enter file name with path in local: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"tftp_get_file {remote_file_name} {local_file_name} {ip}") elif choice == '4': local_file_name = input("Enter file name with path in local: ") file_name = input("Enter file name with HTTP server URL:: ") config_commands.append(f"http_get_file {local_file_name} {file_name}") elif choice == '5': config_commands.append("ztp_enable") elif choice == '6': config_commands.append("ztp_disable") elif choice == '7': file_name = input("Enter tftp file name or http url: ") revision = input("Enter the software revision of the image: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f'if [ "$revision" != "{revision}" ]; then get_PicOS_image {file_name} {ip}; fi') elif choice == '8': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_PicOS_startup_file {file_name} {ip}") elif choice == '9': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_l2l3_config_file {file_name} {ip}") elif choice == '10': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"l2l3_load_config {file_name} {ip}") elif choice == '11': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_ovs_config_file {file_name} {ip}") else: print("Invalid choice, please try again.") print("\n") # Generate Shell script script_name = "provision.sh" with open(script_name, 'w') as script_file: script_file.write("#!/bin/bash\n") script_file.write("source /usr/bin/ztp-functions.sh\n") script_file.write("\n") for command in config_commands: script_file.write(f"{command}\n") print(f"\nGenerated Shell script has been saved as {script_name}") # Run script generation program generate_script() Option Description of Python Script The description of the Python script is the same with the Shell script. For detailed information, see Option Description of Shell Script. Configuration Example for Generating Provision.sh Take the Shell script as an example to introduce how to use it: a) Upload the Shell script generate_script.sh to the Linux environment. b) Use the command chmod +x generate_script.sh to enable the executable permission. c) Enter command ./generate_script.sh to run the script, and options are shown as below. image.png d) Select options of 1, 3 and 6 in sequence as needed, and enter done to generate the script. generate-20240918-062650.png e) The file named provision.sh is generated in the current directory, which includes all selected options. The content of provision script is shown as below. image-20241014-100713.png 4.2 Enabling or Disabling ZTP NOTE: By default, ZTP is enabled on PicOS® switches. If ZTP is left enabled, the PicOS® switch will try to download a new script every time the switch is booted. This is not a desirable situation, so ZTP should be disabled when it is no longer needed. Four methods are supported to disable or enable ZTP, as detailed below: Enable or disable ZTP through running the provision script. To generate the corresponding provision script, select options of 5 and 6 when running the generate_script, as shown below. image-20241014-101247.png Note： you are suggested to select this option at last, or the option may be invalid. Enable or disable ZTP through the command set system ztp enable in PicOS® configuration mode. The following example disables ZTP using the command set system ztp enable : dmin@XorPlus# set system ztp enable false admin@XorPlus# commit Enable or disable ZTP via the ztp-config script included with PicOS®. The following example disables ZTP using the ztp-config script run from the Linux shell: admin@LEAF-A$sudo ztp-config Please configure the default PicOS ZTP options: (Press other key if no change) [1] PicOS ZTP enabled * default [2] PicOS ZTP disabled Enter your choice (1,2):2 PicOS ZTP is disabled. admin@LEAF-A$ Manually edit the PicOS® configuration file PicOS_start.conf and change the value of the ztp_disable variable. The following snippet from the PicOS® configuration file shows that ZTP has been disabled (ztp_disable=true). admin@LEAF-A$more /etc/PicOS/PicOS_start.conf | grep ztp ztp_disable=true To enable ZTP, you need to set ztp_disable to false. 4.3 Preparation before ZTP Deployment Before powering on the switch to start ZTP deployment, you should make the following preparations: Items Preparations DHCP client It is network reachable, which can communicate with the DHCP server and file server. File server It is configured successfully and is network reachable. DHCP server It is network reachable. If the switch is served as the server, you should configure the IP address of file server, the path and name of provision script and the IP address of Syslog server (optional). Required files Obtain files (image file, L2/L3 configuration file, OVS configuration file, L2/L3 command file or startup file) from FS stuffs, and save them in the working directory of file servers.Note: the provision.sh is generated through running the generate_script file. For details, see Configuration Example for Generating Provision.sh. 4.4 Example for Implementing ZTP Deployment through DHCP 4.4.1 Overview Figure 3. Typical topology of ZTP implementation image.png In Figure 3, switches are configured respectively as the DHCP client and DHCP server. The client uses information configured on a DHCP server to locate the software image and configuration files on the TFTP server, and then download specified files to upgrade system and load configurations. The data plan is shown as below: Device Interface VLAN and IP Address DHCP server te-1/1/1te-1/1/2te-1/1/3 VLAN: 10IP address: 192.168.10.2/24 TFTP server eth0 IP address: 192.168.10.1/24 The image information of Client1 and Client2, and the files to be loaded are shown as below: Device Current version Files to be loaded Client1 PicOS®-9.8.7 Image: PicOS®-9.8.7-main-43d73dd983-x86v.binCommand file: ztpl2l3_cfg.cli Client2 PicOS®-4.4.0 4.4.2 Procedure DHCP Server Step 1 Configure VLAN and interface. admin@PicOS# set vlans vlan-id 10 admin@ PicOS # set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 10 admin@ PicOS # set interface gigabit-ethernet te-1/1/2 family ethernet-switching native-vlan-id 10 admin@ PicOS # set interface gigabit-ethernet te-1/1/3 family ethernet-switching native-vlan-id 10 admin@ PicOS # set vlans vlan-id 10 l3-interface vlan10 admin@ PicOS # set l3-interface vlan-interface vlan10 address 192.168.10.2 prefix-length 24 admin@ PicOS # commit Step 2 Configure DHCP pool. admin@PicOS# set protocols dhcp server pool pool1 network address 192.168.10.2 prefix-length 24 admin@PicOS# set protocols dhcp server pool pool1 lease-time 1440 admin@ PicOS # set protocols dhcp server pool pool1 range range1 low 192.168.10.3 admin@ PicOS # set protocols dhcp server pool pool1 range range1 high 192.168.10.20 admin@ PicOS # set protocols dhcp server pool pool1 tftp-server 192.168.10.1 admin@ PicOS # set protocols dhcp server pool pool1 bootfile-name file-path provision.sh admin@ PicOS # set ip routing enable true admin@ PicOS # commit TFTP Server Step 1 Set the basic configuration of TFTP server. Make sure that the TFTP server is network reachable, which can communicate with the DHCP server and DHCP client. Step 2 Configure files needed to be saved in the TFTP server. For the provision file provision.sh, you need to run generate_script with options 7 and 10 selected to generate it. For details, see Option Description of Shell Script. For the L2/L3 command file ztpl2l3_cfg.cli, you can modify it as needed, such as configuring VLAN20 and VLAN30. Step 3 Save the image file, provision script and L2/L3 command file to the working path of TFTP server. Note： The working path of TFTP server here is /home/admin/tftp, and you should modify it based on the actual circumstances. Step 4 Generate the MD5 file. Enter the directory which saves image file, and run the following Linux command to generate MD5 file. The generated MD5 file will be saved in this directory. Note： The MD5 file name must be the format of image-file-name.md5, otherwise the DHCP server cannot recognize it. admin@TFTP:~$ cd /home/admin/tftp admin@TFTP:~/tftp$ md5sum onie-installer-PicOS-9.8.7-main-43d73dd983x86v.bin > onie-installer-PicOS-9.8.7-main-43d73dd983-x86v.bin.md5 Step 5 View the files saved in the directory of /home/admin/tftp. admin@PicOS:~$ ls /home/admin/tftp ls-20240923-075709.png DHCP Client After completing the above configuration, start client1 and client2. 4.4.3 Verifying the Configuration View the upgrade process of client1 and client2. Client1: for the version is already V9.8.7, it directly loads L2/L3 command configurations. image-20241015-082949.png Client2: for the version is V4.4.0, it upgrades to V9.8.7 and then loads L2/L3 command configurations. image-20241015-083941.png View the L2/L3 command configurations of client1 and client2. image.png 4.5 Appendix: ZTP API The ZTP makes use of the API (application programming interface) defined in the ztp-functions.sh file located in the /usr/bin directory. The API description is shown as below, and you can refer to it when configuring the ZTP function, such as running the generate_script to generate the provision script. NOTE: For APIs with name changed, please use the correct name in the corresponding version, or the error prompt will appear. API Description Parameter Return Value Supported Version ztp_disable Disable ZTP auto-run when switch boots up None 0 = success,1 = failed All ztp_enable Enable ZTP auto-run when switch boots up None 0 = success,1 = failed All add_remote_syslog_server Add the remote Syslog server Parameter #1: the IP address of remote Syslog server(eg: 192.168.1.200) 0 = success,1 = failed All remove_remote_syslog_server Remove the remote Syslog server Parameter #1: the IP address of remote Syslog server(eg: 192.168.1.200) 0 = success,1 = failed All tftp_get_file Get file from TFTP server Parameter #1: file name in TFTP serverParameter #2: file name with path in localParameter #3: IP address of TFTP server 0 = success,1 = failed All http_get_file Get file from HTTP server Parameter #1: file name with path in localParameter #2: file name with HTTP server URL 0 = success,1 = failed V4.5.0E or later versions get_l2l3_config_file Get PicOS® configuration file "pica_startup.boot" from file server Parameter #1:For TFTP download: it is the configuration file name with path on TFTP severFor HTTP download: it is the configuration file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_get_l2l3_config_file. get_ovs_config_file Get PicOS® OVS configuration file "ovs-vswitchd.conf.db" from file server Parameter #1:For TFTP download: it is the configuration file name with path on TFTP severFor HTTP download: it is the configuration file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_ get_ovs_config_file. get_PicOS_startup_file Get PicOS startup file "PicOS_start.conf" from file server Parameter #1:For TFTP download: it is the startup file name with path on TFTP severFor HTTP download: it is the startup file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_ get_PicOS_startup_file. get_PicOS_image Get PicOS image from file server and upgrade Parameter #1:For TFTP download: it is the image file name with path on TFTP severFor HTTP download: it is the image file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_ get_PicOS_image. l2l3_load_config Get a file with PicOS® L2/L3 commands list, and execute these commands. Parameter #1:For TFTP download: it is the commands file name with path on TFTP severFor HTTP download: it is the commands file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed All 5. Configuration Statements and Operational Commands License Installation 5.1 Getting Started with PicOS® License 5.1.1 PicOS® License The PicOS® License (software license) is a software usage authorization that allows users to utilize PicOS®’s Debian Linux operating system, L2/L3 switching and routing functions, as well as OpenFlow features on the corresponding hardware device. The license is specific to the switch it is bound to and is not valid on any other switch. Therefore, it cannot be transferred across devices without authorization. However, once authorized, it remains valid permanently. 5.2 PicOS® License Operation Process 5.2.1 Activating the PicOS® License Follow the steps below to generate and install the PicOS® license. a) Get the switch’s speed type and hardware ID by issuing the following command at switch’s Linux prompt: admin@XorPlus$ license –s b) Use the assigned credential (SSO) by PicOS® License team (license@pica8.com) to login at “License Portal” website. image.png c) In the “License Portal” page, click “New Switch License” as shown below: image.png d) In “New Switch License” page, select Speed type and Feature type based on your purchased order. Then, enter the switch’s hardware ID. License name is optional. image.png e) After clicking the “Add License” button, the license will be added to the database. f) Click the “+” sign of the newly added license to display the “Download” button. image.png g) Click the “Download” button to download the license to the host. The license file name is “hardware_ID.lic”. For example: xxxx-xxxx-xxxx-xxxx.lic image.png h) Copy the downloaded license file (xxxx.lic) to the switch’s folder /home/admin/ by using scp or tftp etc. admin@XorPlus$ sudo scp xxxx.lic /home/admin/ i) Install the license by issuing the following command: admin@XorPlus$ sudo license -i /home/admin/xxxx.lic j) Restart the PicOS® service to activate the license: admin@XorPlus$ sudo systemctl restart PicOS k) After the switch rebooted, use the following command to verify the installed license. admin@XorPlus$ license –sor admin@XorPlus> license show 5.2.2 Installing the PicOS® License Installing License under Linux prompt Installing the License Notes： If no license is installed, only the first four ports and the first two uplink ports (if exist) of the switch are available after the upgrade. To upgrade the switch without production impact, user should install a license before the upgrade. It is possible to install a license in PicOS® 2.3 (starting with PicOS® 2.3.3). To upgrade a switch from a PicOS® version earlier than 2.3, it may be necessary to upgrade to PicOS® 2.3 first to install a license on the system. To avoid this step, user can run a script that can install the license on PicOS® releases earlier than 2.3. Please refer to PicOS® Configuration Guide V4.4.5 or look at the section below for older PicOS® releases. The license file cannot name pica.lic, or license will install failed. Customers can download the generated license file and copy it to the /etc/PicOS/ directory. The following example shows the contents of a switch-based license file: { "Type": "1GE", "Feature":["Open Flow", "Base Product", "Layer3"], "Hardware ID":"8A68-A7AC-D702-70D2", "Expire Date":"2020-10-28" } In the license file shown above, the type is 1GE while the feature is Base Product, Layer3, and Open Flow. Hardware ID is unique to every switch. Note： The switch cannot upgrade to a PicOS® version whose build date is later than the license expiration date. The following example shows the contents of a site-based license file: { "Type": "1GE", "Feature":["Open Flow", "Base Product", "Layer3"], "Mode":"site", "Site Name":"CompanyA", "Expire Date":"2020-10-28" } The license file can be installed with the command-line utility called license with the -i option. The following example installs a license file named js.lic: admin@PicOS:~$ cd /etc/PicOS admin@PicOS:/etc/PicOS$ ls -l total 32 drwxrwxr-x 2 root xorp 4096 Feb 4 22:00 ./ drwxrwxr-x 60 root xorp 4096 Feb 4 21:56 ../ -rw-rw-r-- 1 root xorp 26 Feb 4 18:27 fs_status -rw-r--r-- 1 root root 399 Feb 4 21:59 js.lic -rw-rw-r-- 1 root xorp 247 Sep 4 2014 license.conf -rw-rw-r-- 1 root xorp 183 Aug 10 2014 p2files.lst -rw-rw-r-- 1 root xorp 488 Feb 4 18:28 PicOS_start.conf -rw-r--r-- 1 root root 251 Feb 4 22:00 public.key admin@PicOS:~$ sudo license -i js.lic License successfully added, the switch need to be rebooted to activate the license. admin@PicOS:~$ ls -l total 32 drwxrwxr-x 2 root xorp 4096 Feb 4 22:00 ./ drwxrwxr-x 60 root xorp 4096 Feb 4 21:56 ../ -rw-rw-r-- 1 root xorp 26 Feb 4 18:27 fs_status -rw-rw-r-- 1 root xorp 247 Sep 4 2014 license.conf -rw-rw-r-- 1 root xorp 183 Aug 10 2014 p2files.lst -rw-r--r-- 1 root root 382 Feb 4 22:00 pica.lic -rw-rw-r-- 1 root xorp 488 Feb 4 18:28 PicOS_start.conf -rw-r--r-- 1 root root 251 Feb 4 22:00 public.key -rw-r--r-- 1 root root 251 Feb 4 22:00 switch-public.key admin@PicOS:~$ If the license is installed successfully, after license -i command, the following message will be displayed: License successfully added, the switch need to be rebooted to activate the license. To activate the new license, the switch must be restarted. Displaying License Information User can display the license information using the license -s command at the Linux shell. The following example displays information about the switch-based license: admin@PicOS:~$ license -s { "Type": "1GE", "Feature": ["Open Flow", "Base Product", "Layer3"], "Expire Date": "2020-10-28", "Hardware ID": "8A68-A7AC-D702-70D2" } The following example displays information about the site-based license: admin@PicOS:~$ license -s { "Type": "1GE", "Feature": ["Base Product", "Layer3", "Open Flow"], "Expire Date": "2020-10-28", "Hardware ID": "8A68-A7AC-D702-70D2", "Site Name": " CompanyA " } If the license is not valid, the license -s command generates the following output: admin@PicOS:~$ license -s Invalid license. Use below information to create a license. Type: 1GE Hardware ID: 8A68-A7AC-D702-70D2 admin@PicOS-OVS$ If no license is installed, the license -s command generates the following output: admin@PicOS:~$ license -s No license installed. Use below information to create a license. Type: 1GE Hardware ID: 8A68-A7AC-D702-70D2 admin@PicOS-OVS$ Add License Directly From License Command User can also add the license directly from the license command. The PicOS® 2.6 image supports this command. (1) Paste the license content. (2) Press enter and then press crtl+d. Example for P5401, add a site license: admin@PicOS:/ovs$ sudo license -i - sJXhrpDdd2ZsMemcJ26fqvjjw7vH30gf/4OVtLsROgPNl2VjFQhIJvS3zliF+DK+ tW2QpssH0JB4n8ae9/SumsRWdwdPpbQNB1WaeNq0onWdoTRz2HGiH+XudDAm6B37 kQvCGev7pAe0tCjnB+63F3Z5ZGPbQE89/fNSBGkE6mfZ6dG1F/86C9Bn/MyqkQSI 4uDtRwfo46elZOmwn5aD/mGyh/i2qg8IfhssIn0CbHVaJY8hyt7tYuvgkEb6Xlhx 7i9+qnk9c15ksBdak0f8gxorZDOCacwWACDt/K8NJokOMWTDLnLmDczrXO0Z5l75 eGc7ZygxCjd/jzc5oW9cgIyd License successfully added, the switch need to be rebooted to activate the license. admin@PicOS:/ovs$ Reboot system and license can be activated. Installing and Removing License for PicOS® go2cli Version Installing License under CLI Operation Mode The following steps describe how to install a license under CLI operation mode for PicOS® go2cli version. a) Before loading a license, upload the license file to the device. The following example uploads the license file 10GE-SITE-PICA8.lic to the default path. By default, the TFTP downloaded file is saved in directory /cftmp/. admin@PicOS> file tftp get remote-file /tftp/license/10GE-SITE-PICA8.lic local-file 10GE-SITE-PICA8.lic ip-address 10.10.50.22 b) Run the license install command to install the license. admin@PicOS> license install /cftmp/10GE-SITE-PICA8.lic When the license has been successfully installed, it will display the following information: License successfully added, the switch need to be rebooted to activate the license. c) Reboot the switch or restart PicOS® to activate the license. Choose either one: Reboot the switch admin@PicOS> request system reboot Restart PicOS® service licadmin@PicOS> start shell sh admin@PicOS:~$ sudo service PicOS restart admin@PicOS:~$ exit exit admin@PicOS> d) After PicOS® starts up, run the license show command to view the license information. admin@PicOS> license show { "Type": "10GE", "Feature": ["Base Product", "Layer3", "OpenFlow"], "Support End Date": "2020-10-28", "Hardware ID": "196B-A2AE-147A-73F2", "Site Name": "PICA8" } Removing License under CLI Operation Mode The following steps describe how to remove a license under CLI operation mode for PicOS® go2cli version. admin@PicOS> license remove admin@PicOS> license show No license installed. Use below information to create a license. Type: 10GE Hardware ID: 196B-A2AE-147A-73F2 5.2.3 PicOS® License FAQ User may encounter various problems during license installation as detailed below. The public.key file cannot be found. admin@PicOS:~$ sudo license -i js.lic Install failed: Cannot find public key. The license file does not exist. admin@PicOS:~$ sudo license -i js.lic Install failed: No such file or directory. The header or the key is disrupted. admin@PicOS:~$ sudo license -i js.lic Install failed: License or KEY is disrupted. The license format is not valid. admin@PicOS:~$ sudo license -i js.lic Install failed: License format error. The license file is not compatible with the switch (verify failed). admin@PicOS:~$ sudo license -i js.lic Install failed: Invalid license.

AmpCon-DC FAQ

31 dic. 2025 - AmpCon-DC FAQ Chapter 1. Product Overview 1.1 What is AmpCon-DC? AmpCon-DC, a management platform designed for PicOS® data center switches, automates and validates the design, deployment, and operation of data center networks from Day 0 through Day 2+. It empowers you to efficiently automate and manage your highly available HPC and data center networks at scale. Highlights: Continuous Day 0 to Day 2+ Operation Automation Automated Underlay Configurations for Efficient Deployment Visual Management with Topology Auto-Discovery Support Batch End-to-End RoCE Deployment Telemetry Visualization to Optimize Network Performance Fault Alerts via Visual Interface and Email Notifications When Issues Arise Powerful, Agentless Automation with Ansible Playbooks Virtual Pre-Configuration with PicOS-V Integration 1.2 Is the AmpCon-DC Management Platform a cloud controller or a local controller? The AmpCon-DC Management Platform needs to be deployed on a local server, the underlying layer is a Linux server, so the installation is similar to Linux. 1.3 What is the difference between AmpCon, AmpCon-DC, AmpCon-Campus, and AmpCon-T? AmpCon is the unified management platform family from FS, with different editions tailored to specific network scenarios such as data center, campus network, and optical transport system. The following outlines the positioning and key differences of each AmpCon edition. Edition Features AmpCon The original base version for general-purpose campus and data center management, supporting basic S-series campus switches and some N-series models with limited functionality, suitable for small-scale or entry-level scenarios. Version V1.14.1 will reach end-of-maintenance on June 30, 2025, be removed from FS’s site, and support ends December 31, 2026. AmpCon-DC Optimized for data center scenarios, supporting data center switch management and enhanced data center features, providing support for N-series PicOS switches and advanced DC features. AmpCon-Campus Designed for campus and enterprise networks, focusing on batch automated deployment and visual management of enterprise switches, and managing S-series PicOS switches and selected N-series models. AmpCon-T An integrated management platform for OTN/WDM devices, providing full lifecycle management for FS optical transport devices, including visual monitoring, centralized management and intelligent analysis. 1.4 If a bare-metal switch supports both AmpCon-DC and AmpCon-Campus, can it be used interchangeably based on preference? If the same bare-metal switch is compatible with both AmpCon-DC and AmpCon-Campus, you can choose the most suitable version based on your network type and environment (data center application or enterprise campus network). You should select the version that best matches your required management features, network scale, and use case to achieve optimal management results. 1.5 What is the difference between the 90-day trial and the 1/3/5-year paid version of AmpCon-DC? The 90-day trial provides access to all the same features as the paid version, allowing you to fully explore and test the platform’s capabilities. After the trial, customers can choose whether to purchase the paid AmpCon-DC license, available with 1-, 3-, or 5-year service options. 1.6 What are the key differences between AmpCon-DC, Apstra Data Center Director and Cisco Nexus Dashboard? AmpCon-DC is purpose-built for PicOS® data center switches, it supports ZTP, real-time telemetry, automatic topology discovery, and on-premises/private deployment. Future versions will continue to enhance features and capabilities. You can also follow up with the FS Product Custom service for submitting your customization requests. Apstra and Dashboard are designed for data center fabric-level management, delivering full lifecycle automation, visualization, and analytics. Apstra emphasizes multivendor intent-based networking, while Cisco Nexus Dashboard focuses on the Cisco ecosystem. In summary, AmpCon-DC is deeply optimized for PicOS®-based deployments, whereas Apstra and Cisco Nexus Dashboard are better suited for large-scale data center fabric operations. Chapter 2. Deployment & Compatibility 2.1 What devices can AmpCon-DC manage? AmpCon-DC can support FS PicOS 10–400G data center switches (requiring firmware version PicOS 4.6.0E or later), selected third-party bare-metal switches such as EDGECORE, DELL, HPE, and DELTA, as well as Broadcom and NVIDIA network interface cards. Specific product models are listed in the AmpCon-DC Compatible Hardware Matrix | FS. 2.2 What deployment methods does AmpCon-DC support? AmpCon-DC supports various deployment methods, different deployment methods correspond to different software installation packages, as follows: Deployment Methods Requirements Software Pakage VMware ESXi Versions 6.7, 7.0, 8.0 https://resource.fs.com/mall/resource/ampcon-dc-for-vmware-esxi-220-software.zip QEMU / KVM Based on Ubuntu 22.04 LTS https://resource.fs.com/mall/resource/ampcon-dc-for-qemukvm-220-software.zip Oracle VirtualBox Recommended for lab use only https://resource.fs.com/mall/resource/ampcon-dc-for-virtualbox-220-software.zip Bare-metal server Ubuntu 22.04 LTS with Docker https://resource.fs.com/mall/resource/ampcon-dc-for-ubuntu-docker-220-software.zip 2.3 What are the hardware requirements for deploying AmpCon-DC? Before you install the AmpCon-DC server, ensure that the server machine meets the following requirements: Indicators Requirements CPU Clock speed 2.0 GHz or faster Number of cores 4 CPU cores Memory 16 GB Hard disk 512 GB Operating systems Ubuntu 22.04 X86 architecture 2.4 Is AmpCon-DC compatible with PicOS-V? Yes. AmpCon-DC can manage switches running PicOS-V in a virtual environment, using the corresponding templates for configuration delivery and simulation testing. The same templates can be used for subsequent push configurations and ZTP deployments, ensuring consistency. 2.5 Can AmpCon-DC configure VLANs on switches? After a switch is managed by AmpCon‑DC, you can remotely log in to the switch via AmpCon‑DC to configure VLANs, or use the built-in templates and other functions to deploy configurations. You can refer to Configure Models, Global Configs Video to configure switches and AmpCon-DC Templates Video to configure and push templates. Chapter 3. Installation & Application 3.1 How to download, install, and activate AmpCon-DC? Customers can download the AmpCon-DC installation package in the resources section of the AmpCon-DC product page and log in to AmpCon-DC by entering the management IP address, then import and use it in AmpCon-DC software after applying for a trial licence or purchasing a product licence. Refer to AmpCon-DC Management Platform User Guide and How to Install AmpCon-DC Management Platform for step-by-step guidance. 3.2 How to upgrade the existing version to the latest version? We will display each version upgrade package in the resources section of the AmpCon-DC product page. You can select the package as needed and refer to the Upgrade Video for version upgrade instructions. 3.3 Can AmpCon-DC upgrade the PicOS system on switches? Yes, AmpCon-DC enables large-scale PicOS upgrades for single or multiple switches. Refer to AmpCon-DC Management Platform User Guide and How to Upgrade PicOS® on Single or Multiple Switches Using AmpCon-DC for step-by-step guidance. 3.4 How does AmpCon-DC manage switches? AmpCon-DC simplifies switch management through: Day 0 (Design & Planning): Using ZTP (Zero Touch Provisioning), switches automatically load their configuration files at power-on, eliminating manual setup and accelerating deployment. Day 1 (Deployment): Flexible configuration templates combined with ZTP enable rapid, large-scale deployment with consistent configurations, minimizing errors and reducing time to roll out. Day 2 (Operations & Maintenance): AmpCon-DC supports Ansible Playbooks for automated configuration and reporting, while offering real-time telemetry and health monitoring for proactive network management. Automatic topology discovery provides a comprehensive map view down to the port level, making ongoing maintenance simpler and more efficient. 3.5 Can AmpCon-DC manage FSOS switches? Currently, AmpCon-DC does not support managing FSOS switches. It only supports compatible PicOS® switches. However, monitoring FSOS via SNMP is planned in a future release. For streamlined management, we recommend choosing FS PicOS switches. 3.6 What is the maximum number of switches that AmpCon-DC can manage? A single AmpCon-DC instance can manage up to approximately 1,000 PicOS® switches, meeting the needs of most data center network deployments. 3.7 Can AmpCon-DC manage switches running operating systems from other vendors, such as Junos? At this stage, AmpCon-DC primarily supports PicOS® switches and does not support switches running other vendors’ operating systems. Future support will depend on product roadmap considerations. 3.8 What information is needed to add a new device in AmpCon-DC? Adding a new device to AmpCon-DC requires the following information: For ZTP: Provide the switch serial number and ZTP-related DHCP configuration details. For manual import: Provide the PicOS® switch IP address and login credentials. Refer to AmpCon-DC Management Platform User Guide and the videos "Deploying Switches via ZTP" and "Importing Switches via IP Discovery" for step-by-step guidance. 3.9 How does the platform notify me about network issues or failures? The AmpCon-DC management platform sends alerts through a visual interface and customizable email notifications. When a device failure or performance shifts is detected, it immediately issues alerts to help teams diagnose the root cause and resolve problems quickly. Chapter 4. License & Sales 4.1 What products and services does AmpCon-DC currently offer, and how are they priced? Is a trial available? AmpCon-DC uses a subscription-based licensing model that includes software licenses and corresponding technical support services. Currently available are a 90-day trial version and formal subscription options for 1, 3, and 5 years. Licenses are billed based on the actual number of managed PicOS® switches and can be flexibly scaled according to deployment size. After the trial or subscription period expires, the system will continue to operate but will no longer receive technical support services such as vulnerability fixes and emergency issue resolution. To maintain continuous updates and support, licenses can be renewed at any time. 4.2 What AmpCon-DC license types are available? The following license types are provided: Trail License: You can click https://www.fs.com/specials/ampcon-dc-platform-s20001.html to obtain a trial license with a 90-day trial period and an additional 14-day, offering the same functionality as the formal license. After the trial license expires, you must install a formal license to continue using AmpCon-DC. Formal License: You can click https://www.fs.com/products/344455.html?now_cid=4227 to purchase a formal license that includes service support and is available with 1-, 3-, or 5-year subscription options. 4.3 How to import a purchased license into AmpCon-DC? Steps to import a formal license: Step 1 Collect the Hardware ID of the switches to manage. Step 2 Add the IDs to the license to generate an authorized license file. Step 3 Upload and import the license file in the AmpCon-DC UI. Step 4 Validate the license to enable device management. Notes: Once a production license is installed, a trial license cannot be reinstalled. For details, refer to the latest video How to Import and Manage AmpCon-DC Licence. 4.4 What happens when the 1/3/5‑year service subscription expires? Will AmpCon‑DC or managed switches stop working? When an AmpCon-DC 1/3/5‑year subscription expires, the platform remains functional, but no further technical support (bug fixes, emergency troubleshooting) will be provided. Renewals are optional. Rest assured, AmpCon-DC and the configured switches will continue operating without disruption. However, if the 90‑day trial expires, a production license is required to log back in. 4.5 How to transfer or migrate a purchased AmpCon-DC license? If you need to transfer/migrate licenses after purchasing a formal license (e.g., due to switch hardware failure or incorrect binding), you can self-release up to 3 devices by following these steps: Step 1 Log in to AmpCon → License Management → select the license by HW ID → perform Invalid License to get a revoke code. Step 2 Log in to License Portal → AmpCon Licenses → click Verify Revoke Code to enter the verification form. Step 3 Only AmpCon-DC and AmpCon-Campus Standard Licenses support revoke code-based unbinding. Step 4 Input revoke codes in the form or in bulk → click Save → the used license units will be released. apter 5. Service & Support Chapter 5 . Service & Support 5.1 Where can I find more information about AmpCon-DC? To learn more about the latest product information, feature introductions, and related resources, you can obtain the corresponding details through the following methods. Category Resource Product Details Page https://www.fs.com/products/344455.html?now_cid=4227 Additional Feature Overview AmpCon-DC Management Platform Datasheet Supported Models List AmpCon-DC Management Platform Compatible Hardware Matrix Other Documentation Resources AmpCon-DC Document Center AmpCon-DC 90-Day Free Trial Access https://www.fs.com/specials/ampcon-dc-platform-s20001.html 5.2 Where can I find supported models for AmpCon-DC? You can refer to the AmpCon-DC compatibility documentation for a comprehensive list of devices supported by AmpCon-DC. If you require support for additional devices, you may submit a customization request through the FS Product Custom. 5.3 Are there any practical application cases for AmpCon-DC? Below are some successful case studies of AmpCon-DC applications: FS Transitions Global Telecom Provider from Cumulus to PicOS® for Agile Network Breaking Stacking Limits with PicOS® for Financial Network You can view more successful applications of AmpCon-DC in the Case Studies section.

26 dic. 2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

PicOS® Configuration Guide V4.4.5

18 dic. 2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

N5850-48S6Q Switch Datasheet

15 dic. 2025 - N5850-48S6Q Switch Datasheet Product Overview The N5850-48S6Q switch delivers rich, low-latency Layer 2/Layer 3 features and advanced EVPN-VXLAN capabilities. With 48 native 10G downlink ports and 6 40GbE uplink ports, it is ideal for leaf roles in data centers and data center interconnect (DCI) deployments. Featuring L3 gateway functionality for seamless routing between virtualized and bare-metal servers, the switch is designed for extremely agile data centers that require support for overlay/underlay network architectures. Figure 1 shows the FS N5850-48S6Q Switch. Figure 1: N5850-48S6Q Switch image.png The N5850-48S6Q is a compact 10GbE data center Leaf switch with the following features: 48 10GbE SFP+ Downlink Ports, Six 40GbE QSFP+ Uplink Ports Broadcom BCM56864 with 32GB (SSD) storage Up to 0.72 Tbps (unibidirectional) L2 and L3 performance VXLAN support as an L2 or L3 gateway Advanced PicOS® features, such as Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN), MLAG, BGP and EVPN multihoming PicOS® The high-performance N5850-48S6Q switch runs PicOS®, a powerful and robust network operating system that supports all FS PicOS® network switches. Key PicOS® features that enhance the functionality and capabilities of the N5850-48S6Q include: Commit, Review, and Rollback: Prevents network configuration errors and enables rapid recovery to a stable state in case of anomalies, ensuring configuration accuracy and business continuity. Virtual ASIC Technology: Implements a hardware abstraction layer, allowing support for multiple hardware platforms and chipsets with minimal modifications. This vendor-agnostic solution enables rapid iteration and updates. Modular Design: Allows independent component operation and updates, enhancing system flexibility and stability. This architecture enables seamless integration of new features and simplifies maintenance and troubleshooting. Linux Debian Architecture: One of the most innovative open network operating systems in the industry, featuring built-in automation tools for easy implementation, management, customization and scalability. Automation and Programmability: PicOS® offers a rich set of standardized programmable interfaces and automation tools, including Ansible, OpenFlow, and NETCONF, enabling automated network configuration and improved operational efficiency. Data Center Deployments Data centers require high-speed, low-latency, and converged network solutions for storage and I/O to maximize the performance of physical servers, virtual servers, and storage. The N5850-48S6Q switch addresses these needs in a compact 1U platform with low-latency, lossless, high-density 10GbE interfaces. Additionally, the N5850-48S6Q offers EVPN-VXLAN L2 and L3 gateway support, making it an ideal solution for edge routing or centralized routing overlay deployments in data centers. It supports back-to-front airflow, suitable for hot-aisle containment where cool air enters from the rear and exits to the hot aisle at the front. Data Center Server Access At the Leaf layer, the N5850-48S6Q switch provides 48 10GbE server access ports, supporting high-density virtualized server deployments within a single rack to meet the demands of VM-intensive workloads in cloud computing environments. By leveraging VXLAN encapsulation, the physical and logical networks are decoupled, allowing each tenant to achieve Layer 2 isolation through a unique VXLAN Network Identifier (VNI), enabling thousands of independent tenant services to run on the same physical network. With an EVPN-based BGP control plane, the switch enables automatic learning and synchronization of MAC/IP addresses. When a virtual machine migrates across Leaf switches, EVPN dynamically updates the forwarding path using Type 2 routes (MAC/IP routes), ensuring seamless business continuity. At the Spine layer, the NC8200-4TD switch provides 40GbE ports, supporting full-mesh ECMP (Equal-Cost Multi-Path) routing to ensure optimal traffic forwarding across Leaf switches, reducing migration latency. Figure 2 shows the 10G/40G Spine-Leaf Fabric. Figure 2: 10G/40G Spine-Leaf Fabric image.png Features and Benefits Built-in Broadcom Trident 3 Chip: Provides high-speed data transfer, low latency and 0.72 Tbps throughput for superior stability and performance. VXLAN Overlays: The N5850-48S6Q switch is capable of both L2 and L3 gateway services. Customers can deploy overlay networks to provide L2 adjacencies for applications over L3 fabrics. The overlay networks use VXLAN in the data plane and EVPN for programming the overlays. Ensuring Uninterrupted Services with MLAG: Two N5850-48S6Q switches can operate as independent devices with separate control planes while achieving redundancy and load balancing by enabling link aggregation on connected devices and using STP to eliminate loop risks. This enhances network bandwidth, improves reliability and availability, and ensures the seamless operation of critical services. Unified Operating System and Management Platform: Unified PicOS® and AmpCon-DC management platform, automate the entire network lifecycle to simplify design and deployment. Free Virtual Machine (VM): PicOS®-V is a Virtual Machine designed to help customers become familiar with the network functionalities and performance of PicOS®, without the need to wait for switching hardware. Ampcon-DC Management Platform The FS AmpCon-DC management platform ensures fast, accurate, and consistent delivery of the changes needed for data center services. It also leverages built-in assurance and analytics features to quickly resolve Day-2 operational issues. Fabric Management: AmpCon-DC management platform provides full Day 0 through Day 2+ lifecycle management capabilities for IP/EVPN fabrics with closed-loop assurance in the data center Telemetry for Real-time Network Monitoring: Optimizes network performance through continuous data insights. Topology Auto-discover for Visual Management: Enhances efficiency in network management and operations. Overlay-based Auto Configuration*: Centralized configuration is automatically issued to overlay networks (such as VXLAN), increasing configuration efficiency by reducing command complexity, manual errors, and the time required to understand overlay-specific settings. Underlay-based Auto Configuration*: Centralized configuration is automatically issued to the underlay network infrastructure (such as IP routing and interfaces), increasing configuration efficiency by reducing manual errors and the time required to learn traditional underlay configuration commands. Lossless Network Automation*: The overall network can be monitored and optimized, which improves business efficiency and the operation and maintenance efficiency of network administrators. Lossless Network O&M Monitoring*: If a link failure occurs in the network, the chip can achieve sub-millisecond convergence, minimizing the impact on user services. Notice：*Expected to be available in Q3 2025 N5850-48S6Q Switch Specifications Tables 1 through 4 show the FS N5850-48S6Q switch hardware specifications. Table 1: Interface options P/N N5850-48S6Q Console port 1 Management port 1 × RJ-45 port USB port 1 1GbE SFP 48 72 (with breakout cable) 10GbE SFP+ 48 72 (with breakout cable) 40GbE QSFP+ 6 Table 2: Power supplies and fans P/N N5850-48S6Q Power supply Dual 1+1 redundant power supplies (AC) Fan number 5x Hot-swappable Fans (4+1 Redundancy) Airflow Rear-Front Acoustic noise <60dB Power consumption Max power draw: 282 W Power max rating 650W Input-voltage range and frequency 100-240VAC, 50-60Hz Power supply efficiency 93% Input current 6-3A Table 3: Performance specifications P/N N5850-48S6Q Switching capacity 0.72/1.44Tbps (uni/bidirectional) Forwarding rate 1000 Mpps Switch chip Broadcom BCM56864 Trident 2+ CPU Intel Atom® C2538 2.4 GHz 4-Core Processor DRAM 8GB SO-DIMM DDR3 RAM with ECC Flash memory 32GB Packet buffer 16MB MAC address table size 32K VLAN ID 4K Table 4: Product specifications P/N N5850-48S6Q Environmental Operating temperature 32°F to 104°F (0°C to 40°C) Storage temperature -40°F to 158°F (-40°C to 70°C) Operating humidity 5% to 95% (Non-condensing) Storage humidity 5% to 95% (Non-condensing) Temperature alarm supported Acoustic noise <60dB Physical specifications Weight 19.73 lbs (8.95 kg) Dimensions (H x W x D) 1.71"x17.26"x18.62" (43.4x438.4x473mm) Rack units (RU) 1 RU Electrical Voltage (auto ranging) 100-240VAC Frequency 50-60Hz Current 3A Max Power rating (maximum consumption) 650W Software Features Supported Table 5 lists the software spotlights for the FS N5850-48S6Q switch. Table 5: Software spotlights Functionality Description System Management Hardware management of system FAN and PSU Syslog management Boot diagnose Recover default configuration and password Zero Touch Provisioning (ZTP) System file management User management Support to configure login methods System time management: manual method, NTP Domain Name System (DNS) Layer 2 Switching Configuration Ethernet Ports Management Configuration Enable or disable the Ethernet port Configuring port speed MTU Flow control Flow statistics Port breakout Routed Interface and Sub-interface Layer 3 VLAN Interface Storm Control Local loopback Backup port Link Fault Signaling (LFS) Forwarding Error Correction (FEC) Time Domain Reflectometry (TDR) Clock and Data Recovery (CDR) MAC configuration Static MAC entries and Dynamic MAC Address Learning Static Link Aggregation (LAG) Configuration Static LAG Dynamic LAG (LACP) Load balancing Resilient LAG Hashing Symmetric Hash for LAG MLAG Basic MLAG Support IPV6 MLAG Active-Active Load balancing MLAG DHCP Snooping MLAG DHCP relay MLAG IGMP snooping MLAG VxLAN MLAG PVST+ Port access mode ACCESS Trunk Hybrid VLAN Port-based VLAN MAC Trace MAC-based VLAN VLAN mapping QinQ VLAN registration GVRP MVRP Private VLAN Voice VLAN Spanning Tree Protocol STP RSTP MSTP PVST+ BPDU Filter BPDU Root Guard BPDU TCN-Guard BPDU-Guard Edge port Manual forwarding BPDU Tunneling Layer 2 protocol messages such as CDP, LLDP, LACP and STP are supported and can be transmitted through BPDU tunnels Ethernet Ring Protection Switching (ERPS) ERPSv1ERPSv2 Unidirectional Link Detection (UDLD) Loopback Detection IP Service Configuration Guide IPv4 Basic Configuration ARP Static ARP Dynamic ARP ARP Proxy DHCP DHCP server and DHCP client DHCP relay and dhcp relay option82 DHCPv6 Relay DHCP snooping DHCP snooping trust-port DHCP snooping option82 DHCPv6 snooping Equal-Cost Multipath Routing (ECMP) Max path Load balancing Symmetric Randomized Load Balance Round-Robin Load Balance Resilient Load Balancing VRF Base VRF Management VRF and VRF Route Leaking IPv6 IPv6 DHCP Relay IPv6 NDP IPv6 ECMP Path MTU Discovery IP Routing Configuration IP addressing IPv4 Addressing IPv6 Addressing SVI Static routing IPv4/IPv6 static routing Multiple next stop static route RIP RIP Network RIP VRF RIP timer RIP passive-interface Redistribution of static route, connected route, OSPF2 route and BGP routes into RIP with route map filtering RIPng RIPng Network RIP VRF Redistribution of static route, connected route, OSPF2 route and BGP routes into RIP with route map filtering OSPF Single OSPFv2 instance Single OSPFv2 instance for each VRF OSPFv2 Multiple instances Intra- and inter-area routing. Type 1 and 2 external routing. Broadcast and P2P interfaces. Stub areas. Not so stubby areas (NSSA) MD5 Authentication. Redistribution of static route, connected route, RIP route and BGP routes into OSPFv2 with route map filtering OSPFv2 passive interfaceOSPFv2 GR (Graceful Restart) OSPFv3 Single OSPFv3 instance Single OSPFv3 instance for each VRF Intra-and inter-area routing Type 1 and 2 external routing Broadcast and P2P interfaces Stub areas Redistribution of static route, connected route, ripng route and BGP routes into OSPFv3 with route map filtering OSPFv3 passive interface OSPFv3 GR (Graceful Restart) IPv4/IPv6 BGP BGP Autonomous Systems BGP Route Selection IBGP and EBGP BGP Multiple Autonomous System BGP Peer group BGP fast-external-failover BGP update-source EBGP multihop BGP route-map BGP Multipath BGP Route Aggregation BGP Dynamic Neighbors BGP Security BGP Route Reflector BGP Community BGP Unnumbered Redistribution of static route, connected route, RIP route and OSPF routes into BGP with route map filtering IPv4/IPv6 IS-IS Network Entity Title (NET) Enable IS-IS Instance on the Interface IS-IS Switch Level IS-IS Authentication: authentication per interface, area authentication and routing domain authentication IS-IS Overload IS-IS Attached-bit Priority for Designated Router Election IS-IS Passive Interface IS-IS Hello Interval Hello-Multiplier for the Neighbor Holding Time Interval for Sending CSNP Messages Interval for Sending PSNP Messages Advertise Default Routes Introduce External Routes Adjusting SPF Calculation Time: spf-interval, spf-delay-ietf init-delay, long-delay, holddown, time-to-learn Configure the Maximum Size of Generated LSPs Configure the Minimum Interval between Regenerating LSP Refresh Period for LSPs Maximum Valid Time for the LSPs Route Map IP Prefix List as-path-list community-list large-community-list Route Map Match Route Map Set Route Map Call PBR (Policy-Based Routing) Multicast Configuration IGMP IGMPv2 query IGMPv3 query PIM PIM SM Static RPDynamic RP PIM-SSM PIM over GRE Tunnel MSDP PIM-SM Inter-domain Multicast Using MSDP Anycast RP Multicast routing Multicast routing and forwarding Multicast VLAN Multicast VLAN Registration (MVR) IGMP Snooping IGMPv2 snooping IGMPv3 snooping mrouter port static group unregistered flood VPN Generic Routing Encapsulation Protocol (GRE) VXLAN VXLAN EVPN BGP EVPN High Availability BFD Static BFD Dynamic BFD Single-Hop BFD Multi-Hop BFD BFD for BGP BFD for OSPF BFD for PIM-SM Uplink Failure Detection (UFD) Uplink Failure Detection Priority Flow Control (PFC) Virtual Router Redundancy Protocol (VRRP) VRRP Active-Standby VRRP Active-Active (load-balance) VRRPv2 VRRPv3 preempt mode priority authentication accept mode EFM OAM OAM link discovery Remote loopback Lossless Network PFC, Priority Flow Control Enabling PFC ECN, Explicit Congestion Notification Enable WRED Set the maximum and minimum thresholds Set drop probability Enable ECN Security AAA Radius Authentication Radius Authorization Radius Accounting TACACS+ Authentication TACACS+ Authorization TACACS+ Accounting Console Login OUT-band/INBAND Login Local Authentication local authentication fallback NAC 802.1X MAC authentication CWA authentication Web authentication Host Mode Server Fail VLAN Block VLAN Dynamic VLAN Fallback to WEB EAP Packet Exchange Redirect URL Change of Authorization (CoA) Downloadable ACL Dynamic ACL session-timeout Re-authentication ACL Match field: destination-address-ipv4 destination-address-ipv6 destination-mac-address destination-port ether-type first-fragment ip is-fragment protocol source-address-ipv4 source-address-ipv6 source-mac-address source-port time-range vlan ACL-based Traffic Policer ACL-based QoS ACL-based remarked Port Security Enable or disable port security DAI Trust Port ARP Packets Validity Checking User Legitimacy Checking Dynamic ARP Inspection ARP Inspection Access List CoPP System pre-defined control plane protocols Change the pre-defined CoPP policies System customize-defined control plane protocols IPv4SG (IPv4 Source Guard) IPv4 Source Guard IPv6SG (IPv6 Source Guard) IPv6 Source Guard DHCPv6 Guard Neighbor Discovery Inspection Enable ND inspection on a VLANValidate source-mac Neighbor Discovery Snooping ND Snooping QoS Service Configuration Queue scheduler Queue scheduler: SP WRR WFQ Traffic policing Traffic policing: guaranteed-rate max-rate Traffic classifier Congestion management and avoidance Congestion management:WRED Congestion avoidance: ECN Network Management and Monitoring SNMP SNMP v2 SNMP v3 SNMP Access control SNMP authentication SNMP privacy SNMP Trap SNMP VRF RESTCONF Remote Network Monitoring (RMON) Ethernet statistics function (etherStatsTable in RMON MIB) History statistics function (etherHistoryTable in RMON MIB) Event definition function (eventTable and logTable in RMON MIB) Alarm threshold setting function (alarmTable in RMON MIB) NETCONF LLDP LLDP Mode Selecting Optional TLVs LLDP med Mirror Configuration Local port mirror ERSPAN Base ACL ERSPAN Switch Environment monitor boot-messages connections cpu-usage fan hwinfo memory-usage processes rollback rpsu serial-number temperature Packet Capture tcpdump Telemetry Protocol SDN Openflow sFlow collector udp port source address header length sampling rate Standards Compliance Table 6 lists the standards compliance for the FS N5850-48S6Q switch. Table 6: Standards compliance Category Description IEEE Standard IEEE 802.1 IEEE 802.1AB IEEE 802.1ad IEEE 802.1ax IEEE 802.1D IEEE 802.1p IEEE 802.1Q IEEE 802.1Qbb IEEE 802.1w IEEE 802.3x Supported RFCs RFC 768 UDP RFC 791 IP RFC 792 ICMP RFC 793 TCP RFC 826 ARP RFC 854 Telnet client and server RFC 894 IP over Ethernet RFC 1058 RIP RFC 1112 IP Multicast Host Extensions RFC 1142 OSI IS-IS Intra-domain Routing Protocol RFC 1492 TACACS RFC 1519 Classless Interdomain Routing (CIDR) RFC 1534 DHCP-BOOTP Interoperation RFC 1745 BGP4/IDRP for IP—OSPF Interaction RFC 1771 BGP-4 RFC 1812 Requirements for IP Version 4 Routers RFC 1997 BGP Communities Attribute RFC 2080 RIP for ipv6 RFC 2131 DHCP RFC 2132 DHCP Options & BOOTP Extensions RFC 2138 RADIUS Authentication RFC 2139 RADIUS Accounting RFC 2154 OSPF with Digital Signatures (Password, MD-5) RFC 2236 IGMP v2 RFC 2328 OSPF v2 RFC 2338 VRRP RFC 2370 OSPF Opaque LSA Option RFC 2385 Protection of BGP Sessions via the TCP MD5 Signature Option RFC 2453 RIP v2 RFC 3031 MPLS Architecture RFC 3032 MPLS Label Stack Encoding RFC 3034 Label Switching over Frame Relay RFC 3036 LDP Specification RFC 3037 LDP RFC 3046 DHCP Relay Agent Info Option RFC 3101 NSSA Option RFC 3215 LDP State Machine RFC 3376 IGMP v3 RFC 3446 Anycast RP Mechanism (PIM+MSDP) RFC 3569 SSM Overview RFC 3618 MSDP RFC 4541 IGMP/MLD Snooping Guidelines RFC 4601 PIM-SM(Recised) RFC 4607 IP Source-Specific Multicast RFC 5036 LDP Specification (Updated) RFC 5443 LDP-IGP Synchronization RFC 5561 BGP-Signaled IP/VPNs RFC 5880 BFD Base Protocol RFC 5881 BFD for IPv4/IPv6 RFC 5882 BFD Generic Application RFC 5883 BFD for Multihop Paths RFC 6720 Early IANA Code Point Allocation RFC 7348 VXLAN RFC 7552 GMPLS Packet-Optical Integration RFC 8365 EVPN-VXLAN Warranty, Service and Support FS N5850-48S6Q switch has a 5-year limited warranty against defects in materials or workmanship. For more information for FS Returns & Refunds policy, visit https://www.fs.com/policies/warranty.html or https://www.fs.com/policies/day_return_policy.html FS provides a personal account manager, free professional technical support, and 24/7 live customer service to each customer. Professional Lab: Test each product with the latest and advanced networking equipment. Free Technical Support: Provide free & tailored solutions and services for your businesses. 80% Same-day Shipping: Immediate shipping for in-stock items. Fast Response: Direct and immediate assistance from an expert. For more information, visit https://www.fs.com/service/fs_support.html Ordering Information Table 7 provides the ordering information for N5850-48S6Q switch and AmpCon-DC management platform Table 7: Ordering information Product Description Switch Hardware N5850-48S6Q N5850-48S6Q, 48-Port Ethernet Data Center Switch, 48 x 10Gb SFP+, with 6 x 40Gb QSFP+ Uplinks, PicOS®, Broadcom Trident 2+ Chip AmpCon-DC Management Platform LIS-AMPCON-DC-FPSW-Foundation-1Y AmpCon-DC Management Platform for PicOS® Data Center Switches with 1 Years Service Bundle, Support Remote Deployment and Automate Network Management (Per Device) LIS-AMPCON-DC-FPSW-Foundation-3Y AmpCon-DC Management Platform for PicOS® Data Center Switches with 3 Years Service Bundle, Support Remote Deployment and Automate Network Management (Per Device) LIS-AMPCON-DC-FPSW-Foundation-5Y AmpCon-DC Management Platform for PicOS® Data Center Switches with 5 Years Service Bundle, Support Remote Deployment and Automate Network Management (Per Device) Optics and Transceivers Up-to-date information on supported optics for the N5850-48S6Q switch can be found in the Hardware Compatibility Document: https://resource.fs.com/mall/resource/transceivers-dacs-and-aocs-supported-on-N5850-48S6Q-switch.pdf

PicOS® CLI Reference Guide V4.5

19 nov. 2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

PicOS® Configuration Guide V4.5

19 nov. 2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

PicOS® CLI Reference Guide V4.4.5

19 nov. 2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

AmpCon-DC Quick Deployment Guide V2.2.0

19 nov. 2025 - AmpCon-DC Quick Deployment Guide V2.2.0 This guide walks you through the steps required for getting your PicOS® data center switches ready to be deployed with the AmpCon-DC automation solution. The main tasks are to install device system agents on devices, then bring those devices under AmpCon-DC control, Importing Switches or Deploying Switches. We'll cover both methods. Once you've onboarded your devices, they become Managed Devices, ready to be assigned in one of the AmpCon-DC server's blueprints. NOTE: Before you begin, you must install and configure the AmpCon-DC server. For more information, see the AmpCon-DC Management Platform User Guide V2.2.0 STEP1 : Begin 1.1 Deploying or Importing Switches To manage switches with AmpCon-DC, you need to deploy switches or import switches. 1.1.1 Importing Switches For switches that are deployed but not deployed with AmpCon-DC, you can import these switches so that they can be managed by AmpCon-DC. For more information, see "1.9 Importing Switches". 1.1.2 Deploying Switches For switches that are not deployed, you can deploy these switches with AmpCon-DC. Then, these switches can be managed by AmpCon-DC. Deploying a white-box switch (switch on which PicOS is not installed) includes registering with the AmpCon-DC server, obtaining a PicOS image from the AmpCon-DC server, installing PicOS, configuring the switch based on system configurations and switch configurations, and installing a valid license on the switch. Deploying an integrated hardware and software switch (switch that has PicOS installed) includes registering with the AmpCon-DC server, configuring the switch based on system configurations and switch configurations, and installing a valid license on the switch. 1.1.3 Deploying White-Box Switches To deploy white-box switches, follow these steps: 1. Ensure that the system configuration for each switch contains the default username and password of the switch. For more information, see Adding System Configurations. 2. Click Service > Switch Model in the AmpCon-DC UI, and check whether the PicOS image that you want to install for each switch model is listed in the Deployed ONIE Image drop-down list. If the images are not listed there, upload these PicOS images and their MD5 files to AmpCon-DC. For more information, see "1.2 Uploading Images". If the images are listed there, you don’t need to upload PicOS images and their MD5 files. 3. Configure each switch model that you want to manage with AmpCon-DC. For more information, see "1.3 Configuring Switch Models". If not, the default port number ranges and built-in PicOS images are used to deploy switches with these switch models. 4. Prepare the global configurations that you want to push to each switch. For more information, see "1.4 Configuring Global Configurations". 5. Prepare the configuration templates that you want to use. For more information, see "1.5 Configuring Configuration Templates". 6. Add a switch configuration for each switch. For more information, see "1.6 Adding Switch Configurations". After you add a switch configuration, the switch is listed on the “Switch” page with the Configured status. OTE If you provision a switch without adding a switch configuration beforehand, the switch will be in Parking status. The switch in Parking status is not listed on the “Switch” page and can’t be staged. In the AmpCon-DC UI, click Service > Switch. On the “Switch” page, click Parking Lot, and then you can see all switches in Parking status. Locate a parking switch, and then click Create Config to add a switch configuration. After you add the switch configuration, the switch will be listed on the “Switch” page with the Configured status. 7. Stage each switch to make them ready for Zero Touch Provisioning (ZTP). For more information, see "1.7 Staging Switches". After you stage a switch, the switch is shown as Staged on the “Switch” page. 8. Provision new switches with ZTP to complete the PicOS installation and configuration without manual intervention. For more information, see "1.8 Provisioning New Switches with ZTP". After you provision a switch, the switch is shown as Provisioning Success on the “Switch” page. On the “Switch View” page, it’s shown as Deployed. 1.1.4 Deploying Integrated Hardware and Software Switches To deploy integrated hardware and software switches, follow these steps: 1.Ensure that the system configuration for each switch contains the default username and password of the switch to be deployed. For more information, see Adding System Configurations. 2. Prepare the global configurations that you want to push to each switch. For more information, see "1.4 Configuring Global Configurations". 3. Prepare the configuration templates that you want to use. For more information, see "1.5 Configuring Configuration Templates". 4. Add a switch configuration for each switch. For more information, see "1.6 Adding Switch Configurations". After you add a switch configuration, the switch is listed on the “Switch” page with the Configured status. NOTE If you provision a switch without adding a switch configuration beforehand, the switch will be in Parking status. The switch in Parking status is not listed on the "Switch" page and can’t be staged. In the AmpCon-DC UI, click Service > Switch. On the "Switch" page, click Parking Lot, and then you can see all switches in Parking status. Locate a parking switch, and then click Create Config to add a switch configuration. After you add the switch configuration, the switch will be listed on the “Switch” page with the Configured status. 5. Stage each switch to make them ready for Zero Touch Provisioning (ZTP) deployment. For more information, see "1.7 Staging Switches". After you stage a switch, the switch is shown as Staged on the "Switch" page. 6. Provision new switches with ZTP to complete the PicOS installation and configuration without manual intervention. For more information, see "1.8 Provisioning New Switches with ZTP". After you provision a switch, the switch is shown as Provisioning Success on the “Switch” page. On the "Switch View" page, it's shown as Deployed. 1.2 Uploading and Pushing Images AmpCon-DC provides multiple built-in PicOS images, which you can use to deploy switches. To deploy a switch with a PicOS image that is not built in AmpCon-DC, upload the image and its MD5 file first before you deploy the switch. 1.2.1 Uploading Images To upload a PicOS image, follow these steps: 1. In the AmpCon-DC UI, click Resource > Upgrade Management. 2. Click Upload. 3. In the pop-up window, upload an image by using one of the following ways: Click File, and select a local image file (required) and its MD5 file (optional). image.png Click Link, and enter the image URL (required) and the MD5 file URL (optional). image.png Click Latest, and check the image files that you want to upload. image.png 4. Click Upload. 1.1.2 Optional: Uploading MD5 Files An MD5 file is used to verify the completeness of the corresponding PicOS image. If the MD5 file is not uploaded when you upload the PicOS image, AmpCon-DC will not verify the completeness of the PicOS image when it installs the PicOS image. To upload an MD5 file for a PicOS image, follow these steps: 1. In the AmpCon-DC UI, click Resource > Upgrade Management. 2. In the Software list, locate the PicOS image, and then click Upload Md5. 3. Upload the MD5 file by using either of the following ways: Click File, and select the MD5 file. Click Link, and enter the URL of the MD5 file. 4. Click Upload. 1.1.3 Optional: Removing Images 1. In the AmpCon-DC UI, click Resource > Upgrade Management. 2. In the Software list, locate an image, and then click Delete. 3. Click Yes to confirm the deletion. 1.2.4 Optional: Pushing Images You can push PicOS images to one or multiple switches. The pushed images are located in the /home/automation directory. To push a PicOS image to a single switch, follow these steps: 1. In the AmpCon-DC UI, click Resource > Upgrade Management. 2. In the Software list, select the PicOS image that you want to push. 3. In the Switch list, locate the switch, and then click Push Image. image.png To push a PicOS image to multiple switches, follow these steps: 1. In the AmpCon-DC UI, click Resource > Upgrade Management. 2. In the Software list, select the PicOS image that you want to push. 3. In the Switch list, select the corresponding switches, and then click Push Image. image.png 1.3 Configuring Switch Models Before you deploy switches, configure each switch model that you want to manage with AmpCon-DC. If not, the default port number ranges and built-in PicOS images are used to deploy switches with these switch models. 1.3.1 Configuring a Switch Model To configure a switch model, follow these steps: 1. In the AmpCon-DC UI, click Service > Switch Model. 2. To ensure the Switch Model drop-down list is the latest, click Update Switch Model, and then click Yes. image.png 3. In the Switch Model drop-down list, select the switch model that you want to configure. 4. Configure the port number range for each speed. 5. In the Deployed ONIE Image drop-down list, select the PicOS image that you want to install for this switch model. If the PicOS image to install is not listed here, upload the PicOS image and its MD5 file to AmpCon-DC. For more information, see "7.1 Uploading Images". image.png 6. Click Save. 1.3.2 Optional: Resetting a Switch Model To reset a switch model, follow these steps: 1. In the AmpCon-DC UI, click Service > Switch Model. 2. Click Reset. 3. Click Save. After you reset a switch model, the port number range for each speed is set to zero, and the PicOS image in the Deployed ONIE Image drop-down list is reset to the built-in image. 1.4 Configuring Global Configurations Global configurations are configurations that you push to switches during the switch deployment process. When you add a switch configuration, you need to select a global configuration file. Prepare the global configuration before you add a switch configuration. 1.4.1 Adding a Global Configuration To add a global configuration, follow these steps: 1. In the AmpCon-DC UI, click Service > Global Configuration. 2. Input the following information: Switch Model: The model of the switch. Global Config Name: The name of the global configuration. Generic Global File: Select a .txt file with general configurations to push to the switch. Security Global File: Select a .txt file with security-related configurations to push to the switch. image.png 3. Click Generate. 4. In the Admin Global Config Preview section, confirm or edit the configurations that are retrieved from the Generic Global File and the Security Global File. image.png 5. Click Save. 1.4.2 Viewing a Global Configuration In the Historical Configuration section, you can see all global configurations, which are grouped by switch models. To search for a global configuration, enter the global configuration name in the search box (supports fuzzy matching). 1.4.3 Editing a Global Configuration To edit a global configuration, follow these steps: 1. In the Historical Configuration section, locate the global configuration, and then click it. 2. In the Admin Global Config Preview section, click Edit. 3. Edit the configurations as needed. image.png 4. Click Save. 1.5 Configuring Configuration Templates AmpCon-DC provides powerful configuration templates to help you simplify the configuration writing process: When youadd a switch configuration during the switch deployment process, you must select a configuration template. When you push configurations to a switch after the switch is deployed or imported, you can use one or multiple configuration templates. Prepare configuration templates before you add a switch configuration or push configurations to a switch. 1.5.1 Adding a Configuration Template To add a configuration template, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the New Template tab, input the following information: Name: The name of the configuration template. Descr: The description of the configuration template. Model: Select the switch model that is applicable to the configuration template. Version: Select the PicOS version that is applicable to the configuration template. Action: Select Config or Delete. 3. Optional: Click Update CLI Tree to refresh the CLI tree. image.png 4. In the CLI Tree section, add one or multiple template configurations by clicking the plus icon. The selected template configurations appear on the right. image.png 5. Click Save. 1.5.2 Viewing or Editing a Configuration Template To view or edit a configuration template, follow these steps: In the AmpCon-DC UI, click Service > Config Template. In the Template List tab, locate a switch, and then click View Template. To view a configuration template, select the format for viewing the template in the pop-up window. Then, you can see the template configurations. image.png To edit a configuration template, click Edit in the pop-up window, and then click Save. 1.5.3 Optional: Removing a Configuration Template To remove a configuration template, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Template List tab, locate a switch, and then click Remove Template. 3. Click Yes to confirm the deletion. 1.5.4 Optional: Viewing or Updating Pre-Built Templates To view or update pre-built configuration templates, follow these steps: In the AmpCon-DC UI, click Service > Config Template, and then click the Template List tab. To view the pre-built templates, click Show Pre-built Template. To refresh the pre-built template list, click Update Pre-built Template. 1.5.5 Optional: Copying a Configuration Template To copy a configuration template, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Template List tab, locate a switch, and then click Copy. 3. Enter the name for the copied template and a description (optional). 4. Click Save. 1.5.6 Optional: Exporting a Configuration Template To export a configuration template, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Template List tab, locate a switch, and then click Export. 1.5.7 Optional: Exporting All Configuration Template To export all configuration templates, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Template List tab, click Export All Template. 1.5.8 Optional: Adding a Label to a Configuration Template To add a label to a configuration template, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Template List tab, locate a switch, and then click Tag Management. 3. In the pop-up window, enter the name of the tag. 4. Click Add. 5. Click Save. 1.5.9 Optional: Uploading a Local Configuration Template To upload a local configuration template, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Template List tab, click Upload Template. 3. In the pop-up window, enter the name of the configuration template and the template description (optional). 4. Click or drag a .txt template file to upload it. 5. Click Upload. image.png 1.6 Adding Switch Configurations Before you provision a switch as described in Provisioning New Switches with ZTP, add a switch configuration. You can also add multiple switch configurations by using a JSON file. 1.6.1 Before You Begin If you provision a switch without adding a switch configuration beforehand, the switch will be in Parking status. The switch in Parking status is not listed on the “Switch” page and can’t be staged. In the AmpCon-DC UI, click Service > Switch. On the “Switch” page, click Parking Lot, and then you can see all switches in Parking status. Locate a parking switch, and then click Create Config to add a switch configuration. After you add the switch configuration, the switch will be listed on the “Switch” page with the Configured status. Ensure that the global configuration file and configuration template for the switch to deploy have been created. For more information, see "7.3 Adding Global Configurations" and "7.4 Adding Configuration Templates". 1.6.2 Adding a Switch Configuration 1. In the AmpCon-DC UI, click Service > Switch Configuration. 2. Input the following information: Switch SN/Service Tag: The SN or service tag of the switch. Switch Model: Select the switch model of the switch. Deployment Location: The location where the switch exists, such as Beijing. Fabric: Select the fabric that the switch belongs to. The default fabric is selected by default. Select Global Config: Select the global configuration file with configurations to push to the switch. Select Site Template: Select the configuration template to use. Option Post-Deployed: Select whether to back up the switch configuration. image.png 3. Click Next. You can see an input section, which is related to the selected configuration template. Enter the relevant information. image.png 4. Click Save. 5. In the Preview Config pop-up window, preview or edit the global configurations. image.png 6. Click Save. The switch configuration is added now. On the “Switch List” page, you can see the switch status is shown as Configured. 7. Click System Config to select the system configuration that is applicable to the switch. NOTE The selected system configuration needs to contain the default username and password of the switch. image.png 8. Optional: Click Agent to edit the Pushing Agent Configuration information. NOTE The configurations are automatically generated during switch Zero Touch Provisioning (ZTP) without manual input required. Don’t modify the configurations. Or else, ZTP might fail. 1.6.3 Adding Multiple Switch Configurations with a JSON file You can add multiple switch configurations by uploading a JSON file. In this way, you don’t need to add each switch configuration one by one. Follow these steps: 1. Prepare a JSON file with switch configurations. See the following example: { "sn": [ "EC1631000063","EC1806001292","732656X2007017"], "hardware_model": "ag5648", "location": "Beijing", "global_config_name": "2024-8-2-glob-ag5648-test1", "site_template_name": ["test1"], "agent_config": { "enable": true, "vpn_enable": true, "server_domain": "http://pica8.com ", "inband_native_vlan": "4094", "server_vpn_host": "vpn.pica8.com", "inband_vlan": "4094", "server_hostname_prefix": "ac", "inband_lacp": true, "uplink_ports": "te-1/1/49,te-1/1/50", "uplink_speed": "1000" }, "vpn": true, "retrieve_config": true, "default_config_param": { "test1": { "vlan_id": "12", "vlan_name": "23" } }, "unique_config_param": { } } 2. In the AmpCon-DC UI, click Services > Switch Configuration. 3. Click Upload by JSON. 4. Click or drag a file to upload the JSON file. 5. Click Upload. 1.6.4 Viewing or Editing Switch Configurations In the Historical Switch Config Edit section, you can see all the added switch configurations, which are grouped by switch models. To edit a switch configuration, follow these steps: 1. Locate the global configuration, and then click it. image.png 2. In the pop-up window, click Edit. 3. Edit the configurations as you need. 4. Click Save. 1.6.5 Optional: Checking the Switch Status After you add a switch configuration, check whether the switch status is shown as Configured. If not, locate the switch, and click Log to see more details. image.png To manage the configurations for a switch provisioned with ZTP, locate the switch, and then click Config View in the Operation column. Agent Config: The configurations are automatically uploaded to the switch during the ZTP process to assist with ZTP provision and switch lifecycle management. To check the agent configurations, click Agent Config. Init Deploy Config: To check the initial configurations of the switch, click Init Deploy Config. Current Config: To check the current configurations of the switch, click Current Config. Backup Config: To back up switch configurations, click Backup Config. Upload Config: To add local switch configurations by uploading a .boot file, click Upload Config. For more information, see "2.3.6 Uploading Local Configuration Files". To manage the configurations for a switch imported to AmpCon-DC (instead of provisioned with ZTP), locate the switch, and then click Config View in the Operation column. Backup Config: To back up switch configurations, click Backup Config. Upload Config: To add local switch configurations by uploading a .boot file, click Upload Config. For more information, see "2.3.6 Uploading Local Configuration Files". 1.7 Staging Switches After you add a switch configuration, you must stage the switch to make it ready for Zero Touch Provisioning (ZTP). Procedure 1. In the AmpCon-DC UI, click Service > Switch. 2. In the Switch list, locate the switch, and then click Stage. image.png 3. Check whether the switch status is shown as Staged. image.png After you stage the switch, you can continue to next part. 1.8 Provisioning New Switches with ZTP Zero Touch Provisioning (ZTP) is a technology for automated deployment and configuration of network devices. AmpCon-DC supports using ZTP to provision new switches. ZTP relies on the DHCP service, and thus you need to configure DHCP first. After you plug in and reboot a switch, DHCP automatically provides the switch with an IP address and the address of a provision shell script that is obtained from AmpCon-DC server. Then, the switch automatically runs the shell script to complete the ZTP deployment: The white-box switch runs the shell script to download a PicOS image, install PicOS and its license, register with the AmpCon-DC server, update switch configurations, and reboot the switch. The integrated hardware and software switch runs the shell script to register with the AmpCon-DC server, install a PicOS license on the switch, update switch configurations, and reboot the switch. 1.8.1 Prerequisites Ensure that the following prerequisites are met: The Hardware IDs of the switches to provision have been added to the AmpCon-DC license, and you have imported the license to AmpCon-DC. For more information, see Importing AmpCon-DC Licenses. For white-box switches, step 1 to 7 in Deploying White-Box Switches are completed. For integrated hardware and software switches, step 1 to 5 in Deploying Integrated Hardware and Software Switches are completed. You have installed a DHCP server and added configurations as follows to the DHCP configuration file (/etc/dhcp/dhcpd.conf): For white-box switches, refer to the following configuration example: image.png The assigned IP address of the switch is “10.10.51.198“. The IP address of the AmpCon-DC server is “10.56.20.184”. NOTE The following DHCP option is used： Option default-url: 114 For integrated hardware and software switches, refer to the following configuration example: image.png The assigned IP address of the switch is “10.10.51.4“. The IP address of the AmpCon-DC server is “10.56.20.180”. NOTE The following DHCP options are used： Option bootfile-name: 67 Option tftp-server-name: 66 1.8.2 Provisioning a White-Box Switch 1. Download and install MobaXterm. 2. Open MobaXterm, and then create a session to connect with the switch. 3. Reboot the switch by running the following command: sudo reboot -f 4. If you see the “Hit any key to stop autoboot” message, press the Enter key to exit the autoboot mode. If you don’t see this message, go to step 5 directly. 5. Reboot the switch. For switches with the ONIE menu, select ONIE, and then select ONIE: Install OS. image.png image.png For AS4610 switches, reboot from ONIE by running the following command: run onie bootcmd Then, the switch will be restarted and automatically register with the AmpCon-DC server. 6. Wait for the registration process to be completed. image.png 7. In the AmpCon-DC UI, click Service > Switch. Check whether the switch status is shown as Provisioning Success. image.png 1.8.3 Provisioning an Integrated Hardware and Software Switch 1. Download and install MobaXterm. 2. Open MobaXterm, and then create a session to connect with the switch. 3. Reboot the switch by running the following command. sudo reboot image.png Then, the switch will be restarted and automatically register with the AmpCon-DC server. 4. Wait for the registration process to be completed. image.png 5. In the AmpCon-DC UI, click Service > Switch. Check whether the switch status is shown as Provisioning Success. image.png 1.9 Importing Switches For switches that are deployed but not deployed with AmpCon-DC, you can import these switches so that they can be managed by AmpCon-DC. 1.9.1 Prerequisites The switches to be imported haven’t been managed by AmpCon-DC. The Hardware IDs of the switches to be imported have been added to the AmpCon-DC license, and you have imported the license to AmpCon-DC. For more information, see Importing AmpCon-DC Licenses. 1.9.2 Automatically Importing a Switch Importing a Switch with a Global User 1. Log in to the AmpCon-DC UI with a global user, and then click Service > Switch. 2. Click Import Actions, and then select Import. 3. In the IP field, enter the IP address of the switch. 4. In the System Config drop-down list, select the appropriate system configuration. NOTE The selected system configuration needs to contain the default username and password of the switch. image.png 5. In the Fabric drop-down list, select a fabric. To add a fabric, see "6.9 Managing Fabrics". 6. Click OK. 7. In the AmpCon-DC UI, click Service > Switch. Check whether the switch status is shown as Imported. Importing a Switch with a Group User 1. Log in to the AmpCon-DC UI with a group user, and then click Service > Switch. 2. Click Import Actions, and then select Import. 3. In the IP field, enter the IP address of the switch. 4. In the System Config drop-down list, select the appropriate system configuration. NOTE The selected system configuration needs to contain the default username and password of the switch. 5. In the Fabric drop-down list, select a fabric. To add a fabric, see Managing Fabrics. 6. In the Group drop-down list, select a group. To add a group, see Managing Groups. image.png 7. Click OK. 8. In the AmpCon-DC UI, click Service > Switch. Check whether the switch status is shown as Imported. 1.9.3 Manually Importing a Switch 1. Generate the tunnel keys based on the input serial number. These keys are used to ensure that the VPN tunnel between the switch and the AmpCon-DC server is encrypted. a. Log in to the AmpCon-DC UI, and then click Service > Switch from the navigation bar. b. Click Import Actions, and then select Adopt. c. In the SN field, enter the serial number of the switch. image.png d. Click OK. 2. Download the VPN script and run it on the switch. The script will retrieve the tunnel keys and establish a VPN tunnel between the switch and the AmpCon-DC server. a. Log in to the AmpCon-DC UI, and then click Service > Switch from the navigation bar. b. Click Import Actions, and then select Download VPN Script. The VPN script is downloaded to your local machine. image.png c. Copy the script to the PicOS switch. d. SSH log in to the switch, enter the Linux shell mode, and run the script using the command: curl -o /opt/auto-deploy/auto-deploy.conf -k -v https:///rma/file/agent/auto-deploy.conf sudo ./enable_switch_vpn.sh NOTEs You must run the first command to replace the /opt/auto-deploy/auto-deploy.conf file before running the second command to import the switch. Otherwise, the switch import might fail. You need to replace with the IP address of your AmpCon-DC server. STEP2: Up and Running After you deploy or import a switch with AmpCon-DC, you can push configurations to the switch, manage configurations, back up and restore configurations for disaster recovery, or compare configurations for troubleshooting or auditing. You can push configurations to one switch or a group of switches. 2.1 Pushing Configurations to Switches After switches are successfully deployed or imported with AmpCon-DC, you can push configurations to these switches as needed. 2.1.1 Prerequisite Ensure that you have created the configuration templates to push to each switch. For more information, see "1.5 Configuring Configuration Templates". 2.1.2 Procedure To push configurations to one or multiple switches, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Push Config tab, select a folder, and then click Add Node. A node represents a configuration file. 3. Enter the node name and its description (optional). 4. Click OK to save the node. 5. Click the node that you just created, and click Edit. image.png 6. Add configurations to push to switches by using either of the following ways: Enter the configurations manually. Using the configuration templates that you created before: a. Click Generate Config. b. Select a configuration template file from the drop-down list. c. Click Next, and enter the value for each variable. d. Click Save. image.png 7. Click Push Config, and then select the switches to apply these configurations. You can select specific switches in the Config Switch tab or select a group in the Config Group tab. For how to add a group or manage switches in a group, see “12.1 Managing Groups”. image.png 8. Click OK to start the configuration pushing. 2.1.3 Optional: Verifying the Pushing Status and Log To verify whether the configuration is pushed to each switch successfully, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Push Config tab, click Push Config Logs. 3. Click Task List, check whether the pushing status is success. 4. If the pushing status is not success, click Push Log to check more pushing details for troubleshooting. 2.2 Viewing, Editing, or Deleting Configurations On the “Config Files Views” page, you can manage all global configurations and site configurations. In the Push Config tab of the “Config Template” page, you can manage all general configurations. Global configurations Configurations that you created as described in "1.4.1 Adding a Global Configuration" Site configurations Configurations that you created as described in "1.6 Adding Switch Configurations" General configurations Configurations that you pushed to switches as described in "2.1 Pushing Configurations to Switches" 2.2.1 Managing Global Configurations and Site Configurations 2.2.1.1 Viewing or Editing Global and Site Configuration Files 1. In the AmpCon-DC UI, click Service > Config Files View. 2. On the “Config Files Views” page, locate the configuration file, and then click View. You can see a pop-up window with detailed configurations. 3. To close the pop-up window, click the close icon. 4. To edit the configurations, click Edit, modify configurations, and then click Save. image.png 2.2.1.2 Checking Switches Associated with a Configuration File 1. In the AmpCon-DC UI, click Service > Config Files View. 2. Locate the configuration file, and then click Associated. You can see the switches that are associated with the configuration file. image.png 3. To close the pop-up window, click the close icon. 2.2.1.3 Deleting a Configuration File NOTE If a configuration file is still associated with one or multiple switches, the configuration file can’t be deleted. 1. In the AmpCon-DC UI, click Service > Config Files Views. 2. Locate the configuration file, and then click Delete. 3. Click Yes to confirm the deletion. 2.2.2 Managing General Configurations 2.2.2.1 Viewing or Editing a General Configuration File 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Push Config tab of the “Config Template” page, click the node that you want to view. Each node represents a general configuration file. image.png 3. To edit a configuration file, click Edit, modify configurations, and then click Save. image.png 2.2.2.2 Deleting a General Configuration File 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Push Config tab, click the node that you want to delete. 3. Click Delete Node. 4. Click Yes to confirm the deletion. 2.3 Backing up and Restoring Configurations You can manually back up switch configurations or automatically back up configurations at a specific interval. In addition, you can restore configurations based on a backup configuration file for disaster recovery. 2.3.1 Backing up Switch Configurations 2.3.1.1 Backing up Configurations for a Single Device To back up configurations for a single switch, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Backup Config. image.png 3. Optional: Check whether the backup file is created successfully. a. Locate a switch, and then click Snapshot List. b. Check whether the backup file is in the snapshot list. c. To see the configuration details, click Snapshot. 2.3.1.2 Backing up Configurations for a Group of Switches To back up configurations for a group of switches, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Config Backup tab, select the group, and then click Backup Config. image.png 3. Optional: Check whether the backup file for each switch is created successfully. a. Locate a switch, and then click Snapshot List. b. Check whether the backup file is in the snapshot list. c. To see the configuration details, click Snapshot. 2.3.1.3 Backing up Configurations Automatically To back up configurations periodically and automatically, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Config Backup tab, set the backup interval and time: Interval Days: The interval in days between each backup Hours: The time in hour to do the backup 3. Click Save. Then, AmpCon-DC will automatically back up configurations at a specific interval. image.png 2.3.2 Rolling Back Configurations To restore configurations based on a backup configuration file, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Snapshot List. 3. Locate the configuration to roll back, and then click Rollback Config. image.png 4. Set the wait time in seconds. The default value is 10. 5. Click Save. 2.3.3 Optional: Viewing Backup Logs To view configuration backup logs on a switch, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. n the Config Backup tab, locate a switch, and then click Log. image.png 2.3.4 Optional: Viewing All Configurations on a Switch To view detailed configurations on a switch, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Config. 2.3.5 Optional: Viewing or Deleting Backup Configuration Files To view or delete backup configuration files, follow these steps: In the AmpCon-DC UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Snapshot List. You can see all available backup configuration files for the switch. To view configuration details, click Snapshot. To delete a backup configuration file, click Delete. image.png 2.3.6 Optional: Uploading Local Configuration Files You can upload a local switch configuration file to AmpCon-DC. After you upload the configuration file, the uploaded configurations can’t be pushed to the switch directly but can be pushed to the new switch during the Returning Merchandise Authorization (RMA) process. If you didn’t back up configurations but uploaded a local configuration file before, when you RMA, the uploaded configurations will be pushed to the new switch. If you backed up configurations and also uploaded a local configuration file before, when you RMA, the backup configurations will be pushed to the new switch. To upload a local configuration file, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Upload Config. image.png 3. Select a .boot file with switch configurations and upload it. image.png 4. Click Config. In the pop-up window, check whether the uploaded configurations are added. image.png 2.3.7 Optional: Setting Golden Config The backup file with Golden Config will never be deleted. When the switch operation is compromised, the backup file with Golden Config is used to roll back a switch. You can also check whether the switch is operating as designed by comparing running configurations with the backup configuration file with Golden Config. To set Golden Config, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Snapshot List. 3. Locate a backup file, and then click Set Golden Config. Optional: Adding or Deleting Configuration File Tags You can add or delete tags for a backup configuration file. Follow these steps: In the AmpCon-DC UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Snapshot List. Locate a backup snapshot, and then click Tag Management. To add a tag, enter the tag name, and then click Add > Save. image.png To delete a tag, locate the tag, click the deletion icon, and then click Save. 2.4 Comparing Running or Backup Configurations You can compare running configurations or backup configurations on one switch or on different switches. Running configurations Configurations that are currently running on a switch Backup configurations Configuration files that were backed up as described in Backing up Switch Configurations. 2.4.1 Procedure 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the first SN field, click Select to choose one switch to compare. 3. In the pop-up window, select the switch. 4. In the first Select Config drop-down list, select a running configuration file or a backup configuration file. NOTE The running configuration is available only for online switches (switches can connect with the AmpCon-DC server). image.png 5. In the second SN field, click Select to choose another switch to compare. 6. In the pop-up window, select the switch. 7. In the second Select Config drop-down list, select a running configuration file or a backup configuration file. Then, you can see configuration differences as follows: image.png 2.5 Comparing Running Configurations with Initial Configurations You can compare running configurations with initial configurations on the same switch. Initial configurations Configurations that you selected when you add a switch configuration, including the global configuration file and the configuration template Running configurations Configurations that are currently running on the switch This feature doesn’t support the following scenarios: Comparing configurations on different switches Comparing configurations on imported switches Comparing configurations on disconnected switches (switches can’t connect with the AmpCon-DC server) 2.5.1 Prerequisites Check the Mgmt IP column on the “Switch” page, and ensure that the switch to compare is connected to the AmpCon-DC server. √: The switch is connected to the AmpCon-DC server. x: The switch is not connected to the AmpCon-DC server. image.png Ensure that the switch to compare is not in Imported status on the “Switch” page. NOTE After you Return Merchandise Authorization (RMA) to replace an imported switch with a new switch, the new switch is shown as Provisioning Success. However, you can’t compare running configurations with initial configurations on this new switch. This is because the new switch is configured by using the backup configuration file or uploaded configurations of the imported switch during the deployment process, instead of by creating a switch configuration. 2.5.2 Procedure 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the SN field, click Select. image.png 3. In the pop-up window, select the switch to compare. image.png 4. In the Template field, click Select. 5. In the pop-up window, select the global configuration file and the configuration template that you pushed to the switch during the initial switch deployment process. Then, click Generate. image.png 6. In the SN drop-down list, select Running Config(set format) or Running Config(all set format). Running Config(set format): Displays configurations as the show | display set command result in the switch Running Config(all set format): Displays configurations as the show all | display set command result in the switch Then, you can see differences between the running configurations and the initial configurations on the switch. image.png STEP3 : Keep Going Now that you have your devices connected and in tip-top condition, you can keep going onto the next stages of automating your data center deployment. Use these links to continue your journey with AmpCon-DC data center automation. 3.1 What's Next? If you want to Then Monitor these switches easily See the Monitoring Switches section in the AmpCon-DC Management Platform User Guide V2.2.0 Have AmpCon-DC licenses and PicOS® licenses See the Managing Licenses section in the AmpCon-DC Management Platform User Guide V2.2.0 Run Ansible playbooks with AmpCon-DC See the Running Ansible Playbooks for Automation section in the AmpCon-DC Management Platform User Guide V2.2.0 3.2 General Information If you want to Then See all FS AmpCon-DC documentation Visit AmpCon-DC documentation Stay up to date about new and changed features and known and resolved issues in AmpCon-DC See Release Notes 3.3 Learn with Videos Our video library continues to grow! We’ve created many videos that demonstrate how to do everything from install your hardware to configure advanced AmpCon-DC network features. Here are some great video and training resources that will help you expand your knowledge of AmpCon-DC. If you want to Then Watch short demos to learn how to use AmpCon-DC to automate and validate the design, deployment, and operation of data center networks, from Day 0 through Day 2+ See https://www.youtube.com/results?search_query=Ampcon-DC the FS Networks Product Innovation YouTube page Get short and concise tips and instructions that provide quick answers, clarity, and insight into specific features and functions of FS technologies See https://www.youtube.com/@FS_com on FS Networks main YouTube page

N5850-48S6Q Switch PicOS® Software Download

17 nov. 2025 - N5850-48S6Q Switch PicOS® Software Download Overview This document applies to N5850-48S6Q. Browse the list to view its available software downloads. All software versions require user login for download. For detailed information, please refer to: PicOS® Software Installation and Upgrade Guide. Software Download N5850-48S6Q Version Name Release Date Release Note Download PicOS® 4.4.5.7 Oct-2024 PicOS® Software Release Notes V4.4.5 N5850 and N8550 Series Switches PicOS® 4.4.5.7 Software PicOS® 4.4.4.4 May-2024 N5850 and N8550 PicOS® Software Release Notes N5850 and N8550 Series Switches PicOS® 4.4.4.4 Software PicOS® 4.4.4.1 Apr-2024 N5850 and N8550 PicOS® Software Release Notes N5850-48S6Q/N8550-48B8C/N8550-32C Switch PicOS® 4.4.4.1 Software