FS EuropaSpedizione gratuita per ordini superiori a 79,00 €
Contattaci
Italia / € EUR
Spedizione gratuita per ordini superiori a 79,00 €
Italia

Risultato di ricerca per "338467"

Tipi

Tipi

All
Scheda tecnica
Guida alla Configurazione
Guida all'aggiornamento
FAQ
Competitive Comparison
Troubleshooting Guide
Safety and Compliance Information
Deployment Guide

Ordina per

Rilevanza

PicOS® Troubleshooting Guide

image

04 nov. 2025 - PicOS® Troubleshooting Guide 1. L2/L3 Troubleshooting Guide This guide describes how to identify and resolve common problems related to the PicOS® software used on supported switches. 1.1 Monitoring and Debugging L2/L3 protocols 1.1.1 Find and Configure the Log File By default, the syslog local-file is ram. The log file name is "message" which is in the directory "/tmp/log" admin@XorPlus$cd /tmp/log admin@XorPlus$ls lastlog lighttpd messages wtmp You can use "tail -f /tmp/log/messages" to display the log messages. You can set the syslog local-file location to disk. The log file name is "messages" which is in the directory of "/var/log" admin@XorPlus# set system syslog local-file disk admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# admin@XorPlus$cd /var/log/ admin@XorPlus$ls apt dmesg fsck last_death lastlog messages news ntpstats wtmp admin@XorPlus$ You can use "tail -f /var/log/messages" to show the log messages. 1.1.2 Enable Important Debugs Enable debug interface: ##Global Interface traceoptions. admin@XorPlus# set interface traceoptions flag Possible completions: <[Enter]> Execute this command all Configure all tracing config Configure configuration tracing ethernet-switching-options Configure ethernet-switching-options tracing neighbor-event Configure neighbor event tracing packets Configure received or sent packets event tracing port-security Configure port security tracing raw-packet Configure receive raw packet tracing route-event Configure route event tracing static-ethernet-switching Configure static-ethernet-switching tracing timer Configure timer tracing admin@XorPlus# set interface traceoptions flag config <[Enter]> Execute this command disable Disable configuration tracing admin@XorPlus# set interface traceoptions flag config disable false admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# admin@XorPlus# set interface traceoptions line-card ? Possible completions: <[Enter]> Execute this command statistic Configure line card statistic module trace trace-level Configure line card trace level trace-type Configure line card trace type admin@XorPlus# set interface traceoptions line-card trace-level all disable false admin@XorPlus# commit Commit OK. Enable debug of protocals: admin@Xorplus# set protocols Possible completions: <[Enter]> Execute this command arp Configure ARP bgp Configure BGP inter-domain routing dhcp Dynamic Host Configuration Protocol dot1x 802.1x protocol igmp Configure the IGMP protocol igmp-snooping Configure the igmp snooping lacp Link Aggregation Control Protocol lldp Link Layer Discovery Protocol 802.1AB mlag Configure MLAG neighbour Configure Neighbour Discovery Protocol netconf Configure NETCONF ospf Configure the OSPF protocol ovsdb Enable OVSDB pim PIM protocol sflow Configure sflow snmp Simple network management protocol configuration spanning-tree Configure Spanning Tree static Configure static routes udld Unidirectional Link Detection Protocol vrrp Configure VRRP admin@Xorplus# set protocols bgp traceoption updates in admin@Xorplus# commit Commit OK Save Done! Enable debug of LLDP: ## LLDP global traceoptions. admin@Xorplus# set protocols lldp traceoptions flag Possible completions: <[Enter]> Execute this command all Configure all events and packets tracing configuration Configure configuration tracing message-in Configure received message tracing message-out Configure send message tracing state-change Configure LLDP state change tracing admin@Xorplus# set protocols lldp traceoptions flag message-in disable false admin@XorPlus# commit Commit OK. Enable debug of LACP: ## LACP global traceoptions. admin@Xorplus# set protocols lacp traceoptions flag Possible completions: <[Enter]> Execute this command all Configure all events and packets tracing configuration Configure configuration tracing fallback Configure FALLBACK tracing message-in Configure received message tracing message-out Configure send message tracing mlag Configure MLAG tracing state-change Configure LACP state change tracing admin@Xorplus# set protocols lacp traceoptions flag message-in disable false admin@XorPlus# commit Commit OK. ##LACP per interface traceoptions. admin@Xorplus# set protocols lacp traceoptions interface ge-1/1/1 flag Possible completions: <[Enter]> Execute this command all Configure all events and packets tracing configuration Configure configuration tracing message-in Configure received message tracing message-out Configure send message tracing state-change Configure LACP state change tracing admin@Xorplus# set protocols lacp traceoptions interface ge-1/1/1 flag configuration disable false admin@XorPlus# commit Commit OK. Enable debug of UDLD: ## UDLD global traceoptions. admin@Xorplus# set protocols udld traceoptions Possible completions: <[Enter]> Execute this command all Configure all events and packets tracing configuration Configure configuration tracing event Configure event tracing packet Configure the sending/receiving packets tracing raw-packet Configure UDLD raw packet tracing state-change Configure state change tracing timer Configure UDLD timer tracing admin@Xorplus# set protocols udld traceoptions event disable false admin@XorPlus# commit Commit OK. Enable debug of BGP: admin@XorPlus# set protocols bgp traceoption ? admin@XorPlus# set protocols bgp traceoption Possible completions: <[Enter]> Execute this command bestpath BGP bestpath evpn EVPN keepalives BGP IPv4 neighbor to debug neighbor-events BGP Neighbor Events updates BGP updates zebra BGP zebra messages admin@XorPlus# set protocols bgp traceoption updates in admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Enable debug of ospf: admin@XorPlus# set protocols ospf traceoption ? Possible completions: <[Enter]> Execute this command ism Configure tracing of OSPF interface state machine lsa Configure tracing of OSPF link state advertisement nsm Configure tracing of OSPF neighbor state machine packet Configure tracing of OSPF packets zebra Configure tracing of zebra information admin@XorPlus# set protocols ospf traceoption packet all detail admin@XorPlus# commit Enable debug of stp: admin@XorPlus# set protocols spanning-tree traceoptions interface ge-1/1/1 ? Possible completions: <[Enter]> Execute this command all Configure all tracing operations bridge-detection-machine Configure bridge detection state machine tracing configuration Configure configuration tracing events Configure events tracing message-in Configure receive message tracing message-out Configure send message tracing mlag Configure mlag tracing port-information-machine Configure port information state machine tracing port-migration-machine Configure port migration state machine tracing port-receive-machine Configure port receive state machine tracing port-role-selection-machine Configure port role selection state machine tracing port-role-transition-machine Configure port role transition state machine tracing port-state-transition-machine Configure port state transition state machine tracing port-transmit-machine Configure port transmit state machine tracing state-machine-variables Configure state machine variables tracing timers Configure timers tracing topology-change-machine Configure topology change state machine tracing admin@XorPlus# set protocols spanning-tree traceoptions interface ge-1/1/1 all disable false admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Enable debug of igmp: admin@XorPlus# set protocols igmp traceoption ? Possible completions: <[Enter]> Execute this command events IGMP protocol events packets IGMP protocol packets trace IGMP internal daemon activity admin@XorPlus# set protocols igmp traceoption events admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# 1.1.3 Find the Core Dump File When the device crashes, it will create a core file which can be found in a directory called pica/core. admin@R2:/pica/core$ pwd /pica/core 1.1.4 Find the last_death file for Troubleshooting You can view the last_death file after the device crashes. It will record the last log message and is located in /var/log directory. admin@R2:/pica/core$ cd /var/log/ admin@R2:/var/log$ ls btmp faillog fsck lastlog messages report_diag.log dmesg frr last_death lighttpd private wtmp 1.2 Routing and Forwarding Table 1.2.1 Check the Software and Hardware Route Tables To display the hardware host route table, use the show route forward-host ipv4 all command in L2/L3 operation mode. admin@Switch> show route forward-host ipv4 all Address HWaddress Port --------------- ----------------- --------- 10.10.3.2 48:6E:73:02:03:DA ge-1/1/48 Total host count:1 To display the hardware route table, use the show route forward-route ipv4 all command in L2/L3 operation mode. admin@Switch> show route forward-route ipv4 all Destination NextHopMac Port --------------- ----------------- --------- 10.10.3.0/24 48:6E:73:02:04:64 connected 101.101.101.0/24 48:6E:73:02:03:DA ge-1/1/48 102.102.102.0/24 48:6E:73:02:03:DA ge-1/1/48 Total route count:4 To display the software route table, use the show route ipv4 command in L2/L3 operation mode. admin@Switch> show route ipv4 If PicOS® is running in OVS mode, check the software and hardware flow tables. 1.3 Using Pipe (|) Filter Functions 1.3.1 Pipe (|) Filter Functions This topic describes the pipe (|) filter functions supported in the PicOS® L2/L3 CLI (command-line interface). The PicOS® L2/L3 mode has a growing number of CLI commands that users can use to troubleshoot common problems. These commands usually generate a lot of output. The use of pipe (|) filter functions increases readability of command output, making troubleshooting more effective. The following filter functions are available with the PicOS® L2/L3: Function Description compare Compare configuration changes with a prior version count Count occurrences display Display additional configuration information except Show only the lines of output that do not contain a pattern find Show output starting from the first occurrence of a pattern match Show only the lines of output that contain a pattern no-more Disable pagination of command output 1.3.2 Comparing Configurations The compare filter compares the current committed configuration with a previously committed configuration. admin@XorPlus# show | compare rollback nn nn is the index into the list of previously committed configurations, also known as the rollback number. The range of values for nn is 01-48. For example: admin@XorPlus# show | compare rollback 03 1.3.3 Counting the Number of Output Lines To count the number of lines in the output of a command, enter count after the pipe symbol (|). The following example uses count with the show command in configuration mode to display the number of non-default configuration lines: admin@XorPlus# show | count Count: 11 lines 1.3.4 Displaying Output that Matches a Pattern To display only the lines of output that match a pattern, enter match after the pipe symbol (|). The following example displays the status of only TbE (terabit Ethernet) interfaces: admin@XorPlus> show interface brief | match te- te-1/1/1 Enabled Down Disabled Full Auto te-1/1/2 Enabled Down Disabled Full Auto te-1/1/3 Enabled Down Disabled Full Auto te-1/1/4 Enabled Down Disabled Full Auto te-1/1/5 Enabled Down Disabled Full Auto te-1/1/6 Enabled Down Disabled Full Auto te-1/1/7 Enabled Down Disabled Full Auto te-1/1/8 Enabled Down Disabled Full Auto te-1/1/9 Enabled Down Disabled Full Auto te-1/1/10 Enabled Down Disabled Full Auto 1.3.5 Omitting Output that Matches a Pattern To omit lines from the output of a command that make up a pattern, enter except after the pipe symbol (|). The following example uses except with the show interface brief command in the operation mode to list the interfaces that are not down: admin@XorPlus> show interface brief | except Down 1.3.6 Preventing Output from Being Paginated By default, if the output of a command is longer than the length of terminal screen, user will see the --More-- message to display the remaining output. Press the space bar to display the remaining output. User can disable pagination by entering no-more after the pipe symbol (|). The following example displays the output of show command, executed in PicOS® L2/L3 configuration mode, all at once: admin@XorPlus# show | no-more This feature is useful, for example, when user wants to copy the entire output of a command and paste it into an e-mail to be sent to technical support. 1.4 Using the show tech-support Command 1.4.1 Show Tech-Support Command When contacting Pica8 for technical support, issue the command show tech-support because it captures the complete status of a PicOS® switch. It is recommended to send the output of show tech-support command along with the system log. The following samples describe how to obtain the output. Log in to the switch and enter the cli command at the Linux shell to reach the PicOS® L2/L3 operation mode. admin@Leaf-1$cli Synchronizing configuration...OK. Pica8 PicOS Version 2.6 Welcome to PicOS L2/L3 on Leaf-1 admin@Leaf-1> Enter the show tech-support command. admin@Leaf-1> show tech_support Start...... Item 1: Display version finished! Item 2: Display interface finished! Item 3: Display pica configuration finished! Item 4: Display system config files finished! Item 5: Display system process finished! Item 6: Display fdb table finished! Item 7: Display fdb entries finished! Item 8: Display ospf neighbors finished! Item 9: Display ospf interfaces finished! Item 10: Display kernel route table finished! Item 11: Display kernel ipv4 neigh table finished! Item 12: Display kernel ipv6 neigh table finished! Item 13: Display kernel neigh vrf finished! Item 14: Display hard-route table finished! Item 15: Display system hard-route for host finished! Item 16: Dispaly system spanning tree interfaces finished! Item 17: Dispaly spanning tree bridge finished! Item 18: Display vlans table finished! Item 19: Display vlan-interfaces finished! Item 20: Display core-dump finished! Item 21: Display system uptime finished! Item 22: Display arp table! Item 23: Display neighbor table! Item 24: Display routes table! Item 25: Display ipv4 routes in hardware table! Item 26: Display ipv6 routes in hardware table! Item 27: Display ipv4 hosts in hardware table! Item 28: Display ipv6 hosts in hardware table! Item 29: Display copp statistics! Item 30: Display mlag domain! Item 31: Display mlag link! Item 32: Display mlag config consistency! Item 33: Display mlag statistic! Item 34: Display license! Item 35: Display set! Item 36: Get error event from log! Item 37: Display frr configuration finished! Process BCM commands, total count=47 The information has been stored in /tmp/Leaf-1-201507050614-techSupport.log, please forward to support@pica8.com The last line of the output of show tech-support command provides the name and location of the file to which the output was saved. In the above example, the name of the file is Leaf-1-201507050614-techSupport.log that has been saved to the /tmp directory. You can transfer the file, generated by show tech-support command, from the switch to your computer over SCP (Secure Copy Protocol). There is a nice free Windows utility called WinSCP, available for download at https://winscp.net/eng/download.php, which you can use to copy the file from the switch to your computer over SCP. 2. PicOS® OVS Troubleshooting This section details basic procedures to troubleshoot PicOS® switches in OVS (Open vSwitch) mode. 2.1 Verifying PicOS® Mode Verify if PicOS® is actually running in OVS (Open vSwitch) mode, as described in Checking PicOS® Mode. When PicOS® is running in the OVS mode, two processes should be running: ovsdb-server and ovs-vswitchd. admin@XorPlus$ps -ef | grep ovs root 1356 1 0 Jan26 ? 00:00:10 /ovs/sbin/ovsdb-server /ovs/ovs-vswitchd.conf.db --pidfile --remote=punix:/ovs/var/run/openvswitch/db.sock root 1358 1 0 Jan26 ? 00:19:07 /ovs/sbin/ovs-vswitchd --enable-shared-lcmgr In CrossFlow mode, the router stack must have been initialized in addition to having ovsdb-server and ovs-vswitchd processes running. admin@XorPlus$ps -ef | grep pica root 12430 1 0 Jan07 ? 00:05:49 pica_cardmgr root 12432 1 0 Jan07 ? 01:03:19 pica_sif root 12439 1 0 Jan07 ? 00:08:45 pica_lacp root 12441 1 19 Jan07 ? 4-10:50:14 pica_lcmgr root 12447 1 0 Jan07 ? 00:09:58 pica_login root 13218 1 0 Jan07 ? 00:20:47 pica_mstp root 13236 1 0 Jan07 ? 01:25:30 /pica/bin/xorp_rtrmgr -d -L local0.info -P /var/run/xorp_rtrmgr.pid 2.2 Verifying Bridge Configuration For the bridge and ports to forward frames in hardware, the datapath_type configured for each entity must be set to pica8. admin@PicOS-OVS$ovs-vsctl show ac9e5b1e-4234-4158-9214-5660b9343779 Bridge east Controller "tcp:172.16.0.142:6653" is_connected: true fail_mode: standalone Port "ae1" tag: 1 Interface "ae1" type: "pica8_lag" options: {lacp-mode=active, lacp-system-priority="32768", lacp-time=slow, lag_type=lacp, link_speed=auto, members="te-1/1/2"} Port "te-1/1/2" tag: 1 Interface "te-1/1/2" type: "pica8" options: {flow_ctl=none, link_speed=auto} Port "te-1/1/1" tag: 1 Interface "te-1/1/1" type: "pica8" options: {flow_ctl=none, link_speed=auto} admin@PicOS-OVS$ovs-ofctl show east OFPT_FEATURES_REPLY (OF1.4) (xid=0x2): dpid:1deb0ae61be44040 n_tables:254, n_buffers:256 capabilities: FLOW_STATS TABLE_STATS PORT_STATS GROUP_STATS OFPST_PORT_DESC reply (OF1.4) (xid=0x4): 1(te-1/1/1): addr:ff:ff:ff:ff:ff:00 config: 0 state: LINK_UP current: 1GB-FD COPPER advertised: 1GB-FD 10GB-FD FIBER supported: 10MB-FD 100MB-FD 1GB-FD 10GB-FD FIBER AUTO_NEG speed: 1000 Mbps now, 10000 Mbps max 2(te-1/1/2): addr:ff:ff:ff:ff:ff:00 config: 0 state: LINK_DOWN current: 1GB-FD COPPER advertised: 1GB-FD 10GB-FD FIBER supported: 10MB-FD 100MB-FD 1GB-FD 10GB-FD FIBER AUTO_NEG speed: 1000 Mbps now, 10000 Mbps max 1025(ae1): addr:ff:ff:ff:ff:ff:00 config: 0 state: LINK_UP current: 1GB-FD COPPER advertised: 1GB-FD 10GB-FD FIBER supported: 10MB-FD 100MB-FD 1GB-FD 10GB-FD FIBER AUTO_NEG speed: 1000 Mbps now, 10000 Mbps max LOCAL(east): addr:0a:e6:1b:e4:40:40 config: 0 state: LINK_UP current: 10MB-FD COPPER supported: 10MB-FD COPPER speed: 10 Mbps now, 10 Mbps max OFPT_GET_CONFIG_REPLY (OF1.4) (xid=0x6): frags=normal miss_send_len=0 admin@PicOS-OVS$ Once the ports are configured and verified, flows can be managed in OVS. 2.3 Checking Flow Discrepancies Check ovs-vswitchd flow discrepancies between the control plane and hardware: admin@PicOS-OVS$ovs-ofctl dump-tables br0 | grep -v active=0: 0: active=4, lookup=n/a, matched=n/a admin@PicOS-OVS$ovs-ofctl dump-flows br0 OFPST_FLOW reply (OF1.4) (xid=0x2): cookie=0x0, duration=1449.903s, table=0, n_packets=n/a, n_bytes=0, in_port=1,dl_src=00:00:3d:a6:c8:f2 actions=output:2 cookie=0x0, duration=1444.537s, table=0, n_packets=n/a, n_bytes=0, in_port=1,dl_src=00:00:3d:a6:c9:14 actions=output:1 cookie=0x0, duration=71723.842s, table=0, n_packets=n/a, n_bytes=0, mpls,in_port=1,dl_vlan=1,mpls_label=10 actions=output:3 cookie=0x0, duration=74839.581s, table=0, n_packets=n/a, n_bytes=923443200, in_port=1 actions=output:2 Display hardware flows as shown below: admin@PicOS-OVS$ovs-appctl pica/dump-flows #24 normal permanent priority=32769,in_port=1,dl_src=00:00:3d:a6:c8:f2, actions:2 #23 normal permanent priority=32769,in_port=1,dl_src=00:00:3d:a6:c9:14, actions:1 #22 normal permanent priority=32769,mpls,in_port=1,dl_vlan=1,mpls_label=10, actions:3 #21 normal permanent priority=32769,in_port=1, actions:2 #20 normal permanent priority=0, actions:drop Total 5 flows in HW. 2.4 Displaying OVSDB Display the full OVSDB (Open vSwitch Database) as shown below: admin@Leaf1$ovsdb-client dump Bridge table _uuid controller datapath_id datapath_type external_ids fail_mode flood_vlans flow_tables ipfix lldp_enable mirrors name netflow other_config ports protocols sflow status stp_enable ------------------------------------ -------------------------------------- ------------------ ------------- ------------ --------- ----------- ----------- ----- ----------- ------- -------- ------- ------------ ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -------------- ----- ------ ---------- c880536a-b614-41bf-9870-2d0bdab3664f [bedb4af7-2125-4346-8c89-bf61bd21f63b] "4c3e486e730203da" "pica8" {} [] [] {} [] false [] "ECODE3" [] {} [31605950-d9be-40b2-9ccb-bc4fd09991f0, 61ac5778-554f-4553-83ae-3bbc19ccf715, 62b35f47-e8ca-4496-8b37-f9bfbb7e80b0, 6dee5c6a-e9b8-41f7-87ef-b9379637a7c4, 99ac75b7-9fa1-4583-85f7-66d3145e7fa4] ["OpenFlow13"] [] {} false 2.5 Debug Packet-In Messages To debug the protocol messages between the switch and the controller, use the ovs-ofctl snoop command in the OVS mode. The following commands debug the protocol messages exchanged between the br0 bridge and the controller: admin@Switch$ovs-ofctl snoop br0 3. PicOS® System Troubleshooting User can troubleshoot by checking system logs and PicOS® works mode. Reset the Switch to Factory Default Automating Ping to Multiple Hosts Troubleshooting Switch Crashes CPU/Memory Rate Limit High CPU Utilization Backup Partition for PicOS® SSH Server Preparation Linux_configure.py script Provision.py script How to Disable Weak SSH Cipher/ MAC Algorithms in PicOS® Check log using two methods as follows: NOTE: Users should not put their other files in the /tmp directory, because the space size limit of the /tmp directory is 50M, once exceeded, it will lead to unpredictable system errors. System logs are stored in two locations: /var/log/messages This directory is stored in Flash. and /tmp/log/messages This directory is stored in RAM. Switches use flash memory that has a limited number of lifetime write operations. Hence, it is important that logs are not written continuously to the flash memory. This would dramatically impact the lifetime of the flash memory. This is why most of the log information is written by default on the /tmp directory. admin@XorPlus$df Filesystem 1K-blocks Used Available Use% Mounted on rootfs 6202636 900184 4987368 16% / /dev/root 6202636 900184 4987368 16% / tmpfs 207348 28 207320 1% /run tmpfs 5120 0 5120 0% /run/lock tmpfs 414680 0 414680 0% /run/shm tmpfs 51200 36 51164 1% /tmp The "/tmp" directory is mounted on "tmpfs" which is a filesystem mounted in RAM. The tmp logs are moved to /var/log when dramatic events occur like system crash or system reboot. Checking PicOS® works mode as follows: In L2/L3 Mode (Or XORP), only the XORP system is running. admin@PicOS-OVS$ps aux | grep ovs | grep -v grep admin@PicOS-OVS$ admin@XorPlus$ps aux | grep xorp | grep -v grep root 16383 0.0 1.2 18100 6596 ? S Jan29 5:26 xorp_policy root 16385 0.3 2.5 34980 13380 ? Ss Jan29 99:20 /pica/bin/xorp_rtrmgr -d -L local0.info -P /var/run/xorp_rtrmgr.pid In OVS Mode, only the OVS daemon is running. admin@PicOS-OVS$ps aux | grep xorp | grep -v grep admin@PicOS-OVS$ admin@PicOS-OVS$ps aux | grep ovs | grep -v grep root 1984 0.0 0.1 6696 2524 ? S Nov13 0:10 ovsdb-server /ovs/ovs-vswitchd.conf.db --pidfile --remote=ptcp:6640:10.10.51.166 --remote=punix:/ovs/var/run/openvswitch/db.sock root 1989 25.6 1.5 113256 32392 ? Sl Nov13 1393:50 ovs-vswitchd --pidfile=ovs-vswitchd.pid --overwrite-pidfile 3.1 Reset the Switch to Factory Default Occasionally, it could be useful to reset the equipment to factory default (to erase all configurations or tools on the equipment). This can be done using the Upgrade command and an image of PicOS, for details about the usage of Upgrade command, please see Upgrading PICOS from Version 4.0.0 or Later Using Upgrade Command. Here is an example: admin@XorPlus$sudo upgrade picos-2.4-P3295-13912.tar.gz factory-default 3.2 Automating Ping to Multiple Hosts PicOS® switches support ping, which may be used to test connectivity to remote IP addresses. Users often want to test connectivity to all subnets in their network. This can be accomplished manually by pinging IP addresses in all subnets one-by-one, but that method is error-prone and tedious. This section describes how to write a simple re-usable script to ping a number of IP addresses at once. This script is especially useful when troubleshooting connectivity in a network, and user needs to ping a number of IP addresses again and again for verification. User can create the script once and use it again and again from the PicOS® L2/L3 operation mode. This requires a text editor to create the script and save it as a file on user's PicOS® switch. PicOS® includes the vi text editor, which can be run from the Linux shell on user's PicOS® switch. We choose to call our script pingAll.sh though user may choose any other name. The .sh file extension is not mandatory, though we recommend using it to make it obvious to anyone that the file is a shell script. admin@Leaf-1$vi pingAll.sh Inside the vi editor, press i to be able to insert text. Paste the following lines of text (after modifying them for user's network): ip[0]='192.168.42.2' ip[1]='192.168.42.4' ip[2]='192.168.42.5' ip[3]='192.168.42.9' ip[4]='192.168.42.20' ip[5]='192.168.42.40' ip[6]='192.168.42.60' ip[7]='192.168.42.100' ip[8]='192.168.42.110' ip[9]='192.168.42.120' ip[10]='192.168.42.130' ip[11]='192.168.42.240' ip[12]='192.168.42.22' for ((i=0; i <=12; i++)) do ping -c 3 ${ip[$i]} done Press Esc and then enter :wq to save the file and exit the vi editor. Some information about the script follows. The ip[] array has thirteen elements (ip[0] – ip[12]) and each element holds an IP address. User can change both the IP addresses and the number of array elements. The script will send three ping requests to each IP address in the ip[] array, one by one. If user is familiar with shell scripting or programming in C-like languages, the script should be self-descriptive. Even if user is an absolute beginner to programming and scripting, user should be able to modify and use the script after some research. List the contents of user's home directory. admin@Leaf-1$ls pingAll.sh Make the new file pingAll.sh executable. admin@Leaf-1$chmod +x pingAll.sh Enter the PicOS® L2/L3 operation mode. admin@Leaf-1$cli Synchronizing configuration...OK. Pica8 PicOS Version 2.6 Welcome to PicOS L2/L3 on Leaf-1 admin@Leaf-1> Run the script from PicOS® L2/L3 operation mode. admin@Leaf-1> bash /home/admin/pingAll.sh PING 192.168.42.2 (192.168.42.2) 56(84) bytes of data. 64 bytes from 192.168.42.2: icmp_req=1 ttl=64 time=4.66 ms 64 bytes from 192.168.42.2: icmp_req=2 ttl=64 time=0.848 ms 64 bytes from 192.168.42.2: icmp_req=3 ttl=64 time=0.910 ms --- 192.168.42.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 0.848/2.142/4.669/1.787 ms PING 192.168.42.4 (192.168.42.4) 56(84) bytes of data. 64 bytes from 192.168.42.4: icmp_req=1 ttl=64 time=8.27 ms 64 bytes from 192.168.42.4: icmp_req=2 ttl=64 time=1.98 ms 64 bytes from 192.168.42.4: icmp_req=3 ttl=64 time=2.94 ms --- 192.168.42.4 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 1.986/4.401/8.273/2.765 ms PING 192.168.42.5 (192.168.42.5) 56(84) bytes of data. 64 bytes from 192.168.42.5: icmp_req=1 ttl=64 time=6.59 ms 64 bytes from 192.168.42.5: icmp_req=2 ttl=64 time=3.22 ms 64 bytes from 192.168.42.5: icmp_req=3 ttl=64 time=1.81 ms --- 192.168.42.5 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 1.812/3.876/6.594/2.006 ms 3.3 Troubleshooting Switch Crashes The PicOS® switch may restart after detecting an unrecoverable error. This situation is usually referred to as a system crash. When the switch crashes, it will create a core file that user can use to figure out what went wrong. The core file is stored in the directory /pica/core. Use the file list command in PicOS® L2/L3 operation mode to display the contents of the directory. admin@LEAF-A> file list /pica/core total 0 The output above shows that there is no file in the /pica/core directory. The switch we used never crashed and did not create any core file. The PicOS® writes the last log messages to the /var/log/last_death file after a system crash. admin@LEAF-A> file show /var/log/last_death | count Count: 405 lines admin@LEAF-A> file show /var/log/last_death | match lcmgr Jun 23 2015 04:08:56 XorPlus local0.info : [PICA_MONITOR]Process pica_lcmgr, running, PID 2823 Jun 23 2015 04:08:56 XorPlus local0.info : [PICA_MONITOR]Monitor for process pica_lcmgr started Jun 23 2015 04:44:32 XorPlus local0.err : [LCMGR]Someone set counter interval to ZERO!! Jun 23 2015 04:44:34 XorPlus local0.err : [RTRMGR]XRL Death: class lcmgr01 instance lcmgr01-5eeea3b7d435a0b7277ba879a582fff6@127.0.0.1 time:Thu Jan 1 00:43:34 1970 death module:lcmgr01 3.4 CPU/Memory Rate Limit From PicOS® 2.6, we added the CPU rate limit for processes of PicOS®. Including pica_lcmgr, pica_sif, and ovs-vswitchd. Summary: The default CPU usage is 40% if not provided, and default memory size is 150 MB. The warning message will be printed if the memory size is bigger than the default value. The CPU limitation is based on all CPU's on the system. If the system CPU is P2020 dual cores, 40% CPU limitation is equal to 80% single CPU. Running CPU/memory rate limit tools manually as follows: sudo /pica/bin/system/tools/pica_monitor -v -c 40 -m 150 pica_lcmgr Checking CPU/memory rate limit tools as follows: admin@XorPlus$ps -aux | grep pica_monitor warning: bad ps syntax, perhaps a bogus '-'? See http://gitorious.org/procps/procps/blobs/master/Documentation/FAQ root 3420 0.6 0.7 38944 3896 ? S 3.5.3 Step 3 Check the core dump in the /pica/core directory. 3.5.4 Step 4 To display the virtual interfaces configured on the switch, use the ifconfig command at the Linux shell: admin@Switch$ifconfig eth0 Link encap:Ethernet HWaddr 48:6e:73:02:04:63 inet addr:192.168.42.110 Bcast:192.168.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2379952 errors:0 dropped:0 overruns:0 frame:0 TX packets:1060135 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:354374731 (337.9 MiB) TX bytes:152816006 (145.7 MiB) Base address:0x2000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:98303973 errors:0 dropped:0 overruns:0 frame:0 TX packets:98303973 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:860429061 (820.5 MiB) TX bytes:860429061 (820.5 MiB) vlan.3 Link encap:Ethernet HWaddr 48:6e:73:02:04:64 inet addr:10.10.3.1 Bcast:10.10.3.255 Mask:255.255.255.0 inet6 addr: fe80::4a6e:73ff:302:464/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:36973 errors:0 dropped:0 overruns:0 frame:0 TX packets:36446 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:2927602 (2.7 MiB) TX bytes:2743024 (2.6 MiB) 3.5.5 Step 5 To display packets on a specific virtual interface, use the tcpdump command at the Linux shell: admin@Switch$sudo tcpdump -i vlan.3 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vlan.3, link-type EN10MB (Ethernet), capture size 65535 bytes To debug the protocol messages between the switch and the controller, use the ovs-ofctl snoop command in the OVS mode. The following commands debug the protocol messages exchanged between the br0 bridge and the controller: admin@Switch$ovs-ofctl snoop br0 3.5.6 Common Causes In the CrossFlow mode, both L2/L3 and OVS processes are running. The switch has to process both OVS protocol messages and the L2/L3 packets like BPDUs, OSPF packets, and BGP packets. The switch is likely to have a higher CPU utilization in the CrossFlow mode compared with the L2/L3 or OVS modes. Normally, the CPU-bound packets are less than 1000 pps (packets per second), and the CPU utilization is not high. However, the eth0 management interface has no rate limiting configured. Therefore, an attacker can send a large number of packets to the management interface, making the switch slow and even unusable for legitimate traffic. 3.5.7 Possible Fixes User can deploy the following fixes for high CPU utilization: Add a default drop flow for table-miss packets, to prevent these packet from causing high CPU utilization. Remove some flows with actions: Controller, LOCAL Make sure that the controller is not sending exessive OpenFlow messages to the switch. Configure the management interface eth0 at a low speed like 10 Mbps, using the ethtool -s eth0 speed 10 command. Reload the switch 3.6 Backup Partition for PicOS® Backup partition for PicOS®: PowerPc Platform: We use backup partitions for PicOS® to upgrade the system and recover PicOS®. Usually users need to reserve about 400 MB for partition 2(eg:sda2). The rest of the SD card belongs to partition 1(eg:sda1). If the size of the SD card is 2 GB, partition 1 should be 1.6GB (1600M) and partition 2 is 400M. Command (m for help): p Disk /dev/sda: 8004 MB, 8004304896 bytes 247 heads, 62 sectors/track, 1020 cylinders, total 15633408 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 Device Boot Start End Blocks Id System /dev/sda1 62 12603421 6301680 83 Linux ------the primary partition for PicOS /dev/sda2 12603422 15620279 1508429 83 Linux ------the backup partition for PicOS X86 platform: There are two partitioning ways used with ONIE, GPT and MBR. With GPT partitioning, the sda1/2MB, is allocated to GRUB as BOOT PARTITION. The second partition is used by ONIE itself. The 3rd or others are free, and can be used by NOS. In this mode, the 3rd partition is allocated to PicOS® GRUB, for the grub bootup config files. 4th and 5th are for PicOS® and PicOS®-BACKUP. When the user runs uninstall from ONIE, all partitions except 1st and 2nd are reserved, all NOS are wiped out. With MBR partitioning mode (which is not recommended), the GRUB boot codes are saved before MBR sector and first partition, the first partition is used by ONIE itself. PicOS® begins from the 2nd partition for PicOS®-GRUB, PicOS® and PicOS®-BACKUP partitions. eg:(With MBR) /dev/sda1: LABEL="ONIE-BOOT" UUID="08ae2c6a-6f14-498f-8e13-d0e7c0a567c1" /dev/sda3: LABEL="PicOS" UUID="b2735e76-8594-41b9-87e7-d25113dc22f7" ------the primary partition for PicOS /dev/sda2: LABEL="PICOS-GRUB" UUID="ca79674b-70fc-4540-b9ef-c98c3afadce3" /dev/sda4: LABEL="PICOS-BAK" UUID="92028225-403a-44d4-a40e-25e26d46373b" ------the backup partition for PicOS eg:(with GPT) Disk /dev/sda: 15649200 sectors, 7.5 GiB Logical sector size: 512 bytes Disk identifier (GUID): 1687245E-B39A-48E5-860B-D7967A67FBE8 Partition table holds up to 128 entries First usable sector is 34, last usable sector is 15649166 Partitions will be aligned on 1-sector boundaries Total free space is 8547665 sectors (4.1 GiB) Number Start (sector) End (sector) Size Code Name 1 2048 6143 2.0 MiB EF02 GRUB-BOOT 2 6144 268287 128.0 MiB 3000 ONIE-BOOT 3 268288 1244140 476.5 MiB 0700 PICOS-GRUB 4 1244141 5150390 1.9 GiB 0700 PicOS -----the primary partition for PicOS 5 5150391 7103515 953.7 MiB 0700 PICOS-BAK ------the backup partition for PicOS 3.7 SSH Server Preparation Add the PKI files、two scripts and the PicOS® image on the ssh server. 1: The directory of ssl-private-key (Our openssl connection is not ready, so you only need to create these key files on the server) root@dev-1:/ssl#ls cacert.pem sc-cert.pem sc-privkey.pem 3.8 Linux_configure.py script This script usually starts automatically at the end of the configuration interactive shell. This script can set hostname, create accounts and update the time via ntp. You can modify or add this script to define the hostname and accounts and passwords. root@dev-1:/pica8# vim linux_configure.py _hostname = "HostName-Test" _accounts = {"lily":"1R.O.4HRDfvEY", "tom":"7hCft0situjJQ"} NOTE: The password of the user should be created by password generator. 3.9 Provision.py script This script usually starts automatically at the end of configuration interactive shell. It is used to download PKI files、PicOS® image and linux_configure.py, and then for updating the image and running the linxu_configure.py. You should modify the scipt to define the directory of the files. root@dev-1:/pica8# vim provision.py _server_paths = { "pki_sw_pri_key":"/ssl/sc-privkey.pem", "pki_sw_ca":"/ssl/sc-cert.pem", "pki_ctl_ca":"/ssl/cacert.pem", "ovs_upgrade_deb":"/pica8/pica-ovs-2.5-P3290-17741.deb", "linux_configure_script":"/pica8/linux_configure.py" } 3.10 How to Disable Weak SSH Cipher/ MAC Algorithms in PicOS® 3.10.1 Requirement Some of the security scans may show below Server-to-Client or Client-To-server encryption algorithms as vulnerable: arcfour arcfour128 arcfour256 Below are some of the Message Authentication Code (MAC) algorithms: hmac-md5 hmac-md5-96 hmac-sha1-96 NOTE: PicOS® 3.1.0 and the later version use OpenSSH(?) version is 6.7p1 and following are default Ciphers: chacha20-poly1305@openssh.com, aes128-ctr,aes192-ctr,aes256-ctr, aes128-gcm@openssh.com,aes256-gcm@openssh.com 3.10.2 Description Verify weak cipher and MAC algorithms are currently used by the SSH running in PicOS® switch. Perform following three steps: First check the cipher and MAC algorithms currently supported in the PicOS® SSH protocol. Check the version of SSH: root@Xorplus:/etc/ssh# ssh -v OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013 Check what cipher and MAC algorithms are currently supported. From another Linux Server run the following to list the cipher and MAC algorithms supported by PicOS®, using the following command: nmap --script ssh2-enum-algos -sV -p 22 Example output: root@AutomationServer1 html]# nmap --script ssh2-enum-algos -sV -p 22 172.16.0.191 Starting Nmap 6.40 ( http://nmap.org ) at 2019-03-14 14:13 PDT Nmap scan report for 172.16.0.191 Host is up (0.00079s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.0p1 (protocol 2.0) | ssh2-enum-algos: | kex_algorithms (7) | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 | ecdh-sha2-nistp521 | diffie-hellman-group-exchange-sha256 | diffie-hellman-group-exchange-sha1 | diffie-hellman-group14-sha1 | diffie-hellman-group1-sha1 | server_host_key_algorithms (3) | ssh-rsa | ssh-dss | ecdsa-sha2-nistp256 | encryption_algorithms (13) | aes128-ctr | aes192-ctr | aes256-ctr | arcfour256 | arcfour128 | aes128-cbc | 3des-cbc | blowfish-cbc | cast128-cbc | aes192-cbc | aes256-cbc | arcfour | rijndael-cbc@lysator.liu.se | mac_algorithms (11) | hmac-md5 | hmac-sha1 | umac-64@openssh.com | hmac-sha2-256 | hmac-sha2-256-96 | hmac-sha2-512 | hmac-sha2-512-96 | hmac-ripemd160 | hmac-ripemd160@openssh.com | hmac-sha1-96 | hmac-md5-96 From the above output decide which cipher or MAC algorithm you want to disable. For example say you want to disable arcfour cipher algorithm. 3.10.3 Solution Disable weak Cipher and MAC algorithms used by the SSH running in PicOS® switch by performing the following three steps: Disable the weak Cipher and MAC algorithms used by the SSH running in PicOS® switch as follows: You could disable the Ciphers using the command below: # vi /etc/ssh/sshd_config Press key 'i' to insert and copy the lines below to the end of the file (put only the cipher and MAC algorithms that needs to supported, and not include the weaker cipher and Mac algorithms). Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc Macs hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512 Save the file. On the PicOS® switch restart SSH with the following Linux command: /etc/init.d/ssh restart Verify whether weak Cipher and MAC algorithms are now not used by the SSH running in PicOS® switch: From another Linux Server run the following to list the cipher and MAC algorithms supported by PicOS®, using the following command: nmap --script ssh2-enum-algos -sV -p 22 You will see arcfour cipher algorithm is not used by SSH from the following output. This would show the only the allowed cipher and MAC algorithms now. Example output: root@AutomationServer1 html]# nmap --script ssh2-enum-algos -sV -p 22 172.16.0.191 Starting Nmap 6.40 ( http://nmap.org ) at 2019-03-14 14:35 PDT Nmap scan report for 172.16.0.191 Host is up (0.00055s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.0p1 (protocol 2.0) | ssh2-enum-algos: | kex_algorithms (7) | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 | ecdh-sha2-nistp521 | diffie-hellman-group-exchange-sha256 | diffie-hellman-group-exchange-sha1 | diffie-hellman-group14-sha1 | diffie-hellman-group1-sha1 | server_host_key_algorithms (3) | ssh-rsa | ssh-dss | ecdsa-sha2-nistp256 | encryption_algorithms (8) | aes128-ctr | aes192-ctr | aes256-ctr | aes128-cbc | 3des-cbc | blowfish-cbc | aes192-cbc | aes256-cbc | mac_algorithms (4) | hmac-sha1 | umac-64@openssh.com | hmac-sha2-256 | hmac-sha2-512 4. Technical Support Execute the diagnostic command show tech_support to send information to Pica8 Technical Support and receive a diagnostic report back. 4.1 Executing the Diagnostic Command admin@XorPlus> show tech_support Start...... Item 1: Display version finished! Item 2: Display interface finished! Item 3: Display pica configuration finished! Item 4: Display system config files finished! Item 5: Display system process finished! Item 6: Display fdb table finished! Item 7: Display fdb entries finished! Item 8: Display ospf neighbors finished! Item 9: Display ospf interfaces finished! Item 10: Display kernel route table finished! Item 11: Display kernel ipv4 neigh table finished! Item 12: Display kernel ipv6 neigh table finished! Item 13: Display kernel neigh vrf finished! Item 14: Display hard-route table finished! Item 15: Display system hard-route for host finished! Item 16: Dispaly system spanning tree interfaces finished! Item 17: Dispaly spanning tree bridge finished! Item 18: Display vlans table finished! Item 19: Display vlan-interfaces finished! Item 20: Display core-dump finished! Item 21: Display system uptime finished! Item 22: Display arp table! Item 23: Display neighbor table! Item 24: Display routes table! Item 25: Display ipv4 routes in hardware table! Item 26: Display ipv6 routes in hardware table! Item 27: Display ipv4 hosts in hardware table! Item 28: Display ipv6 hosts in hardware table! Item 29: Display copp statistics! Item 30: Display mlag domain! Item 31: Display mlag link! Item 32: Display mlag config consistency! Item 33: Display mlag statistic! Item 34: Display license! Item 35: Display set! Item 36: Get error event from log! Item 37: Display frr configuration finished! Process BCM commands, total count=47 The information has been stored in /tmp/XorPlus-201307052220-techSupport.log, please forward to support@pica8.com admin@XorPlus> 5. General PicOS® FAQ We have summarized the general PicOS® FAQ here, please download it from the following link: General_PICOS_FAQ.docx 6. Traceoptions Configuration Commands set interface traceoptions flag config disable true set interface traceoptions flag ethernet-switching-options disable true set protocols mlag traceoptions all disable false set interface traceoptions flag neighbor-event disable true set interface traceoptions flag packets disable true set interface traceoptions flag route-event disable true set interface traceoptions flag static-ethernet-switching disable true set interface traceoptions line-card statistic disable true set interface traceoptions line-card trace-level all disable true set interface traceoptions line-card trace-level api debug disable true set interface traceoptions line-card trace-level api error disable true set interface traceoptions line-card trace-level api information disable true set interface traceoptions line-card trace-level api warning disable true set interface traceoptions line-card trace-level sdk debug disable true set interface traceoptions line-card trace-level sdk error disable true set interface traceoptions line-card trace-level sdk information disable true set interface traceoptions line-card trace-level sdk warning disable true set interface traceoptions line-card trace-level xrl debug disable true set interface traceoptions line-card trace-level xrl error disable true set interface traceoptions line-card trace-level xrl information disable true set interface traceoptions line-card trace-level xrl warning disable true set interface traceoptions line-card trace-type all disable true set interface traceoptions line-card trace-type configuration disable true set interface traceoptions line-card trace-type link-change disable true set interface traceoptions line-card trace-type mac-update disable true set interface traceoptions line-card trace-type packet disable true set interface traceoptions line-card trace-type packet-receive disable true set interface traceoptions line-card trace-type packet-transmit disable true set interface traceoptions line-card trace-type statistics disable true 7. Displaying the Debugging Message User can configure the debugging message in a current window. 7.1 Syslog Monitor On admin@XorPlus> syslog monitor on Nov 21 2000 22:27:39 XorPlus local0.warn : [SIF]Interface ge-1/1/3, changed state to up Nov 21 2000 22:27:41 XorPlus local0.warn : root logined the switch Nov 21 2000 22:41:18 XorPlus local0.info xinetd[1102]: START: telnet pid=7650 from=10.10.50.16 Nov 21 2000 22:41:23 XorPlus authpriv.debug login[7651]: pam_unix(login:account): account admin has password changed in future Nov 21 2000 22:41:26 XorPlus local0.warn : admin logined the switch Nov 21 2000 22:55:58 XorPlus local0.info xinetd[1102]: START: telnet pid=8039 from=10.10.51.16 Nov 21 2000 22:56:01 XorPlus authpriv.debug login[8040]: pam_unix(login:account): account root has password changed in future Nov 21 2000 23:31:13 XorPlus local0.info xinetd[1102]: START: telnet pid=9028 from=10.10.50.16 Nov 21 2000 23:31:16 XorPlus authpriv.debug login[9029]: pam_unix(login:account): account admin has password changed in future Nov 21 2000 23:31:21 XorPlus local0.warn : admin logined the switch admin@XorPlus>

Home/
Documentazione/
PicOS® PoE+ Switch/
1G PicOS® PoE+ Switch/
S5870-48T6BC-U/
Troubleshooting Guide/

PicOS® Software Installation and Upgrade Guide

image

04 nov. 2025 - PicOS® Software Installation and Upgrade Guide 1. ONIE Version and BIOS/U-Boot Information of Verified Platforms The ONIE and BIOS/U-Boot Version information of platforms verified in the lab are listed below. The users can find the ONIE version information in the onie-syseeprom command output. Platform BIOS/U-Boot Version ONIE Version AS4610_54P none ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 159 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 15 4610-54P-O-AC-F Part Number 0x22 13 FP1ZZ5654001A Serial Number 0x23 12 EC1731000333 Base MAC Address 0x24 6 A8:2B:B5:70:43:40 Manufacture Date 0x25 19 08/22/2017 19:30:27 Label Revision 0x27 3 R01 Platform Name 0x28 23 arm-accton_as4610_54-r0 ONIE Version 0x29 13 2016.05.00.04 MAC Addresses 0x2A 2 55 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Vendor Name 0x2D 8 Edgecore Diag Version 0x2E 5 001.9 CRC-32 0xFE 4 0xDABC2397 Checksum is valid. AS4610_54T none ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 159 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 15 4610-54T-O-AC-F Part Number 0x22 13 F0PEC4654000Z Serial Number 0x23 12 EC1741001625 Base MAC Address 0x24 6 A8:2B:B5:CD:6C:C0 Manufacture Date 0x25 19 10/30/2017 12:56:49 Label Revision 0x27 3 R01 Platform Name 0x28 23 arm-accton_as4610_54-r0 ONIE Version 0x29 13 2016.05.00.04 MAC Addresses 0x2A 2 55 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Vendor Name 0x2D 8 Edgecore Diag Version 0x2E 5 001.9 CRC-32 0xFE 4 0xF40F7512 Checksum is valid. AS4610_54T_B none ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 159 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 15 4610-54T-O-AC-B Part Number 0x22 13 F0PEC4654003Z Serial Number 0x23 12 EC1631000053 Base MAC Address 0x24 6 C4:39:3A:FF:2D:C0 Manufacture Date 0x25 19 08/05/2016 11:45:43 Label Revision 0x27 3 R0A MAC Addresses 0x2A 2 55 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Vendor Name 0x2D 8 Edgecore Diag Version 0x2E 5 001.7 Platform Name 0x28 23 arm-accton_as4610_54-r0 ONIE Version 0x29 13 2018.02.00.03 CRC-32 0xFE 4 0x9DC28EDF Checksum is valid. AS4610_30P none ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 160 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 15 4610-30P-O-AC-F Part Number 0x22 13 F0PEC4630402Z Serial Number 0x23 12 EC1815000436 Base MAC Address 0x24 6 3C:2C:99:89:89:00 Manufacture Date 0x25 19 04/15/2018 23:45:48 Label Revision 0x27 4 R01A Platform Name 0x28 23 arm-accton_as4610_30-r0 ONIE Version 0x29 13 2016.05.00.04 MAC Addresses 0x2A 2 31 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Vendor Name 0x2D 8 Edgecore Diag Version 0x2E 5 001.9 CRC-32 0xFE 4 0xCD54AF53 Checksum is valid. AS4610_30T none ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 160 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 15 4610-30T-O-AC-F Part Number 0x22 13 F0PEC4630001Z Serial Number 0x23 12 EC1806001291 Base MAC Address 0x24 6 3C:2C:99:41:47:E0 Manufacture Date 0x25 19 02/12/2018 23:08:49 Label Revision 0x27 4 R01A Platform Name 0x28 23 arm-accton_as4610_30-r0 ONIE Version 0x29 13 2016.05.00.04 MAC Addresses 0x2A 2 31 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Vendor Name 0x2D 8 Edgecore Diag Version 0x2E 5 001.9 CRC-32 0xFE 4 0x4FF5BAD3 Checksum is valid. S4048-ON Version 2.16.1242. Copyright (C) 2013 American Megatrends, Inc. BIOS Date: 02/22/2017 02:29:52 Ver: 0ACBZ018 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 149 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 7 S4048ON Part Number 0x22 6 099TJK Serial Number 0x23 20 CN099TJK282985640054 Base MAC Address 0x24 6 34:17:EB:FA:90:C4 Manufacture Date 0x25 19 06/08/2015 20:36:30 Label Revision 0x27 3 A00 MAC Addresses 0x2A 2 256 Manufacturer 0x2B 5 28298 Country Code 0x2C 2 CN Service Tag 0x2F 7 FX4PX42 Vendor Extension 0xFD 6 0x36 0x37 0x34 0x2D 0x46 0x46 Platform Name 0x28 26 x86_64-dell_s4000_c2338-r0 Loader Version 0x29 8 3.21.1.1 CRC-32 0xFE 4 0x7EB3C763 Checksum is valid. S4128F-ON Version 2.17.1245. Copyright (C) 2017 American Megatrends, Inc. BIOS Date: 04/26/2017 04:20:58 Ver: 0ACBZ028 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 180 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 9 S4128F-ON Part Number 0x22 6 02NK09 Serial Number 0x23 20 CN02NK092829886J0109 Base MAC Address 0x24 6 E4:F0:04:DF:67:16 Manufacture Date 0x25 19 06/19/2018 11:32:52 Device Version 0x26 1 1 Label Revision 0x27 3 A02 Platform Name 0x28 30 x86_64-dellemc_s4128f_c2338-r0 ONIE Version 0x29 10 3.33.1.1-4 MAC Addresses 0x2A 2 128 Manufacturer 0x2B 5 28298 Country Code 0x2C 2 CN Vendor Name 0x2D 8 Dell EMC Diag Version 0x2E 10 3.33.3.0-1 Service Tag 0x2F 7 HPPKXC2 Vendor Extension 0xFD 4 0x00 0x00 0x02 0xA2 CRC-32 0xFE 4 0x1A25266A Checksum is valid. S4148T-ON Version 2.17.1245. Copyright (C) 2017 American Megatrends, Inc. BIOS Date: 07/06/2017 01:44:00 Ver: 0ACBZ028 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 180 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 9 S4148T-ON Part Number 0x22 6 0JD8R7 Serial Number 0x23 20 CN0JD8R7282987CN0053 Base MAC Address 0x24 6 E4:F0:04:80:EA:CC Manufacture Date 0x25 19 12/23/2017 16:32:17 Device Version 0x26 1 1 Label Revision 0x27 3 A01 MAC Addresses 0x2A 2 256 Manufacturer 0x2B 5 28298 Country Code 0x2C 2 CN Vendor Name 0x2D 8 Dell EMC Service Tag 0x2F 7 6SCCXC2 Vendor Extension 0xFD 4 0x00 0x00 0x02 0xA2 Platform Name 0x28 30 x86_64-dellemc_s4148t_c2338-r0 ONIE Version 0x29 10 3.33.1.1-6 Diag Version 0x2E 10 3.33.3.1-6 CRC-32 0xFE 4 0xD89AF6DE Checksum is valid. S4148F-ON Version 2.17.1245. Copyright (C) 2017 American Megatrends, Inc. BIOS Date: 12/04/2017 20:42:30 Ver: 0ACBZ028 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 179 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 9 S4148F-ON Part Number 0x22 6 0R2RKC Serial Number 0x23 20 TW0R2RKC2829872D0046 Base MAC Address 0x24 6 14:18:77:18:2C:B8 Manufacture Date 0x25 19 02/13/2017 19:32:31 Device Version 0x26 1 1 Label Revision 0x27 3 X01 MAC Addresses 0x2A 2 256 Manufacturer 0x2B 5 28298 Country Code 0x2C 2 TW Vendor Name 0x2D 8 DELL EMC Service Tag 0x2F 7 CM31XC2 Vendor Extension 0xFD 4 0x00 0x00 0x02 0xA2 Platform Name 0x28 29 x86_64-dellemc_s4100_c2338-r0 ONIE Version 0x29 10 3.33.1.1-4 Diag Version 0x2E 10 3.33.3.0-1 CRC-32 0xFE 4 0x42273778 Checksum is valid. AS7712_32X Version 2.16.1242. Copyright (C) 2013 American Megatrends, Inc. BIOS Date: 09/08/2015 11:15:24 Ver: ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 168 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 10/28/2015 20:33:51 Label Revision 0x27 4 R0AB Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Base MAC Address 0x24 6 CC:37:AB:63:8B:84 Serial Number 0x23 14 771232X1541003 Part Number 0x22 13 FP3ZZ7632014A Product Name 0x21 15 7712-32X-O-AC-F MAC Addresses 0x2A 2 131 Vendor Name 0x2D 8 Edgecore Diag Version 0x2E 7 0.0.5.4 Platform Name 0x28 27 x86_64-accton_as7712_32x-r0 ONIE Version 0x29 13 2018.11.00.02 CRC-32 0xFE 4 0x9208666A Checksum is valid. Z9100-ON Version 2.17.1245. Copyright (C) 2017 American Megatrends, Inc. BIOS Date: 02/22/2017 21:20:05 Ver: 0ACBZ028 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 168 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 8 Z9100-ON Part Number 0x22 6 04HW8N Serial Number 0x23 20 CN04HW8N7793163I0010 Base MAC Address 0x24 6 4C:76:25:E8:D7:C0 Manufacture Date 0x25 19 03/19/2016 12:39:24 Device Version 0x26 1 1 Label Revision 0x27 3 A00 Platform Name 0x28 26 x86_64-dell_z9100_c2538-r0 ONIE Version 0x29 8 3.23.1.3 MAC Addresses 0x2A 2 384 Manufacturer 0x2B 5 77931 Country Code 0x2C 2 CN Vendor Name 0x2D 4 DELL Diag Version 0x2E 6 01_010 Service Tag 0x2F 7 2QWRG02 Vendor Extension 0xFD 7 0x00 0x00 0x02 0xA2 0x2D 0x46 0x46 CRC-32 0xFE 4 0x3B190E49 Checksum is valid. AS7816_64X Version 2.19.1269. Copyright (C) 2018 American Megatrends, Inc. BIOS Date: 10/05/2018 08:57:44 Ver: AS7816-64X V36 20181004 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 171 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 11/02/2018 16:32:21 Label Revision 0x27 4 R01A Platform Name 0x28 27 x86_64-accton_as7816_64x-r0 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Vendor Name 0x2D 8 Edgecore Product Name 0x21 17 7816-64X-O-AC-F-R Part Number 0x22 13 FP3ZZ7664020A Serial Number 0x23 14 781664X1843004 Base MAC Address 0x24 6 B8:6A:97:73:6A:3E MAC Addresses 0x2A 2 300 ONIE Version 0x29 13 2018.11.00.02 Diag Version 0x2E 8 0.1.0.17 CRC-32 0xFE 4 0x84DD5474 Checksum is valid. Z9264F-ON Version 2.19.1266. Copyright (C) 2018 American Megatrends, Inc. BIOS Date: 09/17/2018 21:25:57 Ver: 0ACHI032 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 181 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 9 Z9264F-ON Part Number 0x22 6 0RWYT4 Serial Number 0x23 20 CN0RWYT4DND008660010 Base MAC Address 0x24 6 20:04:0F:05:D4:97 Manufacture Date 0x25 19 06/06/2018 03:00:21 Device Version 0x26 1 1 Label Revision 0x27 3 A00 Platform Name 0x28 30 x86_64-dellemc_z9264f_c3538-r0 ONIE Version 0x29 10 3.42.1.9-3 MAC Addresses 0x2A 2 640 Manufacturer 0x2B 5 DND00 Country Code 0x2C 2 CN Vendor Name 0x2D 8 Dell EMC Diag Version 0x2E 11 3.00.3.41-1 Service Tag 0x2F 7 20GKXC2 Vendor Extension 0xFD 4 0x00 0x00 0x02 0xA2 CRC-32 0xFE 4 0xD8EFCB81 Checksum is valid. ONIE:/ # AS5812_54T Version 2.16.1242. Copyright (C) 2013 American Megatrends, Inc. BIOS Date: 08/20/2015 10:55:33 Ver: A02 0820 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 168 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 08/11/2016 16:36:46 Diag Version 0x2E 7 1.0.0.5 Label Revision 0x27 4 R01A Platform Name 0x28 27 x86_64-accton_as5812_54t-r0 ONIE Version 0x29 13 2015.11.00.01 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Base MAC Address 0x24 6 C4:39:3A:FB:BF:6C Serial Number 0x23 14 581254T1631023 Part Number 0x22 13 FP1ZZ5654031A Product Name 0x21 15 5812-54T-O-AC-F MAC Addresses 0x2A 2 74 Vendor Name 0x2D 8 Edgecore CRC-32 0xFE 4 0xCBA5E40E Checksum is valid. HPE AL 6921-54X Version 2.16.1242. Copyright (C) 2013 American Megatrends, Inc. BIOS Date: 08/20/2015 10:55:33 Ver: ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 231 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 05/24/2016 14:49:30 Diag Version 0x2E 7 1.0.0.3 Label Revision 0x27 4 R01A Platform Name 0x28 27 x86_64-accton_as5812_54x-r0 ONIE Version 0x29 13 2015.11.00.01 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Base MAC Address 0x24 6 E0:07:1B:CB:20:50 Serial Number 0x23 10 TW65JQH009 Part Number 0x22 13 F0P8J5654000A Product Name 0x21 64 HPE Altoline 6921 48SFP+ 6QSFP+ x86 ONIE AC Front-to-Back Switch MAC Addresses 0x2A 2 74 Vendor Name 0x2D 26 Hewlett Packard Enterprise CRC-32 0xFE 4 0xADE27C84 Checksum is valid. AS5712_54X Version 2.16.1242. Copyright (C) 2013 American Megatrends, Inc. BIOS Date: 11/20/2014 10:55:31 Ver: ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 167 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 12/18/2014 11:22:02 Diag Version 0x2E 7 2.0.0.7 MAC Addresses 0x2A 2 74 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Vendor Name 0x2D 8 Edgecore Base MAC Address 0x24 6 70:72:CF:B7:65:44 Part Number 0x22 13 FP1ZZ5654001A Serial Number 0x23 14 571254X1419017 Label Revision 0x27 3 R0A Product Name 0x21 15 5712-54X-O-AC-F Platform Name 0x28 27 x86_64-accton_as5712_54x-r0 ONIE Version 0x29 13 2015.11.00.05 CRC-32 0xFE 4 0x37B6E65B Checksum is valid. N3248PXE-ON Version 2.19.1266. Copyright (C) 2019 American Megatrends, Inc. BIOS Date: 06/18/2019 23:21:39 Ver: 0ACHI040 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 186 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 11 N3248PXE-ON Part Number 0x22 6 0WYGRV Serial Number 0x23 20 TW0WYGRVDNT0097I0012 Base MAC Address 0x24 6 50:9A:4C:E6:7B:70 Manufacture Date 0x25 19 07/18/2019 17:41:23 Device Version 0x26 1 1 Label Revision 0x27 4 X01A Platform Name 0x28 32 x86_64-dellemc_n3248pxe_c3338-r0 ONIE Version 0x29 10 3.45.1.9-4 MAC Addresses 0x2A 2 128 Manufacturer 0x2B 5 DNT00 Country Code 0x2C 2 TW Vendor Name 0x2D 8 Dell EMC Diag Version 0x2E 11 3.00.3.41-2 Service Tag 0x2F 7 37QFXC2 2. Installing PicOS® on Bare Metal Switches 2.1 Introduction When using ONIE installer to install PicOS®, the installer reinstalls the software, rebuilds all the PicOS® file system. This can erase the configuration files and system logs from the previous installation. After a successful ONIE installation of PicOS® 4.x, the system generates multiple system partitions including PicOS® (partition size: 2G), PicOS®2 (partition size: 2G) and User-Data partitions. Among them, PicOS® and PicOS®2 are two independent system boot partitions. One of them is the active partition on which the running system resides, and the other is the inactive partition. The two-system-boot-partition feature allows the system to revert to a previous version of the installed software package when the it fails to upgrade PicOS® by using upgrade2 command. The ONIE installer removes all partitions to rebuild a brand new OS only when there is no User-Data partition. However, if there exists a User-Data partition (for example, install a new version 4.0.1 from the old one 4.0.0), the ONIE installer only rewrites the "PicOS®" partition, installs the new installation package to this partition and sets the system on "PicOS®" partition as the default and sole boot system. User-Data partition is a reserved partition which is not affected by ONIE installer and upgrade unless user manually removes it. User-Data partition uses all the available space left on the disk. Users can use this partition to store files and data. This document describes how to install PicOS® 4.x software using ONIE installer. 2.2 Installation Notes and Tools The installation methods used to install a new PicOS® are traditional installation and nos-boot-mode installation. You can choose a suitable installation method that is convenient and appropriate for your installation environment. If you want to install PicOS® through a console port, refer to sections "Traditional Installation" or "Nos-boot-mode Installation". If you want to install the PicOS® through a non-console port (through the management port), refer to section "Nos-boot-mode Installation". You need to log in through the console port of the switch and perform the ONIE installation. Other NOSes including user data will be removed when install PicOS® under ONIE environment. When the ONIE installer is used to downgrade the PicOS® version from version 4.x to PicOS® 3.x or lower versions, we first need to use ONIE to uninstall the higher version PICOS before proceeding with installing PicOS® 3.x or a lower version. On the ARM platform, execute the onie_uninstaller command at the ONIE prompt to uninstall the current version PicOS®. On the x86 platform, select the "ONIE: Uninstall OS" option in the GRUB menu to uninstall the current version PicOS®. If you enter GRUB rescue mode and the switch has GPT format partition, you can use the following commands to reset the GRUB boot variable to enter ONIE GRUB and then install PicOS®. grub rescue> set prefix=(hd0,gpt2)/grub grub rescue> set root=(hd0,gpt2) grub rescue> insmod normal grub rescue> normal Do not plug in the USB disk during onie-nos-installer process until ONIE starts up. If you have plugged in the USB disk before the installation operation, ONIE will find the installer on the USB disk when beginning the installation. On AS4610 series switches, when installation is complete, the installer will display: Please take out the usb disc, then remove the USB disk within 10 seconds after installation successful, and before machine restarts. All X86 platforms share one installation and upgrade package with the name fixed as: onie-installer-picos-VERSION-x86.bin, where VERSION is the release version. X86 platform are listed below: FS N9550-32D FS N8550-64C FS N5850-48S6Q FS N8550-48B8C FS N8550-32C FS N8560-64C FS N8550-24CD8D FS N9600-64OD Edgecore AS4630-54PE Edgecore AS5712-54X Edgecore AS5812-54T Edgecore AS5812-54X Edgecore AS7312-54X Edgecore AS7326-56X Edgecore AS7712-32X Edgecore AS7726-32X Edgecore AS7816-64X Edgecore AS5835-54X Edgecore AS9716-32D DELL N3248P-ON DELL N3248PXE-ON DELL N3224PX-ON DELL N3248X-ON DELL S4048-ON DELL S4148F-ON DELL S4148T-ON DELL S4128F-ON DELL S5224F-ON DELL S5296F-ON DELL S5212F-ON DELL S5248F-ON DELL Z9100-ON DELL Z9264F-ON DELL N3224T-ON DELL S4128T-ON 2.2.1 What is ONIE ONIE (Open Network Install Environment) is an open source project of OCP (Open Compute Project). ONIE provides the environment to install any network operating system on a bare metal network switch. ONIE liberates users from captive pre-installed network operating systems, like the Cisco IOS, and provides them with a choice. ONIE is a small Linux operating system that comes pre-installed as firmware on bare metal network switches. ONIE acts as an enhanced boot loader, extending the features provided by U-Boot. ONIE is used to install Pica8 PicOS® on compatible switches. The bare metal switches listed in the PICOS Hardware Compatibility List must be pre-loaded with ONIE prior to installing PicOS®. 2.3 Traditional Installation NOTE: You need to log in through the console port of the switch and perform the ONIE installation described in this section. The installation method described in this section only applies to platforms that have pre-installed ONIE. 2.3.1 Mind Map of Installation Process Figure1 shows the mind map of PicOS® installation process. Figure1 Mind Map of PicOS® installation process image.png 2.3.2 Manual Installation Process The following example describes the installation of PicOS® via manual installation method. Step1 Make sure that the installation package of .bin file has been load to the server (server could be HTTP, TFTP, or an FTP server or the switch local directory depending on the actual installation environment). Step2 Enter ONIE installation environment. The process is different on the following two types of platforms: ARM Platforms (AS4610 Series Switches) x86 Platform ARM Platforms (AS4610 Series Switches) a) Verify that the switch is pre-loaded with ONIE, which will be used to load PicOS® on the switch. Power on the switch and interrupt the boot sequence by pressing any key when the following line is shown: Hit any key to stop autoboot: b) User will then reach the U-Boot command prompt indicated by ->. Run the printenv command at the U-Boot prompt. If the information displayed contains keywords like onie_initargs and onie_machine, the switch is pre-loaded with ONIE. LOADER->printenv active=image1 autoload=no baudrate=115200 bootcmd=run check_boot_reason;run PicOS_bootcmd;run onie_bootcmd bootdelay=10 check_boot_reason=if test -n $onie_boot_reason; then setenv onie_bootargs boot_reason=$onie_boot_reason; run onie_bootcmd; fi; consoledev=ttyS0 dhcp_user-class=arm-accton_as4610_54-r0_uboot dhcp_vendor-class-identifier=arm-accton_as4610_54-r0 ethact=eth-0 ethaddr=00:18:23:30:E7:8F fdtaddr=0xc00000 fpboot=setenv bootargs console=${consoledev},${baudrate} maxcpus=2 mem=1024M root=/dev/ram ${mtdparts} ubi.mtd=4 ethaddr=$ethaddr quiet gatewayip=192.168.0.1 initrd_high=0x80000000 ipaddr=192.168.0.1 loadaddr=0x70000000 loads_echo=1 mfg=mfg mfgdiags=run fpboot ; nand read ${loadaddr} diags ; bootm ${loadaddr} mfgdiags_recovery=nand read ${loadaddr} diags2 ; nand erase.part diags ; nand write ${loadaddr} diags mtdids=nand0=nand_iproc.0 mtdparts=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) netmask=255.255.255.0 nos_bootcmd=true onie_args=run onie_initargs onie_platformargs onie_bootcmd=echo Loading Open Network Install Environment ...; echo Platform: $onie_platform ; echo Version : $onie_version ; nand read $loadaddr $onie_start 0x00c00000 && run onie_args && bootm ${loadaddr} onie_dropbear_dss_host_key=begin-base64@600@d#AAAAB3NzaC1kc3MAAACBAIN7HOS7UGtQ+RS9R5Rdim9s4iadCBQ9SEFnHJZ2#ulK15hN2p1BOJ1Mf4qb/oHFGIt8hvopq157ejsJcSPuR9scXE2aYQO7r1+Ie#1MKoR3HyEFKgPhNUr0qYNiIaWGw2UUXivLUlhjmaPhjItsttb6AezNB6N1ap#TmIeEUse0NQBAAAAFQDndwbRrSsw6G/W4wd0LJVAjuyq2QAAAIAe/zGPyPNn#UwwV+i+j3l1W9IFhjA/ovXfX7PQtjHB7OJcInSpOA2gXLXHU2kYDkn+ymJQI#8Tn558nLHq64n9hIJzwaQH4ajMipBNwqR0WtpPXEaow9InDzjs+qFY0HAcTv#7DMEY9BGiJAUUSSCSFZ9dEYHIWUdk6WIpDUMX4b2ewAAAIB6bC+fHzr+Qaet#GjzynI0tApbzyydXKuIiIH6EDh2QEaP0E+TSxJ+C4xfyBAp1j0kvj0IYWR2P#H9ur0RaxDaCmKwIQs1gTJh/137Yd+OsqEV3JnrZxlEKk2DmI5c2wrGtl4oUp#XJfc+viahpFeCsGzsqGHHADWNsjlpKt457QCuQAAABUAk5406cTH4nZO0qlj#6irYf4WA65E=#====# onie_dropbear_rsa_host_key=begin-base64@600@r#AAAAB3NzaC1yc2EAAAADAQABAAAAgQCMTqwNhnJpuSLYAdRA/jjm1lyBaJF1#ovs3Hp0G7XkYnY4+JNPTCYgnmfMQnM83PQncuy89AqehJ2V22LGjpRiqT56K#MRr+hQoSWEbAObRd1azZF45pbxiQaQiQxNzIKbHDDWlGlycXfv8w9ZCElbxj#Ja7bkwmwg9EsBlW0d5u0BQAAAIAFr0FOyfn0OR1FiatvF624Aorcbl9oV/pc#JRghGfl8SxPihizz4bC7xAPCUkwd9ZHi+M2E6AjhIV69xjFKS0vYuQplvl8G#9R8YsnmP5B45TyLE3dW5V2/g+LQERQdFpRaSsPqEPHSlXPq4XHLGLRFItEBt#ohp41Qm+eA6efsAMIQAAAEEA4Y90xi8N1SuwjRk53fqpP8dC+FPnU850XtC1#cKG0rBt6v9qD+BTxxfE6GEpYM+N0fLyECbgBjA2LQF6CG3G15QAAAEEAnz3v#3POrcsMK2LkSNjWzAhzUqOWyOaNlhcvgh+2Xfj2tHyOTpZ09gCm483v1rui9#63uYu4QQurpATrHMcLIjoQ==#====# onie_initargs=setenv bootargs quiet console=$consoledev,$baudrate onie_machine=accton_as4610_54 onie_machine_rev=0 onie_platform=arm-accton_as4610_54-r0 onie_platformargs=setenv bootargs $bootargs serial_num=${serial#} ${platformargs} eth_addr=$ethaddr $onie_bootargs $onie_debugargs onie_recovery=nand read ${loadaddr} onie2 ; nand erase.part onie ; nand write ${loadaddr} onie onie_rescue=setenv onie_boot_reason rescue && boot onie_start=onie onie_sz.b=0x00c00000 onie_uninstall=setenv onie_boot_reason uninstall && boot onie_update=setenv onie_boot_reason update && boot onie_vendor_id=27658 onie_version=master-201603091701-dirty PicOS_bootcmd=usb start;run platformargs;setenv bootargs root=/dev/sda1 rw noinitrd console=$consoledev,$baudrate rootdelay=10 $mtdparts;ext2load usb 0:1 $loadaddr boot/uImage;bootm $loadaddr platform=accton_as4610_54 platformargs=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) maxcpus=2 mem=1024M ramdiskaddr=0x3000000 serial#=A626P1DL174300014 serverip=192.168.0.10 stderr=serial stdin=serial stdout=serial ubifscfg=ubi part nand0,4 0x0; ubifsmount fs ver=U-Boot 2012.10-gcbef171 (Mar 09 2016 - 17:01:14) - ONIE master-201603091701-dirty Environment size: 3992/65532 bytes c) From U-Boot prompt, boot ONIE in rescue mode. LOADER-> run onie_rescue x86 Platform On x86 platform, it uses GRUB menu to install OS via ONIE. a) Reboot the system, and enter ONIE installation environment from the GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. b) From GRUB prompt, choose ONIE: Rescue to Install OS, boot ONIE in rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ |*ONIE: Install OS | | ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step3 Run onie-nos-install command as follows to manually install PicOS®. Install via TFTP ONIE# onie-nos-install tftp:///PICOS.bin Install via FTP When installing via FTP, you need to type username and password of the FTP server on which the image file is loaded. ONIE# onie-nos-install ftp://username:password@/PICOS.bin Install via HTTP ONIE# onie-nos-install http:///PICOS.bin Install from Local Directory a) In ONIE rescue mode, copy the image file to the current directory. ONIE# scp username@/PICOS.bin . b) Run onie-nos-install command to start installation. ONIE# onie-nos-install PICOS.bin For example, ONIE:/ # onie-nos-install onie-installer-picos-4.0.0-8b1219e112-x86.bin discover: Rescue mode detected. No discover stopped. ONIE: Executing installer: onie-installer-picos-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. [1] PICOS L2/L3 (default) [2] PICOS Open vSwitch/OpenFlow Enter your choice (1,2):1 PICOS L2/L3 is selected. ONIE installation will overwrite the configuration file of existing system. It is recommended to follow the upgrade procedure to upgrade the system. Press any key to stop the installation... 10 9 8 7 6 5 4 3 2 1 ... The installer runs automatically, before start installation, it will prompt to choose the option to make PicOS® to boot into L2/L3 or OVS mode. If not selected, then PicOS® boots into L2/L3. After finishing installation, the device reboots automatically, the system then comes up running the new network operating system. NOTE: After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 2.3.3 Automatic Installation Process The automatic installation process uses the DHCP message exchange process to download and install software packages. Step1 Make sure the switch is connected to DHCP and HTTP servers and the PicOS® installation software package is downloaded to the HTTP server. a) DHCP server configuration: define the path of the installation package and then start DHCP server service: host pica8-3922 { hardware ethernet 70:72:cf:12:34:56; fixed-address 192.168.2.50; option default-url = "http://192.168.2.42/onie-installer-picos-4.0.0-8b1219e112-x86.bin"; } b) Check if the .bin installation file is loaded onto the HTTP server: root@dev:/var/www# ls index.html onie-installer-powerpc.bin Step2 Install PicOS® via ONIE. The process is different on the following two types of platforms: ARM Platforms (AS4610 Series Switches) x86 Platform ARM Platforms (AS4610 Series Switches) a) Verify that the switch is pre-loaded with ONIE, which will be used to load PicOS® on the switch. Power on the switch and interrupt the boot sequence by pressing any key when the following line is shown: Hit any key to stop autoboot: b) User will then reach the U-Boot command prompt indicated by ->. Run the printenv command at the U-Boot prompt. If the information displayed contains keywords like onie_initargs and onie_machine, the switch is pre-loaded with ONIE. LOADER-> printenv active=image1 autoload=no baudrate=115200 bootcmd=run check_boot_reason;run PicOS_bootcmd;run onie_bootcmd bootdelay=10 check_boot_reason=if test -n $onie_boot_reason; then setenv onie_bootargs boot_reason=$onie_boot_reason; run onie_bootcmd; fi; consoledev=ttyS0 dhcp_user-class=arm-accton_as4610_54-r0_uboot dhcp_vendor-class-identifier=arm-accton_as4610_54-r0 ethact=eth-0 ethaddr=00:18:23:30:E7:8F fdtaddr=0xc00000 fpboot=setenv bootargs console=${consoledev},${baudrate} maxcpus=2 mem=1024M root=/dev/ram ${mtdparts} ubi.mtd=4 ethaddr=$ethaddr quiet gatewayip=192.168.0.1 initrd_high=0x80000000 ipaddr=192.168.0.1 loadaddr=0x70000000 loads_echo=1 mfg=mfg mfgdiags=run fpboot ; nand read ${loadaddr} diags ; bootm ${loadaddr} mfgdiags_recovery=nand read ${loadaddr} diags2 ; nand erase.part diags ; nand write ${loadaddr} diags mtdids=nand0=nand_iproc.0 mtdparts=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) netmask=255.255.255.0 nos_bootcmd=true onie_args=run onie_initargs onie_platformargs onie_bootcmd=echo Loading Open Network Install Environment ...; echo Platform: $onie_platform ; echo Version : $onie_version ; nand read $loadaddr $onie_start 0x00c00000 && run onie_args && bootm ${loadaddr} onie_dropbear_dss_host_key=begin-base64@600@d#AAAAB3NzaC1kc3MAAACBAIN7HOS7UGtQ+RS9R5Rdim9s4iadCBQ9SEFnHJZ2#ulK15hN2p1BOJ1Mf4qb/oHFGIt8hvopq157ejsJcSPuR9scXE2aYQO7r1+Ie#1MKoR3HyEFKgPhNUr0qYNiIaWGw2UUXivLUlhjmaPhjItsttb6AezNB6N1ap#TmIeEUse0NQBAAAAFQDndwbRrSsw6G/W4wd0LJVAjuyq2QAAAIAe/zGPyPNn#UwwV+i+j3l1W9IFhjA/ovXfX7PQtjHB7OJcInSpOA2gXLXHU2kYDkn+ymJQI#8Tn558nLHq64n9hIJzwaQH4ajMipBNwqR0WtpPXEaow9InDzjs+qFY0HAcTv#7DMEY9BGiJAUUSSCSFZ9dEYHIWUdk6WIpDUMX4b2ewAAAIB6bC+fHzr+Qaet#GjzynI0tApbzyydXKuIiIH6EDh2QEaP0E+TSxJ+C4xfyBAp1j0kvj0IYWR2P#H9ur0RaxDaCmKwIQs1gTJh/137Yd+OsqEV3JnrZxlEKk2DmI5c2wrGtl4oUp#XJfc+viahpFeCsGzsqGHHADWNsjlpKt457QCuQAAABUAk5406cTH4nZO0qlj#6irYf4WA65E=#====# onie_dropbear_rsa_host_key=begin-base64@600@r#AAAAB3NzaC1yc2EAAAADAQABAAAAgQCMTqwNhnJpuSLYAdRA/jjm1lyBaJF1#ovs3Hp0G7XkYnY4+JNPTCYgnmfMQnM83PQncuy89AqehJ2V22LGjpRiqT56K#MRr+hQoSWEbAObRd1azZF45pbxiQaQiQxNzIKbHDDWlGlycXfv8w9ZCElbxj#Ja7bkwmwg9EsBlW0d5u0BQAAAIAFr0FOyfn0OR1FiatvF624Aorcbl9oV/pc#JRghGfl8SxPihizz4bC7xAPCUkwd9ZHi+M2E6AjhIV69xjFKS0vYuQplvl8G#9R8YsnmP5B45TyLE3dW5V2/g+LQERQdFpRaSsPqEPHSlXPq4XHLGLRFItEBt#ohp41Qm+eA6efsAMIQAAAEEA4Y90xi8N1SuwjRk53fqpP8dC+FPnU850XtC1#cKG0rBt6v9qD+BTxxfE6GEpYM+N0fLyECbgBjA2LQF6CG3G15QAAAEEAnz3v#3POrcsMK2LkSNjWzAhzUqOWyOaNlhcvgh+2Xfj2tHyOTpZ09gCm483v1rui9#63uYu4QQurpATrHMcLIjoQ==#====# onie_initargs=setenv bootargs quiet console=$consoledev,$baudrate onie_machine=accton_as4610_54 onie_machine_rev=0 onie_platform=arm-accton_as4610_54-r0 onie_platformargs=setenv bootargs $bootargs serial_num=${serial#} ${platformargs} eth_addr=$ethaddr $onie_bootargs $onie_debugargs onie_recovery=nand read ${loadaddr} onie2 ; nand erase.part onie ; nand write ${loadaddr} onie onie_rescue=setenv onie_boot_reason rescue && boot onie_start=onie onie_sz.b=0x00c00000 onie_uninstall=setenv onie_boot_reason uninstall && boot onie_update=setenv onie_boot_reason update && boot onie_vendor_id=27658 onie_version=master-201603091701-dirty PicOS_bootcmd=usb start;run platformargs;setenv bootargs root=/dev/sda1 rw noinitrd console=$consoledev,$baudrate rootdelay=10 $mtdparts;ext2load usb 0:1 $loadaddr boot/uImage;bootm $loadaddr platform=accton_as4610_54 platformargs=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) maxcpus=2 mem=1024M ramdiskaddr=0x3000000 serial#=A626P1DL174300014 serverip=192.168.0.10 stderr=serial stdin=serial stdout=serial ubifscfg=ubi part nand0,4 0x0; ubifsmount fs ver=U-Boot 2012.10-gcbef171 (Mar 09 2016 - 17:01:14) - ONIE master-201603091701-dirty Environment size: 3992/65532 bytes c) Input command run onie_bootcmd, which will automatically install PicOS® on the switch. LOADER -> run onie_bootcmd Loading Open Network Install Environment ... Platform: arm-accton_as4610_54-r0 Version : 2021.09.00.03 WARNING: adjusting available memory to 30000000 ## Booting kernel from Legacy Image at 02000000 ... Image Name: as4610_54x.1.6.1.3 Image Type: ARM Linux Multi-File Image (gzip compressed) Data Size: 3514311 Bytes = 3.4 MiB Load Address: 00000000 Entry Point: 00000000 Contents: Image 0: 2762367 Bytes = 2.6 MiB Image 1: 733576 Bytes = 716.4 KiB Image 2: 18351 Bytes = 17.9 KiB Verifying Checksum ... OK ## Loading init Ramdisk from multi component Legacy Image at 02000000 ... ## Flattened Device Tree from multi component Image at 02000000 Booting using the fdt at 0x02355858 Uncompressing Multi-File Image ... OK Loading Ramdisk to 2ff4c000, end 2ffff188 ... OK Loading Device Tree to 03ff8000, end 03fff7ae ... OK Cannot reserve gpages without hugetlb enabled setup_arch: bootmem as4610_54x_setup_arch() arch: exit pci 0000:00:00.0: ignoring class b20 (doesn't match header type 01) sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through ONIE: Using DHCPv4 addr: eth0: 192.168.2.77 / 255.255.255.0 discover: installer mode detected. Running installer. Please press Enter to activate this console. ONIE: Using DHCPv4 addr: eth0: 192.168.2.77 / 255.255.255.0 ONIE: Starting ONIE Service Discovery ONIE: Executing installer: http://192.168.2.42/onie-installer-picos-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. PicOS installation .............................................. ./var/local/ ./var/run Setup PicOS environment ... .............................................. XorPlus login: admin Password: You are required to change your password immediately (root enforced) Changing password for admin. (current) UNIX password: Enter new UNIX password: Retype new UNIX password: admin@XorPlus$ x86 Platform On x86 platform, it uses GRUB menu to choose install OS via ONIE. a) Reboot the system, and enter ONIE installation environment from the GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. b) From GRUB prompt, choose ONIE: Rescue to Install OS, boot ONIE in rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ |*ONIE: Install OS | | ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ The installer runs and will reboot the system after installation is complete. NOTE: After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 2.4 Nos-boot-mode Installation NOTE: The installation method described in this section applies to installation through both the console port and the management port. The installation method described in this section only applies to platforms that have pre-installed ONIE. The installation methods described in "Traditional Installation" must be performed through the console port. If you want to install the system through a non-console port, you can use the nos-boot-mode command to perform the installation which is described in this section. Usage of nos-boot-mode command: admin@Xorplus$sudo nos-boot-mode USAGE install or uninstall NOS(es) SYNOPSIS nos-boot-mode [install|uninstall] DESCRIPTION install- Install NOS uninstall- Remove all NOS(es) including PicOS® When nos-boot-mode install command is executed, PicOS® will switch to ONIE install mode, and the user should go on to complete the subsequent installation. The steps for the manual installation process and the automatic installation process using the nos-boot-mode install command are described below. When nos-boot-mode unsinstall command is executed, the system will remove all NOS(es) including PicOS® from the device. Therefore, it is suggested to use the nos-boot-mode unsinstall command with caution. 2.4.1 Manual Installation Process Step1 Make sure that the installation package of .bin file has been loaded to the server (server could be HTTP, TFTP, or an FTP server or the switch local directory depending on the actual installation environment). Step2 Execute the nos-boot-mode install command to enter ONIE installation environment. admin@Xorplus:~$ sudo nos-boot-mode install Step3 Type “yes” when the below prompt is shown, which will take the system will to ONIE install mode. Type 'yes' to install NOS! Type 'no' to exit [no]/yes: Step4 Run onie-nos-install command as follows to manually install PicOS®. Install via TFTP ONIE# onie-nos-install tftp:///PICOS.bin Install via FTP When installing via FTP, you need to type in the username and password for the FTP server on which the image file is loaded. ONIE# onie-nos-install ftp://username:password@/PICOS.bin Install via HTTP ONIE# onie-nos-install http:///PICOS.bin Install from Local Directory a) In ONIE rescue mode, copy the image file to the current directory. ONIE# scp username@/PICOS.bin . b) Run onie-nos-install command to start installation. ONIE# onie-nos-install PICOS.bin For example, ONIE:/ # onie-nos-install onie-installer-picos-4.0.0-8b1219e112-x86.bin discover: Rescue mode detected. No discover stopped. ONIE: Executing installer: onie-installer-picos-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. [1] PICOS L2/L3 (default) [2] PICOS Open vSwitch/OpenFlow Enter your choice (1,2):1 PICOS L2/L3 is selected. ONIE installation will overwrite the configuration file of existing system. It is recommended to follow the upgrade procedure to upgrade the system. Press any key to stop the installation... 10 9 8 7 6 5 4 3 2 1 ... The installer runs automatically, before start installation, it will prompt to choose the option to make PicOS® to boot into L2/L3 or OVS mode. If not selected, then PicOS® boots into L2/L3. After finishing installation, the device reboots automatically, the system then comes up running the new network operating system. NOTE: After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 2.4.2 Automated Installation Process The automatic installation process uses the DHCP message exchange process to download and install software packages. Step1 Make sure the switch is connected to DHCP and HTTP servers, and the PicOS® installation software package is downloaded to the HTTP server. a) DHCP server configuration: define the path of the installation package and then start DHCP server service: host pica8-3922 { hardware ethernet 70:72:cf:12:34:56; fixed-address 192.168.2.50; option default-url = "http://192.168.2.42/onie-installer-picos-4.0.0-8b1219e112-x86.bin"; } b) Check if the .bin installation file is loaded onto the HTTP server: root@dev:/var/www# ls index.html onie-installer-powerpc.bin Step2 Execute the nos-boot-mode install command to enter ONIE installation environment. admin@Xorplus$ sudo nos-boot-mode install Step3 Type “yes” when the below prompt is shown, and the system will automatically complete the installation. Type 'yes' to install NOS! Type 'no' to exit [no]/yes: The installer runs automatically and will reboot the system after installation is completed. NOTE: After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 2.5 Verifying Version after Installation After system reboots automatically, the system will come up running the new network operating system. admin@Xorplus> show version Copyright (C) 2009-2022 Pica8, Inc. =================================== Hardware Model : as7312_54x Linux System Version/Revision : 4.0.0/8b1219e112 Linux System Released Date : 5/18/2021 L2/L3 Version/Revision : 4.0.0/8b1219e112 L2/L3 Released Date : 5/18/2021 OVS/OF Version/Revision : 4.0.0/8b1219e112 OVS/OF Released Date : 5/18/2021 2.6 Appendix: Troubleshooting Installation/Upgrade Failure on AS7326-56X Installation or upgrade failure (for example, the switches cannot boot up after install) may occur on the old AS7326-56X hardware models (revision is R01F and before). When booting PicOS® on AS7326-56X and detect hardware rev R01F, the system will log a warning message to prompt the hardware revision R01F is a pre-production hardware reversion: "This hardware revision R01F is a pre-production hardware rev, PicOS® has applied a work around to work with PicOS®. Support will be provided on a best effort basis". To work around the issue, first we need to check the “Label Revision”. If it is an old hardware model (revision is R01F or before), then, we can perform the following provided solution after installation/upgrade to solve the problem. 2.6.1 Check Label Revision Under ONIE prompt, run “onie_syseeprom” to get the “Label Revision”. ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 166 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 04/27/2019 02:10:06 Label Revision 0x27 4 R01B Platform Name 0x28 27 x86_64-accton_as7326_56x-r0 ONIE Version 0x29 13 2018.05.00.05 Manufacturer 0x2B 6 Accton Diag Version 0x2E 7 0.0.1.0 Base MAC Address 0x24 6 80:A2:35:81:D5:F0 Serial Number 0x23 14 732656X1916012 Country Code 0x2C 2 TW Part Number 0x22 13 FP4ZZ7656005A Product Name 0x21 15 7326-56X-O-AC-F MAC Addresses 0x2A 2 256 Vendor Name 0x2D 6 Accton CRC-32 0xFE 4 0xC3D3F2DE Checksum is valid. ONIE:/ # 2.6.2 Solution You can follow the steps below after installation/upgrade, to fix the problem of installation and upgrade failure on the old AS7326-56X hardware model (revision R01F or before). Step1 Power cycle the switch. Step2 From the GRUB menu, choose “ONIE” to enter ONIE GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. Step3 From ONIE GRUB menu, choose “ONIE: Rescue” to launch ONIE in Rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ | ONIE: Install OS | |*ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step4 Press Enter to display the ONIE prompt. Step5 Mount PicOS® partition with label is “PicOS®”. ONIE:/ # blkid /dev/sda7: LABEL="User-Data" UUID="be63cef8-4560-4c48-ab5a-8f7ced5a950b" /dev/sda6: LABEL="PicOS2" UUID="f589e53f-4cd1-44ba-8384-f339f4e2b2ac" /dev/sda5: LABEL="PicOS" UUID="8ca5f7ed-5a15-4a2a-944c-4d8872647bf5" /dev/sda4: LABEL="PICOS-GRUB" UUID="782a1372-4b66-4783-b920-dab1df8ec6e4" /dev/sda3: LABEL="ACCTON-DIAG" UUID="3e4117d0-1926-472a-9d9e-08883df83d40" /dev/sda2: LABEL="ONIE-BOOT" UUID="1a90abd8-f065-4f7a-90a0-af122b8805fa" ONIE:/ # ONIE:/ # mount /dev/sda5 /mnt Step6 Execute the following command to modify the I2C access address. ONIE:/ # sed -I "s/0x57/0x56/" /mnt/etc/rc_hw.sh ONIE:/ # sync Step7 Unmount the PicOS® partition. ONIE:/ # unmount /dev/sda5 Step8 Reboot the switch. ONIE:/ # reboot 3. Upgrading PicOS® from Version 4.0.0 or Later Using Upgrade Command NOTE: This document ONLY applies to upgrade from version 4.0.0 or the later version using the upgrade command. If you want to upgrade PicOS® from the version before 4.0.0, use ONIE installation process described in "Installing PicOS® on Bare Metal Switches". This upgrading guide is not available for FS S5810 Series and S5860 Series switches. N8560-32C uses the ONIE method for upgrade described in this guide, while the installation uses Rboot method, please refer to "Installing PicOS® for FS S5810/S5860 Series and N8560-32C Switches" for details on the installation process. The installation package name for N8560-32C includes the suffix '-rboot', for example, N8560_picos-4.4.5-9bca0916a3-rboot.bin. The upgrade package, on the other hand, includes the suffix '-x86', such as picos-4.4.5-9bca0916a3-x86.bin. 3.1 Partitioning PicOS® 4.0.0 have multiple system partitions including PicOS® (partition size: 2G), PicOS®2 (partition size: 2G) and User-Data partitions. Among them, PicOS® and PicOS®2 are two independent system boot partitions. One of them is the active partition on which the running system resides, and the other is the inactive partition. The two-system-boot-partition feature allows the system to be reverted to a previous version of the installed software package when it fails to upgrade PicOS®. User-Data partition is a reserved partition which is not affected by ONIE installer and upgrade unless user manually removes it. User-Data partition uses all the available space left on the disk after installation. Users can use this partition to store files and data. 3.2 Supported Platforms PicOS® 4.x software requires to run on a high performance device, only the platforms listed in Switch Machine Outline and System Characteristics are supported upgrading to PicOS® 4.x. 3.3 Preparation before Upgrading NOTE If routed interface is configured, before upgrade, make sure that routed interface name and sub-interface name in the configuration file start with the string "rif-". Otherwise, upgrade will fail due to configuration error. Table 1 Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build a different upgrade environment according to the need 4 Getting the Required Upgrade Software Obtain the required supported upgrade software 5 Backing up Important Data in Flash All the important data in Flash is backed up 6 Checking Available Flash Space Flash space is enough to save upgrading package and other files 3.3.1 Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS:~$ version Copyright (C) 2009-2024 Pica8, Inc. =================================== Base ethernet MAC Address : d4:31:27:c9:e4:51 Hardware Model : S5860-48MG-U Linux System Version/Revision : 9.8.7-main/fd87d25a10 Linux System Released Date : 10/12/2024 L2/L3 Version/Revision : 9.8.7-main/fd87d25a10 L2/L3 Released Date : 10/12/2024 OVS/OF Version/Revision : 9.8.7-main/fd87d25a10 OVS/OF Released Date : 10/12/2024 3.3.2 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2025-10-28", "Hardware ID":"ACD2-F77A-BBA3-2849", "Site Name":"PICA8" } 3.3.3 Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment, the basic requirements are as follows: PC can log in to the device through serial or SSH. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. 3.3.4 Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following website for the latest version of upgrade software. https://www.pica8.com/support/ 3.3.5 Backing up Important Data in Flash Before upgrading, save the important data in Flash to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed. 3.3.6 Checking the Available Flash Space Use the df -h command to check the available flash space for saving the upgrade package. admin@PICOS:~$ df -h Filesystem Size Used Avail Use% Mounted on udev 989M 0 989M 0% /dev overlay 706M 57M 650M 8% / tmpfs 1009M 0 1009M 0% /dev/shm tmpfs 404M 5.9M 398M 2% /run tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 50M 192K 50M 1% /tmp /dev/ubi1_0 863M 376M 483M 44% /mnt/open 3.4 Upgrading Notes Downgrade from PicOS® version 4.x to 3.x or to a lower version is NOT supported by using upgrade command. You can use ONIE installation when you want to downgrade. For details about ONIE installation, please refer to "Installing PicOS® on Bare Metal Switches". License check is performed for upgrade: If PicOS® has a license installed before the upgrade, the license will be copied and activated after the upgrade. Please check this section for the PICOS Licenses. If there is no license installed prior to upgrade, upgrade2 process can proceed but only the first four ports and the first two uplink ports (if exist) on the newly upgraded system can be used. If the service has expired, it is not allowed to upgrade a major release (e.g. 4.1 to 4.2). However, it will not affect upgrading to a minor release (e.g. 4.1.1 to 4.1.2). You can log in to the switch through its console port or using SSH. After successful login, you can run commands on the command line interface (CLI) to upgrade the device. When using FTP/TFTP to download the image, user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image might be modified during download, and the upgrade will fail during the MD5 check. When upgrading, the installer checks whether there is a user-data partition. If there exists a User-Data partition, the installer only rewrites the running system boot partition (PicOS®/ PicOS®2) and installs the new installation package to this partition. However, if there is no User-Data partition, the installer removes all the partitions to rebuild a brand new NOS. All X86 platforms share one installation and upgrade package with the name fixed as: onie-installer-picos-VERSION-x86.bin, where VERSION is the release version. X86 platforms are listed below: FS N9550-32D FS N8550-64C FS N5850-48S6Q FS N8550-48B8C FS N8550-32C Edgecore AS4630-54PE Edgecore AS5712-54X Edgecore AS5812-54T Edgecore AS5812-54X Edgecore AS7312-54X Edgecore AS7326-56X Edgecore AS7712-32X Edgecore AS7726-32X Edgecore AS7816-64X Edgecore AS5835-54X Edgecore AS9716-32D DELL N3248P-ON DELL N3248PXE-ON DELL N3224PX-ON DELL N3248X-ON DELL S4048-ON DELL S4148F-ON DELL S4148T-ON DELL S4128F-ON DELL S5224F-ON DELL S5296F-ON DELL S5212F-ON DELL S5248F-ON DELL Z9100-ON DELL Z9264F-ON DELL N3224T-ON DELL S4128T-ON During the upgrade process, please ensure that the power supply is functioning normally; otherwise, power interruption during the upgrade process could cause unpredictable problems. In previous 4.x.x versions, PicOS® allows the configuration of route leaking by importing BGP IPv4 routes from one user-defined VRF into another user-defined VRF, for example: set protocols bgp vrf vrf1 local-as 1 set protocols bgp vrf vrf1 ipv4-unicast import vrf vrf2 set protocols bgp vrf vrf2 local-as 2 That will cause configuration from PicOS® CLI is not consistent with FRR configuration. Specifically, FRR will add "set protocols bgp local-as 1" (local as number is same as the value in vrf1) to its configuration automatically, which is not in PicOS® CLI. From version 4.4.0, if "set protocols bgp local-as 1" is not configured, the above configurations are not allowed. Based on the above reasons, users are required to manually add the command "set protocols bgp local-as 1" (local as number is same as the value in vrf1) before the upgrade, if there's above configuration exists in the pre-upgrade version, thus to ensure that the configuration can be loaded successfully after the upgrade. 3.5 Usage of Upgrade Command admin@PicOS®:~$ sudo upgrade USAGE Upgrade system with local new image SYNOPSIS upgrade [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default PicOS® upgrade is done via the command "upgrade" in bash (launching a shell script named "upgrade.sh"). This script will upgrade the image and back up configuration files automatically. The format of the upgrade package is *.bin. The option no-md5-check is removed from PicOS® 3.7.0 and later versions. If there is an MD5 file in the /cftmp directory, the upgrade script will check package integrity with MD5. Else if there is no MD5 file in the /cftmp directory, then skip the MD5 check step. The option factory-default is used to reset the configuration to factory default when performing upgrade. This option retains the license files from the previous version. If you want to backup a file during upgrade, use option backup-file=(*.lst) to define your own backup file list. The usage of option backup-file=(*.lst) is described in the below section. 3.5.1 Usage of Backup-file=(*.lst) Option During the upgrade process, the switch can automatically back up the following files in the following directories from the previous PicOS® system: /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/resolv.conf ./etc/network/interfaces /etc/picos/picos_start.conf /etc/picos/switch-public.key /etc/picos/pica.lic /pica/config/pica_startup.boot /pica/config/pica.conf.01 /pica/config/pica.conf.02 /pica/config/pica.conf.03 /pica/config/pica.conf.04 /pica/config/pica.conf.05 /ovs/ovs-vswitchd.conf.db /ovs/function.conf.db /ovs/config/meters /ovs/config/groups /ovs/config/flows /ovs/var/lib/openvswitch/pki/ /var/log/report_diag.log /var/log/report_diag.log.1 /var/log/report_diag.log.2 /var/log/report_diag.log.3 /var/log/report_diag.log.4 /var/log/report_diag.log.5 /cftmp/upgrade.log /cftmp/upgrade2.log /cftmp/auto/ If you want to save user files that are not in the above default backup file list, you need to first create or specify a .lst file and then add all those files that need to be backed up to this .lst file. You can use the backup-file=(*.lst) option to achieve this, where (*.lst) is the user created file with .lst format or specify the path to this file, for example: admin@PICOS:~$ sudo upgrade backup-file=/admin/back_files.lst onie-installer-picos-4.0.1-x86.bin For example, if you want to backup /home/admin/a.txt file during the process, then add /home/admin/a.txt to back_files.lst.In this example, back_files.lst is a user created file. The user has already added the file to back_files.lst that needs to be saved in the event of power off. admin@PICOS:~$ cat /admin/back_files.lst /home/admin/a.txt The above operations ensure that user can backup their important files with backup-file=(*.lst) option during the upgrade process. 3.6 Upgrading Procedure The upgrading procedure in this document gives an example of upgrading AS7312-54X from PicOS® 4.0.0 to 4.0.1. Step1 Copy the upgrade package (in the form of .bin) and the MD5 file to /cftmp directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@10.10.50.16:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-4.0.1-x86.bin /cftmp admin@PICOS:~$ sudo scp pica8@10.10.50.16:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-4.0.1-x86.bin.md5 /cftmp NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@Xorplus:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-as7312_54x-4.0.1-91bb175.bin /cftmp admin@Xorplus:~$sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-as7312_54x-4.0.1-91bb175.bin.md5 /cftmp If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. Step2 Execute the sync operation. admin@PICOS:~$ sync Step3 Change directory to /cftmp. admin@PICOS:~$ cd /cftmp admin@PICOS:/cftmp$ Step4 Run the upgrade command. admin@PICOS:/cftmp$ sudo upgrade onie-installer-picos-4.0.1-x86.bin After finishing upgrade will reboot automatically, the system will come up running the new network operating system. 3.7 Verifying Version after Upgrading admin@PICOS:~$ version Copyright (C) 2009-2024 Pica8, Inc. =================================== Base ethernet MAC Address : d4:31:27:c9:e4:51 Hardware Model : as7312_54x Linux System Version/Revision : 9.8.7-main/fd87d25a10 Linux System Released Date : 10/12/2024 L2/L3 Version/Revision : 9.8.7-main/fd87d25a10 L2/L3 Released Date : 10/12/2024 OVS/OF Version/Revision : 9.8.7-main/fd87d25a10 OVS/OF Released Date : 10/12/2024 3.8 Appendix: Troubleshooting Installation/Upgrade Failure on AS7326-56X Installation or upgrade failure (for example, the switches cannot boot up after install) may occur on the old AS7326-56X hardware models (revision is R01F and before). When booting PicOS® on AS7326-56X and detect hardware rev R01F, the system will log a warning message to prompt the hardware revision R01F is a pre-production hardware reversion: "This hardware revision R01F is a pre-production hardware rev, PicOS® has applied a work around to work with PicOS®. Support will be provided on a best effort basis". To work around the issue, first we need to check the “Label Revision”. If it is an old hardware model (revision is R01F or before), then, we can perform the following provided solution after installation/upgrade to solve the problem. 3.8.1 Check Label Revision Under ONIE prompt, run “onie_syseeprom” to get the “Label Revision”. ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 166 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 04/27/2019 02:10:06 Label Revision 0x27 4 R01B Platform Name 0x28 27 x86_64-accton_as7326_56x-r0 ONIE Version 0x29 13 2018.05.00.05 Manufacturer 0x2B 6 Accton Diag Version 0x2E 7 0.0.1.0 Base MAC Address 0x24 6 80:A2:35:81:D5:F0 Serial Number 0x23 14 732656X1916012 Country Code 0x2C 2 TW Part Number 0x22 13 FP4ZZ7656005A Product Name 0x21 15 7326-56X-O-AC-F MAC Addresses 0x2A 2 256 Vendor Name 0x2D 6 Accton CRC-32 0xFE 4 0xC3D3F2DE Checksum is valid. ONIE:/ # 3.8.2 Solution You can follow the steps below after installation/upgrade, to fix the problem of installation and upgrade failure on the old AS7326-56X hardware model (revision R01F or before). Step1 Power cycle the switch. Step2 From the GRUB menu, choose “ONIE” to enter ONIE GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. Step3 From ONIE GRUB menu, choose “ONIE: Rescue” to launch ONIE in Rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ | ONIE: Install OS | |*ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step4 Press Enter to display the ONIE prompt. Step5 Mount PicOS® partition with label is “PicOS®”. ONIE:/ # blkid /dev/sda7: LABEL="User-Data" UUID="be63cef8-4560-4c48-ab5a-8f7ced5a950b" /dev/sda6: LABEL="PicOS2" UUID="f589e53f-4cd1-44ba-8384-f339f4e2b2ac" /dev/sda5: LABEL="PicOS" UUID="8ca5f7ed-5a15-4a2a-944c-4d8872647bf5" /dev/sda4: LABEL="PICOS-GRUB" UUID="782a1372-4b66-4783-b920-dab1df8ec6e4" /dev/sda3: LABEL="ACCTON-DIAG" UUID="3e4117d0-1926-472a-9d9e-08883df83d40" /dev/sda2: LABEL="ONIE-BOOT" UUID="1a90abd8-f065-4f7a-90a0-af122b8805fa" ONIE:/ # ONIE:/ # mount /dev/sda5 /mnt Step6 Execute the following command to modify the I2C access address. ONIE:/ # sed -I "s/0x57/0x56/" /mnt/etc/rc_hw.sh ONIE:/ # sync Step7 Unmount the PicOS® partition. ONIE:/ # unmount /dev/sda5 Step8 Reboot the switch. ONIE:/ # reboot 4. Upgrading PicOS® from Version 3.0 or Later Using Upgrade2 4.1 Introduction NOTE: This document only applies to PicOS® upgrade from version 3.0 or later version using command upgrade2. If you want to upgrade PicOS® from the version before 3.0, use ONIE installation process described in "Installing PicOS® on Bare Metal Switches". You cannot do a standard upgrade from 3.x to 4.x. This is because 3.x config and 4.x config are not compatible, and PicOS® 4.x will not be able to boot with 3.x config after the upgrade. In order to upgrade from 3.x to 4.x, you MUST convert the configuration to 4.x before upgrade, see section "Converting Configuration to 4.x before Upgrade (when Upgrade from Version 3.x to 4.x)" in this guide for details. This upgrading guide is not available for FS S5810 Series and S5860 Series switches. N8560-32C uses the ONIE method for upgrade described in this guide, while the installation uses Rboot method, please refer to "Installing PicOS® for FS S5810/S5860 Series and N8560-32C Switches" for details on the installation process. The installation package name for N8560-32C includes the suffix '-rboot', for example, N8560_picos-4.4.5-9bca0916a3-rboot.bin. The upgrade package, on the other hand, includes the suffix '-x86', such as picos-4.4.5-9bca0916a3-x86.bin. PicOS® 4.0.0 and later versions have multiple system partitions including PicOS® (partition size: 2G), PicOS®2(partition size: 2G) and User-Data partitions. Among them, PicOS® and PicOS®2 are two independent system boot partitions. One of them is the active partition on which the running system resides, and the other is the inactive partition. The two-system-boot-partition feature allows the system to revert to a previous version of the installed software package when it fails to upgrade PicOS® by using upgrade2 command. User-Data partition is a reserved partition which is not affected by ONIE installer and upgrade unless user manually removes it. User-Data partition uses all the available space left on the disk. Users can use this partition to store files and data. When running upgrade2, the new version PicOS® image will be installed and boot onto the inactive partition automatically. Afterwards, the inactive partition will switch to active partition automatically when the switch boots up normally after the upgrading is finished, while the other partition where the old version resides will become the inactive partition. Upgrade2 method supports system rollback function. The "nos-rollback" command can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. This can reduce the network interruption risk due to the failure of system upgrade process and ensure the systems’ continuous availability. You can refer to section "Rollback Procedure" in this page for details. The system also supports the upgrade method for PicOS® version upgrade, you can refer to the document "Upgrading PicOS® from Version 4.0.0 or Later Using Upgrade Command" for details. We recommend using upgrade2 method to upgrade the NOS as it includes system backup and rollback features. 4.2 Preparation before Upgrading Table 1. Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed. 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build an upgrade environment according to the need. 4 Getting the Required Upgrade Software Obtain the required supported upgrade software. 5 Backing up Important Data All the important data was backed up. 6 Converting Configuration to 4.x before Upgrade (when Upgrade from Version 3.x to 4.x) 4.x configuration is generated from 3.x configuration file. 4.2.1 Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS:~$ version Copyright (C) 2009-2024 Pica8, Inc. =================================== Base ethernet MAC Address : 64:9d:99:d8:fd:07 Hardware Model : S3410-48TS-P PICOS Release/Commit : 4.4.4-s3000/eaf8c6573d PICOS Released Date : 09/14/2024 admin@PICOS:~$ 4.2.2 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2025-10-28", "Hardware ID":"ACD2-F77A-BBA3-2849", "Site Name":"PICA8" } 4.2.3 Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment, the basic requirements are as follows: PC can log in to the device through serial or SSH. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. 4.2.4 Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following webpage for the latest version of upgrade software. https://www.pica8.com/support/ 4.2.5 Backing up Important Data Before upgrading, save the important data, e.g. the configuration file, to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed if needed. 4.2.6 Converting Configuration to 4.x before Upgrade (when Upgrade from Version 3.x to 4.x) NOTE: When upgrade PicOS® from version 3.x to 4.x: When executing the upgrade2 command, no other option is supported except the option image_name. Backup the configuration file before upgrading. The OVS configuration for crossflow before the upgrade will be saved and restored automatically after the upgrade. You cannot do a standard upgrade from 3.x to 4.x. This is because 3.x configuration and 4.x configuration are not compatible, and PicOS® 4.x will not be able to boot with 3.x configuration after the upgrade. In order to upgrade from 3.x to 4.x, follow the procedure below to prepare the 4.x configuration file before upgrade: Create directory /pica/config-4.x/. Contact Pica8 support to convert the 3.x configuration to 4.x configuration in configuration file pica_startup.boot. Copy the 4.x configuration file (converted from 3.x configuration file in step 2) into the directory /pica/config-4.x just created. After upgrading from 3.x to 4.x and after rebooting, PicOS® 4.x will look for the 4.x configuration in /pica/config-4.x. After completing these steps, the 4.x configuration file is ready and you can continue with the upgrade process. If these steps are not performed before upgrade, the system will load the default configuration file of 4.x and the 3.x configuration will not be loaded after upgrade. However, if this happens unexpectly, you can also remedy by loading the 4. x configuration file after upgrade, follow the steps below: Copy the 4.x configuration file pica_startup.boot (already converted from 3.x configuration file) into the directory /pica/config/. Run the load override command to load 4. x configuration. admin@PICOS# load override /pica/config/pica_startup.boot admin@PICOS# Loading config file... Config file was loaded successfully. Upgrading Notes 4.3 Upgrading Notes This upgrade2 guide only applies to PicOS® upgrade from version 4.0.0 or the later versions. When using upgrade2 to upgrade PicOS®, you should make sure the “PicOS®2” partition exists. When using upgrade2 to upgrade PicOS®, you should make sure the partition type is GPT. When using upgrade2 to upgrade PicOS®, you should make sure that ONIE is pre-loaded. License check is performed for upgrade: If PicOS® has a license installed before the upgrade, the license will be copied and activated after the upgrade. Please check this section for the PICOS Licenses. If there is no license installed prior to upgrade, upgrade2 process can proceed but only the first four ports and the first two uplink ports (if exist) on the newly upgraded system can be used. If the license has expired, it is not allowed to upgrade a major release (e.g. 4.1 to 4.2). However, it will not affect upgrading to a minor release (e.g. 4.1.1 to 4.1.2). You can log in to a device through its console port or using SSH. After successful login, you can run commands on the command line interface (CLI) to upgrade the device. When using FTP/TFTP to download the image, user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image might be modified during download, and the upgrade will fail during the MD5 check. The image is platform dependent, that is, the image should be consistent with the platform, otherwise the upgrade script will abort. An upgrage2.log file in /cftmp directory will be created which will contain all the logs related to the upgrade2 process. All X86 platforms share one installation and upgrade package with the name fixed as: onie-installer-picos-VERSION-x86.bin, where VERSION is the release version. X86 platform are listed below: FS N9550-32D FS N8550-64C FS N5850-48S6Q FS N8550-48B8C FS N8550-32C Edgecore AS4630-54PE Edgecore AS5712-54X Edgecore AS5812-54T Edgecore AS5812-54X Edgecore AS7312-54X Edgecore AS7326-56X Edgecore AS7712-32X Edgecore AS7726-32X Edgecore AS7816-64X Edgecore AS5835-54X Edgecore AS9716-32D DELL N3248P-ON DELL N3248PXE-ON DELL N3224PX-ON DELL N3248X-ON DELL S4048-ON DELL S4148F-ON DELL S4148T-ON DELL S4128F-ON DELL S5224F-ON DELL S5296F-ON DELL S5212F-ON DELL S5248F-ON DELL Z9100-ON DELL Z9264F-ON DELL N3224T-ON DELL S4128T-ON In previous 4.x.x versions, PICOS allows the configuration of route leaking by importing BGP IPv4 routes from one user-defined VRF into another user-defined VRF, for example: set protocols bgp vrf vrf1 local-as 1 set protocols bgp vrf vrf1 ipv4-unicast import vrf vrf2 set protocols bgp vrf vrf2 local-as 2 That will cause configuration from PicOS® CLI is not consistent with FRR configuration. Specifically, FRR will add "set protocols bgp local-as 1" (local as number is same as the value in vrf1) to its configuration automatically, which is not in PicOS® CLI. From version 4.4.0, if "set protocols bgp local-as 1" is not configured, the above configurations are not allowed. Based on the above reasons, users are required to manually add the command "set protocols bgp local-as 1" (local as number is same as the value in vrf1) before the upgrade, if there's above configuration exists in the pre-upgrade version, thus to ensure that the configuration can be loaded successfully after the upgrade. 4.4 Usage of Upgrade2 Command admin@PICOS:~$ sudo upgrade2 USAGE Upgrade system with local new image SYNOPSIS upgrade2 [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default admin@PICOS:~$ For PicOS® go2cli version, users can run the upgrade2 command under CLI operational mode or configuration mode: admin@PICOS> upgrade2 image-file xx.bin Possible completions: <[Enter]> Execute this command backup-file Specify a user defined backup list(*.lst) factory-default Recovery configuration to factory default use-prev-config Use previous configuration, and syslog trace admin@PICOS# run upgrade2 image-file xx.bin Possible completions: <[Enter]> Execute this command backup-file Specify a user defined backup list(*.lst) factory-default Recovery configuration to factory default use-prev-config Use previous configuration, and syslog trace PicOS® upgrade is done via the command "upgrade2" in bash (launching a shell script named "upgrade2.sh"). This script will upgrade the image and backup configuration files automatically. Image name is in the form of .bin, which should be copied to the /cftmp directory before running upgrade2 command. The option factory-default is used to reset the configuration to factory default when performing upgrade, but it retains the license files from the previous version. If you want to use the old configuration file in the new version, you can add the use-prev-config option when issuing upgrade2 command. The usage of option use-prev-config is described in the section Usage of Use-prev-config Option. If you want to backup a file during upgrade, use backup-file=(*.lst) option to define your own backup file list. The usage of backup-file=(*.lst) option is described in the section Usage of Backup-file=(*.lst) Option. 4.4.1 Usage of use-prev-config Option The main function of use-prev-config option is to decide whether to load the previous configuration file after a system reboot when performing upgrade2 or rollback to another version. If there is a command line in the old version configuration file that is not supported in the new system, with use-prev-config option that command will be skipped and continue loading the remaining configuration. By default, upgrade2 or rollback is performed without use-prev-config option. The following table describes the usage of use-prev-config option when performing upgrade2 or rollback. upgrade2 (From old version to new version) rollback (From current version to old version) with use-prev-config 1. Load the configuration file of old version after system reboot. 2. If there is a command line in the old version configuration file that is not supported in the new system, skip it and continue loading the remaining configuration. 1. Load the configuration file of current version after system reboot. 2. If there is a command line in the current configuration file that is not supported in the old system, skip it and continue loading the remaining configuration. without use-prev-config 1. Load the configuration file of old version after reboot. 2. If there is a command in the old version configuration file that is not supported in the new system, load default configuration file. Load the old version configuration file after rebooting. 4.4.2 Usage of Backup-file=(*.lst) Option During the upgrade process, the switch can automatically back up the following files in the following directories from the previous PicOS® system: /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/resolv.conf ./etc/network/interfaces /etc/picos/picos_start.conf /etc/picos/switch-public.key /etc/picos/pica.lic /pica/config/pica_startup.boot /pica/config/pica.conf.01 /pica/config/pica.conf.02 /pica/config/pica.conf.03 /pica/config/pica.conf.04 /pica/config/pica.conf.05 /ovs/ovs-vswitchd.conf.db /ovs/function.conf.db /ovs/config/meters /ovs/config/groups /ovs/config/flows /ovs/var/lib/openvswitch/pki/ /var/log/report_diag.log /var/log/report_diag.log.1 /var/log/report_diag.log.2 /var/log/report_diag.log.3 /var/log/report_diag.log.4 /var/log/report_diag.log.5 /cftmp/upgrade.log /cftmp/upgrade2.log /cftmp/auto/ If you want to save user files that are not in the above default backup file list, you need to first create or specify a .lst file and then add all those files that need to be backed up to this .lst file. You can use the backup-file=(*.lst) option to achieve this, where (*.lst) is the user created file with .lst format or specify the file path to this file, for example: admin@PICOS:~$ sudo upgrade2 backup-file=/admin/back_files.lst onie-installer-picos-as7312_54x-4.0.1-cc8d268.bin For example, if you want to backup /home/admin/a.txt file during the process, then add /home/admin/a.txt to back_files.lst. In this example, back_files.lst is a user created file. The user has already added the file to back_files.lst that needs to be saved in the event of power off. admin@PICOS:~$ sudo upgrade2 backup-file=/admin/back_files.lst onie-installer-picos-as7312_54x-4.0.1-cc8d268.bin The above operations ensure that user can backup their important files with backup-file=(*.lst) option during the upgrade process. 4.5 Upgrade Procedure The upgrading procedure in this document gives an example of upgrading from PicOS® 4.0.0 to 4.0.1 using upgrade2 command on AS7312_54X switch. Step1 Copy the upgrade package (in the form of .bin) and the MD5 file to /cftmp directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-as7312_54x-4.0.1-cc8d268.bin /cftmp admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-as7312_54x-4.0.1-cc8d268.bin.md5 /cftmp NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@Xorplus:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-as7312_54x-4.0.1-cc8d268.bin /cftmp admin@Xorplus:~$sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-as7312_54x-4.0.1-cc8d268.bin.md5 /cftmp If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. For PicOS® go2cli version, users can run the scp command under CLI operational mode or configuration mode: Φ Download a file: file scp get remote-file [local-file local-file-path] ip-address : [vrf ] Φ Upload a file: file scp put local-file [remote-file ] ip-address : [vrf ] Step2 Execute the sync operation. admin@PICOS:~$ sync Step3 Change directory to /cftmp. admin@PICOS:~$ cd /cftmp Step4 Run upgrade2 command to begin upgrading. admin@PICOS:~$ sudo upgrade2 onie-installer-picos-as7312_54x-4.0.1-cc8d268.bin After finishing upgrade, the switch will reboot automatically, the system will come up running the new network operating system. NOTE: For PicOS® go2cli version, users can run the upgrade2 command under CLI operational mode or configuration mode. It will take 20-30 minutes to finish upgrading PicOS®. During the upgrade process, please be patient and do not perform any operation until the upgrade is complete, otherwise, the upgrade may be interrupted. 4.6 Rollback Procedure The upgrade2 method supports system rollback function. The "nos-rollback" command can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. NOTE: Usage of nos-rollback command: admin@Xorplus:~$ sudo nos-rollback USAGE Rollback to the previous system after next reboot SYNOPSIS nos-rollback [use-prev-config] DESCRIPTION use-prev-config - Use previous config, and syslog trace For details about the usage of use-prev-config, please refer to Usage of Use-prev-config Option. The rollback procedure is as follows: Step1 Run nos-rollback command for manually rollback. admin@PICOS:~$ sudo nos-rollback USAGE Rollback to the previous system after next reboot SYNOPSIS nos-rollback Checking prerequisites Attribute of current system [OK] Will switch from PICOS-4.4.5GA to the other system! Do you want to continue?[y/N]?y Updating default boot option Modify default boot option [OK] Rollback to the other system successful! Please reboot to enter the other system! admin@PICOS:~$ Step2 Reboot system manually to finish rollback. admin@Xorplus:~$ sudo reboot You need to manually run reboot command to reboot the system after you have issued "nos-rollback" command. After rebooting successfully, the system will come up running the previous version of network operating system. 4.7 Verifying Version after Upgrade admin@PICOS:~$ version Copyright (C) 2009-2024 Pica8, Inc. =================================== Base ethernet MAC Address : d4:31:27:c9:e4:51 Hardware Model : S5860-48MG-U Linux System Version/Revision : 4.4.5GA/7f06432992 Linux System Released Date : 10/14/2024 L2/L3 Version/Revision : 4.4.5GA/7f06432992 L2/L3 Released Date : 10/14/2024 OVS/OF Version/Revision : 4.4.5GA/7f06432992 OVS/OF Released Date : 10/14/2024 4.8 Appendix: Troubleshooting Installation/Upgrade Failure on AS7326-56X Installation or upgrade failure (for example, the switches cannot boot up after install) may occur on the old AS7326-56X hardware models (revision is R01F and before). When booting PicOS® on AS7326-56X and detect hardware rev R01F, the system will log a warning message to prompt the hardware revision R01F is a pre-production hardware reversion: "This hardware revision R01F is a pre-production hardware rev, PicOS® has applied a work around to work with PicOS®. Support will be provided on a best effort basis". To work around the issue, first we need to check the “Label Revision”. If it is an old hardware model (revision is R01F or before), then, we can perform the following provided solution after installation/upgrade to solve the problem. 4.8.1 Check Label Revision Under ONIE prompt, run “onie_syseeprom” to get the “Label Revision”. ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 166 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 04/27/2019 02:10:06 Label Revision 0x27 4 R01B Platform Name 0x28 27 x86_64-accton_as7326_56x-r0 ONIE Version 0x29 13 2018.05.00.05 Manufacturer 0x2B 6 Accton Diag Version 0x2E 7 0.0.1.0 Base MAC Address 0x24 6 80:A2:35:81:D5:F0 Serial Number 0x23 14 732656X1916012 Country Code 0x2C 2 TW Part Number 0x22 13 FP4ZZ7656005A Product Name 0x21 15 7326-56X-O-AC-F MAC Addresses 0x2A 2 256 Vendor Name 0x2D 6 Accton CRC-32 0xFE 4 0xC3D3F2DE Checksum is valid. ONIE:/ # 4.8.2 Solution You can follow the steps below after installation/upgrade, to fix the problem of installation and upgrade failure on the old AS7326-56X hardware model (revision R01F or before). Step1 Power cycle the switch. Step2 From the GRUB menu, choose “ONIE” to enter ONIE GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. Step3 From ONIE GRUB menu, choose “ONIE: Rescue” to launch ONIE in Rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ | ONIE: Install OS | |*ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step4 Press Enter to display the ONIE prompt. Step5 Mount PicOS® partition with label is “PicOS®”. ONIE:/ # blkid /dev/sda7: LABEL="User-Data" UUID="be63cef8-4560-4c48-ab5a-8f7ced5a950b" /dev/sda6: LABEL="PicOS2" UUID="f589e53f-4cd1-44ba-8384-f339f4e2b2ac" /dev/sda5: LABEL="PicOS" UUID="8ca5f7ed-5a15-4a2a-944c-4d8872647bf5" /dev/sda4: LABEL="PICOS-GRUB" UUID="782a1372-4b66-4783-b920-dab1df8ec6e4" /dev/sda3: LABEL="ACCTON-DIAG" UUID="3e4117d0-1926-472a-9d9e-08883df83d40" /dev/sda2: LABEL="ONIE-BOOT" UUID="1a90abd8-f065-4f7a-90a0-af122b8805fa" ONIE:/ # ONIE:/ # mount /dev/sda5 /mnt Step6 Execute the following command to modify the I2C access address. ONIE:/ # sed -I "s/0x57/0x56/" /mnt/etc/rc_hw.sh ONIE:/ # sync Step7 Unmount the PicOS® partition. ONIE:/ # unmount /dev/sda5 Step8 Reboot the switch. ONIE:/ # reboot 5. Installing Debian Packages on PicOS® PicOS® uses a standard and non-modified Debian Linux distribution. It is very easy to install new packages or software on top of the existing PicOS® packages, using the standard Debian package management system. Here are some installation examples. 5.1 Installing GCC on PicOS® NOTE: If the FTP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the apt-get command when executing the apt-get operation. For example: admin@Xorplus:~$ sudo ip vrf exec mgmt-vrf apt-get update If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF configuration guide. Updating the software list on the source server admin@XorPlus$sudo apt-get update Hit http://ftp.tw.debian.org stable Release.gpg Hit http://ftp.tw.debian.org stable Release Hit http://ftp.tw.debian.org stable/main powerpc Packages Hit http://ftp.tw.debian.org stable/main Translation-en Reading package lists... Done admin@XorPlus$ Installing new software admin@XorPlus$sudo apt-get install make Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: make-doc The following NEW packages will be installed: make 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 399 kB of archives. After this operation, 1165 kB of additional disk space will be used. WARNING: The following packages cannot be authenticated! make Authentication warning overridden. Get:1 http://ftp.tw.debian.org/debian/ stable/main make powerpc 3.81-8.2 [399 kB] Fetched 399 kB in 6s (64.1 kB/s) Selecting previously unselected package make. (Reading database ... 16155 files and directories currently installed.) Unpacking make (from .../make_3.81-8.2_powerpc.deb) ... Processing triggers for man-db ... fopen: Permission denied Setting up make (3.81-8.2) ... admin@XorPlus$ admin@XorPlus$sudo apt-get install python Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: file libexpat1 libmagic1 mime-support python-minimal python2.7 python2.7-minimal Suggested packages: python-doc python-tk python2.7-doc binutils binfmt-support The following NEW packages will be installed: file libexpat1 libmagic1 mime-support python python-minimal python2.7 python2.7-minimal 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. Need to get 5045 kB of archives. After this operation, 18.3 MB of additional disk space will be used. Do you want to continue [Y/n]? Y WARNING: The following packages cannot be authenticated! libmagic1 libexpat1 file mime-support python2.7-minimal python2.7 python-minimal python Authentication warning overridden. Get:1 http://ftp.tw.debian.org/debian/ stable/main libmagic1 powerpc 5.11-2 [201 kB] Get:2 http://ftp.tw.debian.org/debian/ stable/main libexpat1 powerpc 2.1.0-1 [142 kB] Get:3 http://ftp.tw.debian.org/debian/ stable/main file powerpc 5.11-2 [51.7 kB] Get:4 http://ftp.tw.debian.org/debian/ stable/main mime-support all 3.52-1 [35.5 kB] Get:5 http://ftp.tw.debian.org/debian/ stable/main python2.7-minimal powerpc 2.7.3-6 [1753 kB] Get:6 http://ftp.tw.debian.org/debian/ stable/main python2.7 powerpc 2.7.3-6 [2639 kB] Get:7 http://ftp.tw.debian.org/debian/ stable/main python-minimal all 2.7.3-4 [42.6 kB] Get:8 http://ftp.tw.debian.org/debian/ stable/main python all 2.7.3-4 [180 kB] Fetched 5045 kB in 18s (267 kB/s) Selecting previously unselected package libmagic1:powerpc. (Reading database ... 16189 files and directories currently installed.) Unpacking libmagic1:powerpc (from .../libmagic1_5.11-2_powerpc.deb) ... Selecting previously unselected package libexpat1:powerpc. Unpacking libexpat1:powerpc (from .../libexpat1_2.1.0-1_powerpc.deb) ... Selecting previously unselected package file. Unpacking file (from .../file_5.11-2_powerpc.deb) ... Selecting previously unselected package mime-support. Unpacking mime-support (from .../mime-support_3.52-1_all.deb) ... Selecting previously unselected package python2.7-minimal. Unpacking python2.7-minimal (from .../python2.7-minimal_2.7.3-6_powerpc.deb) ... Selecting previously unselected package python2.7. Unpacking python2.7 (from .../python2.7_2.7.3-6_powerpc.deb) ... Selecting previously unselected package python-minimal. Unpacking python-minimal (from .../python-minimal_2.7.3-4_all.deb) ... Selecting previously unselected package python. Unpacking python (from .../python_2.7.3-4_all.deb) ... Processing triggers for man-db ... fopen: Permission denied Setting up libmagic1:powerpc (5.11-2) ... Setting up libexpat1:powerpc (2.1.0-1) ... Setting up file (5.11-2) ... Setting up mime-support (3.52-1) ... Setting up python2.7-minimal (2.7.3-6) ... Linking and byte-compiling packages for runtime python2.7... Setting up python2.7 (2.7.3-6) ... Setting up python-minimal (2.7.3-4) ... Setting up python (2.7.3-4) ... admin@XorPlus$ admin@XorPlus$sudo apt-get install g++ Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: g+-4.6 libstdc+6-4.6-dev Suggested packages: g+-multilib g-4.6-multilib gcc-4.6-doc libstdc6-4.6-dbg libstdc+6-4.6-doc The following NEW packages will be installed: g++ g+-4.6 libstdc+6-4.6-dev 0 upgraded, 3 newly installed, 0 to remove and 17 not upgraded. Need to get 0 B/8383 kB of archives. After this operation, 24.4 MB of additional disk space will be used. Do you want to continue [Y/n]? Y WARNING: The following packages cannot be authenticated! libstdc+6-4.6-dev g-4.6 g+ Authentication warning overridden. Selecting previously unselected package libstdc++6-4.6-dev. (Reading database ... 19555 files and directories currently installed.) Unpacking libstdc+6-4.6-dev (from .../libstdc+6-4.6-dev_4.6.3-14_powerpc.deb) ... Selecting previously unselected package g++-4.6. Unpacking g+-4.6 (from .../g+-4.6_4.6.3-14_powerpc.deb) ... Selecting previously unselected package g++. Unpacking g++ (from .../g++_4%3a4.6.3-8_powerpc.deb) ... Processing triggers for man-db ... Setting up libstdc++6-4.6-dev (4.6.3-14) ... Setting up g++-4.6 (4.6.3-14) ... Setting up g++ (4:4.6.3-8) ... update-alternatives: using /usr/bin/g++ to provide /usr/bin/c++ (c++) in auto mode admin@XorPlus$ 5.2 Installing Puppet on PicOS® NOTE: You can see an example of Puppet module to manipulate PicOS® configuration on our Github repository: https://github.com/Pica8/Configuration-Managers If the FTP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the apt-get command when executing the apt-get operation. For example: admin@Xorplus:~$ sudo ip vrf exec mgmt-vrf apt-get update If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF configuration guide. Step1 Use the correct repository for the specific application and CPU on the switch. Pica8 support can help in the choice of repository. admin@PICOS:~$sudo more /etc/apt/sources.list | grep -v "#" deb http://ftp.debian-ports.org/debian/ unstable main For a typical puppet installation, the latest standard debian repo is advised. Step2 Update the debian packages on PicOS®. admin@PICOS:~$ sudo apt-get update Hit http://ftp.tw.debian.org stable Release.gpg Hit http://ftp.tw.debian.org stable Release Hit http://ftp.tw.debian.org stable/main powerpc Packages Hit http://ftp.tw.debian.org stable/main Translation-en Reading package lists... Done admin@PICOS:~$ Step3 Install puppet client and configure it. admin@PICOS:~$ sudo apt-get install puppet Look at the puppet documentation to understand how to connect the puppet client to a puppet server. A simple installation would require at least minor modification on the puppet.conf file. more /etc/puppet/puppet.conf [agent] server = master.local.pica8.com Step4 Verify Puppet installation. admin@PICOS:~$ sudo puppet agent -t Notice: Using less secure serialization of reports and query parameters for compatibility Notice: with older puppet master. To remove this notice, please upgrade your master(s) Notice: to Puppet 3.3 or newer. Notice: See http://links.puppetlabs.com/deprecate_yaml_on_network for more information. Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb Info: Loading facts in /var/lib/puppet/lib/facter/instance_id.rb Info: Caching catalog for Roma Info: Applying configuration version '1405148228' Notice: Finished catalog run in 0.35 seconds 5.3 Installing Salt on PicOS® NOTE: You can see an example of Salt module to manipulate PicOS® configuration on our Github repository: https://github.com/pica8/Configuration-Managers If the FTP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the apt-get command when executing the apt-get operation. For example: admin@Xorplus:~$ sudo ip vrf exec mgmt-vrf apt-get update If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF configuration guide. Step1 Use the correct repository for the specific application and CPU on the switch. Pica8 support can help in the choice of repository. admin@PICOS:~$ sudo more /etc/apt/sources.list | grep -v "#" deb http://ftp.debian-ports.org/debian/ unstable main For a typical salt installation, the latest standard debian repo is advised. Step2 Update the debian packages on PicOS® admin@PICOS:~$ sudo apt-get update Hit http://ftp.tw.debian.org stable Release.gpg Hit http://ftp.tw.debian.org stable Release Hit http://ftp.tw.debian.org stable/main powerpc Packages Hit http://ftp.tw.debian.org stable/main Translation-en Reading package lists... Done admin@PICOS:~$ Step3 Install salt-common and salt-minion and configure it admin@PICOS:~$ sudo apt-get install salt-common admin@PICOS:~$ sudo apt-get install salt-minion Look at the salt documentation to understand how to connect the salt-minion to a salt-master. A simple installation would need at least minor modification on the minion configuration file. more /etc/salt/minion # Set the location of the salt master server, if the master server cannot be # resolved, then the minion will fail to start. master: salt.example.com 6. PicOS® Installation and Upgrade Guide for FS S5810 Series, S3410 Series, S5860 Series and N8560-32C Switches 6.1 Upgrading PicOS® for FS S5810/S5860 Series Switches Using Upgrade Command (Login via Console Port) NOTE: This guide is only available for upgrading PicOS® for FS S5810/S5860 Series switches when login via the console port. 6.1.1 Preparation before Upgrading Table 1 Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build a different upgrade environment to get the upgrade software according to the need 4 Getting the Required Upgrade Software Obtain the required supporting upgrade software 5 Backing up Important Data in Flash All the important data in Flash is backed up 6 Checking Available Flash Space Flash space is enough to save upgrading package and other files Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS:~$ version Copyright (C) 2009-2023 Pica8, Inc. =================================== Base ethernet MAC Address : 64:9d:99:d7:7d:23 Hardware Model : S5810-48TS-P Linux System Version/Revision : 4.3.3.1/4f6f523 Linux System Released Date : 12/10/2023 L2/L3 Version/Revision : 4.3.3.1/4f6f523 L2/L3 Released Date : 12/10/2023 OVS/OF Version/Revision : 4.3.3.1/4f6f523 OVS/OF Released Date : 12/10/2023 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2020-10-28", "Hardware ID":"ACD2-F77A-BBA3-2849", "Site Name":"PICA8" } Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment to get the upgrade software, the basic requirements are as follows: PC can log in to the device through serial. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following website for the latest version of upgrade software. http://www.pica8.com/support/customer Backing up Important Data in Flash Before upgrading, save the important data (such as the configuration file) in Flash to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed. Where is the PicOS® configuration? OVSDB file L2/L3 Configuration Files Checking Available Flash Space Use the df command to check the available flash space. admin@PICOS:~$ df Filesystem 1K-blocks Used Available Use% Mounted on udev 493028 0 493028 0% /dev overlay 358904 57528 301376 17% / tmpfs 512720 0 512720 0% /dev/shm tmpfs 205088 3256 201832 2% /run tmpfs 5120 0 5120 0% /run/lock tmpfs 51200 292 50908 1% /tmp /dev/ubi1_0 402660 208320 189500 53% /mnt/open 6.1.2 Upgrading Notes The device is not supported to upgrade to a previous version. When using FTP/TFTP to download the image, user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image can be modified during download, and the upgrade will fail during the md5 check. The image is platform dependent, that is, the image_name should be consistent with the platform, otherwise the upgrade script will abort. The image file is a .bin file, for example S5810-48TS-P-picos-e-4.4.3.2-2f6f578-fs.bin. When upgrading, the installer checks whether there is a user-data partition. If there exists a User-Data partition, the installer only rewrites the running system boot partition (PicOS®/ PicOS®2) and installs the new installation package to this partition. However, if there is no User-Data partition, the installer removes all the partitions to rebuild a brand new NOS. Upgrade operation via upgrade commands is not allowed on non-default system, you can upgrade PicOS® only on default system. When there are more than one PicOS®, the default system is the one automatically booted into after system reboot. During the upgrade process, no power interruption is allowed. 6.1.3 Upgrading Procedure NOTE: Usage of upgrade command: admin@PicOS®:~$ sudo upgrade USAGE Upgrade system with local new image SYNOPSIS upgrade [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default PicOS® upgrade is done via the command "upgrade" in bash (launching a shell script named "upgrade.sh"). This script will upgrade the image automatically. The file format of the upgrade package is *.bin. If there is an MD5 file in the /cftmp directory, the upgrade script will check package integrity with MD5. Else if there is no MD5 file in the /cftmp directory, then skip the MD5 check step. The option factory-default is used to reset the configuration to factory default when performing upgrade. This option retains the license files from the previous version. The upgrading procedure in this document gives an example of upgrading on S5810-48TS-P from PicOS® 4.4.3.1 to 4.4.3.2. Step1 Stop PicOS® service before upgrade. On FS S5810 Series and S5860 Series switches, use the following command: admin@PICOS:~$ sudo systemctl stop picos Step2 Copy the upgrade package (in the form of .bin) and the MD5 file to /cftmp directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/s5810/S5810-48TS-P-picos-e-4.4.3.2-2f6f578-fs.bin /cftmp admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/s5810/S5810-48TS-P-picos-e-4.4.3.2-2f6f578-fs.bin.md5 /cftmp NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@PicOS®:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/s5810/S5810-48TS-P-picos-e-4.4.3.2-2f6f578-fs.bin /cftmp admin@PicOS®:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/s5810/S5810-48TS-P-picos-e-4.4.3.2-2f6f578-fs.bin.md5 /cftmp If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. Step3 Execute the sync operation. admin@PICOS:~$ sync Step4 Change directory to /cftmp. admin@PICOS:~$ cd /cftmp Step5 Run the upgrade command. admin@PICOS:~$ sudo upgrade S5810-48TS-P-picos-e-4.4.3.2-2f6f578-fs.bin After the upgrade is complete, the system will automatically reboot and run the new network operating system. 6.1.4 Verifying Version after Upgrading admin@PICOS:~$ version Copyright (C) 2009-2023 Pica8, Inc. =================================== Base ethernet MAC Address : 64:9d:99:d7:7d:23 Hardware Model : S5810-48TS-P Linux System Version/Revision : 4.4.3.2/2f6f578 Linux System Released Date : 12/15/2023 L2/L3 Version/Revision : 4.4.3.2/2f6f578 L2/L3 Released Date : 12/15/2023 OVS/OF Version/Revision : 4.4.3.2/2f6f578 OVS/OF Released Date : 12/15/2023 6.2 Upgrading PicOS® by Using Upgrade2 for S5860 Series and S3410 Series Switches (Login via Console Port) NOTE: This guide is only available for upgrading PicOS® for FS S5860 Series and S3410 Series switches when login via the console port. The S3410 Series switches only support upgrade via the upgrade2 method. S5810 Series switches only support the upgrade method and do not support the upgrade2 method. 6.2.1 Introduction PicOS® supports upgrade2 method for system upgrade. There will be two separate systems on the device after the upgrade2 operation: PicOS® and PicOS®2. One of them will be the running system and the other will stay inactive. PicOS® and PicOS®2 system files and their respective configuration files are located in /mnt/open/picos/ of the flash. A list and brief description of these files is as follows. * uImage1.itb * picos1.sqsh * config1/backup_files //User-defined backup files list * config1/backup.tar.gz //Backup of latest.tar.gz * config1/latest.tar.gz //The newest configuration files * uImage2.itb * picos2.sqsh * config2/backup_files * config2/backup.tar.gz * config2/latest.tar.gz The upgrade2 installer installs the new system into the inactive system’s file. The inactive system will be overwritten. After this operation, the new system is the inactive system and then the installer modifies the boot menu to make the newly installed system to be the default boot system. Finally, the system will come up running the new network operating system when boots up normally after the upgrading is finished,. Upgrade2 method supports system rollback function. The "nos-rollback" command can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. This can reduce the network interruption risk due to the failure of system upgrade process and ensure the systems’ continuous availability. You can refer to section "Rollback Procedure" for details. We recommend using upgrade2 method to upgrade the NOS as there are functions of system backup and rollback. 6.2.2 Preparation before Upgrading Table 1. Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed. 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build an upgrade environment to get the upgrade software according to the need. 4 Getting the Required Upgrade Software Obtain the required supporting upgrade software. 5 Backing up Important Data in Flash All the important data in Flash is backed up. Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS# run show version Copyright (C) 2009-2023 Pica8, Inc. =================================== Base ethernet MAC Address : 64:9d:99:d2:04:53 Hardware Model : S5860-24XB-U Linux System Version/Revision : 4.3.3.2/4b5f523 Linux System Released Date : 12/14/2023 L2/L3 Version/Revision : 4.3.3.2/4b5f523 L2/L3 Released Date : 12/14/2023 OVS/OF Version/Revision : 4.3.3.2/4b5f523 OVS/OF Released Date : 12/14/2023 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2020-10-28", "Hardware ID":"ACD2-F77A-BBA3-2849", "Site Name":"PICA8" } Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment to get the upgrade software, the basic requirements are as follows: PC can log in to the device through serial. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following website for the latest version of upgrade software. http://www.pica8.com/support/customer Backing up Important Data in Flash Before upgrading, save the important data in Flash to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed. 6.2.3 Upgrading Notes Downgrade to an earlier version is NOT supported by using upgrade2 command. When using FTP/TFTP to download the image, user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image can be modified during download, and the upgrade will fail during the md5 check. The image file is a .bin file, for example S5860-24XB-U-picos-e-4.4.3.2-2f6f578-fs.bin. The image is platform dependent, that is, the image_name should be consistent with the platform, otherwise the upgrade script will abort. 6.2.4 Upgrading Procedure The upgrading procedure in this document gives an example of upgrading on S5860-24XB-U from PicOS® 3.1.0 to 3.1.1 using upgrade2 command. NOTE: Usage of upgrade2 command: USAGE Upgrade system with local new image SYNOPSIS upgrade2 [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default PICOS upgrade is done via the command "upgrade2" in bash (launching a shell script named "upgrade2.sh"). This script will upgrade the image and back up configuration files automatically. Image name is in the form of .bin from version 3.1.0, which should be copied to the /cftmp directory before running upgrade2 command. The no-md5-check option is removed from PicOS® 3.1.0. If there is an MD5 file in the /cftmp directory, the upgrade script will check package integrity with MD5. Else if there is no MD5 file in the /cftmp directory, then skip the MD5 check step. The option factory-default is used to reset the configuration to factory default when performing upgrade, but it retains the license files from the previous version. Upgrade2 Procedure Step1 Stop PicOS® service before upgrade. On FS S5810 Series and S5860 Series switches, use the following command: admin@PICOS:~$ sudo systemctl stop picos On S3410 Series switches, use the following command: admin@PICOS:~$ sudo /etc/init.d/picos stop Step2 Copy the upgrade package (in the form of .bin) and the MD5 file to /cftmp directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/S5860-24XB-U/S5860-24XB-U-picos-e-4.4.3.2-2f6f578-fs.bin /cftmp admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/S5860-24XB-U/S5860-24XB-U-picos-e-4.4.3.2-2f6f578-fs.bin.md5 /cftmp NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@PicOS®:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/4.4.3.2/S5860-24XB-U/S5860-24XB-U-picos-e-4.4.3.2-2f6f578-fs.bin /cftmp admin@PicOS®:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/4.4.3.2/S5860-24XB-U/S5860-24XB-U-picos-e-4.4.3.2-2f6f578-fs.bin.md5 /cftmp If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. Step3 Execute the sync operation. admin@PICOS:~$ sync Step4 Change directory to /cftmp. admin@PICOS:~$ cd /cftmp Step5 Run upgrade2 command to begin upgrading. admin@PICOS:~$ sudo upgrade2 S5860-24XB-U-picos-e-4.4.3.2-2f6f578-fs.bin After finishing upgrade, the switch will reboot automatically, the system will come up running the new network operating system. NOTE: It will take 20-30 minutes to finish upgrading PicOS®. During the upgrade process, please be patient and do not perform any operation until the upgrade is complete, otherwise, the upgrade may be interrupted. 6.2.5 Rollback Procedure The upgrade2 method supports system rollback function. The "nos-rollback" command can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. NOTE: Usage of nos-rollback command: admin@PicOS®:~$ sudo nos-rollback USAGE Rollback to the previous system after next reboot SYNOPSIS nos-rollback The rollback procedure is as follows: Step1 Run nos-rollback command for manually rollback. admin@PICOS:~$ sudo nos-rollback Step2 Reboot system manually to finish rollback. admin@PICOS:~$ sudo reboot You need to manually reboot the system after issued "nos-rollback" command and the system switching takes effect. After rebooting successfully, the system will come up running the previous version of network operating system. 6.2.6 Verifying Version after Upgrading admin@PICOS# run show version Copyright (C) 2009-2023 Pica8, Inc. =================================== Base ethernet MAC Address : 64:9d:99:d2:04:53 Hardware Model : S5860-24XB-U Linux System Version/Revision : 4.3.3.3/4c5a643 Linux System Released Date : 12/26/2023 L2/L3 Version/Revision : 4.3.3.3/4c5a643 L2/L3 Released Date : 12/26/2023 OVS/OF Version/Revision : 4.3.3.3/4c5a643 OVS/OF Released Date : 12/26/2023 6.3 Installing PicOS® for FS S5810/S5860 Series and N8560-32C Switches NOTE: N8560-32C uses the Rboot method for installation described in this guide, while upgrade still uses the ONIE method, please refer to "Upgrading PicOS® from Version 3.0 or Later Using Upgrade2" and "Upgrading PicOS® from Version 4.0.0 or Later Using Upgrade Command" for details on the upgrade process. The installation package name for N8560-32C includes the suffix '-rboot', for example, N8560_picos-4.4.5-9bca0916a3-rboot.bin. The upgrade package, on the other hand, includes the suffix '-x86', such as picos-4.4.5-9bca0916a3-x86.bin. Caution: When an incorrect installation file is detected, the system will display the error message “Ignore ERRORS? [YES/NO]:”. Users need to enter “no” to prevent the system from using the incorrect installation file for system installation. Do NOT enter “yes”, or the system will proceed with the incorrect installation file, which may cause a system crash. image.png PicOS® system can be installed under the Rboot menu through TFTP protocol for FS S5810 and S5860 Series switches. The following steps describe the installation procedure. Step1 Power off and on to force restarting the switch, then press Ctrl+C to enter Rboot menu. Step2 (Optional) If the TFTP server and the switch are in the different network segment, configure the gateway address first (if they are in the same network segment, no need to do this step). a) Enter 4 in the Rboot menu to access the Scattered utilities menu. image.png b) Enter 7 to set the gateway IP and IP netmask. c) Then, press Ctrl+Z to go back to the Rboot menu. Step3 In Rboot menu, enter 0 to access Tftp utilities menu, and then enter 2 to perform TFTP upgrade. image.png Step4 Use TFTP protocol to download the installation files, and then install PicOS®. a) Configure the TFTP parameters. Local IP is the management interface IP of the switch, Remote IP is the IP of the TFTP server, Filename is the installation image directory and name located on the TFTP server. b) After downloaded the installation image successfully, you need to input Y manually, then the system will automatically start system installation process. image.png Wait a few minutes before the installation process is completed. When Success is displayed, it indicates that the installation process is successfully completed. Step5 Press Ctrl+Z to go back to the Rboot menu, then type 2 to reboot the switch. image.png Then the device reboots and comes up running the new network operating system. Users need to enter the username and password after the system restarts, the initial login username is admin and password is pica8. Then users will be asked to set a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 6.4 Installing PicOS® for FS S3410 Series Switches NOTE: The installation package name for S3410 includes the suffix '-rboot', for example, S3410-PicOS-4.4.5.14-2963b1e57b-rboot.bin. PicOS® system can be installed under the Uboot menu through TFTP protocol for FS S3410 Series switches. The following steps describe the installation procedure. Step1 Power off and on to force restarting the switch, then press Ctrl+C to enter Uboot menu. Step2 Enter 0 and then 1 in the Uboot menu to perform the installation process. image.png Step3 Use TFTP protocol to download the installation files, and then install PicOS®. a) Configure the TFTP parameters. Local IP is the inband management interface IP of the switch, Remote IP is the IP of the TFTP server, Filename is the installation image directory and name located on the TFTP server. image.png b) After downloaded the installation image successfully, you need to input Y manually, then the system will automatically start system installation process. c) Wait a few minutes before the installation process is completed. When Success is displayed, it indicates that the installation process is successfully completed. Step4 Press Ctrl+Z to go back to the Uboot menu, then type 2 to reboot the switch. image.png Then the device reboots and comes up running the new network operating system. Users need to enter the username and password after the system restarts, the initial login username is admin and password is pica8. Then users will be asked to set a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 6.5 Upgrading PicOS® for FS S5810/S5860 Series Switches Using Upgrade Command (Login via Eth0 or Inband Management Interface) NOTE: This guide is only available for upgrading PicOS® for FS S5810/S5860 Series switches when login via the eth0 or inband management interface, and the supported version should be 4.4.5.7 or later versions before upgrade. During the upgrade process, the user connections and services will be interrupted. This means that users may lose access to the system, and any processes or transactions being handled by the services will be paused until the upgrade is complete. After the upgrade, users will need to reconnect to resume normal operations, and services will be restored. 6.5.1 Preparation before Upgrading Table 1 Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build a different upgrade environment to get the upgrade software according to the need 4 Getting the Required Upgrade Software Obtain the required supporting upgrade software 5 Backing up Important Data in Flash All the important data in Flash is backed up 6 Checking Available Flash Space Flash space is enough to save upgrading package and other files Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS:~$ version Copyright (C) 2009-2024 Pica8, Inc. =================================== Base ethernet MAC Address : 64:9d:99:d7:7d:23 Hardware Model : S5860-48MG-U Linux System Version/Revision : 4.4.5.7/4f6f523 Linux System Released Date : 10/10/2024 L2/L3 Version/Revision : 4.4.5.7/4f6f523 L2/L3 Released Date : 10/10/2024 OVS/OF Version/Revision : 4.4.5.7/4f6f523 OVS/OF Released Date : 10/10/2024 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2020-10-28", "Hardware ID":"ACD2-F77A-BBA3-2849", "Site Name":"PICA8" } Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment to get the upgrade software, the basic requirements are as follows: PC can log in to the device through eth0 or inband management interface. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following website for the latest version of upgrade software. http://www.pica8.com/support/customer Backing up Important Data in Flash Before upgrading, save the important data (such as the configuration file) in Flash to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed. Where is the PicOS® configuration? OVSDB file L2/L3 Configuration Files Checking Available Flash Space Use the df command to check the available flash space. admin@PICOS:~$ df Filesystem 1K-blocks Used Available Use% Mounted on udev 493028 0 493028 0% /dev overlay 358904 57528 301376 17% / tmpfs 512720 0 512720 0% /dev/shm tmpfs 205088 3256 201832 2% /run tmpfs 5120 0 5120 0% /run/lock tmpfs 51200 292 50908 1% /tmp /dev/ubi1_0 402660 208320 189500 53% /mnt/open 6.5.2 Upgrading Notes The device is not supported to upgrade to a previous version. When using FTP/TFTP to download the image, user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image can be modified during download, and the upgrade will fail during the md5 check. The image is platform dependent, that is, the image_name should be consistent with the platform, otherwise the upgrade script will abort. The image file is a .bin file, for example S5810-48TS-P-picos-e-4.4.5.7-2f6f578-fs.bin. Please find the log file related to PicOS® upgrade process at /mnt/open/picos/config2/upgrade.log and /mnt/open/picos/config1/upgrade.log. This log file contains detailed information about the steps performed during the upgrade, including any errors or warnings that occurred. It can be used to troubleshoot issues or verify that the upgrade was completed successfully. When upgrading, the installer checks whether there is a user-data partition. If there exists a User-Data partition, the installer only rewrites the running system boot partition (PicOS®/ PicOS®2) and installs the new installation package to this partition. However, if there is no User-Data partition, the installer removes all the partitions to rebuild a brand new NOS. Upgrade operation via upgrade commands is not allowed on non-default system, you can upgrade PicOS® only on default system. When there are more than one PicOS®, the default system is the one automatically booted into after system reboot. During the upgrade process, power interruption is not allowed. 6.5.3 Upgrading Procedure NOTE: Usage of upgrade command: admin@PicOS®:~$ sudo upgrade USAGE Upgrade system with local new image SYNOPSIS upgrade [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default PicOS® upgrade is done via the command "upgrade" in bash (launching a shell script named "upgrade.sh"). This script will upgrade the image automatically. The file format of the upgrade package is *.bin. If there is an MD5 file in the /cftmp directory, the upgrade script will check package integrity with MD5. Else if there is no MD5 file in the /cftmp directory, then skip the MD5 check step. The option factory-default is used to reset the configuration to factory default when performing upgrade. This option retains the license files from the previous version. The upgrading procedure in this document gives an example of upgrading on S5860-48MG-U from PicOS® 4.4.5.7 to 4.4.5.8. Step1 Copy the upgrade package (in the form of .bin) and the MD5 file to /cftmp directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/s5860/S5860_picos-4.4.5GA-7f06432992.bin /cftmp admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/s5860/S5860_picos-4.4.5GA-7f06432992.bin.md5 /cftmp NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@PicOS®:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/s5860/S5860_picos-4.4.5GA-7f06432992.bin /cftmp admin@PicOS®:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/s5860/S5860_picos-4.4.5GA-7f06432992.bin.md5 /cftmp If sudo ip vrf exec mgmt-vrf is not added, find the next-hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. Step2 Execute the sync operation. admin@PICOS:~$ sync Step3 Change directory to /cftmp. admin@PICOS:~$ cd /cftmp Step4 Run the upgrade command. admin@PICOS:/cftmp$ sudo upgrade S5860_picos-4.4.5GA-7f06432992.bin Upgrading system... The connection may be interrupted. Please wait a moment to complete the upgrading procedure. admin@PICOS:/cftmp$ NOTE: It will take about 5 minutes to finish upgrading PicOS®. During the upgrade process, please be patient and do not perform any operation until the upgrade is complete, otherwise, the upgrade may be interrupted. During the upgrade process, the user connections and services will be interrupted. This means that users may lose access to the system, and any processes or transactions being handled by the services will be paused until the upgrade is complete. Step5 After the upgrade, users will need to reconnect to resume normal operations, and services will be restored. admin@PICOS:~$ ssh admin@10.10.51.54 6.5.4 Verifying Version after Upgrading admin@PICOS:~$ version Copyright (C) 2009-2024 Pica8, Inc. =================================== Base ethernet MAC Address : d4:31:27:c9:e4:51 Hardware Model : S5860-48MG-U Linux System Version/Revision : 4.4.5.8/7f06432992 Linux System Released Date : 10/14/2024 L2/L3 Version/Revision : 4.4.5.8/7f06432992 L2/L3 Released Date : 10/14/2024 OVS/OF Version/Revision : 4.4.5.8/7f06432992 OVS/OF Released Date : 10/14/2024 6.6 Upgrading PicOS® by Using Upgrade2 for S5860 Series and S3410 Series Switches (Login via Eth0 or Inband Management Interface) NOTE: This guide is only available for upgrading PicOS® for FS S5860 Series and S3410 Series switches when login via the eth0 or inband management interface, and the supported version should be 4.4.5.7 or later versions before upgrade. During the upgrade process, the user connections and services will be interrupted. This means that users may lose access to the system, and any processes or transactions being handled by the services will be paused until the upgrade is complete. After the upgrade, users will need to reconnect to resume normal operations, and services will be restored. The S3410 Series switches only support upgrade via the upgrade2 method. S5810 Series switches only support the upgrade method and do not support the upgrade2 method. 6.6.1 Introduction PicOS® supports upgrade2 method for system upgrade. There will be two separate systems on the device after the upgrade2 operation: PicOS® and PicOS®2. One of them will be the running system and the other will stay inactive. PicOS® and PicOS®2 system files and their respective configuration files are located in /mnt/open/picos/ of the flash. A list and brief description of these files is as follows. * uImage1.itb * picos1.sqsh * config1/backup_files //User-defined backup files list * config1/backup.tar.gz //Backup of latest.tar.gz * config1/latest.tar.gz //The newest configuration files * uImage2.itb * picos2.sqsh * config2/backup_files * config2/backup.tar.gz * config2/latest.tar.gz The upgrade2 installer installs the new system into the inactive system’s file. The inactive system will be overwritten. After this operation, the new system is the inactive system and then the installer modifies the boot menu to make the newly installed system to be the default boot system. Finally, the system will come up running the new network operating system when boots up normally after the upgrading is finished,. Upgrade2 method supports system rollback function. The "nos-rollback" command can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. This can reduce the network interruption risk due to the failure of system upgrade process and ensure the systems’ continuous availability. You can refer to section "Rollback Procedure" for details. We recommend using upgrade2 method to upgrade the NOS as there are functions of system backup and rollback. 6.6.2 Preparation before Upgrading Table 1. Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed. 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build an upgrade environment to get the upgrade software according to the need. 4 Getting the Required Upgrade Software Obtain the required supporting upgrade software. 5 Backing up Important Data in Flash All the important data in Flash is backed up. Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS:~$ version Copyright (C) 2009-2024 Pica8, Inc. =================================== Base ethernet MAC Address : 64:9d:99:d7:7d:23 Hardware Model : S5860-48MG-U Linux System Version/Revision : 4.4.5.7/4f6f523 Linux System Released Date : 10/10/2024 L2/L3 Version/Revision : 4.4.5.7/4f6f523 L2/L3 Released Date : 10/10/2024 OVS/OF Version/Revision : 4.4.5.7/4f6f523 OVS/OF Released Date : 10/10/2024 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2020-10-28", "Hardware ID":"ACD2-F77A-BBA3-2849", "Site Name":"PICA8" } Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment to get the upgrade software, the basic requirements are as follows: PC can log in to the device through SSH. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following website for the latest version of upgrade software. http://www.pica8.com/support/customer Backing up Important Data in Flash Before upgrading, save the important data in Flash to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed. 6.6.3 Upgrading Notes Downgrade to an earlier version is NOT supported by using upgrade2 command. When using FTP/TFTP to download the image, user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image can be modified during download, and the upgrade will fail during the md5 check. The image file is a .bin file, for example S5860-24XB-U-picos-e-4.4.5.7-2f6f578-fs.bin. Please find the log file related to PicOS® upgrade process at /mnt/open/picos/config2/upgrade2.log and /mnt/open/picos/config1/upgrade2.log. This log file contains detailed information about the steps performed during the upgrade, including any errors or warnings that occurred. It can be used to troubleshoot issues or verify that the upgrade was completed successfully. The image is platform dependent, that is, the image_name should be consistent with the platform, otherwise the upgrade script will abort. During the upgrade process, power interruption is not allowed. 6.6.4 Upgrading Procedure The upgrading procedure in this document gives an example of upgrading on S5860-48MG-U from 4.4.5.7 to 4.4.5.8 using upgrade2 command. NOTE: Usage of upgrade2 command: USAGE Upgrade system with local new image SYNOPSIS upgrade2 [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default PicOS® upgrade is done via the command "upgrade2" in bash (launching a shell script named "upgrade2.sh"). This script will upgrade the image and back up configuration files automatically. Image name is in the form of .bin from version 3.1.0, which should be copied to the /cftmp directory before running upgrade2 command. The no-md5-check option is removed from PicOS® 3.1.0. If there is an MD5 file in the /cftmp directory, the upgrade script will check package integrity with MD5. Else if there is no MD5 file in the /cftmp directory, then skip the MD5 check step. The option factory-default is used to reset the configuration to factory default when performing upgrade, but it retains the license files from the previous version. Upgrade2 Procedure Step1 Copy the upgrade package (in the form of .bin) and the MD5 file to /cftmp directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/s5860/S5860_picos-4.4.5GA-7f06432992.bin /cftmp admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/s5860/S5860_picos-4.4.5GA-7f06432992.bin.md5 /cftmp NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@PicOS®:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/s5860/S5860_picos-4.4.5GA-7f06432992.bin /cftmp admin@PicOS®:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/s5860/S5860_picos-4.4.5GA-7f06432992.bin.md5 /cftmp If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. Step2 Execute the sync operation. admin@PICOS:~$ sync Step3 Change directory to /cftmp. admin@PICOS:~$ cd /cftmp Step4 Run upgrade2 command to begin upgrading. admin@PICOS:/cftmp$ sudo upgrade2 S5860_picos-4.4.5GA-7f06432992.bin Upgrading system... The connection may be interrupted. Please wait a moment to complete the upgrading procedure. admin@PICOS:/cftmp$ NOTE: It will take about 5 minutes to finish upgrading PicOS®. During the upgrade process, please be patient and do not perform any operation until the upgrade is complete, otherwise, the upgrade may be interrupted. During the upgrade process, the user connections and services will be interrupted. This means that users may lose access to the system, and any processes or transactions being handled by the services will be paused until the upgrade is complete. Step5 After the upgrade, users will need to reconnect to resume normal operations, and services will be restored. admin@PICOS:~$ ssh admin@10.10.51.54 6.6.5 Rollback Procedure The upgrade2 method supports system rollback function. The "nos-rollback" command can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. NOTE: Usage of nos-rollback command: admin@PicOS®:~$ sudo nos-rollback USAGE Rollback to the previous system after next reboot SYNOPSIS nos-rollback The rollback procedure is as follows: Step1 Run nos-rollback command for manually rollback. admin@PICOS:~$ sudo nos-rollback Step2 Reboot system manually to finish rollback. admin@PICOS:~$ sudo reboot You need to manually reboot the system after issued "nos-rollback" command and the system switching takes effect. After rebooting successfully, the system will come up running the previous version of network operating system. 6.6.6 Verifying Version after Upgrading admin@PICOS:~$ version Copyright (C) 2009-2024 Pica8, Inc. =================================== Base ethernet MAC Address : d4:31:27:c9:e4:51 Hardware Model : S5860-48MG-U Linux System Version/Revision : 4.4.5.8/7f06432992 Linux System Released Date : 10/14/2024 L2/L3 Version/Revision : 4.4.5.8/7f06432992 L2/L3 Released Date : 10/14/2024 OVS/OF Version/Revision : 4.4.5.8/7f06432992 OVS/OF Released Date : 10/14/2024 7. PicOS® Debian Package Upgrade User Guide 7.1 Overview PicOS® provides five Debian packages from release 3.2 to let users upgrade some of the available components manually, or reinstall PicOS® components in case some of them were broken. Available PicOS® Debian packages and the dependencies between them are described below: picos-linux PicOS® Linux Kernel, drivers and switching ASIC kernel modules picos-vasic PicOS® VASIC and line card management libraries and utilities Depends on picos-linux picos-xorplus PicOS® Layer 2 and Layer 3 software package Depends on picos-vasic, picos-utils picos-ovs PicOS® OVS package “picos-ovs” will have its own lib to access peripherals (such as FAN and PSU and LED) via sysfs Depends on picos-vasic, picos-utils picos-utils PicOS® common utilities and configuration files System config files, systemd units Common utility such as ZTP/diag In this way, we do not need to upgrade the entire PicOS® system if version changes only appear in one or several of the components. This provides an efficient and effective method of upgrading PicOS® system. NOTE: Some PicOS® component packages would depend on other parts, so the dependent ones should be installed first if they do not exist on the system. 7.2 How to use When new releases of PicOS® components have been made available to fix urgent issues, users can get the Debian packages from PicOS® support team. For example, the package users get might be "picos-xorplus-s4100-3.2.3-9dc8d94.deb" saved in the working directory. To install the package, the following command is OK: admin@Xorplus:~$ sudo dpkg -i picos-xorplus-s4100-3.2.3-9dc8d94.deb After finishing upgrade, the switch will reboot automatically, the system will come up running the PicOS® operating system with the new PicOS® component. NOTE: If certain PicOS® components have been removed from the running Linux system, this operation would be an installation instead of upgrade. In this case, users need to confirm the model compatibility manually by inputting Yes or Y at the prompt `Are you sure the model is MODEL (yes/no)?` 7.3 Verifying after Upgrade We can use the following command to check the status of PicOS® Debian packages after upgrade. admin@Xorplus:~$ dpkg -l | grep picos- ii picos-linux ii picos-ovs ii picos-utils ii picos-vasic ii picos-xorplus Here two “i” represent normal, the first one indicates that the package has been installed successfully. The second “i” indicates the installation dependencies between the components and configuration operations are successfully completed met. 7.4 Appendix PicOS® component package uninstall operation is provided as follows. NOTE: Uninstall the PicOS® component packages may cause severe system errors, we strongly recommend not to uninstall any of the PicOS® component package. The uninstall operation will uninstall all packages that depend on this package, either directly or indirectly. admin@Xorplus:~$ sudo apt remove picos-utils Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: picos-utils 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n]

Home/
Documentazione/
PicOS® PoE+ Switch/
1G PicOS® PoE+ Switch/
S5870-48T6BC-U/
Guida all'aggiornamento/

PicOS® Quick Deployment Guide

image

04 nov. 2025 - PicOS® Quick Deployment Guide 1. Getting Started with PicOS® 1.1 Understanding PicOS® 1.1.1 About the Quick Deployment Guide PicOS® Quick Deployment Guide provides a high-level introduction to PicOS® and explains basic concepts and operational principles for working with PicOS® network devices. In this guide, we explain the basics of PicOS®, including: Understanding the network operating system software How to access PicOS® network devices How to perform the initial device configuration, including the root password, hostname, management and loopback interfaces, user accounts, and backup router configuration 1.1.2 Operating system infrastructure PicOS® includes processes that run on the device, including IP routing, Ethernet switching, management interfaces, and various other functions. PicOS® runs on the routing engine. The routing engine kernel coordinates communication between software processes and provides a link to the packet forwarding engine. Using the CLI, you can configure device functions and set network interface properties. After activating the software configuration, the CLI user interface is used to monitor and manage operations, as well as diagnose protocol and network connectivity issues. Routing Engine and Packet Forwarding Engine A PicOS® network router or switch has two main software processing components: Packet Forwarding Engine – Handles packets, applies filters, routing policies, and other functions, and forwards packets to the next hop on the route to their final destination. Routing Engine – Provides three primary functions: Maintains the routing table used by network devices and controls the routing protocols running on the device. Performs packet forwarding by providing route lookup, filtering, and switching for incoming packets, then directing outgoing packets to the appropriate interface for transmission onto the network. Provides control and monitoring functions for the device. 1.2 Access a PicOS® Network Device 1.2.1 Overview of PicOS® Network Device Initial Configuration After installing and starting a PicOS® Networks device, you can begin the initial configuration. All devices come pre-installed with a version of PicOS®. The procedures in this guide show you how to connect the device to the network without enabling traffic forwarding. For complete information on enabling traffic forwarding, including examples, refer to the Software Configuration Guide. Notes: For an overview of PicOS® and detailed information on configuration statements and CLI commands, refer to PicOS® Configuration Guide V4.4.5. By default, console access to the device is enabled. Initially, connect to the device using the Console Port. Before configuring the device, gather the following information: The name the device will use on the network The IP address and prefix length information for the Ethernet interface The IP address of the default gateway The most common method for configuring the device is using CLI commands. 1.2.2 Console Port Overview The Console Port allows access to a device running PicOS®, regardless of its state, unless the device is completely powered off. By connecting to the Console Port, you can access the device at the root level without relying on a network connection. The Console Port connection provides continuous direct access to the device, which is typically available even if the primary network fails. We recommend using the Console Port connection for all PicOS® and software package upgrades, as this connection remains open during the upgrade process, allowing you to monitor status and progress. Other network-based connections, such as SSH or Telnet, are usually interrupted during a software upgrade, which may result in the loss of status updates or error messages. 1.2.3 How to Access a PicOS® Network Device for the First Time When you power on a device running PicOS®, it automatically starts up. To perform the initial configuration, you must connect a terminal or laptop to the device via the Console Port. By default, console port access to the device is enabled. However, remote management access and all management protocols (such as Telnet, FTP, and SSH) are disabled by default. First Time Access to the Network Device: a) Connect your laptop or desktop computer to the Console Port on the front panel of the device. Port Settings Use the following port settings to connect a terminal or a computer to the switch console port: Baud rate: 115200 Data bits: 8 Stop bits: 1 Note: The default width for terminal sessions through the Console Port is 80 characters. This means that the terminal client width should be at least 80 characters to properly use the Console Port. Most terminal clients have a default width of 80 characters. b) Power on the device and wait for it to boot. The software will start automatically. Once the boot process is complete, you will see the PicOS login: prompt on the console. c) Log in as the user admin. By default, PicOS® has two users: root and admin. On the first login, you must manually set the password for the admin account. The user should use pica8 as the password on the first login. After that, the system will prompt the user to change the default password. The new password must be a string of 8 to 512 case-sensitive characters. PicOS login: admin Password: (input default password "pica8") You are required to change your password immediately (administrator enforced) Changing password for admin. Current password: (input "pica8" again) New password: (input new password: the new password should be no less than eight characters) Retype new password: (input new password again) Linux PicOS 5.10.23 #2 SMP Mon Aug 12 09:14:57 CST 2024 x86_64 Synchronizing configuration...OK. Welcome to PicOS admin@PicOS> d) After the switch boots up, it automatically enters the PicOS® CLI. admin@PicOS> e) Type configure to access CLI configuration mode admin@PicOS> configure admin@PicOS# 1.3 Device Hostname 1.3.1 Hostname Overview Almost every device in a network has a hostname. The hostname is the name used to identify the device on the network. It is easier to remember than an IP address. When you first boot a PicOS® network device, the default hostname is PicOS®. The PicOS® prompt indicates that the device is loading the new PicOS® software from the factory settings. By definition, such devices do not have a configured hostname. As an administrator, you need to follow naming conventions for devices. One convention is to name the device based on its location, such as: germany-berlin-R1. Make sure the hostname is unique within the local network so that users can connect to the device using that hostname. You do not need to make the local hostname globally unique. In PicOS®, the hostname can contain any combination of letters, numbers, and hyphens. Special characters are not allowed. As a best practice, use short and meaningful hostnames because long hostnames are difficult to type and remember. 1.3.2 Configure the Device Hostname A host name distinguishes one device from another. The default host name is the system name PicOS®. You can modify the host name as required. a) In the configuration mode, specify or modify a host name for the switch. set system hostname b) set system hostname commit c) Verifying the Configuration After the configuration is completed, in the configuration mode, use run show system name command to view the new host name. d) Other Configurations To reset the hostname to default, use delete system hostname command. 1.4 Management Ethernet and Loopback Interfaces 1.4.1 Management Ethernet Interface Overview The management interface is the primary interface for remotely accessing the device. Typically, the management interface does not connect to the in-band network but instead connects to the device’s internal network. As a system administrator, you can use the management interface to access the device through the network using utilities such as SSH and Telnet. You can configure the device from anywhere, regardless of its physical location. SNMP can use the management interface to collect statistics from the device. Authorized users and management systems use the management interface to connect to the device over the network. Some PicOS® network devices have dedicated management ports on the front panel. For other types of platforms, you can configure the management interface on one of the network interfaces. You can dedicate this interface to management, or share it with other traffic. You must configure the management interface before users can access it. To set up the management interface, you need information such as its IP address, prefix, and next hop. We recommend configuring the device so that traffic is not routed between the management interface and other ports. On many devices running PicOS®, traffic cannot be routed between the management interface and other ports. Therefore, you should choose an IP address with a separate prefix (network mask) in a separate (logical) network. For devices running PicOS®, the management Ethernet interface is typically named ETH0. 1.4.2 Configure Management Interface PicOS® switches provide one or two Ethernet management ports for switch configuration and out-of-band network management. See Figure 1, which shows the console and management ports of the PicOS®-3930 switch. The port labeled ETHERNET is the management port, while the port labeled CONSOLE is the console port. Figure 1. Console and Management Ports image.png Configure IP Address for Management Interface To facilitate the device management and meet the requirement of separating the management traffic from the data traffic, the switch supports the in-band or out-of-band management interface with the factory default IP address 192.168.1.1/24. If the switch cannot obtain the IP address through DHCP, the factory default IP address is valid, and you can access it through PCs in the same network segment. Besides, you can manually configure the IP address as needed. a) In the configuration mode, specify the IP address for management interface. set system management-ethernet eth0 ip-address {IPv4 | IPv6} set l3-interface vlan-interface inband-mgmt address prefix-length b) Commit the configuration. commit c) Verifying the Configuration After the configuration is completed, in the configuration mode, use run show system management-ethernet command to view the MAC address, IP address, state and traffic statistics. d) Other Configurations To clear the configuration of management interface, use delete system management-ethernet eth0 ip-address command. 1.4.3 Loopback Interface Overview The Internet Protocol (IP) specifies a loopback network with the address range (IPv4) 127.0.0.0/8. Most IP implementations support a loopback interface (lo0) to represent the loopback facility. Any traffic sent by computer programs to the loopback network is sent to the same computer. The most commonly used IP addresses on the loopback network are 127.0.0.1 (IPv4) and ::1 (IPv6). The standard domain name for this address is localhost. You can use the loopback interface to identify the device. While you can use any interface address to determine if the device is online, the loopback address is the preferred method. Even though interfaces may be removed or have their addresses changed due to changes in the network topology, the loopback address will never change. When you ping a single interface address, the result does not always reflect the health of the device. For example, a mismatch in the subnet configuration at both ends of a point-to-point link can make the link appear down. Pinging an interface to check if a device is online may lead to misleading results. The interface could be unavailable due to issues unrelated to the device’s configuration or operation. The loopback interface helps address these issues. Benefits Since the loopback address never changes, it is the best way to identify a device on the network. The loopback interface is always up and accessible as long as there is a route to that IP address in the IP routing table. Thus, it can be used for diagnostics and troubleshooting. Protocols such as OSPF use the loopback address to determine protocol-specific attributes of the device or network. Additionally, certain commands (e.g., ping mpls) require the loopback address to function properly. 1.4.4 Loopback Interface Configuration The loopback interface is always Up to ensure network reliability. The loopback interface has the following features: The loopback interface is always Up and has the loopback feature. The loopback interface can be configured with the mask of all 1s. Based on the preceding features, the loopback interface has the following applications. The IP address of a loopback interface is specified as the source address of packets to improve network reliability. When no Router ID is configured for dynamic routing protocols, the maximum IP address of the loopback interface is configured as the router ID automatically. a) In the configuration mode, specify the name and IP address for the loopback interface. set l3-interface loopback address prefix-length 32 set l3-interface loopback address prefix-length 128 b) Commit the configuration. commit c) Verifying the Configuration After the configuration is completed, in the configuration mode, use run show l3-interface loopback command to view the state, IP address, description and traffic statistics. d) Other Configurations By default, the loopback interface is enabled when created. To disable the loopback interface, use set l3-interface loopback disable command. To clear the configuration of loopback interface, use delete l3-interface loopback interface command. 1.5 Initial User Account 1.5.1 User Account Overview User accounts provide a way for users to access the device. For each account, you can define the user's login name, password, and any other user information. While it is common to use a remote authentication server to centrally store user information, it is also a good practice to configure at least one non-root user on each device. This way, you can still access the device even if the connection to the remote authentication server is interrupted. This non-root user is typically given a generic name, such as admin. 1.5.2 Configure User Account in the Configuration Group Here are two types of user accounts: super-user and read-only. The newly created user account, by default, is read-only. NOTE: "net-admin" is not allowed to use when configuring a username. Creating a User Class and Password admin@XorPlus# set system login user ychen authentication plain-text-password pica8 admin@XorPlus#set system login user ychen class super-user admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Login Announcement after Login admin@XorPlus# set system login announcement "welcome the switch-1101" admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Multi-line Login Announcement after Login The following example configures a multi-line announcement which will be printed on the teminal after user login. admin@XorPlus# set system login multiline-announcement 1 message "**********************************************" admin@XorPlus# set system login multiline-announcement 2 message "Welcome to the system!" admin@XorPlus# set system login multiline-announcement 3 message "**********************************************" admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Login Banner before Login admin@XorPlus# set system login banner "Hello! Welcome!" admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Multi-line Login Banner before Login The following example configures a multi-line banner which will be printed on the teminal before user login. admin@Xorplus# set system login multiline-banner 1 message "*********************NOTICE***********************" admin@Xorplus# set system login multiline-banner 2 message "This is a property of Pica8." admin@Xorplus# set system login multiline-banner 3 message "All users log-in are subject to company monitoring!" admin@Xorplus# set system login multiline-banner 4 message "**************************************************" admin@Xorplus# commit 1.5.3 Enable Remote Access Services Configuring the SSH Connection Limit admin@XorPlus# set system services ssh protocol-version v2 admin@XorPlus# set system services ssh connection-limit 5 admin@XorPlus# commit Waiting for merging configuration. Commit OK. Save done. admin@XorPlus# Enabling and Disabling Inband Service By default, SSH with inband interfaces are disabled. You can enable inband services by entering the command below. Set the L3 VLAN interface VLAN400 in the default VRF as the in-band management port. admin@Xorplus# set system inband vlan-interface VLAN400 admin@Xorplus# commit Set the loopback interface IP in the default VRF as the in-band management IP. admin@Xorplus# set system inband loopback 192.168.10.1 admin@Xorplus# commit Set the routed interface rif-ge3 in the default VRF as the in-band management port. admin@Xorplus# set system inband routed-interface rif-ge3 admin@Xorplus# commit Configuring the Idle Timeout for SSH User admin@Xorplus# set system services ssh idle-timeout 60 admin@XorPlus# commit Waiting for merging configuration. Commit OK. Save done. admin@XorPlus# Configuring the Port Number of the SSH server Users can use this command to configure the new port number of SSH server to prevent attackers from accessing the standard port of SSH service and ensure security. The default listening port number of the SSH server is 22. Note that, if the modified port number is not 22, the client needs to specify port number when logging in using SSH. admin@Xorplus# set system services ssh port 30 admin@Xorplus# commit Enabling Telnet Service The PicOS® switch supports functioning as a telnet server. To enable the telnet server function, users can enable the telnet service. The following command enables telnet service on the device. NOTEs: Telnet service is insecure. Do not enable a telnet server if you don't know what exactly it may mean. Limit to a maximum of 20 connections within 10 seconds. Terminate the session in 60 seconds if the connection is not successful. admin@PicOS# set system services telnet disable false admin@PicOS# commit 2. PicOS® Overview When using ONIE installer to install PicOS®, the installer reinstalls the software, rebuilds all the PicOS® file system. This can erase the configuration files and system logs from the previous installation. After a successful ONIE installation of PicOS® 4.x, the system generates multiple system partitions including PicOS® (partition size: 2G), PicOS®2 (partition size: 2G) and User-Data partitions. Among them, PicOS® and PicOS®2 are two independent system boot partitions. One of them is the active partition on which the running system resides, and the other is the inactive partition. The two-system-boot-partition feature allows the system to revert to a previous version of the installed software package when the it fails to upgrade PicOS® by using upgrade2 command. The ONIE installer removes all partitions to rebuild a brand new OS only when there is no User-Data partition. However, if there exists a User-Data partition (for example, install a new version 4.0.1 from the old one 4.0.0), the ONIE installer only rewrites the "PicOS®" partition, installs the new installation package to this partition and sets the system on "PicOS®" partition as the default and sole boot system. User-Data partition is a reserved partition which is not affected by ONIE installer and upgrade unless user manually removes it. User-Data partition uses all the available space left on the disk. Users can use this partition to store files and data. This document describes how to install PicOS® 4.x software using ONIE installer. 3. Install, Upgrade, and Downgrade PicOS® Software 3.1 Overview of Software Installation and Upgrade 3.1.1 What is ONIE ONIE (Open Network Install Environment) is an open source project of OCP (Open Compute Project). ONIE provides the environment to install any network operating system on a bare metal network switch. ONIE liberates users from captive pre-installed network operating systems, like the Cisco IOS, and provides them with a choice. ONIE is a small Linux operating system that comes pre-installed as firmware on bare metal network switches. ONIE acts as an enhanced boot loader, extending the features provided by U-Boot. ONIE is used to install PicOS® on compatible switches. The bare metal switches listed in the PicOS® Hardware Compatibility List must be pre-loaded with ONIE prior to installing PicOS®. 3.2 Preparation for Software Installation and Upgrade The installation methods used to install a new PicOS® are traditional installation and nos-boot-mode installation. You can choose a suitable installation method that is convenient and appropriate for your installation environment. If you want to install PicOS® through a console port, refer to PicOS® Configuration Guide V4.4.5. If you want to install the PicOS® through a non-console port (through the management port), refer to PicOS® Configuration Guide V4.4.5. Notes: You need to log in through the console port of the switch and perform the ONIE installation. Other NOSes including user data will be removed when install PicOS® under ONIE environment. When the ONIE installer is used to downgrade the PicOS® version from version 4.x to PicOS® 3.x or lower versions, we first need to use ONIE to uninstall the higher version PicOS® before proceeding with installing PicOS® 3.x or a lower version. On the ARM platform, execute the onie_uninstaller command at the ONIE prompt to uninstall the current version PicOS®. On the x86 platform, select the "ONIE: Uninstall OS" option in the GRUB menu to uninstall the current version PicOS®. If you enter GRUB rescue mode and the switch has GPT format partition, you can use the following commands to reset the GRUB boot variable to enter ONIE GRUB and then install PicOS®. grub rescue> set prefix=(hd0,gpt2)/grub grub rescue> set root=(hd0,gpt2) grub rescue> insmod normal grub rescue> normal Do not plug in the USB disk during onie-nos-installer process until ONIE starts up. If you have plugged in the USB disk before the installation operation, ONIE will find the installer on the USB disk when beginning the installation. On AS4610 series switches, when installation is complete, the installer will display: Please take out the usb disc, then remove the USB disk within 10 seconds after installation successful, and before machine restarts. All X86 platforms share one installation and upgrade package with the name fixed as: onie-installer-PicOS-VERSION-x86.bin, where VERSION is the release version. X86 platform are listed below: FS N9550-32D FS N8520-32D FS N9550-32D FS N8610-32D FS N8610-64D FS N9550-64D FS N8550-64C FS N5850-48S6Q FS N8550-48B8C FS S5580-48Y FS S5890-32C FS N8560-32C FS N8550-32C FS N8550-64C FS N8560-64C FS N8550-24CD8D FS S6860-24CD8D FS N5570-48S6C Edgecore AS4625-54P Edgecore AS4625-54T Edgecore AS4630-54TE Edgecore AS4630-54NPE Edgecore AS4630-54PE Edgecore AS5712-54X Edgecore AS5812-54T Edgecore AS5812-54X Edgecore AS7312-54X Edgecore AS7312-54XS Edgecore AS7326-56X Edgecore AS7712-32X Edgecore AS7726-32X Edgecore AS6812-32X Edgecore AS7816-64X Edgecore AS5835-54X Edgecore AS5835-54T Edgecore AS9716-32D Edgecore AS9726-32DB Edgecore AS9737-32DB Edgecore AS9736-64D DELL N3248P-ON DELL N3248PXE-ON DELL N3248TE-ON DELL N3224PX-ON DELL N3224P-ON DELL N3248X-ON DELL S4048-ON DELL S4148F-ON DELL S4148T-ON DELL S4128F-ON DELL S5224F-ON DELL S5296F-ON DELL S5212F-ON DELL S5248F-ON DELL S5232F-ON DELL Z9100-ON DELL Z9264F-ON DELL N3224T-ON DELL S4128T-ON DELL N3224F-ON DELL N2224PX-ON DELL N2224X-ON DELL N2248PX-ON DELL N2248X-ON DELL N3208PX-ON Delta AG7648 Delta AG5648 v1-R Delta AG9032v1 3.3 Upgrade and Downgrade Software 3.3.1 Traditional Installation NOTE: You need to log in through the console port of the switch and perform the ONIE installation described in this section. The installation method described in this section only applies to platforms that have pre-installed ONIE. 3.3.2 Manual Installation Process The following example describes the installation of PicOS® via manual installation method. Step1 Make sure that the installation package of .bin file has been load to the server (server could be HTTP, TFTP, or an FTP server or the switch local directory depending on the actual installation environment). Step2 Enter ONIE installation environment. The process is different on the following two types of platforms: ARM Platforms (AS4610 Series Switches) a) Verify that the switch is pre-loaded with ONIE, which will be used to load PicOS® on the switch. Power on the switch and interrupt the boot sequence by pressing any key when the following line is shown: Hit any key to stop autoboot: b) User will then reach the U-Boot command prompt indicated by ->. Run the printenv command at the U-Boot prompt. If the information displayed contains keywords like onie_initargs and onie_machine, the switch is pre-loaded with ONIE. LOADER->printenv active=image1 autoload=no baudrate=115200 bootcmd=run check_boot_reason;run PicOS_bootcmd;run onie_bootcmd bootdelay=10 check_boot_reason=if test -n $onie_boot_reason; then setenv onie_bootargs boot_reason=$onie_boot_reason; run onie_bootcmd; fi; consoledev=ttyS0 dhcp_user-class=arm-accton_as4610_54-r0_uboot dhcp_vendor-class-identifier=arm-accton_as4610_54-r0 ethact=eth-0 ethaddr=00:18:23:30:E7:8F fdtaddr=0xc00000 fpboot=setenv bootargs console=${consoledev},${baudrate} maxcpus=2 mem=1024M root=/dev/ram ${mtdparts} ubi.mtd=4 ethaddr=$ethaddr quiet gatewayip=192.168.0.1 initrd_high=0x80000000 ipaddr=192.168.0.1 loadaddr=0x70000000 loads_echo=1 mfg=mfg mfgdiags=run fpboot ; nand read ${loadaddr} diags ; bootm ${loadaddr} mfgdiags_recovery=nand read ${loadaddr} diags2 ; nand erase.part diags ; nand write ${loadaddr} diags mtdids=nand0=nand_iproc.0 mtdparts=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) netmask=255.255.255.0 nos_bootcmd=true onie_args=run onie_initargs onie_platformargs onie_bootcmd=echo Loading Open Network Install Environment ...; echo Platform: $onie_platform ; echo Version : $onie_version ; nand read $loadaddr $onie_start 0x00c00000 && run onie_args && bootm ${loadaddr} onie_dropbear_dss_host_key=begin-base64@600@d#AAAAB3NzaC1kc3MAAACBAIN7HOS7UGtQ+RS9R5Rdim9s4iadCBQ9SEFnHJZ2#ulK15hN2p1BOJ1Mf4qb/oHFGIt8hvopq157ejsJcSPuR9scXE2aYQO7r1+Ie#1MKoR3HyEFKgPhNUr0qYNiIaWGw2UUXivLUlhjmaPhjItsttb6AezNB6N1ap#TmIeEUse0NQBAAAAFQDndwbRrSsw6G/W4wd0LJVAjuyq2QAAAIAe/zGPyPNn#UwwV+i+j3l1W9IFhjA/ovXfX7PQtjHB7OJcInSpOA2gXLXHU2kYDkn+ymJQI#8Tn558nLHq64n9hIJzwaQH4ajMipBNwqR0WtpPXEaow9InDzjs+qFY0HAcTv#7DMEY9BGiJAUUSSCSFZ9dEYHIWUdk6WIpDUMX4b2ewAAAIB6bC+fHzr+Qaet#GjzynI0tApbzyydXKuIiIH6EDh2QEaP0E+TSxJ+C4xfyBAp1j0kvj0IYWR2P#H9ur0RaxDaCmKwIQs1gTJh/137Yd+OsqEV3JnrZxlEKk2DmI5c2wrGtl4oUp#XJfc+viahpFeCsGzsqGHHADWNsjlpKt457QCuQAAABUAk5406cTH4nZO0qlj#6irYf4WA65E=#====# onie_dropbear_rsa_host_key=begin-base64@600@r#AAAAB3NzaC1yc2EAAAADAQABAAAAgQCMTqwNhnJpuSLYAdRA/jjm1lyBaJF1#ovs3Hp0G7XkYnY4+JNPTCYgnmfMQnM83PQncuy89AqehJ2V22LGjpRiqT56K#MRr+hQoSWEbAObRd1azZF45pbxiQaQiQxNzIKbHDDWlGlycXfv8w9ZCElbxj#Ja7bkwmwg9EsBlW0d5u0BQAAAIAFr0FOyfn0OR1FiatvF624Aorcbl9oV/pc#JRghGfl8SxPihizz4bC7xAPCUkwd9ZHi+M2E6AjhIV69xjFKS0vYuQplvl8G#9R8YsnmP5B45TyLE3dW5V2/g+LQERQdFpRaSsPqEPHSlXPq4XHLGLRFItEBt#ohp41Qm+eA6efsAMIQAAAEEA4Y90xi8N1SuwjRk53fqpP8dC+FPnU850XtC1#cKG0rBt6v9qD+BTxxfE6GEpYM+N0fLyECbgBjA2LQF6CG3G15QAAAEEAnz3v#3POrcsMK2LkSNjWzAhzUqOWyOaNlhcvgh+2Xfj2tHyOTpZ09gCm483v1rui9#63uYu4QQurpATrHMcLIjoQ==#====# onie_initargs=setenv bootargs quiet console=$consoledev,$baudrate onie_machine=accton_as4610_54 onie_machine_rev=0 onie_platform=arm-accton_as4610_54-r0 onie_platformargs=setenv bootargs $bootargs serial_num=${serial#} ${platformargs} eth_addr=$ethaddr $onie_bootargs $onie_debugargs onie_recovery=nand read ${loadaddr} onie2 ; nand erase.part onie ; nand write ${loadaddr} onie onie_rescue=setenv onie_boot_reason rescue && boot onie_start=onie onie_sz.b=0x00c00000 onie_uninstall=setenv onie_boot_reason uninstall && boot onie_update=setenv onie_boot_reason update && boot onie_vendor_id=27658 onie_version=master-201603091701-dirty PicOS_bootcmd=usb start;run platformargs;setenv bootargs root=/dev/sda1 rw noinitrd console=$consoledev,$baudrate rootdelay=10 $mtdparts;ext2load usb 0:1 $loadaddr boot/uImage;bootm $loadaddr platform=accton_as4610_54 platformargs=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) maxcpus=2 mem=1024M ramdiskaddr=0x3000000 serial#=A626P1DL174300014 serverip=192.168.0.10 stderr=serial stdin=serial stdout=serial ubifscfg=ubi part nand0,4 0x0; ubifsmount fs ver=U-Boot 2012.10-gcbef171 (Mar 09 2016 - 17:01:14) - ONIE master-201603091701-dirty Environment size: 3992/65532 bytes c) From U-Boot prompt, boot ONIE in rescue mode. LOADER-> run onie_rescue x86 Platform On x86 platform, it uses GRUB menu to install OS via ONIE. a) Reboot the system, and enter ONIE installation environment from the GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. b) From GRUB prompt, choose ONIE: Rescue to Install OS, boot ONIE in rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ |*ONIE: Install OS | | ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step3 Run onie-nos-install command as follows to manually install PicOS®. Install via TFTP ONIE# onie-nos-install tftp:///PicOS.bin Install via FTP When installing via FTP, you need to type username and password of the FTP server on which the image file is loaded. ONIE# onie-nos-install ftp://username:password@/PicOS.bin Install via HTTP ONIE# onie-nos-install http:///PicOS.bin Install from Local Directory a) In ONIE rescue mode, copy the image file to the current directory. ONIE# scp username@/PicOS.bin . b) Run onie-nos-install command to start installation. ONIE# onie-nos-install PicOS.bin For example, ONIE:/ # onie-nos-install onie-installer-PicOS-4.0.0-8b1219e112-x86.bin discover: Rescue mode detected. No discover stopped. ONIE: Executing installer: onie-installer-PicOS-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. [1] PicOS L2/L3 (default) [2] PicOS Open vSwitch/OpenFlow Enter your choice (1,2):1 PicOS L2/L3 is selected. ONIE installation will overwrite the configuration file of existing system. It is recommended to follow the upgrade procedure to upgrade the system. Press any key to stop the installation... 10 9 8 7 6 5 4 3 2 1 ... The installer runs automatically, before start installation, it will prompt to choose the option to make PicOS® to boot into L2/L3 or OVS mode. If not selected, then PicOS® boots into L2/L3. After finishing installation, the device reboots automatically, the system then comes up running the new network operating system. NOTEs: After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.3 Automatic Installation Process The automatic installation process uses the DHCP message exchange process to download and install software packages. Step1 Make sure the switch is connected to DHCP and HTTP servers and the PicOS® installation software package is downloaded to the HTTP server. a) DHCP server configuration: define the path of the installation package and then start DHCP server service: host pica8-3922 { hardware ethernet 70:72:cf:12:34:56; fixed-address 192.168.2.50; option default-url = "http://192.168.2.42/onie-installer-PicOS-4.0.0-8b1219e112-x86.bin"; b) Check if the .bin installation file is loaded onto the HTTP server: root@dev:/var/www# ls index.html onie-installer-powerpc.bin Step2 Install PicOS® via ONIE. The process is different on the following two types of platforms: ARM Platforms (AS4610 Series Switches) a) Verify that the switch is pre-loaded with ONIE, which will be used to load PicOS® on the switch. Power on the switch and interrupt the boot sequence by pressing any key when the following line is shown: Hit any key to stop autoboot: b) User will then reach the U-Boot command prompt indicated by ->. Run the printenv command at the U-Boot prompt. If the information displayed contains keywords like onie_initargs and onie_machine, the switch is pre-loaded with ONIE. LOADER-> printenv active=image1 autoload=no baudrate=115200 bootcmd=run check_boot_reason;run PicOS_bootcmd;run onie_bootcmd bootdelay=10 check_boot_reason=if test -n $onie_boot_reason; then setenv onie_bootargs boot_reason=$onie_boot_reason; run onie_bootcmd; fi; consoledev=ttyS0 dhcp_user-class=arm-accton_as4610_54-r0_uboot dhcp_vendor-class-identifier=arm-accton_as4610_54-r0 ethact=eth-0 ethaddr=00:18:23:30:E7:8F fdtaddr=0xc00000 fpboot=setenv bootargs console=${consoledev},${baudrate} maxcpus=2 mem=1024M root=/dev/ram ${mtdparts} ubi.mtd=4 ethaddr=$ethaddr quiet gatewayip=192.168.0.1 initrd_high=0x80000000 ipaddr=192.168.0.1 loadaddr=0x70000000 loads_echo=1 mfg=mfg mfgdiags=run fpboot ; nand read ${loadaddr} diags ; bootm ${loadaddr} mfgdiags_recovery=nand read ${loadaddr} diags2 ; nand erase.part diags ; nand write ${loadaddr} diags mtdids=nand0=nand_iproc.0 mtdparts=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) netmask=255.255.255.0 nos_bootcmd=true onie_args=run onie_initargs onie_platformargs onie_bootcmd=echo Loading Open Network Install Environment ...; echo Platform: $onie_platform ; echo Version : $onie_version ; nand read $loadaddr $onie_start 0x00c00000 && run onie_args && bootm ${loadaddr} onie_dropbear_dss_host_key=begin-base64@600@d#AAAAB3NzaC1kc3MAAACBAIN7HOS7UGtQ+RS9R5Rdim9s4iadCBQ9SEFnHJZ2#ulK15hN2p1BOJ1Mf4qb/oHFGIt8hvopq157ejsJcSPuR9scXE2aYQO7r1+Ie#1MKoR3HyEFKgPhNUr0qYNiIaWGw2UUXivLUlhjmaPhjItsttb6AezNB6N1ap#TmIeEUse0NQBAAAAFQDndwbRrSsw6G/W4wd0LJVAjuyq2QAAAIAe/zGPyPNn#UwwV+i+j3l1W9IFhjA/ovXfX7PQtjHB7OJcInSpOA2gXLXHU2kYDkn+ymJQI#8Tn558nLHq64n9hIJzwaQH4ajMipBNwqR0WtpPXEaow9InDzjs+qFY0HAcTv#7DMEY9BGiJAUUSSCSFZ9dEYHIWUdk6WIpDUMX4b2ewAAAIB6bC+fHzr+Qaet#GjzynI0tApbzyydXKuIiIH6EDh2QEaP0E+TSxJ+C4xfyBAp1j0kvj0IYWR2P#H9ur0RaxDaCmKwIQs1gTJh/137Yd+OsqEV3JnrZxlEKk2DmI5c2wrGtl4oUp#XJfc+viahpFeCsGzsqGHHADWNsjlpKt457QCuQAAABUAk5406cTH4nZO0qlj#6irYf4WA65E=#====# onie_dropbear_rsa_host_key=begin-base64@600@r#AAAAB3NzaC1yc2EAAAADAQABAAAAgQCMTqwNhnJpuSLYAdRA/jjm1lyBaJF1#ovs3Hp0G7XkYnY4+JNPTCYgnmfMQnM83PQncuy89AqehJ2V22LGjpRiqT56K#MRr+hQoSWEbAObRd1azZF45pbxiQaQiQxNzIKbHDDWlGlycXfv8w9ZCElbxj#Ja7bkwmwg9EsBlW0d5u0BQAAAIAFr0FOyfn0OR1FiatvF624Aorcbl9oV/pc#JRghGfl8SxPihizz4bC7xAPCUkwd9ZHi+M2E6AjhIV69xjFKS0vYuQplvl8G#9R8YsnmP5B45TyLE3dW5V2/g+LQERQdFpRaSsPqEPHSlXPq4XHLGLRFItEBt#ohp41Qm+eA6efsAMIQAAAEEA4Y90xi8N1SuwjRk53fqpP8dC+FPnU850XtC1#cKG0rBt6v9qD+BTxxfE6GEpYM+N0fLyECbgBjA2LQF6CG3G15QAAAEEAnz3v#3POrcsMK2LkSNjWzAhzUqOWyOaNlhcvgh+2Xfj2tHyOTpZ09gCm483v1rui9#63uYu4QQurpATrHMcLIjoQ==#====# onie_initargs=setenv bootargs quiet console=$consoledev,$baudrate onie_machine=accton_as4610_54 onie_machine_rev=0 onie_platform=arm-accton_as4610_54-r0 onie_platformargs=setenv bootargs $bootargs serial_num=${serial#} ${platformargs} eth_addr=$ethaddr $onie_bootargs $onie_debugargs onie_recovery=nand read ${loadaddr} onie2 ; nand erase.part onie ; nand write ${loadaddr} onie onie_rescue=setenv onie_boot_reason rescue && boot onie_start=onie onie_sz.b=0x00c00000 onie_uninstall=setenv onie_boot_reason uninstall && boot onie_update=setenv onie_boot_reason update && boot onie_vendor_id=27658 onie_version=master-201603091701-dirty PicOS_bootcmd=usb start;run platformargs;setenv bootargs root=/dev/sda1 rw noinitrd console=$consoledev,$baudrate rootdelay=10 $mtdparts;ext2load usb 0:1 $loadaddr boot/uImage;bootm $loadaddr platform=accton_as4610_54 platformargs=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) maxcpus=2 mem=1024M ramdiskaddr=0x3000000 serial#=A626P1DL174300014 serverip=192.168.0.10 stderr=serial stdin=serial stdout=serial ubifscfg=ubi part nand0,4 0x0; ubifsmount fs ver=U-Boot 2012.10-gcbef171 (Mar 09 2016 - 17:01:14) - ONIE master-201603091701-dirty Environment size: 3992/65532 bytes c) Input command run onie_bootcmd, which will automatically install PicOS® on the switch. LOADER -> run onie_bootcmd Loading Open Network Install Environment ... Platform: arm-accton_as4610_54-r0 Version : 2021.09.00.03 WARNING: adjusting available memory to 30000000 ## Booting kernel from Legacy Image at 02000000 ... Image Name: as4610_54x.1.6.1.3 Image Type: ARM Linux Multi-File Image (gzip compressed) Data Size: 3514311 Bytes = 3.4 MiB Load Address: 00000000 Entry Point: 00000000 Contents: Image 0: 2762367 Bytes = 2.6 MiB Image 1: 733576 Bytes = 716.4 KiB Image 2: 18351 Bytes = 17.9 KiB Verifying Checksum ... OK ## Loading init Ramdisk from multi component Legacy Image at 02000000 ... ## Flattened Device Tree from multi component Image at 02000000 Booting using the fdt at 0x02355858 Uncompressing Multi-File Image ... OK Loading Ramdisk to 2ff4c000, end 2ffff188 ... OK Loading Device Tree to 03ff8000, end 03fff7ae ... OK Cannot reserve gpages without hugetlb enabled setup_arch: bootmem as4610_54x_setup_arch() arch: exit pci 0000:00:00.0: ignoring class b20 (doesn't match header type 01) sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through ONIE: Using DHCPv4 addr: eth0: 192.168.2.77 / 255.255.255.0 discover: installer mode detected. Running installer. Please press Enter to activate this console. ONIE: Using DHCPv4 addr: eth0: 192.168.2.77 / 255.255.255.0 ONIE: Starting ONIE Service Discovery ONIE: Executing installer: http://192.168.2.42/onie-installer-PicOS-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. PicOS installation .............................................. ./var/local/ ./var/run Setup PicOS environment ... .............................................. XorPlus login: admin Password: You are required to change your password immediately (root enforced) Changing password for admin. (current) UNIX password: Enter new UNIX password: Retype new UNIX password: admin@XorPlus$ x86 Platform On x86 platform, it uses GRUB menu to choose install OS via ONIE. a) Reboot the system, and enter ONIE installation environment from the GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. b) From GRUB prompt, choose ONIE: Rescue to Install OS, boot ONIE in rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ |*ONIE: Install OS | | ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ The installer runs and will reboot the system after installation is complete. NOTEs: After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.4 Nos-boot-mode Installation NOTE: The installation method described in this section applies to installation through both the console port and the management port. The installation method described in this section only applies to platforms that have pre-installed ONIE. The installation methods described in PicOS® Configuration Guide V4.4.5 must be performed through the console port. If you want to install the system through a non-console port, you can use the nos-boot-mode command to perform the installation which is described in this section. Usage of nos-boot-mode command: admin@Xorplus$sudo nos-boot-mode USAGE install or uninstall NOS(es) SYNOPSIS nos-boot-mode [install|uninstall] DESCRIPTION install- Install NOS uninstall- Remove all NOS(es) including PicOS® When nos-boot-mode install command is executed, PicOS® will switch to ONIE install mode, and the user should go on to complete the subsequent installation. The steps for the manual installation process and the automatic installation process using the nos-boot-mode install command are described below. When nos-boot-mode unsinstall command is executed, the system will remove all NOS(es) including PicOS® from the device. Therefore, it is suggested to use the nos-boot-mode unsinstall command with caution. 3.3.5 Manual Installation Process Step1 Make sure that the installation package of .bin file has been loaded to the server (server could be HTTP, TFTP, or an FTP server or the switch local directory depending on the actual installation environment). Step2 Execute the nos-boot-mode install command to enter ONIE installation environment. admin@Xorplus:~$ sudo nos-boot-mode install Step3 Type “yes” when the below prompt is shown, which will take the system will to ONIE install mode. Type 'yes' to install NOS! Type 'no' to exit [no]/yes: Step4 Run onie-nos-install command as follows to manually install PicOS®. Install via TFTP ONIE# onie-nos-install tftp:///PicOS.bin Install via FTP When installing via FTP, you need to type in the username and password for the FTP server on which the image file is loaded. ONIE# onie-nos-install ftp://username:password@/PicOS.bin Install via HTTP ONIE# onie-nos-install http:///PicOS.bin Install from Local Directory a) In ONIE rescue mode, copy the image file to the current directory. ONIE# scp username@/PicOS.bin . b) Run onie-nos-install command to start installation. ONIE# onie-nos-install PicOS.bin For example, ONIE:/ # onie-nos-install onie-installer-PicOS-4.0.0-8b1219e112-x86.bin discover: Rescue mode detected. No discover stopped. ONIE: Executing installer: onie-installer-PicOS-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. [1] PicOS L2/L3 (default) [2] PicOS Open vSwitch/OpenFlow Enter your choice (1,2):1 PicOS L2/L3 is selected. ONIE installation will overwrite the configuration file of existing system. It is recommended to follow the upgrade procedure to upgrade the system. Press any key to stop the installation... 10 9 8 7 6 5 4 3 2 1 ... The installer runs automatically, before start installation, it will prompt to choose the option to make PicOS® to boot into L2/L3 or OVS mode. If not selected, then PicOS® boots into L2/L3. After finishing installation, the device reboots automatically, the system then comes up running the new network operating system. NOTEs: After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.6 Automated Installation Process The automatic installation process uses the DHCP message exchange process to download and install software packages. Step1 Make sure the switch is connected to DHCP and HTTP servers, and the PicOS® installation software package is downloaded to the HTTP server. a) DHCP server configuration: define the path of the installation package and then start DHCP server service: host pica8-3922 { hardware ethernet 70:72:cf:12:34:56; fixed-address 192.168.2.50; option default-url = "http://192.168.2.42/onie-installer-PicOS-4.0.0-8b1219e112-x86.bin"; } b) Check if the .bin installation file is loaded onto the HTTP server: root@dev:/var/www# ls index.html onie-installer-powerpc.bin Step2 Execute the nos-boot-mode install command to enter ONIE installation environment. admin@Xorplus$ sudo nos-boot-mode install Step3 Type “yes” when the below prompt is shown, and the system will automatically complete the installation. Type 'yes' to install NOS! Type 'no' to exit [no]/yes: The installer runs automatically and will reboot the system after installation is completed. NOTEs: After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.7 Verifying Version after Installation After system reboots automatically, the system will come up running the new network operating system. admin@Xorplus> show version Copyright (C) 2009-2022 Pica8, Inc. =================================== Hardware Model : as7312_54x Linux System Version/Revision : 4.0.0/8b1219e112 Linux System Released Date : 5/18/2021 L2/L3 Version/Revision : 4.0.0/8b1219e112 L2/L3 Released Date : 5/18/2021 OVS/OF Version/Revision : 4.0.0/8b1219e112 OVS/OF Released Date : 5/18/2021 3.3.8 Appendix: Troubleshooting Installation/Upgrade Failure on AS7326-56X Installation or upgrade failure (for example, the switches cannot boot up after install) may occur on the old AS7326-56X hardware models (revision is R01F and before). When booting PicOS® on AS7326-56X and detect hardware rev R01F, the system will log a warning message to prompt the hardware revision R01F is a pre-production hardware reversion: "This hardware revision R01F is a pre-production hardware rev, PicOS® has applied a work around to work with PicOS®. Support will be provided on a best effort basis". To work around the issue, first we need to check the “Label Revision”. If it is an old hardware model (revision is R01F or before), then, we can perform the following provided solution after installation/upgrade to solve the problem. 3.3.9 Check Label Revision Under ONIE prompt, run “onie_syseeprom” to get the “Label Revision”. ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 166 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 04/27/2019 02:10:06 Label Revision 0x27 4 R01B Platform Name 0x28 27 x86_64-accton_as7326_56x-r0 ONIE Version 0x29 13 2018.05.00.05 Manufacturer 0x2B 6 Accton Diag Version 0x2E 7 0.0.1.0 Base MAC Address 0x24 6 80:A2:35:81:D5:F0 Serial Number 0x23 14 732656X1916012 Country Code 0x2C 2 TW Part Number 0x22 13 FP4ZZ7656005A Product Name 0x21 15 7326-56X-O-AC-F MAC Addresses 0x2A 2 256 Vendor Name 0x2D 6 Accton CRC-32 0xFE 4 0xC3D3F2DE Checksum is valid. ONIE:/ # 3.3.10 Solution You can follow the steps below after installation/upgrade, to fix the problem of installation and upgrade failure on the old AS7326-56X hardware model (revision R01F or before). Step1 Power cycle the switch. Step2 From the GRUB menu, choose “ONIE” to enter ONIE GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. Step3 From ONIE GRUB menu, choose “ONIE: Rescue” to launch ONIE in Rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ | ONIE: Install OS | |*ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step4 Press Enter to display the ONIE prompt. Step5 Mount PicOS® partition with label is “PicOS”. ONIE:/ # blkid /dev/sda7: LABEL="User-Data" UUID="be63cef8-4560-4c48-ab5a-8f7ced5a950b" /dev/sda6: LABEL="PicOS2" UUID="f589e53f-4cd1-44ba-8384-f339f4e2b2ac" /dev/sda5: LABEL="PicOS" UUID="8ca5f7ed-5a15-4a2a-944c-4d8872647bf5" /dev/sda4: LABEL="PicOS-GRUB" UUID="782a1372-4b66-4783-b920-dab1df8ec6e4" /dev/sda3: LABEL="ACCTON-DIAG" UUID="3e4117d0-1926-472a-9d9e-08883df83d40" /dev/sda2: LABEL="ONIE-BOOT" UUID="1a90abd8-f065-4f7a-90a0-af122b8805fa" ONIE:/ # ONIE:/ # mount /dev/sda5 /mnt Step6 Execute the following command to modify the I2C access address. ONIE:/ # sed -I "s/0x57/0x56/" /mnt/etc/rc_hw.sh ONIE:/ # sync Step7 Unmount the PicOS® partition. ONIE:/ # unmount /dev/sda5 Step8 Reboot the switch. ONIE:/ # reboot 4. Zero Touch Configuration 4.1 Overview of ZTP 4.1.1 ZTP Fundamentals NOTEs: Currently, the IPv6 ZTP is not supported. You are suggested to implement ZTP for unconfigured devices, or the error prompts may appear. Before using ZTP, you should configure the switch with two partitions of active partition and backup partition. The active partition can be used for upgrade and the backup partition can be used to save the current version, which can make sure the original version can be recovered once the upgrade is failed. ZTP (Zero Touch Provisioning) is a technology for automated upgrade and configuration of unconfigured network devices. You can automatically upgrade and configure devices with the provision script of ZTP before the PicOS® is up, obtaining the required configuration information without manual intervention, including IP addresses, routing, security policies, etc. When large numbers of switches need to be upgraded to new versions or issued with configuration files, you can use ZTP to reduce labor costs and improve deployment efficiency. It can implement fast, accurate and reliable device deployment. ZTP Process Figure 2. ZTP Workflow of White-Box Switches image.png After a switch is powered on, the switch sends DHCP Discover to get an IP address, and the DHCP server provides the switch with an IP address. The switch sends a request to the DHCP server, and the DHCP server sends a response including the HTTP server address. The switch sends an HTTP request to the HTTP server to get the shell script, and the HTTP server sends an HTTP response with the shell script. The switch executes the shell script to complete the ZTP deployment, including downloading a PicOS image, installing PicOS and its license, registering with the AmpCon-Campus server, updating switch configurations, and rebooting the switch. 4.1.2 DHCP Configuration of ZTP Option Parameters The DHCP server obtains network configuration information required by ZTP through option parameters. The request packets sent by DHCP client carry option 55, and the reply packets responded by DHCP server carry option 7, 66 and 67. The function of option parameters is shown as below. Table 1. Option description Option Description Carrier 55 Specifies the network configuration parameters need to be obtained from the server. It includes the boot file name, TFTP server address, Syslog server address and gateway. Client 7 Specifies the IP address of Syslog server. Server 66 Specifies the IP address of TFTP(HTTP) server allocated for the client. Server 67 Specifies the boot file name allocated for the client. Server DHCP Server Configuration When the switch is served as the DHCP server, you can configure the DHCP server through PicOS® commands (suggested) or Linux commands. PicOS® command Here is an example of configuring the DHCP server through PicOS® commands, which specifies the IP address of Syslog server as 192.168.10.1, the IP address of TFTP server as 192.168.10.1, and the working path of provision script on the TFTP server as ./provision.sh. For detailed information of related commands, see Configuring DHCP server. admin@PicOS# set protocols dhcp server pool pool1 log-server 192.168.10.1 admin@PicOS# set protocols dhcp server pool pool1 tftp-server 192.168.10.2 admin@PicOS# set protocols dhcp server pool pool1 bootfile-name file-path ./provision.sh admin@PicOS# commit Linux command Here is an example of configuring the DHCP server through Linux commands. host pica8-pxxxx {*************************//////////////////////////////////////////////////////////////////////////////////////// hardware ethernet 08:9e:01:62:d5:62; option bootfile-name "pica8/provision.script"; option tftp-server-name "xx.xx.xx.xx"; option log-servers xx.xx.xx.xx; fixed-address xx.xx.xx.xx; } The elements of the segment above are described below: host: the host name of the PicOS® switch. hardware ethernet: the MAC address of the PicOS® switch. bootfile-name: the file name of the shell scripts and its path relative to the TFTP root directory. tftp-server-name: the IP address of the TFTP server. log-servers: the IP address of the log server that will receive logs from ZTP. fixed-address: optional. Configure a fixed IP address as management IP of the switch. PicOS® switches send a vendor-class-identifier to the DHCP server in the format of pica8-pxxxx where xxxx is the switch model. It is possible for the customer to use the vendor-class-identifier to identify PicOS® switches. 4.1.3 Provision Script The provision script describes what is required and how to execute when you upgrade and configure PicOS® through ZTP. You can customize the provision script through running the generate_script file. The generate_script is provided in the format of Shell and Python, and you can click generate_script.py or generate_script.sh to download. The detailed contents are shown as below. import os def prompt_choice(): print("""Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file "picos_start.conf" from file server 9. Get PicOS configuration file "pica_startup.boot" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file "ovs-vswitchd.conf.db" from file server""") return input("Enter your choice: ") def generate_script(): config_commands = [] while True: choice = prompt_choice() if choice == 'done': break if choice == '1': ip = input("Enter syslog server IP address: ") config_commands.append(f"add_remote_syslog_server {ip}") elif choice == '2': ip = input("Enter the syslog server IP address to remove: ") config_commands.append(f"remove_remote_syslog_server {ip}") elif choice == '3': remote_file_name = input("Enter file name in TFTP server: ") local_file_name = input("Enter file name with path in local: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"tftp_get_file {remote_file_name} {local_file_name} {ip}") elif choice == '4': local_file_name = input("Enter file name with path in local: ") file_name = input("Enter file name with HTTP server URL:: ") config_commands.append(f"http_get_file {local_file_name} {file_name}") elif choice == '5': config_commands.append("ztp_enable") elif choice == '6': config_commands.append("ztp_disable") elif choice == '7': file_name = input("Enter tftp file name or http url: ") revision = input("Enter the software revision of the image: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f'if [ "$revision" != "{revision}" ]; then get_picos_image {file_name} {ip}; fi') elif choice == '8': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_picos_startup_file {file_name} {ip}") elif choice == '9': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_l2l3_config_file {file_name} {ip}") elif choice == '10': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"l2l3_load_config {file_name} {ip}") elif choice == '11': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_ovs_config_file {file_name} {ip}") else: print("Invalid choice, please try again.") print("\n") # Generate Shell script script_name = "provision.sh" with open(script_name, 'w') as script_file: script_file.write("#!/bin/bash\n") script_file.write("source /usr/bin/ztp-functions.sh\n") script_file.write("\n") for command in config_commands: script_file.write(f"{command}\n") print(f"\nGenerated Shell script has been saved as {script_name}") # Run script generation program generate_script() #!/bin/bash function prompt_choice() { echo "Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file \"picos_start.conf\" from file server 9. Get PicOS configuration file \"pica_startup.boot\" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file \"ovs-vswitchd.conf.db\" from file server" read -rp "Enter your choice: " choice } function generate_script() { local config_commands=() local revision="" while true; do prompt_choice case $choice in 1) read -rp "Enter syslog server IP address: " ip config_commands+=("add_remote_syslog_server $ip") ;; 2) read -rp "Enter the syslog server IP address to remove: " ip config_commands+=("remove_remote_syslog_server $ip") ;; 3) read -rp "Enter file name in TFTP server: " remote_file_name read -rp "Enter file name with path in local: " local_file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("tftp_get_file $remote_file_name $local_file_name $ip") ;; 4) read -rp "Enter file name with path in local: " local_file_name read -rp "Enter file name with HTTP server URL: " file_name config_commands+=("http_get_file $local_file_name $file_name") ;; 5) config_commands+=("ztp_enable") ;; 6) config_commands+=("ztp_disable") ;; 7) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter the software revision of the image:" revision read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("if [ \"\$revision\" != \"$revision\" ]; then get_picos_image $file_name $ip; fi") ;; 8) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_picos_startup_file $file_name $ip") ;; 9) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_l2l3_config_file $file_name $ip") ;; 10) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("l2l3_load_config $file_name $ip") ;; 11) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_ovs_config_file $file_name $ip") ;; done) break ;; *) echo "Invalid choice, please try again." ;; esac printf "\n" done # Generate Shell script local script_name="provision.sh" { echo "#!/bin/bash" echo "source /usr/bin/ztp-functions.sh" echo "" for command in "${config_commands[@]}"; do echo "$command" done } > "$script_name" printf "\n" echo "Generated Shell script has been saved as $script_name" } # Run script generation program generate_script Generate Script in the Shell Format Shell Script Content #!/bin/bash function prompt_choice() { echo "Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file \"PicOS_start.conf\" from file server 9. Get PicOS configuration file \"pica_startup.boot\" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file \"ovs-vswitchd.conf.db\" from file server" read -rp "Enter your choice: " choice } function generate_script() { local config_commands=() local revision="" while true; do prompt_choice case $choice in 1) read -rp "Enter syslog server IP address: " ip config_commands+=("add_remote_syslog_server $ip") ;; 2) read -rp "Enter the syslog server IP address to remove: " ip config_commands+=("remove_remote_syslog_server $ip") ;; 3) read -rp "Enter file name in TFTP server: " remote_file_name read -rp "Enter file name with path in local: " local_file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("tftp_get_file $remote_file_name $local_file_name $ip") ;; 4) read -rp "Enter file name with path in local: " local_file_name read -rp "Enter file name with HTTP server URL: " file_name config_commands+=("http_get_file $local_file_name $file_name") ;; 5) config_commands+=("ztp_enable") ;; 6) config_commands+=("ztp_disable") ;; 7) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter the software revision of the image:" revision read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("if [ \"\$revision\" != \"$revision\" ]; then get_PicOS_image $file_name $ip; fi") ;; 8) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_PicOS_startup_file $file_name $ip") ;; 9) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_l2l3_config_file $file_name $ip") ;; 10) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("l2l3_load_config $file_name $ip") ;; 11) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_ovs_config_file $file_name $ip") ;; done) break ;; *) echo "Invalid choice, please try again." ;; esac printf "\n" done # Generate Shell script local script_name="provision.sh" { echo "#!/bin/bash" echo "source /usr/bin/ztp-functions.sh" echo "" for command in "${config_commands[@]}"; do echo "$command" done } > "$script_name" printf "\n" echo "Generated Shell script has been saved as $script_name" } # Run script generation program generate_script Option Description of Shell Script NOTEs: Make sure that names of all files configured in the script is the same with files placed in the file server, or the switch cannot obtain them successfully. The IP address of TFTP server from DHCP server will be valid if it is not configured in the script. Option Description Example Add remote Syslog server Specify the IPv4 address of the Syslog server. Open 1 image.png The IPv4 address of Syslog server is configured as 10.10.30.1. Remove remote Syslog server Delete the IPv4 address of the Syslog server.10.10.30.1 Open 2 image.png The IPv4 address 10.10.30.1 of Syslog server is deleted. Get file from TFTP server Download a file with specified name from the TFTP server with a specified IP address and path, and save it in local with another specified name. Note: The path /cftmp is valid if you don’t specify the local path here. Open 3 image.png The file remote-file.txt in the TFTP server 10.10.30.2 is downloaded and is saved in local as local-file.txt. Get file from HTTP server Download a file with specified name from the HTTP server with a specified URL and save it in local with another specified name. Note: The root path is valid if you don’t specify the local path here. Open 4 image.png The file remote-file.txt in the HTTP server 10.10.30.2 is downloaded and is saved in local as local-file.txt. Enable ZTP auto-run when switch boot up Enable ZTP function after completing this ZTP process. Note: You are suggested to configure this option at last, or it may be invalid. Open 5 image.png Disable ZTP auto-run when switch boot up Disable ZTP function after completing this ZTP process. Note: You are suggested to configure this option at last, or it may be invalid. Open 6 image.png Get PicOS® image from file server and upgrade Download the PicOS® image from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Then, upgrade the switch to the new version. Notes: You should specify the version number to make sure the switch only upgrades one time. You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 7 image.png The image onie-installer-PicOS-9.8.7-main-43d73dd983-x86v.bin in the working path of the TFTP server 10.10.30.2 is downloaded, and the switch is upgraded to this new version with the version number 43d73dd983. Get PicOS® startup file "PicOS_start.conf" from file server Download the PicOS® startup file PicOS_start.conf from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Note: You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 8 image.png The file PicOS_start.conf from the HTTP server 10.10.30.3 is downloaded. Get PicOS® configuration file "pica_startup.boot" from file server Download the L2/l3 configuration file pica_startup.boot from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Note: You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 9 image.png The file pica_startup.boot from the HTTP server 10.10.30.3 is downloaded. Get file with PicOS® L2/L3 CLI commands list and execute these commands Download the L2/l3 command file from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Notes: You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. You can modify the file ztpl2l3_cfg.cli as needed. For example, if you need to specify VLAN 10 and VLAN 20, you can configure as follows:set vlans vlan-id 20 set vlans vlan-id 30 Open 10 image.png he file ztpl2l3_cfg.cli in the working directory of the TFTP server 10.10.30.2 is downloaded. Get PicOS® OVS configuration file "ovs-vswitchd.conf.db" from file server Download the OVS configuration file ovs-vswitchd.conf.db from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Notes: You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 11 image.png The file ovs-vswitchd.conf.db from the HTTP server 10.10.30.3 is downloaded. Generate Script in the Python Format Python Script Content import os def prompt_choice(): print("""Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file "PicOS_start.conf" from file server 9. Get PicOS configuration file "pica_startup.boot" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file "ovs-vswitchd.conf.db" from file server""") return input("Enter your choice: ") def generate_script(): config_commands = [] while True: choice = prompt_choice() if choice == 'done': break if choice == '1': ip = input("Enter syslog server IP address: ") config_commands.append(f"add_remote_syslog_server {ip}") elif choice == '2': ip = input("Enter the syslog server IP address to remove: ") config_commands.append(f"remove_remote_syslog_server {ip}") elif choice == '3': remote_file_name = input("Enter file name in TFTP server: ") local_file_name = input("Enter file name with path in local: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"tftp_get_file {remote_file_name} {local_file_name} {ip}") elif choice == '4': local_file_name = input("Enter file name with path in local: ") file_name = input("Enter file name with HTTP server URL:: ") config_commands.append(f"http_get_file {local_file_name} {file_name}") elif choice == '5': config_commands.append("ztp_enable") elif choice == '6': config_commands.append("ztp_disable") elif choice == '7': file_name = input("Enter tftp file name or http url: ") revision = input("Enter the software revision of the image: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f'if [ "$revision" != "{revision}" ]; then get_PicOS_image {file_name} {ip}; fi') elif choice == '8': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_PicOS_startup_file {file_name} {ip}") elif choice == '9': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_l2l3_config_file {file_name} {ip}") elif choice == '10': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"l2l3_load_config {file_name} {ip}") elif choice == '11': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_ovs_config_file {file_name} {ip}") else: print("Invalid choice, please try again.") print("\n") # Generate Shell script script_name = "provision.sh" with open(script_name, 'w') as script_file: script_file.write("#!/bin/bash\n") script_file.write("source /usr/bin/ztp-functions.sh\n") script_file.write("\n") for command in config_commands: script_file.write(f"{command}\n") print(f"\nGenerated Shell script has been saved as {script_name}") # Run script generation program generate_script() Option Description of Python Script The description of the Python script is the same with the Shell script. For detailed information, see Option Description of Shell Script. Configuration Example for Generating Provision.sh Take the Shell script as an example to introduce how to use it: a) Upload the Shell script generate_script.sh to the Linux environment. b) Use the command chmod +x generate_script.sh to enable the executable permission. c) Enter command ./generate_script.sh to run the script, and options are shown as below. image.png d) Select options of 1, 3 and 6 in sequence as needed, and enter done to generate the script. generate-20240918-062650.png e) The file named provision.sh is generated in the current directory, which includes all selected options. The content of provision script is shown as below. image-20241014-100713.png 4.2 Enabling or Disabling ZTP NOTE: By default, ZTP is enabled on PicOS® switches. If ZTP is left enabled, the PicOS® switch will try to download a new script every time the switch is booted. This is not a desirable situation, so ZTP should be disabled when it is no longer needed. Four methods are supported to disable or enable ZTP, as detailed below: Enable or disable ZTP through running the provision script. To generate the corresponding provision script, select options of 5 and 6 when running the generate_script, as shown below. image-20241014-101247.png Note: you are suggested to select this option at last, or the option may be invalid. Enable or disable ZTP through the command set system ztp enable in PicOS® configuration mode. The following example disables ZTP using the command set system ztp enable : dmin@XorPlus# set system ztp enable false admin@XorPlus# commit Enable or disable ZTP via the ztp-config script included with PicOS®. The following example disables ZTP using the ztp-config script run from the Linux shell: admin@LEAF-A$sudo ztp-config Please configure the default PicOS ZTP options: (Press other key if no change) [1] PicOS ZTP enabled * default [2] PicOS ZTP disabled Enter your choice (1,2):2 PicOS ZTP is disabled. admin@LEAF-A$ Manually edit the PicOS® configuration file PicOS_start.conf and change the value of the ztp_disable variable. The following snippet from the PicOS® configuration file shows that ZTP has been disabled (ztp_disable=true). admin@LEAF-A$more /etc/PicOS/PicOS_start.conf | grep ztp ztp_disable=true To enable ZTP, you need to set ztp_disable to false. 4.3 Preparation before ZTP Deployment Before powering on the switch to start ZTP deployment, you should make the following preparations: Items Preparations DHCP client It is network reachable, which can communicate with the DHCP server and file server. File server It is configured successfully and is network reachable. DHCP server It is network reachable. If the switch is served as the server, you should configure the IP address of file server, the path and name of provision script and the IP address of Syslog server (optional). Required files Obtain files (image file, L2/L3 configuration file, OVS configuration file, L2/L3 command file or startup file) from FS stuffs, and save them in the working directory of file servers.Note: the provision.sh is generated through running the generate_script file. For details, see Configuration Example for Generating Provision.sh. 4.4 Example for Implementing ZTP Deployment through DHCP 4.4.1 Overview Figure 3. Typical topology of ZTP implementation image.png In Figure 3, switches are configured respectively as the DHCP client and DHCP server. The client uses information configured on a DHCP server to locate the software image and configuration files on the TFTP server, and then download specified files to upgrade system and load configurations. The data plan is shown as below: Device Interface VLAN and IP Address DHCP server te-1/1/1te-1/1/2te-1/1/3 VLAN: 10IP address: 192.168.10.2/24 TFTP server eth0 IP address: 192.168.10.1/24 The image information of Client1 and Client2, and the files to be loaded are shown as below: Device Current version Files to be loaded Client1 PicOS®-9.8.7 Image: PicOS®-9.8.7-main-43d73dd983-x86v.binCommand file: ztpl2l3_cfg.cli Client2 PicOS®-4.4.0 4.4.2 Procedure DHCP Server Step 1 Configure VLAN and interface. admin@PicOS# set vlans vlan-id 10 admin@ PicOS # set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 10 admin@ PicOS # set interface gigabit-ethernet te-1/1/2 family ethernet-switching native-vlan-id 10 admin@ PicOS # set interface gigabit-ethernet te-1/1/3 family ethernet-switching native-vlan-id 10 admin@ PicOS # set vlans vlan-id 10 l3-interface vlan10 admin@ PicOS # set l3-interface vlan-interface vlan10 address 192.168.10.2 prefix-length 24 admin@ PicOS # commit Step 2 Configure DHCP pool. admin@PicOS# set protocols dhcp server pool pool1 network address 192.168.10.2 prefix-length 24 admin@PicOS# set protocols dhcp server pool pool1 lease-time 1440 admin@ PicOS # set protocols dhcp server pool pool1 range range1 low 192.168.10.3 admin@ PicOS # set protocols dhcp server pool pool1 range range1 high 192.168.10.20 admin@ PicOS # set protocols dhcp server pool pool1 tftp-server 192.168.10.1 admin@ PicOS # set protocols dhcp server pool pool1 bootfile-name file-path provision.sh admin@ PicOS # set ip routing enable true admin@ PicOS # commit TFTP Server Step 1 Set the basic configuration of TFTP server. Make sure that the TFTP server is network reachable, which can communicate with the DHCP server and DHCP client. Step 2 Configure files needed to be saved in the TFTP server. For the provision file provision.sh, you need to run generate_script with options 7 and 10 selected to generate it. For details, see Option Description of Shell Script. For the L2/L3 command file ztpl2l3_cfg.cli, you can modify it as needed, such as configuring VLAN20 and VLAN30. Step 3 Save the image file, provision script and L2/L3 command file to the working path of TFTP server. Note: The working path of TFTP server here is /home/admin/tftp, and you should modify it based on the actual circumstances. Step 4 Generate the MD5 file. Enter the directory which saves image file, and run the following Linux command to generate MD5 file. The generated MD5 file will be saved in this directory. Note: The MD5 file name must be the format of image-file-name.md5, otherwise the DHCP server cannot recognize it. admin@TFTP:~$ cd /home/admin/tftp admin@TFTP:~/tftp$ md5sum onie-installer-PicOS-9.8.7-main-43d73dd983x86v.bin > onie-installer-PicOS-9.8.7-main-43d73dd983-x86v.bin.md5 Step 5 View the files saved in the directory of /home/admin/tftp. admin@PicOS:~$ ls /home/admin/tftp ls-20240923-075709.png DHCP Client After completing the above configuration, start client1 and client2. 4.4.3 Verifying the Configuration View the upgrade process of client1 and client2. Client1: for the version is already V9.8.7, it directly loads L2/L3 command configurations. image-20241015-082949.png Client2: for the version is V4.4.0, it upgrades to V9.8.7 and then loads L2/L3 command configurations. image-20241015-083941.png View the L2/L3 command configurations of client1 and client2. image.png 4.5 Appendix: ZTP API The ZTP makes use of the API (application programming interface) defined in the ztp-functions.sh file located in the /usr/bin directory. The API description is shown as below, and you can refer to it when configuring the ZTP function, such as running the generate_script to generate the provision script. NOTE: For APIs with name changed, please use the correct name in the corresponding version, or the error prompt will appear. API Description Parameter Return Value Supported Version ztp_disable Disable ZTP auto-run when switch boots up None 0 = success,1 = failed All ztp_enable Enable ZTP auto-run when switch boots up None 0 = success,1 = failed All add_remote_syslog_server Add the remote Syslog server Parameter #1: the IP address of remote Syslog server(eg: 192.168.1.200) 0 = success,1 = failed All remove_remote_syslog_server Remove the remote Syslog server Parameter #1: the IP address of remote Syslog server(eg: 192.168.1.200) 0 = success,1 = failed All tftp_get_file Get file from TFTP server Parameter #1: file name in TFTP serverParameter #2: file name with path in localParameter #3: IP address of TFTP server 0 = success,1 = failed All http_get_file Get file from HTTP server Parameter #1: file name with path in localParameter #2: file name with HTTP server URL 0 = success,1 = failed V4.5.0E or later versions get_l2l3_config_file Get PicOS® configuration file "pica_startup.boot" from file server Parameter #1:For TFTP download: it is the configuration file name with path on TFTP severFor HTTP download: it is the configuration file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_get_l2l3_config_file. get_ovs_config_file Get PicOS® OVS configuration file "ovs-vswitchd.conf.db" from file server Parameter #1:For TFTP download: it is the configuration file name with path on TFTP severFor HTTP download: it is the configuration file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_ get_ovs_config_file. get_PicOS_startup_file Get PicOS startup file "PicOS_start.conf" from file server Parameter #1:For TFTP download: it is the startup file name with path on TFTP severFor HTTP download: it is the startup file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_ get_PicOS_startup_file. get_PicOS_image Get PicOS image from file server and upgrade Parameter #1:For TFTP download: it is the image file name with path on TFTP severFor HTTP download: it is the image file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_ get_PicOS_image. l2l3_load_config Get a file with PicOS® L2/L3 commands list, and execute these commands. Parameter #1:For TFTP download: it is the commands file name with path on TFTP severFor HTTP download: it is the commands file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed All 5. Configuration Statements and Operational Commands License Installation 5.1 Getting Started with PicOS® License 5.1.1 PicOS® License The PicOS® License (software license) is a software usage authorization that allows users to utilize PicOS®’s Debian Linux operating system, L2/L3 switching and routing functions, as well as OpenFlow features on the corresponding hardware device. The license is specific to the switch it is bound to and is not valid on any other switch. Therefore, it cannot be transferred across devices without authorization. However, once authorized, it remains valid permanently. 5.2 PicOS® License Operation Process 5.2.1 Activating the PicOS® License Follow the steps below to generate and install the PicOS® license. a) Get the switch’s speed type and hardware ID by issuing the following command at switch’s Linux prompt: admin@XorPlus$ license –s b) Use the assigned credential (SSO) by PicOS® License team (license@pica8.com) to login at “License Portal” website. image.png c) In the “License Portal” page, click “New Switch License” as shown below: image.png d) In “New Switch License” page, select Speed type and Feature type based on your purchased order. Then, enter the switch’s hardware ID. License name is optional. image.png e) After clicking the “Add License” button, the license will be added to the database. f) Click the “+” sign of the newly added license to display the “Download” button. image.png g) Click the “Download” button to download the license to the host. The license file name is “hardware_ID.lic”. For example: xxxx-xxxx-xxxx-xxxx.lic image.png h) Copy the downloaded license file (xxxx.lic) to the switch’s folder /home/admin/ by using scp or tftp etc. admin@XorPlus$ sudo scp xxxx.lic /home/admin/ i) Install the license by issuing the following command: admin@XorPlus$ sudo license -i /home/admin/xxxx.lic j) Restart the PicOS® service to activate the license: admin@XorPlus$ sudo systemctl restart PicOS k) After the switch rebooted, use the following command to verify the installed license. admin@XorPlus$ license –sor admin@XorPlus> license show 5.2.2 Installing the PicOS® License Installing License under Linux prompt Installing the License Notes: If no license is installed, only the first four ports and the first two uplink ports (if exist) of the switch are available after the upgrade. To upgrade the switch without production impact, user should install a license before the upgrade. It is possible to install a license in PicOS® 2.3 (starting with PicOS® 2.3.3). To upgrade a switch from a PicOS® version earlier than 2.3, it may be necessary to upgrade to PicOS® 2.3 first to install a license on the system. To avoid this step, user can run a script that can install the license on PicOS® releases earlier than 2.3. Please refer to PicOS® Configuration Guide V4.4.5 or look at the section below for older PicOS® releases. The license file cannot name pica.lic, or license will install failed. Customers can download the generated license file and copy it to the /etc/PicOS/ directory. The following example shows the contents of a switch-based license file: { "Type": "1GE", "Feature":["Open Flow", "Base Product", "Layer3"], "Hardware ID":"8A68-A7AC-D702-70D2", "Expire Date":"2020-10-28" } In the license file shown above, the type is 1GE while the feature is Base Product, Layer3, and Open Flow. Hardware ID is unique to every switch. Note: The switch cannot upgrade to a PicOS® version whose build date is later than the license expiration date. The following example shows the contents of a site-based license file: { "Type": "1GE", "Feature":["Open Flow", "Base Product", "Layer3"], "Mode":"site", "Site Name":"CompanyA", "Expire Date":"2020-10-28" } The license file can be installed with the command-line utility called license with the -i option. The following example installs a license file named js.lic: admin@PicOS:~$ cd /etc/PicOS admin@PicOS:/etc/PicOS$ ls -l total 32 drwxrwxr-x 2 root xorp 4096 Feb 4 22:00 ./ drwxrwxr-x 60 root xorp 4096 Feb 4 21:56 ../ -rw-rw-r-- 1 root xorp 26 Feb 4 18:27 fs_status -rw-r--r-- 1 root root 399 Feb 4 21:59 js.lic -rw-rw-r-- 1 root xorp 247 Sep 4 2014 license.conf -rw-rw-r-- 1 root xorp 183 Aug 10 2014 p2files.lst -rw-rw-r-- 1 root xorp 488 Feb 4 18:28 PicOS_start.conf -rw-r--r-- 1 root root 251 Feb 4 22:00 public.key admin@PicOS:~$ sudo license -i js.lic License successfully added, the switch need to be rebooted to activate the license. admin@PicOS:~$ ls -l total 32 drwxrwxr-x 2 root xorp 4096 Feb 4 22:00 ./ drwxrwxr-x 60 root xorp 4096 Feb 4 21:56 ../ -rw-rw-r-- 1 root xorp 26 Feb 4 18:27 fs_status -rw-rw-r-- 1 root xorp 247 Sep 4 2014 license.conf -rw-rw-r-- 1 root xorp 183 Aug 10 2014 p2files.lst -rw-r--r-- 1 root root 382 Feb 4 22:00 pica.lic -rw-rw-r-- 1 root xorp 488 Feb 4 18:28 PicOS_start.conf -rw-r--r-- 1 root root 251 Feb 4 22:00 public.key -rw-r--r-- 1 root root 251 Feb 4 22:00 switch-public.key admin@PicOS:~$ If the license is installed successfully, after license -i command, the following message will be displayed: License successfully added, the switch need to be rebooted to activate the license. To activate the new license, the switch must be restarted. Displaying License Information User can display the license information using the license -s command at the Linux shell. The following example displays information about the switch-based license: admin@PicOS:~$ license -s { "Type": "1GE", "Feature": ["Open Flow", "Base Product", "Layer3"], "Expire Date": "2020-10-28", "Hardware ID": "8A68-A7AC-D702-70D2" } The following example displays information about the site-based license: admin@PicOS:~$ license -s { "Type": "1GE", "Feature": ["Base Product", "Layer3", "Open Flow"], "Expire Date": "2020-10-28", "Hardware ID": "8A68-A7AC-D702-70D2", "Site Name": " CompanyA " } If the license is not valid, the license -s command generates the following output: admin@PicOS:~$ license -s Invalid license. Use below information to create a license. Type: 1GE Hardware ID: 8A68-A7AC-D702-70D2 admin@PicOS-OVS$ If no license is installed, the license -s command generates the following output: admin@PicOS:~$ license -s No license installed. Use below information to create a license. Type: 1GE Hardware ID: 8A68-A7AC-D702-70D2 admin@PicOS-OVS$ Add License Directly From License Command User can also add the license directly from the license command. The PicOS® 2.6 image supports this command. (1) Paste the license content. (2) Press enter and then press crtl+d. Example for P5401, add a site license: admin@PicOS:/ovs$ sudo license -i - sJXhrpDdd2ZsMemcJ26fqvjjw7vH30gf/4OVtLsROgPNl2VjFQhIJvS3zliF+DK+ tW2QpssH0JB4n8ae9/SumsRWdwdPpbQNB1WaeNq0onWdoTRz2HGiH+XudDAm6B37 kQvCGev7pAe0tCjnB+63F3Z5ZGPbQE89/fNSBGkE6mfZ6dG1F/86C9Bn/MyqkQSI 4uDtRwfo46elZOmwn5aD/mGyh/i2qg8IfhssIn0CbHVaJY8hyt7tYuvgkEb6Xlhx 7i9+qnk9c15ksBdak0f8gxorZDOCacwWACDt/K8NJokOMWTDLnLmDczrXO0Z5l75 eGc7ZygxCjd/jzc5oW9cgIyd License successfully added, the switch need to be rebooted to activate the license. admin@PicOS:/ovs$ Reboot system and license can be activated. Installing and Removing License for PicOS® go2cli Version Installing License under CLI Operation Mode The following steps describe how to install a license under CLI operation mode for PicOS® go2cli version. a) Before loading a license, upload the license file to the device. The following example uploads the license file 10GE-SITE-PICA8.lic to the default path. By default, the TFTP downloaded file is saved in directory /cftmp/. admin@PicOS> file tftp get remote-file /tftp/license/10GE-SITE-PICA8.lic local-file 10GE-SITE-PICA8.lic ip-address 10.10.50.22 b) Run the license install command to install the license. admin@PicOS> license install /cftmp/10GE-SITE-PICA8.lic When the license has been successfully installed, it will display the following information: License successfully added, the switch need to be rebooted to activate the license. c) Reboot the switch or restart PicOS® to activate the license. Choose either one: Reboot the switch admin@PicOS> request system reboot Restart PicOS® service licadmin@PicOS> start shell sh admin@PicOS:~$ sudo service PicOS restart admin@PicOS:~$ exit exit admin@PicOS> d) After PicOS® starts up, run the license show command to view the license information. admin@PicOS> license show { "Type": "10GE", "Feature": ["Base Product", "Layer3", "OpenFlow"], "Support End Date": "2020-10-28", "Hardware ID": "196B-A2AE-147A-73F2", "Site Name": "PICA8" } Removing License under CLI Operation Mode The following steps describe how to remove a license under CLI operation mode for PicOS® go2cli version. admin@PicOS> license remove admin@PicOS> license show No license installed. Use below information to create a license. Type: 10GE Hardware ID: 196B-A2AE-147A-73F2 5.2.3 PicOS® License FAQ User may encounter various problems during license installation as detailed below. The public.key file cannot be found. admin@PicOS:~$ sudo license -i js.lic Install failed: Cannot find public key. The license file does not exist. admin@PicOS:~$ sudo license -i js.lic Install failed: No such file or directory. The header or the key is disrupted. admin@PicOS:~$ sudo license -i js.lic Install failed: License or KEY is disrupted. The license format is not valid. admin@PicOS:~$ sudo license -i js.lic Install failed: License format error. The license file is not compatible with the switch (verify failed). admin@PicOS:~$ sudo license -i js.lic Install failed: Invalid license.

Home/
Documentazione/
PicOS® PoE+ Switch/
1G PicOS® PoE+ Switch/
S3410C-8TMS-P/
Deployment Guide/

S5860 Series PicOS® Switches Data Sheet

image

30 ott. 2025 - S5860 Series PicOS® Switches Data Sheet Product Overview The S5860 Series PicOS® enterprise switches deliver high availability, scalability, and performance for enterprise campus deployments. Built on the Broadcom BCM56170 chip, these switches offer flexible port configurations ranging from 20, 24 to 48 ports, including 10GbE, 25GbE, and 40GbE, all within a compact 1U form factor, delivering up to 1.32 Tbps of reliable connectivity to secure routers, servers, and switches. All S5860 switches are equipped with high-availability features, such as redundant, hot-swappable power supplies and smart fans, ensuring maximum uptime. Additionally, multigigabit models support 100M/1G/2.5G/5G/10GBASE-T speeds. Power over Ethernet (PoE)-enabled models to support standards-based 802.3bt PoE++ and perpetual PoE, delivering up to 90W per port to support high-density devices like Wi-Fi 6/6E/7 wireless access points, VoIP phones and IP cameras. With advanced Layer 2/3 features such as MLAG, BGP, OSPF, NAC, and sFlow, the S5860 Series enables flexible and scalable network architectures, making it ideal for campus, branch, and data center access. The S5860 Series can be managed by the AmpCon-Campus management platform, enabling automated lifecycle management from Day 0 to Day 2+. The platform features Zero Touch Provisioning (ZTP), topology discovery, and real-time telemetry, optimizing workflow automation and enhancing visibility into the performance of connected devices. image.png Figure 1. S5860 Series Switches Features and Benefits Broadcom Chip Built on the Broadcom BCM56170 chip, the S5860 series switches offer high-speed data transfer, low latency, and high throughput, enhancing performance for superior stability and reliability. PicOS® Operating System The S5860 series switches run on the PicOS®. This unified operating system allows users to manage networks more efficiently and deploy new services more quickly, allowing all PicOS®-powered products to be updated simultaneously with the same software release. All features are fully regression tested, making each new release a true superset of the previous version. AmpCon-Campus Management Platform AmpCon-Campus management platform centrally manages PicOS® enterprise switches, providing automated full lifecycle management from Day 0 to Day 2+, enabling efficient automated deployment and configuration, monitoring and troubleshooting. Day 0: Enables Zero Touch Provisioning (ZTP), allowing the switch to automatically retrieve and apply initial configuration files without manual setup. Day 1: Fast deployment and configuration with Zero-Touch Provisioning (ZTP) and automation. AmpCon-Campus leverages ZTP for hands-free configuration of PicOS® enterprise switches, powered by flexible configuration templates that enable hundreds to thousands of switches to be deployed rapidly at scale with minimal errors. Day 2+: Support Telemetry, collecting real-time device data and sending it to the AmpCon-Campus management platform. It enables switch health monitoring and anomaly detection, providing fault alerts and triggering email notifications to help administrators quickly diagnose and resolve network issues, streamlining IT operations and enhancing the user experience. For more information, see AmpCon-Campus Management Platform. img_v3_02ko_9b8129b0-6f04-4acd-ae1c-873bafd0ef9g.jpg Figure 2. AmpCon-Campus Management Platform Multi-Chassis Link Aggregation (MLAG) MLAG allows two S5860 switches to operate as independent devices with separate control planes while eliminating STP by enabling link aggregation on connected devices. This enhances network bandwidth, improves reliability and availability, and ensures seamless operation of critical services. image.png Figure 3. Multi-Chassis Link Aggregation (MLAG) Perpetual PoE PoE-enabled models of the S5860 series feature Perpetual PoE, keeping devices powered without interruption — even during reboots. Security The S5860 series switches provide flexible and comprehensive user identity verification and access control through features such as ACLs, 802.1X, and AAA. It also supports IPv4/IPv6 Source Guard, IPv6 DHCP Guard, IPv4/IPv6 DHCP Snooping, Dynamic ARP Inspection (DAI), and IPv6 ND Detection and Snooping, which effectively manage network access, enhance security, and optimize resource usage. High Availability The S5860 series switches also include a variety of other high availability features, including redundant, hot-swappable power and fans, graceful protocol restart, equal-cost multipath (ECMP), Link Aggregation (LACP), Virtual Router Redundancy Protocol (VRRP), Bidirectional Forwarding Detection (BFD) for fast link failure detection, Unidirectional Link Detection (UDLD), and Ethernet Ring Protection Switching (ERPS), ensuring maximum uptime and reliability for mission-critical network operations. Product Specifications Physical Specifications Tables 1 through 3 show the FS S5860 series physical specifications. Notice: Port Density includes both native xxG ports and ports that support downshifting. Port Density (with breakout cable) includes native xxG ports, downshifted ports, and the ports available after splitting. Table 1. Physical specifications of S5860 Series Switches FS P/N S5860-20SQ S5860-24XB-U S5860-24MG-U S5860-48MG-U Description S5860-20SQ, 24-Port Ethernet L3 Switch, 20 x 10Gb SFP+, with 4 x 25Gb SFP28 and 2 x 40Gb QSFP+, PicOS®, Support MLAG, Broadcom Chip S5860-24XB-U, 24-Port Ethernet L3 PoE++ Switch, 24 x 10GBASE-T/Multi- Gigabit, 4 x 10Gb SFP+, with 4 x 25Gb SFP28 Uplinks, PicOS®, Support MLAG & Perpetual PoE, Broadcom Chip S5860-24MG-U, 24-Port Ethernet L3 PoE++ Switch, 24 x 5GBASE-T/Multi- Gigabit Ports, with 4 x 25Gb SFP28 Uplinks, PicOS®, Support MLAG & Perpetual PoE, Broadcom Chip S5860-48MG-U, 48-Port Ethernet L3 PoE++ Switch, 48 x 5GBASE-T/Multi-Gigabit Ports, 4 x 25Gb SFP28, with 2 x 40Gb QSFP+ Uplinks, PicOS®, Support MLAG & Perpetual PoE, Broadcom Chip Port 1G Port Density 20 28 24 48 2.5/5G Port Density - 24 24 48 10G Port Density 26 32 4 4 25G Port Density 4 4 4 4 40G Port Density 2 - - 2 10G Port Density (with breakout cable) 32 32 4 4 25G Port Density (with breakout cable) 4 4 4 4 40G Port Density (with breakout cable) 2 - - 2 Management Ports 1 1 1 1 Console Port 1 1 1 1 USB Port 1 1 1 1 Memory and processor Switch chip BCM56170 BCM56170 BCM56170 BCM56170 CPU ARM A9 Quad-Core CPU, 1.2GHz ARM A9 Quad-Core CPU, 1.2GHz ARM A9 Quad-Core CPU, 1.2GHz ARM A9 Quad-Core CPU, 1.2GHz DRAM 1GB 1GB 1GB 1GB SDRAM 1GB 1GB 1GB 1GB Flash memory 1GB 1GB 1GB 1GB Latency 1.11μs 1.11μs 1.28μs 1.28μs Packet buffer 4MB 4MB 4MB 4MB Mean-time between failures MTBF (hours) >366,000 >233,000 >194,297 >194,297 Weight & Dimension Weight 10.14 lbs (4.6kg) 21.6 lbs (9.8kg) 8.2 lbs (3.7kg) 17.8 lbs (8.1kg) Dimension 1.72''x17.32''x12.99'' (43.6x440x330mm) 1.74''x17.32''x17.81'' (44.1x440x452.5mm) 1.72''x17.4''x16.5'' (43.6x442x420mm) 1.72''x17.4''x16.5'' (43.6x442x420mm) Rack units (RU) 1 RU 1 RU 1 RU 1 RU Power supplies and fans Power supply Dual 1+1 redundant power supplies (AC) Dual 1+1 redundant power supplies (AC) 1 built-in power supply (AC) Dual 1+1 redundant power supplies (AC) Power-supply input receptacles C13 C13 C13 C13 Input-voltage range and frequency Rated voltage range: 100-240VAC; 50-60Hz Maximum voltage range: -AC input: 90-264VAC; 47-63Hz; Input current 3A (MAX) at 90V 7A (MAX) at 90V 6A (MAX) at 90V 8A (MAX) at 90V Power cord rating 10A 10A 10A 10A Power supply efficiency 85% (220Vac 50% load) 90% (230Vac 100% load) 92% (220Vac 50% load) 92% (220Vac 50% load) Power max rating 150W 515W AC input:90-290V,45/65Hz AC input:90-290V,45/65Hz Max. power consumption 85W Single Power:120W (380W with PoE) Dual Power: 120W (760W with PoE) 120W (460W with PoE) Single Power: 240W (1000W with PoE) Dual Power: 240W (2000W with PoE) Output ratings Main output: 12V 12.5A Main output: 12V 11.25A Standby output: 53.5V 7.11A Main output: 56V 8.22A Main output: 56V 8.22A Output holdup time 20ms 11ms 20ms 20ms Fan number 2x Hot-swappable Fans 3x Hot-swappable Fans (2+1 Redundancy) 2 Built-in Fans 2+1 Hot-swappable Fans Airflow Front-to-Back Front-to-Back and Left-to-Back Front-to-Back and Left-to-Back Front-to-Back and Left-to-Back Acoustic noise <78dB <78dB <78dB <78dB Maximum fan speed 18000rpm 18000rpm 18000rpm 18000rpm PoE standard - IEEE 802.3af/at/bt IEEE 802.3af/at/bt IEEE 802.3af/at/bt PoE budget - 370W (single-power); 740W (dual-power) 370W (single-power) 1600W (dual-power) Environmental Ranges Operating temperature 0 to 50ºC (32 to 122°F) 0 to 45ºC (32 to 113°F) 0 to 45°C (32 to 113°F) 0 to 45°C (32 to 113°F) Storage temperature -40 to 70ºC (-40 to 158°F) -40 to 70ºC (-40 to 158°F) -40 to 70°C (-40 to 158°F) -40 to 70°C (-40 to 158°F) Operating humidity 10% to 90% (Non-condensing) 10% to 90% (Non-condensing) 10% to 90% (Non-condensing) 10% to 90% (Non-condensing) Storage humidity 5% to 95% (Non-condensing) 5% to 95% (Non-condensing) 5% to 95% (Non-condensing) 5% to 95% (Non-condensing) Temperature alarm Supported Supported Supported Supported Acoustic noise <78dB <78dB <78dB <78dB Connectors Connectors and cabling 1/10GBASE-T ports: RJ-45 connectors, 4-pair Cat5E/Cat6/Cat6a UTP cabling SFP transceivers: LC fiber connectors (single-mode or multimode fiber) SFP+ transceivers: LC fiber connectors (single-mode or multimode fiber) SFP28 transceivers: LC fiber connectors (single-mode or multimode fiber) QSFP+ transceivers: MPO and LC fiber connectors (single-mode or multimode fiber) Ethernet management port: RJ-45 connectors, 4-pair Cat5 UTP cabling Management console port: RJ-45-to-DB9 cable for PC connections Power connectors Customers can provide power to a switch by using the internal power at the back of the switch Internal power supply connector: The internal power supply is an auto-ranging unit. It supports input voltages between 100 (115 for 1100WAC) and 240 VAC. Use the supplied AC power cord to connect the AC power connector to an AC power outlet Table 2. Physical specifications of S5860 Series Switches FS P/N S5860-24XMG S5860-48XMG-U S5860-48XMG Description S5860-24XMG, 24-Port Ethernet L3 Switch, 24 x 10GBASE-T/Multi-Gigabit Ports, 4 x 10Gb SFP+, with 4 x 25Gb SFP28 Uplinks, PicOS®, Support MLAG, Broadcom Chip S5860-48XMG-U, 48-Port Ethernet L3 PoE++ Switch, 48 x 10GBASE-T/Multi-Gigabit Ports, 4 x 25Gb SFP28 Uplinks, with 2 x 40Gb QSFP+ Uplinks, PicOS®, Support MLAG & Perpetual PoE, Broadcom Chip S5860-48XMG, 48-Port Ethernet L3 Switch, 48 x 10GBASE-T/Multi-Gigabit Ports, 4 x 25Gb SFP28, with 2 x 40Gb QSFP+ Uplinks, PicOS®, Support MLAG, Broadcom Chip Port 1G Port Density 28 48 48 2.5/5G Port Density 24 48 48 10G Port Density 32 52 52 25G Port Density 4 4 4 40G Port Density - 2 2 10G Port Density (with breakout cable) 32 60 60 25G Port Density (with breakout cable) 4 4 4 40G Port Density (with breakout cable) - 2 2 Management Ports 1 1 1 Console Port 1 1 1 USB Port 1 1 1 Memory and processor Switch chip BCM56170 BCM56170 BCM56170 CPU ARM A9 Single-Core CPU, 1.25GHz ARM A9 Single-Core CPU, 1.25GHz ARM A9 Single-Core CPU, 1.25GHz DRAM 2GB 2GB 2GB SDRAM 2GB 2GB 2GB Flash memory 1GB 1GB 1GB Latency 1.28μs 1.28μs 1.28μs Packet buffer 4MB 4MB 4MB Mean-time between failures MTBF (hours) >236,695 >236,695 >236,695 Weight & Dimension Weight 17.8 lbs (8.1kg) 17.8 lbs (8.1kg) 17.8 lbs (8.1kg) Dimension 1.72''x17.4''x16.5'' (43.6x442x420mm) 1.72"x17.4"x16.5" (43.6x442x420mm) 1.72''x17.4''x16.5'' (43.6x442x420mm) Rack units (RU) 1 RU 1 RU 1 RU Power supplies and fans Power supply Dual 1+1 redundant power supplies (AC) Dual 1+1 redundant power supplies (AC) Dual 1+1 redundant power supplies (AC) Power-supply input receptacles C13 C13 C13 Input-voltage range and frequency Rated voltage range: 100-240VAC; 50-60Hz Maximum voltage range: AC input: 90-264VAC; 47-63Hz; Input current 8A (MAX) at 90V 8A (MAX) at 90V 8A (MAX) at 90V Power cord rating 10A 10A 10A Power supply efficiency 92% (220Vac 50% load) 92% (220Vac 50% load) 92% (220Vac 50% load) Power max rating AC Input: 90-264V, 47/63 Hz AC Input: 90-264V, 47/63 Hz AC Input: 90-264V, 47/63 Hz Max. power consumption 110W Single Power: 240W (1000W with PoE) Dual Power: 240W (2000W with PoE) 240W Output ratings Main output: 56V 8.22A Standby output: 56V 16.61A Main output: 56V 8.22A Standby output: 56V 16.61A Main output: 56V 8.22A Standby output: 56V 16.61A Output holdup time 20ms 20ms 20ms Fan number 2+1 Hot-swappable Fans 2+1 Hot-swappable Fans 2+1 Hot-swappable Fans Airflow Front-to-Back and Left-to-Back Front-to-Back and Left-to-Back Front-to-Back and Left-to-Back Acoustic noise <78dB <78dB <78dB Maximum fan speed 18000rpm 18000rpm 18000rpm PoE standard - IEEE 802.3af/at/bt - PoE budget - 1600W (dual-power) - Environmental Ranges Operating temperature 0 to 45ºC (32 to 113°F ) 0 to 45ºC (32 to 113°F ) 0 to 45ºC (32 to 113°F ) Storage temperature -40 to 70ºC (-40 to 158°F) -40 to 70ºC (-40 to 158°F) -40 to 70ºC (-40 to 158°F) Operating humidity 10% to 90% (Non-condensing) 10% to 90% (Non-condensing) 10% to 90% (Non-condensing) Storage humidity 5% to 95% (Non-condensing) 5% to 95% (Non-condensing) 5% to 95% (Non-condensing) Temperature alarm Supported Supported Supported Acoustic noise <78dB <78dB <78dB Connectors Connectors and cabling 1/10GBASE-T ports: RJ-45 connectors, 4-pair Cat5E/Cat6/Cat6a UTP cabling SFP transceivers: LC fiber connectors (single-mode or multimode fiber) SFP+ transceivers: LC fiber connectors (single-mode or multimode fiber) SFP28 transceivers: LC fiber connectors (single-mode or multimode fiber) QSFP+ transceivers: MPO and LC fiber connectors (single-mode or multimode fiber) QSFP28 transceivers: MPO and LC fiber connectors (single-mode or multimode fiber) Ethernet management port: RJ-45 connectors, 4-pair Cat5 UTP cabling Management console port: RJ-45-to-DB9 cable for PC connections Power connectors Customers can provide power to a switch by using the internal power at the back of the switch Internal power supply connector: The internal power supply is an auto-ranging unit. It supports input voltages between 100 (115 for 1100WAC) and 240 VAC. Use the supplied AC power cord to connect the AC power connector to an AC power outlet Notice: RJ45 ports can be used as 100M/1/2.5/5/10G ports for Ethernet connection. SFP+ ports can be used for 1/10G fiber connection, support 10G-T SFP+ copper transceivers but do not support 1G-T SFP copper transceivers. SFP28 can be used for 10/25G connection. QSFP+ can be used for 40G or 4x 10G connection. QSFP28 can be used for 40G/100G or 4x10G/4x25G connection. Table 3. Power cord information of S5860 Series Switches Countries Power Cord Standard Male Plug Female Connector Voltage Compatibility Maximum Input Amps United States, Canada, Mexico, Puerto Rico, Guam, Japan, Virgin Islands (U.S.) US NEMA 5-15P IEC60320 C13 100-250VAC 10A United Kingdom, Hong Kong, Singapore, Malaysia, Maldives, Qatar, India UK BS1363 IEC60320 C13 100-250VAC 13A Continental Europe, South Africa, Switzerland, Italy, Indonesia EU CEE 7 IEC60320 C13 100-250VAC 16A China, Australia, New Zealand, Argentina CN GB16A IEC60320 C13 100-250VAC 10A Notice: Power cords are matched according to the delivery destination. Software Specifications Table 4. Software Specifications of S5860 Series Switches Functionality Description High Availability Multi-Chassis Link Aggregation (MLAG) Graceful protocol restart ( OSPFv2/v3) Virtual Router Redundancy Protoco(VRRP) Bidirectional Forwarding Detection(BFD) Uplink failure detection (UFD) Unidirectional Link Detection (UDLD) Ethernet Ring Protection Switching (ERPS) Nonstop bridging: LACP, xSTP Nonstop routing: PIM, OSPF v2 and v3, RIP v2, BGP, ISIS, IGMP v1, v2, v3 Standby IP Address Security MAC limiting (per port and per VLAN) Allowed MAC addresses configurable per port Dynamic Address Resolution Protocol (ARP) inspection (DAI) IPv4/IPv6 Source Guard (IPSG) Local proxy ARP Static ARP support IPv4/IPv6 DHCP Snooping AAA Radius/TACACS+, Console Login, OUT-band/INBAND Login, Local Authentication, local authentication fallback DoS attack protection Network Access Control(NAC) Enable or disable port security Trust Port, ARP Packets Validity Checking, User Legitimacy Checking, ARP Inspection Access List Control Plane Policing (CoPP) IPv6 DHCP Guard IPv6 ND Inspection IPv6 ND Snooping Device Management AmpCon-Campus Management Platform for Day 0, Day 1, and Day 2+ Configuration Deployment Zero touch provisioning (ZTP) Telemetry for Real-time Network Monitoring SNMP v1/v2/v3, RMON sFlow Role-based CLI management and access CLI via console, telnet, or SSH Web Programmability: NETCONF, RESTCONF, Ansible, OpenFlow Extended ping and traceroute Syslog management Power-on diagnostics PicOS® configuration rescue and rollback, image rollback Local file management, Configuration file management File operations via FTP/TFTP/HTHP Install from a local directory, automatically install Certificate Configuration Dynamic Host Configuration Protocol(DHCP) Domain Name System (DNS) Link Layer Discovery Protocol (LLDP) Network Time Protocol (NTP) Hardware management User management: console interface configuration, VTY interface configuration, Username, password, and permission configuration User login: console, SSH, telnet Perpetual PoE Layer 2 Features Spanning Tree Protocol (STP) Loopback Detection VLAN Port Mode: ACCESS, Trunk Routed VLAN interface (RVI) VLAN: Port-based VLAN, MAC Trace, MAC-based VLAN MAC address filtering GRE tunneling QinQ: Basic QinQ, Flexible QinQ Static MAC address assignment for interface Per VLAN MAC learning (limit) MAC learning deactivate Link Aggregation and Link Aggregation Control Protocol (LACP) (IEEE 802.3ad) IEEE 802.1AB Link Layer Discovery Protocol (LLDP) MAC notification MAC address aging configuration Persistent MAC (sticky MAC) Address Resolution Protocol (ARP) Static MAC entries and Dynamic MAC Address Learning Static Link Aggregation (LAG) Configuration GARP VLAN Registration Protocol(GVRP) Multiple VLAN Registration Protocol(MVRP) Private VLAN Voice VLAN Ethernet Ring Protection Switching (ERPS) Unidirectional Link Detection (UDLD) Layer 3 Features IPv4/v6 Addressing, SVI, Routed interface Static ARP support Proxy Address Resolution Protocol (ARP) Virtual router Virtual router support for IPv6 unicast IPv4/IPv6 static routing, Multiple nexthop static route Routing policy Routing protocols (RIP, RIPng, OSPF v2/v3, IS-IS v4/v6, BGP v4/v6) Route Map PBR (Policy-Based Routing) Equal-Cost Multipath Routing (ECMP) Virtual Routing and Forwarding (VRF) Bidirectional Forwarding Detection (BFD) protocol Virtual Router Redundancy Protocol (VRRP v2/v3) Multicast Features Internet Group Management Protocol (IGMP): v2, v3 IGMP snooping: v2, v3 PIM-SM Multicast Source Discovery Protocol (MSDP) Dynamic Host Configuration Protocol (DHCP) relay DHCP snooping Secure interface login and password SNMP, NTP, DNS, RADIUS, TACACS+, AAA SSH v1, v2 Control plane denial-of-service (DoS) protection Dynamic ARP inspection (DAI) Filter based forwarding IP directed broadcast traffic forwarding IPv4 over GRE (encap and decap) IPv6 Class of Service(CoS) IPv6 ping IPv6 traceroute Neighbor discovery protocol Path MTU discovery ECMP Quality of Service L2 and L3 QoS L2 classification criteria Rate limiting: Ingress policing: 1 rate 2 color, 2 rate 3 color Egress policing: Policer, policer mark down action Egress shaping: Per queue, per port Traffic policing: guaranteed-rate, max-rate, Traffic classifier Queue scheduler: SP WRR WFQ Congestion avoidance capabilities: WRED Congestion avoidance: ECN Priority-based flow control (PFC)—IEEE 802.1Qbb Ingress Buffer Multicast IGMP v2/v3 query IGMP v2/v3 snooping Protocol Independent Multicast(PIM) Multicast routing and forwarding Multicast VLAN Registration (MVR) Mrouter port, static group, unregistered flood PIM BSR(Bootstrap Router) Link Aggregation Multichassis link aggregation (MLAG) Link Aggregation Control Protocol(LACP) LAG Load Balancing Algorithm: Traffic Distribution Strategy Based on Traffic Type (Bridged or Routed) and Traffic Pattern (Unicast or Multicast) Access Control List Downloadable ACL Dynamic ACL Match field: destination-address-ipv4, destination-address-ipv6, destination-mac-address, destination-port, ether-type, first-fragment, ip, is-fragment, protocol, source-address-ipv4, source-address-ipv6, source-mac-address, source-port, time-range, vlan ACL-based Traffic Policer ACL-based QoS ACL-based remarked Troubleshooting Debugging: CLI via console, Telnet, or SSH Diagnostics: Show and debug command, statistics Traffic mirroring (port) Traffic mirroring (VLAN) IP tools: Extended ping and trace Network commit and rollback Platform Specifications Tables 5 through 6 show the FS S5860 series platform specifications. Table 5. Plaform Specifications of S5860 Series Switches FS P/N S5860-20SQ S5860-24XB-U S5860-24MG-U S5860-48MG-U Performance specifications Switching capacity 760 Gbps 760 Gbps 440 Gbps 840 Gbps Forwarding rate 565 Mpps 565 Mpps 327 Mpps 625 Mpps Total number of MAC addresses 32768 32768 32768 32768 Jumbo frame 9216 bytes 9216 bytes 9216 bytes 9216 bytes Hardware queues per port 8 8 8 8 Table 6. Plaform Specifications of S5860 Series Switches FS P/N S5860-24XMG S5860-48XMG-U S5860-48XMG Performance specifications Switching capacity 760 Gbps 1320 Gbps 1320 Gbps Forwarding rate 565 Mpps 982 Mpps 565 Mpps Total number of MAC addresses 32768 32768 32768 Jumbo frame 9216 bytes 9216 bytes 9216 bytes Hardware queues per port 8 8 8 Standards Compliance IEEE Standards IEEE 802.1D IEEE 802.1w IEEE 802.1Q IEEE 802.1p IEEE 802.1ad IEEE 802.3ad IEEE 802.1AB IEEE 802.3x IEEE 802.1Qbb IEEE 802.1Qaz IEEE 802.1X IEEE 802.1ah IEEE 802.3ab IEEE 802.3bz IEEE 802.3ae IEEE 802.3by IEEE 802.3ba IEEE 802.3af IEEE 802.3at IEEE 802.3bt RFC – SPECIFIED MIBs RFC 1157 SNMPv1 RFC 1212 Concise MIB definition RFC 1213 MIB II RFC 1215 SNMP traps RFC 1256 ICMP router discovery RFC 1493 Bridge MIB RFC 1573 Interface Evolution MIB RFC 1643 Ether-like MIB RFC 1901 Community based SNMPv2 RFC 1905 Protocol Operations for SNMPv2 RFC 1906 Transport Mappings for SNMPv2 RFC 1907 Management Information Base for SNMPv2 RFC 1908 Coexistence between SNMPv1 and SNMPv2 RFC 1997 BGP Communities Attribute RFC 2021 RMON2 probes RFC 2096 IP Forwarding table MIB RFC 2233 The Interface Group MIB using SNMPv2 RFC 2439 BGP Route Flap Damping RFC 2545 Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing RFC 2665 Ethernet-like Interfaces RFC 2796 BGP Route Reflection – An Alternative to Full Mesh IBGP RFC 3065 Autonomous System Confederations for BGP RFC 3392 Capabilities Advertisement with BGP-4 RFC 4893 BGP Support for Four-octet AS Number Space RFC3107 - Labeled BGP RFC4607 - PIM SSM RFC3376 - IGMPv3 RFC6241 NETConf Pica8 Private MIB UCD-SNMP-MIB Safety and Compliance At FS, our Quality Commitment lies in all aspects of processes, resources, and methods that enable us to build superior networks for our customers. Through a quality policy focusing on continuous improvement of products and services, we're able to achieve the highest levels of satisfaction for our customers. To that end, every FS employee is accountable for contributing to the value of the products and services we deliver. To get the detailed certification, please go to the Compliance Center. Table 7. Safety and Compliance of S5860 Series Switches Certification Standards Safety EMC Environmental Compliance Others Certifications CE-LVD CB UL CE-EMC FCC ISED VCCI ISO 14001 RoHS REACH WEEE ISO 9001 Anatel Certification Marks image.png image.png image.png image.png image.png img_v3_02kq_c5a3e39b-79f2-4b79-a5ee-6431e3f4885g.png image.png image.png image.png image.png image.png image.png image.png S5860-20SQ √ √ √ √ √ √ √ √ √ √ √ √ - S5860-24XB-U √ - - √ √ - √ √ √ √ √ √ - S5860-24MG-U √ - - √ √ √ - √ √ √ √ √ √ S5860-24XMG √ - - √ √ √ - √ √ √ √ √ - S5860-48XMG-U √ - - √ √ √ - √ √ √ √ √ - S5860-48XMG √ - - √ √ √ - √ √ √ √ √ - Telco Common Language Equipment Identifier (CLEI) code Warranty, Service and Support FS S5860 Series Switches enjoy 5-year limited warranty against defects in materials or workmanship. For more information on FS Returns & Refunds policy, visit FS Product Warranty or FS Return Policy. FS provides a personal account manager, free professional technical support, and 24/7 live customer service for each customer. Professional Lab: Test each product with the latest and advanced networking equipment. Free Technical Support: Provide free & tailored solutions and services for your businesses. 80% Same-day Shipping: Immediate shipping for in-stock items. Fast Response: Direct and immediate assistance from an expert. For more information, visit FS Help Center. Ordering Information Table 8. Ordering information FS P/N Product description Switch hardware S5860-20SQ S5860-20SQ, 24-Port Ethernet L3 Switch, 20 x 10Gb SFP+, with 4 x 25Gb SFP28 and 2 x 40Gb QSFP+, PicOS®, Support MLAG, Broadcom Chip S5860-24XB-U S5860-24XB-U, 24-Port Ethernet L3 PoE++ Switch, 24 x 10GBASE-T/Multi-Gigabit, 4 x 10Gb SFP+, with 4 x 25Gb SFP28 Uplinks, PicOS®, Support MLAG, Broadcom Chip S5860-24MG-U S5860-24MG-U, 24-Port Ethernet L3 PoE++ Switch, 24 x 5GBASE-T/Multi-Gigabit Ports, with 4 x 25Gb SFP28 Uplinks, PicOS®, Support MLAG, Broadcom Chip S5860-48MG-U S5860-48MG-U, 48-Port Ethernet L3 PoE++ Switch, 48 x 5GBASE-T/Multi-Gigabit Ports, 4 x 25Gb SFP28, with 2 x 40Gb QSFP+Uplinks, PicOS®, Support MLAG, Broadcom Chip S5860-48XMG-U S5860-48XMG-U, 48-Port Ethernet L3 PoE++ Switch, 48 x 10GBASE-T/Multi-Gigabit Ports, 4 x 25Gb SFP28 Uplinks, with2x40GbQSFP+ Uplinks, PicOS®, Support MLAG, Broadcom Chip S5860-24XMG S5860-24XMG, 24-Port Ethernet L3 Switch, 24 x 10GBASE-T/Multi-Gigabit Ports, 4 x 10Gb SFP+, with 4 x 25Gb SFP28 Uplinks, PicOS®, Support MLAG, Broadcom Chip S5860-48XMG S5860-48XMG, 48-Port Ethernet L3 Switch, 48 x 10GBASE-T/Multi-Gigabit Ports, 4 x 25Gb SFP28, with 2 x 40Gb QSFP+ Uplinks, PicOS®, Support MLAG, Broadcom Chip AmpCon-Campus Management Platform LIS-AMPCON-CAM-FPSW-Foundation-90D Free Trial of AmpCon-Campus Management Platform for PicOS® Enterprise Switches, Support Remote Deployment and Automate Network Management (Per Device) LIS-AMPCON-CAM-FPSW-Foundation-1Y AmpCon-Campus Management Platform for PicOS® Enterprise Switches with 1 Year Service Bundle, Support Remote Deployment and Automate Network Management (Per Device) LIS-AMPCON-CAM-FPSW-Foundation-3Y AmpCon-Campus Management Platform for PicOS® Enterprise Switches with 3 Years Service Bundle, Support Remote Deployment and Automate Network Management (Per Device) LIS-AMPCON-CAM-FPSW-Foundation-5Y AmpCon-Campus Management Platform for PicOS® Enterprise Switches with 5 Years Service Bundle, Support Remote Deployment and Automate Network Management (Per Device) Power supplies PSM-C150WAC Hot-swappable AC Power Module 150W, for S5860-20SQ, S5810-48FS Switches P1D-K0150-B Hot-swappable DC Power Module 150W, for S5860-20SQ, S5810-48FS PSM-C515WACP Hot-swappable AC Power Module 515W, for S5860-24XB-U Fan Module M1SFAN-I-F Hot-swappable Fan Module, Front-to-Back Airflow through the S5860-20SQ About FS FS Inc. is a trusted provider of ICT products and solutions to enterprise customers worldwide. Established in 2009, the company focuses on HPC, Data Center, Enterprise, Telecom, providing tailored product development and solution design based on professional customer needs. Leveraging dedicated R&D and testing teams, comprehensive technical service experts, a robust supply chain system, globalized warehousing centers, and convenient shopping platform, FS delivers a wide range of highly efficient customer-centric ICT products, solutions and services to global vertical industry and enterprise customers across ISP, telecom, retail, education, etc. Through continuous technology innovation and brand partnership, FS products and solutions have served more than 900,000 users in over 200 countries. Document History New or revised topic Described in Date Updates to FS S5860 Series Switches Data Sheet Updated All 2025-03-27 Updates to FS S5860 Series Switches Data Sheet Updated Platform Benefits 2024-07-26 Updates to FS S5860 Series Switches Data Sheet Updated Platform Benefits 2024-07-16 Updates to FS S5860 Series Switches Data Sheet Updated Product Highlights and Description 2024-06-06 Updates to FS S5860 Series Switches Data Sheet Updated All 2024-02-01

Home/
Documentazione/
PicOS® Switch Aziendali/
10/25G PicOS® Switch/
S5860-24XMG/
Scheda tecnica/

PicOS® FAQ

07 ott. 2025 - PicOS® FAQ Models: PicOS®License、PicOS®Switches Chapter 1 General PicOS® FAQ 1.1 What is PicOS®? PicOS® is Network Operating System (NOS) for enterprise networks within distributed campuses and data centers. PicOS® includes legacy Layer-2 / Layer-3 switching mode (L2/L3 mode) and OpenFlow through Open vSwitch (OVS) which is called OVS mode. 1.2 What is OpenFlow? OpenFlow is becoming a required feature in commercial Ethernet switches, routers and wireless access points – and provides a standardized interface to the forwarding tables, to allow the advantages of an SDN architecture to be realized, independent of the internal workings of their network devices. OpenFlow is open-source software governed by the Open Networking Foundation (https://www.opennetworking.org) and is supported by Pica8. 1.3 What is OVS? OVS stands for Open vSwitch, which is a multilayer software switch developed by Nicira and now governed by this community: https://www.openvswitch.org. OVS has been ported to the PicOS® environment and is what brings OpenFlow functionality to PicOS®. 1.4 What is ONIE? ONIE stands for Open Network Install Environment, which is a small operating system, pre-installed as firmware on each switch. It provides an environment for automated operating system provisioning. 1.5 What are switches supported by PicOS®? PicOS® compatible hardware includes FS, Dell, Delta, and Edgecore. For specific models, please check the documentation (PicOS® Hardware Compatibility Matrix) 1.6 What is a PicOS® License? A PicOS® license is a legal instrument governing the use and upgrade of PicOS® on a specific device. FS is using a Perpetual License model, which means you own the software and can use your software as long as you want. If there is no legitimate license installed in the switch, only the first four physical ports will be enabled. The expiration date is applied when you begin to upgrade the switch to a newer version of PicOS®. The upgrade will not take effect if the expiration date is earlier than the build date of the PicOS® image. 1.7 How does PicOS® pricing work?And how long is the license valid for? FS offers a single license model, which means that each device only needs one license to use all functions anywhere on the network.The cost varies depending on the license speed. Once purchased, the license is permanently valid. If you purchase FS PicOS® switch, you will obtain PicOS® software License, and 5 years technical support service. 1.8 Does PicOS® have a regular update schedule? We typically release new version updates every 3 to 6 months. When a new PicOS® software version is available, you can find it in the Resource section on the FS website. You have the option to download and install the update from the website, or you can get in touch with your Account Manager (AM) for details on version updates, bug fixes, and new features, as well as to obtain the installation package. Please note: You can only install the software on hardware that is still under a valid service period. If the license has expired, it is not allowed to upgrade a major release (e.g. 4.1 to 4.2). However, it will not affect upgrading to a minor release (e.g. 4.1 .1 to 4.1.2). 1.9 What are the differences between PicOS® and Cumulus Linux? Cumulus Linux is a network operating system based on Debian Linux and employs an open network operating system (ONOS) architecture. PicOS®, also based on Debian Linux, is developed by Pica8. Both Cumulus Linux and PicOS® offer traditional CLI (command-line interface) management and support a wide range of network protocols and features, such as BGP, OSPF, VXLAN, and VRF. They both provide relatively open platforms, supporting flexible network architecture and deployment options. PicOS® is cost-effective, utilizing ARM for software, which requires lower memory and storage, resulting in lower overall costs. Cumulus Linux is typically used for building large-scale data center networks and cloud service provider networks, whereas PicOS® is commonly used in enterprise networks and smaller-scale data centers. PicOS® v4.4.x supports most data center applications that Cumulus does. 1.10 PicOS® and FSOS are installed on switches, which one performs better? When the switch hardware is identical, both PicOS® and FSOS can maximize the chip's performance. However, PicOS® supports ZTP deployment and AmpCon unified management, which can significantly reduce your operational costs. 1.11 Can FSOS switches that have been purchased be switched to PicOS®? The N8560, S5860, and S5810 series switches can be switched to PicOS®. However, this switch may result in functional changes. In order to ensure stability, we have strict switching protocols in place. You can get in touch with your Account Manager (AM) to submit a request for evaluation. If there is no business impact, we will assist with the switch. 1.12 Where do I download a PicOS® GA version? If you have the SSO account, please go to “PicOS® and AmpCon™ Release” site and select the PICOS image under PICOS-GA sub-directory. 1.13 What is the MD5 file? The MD5 and SHA512 files are the MD5 and SHA512 checksum of the associated PICOS image. It is used to check the completeness of the download. Chapter 2 Installation and configuration 2.1 How do I access the console port? 1. Use a serial to RJ45 reverse cable (i.e. a RS232 serial connector on one end and a RJ45 connector on the other end). 2. Connect the RJ45 reverse connector to the switch’s Console port. 3. Connect the RS232 connector to the host. 4. Set the host’s terminal emulator: baud rate: 115200 data bits: 8 stop bits: 1 parity bits: 0 flow control: none 2.2 How do I use ONIE to install PicOS®? 1. Copy the PICOS installer to a TFTP, FTP or HTTP server. 2. The original installed NOS could be overwritten by PICOS after installing PICOS. If the NOS is PICOS, it will erase the original configuration. 3. Connect the host to the switch’s Console port and connect the switch’s Management port to the network to connect to the server. 4. Turn on the switch. 5. Select ONIE in Grub. 6. Select ONIE rescue mechanism. 7. At the ONIE prompt, set switch IP address and launch onie-nos-install. TFTP is used in the following example. It could be replaced by FTP or HTTP. a.b.c.d isthe IP address and x is the subnet mask length. ONIE# ifconfig eth0 a.b.c.d/x ONIE# onie-nos-install tftp://local-tftp-server/ 8. For details, please refer to“PICOS System and Configuration Guide” at http://docs.pica8.com/ 2.3 What isthe next step after installing PicOS® successfully? After installing PicOS® successfully, you can login by using the default username,“admin”, and password,“pica8”. PicOS® will force you to change the password. Then, you will be in a PicOS® operation mode, and the switch isrunning in L2/L3 mode. 2.4 When do I use sudo? sudo stands for super user do. sudo allowsthe “admin”user account to run those super user executable programs, such as picos_boot, upgrade, reboot, ... 2.5 How do I upgrade the switch? 1. Copy PICOS image and its MD5 file to /cftmp in the switch. 2. Launch the upgrade2 script at /cftmp. Please refer to“Upgrading PicOS from Version 2.11 or Later Using Upgrade2”for the details about“upgrade2”. Example: admin@XorPlus$ cd /cftmp admin@XorPlus$ sudo upgrade2 2.6 How do I generate and install the PicOS® license? 1. Get the switch’s speed type and hardware ID by issuing the following command at switch’s Linux prompt: admin@XorPlus$ license –s 2. Use the assigned credential (SSO) by PicOS® License team (license@pica8.com) to login at“License Portal”website. 3. In the“License Portal”page, click“New Switch License” as shown below: image.png 4. In “New Switch License" page, select Speed type and Feature type based on your purchase dorder. Then, enter the switch’s hardware ID. License name is optional. image.png 5. Afterclicking the “Add License” button, the license will be added to the database. 6. Click the “+” sign of the newly added license to display the “Download" button. image.png 7. Click the “Download” button to download the license to the host. The license file name is “hardware ID.lic”. For example: xxxx-xxxx-xxxx-xxxx.lic image.png 8. Copy the downloaded license file (xxxx.lic) to the switch’s/ home/ admin/ folder 9. Install the license by issuing the following command: admin@XorPlus$sudolicense-i/home/admin/xxxx.lic 10. Restart the PicOS® service to activate the license: admin@XorPlus$sudoreboot 2.7Whathappenstothelicenseandconfigurationafterupgradingtoanewversion? ONIE installer does not save the license and configuration before installing a different version of PicOS®. Use the upgrade2 script to upgrade the switch to a different version if you want to preserve the license and configuration. 2.8 How do I configure PICOS to start in OVS mode? By default, the switch starts at L2/L3 mode. Run the “picos_boot” command, enter the needed information and restart the PICOS service. admin@XorPlus$ sudo picos_boot Enter the needed information by picos_boot script. admin@XorPlus$ sudo service picos restart For details, please refer to “Changing PicOS® Mode from CLI”. 2.9 Am I running in L2/L3 mode or OVS mode? If you can launch the CLI, you are running in L2/L3 mode. Otherwise, you are running in OVS mode. Example: admin@PICOS> show version CLI command Copyright (C) 2009-2022 Pica8, Inc. =================================== Base ethernet MAC Address : 8c:ea:1b:88:5b:81 Hardware Model : AS4610_54T_B Linux System Version/Revision : 4.3.0/110f8aa30d Linux System Released Date : 07/09/2022 L2/L3 Version/Revision : 4.3.0/110f8aa30d L2/L3 Released Date : 07/09/2022 2.10 What are SFP, SFP+ and QSFP optical modules supported by PicOS®? PicOS® supports any off-the-shelf SFP, SFP+ and QSFP optical modules as long as they are compatible to the standard. 2.11 What is the PicOS® interface naming convention? PicOS® interface name starts with two alphabetical letters. The first letter identifies the speed, and the second letter is always “e” as in Ethernet. The first two letters are followed by “-1/1“(chassis-number/board-number) and then the last number is the physical port number of the switch. Here are examples, where x is the port number: 1G/2.5G: ge-1/1/x 10G/25G: te-1/1/x 40G/100G: xe-1/1/x (PICOS 3.2+ release) 2.12 Can I connect the SFP optical module to SFP+ port? Yes, it will work only if the SFP+ port’s link speed is set to 1G. 1. In OVS mode, here is the command to set the interface speed to 1G. admin@XorPlus$ ovs-vsctl set interface te-1/1/x options:link_speed=1G 2. In L2/L3 mode, here is the CLI command to set the interface speed to 1G. admin@XorPlus> configure admin@XorPlus# set interface gigabit-ethernet te-1/1/x speed 1000 admin@XorPlus# commit You may need to configure the speed of its peer to 1G as well in order to bring up the connection. 2.13 Can I split the QSFP port into four SFP+ ports? In general, the answer is yes. Due to the hardware limitation, some of the ports are restricted to 40G or 100G only. For details, please refer to “40G Changes too 4*10G in L2/L3”. 2.14 How do I know which PicOS® version is running? Run “show version” at the Linux prompt to display the running PICOS version. >show version 2.15 Can I access switch via ssh? Yes. By default, you can access the switch via ssh. Telnet is disable by default. 2.16 Where are the PicOS® documents? The PICOS documents are at https://docs.pica8.com/ Chapter 3 L2/L3 Mode 3.1 What is CLI? CLI stands for Command Line Interface. It is a user interface to show and configure the L2/L3 configuration. 3.2 How do I launch CLI? PICOS starts in CLI operation mode if it is running in L2/L3 mode 3.3 How can I enter CLI Configuration mode? After entering CLI, you are in Operation mode. In Operation mode, you can only enter the CLI commands to display the current configuration. You need to issue “configure” to enter the Configuration mode. Then, you are eligible to configure the current configuration. admin@XorPlus> configure admin@XorPlus# 3.4 What is the IP address of the Management port? By default, the Management port will get its IP address from the DHCP server. Use the following CLI command to show it: admin@XorPlus> show system management-ethernet You can also configure it to a static IPv4 address in CLI Configuration mode: admin@XorPlus# set system management-ethernet eth0 ip-address IPv4 a.b.c.d/x admin@XorPlus# commit 3.5 Does PicOS® support OpenFlow in L2/L3 mode? The simple answer is Yes. For details, please refer to “OpenFlow in Crossflow Mode”. 3.6 Where are the L2/L3 configuration files? The L2/L3 configuration files are in the /pica/config/ folder. “pica.conf” is the current running configuration file and “pica_startup.boot” is the configuration file used at service initialization. 3.7 What can I do if I have a problem to report? Send a problem report to support@pica8.com. The report includes the description of the problem, the network topology and the file generated by the following CLI command: admin@XorPlus> show tech_support 3.8 How can I reset the L2/L3 configuration to factory default? Issue the following CLI command in configuration mode: # rollback default # commit Chapter 4 OVS Mode 4.1 Which OVS version am I running? You can get the OVS version running inside the PicOS® with this command: admin@XorPlus$ ovs-appctl version 4.2 Why does “ovs-ofctl show < newly-added-bridge-name>” fail after upgrading PicOS®? It is possibly caused by the changes in OVS DB schemas. Please send the OVS configuration (/ovs/ovs-vswitchd.conf.db) and version information (old and new) to support@pica8.com to evaluate. At the same time, perform the following steps to recover: admin@XorPlus$ sudo cp /ovs/ovs-vswitchd.conf.db /ovs/ovs-vswitchd.conf.db.orig admin@XorPlus$ sudo rm /ovs/ovs-vswitchd.conf.db admin@XorPlus$ sudo service picos restart Base on /ovs/ovs-vswitchd.conf.db.orig to configure again. 4.3 Why is the link not up after connecting the DAC (Direct Attach Copper) cable? For DAC cable, the system needs this information to perform properly. admin@XorPlus$ ovs-vsctl set interface options:is_dac=true 4.4 How do I configure a trunk port? By default, each port is an access port. Issue the following command to configure the port to trunk: admin@XorPlus$ ovs-vsctl set port vlan_mode=trunk 4.5 How do I change the default VLAN ID? In PICOS, the default VLAN ID is 1 no matter whether it is access or trunk. You can change it by issuing the following command: admin@XorPlus$ ovs-vsctl set port tag=x 4.6 How do I add VLANs to the trunk port? If it is not specified, the trunk port supports the entire set of valid VLAN numbers, from 1 to 4094. It only supports the VLANs defined as in trunks as the example below: admin@XorPlus$ ovs-vsctl set port trunks=100,200,300 4.7 I know that the switch behaves according to the application of the Controller. What happens when it is not connected to the Controller? The behavior of the bridge is defined by its controller failure mode: secure and standalone. By default, a newly added bridge is in secure mode. It can be changed by: admin@XorPlus$ ovs-vsctl set-fail-mode [standalone | secure] 4.8 Why does the switch keep dropping the traffic even after adding bridge and ports? PicOS®/OVS mode adds a default DROP flow (priority=0, actions=drop) to the hardware table when the bridge is in secure mode. If there are no other flows added in the table, the ingress packets will be discarded. 4.9 What happens to the flows added manually before connecting to the Controller? By default, PicOS®/OVS mode flushes the flows in the hardware table after connecting to the Controller. If you prefer to keep these flows, issue the following command: admin@XorPlus$ ovs-vsctl set bridge other_config:enable-flush=false 4.10 How will the bridge behave if it is in standalone mode? PicOS®/OVS mode adds the NORMAL flow (priority=0, actions=normal) to the hardware table when the bridge is in standalone mode. In this case, the bridge will behave as a L2 switch by adding the flows to the hardware table according to the ingress packets. 4.11 Can I delete a flow by using its cookie number? Yes, the command is: admin@XorPlus$ ovs-ofctl del-flows br0 cookie=/-1 4.12 What is the command to dump the flows in a bridge’s flow table? admin@XorPlus$ ovs-ofctl dump-flows 4.13 What is the command to dump the flows in hardware? admin@XorPlus$ ovs-appctl pica/dump-flows 4.14 How do I disable in-band management? By default, the remote in-band management to each bridge is enabled in OVS mode. You can disable in-band management by issuing the following command: admin@XorPlus$ ovs-vsctl set bridge other-config:disable-in-band=true 4.15 How can I reset OVS configuration to factory default? Delete the OVS configuration file and restart the PICOS service. admin@XorPlus$ sudo rm /ovs/ovs-vswitchd.conf.db admin@XorPlus$ sudo service picos restart Chapter 5 Service and Warranty 5.1 Can FS provide technical support and maintenance services? Of course, we have a professional engineering team ready to provide prompt technical support and maintenance services. You can purchase them on-demand through the FS website: https://www.fs.com/c/picos-license-4226. If you already own an FS PicOS® switch, it includes 5 years of free technical service, so no additional purchase is necessary. For more details on our support and maintenance services, please review the following agreements: EULA (End User License Agreement): https://www.fs.com/policies/end_user_license_agreement.html and Standard Software Maintenance and Support Agreement: https://www.fs.com/policies/standard_software_maintenance_and_support_agreement.html. 5.2 Does PicOS® support product demonstrations or trials so that users can better understand the actual operation and effect of the software? We provide free PicOS-V virtual machines without additional hardware investment, making it easier for users to understand the software function and experience its operation in advance. If you want to know more about PicOS-V, you can check out the FS official website https://www.fs.com/products/195659.html and click Start Trial to start the trial. And if you have any questions during the trial process, you can contact our local customer service in time at https://www.fs.com/contact_us.html. 5.3 Does PicOS® support customization functions? Yes, FS has established a strategic partnership with Pica8 to offer software development and customization services to our customers, meeting their network customization and future upgrade needs. These services include hardware OEM model adaptation, software product OEM customization, and the development of specific functions tailored to your requirements. 5.4 Does the PicOS® license support only one device? PicOS® uses a single license model, requiring one license per device. When purchasing a license, make sure to choose the correct speed. Once activated, the license is valid for the lifetime of the device and covers all features. If the switch does not have a valid license installed, only the first four physical ports will be enabled. 5.5 What is the expiration date of the technical support services? The PicOS® license offers service terms of 1, 3, and 5 years. FS PicOS® switches include five years of free service. After this period, timely renewal is required. If you renew before the original service expires, the new term starts from the original expiration date. If you renew after the original service expires, the new term starts from the order date. For example, if the original service expired on 2023.12.31 and the service was interrupted for 2 months before the customer placed an order on 2024.3.1 for a 1-year service, the renewed service would expire on 2025.2.28.

Home/
Documentazione/
PicOS® Switch Aziendali/
1/2.5G PicOS® Switch/
S5810-48FS/
FAQ/

S5860-20SQ(AC) Instruction Manual of Safety and Compliance Information

image

07 ott. 2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

Home/
Documentazione/
Switch Aziendali/
10G Switch Aziendali/
S5860-20SQ/
Safety and Compliance Information/

Pica8 AmpCon Evaluation Guide

image

07 ott. 2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

Home/
Documentazione/

S5470 Series PicOS® Switches Data Sheet

image

08 set. 2025 - S5470 Series PicOS® Switches Data Sheet Product Overview The S5470 series PicOS® enterprise switches deliver high availability, scalability, and performance for enterprise campus deployment. These switches offer flexible port configurations ranging from 16, 24 to 48 ports, including 10GbE, 25GbE, 40GbE, and 100GbE options with breakout support, all within a compact 1U form factor, delivering up to 4 Tbps switching capacity for high-performance connectivity to routers, servers, and data center networks. With advanced Layer 2/3 features such as EVPN-VXLAN, MLAG, BGP, OSPF, NAC, and sFlow, the S5470 series enables flexible and scalable network architectures, making it ideal for midsized to large enterprise campus distribution, core networks, and low-density data center ToR deployments. The S5470 series switches can be managed by the AmpCon-Campus management platform, enabling automated lifecycle management from Day 0 to Day 2+. The platform features Zero Touch Provisioning (ZTP), topology discovery, and real-time telemetry, optimizing workflow automation and enhancing visibility into the performance of connected devices. img_v3_02pu_cbe02fe2-5d8e-41b4-b7e1-17be2c4a36ag.jpg S5470-48S img_v3_02pu_67b1b970-cece-4d26-ae9a-5c13ace81fcg.jpg S5470-24Y img_v3_02pu_d6fc4489-00da-4819-8434-3a3ff8033b7g.jpg S5470-48Y img_v3_02pu_4c501980-d59a-4f79-94bf-a938cb772f9g.jpg S5470-16Q Figure 1. S5470 Series Switches Features and Benefits PicOS® Operating System The S5470 series switches runs on the PicOS®. This unified operating system allows users to manage networks more efficiently and deploy new services more quickly, allowing all PicOS®-powered products to be updated simultaneously with the same software release. All features are fully regression tested, making each new release a true superset of the previous version. AmpCon-Campus Management Platform AmpCon-Campus management platform centrally manages PicOS® enterprise switches, providing automated full lifecycle management from Day 0 to Day 2+, enabling efficient automated deployment and configuration, monitoring, and troubleshooting. Day 0: Enables Zero Touch Provisioning (ZTP), allowing the switch to automatically retrieve and apply initial configuration files without manual setup. Day 1: Fast deployment and configuration with Zero-Touch Provisioning (ZTP) and automation. AmpCon-Campus leverages ZTP for hands-free configuration of PicOS® enterprise switches, powered by flexible configuration templates that enable hundreds to thousands of switches to be deployed rapidly at scale with minimal errors. Day 2+: Support Telemetry, collecting real-time device data and sending it to the AmpCon-Campus management platform. It enables switch health monitoring and anomaly detection, providing fault alerts and triggering email notifications to help administrators quickly diagnose and resolve network issues, streamlining IT operations, and enhancing the user experience. For more information, see AmpCon-Campus Management Platform. img_v3_02ko_9b8129b0-6f04-4acd-ae1c-873bafd0ef9g.jpg Figure 2. AmpCon-Campus Management Platform EVPN-VXLAN Easily scale, build resiliency, and simplify resource management with EVPN-VXLAN-based campus fabrics. With a single physical network (Underlay) creating virtual networks (Overlay), these fabrics enable tenant isolation and native traffic segmentation, ensuring critical services remain uninterrupted while enhancing security and flexibility. image.png Figure 3. EVPN-VXLAN Multi-Chassis Link Aggregation (MLAG) MLAG allows two S5440 switches to operate as independent devices with separate control planes while eliminating STP by enabling link aggregation on connected devices. This enhances network bandwidth, improves reliability and availability, and ensures seamless operation of critical services. image.png Figure 4. Multi-Chassis Link Aggregation (MLAG) Security The S5740 series switches provide flexible and comprehensive user identity verification and access control through features such as ACLs, 802.1X, and AAA. It also supports IPv4, IPv4/IPv6 DHCP Snooping, Dynamic ARP Inspection (DAI), and IPv6 ND Inspection and Snooping, which effectively manage network access, enhance security, and optimize resource usage. High Availability The S5470 series switches also includes a variety of other high-availability features, including redundant, hot-swappable power and fans, graceful protocol restart, equal-cost multipath (ECMP), Link Aggregation (LACP), Virtual Router Redundancy Protocol (VRRP) for fast link failure detection, Unidirectional Link Detection (UDLD), and Ethernet Ring Protection Switching (ERPS), ensuring maximum uptime and reliability for mission-critical network operations. Product Specifications Physical Specifications Table 1-2 shows the FS S5470 series switches physical specifications. Notice: Port Density includes both native xxG ports and ports that support downshifting. Port Density (with breakout cable) includes native xxG ports, downshifted ports, and the ports available after splitting. Table 1. Physical specifications of the S5470 Series Switches FS P/N S5470-48S S5470-24Y Description S5470-48S, 48-Port Ethernet L3 Switch, 48 x 10Gb SFP+, with 6 x 40Gb QSFP+ Upinks, PicOS®, Support MLAG S5470-24Y, 24-Port Ethernet L3 Switch, 24 x 25Gb SFP28, with 4 x 100Gb QSFP28 Upinks, PicOS®, Support MLAG Port 1G Port Density 48 24 2.5/5G Port Density - - 10G Port Density 48 24 25G Port Density - 24 40G Port Density 6 4 100G Port Density - 4 10G Port Density (with breakout cable) 72 40 25G Port Density (with breakout cable) - 40 40G Port Density (with breakout cable) 6 4 Management Ports 1 1 Console Port 1 1 USB Port - 1 Memory and processor CPU Dual core/ARM A53 ARM A53 DRAM 2 GB 2 GB SDRAM 2 GB 2 GB Flash memory 8 GB (eMMC) 8 GB Latency 0.7μs 0.7μs Packet buffer 36 MB 36 MB Mean-time between failures MTBF (hours) >70,080 198,000 Weight & Dimension Weight 20.3lbs (9.2kg) 13.11lbs (5.95kg) Dimension 1.73''x17.4''x17.75'' (44x442x451mm) 1.7''x17.4''x17.8'' (44x442x451mm) Rack units (RU) 1 RU 1 RU Power supplies and fans Power supply 2 (1+1 Redundancy) Hot-swappable, AC 2 (1+1 Redundancy) Hot-swappable Power-supply input receptacles C13 C13 Input-voltage range and frequency Rated voltage range: 100-240V AC; 50-60 Hz Input current 7A(MAX) at 100VAC -127VAC 7A(MAX) at 100VAC -127VAC Power cord rating 10 A 10A Power max rating 145W (single-power); 290W (dual-power) - Max. power consumption 145W 130W Output ratings Main output: +12V Standby: +12V Main output: +12V Standby: +12V Fan number 4 (3+1 Redundancy) Hot-swappable 4 (2+2 Redundancy) Hot-swappable Airflow Front-to-Back Front-to-Back Acoustic noise 41.7dB 61.2dB Maximum fan speed All models in the series deploy variable-speed axial fans, which support intelligent speed adjustment based on the current ambient temperature. PoE standard - - PoE budget - - Environmental Ranges Operating temperature 0 to 45ºC (32 to 113°F ) 0 to 45ºC (32 to 113°F ) Storage temperature -40 to 70ºC (-40 to 158°F) -40 to 70ºC (-40 to 158°F) Operating humidity 10% to 90% (Non condensing) 10% to 90% (Non condensing) Storage humidity 0 to 95% (Non condensing) 0 to 95% (Non condensing) Temperature alarm Supported Supported Connectors Connectors and cabling 1G-T port: RJ-45 connector, Cat5E/Cat6/Cat6a UTP cabling 10G SFP ports: 10G SFP single-mode or multi-mode module + patch cord; 10G DAC/AOC Ethernet management port: RJ-45 connector using Cat5 UTP cable for out-of-band management. Management console port: RJ-45 to DB9 cable for PC connection; 10G DAC/AOC or 10G SFP (single-mode/multi-mode) supported + jumper. Power connectors Customers can provide power to a switch by using the internal power at the back of the switch. Internal power supply connector: The internal power supply is an auto-ranging unit. It supports input voltages between 100 (115 for 1100W AC) and 240 V AC. Use the supplied AC power cord to connect the AC power connector to an AC power outlet Table 2. Physical specifications of the S5470 Series Switches FS P/N S5470-48Y S5470-16Q Description S5470-48Y, 48-Port Ethernet L3 Switch, 48 x 25Gb SFP28, with 8 x 100Gb QSFP28 Upinks, PicOS®, Support MLAG S5470-16Q, 16-Port Ethernet L3 Switch, 16 x 40Gb QSFP+, 8 x 100Gb QSFP28 Uplinks, PicOS®, Support EVPN-VXLAN&MLAG Port 1G Port Density 48 - 2.5/5G Port Density - - 10G Port Density 48 - 25G Port Density 48 - 40G Port Density 8 24 100G Port Density 8 10G Port Density (with breakout cable) 80 96 25G Port Density (with breakout cable) 80 32 40G Port Density (with breakout cable) 8 8 Management Ports 1 1 Console Port 1 1 USB Port 1 1 Memory and processor CPU Dual core/ARM A53 ARM A53 DRAM 2 GB 2GB SDRAM 2 GB 2GB Flash memory 8 GB 8 GB Latency 0.7μs 0.7μs Packet buffer 36 MB 36 MB Mean-time between failures MTBF (hours) 162,213 >70,080 Weight & Dimension Weight 20.3lbs (9.2kg) 19.84lbs (9kg) Dimension 1.7''x17.4''x17.8'' (44x442x451mm) 1.7''x17.4''x 18.5'' (43.18x442x471mm) Rack units (RU) 1 RU 1 RU Power supplies and fans Power supply 2 (1+1 Redundancy) Hot-swappable, AC 2 (1+1 Redundancy) Hot-swappable Power-supply input receptacles C13 C13 Input-voltage range and frequency Rated voltage range: 100-240V AC; 50-60 Hz Input current 7A(MAX) at 100VAC -127VAC 7A(MAX) at 100VAC -127VAC Power cord rating 10A 10A Power max rating 125W 171W Max. power consumption 160W 171W Output ratings Main output: +12V Standby: +12V - Fan number 4 (2+2 Redundancy) Hot-swappable 4 (3+1 Redundancy) Hot-swappable Airflow Front-to-Back Front-to-Back Acoustic noise 60.8dB 61.7dB Maximum fan speed All models in the series deploy variable-speed axial fans, which support intelligent speed adjustment based on the current ambient temperature. PoE standard - - PoE budget - - Environmental Ranges Operating temperature 0 to 45ºC (32 to 113°F ) 0 to 45ºC (32 to 113°F ) Storage temperature -40 to 70ºC (-40 to 158°F) -40 to 70ºC (-40 to 158°F) Operating humidity 10% to 90% (Non condensing) 10% to 90% (Non condensing) Storage humidity 0 to 95% (Non condensing) 0 to 95% (Non condensing) Temperature alarm Supported Supported Connectors Connectors and cabling 1G-T port: RJ-45 connector, Cat5E/Cat6/Cat6a UTP cabling 10G SFP ports: 10G SFP single-mode or multi-mode module + patch cord; 10G DAC/AOC Ethernet management port: RJ-45 connector using Cat5 UTP cable for out-of-band management. Management console port: RJ-45 to DB9 cable for PC connection; 10G DAC/AOC or 10G SFP (single-mode/multi-mode) supported + jumper. Power connectors Customers can provide power to a switch by using the internal power at the back of the switch. Internal power supply connector: The internal power supply is an auto-ranging unit. It supports input voltages between 100 (115 for 1100W AC) and 240 V AC. Use the supplied AC power cord to connect the AC power connector to an AC power outlet Table 3. Power cord information of S5470 Series Switches Countries Power Cord Standard Male Plug Female Connector Voltage Compatibility Maximum Input Amps United States, Canada, Mexico, Puerto Rico, Guam, Japan, Virgin Islands (U.S.) US NEMA 5-15P IEC60320 C13 100-250V AC 10 A United Kingdom, Hong Kong, Singapore, Malaysia, Maldives, Qatar, India UK BS1363 IEC60320 C13 100-250V AC 13 A Continental Europe, South Africa, Switzerland, Italy, Indonesia EU CEE 7 IEC60320 C13 100-250V AC 16 A China, Australia, New Zealand, Argentina CN GB16A IEC60320 C13 100-250V AC 10 A Notice: Power cords are matched according to the delivery destination. Software Specifications Table 4. Software Specifications of S5470 Series Switches Functionality Description High Availability Multi-Chassis Link Aggregation (MLAG) Graceful protocol restart ( OSPFv2/v3) Virtual Router Redundancy Protocol(VRRP) Uplink failure detection (UFD) Unidirectional Link Detection (UDLD) Ethernet Ring Protection Switching (ERPS) Nonstop bridging: LACP, xSTP Nonstop routing: OSPF v2 and v3, BGP, ISIS, IGMP v1, v2, v3 Backup Port Security AAA (RADIUS/TACACS+ Authentication, Authorization, Accounting) Console, In-band/Out-of-band login, Local authentication with fallback Network Access Control (NAC) MAC limiting (per port and per VLAN) Allowed MAC addresses configurable per port Enable/disable port security Static ARP Local proxy ARP Dynamic ARP Inspection (DAI) IPv4 Source Guard (IPSG) IPv4/IPv6 DHCP Snooping (trust-port, option 82), DHCPv6 relay IPv6 ND (Neighbor Discovery) snooping and inspection BPDU Guard, BPDU Filter, Root Guard, TCN Guard Control Plane Policing (CoPP) DDoS attack protection Device Management AmpCon-Campus Management Platform for Day 0, Day 1, and Day 2+ Configuration Deployment Zero touch provisioning (ZTP) Telemetry for Real-time Network Monitoring Programmability: NETCONF, Ansible Role-based CLI management and access CLI via console, telnet, or SSH Web-based management (HTTP/HTTPS) SNMP v1/v2/v3, with authentication, privacy, access control, VRF-aware SNMP, and traps sFlow for traffic monitoring Syslog management Configuration rescue and rollback, image rollback File operations via FTP/TFTP/HTHP, local directory install, automatic install Install from a local directory, automatically install Local and remote file management (system, configuration, and image files) Extended ping and traceroute Power-on diagnostics Hardware health monitoring (FAN, PSU, temperature, CPU, memory, processes) User management with console, VTY, and local authentication (username/password/permissions) User login: console, SSH, telnet Recover default configuration and password Certificate management for secure services Network Time Protocol (NTP) Local loopback Enable or disable the Ethernet port Link Layer Discovery Protocol (LLDP) Dynamic Host Configuration Protocol(DHCP) Layer 2 Features Spanning Tree Protocol (STP) Loopback Detection VLAN Port Mode: ACCESS, Trunk Routed VLAN interface (RVI) VLAN: Port-based VLAN, MAC Trace, MAC-based VLAN MAC address filtering QinQ: Basic QinQ, Flexible QinQ,Selective QinQ Static MAC address assignment for interface Per VLAN MAC learning (limit) MAC learning deactivate Link Aggregation and Link Aggregation Control Protocol (LACP) (IEEE 802.3ad) IEEE 802.1AB Link Layer Discovery Protocol (LLDP) MAC notification MAC address aging configuration Persistent MAC (sticky MAC) Address Resolution Protocol (ARP) Static MAC entries and Dynamic MAC Address Learning Static Link Aggregation (LAG) Configuration Private VLAN Voice VLAN Ethernet Ring Protection Switching (ERPS) Unidirectional Link Detection (UDLD) Layer 3 Features IPv4/v6 Addressing, SVI, Routed interface Static ARP support Proxy Address Resolution Protocol (ARP) Virtual router Virtual router support for IPv6 unicast IPv4/IPv6 static routing, Multiple nexthop static route Routing policy Routing protocols (OSPF v2/v3, IS-IS v4/v6, BGP v4/v6) Route Map PBR (Policy-Based Routing) Equal-Cost Multipath Routing (ECMP) Virtual Routing and Forwarding (VRF) Virtual Router Redundancy Protocol (VRRP v2/v3) Multicast Features Internet Group Management Protocol (IGMP): v2, v3 IGMP snooping: v2, v3 Dynamic Host Configuration Protocol (DHCP) relay DHCP snooping Secure interface login and password SNMP, NTP, DNS, RADIUS, TACACS+, AAA SSH v1, v2 Control plane denial-of-service (DoS) protection Dynamic ARP inspection (DAI) Filter based forwarding IP directed broadcast traffic forwarding IPv6 Class of Service(CoS) IPv6 ping IPv6 traceroute Neighbor discovery protocol Path MTU discovery Quality of Service L2 and L3 QoS L2 classification criteria Rate limiting: Ingress policing: 1 rate 2 color, 2 rate 3 color Egress policing: Policer, policer mark down action Egress shaping: Per queue, per port Traffic policing: guaranteed-rate, max-rate, Traffic classifier Queue scheduler: SP WRR WFQ Congestion avoidance capabilities: WRED Congestion avoidance: ECN Ingress Buffer Multicast IGMP v2/v3 query IGMP v2/v3 snooping Multicast routing and forwarding Mrouter port, static group, unregistered flood Link Aggregation Multichassis link aggregation (MLAG) Link Aggregation Control Protocol(LACP) LAG Load Balancing Algorithm: Traffic Distribution Strategy Based on Traffic Type (Bridged or Routed) and Traffic Pattern (Unicast or Multicast) Access Control List Downloadable ACL Dynamic ACL Match field: destination-address-ipv4, destination-address-ipv6, destination-mac-address, destination-port, ether-type, first-fragment, ip, is-fragment, protocol, source-address-ipv4, source-address-ipv6, source-mac-address, source-port, time-range, vlan ACL-based Traffic Policer ACL-based QoS ACL-based remarked Troubleshooting Debugging: CLI via console, Telnet, or SSH Diagnostics: Show and debug command, statistics Traffic mirroring (port) Traffic mirroring (VLAN) IP tools: Extended ping and trace Network commit and rollback Platform Specifications Table 5-6 shows the S5470 series switches platform specifications. Table 5. Platform Specifications of S5470 Series Switches FS P/N S5470-48S S5470-24Y Performance specifications Switching capacity 1.44 Tbps 2 Tbps Forwarding rate 1071.4 Mpps 1488 Mpps Total number of MAC addresses 128K 128K VLAN IDs 4,094 4,094 Total number of IPv4 routes (indirect routes) 53K 53K Total number of IPv4 host routes (direct routes and ARP) 12000 12000 Total number of IPv6 routes (indirect routes) 5461 5461 IPv4 multicast routes 256 256 Table 6. Platform Specifications of S5470 Series Switches FS P/N S5470-48Y S5470-16Q Performance specifications Switching capacity 4 Tbps 2.88 Tbps Forwarding rate 2976 Mpps 2142.72 Mpps Total number of MAC addresses 128K 128K VLAN IDs 4,094 4,094 Total number of IPv4 routes (indirect routes) 53k 53K Total number of IPv4 host routes (direct routes and ARP) 12000 12000 Total number of IPv6 routes (indirect routes) 5461 5461 IPv4 multicast routes 256 256 Standards Compliance IEEE Standards IEEE 802.1D IEEE 802.1w IEEE 802.1Q IEEE 802.1p IEEE 802.1ad IEEE 802.3ad IEEE 802.1AB IEEE 802.3x IEEE 802.1X IEEE 802.3 IEEE 802.3ae IEEE 802.3by IEEE 802.3ba RFC – SPECIFIED MIBs RFC 1157 SNMPv1 RFC 1212 Concise MIB definition RFC 1213 MIB II RFC 1215 SNMP traps RFC 1256 ICMP router discovery RFC 1493 Bridge MIB RFC 1573 Interface Evolution MIB RFC 1643 Ether-like MIB RFC 1901 Community based SNMPv2 RFC 1905 Protocol Operations for SNMPv2 RFC 1906 Transport Mappings for SNMPv2 RFC 1907 Management Information Base for SNMPv2 RFC 1908 Coexistence between SNMPv1 and SNMPv2 RFC 1997 BGP Communities Attribute RFC 2096 IP Forwarding table MIB RFC 2233 The Interface Group MIB using SNMPv2 RFC 2439 BGP Route Flap Damping RFC 2545 Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing RFC 2665 Ethernet-like Interfaces RFC 2796 BGP Route Reflection – An Alternative to Full Mesh IBGP RFC 3065 Autonomous System Confederations for BGP RFC 3392 Capabilities Advertisement with BGP-4 RFC 4893 BGP Support for Four-octet AS Number Space RFC3376 - IGMPv3 RFC6241 NETCONF Pica8 Private MIB UCD-SNMP-MIB Telco Common Language Equipment Identifier (CLEI) code Warranty, Service and Support FS S5470 series switches enjoy a 5-year limited warranty against defects in materials or workmanship. For more information on FS Returns & Refunds policy, visit FS Product Warranty or FS Return Policy. FS provides a personal account manager, free professional technical support, and 24/7 live customer service for each customer. Professional Lab: Test each product with the latest and advanced networking equipment. Free Technical Support: Provide free & tailored solutions and services for your businesses. 80% Same-day Shipping: Immediate shipping for in-stock items. Fast Response: Direct and immediate assistance from an expert. For more information, visit FS Help Center. Ordering Information FS P/N Product description Switch hardware S5470-48S S5470-48S, 48-Port Ethernet L3 Switch, 48 x 10Gb SFP+, with 6 x 40Gb QSFP+ Upinks, PicOS®, Support MLAG S5470-24Y S5470-24Y, 24-Port Ethernet L3 Switch, 24 x 25Gb SFP28, with 4 x 100Gb QSFP28 Upinks, PicOS®, Support MLAG S5470-48Y S5470-48Y, 48-Port Ethernet L3 Switch, 48 x 25Gb SFP28, with 8 x 100Gb QSFP28 Upinks, PicOS®, Support MLAG S5470-16Q S5470-16Q, 16-Port Ethernet L3 Switch, 16 x 40Gb QSFP+, 8 x 100Gb QSFP28 Uplinks, PicOS®, Support EVPN-VXLAN&MLAG AmpCon-Campus Management Platform LIS-AMPCON-CAM-FPSW-Foundation AmpCon-Campus Management Platform 1/3/5-Year Subscription with Support Service for PicOS® Enterprise Switches, Support Remote Deployment and Automate Network Management About FS FS Inc. is a trusted provider of ICT products and solutions to enterprise customers worldwide. Established in 2009, the company focuses on HPC, Data Center, Enterprise, Telecom, providing tailored product development and solution design based on professional customer needs. Leveraging dedicated R&D and testing teams, comprehensive technical service experts, a robust supply chain system, globalized warehousing centers, and convenient shopping platform, FS delivers a wide range of highly efficient customer-centric ICT products, solutions and services to global vertical industry and enterprise customers across ISP, telecom, retail, education, etc. Through continuous technology innovation and brand partnership, FS products and solutions have served more than 900,000 users in over 200 countries. Document History New or revised topic Described in Date Updates to FS S5470 Series Switches Data Sheet Updated All 2025-08-18

Home/
Documentazione/
PicOS® Switch Aziendali/
10/25G PicOS® Switch/
S5470-48Y/
Scheda tecnica/

AmpCon-Campus Quick Deployment Guide

image

22 ago. 2025 - AmpCon-Campus Quick Deployment Guide This guide provides a comprehensive overview of the procedures required to prepare PicOS® enterprise switches for deployment within the AmpCon-Campus automation framework. The primary tasks include installing system agents on the devices and bringing them under AmpCon-Campus management—either by importing existing switches or deploying new ones. Both onboarding methods are covered in this guide. Once successfully onboarded, the switches are classified as managed devices and can be assigned to blueprints within the AmpCon-Campus server. NOTE: Before you begin, you must install and configure the AmpCon-Campus platform. For more information, see the AmpCon-Campus Management Platform User Manual V2.1.1. STEP1 : Begin 1.1 Deploying or Importing Switches To manage switches with AmpCon-Campus, you need to deploy switches or import switches. 1.1.1 Importing Switches For switches that are deployed but not deployed with AmpCon-Campus, you can import these switches so that they can be managed by AmpCon-Campus. For more information, see "1.9 Importing Switches". 1.1.2 Deploying Switches For switches that are not deployed, you can deploy these switches with AmpCon-Campus. Then, these switches can be managed by AmpCon-Campus. Deploying a white-box switch (switch on which PicOS is not installed) includes registering with the AmpCon-Campus server, obtaining a PicOS image from the AmpCon-Campus server, installing PicOS, configuring the switch based on system configurations and switch configurations, and installing a valid license on the switch. Deploying an integrated hardware and software switch (switch that has PicOS installed) includes registering with the AmpCon-Campus server, configuring the switch based on system configurations and switch configurations, and installing a valid license on the switch. 1.1.3 Deploying White-Box Switches To deploy white-box switches, follow these steps: 1. Ensure that the system configuration for each switch contains the default username and password of the switch. For more information, see Adding System Configurations. 2. Click Service > Switch Model in the AmpCon-Campus UI, and check whether the PicOS image that you want to install for each switch model is listed in the Deployed ONIE Image drop-down list. If the images are not listed there, upload these PicOS images and their MD5 files to AmpCon-Campus. For more information, see "1.2 Uploading Images". If the images are listed there, you don’t need to upload PicOS images and their MD5 files. 3. Configure each switch model that you want to manage with AmpCon-Campus. For more information, see "1.3 Configuring Switch Models". If not, the default port number ranges and built-in PicOS images are used to deploy switches with these switch models. 4. Prepare the global configurations that you want to push to each switch. For more information, see "1.4 Configuring Global Configurations". 5. Prepare the configuration templates that you want to use. For more information, see "1.5 Configuring Configuration Templates". 6. Add a switch configuration for each switch. For more information, see "1.6 Adding Switch Configurations". After you add a switch configuration, the switch is listed on the “Switch” page with the Configured status. NOTE: If you provision a switch without adding a switch configuration beforehand, the switch will be in Parking status. The switch in Parking status is not listed on the “Switch” page and can’t be staged. In the AmpCon-Campus UI, click Service > Switch. On the “Switch” page, click Parking Lot, and then you can see all switches in Parking status. Locate a parking switch, and then click Create Config to add a switch configuration. After you add the switch configuration, the switch will be listed on the “Switch” page with the Configured status. 7. Stage each switch to make them ready for Zero Touch Provisioning (ZTP). For more information, see "1.7 Staging Switches". After you stage a switch, the switch is shown as Staged on the “Switch” page. 8. Provision new switches with ZTP to complete the PicOS installation and configuration without manual intervention. For more information, see "1.8 Provisioning New Switches with ZTP". After you provision a switch, the switch is shown as Provisioning Success on the “Switch” page. On the “Switch View” page, it’s shown as Deployed. 1.1.4 Deploying Integrated Hardware and Software Switches To deploy integrated hardware and software switches, follow these steps: 1. Ensure that the system configuration for each switch contains the default username and password of the switch to be deployed. For more information, see Adding System Configurations. 2. Prepare the global configurations that you want to push to each switch. For more information, see "1.4 Configuring Global Configurations". 3. Prepare the configuration templates that you want to use. For more information, see "1.5 Configuring Configuration Templates". 4. Add a switch configuration for each switch. For more information, see "1.6 Adding Switch Configurations". After you add a switch configuration, the switch is listed on the “Switch” page with the Configured status. NOTE If you provision a switch without adding a switch configuration beforehand, the switch will be in Parking status. The switch in Parking status is not listed on the “Switch” page and can’t be staged. In the AmpCon-Campus UI, click Service > Switch. On the “Switch” page, click Parking Lot, and then you can see all switches in Parking status. Locate a parking switch, and then click Create Config to add a switch configuration. After you add the switch configuration, the switch will be listed on the “Switch” page with the Configured status. 5. Stage each switch to make them ready for Zero Touch Provisioning (ZTP) deployment. For more information, see "1.7 Staging Switches". After you stage a switch, the switch is shown as Staged on the “Switch” page. 6. Provision new switches with ZTP to complete the PicOS installation and configuration without manual intervention. For more information, see "1.8 Provisioning New Switches with ZTP". After you provision a switch, the switch is shown as Provisioning Success on the “Switch” page. On the “Switch View" page, it’s shown as Deployed. 1.2 Uploading and Pushing Images AmpCon-Campus provides multiple built-in PicOS images, which you can use to deploy switches. To deploy a switch with a PicOS image that is not built in AmpCon-Campus, upload the image and its MD5 file first before you deploy the switch. 1.2.1 Uploading Images To upload a PicOS image, follow these steps: In the AmpCon-Campus UI, click Resource > Upgrade Management. 1. Click Upload. 2. In the pop-up window, upload an image by using one of the following ways: Click File, and select a local image file (required) and its MD5 file (optional). image.png Click Link, and enter the image URL (required) and the MD5 file URL (optional). image.png Click Latest, and check the image files that you want to upload. image.png 3. Click Upload. 1.2.2 Optional: Uploading MD5 Files An MD5 file is used to verify the completeness of the corresponding PicOS image. If the MD5 file is not uploaded when you upload the PicOS image, AmpCon-Campus will not verify the completeness of the PicOS image when it installs the PicOS image. To upload an MD5 file for a PicOS image, follow these steps: 1. In the AmpCon-Campus UI, click Resource > Upgrade Management. 2. In the Software list, locate the PicOS image, and then click Upload Md5. 3. Upload the MD5 file by using either of the following ways: Click File, and select the MD5 file. Click Link, and enter the URL of the MD5 file. 4. Click Upload. 1.2.3 Optional: Removing Images 1. In the AmpCon-Campus UI, click Resource > Upgrade Management. 2. In the Software list, locate an image, and then click Delete. 3. Click Yes to confirm the deletion. 1.2.4 Optional: Pushing Images You can push PicOS images to one or multiple switches. The pushed images are located in the /home/automation directory. To push a PicOS image to a single switch, follow these steps: 1. In the AmpCon-Campus UI, click Resource > Upgrade Management. 2. In the Software list, select the PicOS image that you want to push. 3. In the Switch list, locate the switch, and then click Push Image. image.png To push a PicOS image to multiple switches, follow these steps: 1. In the AmpCon-Campus UI, click Resource > Upgrade Management. 2. In the Software list, select the PicOS image that you want to push. 3. In the Switch list, select the corresponding switches, and then click Push Image. image.png 1.3 Configuring Switch Models Before you deploy switches, configure each switch model that you want to manage with AmpCon-Campus. If not, the default port number ranges and built-in PicOS images are used to deploy switches with these switch models. 1.3.1 Configuring a Switch Model To configure a switch model, follow these steps: 1. In the AmpCon-Campus UI, click Service > Switch Model. 2. Optional: Refresh the supported switch model list: a. Click Update Switch Model. b. Click Yes to confirm the update. image.png 3. In the Switch Model drop-down list, select the switch model that you want to configure. 4. Configure the port number range for each speed. 5. In the Deployed ONIE Image drop-down list, select the PicOS image that you want to install for this switch model. NOTE If the PicOS image to install is not listed here, upload the PicOS image and its MD5 file to AmpCon-Campus. For more information, see "1.2 Uploading Images". image.png 6. Click Save. 1.3.2 Optional: Resetting a Switch Model To reset a switch model, follow these steps: 1. In the AmpCon-Campus UI, click Service > Switch Model. 2. Click Reset. 3. Click Save. After you reset a switch model, the port number range for each speed is set to zero, and the PicOS image in the Deployed ONIE Image drop-down list is reset to the built-in image. 1.4 Configuring Global Configurations Global configurations are configurations that you push to switches during the switch deployment process. When you add a switch configuration, you need to select a global configuration file. Prepare the global configuration before you add a switch configuration. 1.4.1 Adding a Global Configuration To add a global configuration, follow these steps: 1. In the AmpCon-Campus UI, click Service > Global Configuration. 2. Input the following information: Switch Model: The model of the switch. Global Config Name: The name of the global configuration. Generic Global File: Select a .txt file with general configurations to push to the switch. Security Global File: Select a .txt file with security-related configurations to push to the switch. image.png 3. Click Generate. 4. In the Admin Global Config Preview section, confirm or edit the configurations that are retrieved from the Generic Global File and the Security Global File. image.png 5. Click Save. 1.4.2 Viewing a Global Configuration In the Historical Configuration section, you can see all global configurations, which are grouped by switch models. To search for a global configuration, enter the global configuration name in the search box (supports fuzzy matching). 1.4.3 Editing a Global Configuration To edit a global configuration, follow these steps: 1. In the Historical Configuration section, locate the global configuration, and then click it. 2. In the Admin Global Config Preview section, click Edit. 3. Edit the configurations as needed. image_031522399_20250624140644.jpg 4. Click Save. 1.5 Configuring Configuration Templates AmpCon-Campus provides powerful configuration templates to help you simplify the configuration writing process: When you add a switch configuration during the switch deployment process, you must select a configuration template. When you push configurations to a switch after the switch is deployed or imported, you can use one or multiple configuration templates. Prepare configuration templates before you add a switch configuration or push configurations to a switch. 1.5.1 Adding a Configuration Template To add a configuration template, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the New Template tab, input the following information: Name: The name of the configuration template. Descr: The description of the configuration template. Model: Select the switch model that is applicable to the configuration template. Version: Select the PicOS version that is applicable to the configuration template. Action: Select Config or Delete. 3. Optional: Click Update CLI Tree to refresh the CLI tree. image.png 4. In the CLI Tree section, add one or multiple template configurations by clicking the plus icon. The selected template configurations appear on the right. image.png 5. Click Save. 1.5.2 Viewing or Editing a Configuration Template To view or edit a configuration template, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Template List tab, locate a switch, and then click View Template. To view a configuration template, select the format for viewing the template in the pop-up window. Then, you can see the template configurations. image.png To edit a configuration template, click Edit in the pop-up window, and then click Save. 1.5.3 Optional: Removing a Configuration Template To remove a configuration template, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Template List tab, locate a switch, and then click Remove Template. 3. Click Yes to confirm the deletion. 1.5.4 Optional: Viewing or Updating Pre-Built Templates To view or update pre-built configuration templates, follow these steps: In the AmpCon-Campus UI, click Service > Config Template, and then click the Template List tab. To view the pre-built templates, click Show Pre-built Template. To refresh the pre-built template list, click Update Pre-built Template. 1.5.5 Optional: Copying a Configuration Template To copy a configuration template, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Template List tab, locate a switch, and then click Copy. 3. Enter the name for the copied template and a description (optional). 4. Click Save. 1.5.6 Optional: Exporting a Configuration Template To export a configuration template, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Template List tab, locate a switch, and then click Export. 1.5.7 Optional: Exporting All Configuration Template To export all configuration templates, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Template List tab, click Export All Template. 1.5.8 Optional: Adding a Label to a Configuration Template To add a label to a configuration template, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Template List tab, locate a switch, and then click Tag Management. 3. In the pop-up window, enter the name of the tag. 4. Click Add. 5. Click Save. 1.5.9 Optional: Uploading a Local Configuration Template To upload a local configuration template, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Template List tab, click Upload Template. 3. In the pop-up window, enter the name of the configuration template and the template description (optional). 4. Click or drag a .txt template file to upload it. 5. Click Upload. image.png 1.6 Adding Switch Configurations Before you provision a switch as described in Provisioning New Switches with ZTP, add a switch configuration. You can also add multiple switch configurations by using a JSON file. 1.6.1 Before You Begin If you provision a switch without adding a switch configuration beforehand, the switch will be in Parking status. The switch in Parking status is not listed on the “Switch” page and can’t be staged. In the AmpCon-Campus UI, click Service > Switch. On the “Switch” page, click Parking Lot, and then you can see all switches in Parking status. Locate a parking switch, and then click Create Config to add a switch configuration. After you add the switch configuration, the switch will be listed on the “Switch” page with the Configured status. Ensure that the global configuration file and configuration template for the switch to deploy have been created. For more information, see "1.4.1 Adding a Global Configuration" and "1.5.1 Adding Switch Configuration Templates". 1.6.2 Adding a Switch Configuration 1. In the AmpCon-Campus UI, click Services > Switch Configuration. 2. Input the following information: Switch SN/Service Tag: The SN or service tag of the switch. Switch Model: Select the switch model of the switch. Deployment Location: The location where the switch exists, such as Beijing. Fabric: Select the fabric that the switch belongs to. The default fabric is selected by default. Select Global Config: Select the global configuration file with configurations to push to the switch. Select Site Template: Select the configuration template to use. Option Post-Deployed: Select whether to back up the switch configuration. image.png 3. Click Next. You can see an input section, which is related to the selected configuration template. Enter the relevant information. image.png 4. Click Save. 5. In the Preview Config pop-up window, preview or edit the global configurations. image.png 6. Click Save. The switch configuration is added now. On the “Switch List” page, you can see the switch status is shown as Configured. 7. Click System Config to select the system configuration that is applicable to the switch. NOTE The selected system configuration needs to contain the default username and password of the switch. image.png 8. Optional: Click Agent to edit the Pushing Agent Configuration information. 1.6.3 Adding Multiple Switch Configurations with a JSON file You can add multiple switch configurations by uploading a JSON file. In this way, you don’t need to add each switch configuration one by one. Follow these steps: 1. Prepare a JSON file with switch configurations. See the following example: { "sn": [ "EC1631000063","EC1806001292","732656X2007017"], "hardware_model": "ag5648", "location": "Beijing", "global_config_name": "2024-8-2-glob-ag5648-test1", "site_template_name": ["test1"], "agent_config": { "enable": true, "vpn_enable": true, "server_domain": "http://pica8.com ", "inband_native_vlan": "4094", "server_vpn_host": "vpn.pica8.com", "inband_vlan": "4094", "server_hostname_prefix": "ac", "inband_lacp": true, "uplink_ports": "te-1/1/49,te-1/1/50", "uplink_speed": "1000" }, "vpn": true, "retrieve_config": true, "default_config_param": { "test1": { "vlan_id": "12", "vlan_name": "23" } }, "unique_config_param": { } } 2. In the AmpCon-Campus UI, click Services > Switch Configuration. 3. Click Upload by JSON. 4. Click or drag a file to upload the JSON file. 5. Click Upload. 1.6.4 Viewing or Editing Switch Configurations In the Historical Switch Config Edit section, you can see all the added switch configurations, which are grouped by switch models. To edit a switch configuration, follow these steps: 1. Locate the global configuration, and then click it. image.png 2. In the pop-up window, click Edit. 3. Edit the configurations as you need. 4. Click Save. 1.6.5 Optional: Checking the Switch Status After you add a switch configuration, check whether the switch status is shown as Configured. If not, locate the switch, and click Log to see more details. image.png 1.7 Staging Switches After you add a switch configuration, you must stage the switch to make it ready for Zero Touch Provisioning (ZTP). 1.7.1 Procedure 1. In the AmpCon-Campus UI, click Service > Switch. 2. In the Switch list, locate the switch, and then click Stage. image.png 3. Check whether the switch status is shown as Staged. image.png After you stage the switch, you can continue to provision new switches with ZTP. 1.8 Provisioning New Switches with ZTP Zero Touch Provisioning (ZTP) is a technology for automated deployment and configuration of network devices. AmpCon-Campus supports using ZTP to provision new switches. ZTP relies on the DHCP service, and thus you need to configure DHCP first. After you plug in and reboot a switch, DHCP automatically provides the switch with an IP address and the address of a provision shell script that is obtained from AmpCon-Campus server. Then, the switch automatically runs the shell script to complete the ZTP deployment: The white-box switch runs the shell script to download a PicOS image, install PicOS and its license, register with the AmpCon-Campus server, update switch configurations, and reboot the switch. The integrated hardware and software switch runs the shell script to register with the AmpCon-Campus server, install a PicOS license on the switch, update switch configurations, and reboot the switch. 1.8.1 Prerequisites Ensure that the following prerequisites are met: The Hardware ID of the switch to provision is added to the AmpCon-Campus license. For more information, see Preparing Licenses. For white-box switches, step 1 to 7 in “1.1.3 Deploying White-Box Switches” are completed. For integrated hardware and software switches, step 1 to 5 in Deploying Integrated Hardware and Software Switches are completed. You have installed a DHCP server and added configurations as follows to the DHCP configuration file (/etc/dhcp/dhcpd.conf): For white-box switches, refer to the following configuration example: host 4610_54t_02 { hardware ethernet C4:39:3A:FF:2C:C0; fixed-address 10.10.51.198; option default-url "http://10.56.20.184/onie"; } The assigned IP address of the switch is "10.10.51.198". The IP address of the AmpCon-Campus server is "10.56.20.184". NOTE The following DHCP option is used:Option default-url: 114 For integrated hardware and software switches, refer to the following configuration example: host S5860-20Q-9-8 { hardware ethernet 64:9d:99:d2:56:54; fixed-address 10.10.51.4; option bootfile-name "system_ztp_start.sh"; option tftp-server-name "10.56.20.180"; } The assigned IP address of the switch is “10.10.51.4“. The IP address of the AmpCon-Campus server is “10.56.20.180”. NOTE The following DHCP options are used: Option bootfile-name: 67 Option tftp-server-name: 66 1.8.2 Provisioning a White-Box Switch 1. Download and install MobaXterm. 2. Open MobaXterm, and then create a session to connect with the switch. 3. Reboot the switch by running the following command: sudo reboot -f 4. If you see the “Hit any key to stop autoboot” message, press the Enter key to exit the autoboot mode. If you don’t see this message, go to step 5 directly. 5. Reboot the switch. For switches with the ONIE menu, select ONIE, and then select ONIE: Install OS. image.png image.png For AS4610 switches, reboot from ONIE by running the following command: run onie bootcmd Then, the switch will be restarted and automatically register with the AmpCon-Campus server. 6. Wait for the registration process to be completed. image.png 7. In the AmpCon-Campus UI, click Service > Switch. Check whether the switch status is shown as Provisioning Success. image.png 1.8.3 Provisioning an Integrated Hardware and Software Switch 1. Download and install MobaXterm. 2. Open MobaXterm, and then create a session to connect with the switch. 3. Reboot the switch by running the following command. sudo reboot image.png Then, the switch will be restarted and automatically register with the AmpCon-Campus server. 4. Wait for the registration process to be completed. image.png 5. In the AmpCon-Campus UI, click Services > Switch. Check whether the switch status is shown as Provisioning Success. image.png 1.9 Importing Switches For switches that are deployed but not deployed with AmpCon-Campus, you can import these switches so that they can be managed by AmpCon-Campus. 1.9.1 Prerequisites The switches to be imported haven’t been managed by AmpCon-Campus. The Hardware IDs of the switches to be imported have been added to the AmpCon-Campus license. For more information, see Preparing Licenses. 1.9.2 Importing a Switch with a Global User 1. In the AmpCon-Campus UI, click Service > Switch. 2. Click Import Actions, and then select Import. 3. In the IP field, enter the IP address of the switch. 4. In the System Config drop-down list, select the appropriate system configuration. NOTE The selected system configuration needs to contain the default username and password of the switch. image.png 5. In the Fabric drop-down list, select a fabric. To add a fabric, see Managing Fabrics. 6. Click OK. 7. In the AmpCon-Campus UI, click Service > Switch. Check whether the switch status is shown as Imported. 1.9.3 Importing a Switch with a Group User 1. In the AmpCon-Campus UI, click Service > Switch. 2. Click Import Actions, and then select Import. 3. In the IP field, enter the IP address of the switch. 4. In the System Config drop-down list, select the appropriate system configuration. NOTE The selected system configuration needs to contain the default username and password of the switch. 5. In the Fabric drop-down list, select a fabric. To add a fabric, see Managing Fabrics. 6. In the Group drop-down list, select a group. To add a group, see Managing Groups. image.png 7. Click OK. 8. In the AmpCon-Campus UI, click Service > Switch. Check whether the switch status is shown as Imported. STEP2 : Up and Running After you deploy or import a switch with AmpCon-Campus, you can push configurations to the switch, manage configurations, back up and restore configurations for disaster recovery, or compare configurations for troubleshooting or auditing. 2.1 Pushing Configurations to Switches After switches are successfully deployed or imported with AmpCon-Campus, you can push configurations to these switches as needed. 2.1.1 Prerequisite Ensure that you have created the configuration templates to push to each switch. For more information, see "1.5 Configuring Configuration Templates". 2.1.2 Procedure To push configurations to one or multiple switches, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Push Config tab, select a folder, and then click Add Node. A node represents a configuration file. 3. Enter the node name and its description (optional). 4. Click OK to save the node. 5. Click the node that you just created, and click Edit. image.png 6. Add configurations to push to switches by using either of the following ways: Enter the configurations manually. Using the configuration templates that you created before: a. Click Generate Config. b. Select a configuration template file from the drop-down list. c. Click Next, and enter the value for each variable. d. Click Save. image.png 7. Click Push Config, and then select the switches to apply these configurations. You can select specific switches in the Config Switch tab or select a group in the Config Group tab. For how to add a group or manage switches in a group, see Managing Groups. image.png 8. Click OK to start the configuration pushing. 2.1.3 Optional: Verifying the Pushing Status and Log To verify whether the configuration is pushed to each switch successfully, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Push Config tab, click Push Config Logs. 3. Click Task List, check whether the pushing status is success. 4. If the pushing status is not success, click Push Log to check more pushing details for troubleshooting. 2.2 Viewing, Editing, or Deleting Configurations On the “Config Files Views” page, you can manage all global configurations and site configurations. In the Push Config tab of the “Config Template” page, you can manage all general configurations. Global configurations Configurations that you created as described in "1.4.1 Adding a Global Configuration" Site configurations Configurations that you created as described in "1.6 Adding Switch Configurations" General configurations Configurations that you pushed to switches as described in "2.1 Pushing Configurations to Switches" 2.2.1 Managing Global Configurations and Site Configurations 2.2.1.1 Viewing or Editing Global and Site Configuration Files 1. In the AmpCon-Campus UI, click Service > Config Files Views. 2. On the “Config Files Views” page, locate the configuration file, and then click View. You can see a pop-up window with detailed configurations. 3. To close the pop-up window, click the close icon. 4. To edit the configurations, click Edit, modify configurations, and then click Save. image.png 2.2.1.2 Checking Switches Associated with a Configuration File 1. In the AmpCon-Campus UI, click Service > Config Files Views. 2. Locate the configuration file, and then click Associated. You can see the switches that are associated with the configuration file. image.png 3. To close the pop-up window, click the close icon. 2.2.1.3 Deleting a Configuration File NOTE If a configuration file is still associated with one or multiple switches, the configuration file can’t be deleted. 1. In the AmpCon-Campus UI, click Service > Config Files Views. 2. Locate the configuration file, and then click Delete. 3. Click Yes to confirm the deletion. 2.2.2 Managing General Configurations 2.2.2.1 Viewing or Editing a General Configuration File 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Push Config tab of the “Config Template” page, click the node that you want to view. Each node represents a general configuration file. image.png 3. To edit a configuration file, click Edit, modify configurations, and then click Save. image.png 2.2.1.2 Deleting a General Configuration File 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Push Config tab, click the node that you want to delete. 3. Click Delete Node. 4. Click Yes to confirm the deletion. 2.3 Backing up and Restoring Configurations You can manually back up switch configurations or automatically back up configurations at a specific interval. In addition, you can restore configurations based on a backup configuration file for disaster recovery. 2.3.1 Backing up Switch Configurations 2.3.1.1 Backing up Configurations for a Single Device To back up configurations for a single switch, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Backup Config. image.png 3. Optional: Check whether the backup file is created successfully. a. Locate a switch, and then click Snapshot List. b. Check whether the backup file is in the snapshot list. c. To see the configuration details, click Snapshot. 2.3.1.2 Backing up Configurations for a Group of Switches To back up configurations for a group of switches, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Config Backup tab, select the group, and then click Backup Config. image.png 3. Optional: Check whether the backup file for each switch is created successfully. a. Locate a switch, and then click Snapshot List. b. Check whether the backup file is in the snapshot list. c. To see the configuration details, click Snapshot. 2.3.1.3 Backing up Configurations Automatically To back up configurations periodically and automatically, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Config Backup tab, set the backup interval and time: Interval Days: The interval in days between each backup Hours: The time in hour to do the backup 3. Click Save. Then, AmpCon-Campus will automatically back up configurations at a specific interval. image.png 2.3.2 Rolling Back Configurations To restore configurations based on a backup configuration file, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Snapshot List. 3. Locate the configuration to roll back, and then click Rollback Config. image.png 4. Set the wait time in seconds. The default value is 10. 5. Click Save. 2.3.3 Optional: Viewing Backup Logs To view configuration backup logs on a switch, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Log. image.png 2.3.4 Optional: Viewing All Configurations on a Switch To view detailed configurations on a switch, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Config. 2.3.5 Optional: Viewing or Deleting Backup Configuration Files To view or delete backup configuration files, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Snapshot List. You can see all available backup configuration files for the switch. To view configuration details, click Snapshot. To delete a backup configuration file, click Delete. image.png 2.3.6 Optional: Uploading Local Configuration Files You can upload a local switch configuration file to AmpCon-Campus. After you upload the configuration file, the uploaded configurations can’t be pushed to the switch directly but can be pushed to the new switch during the Returning Merchandise Authorization (RMA) process. If you didn’t back up configurations but uploaded a local configuration file before, when you RMA, the uploaded configurations will be pushed to the new switch. If you backed up configurations and also uploaded a local configuration file before, when you RMA, the backup configurations will be pushed to the new switch. To upload a local configuration file, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Upload Config. image.png 3. Select a .boot file with switch configurations and upload it. image.png 4. Click Config. In the pop-up window, check whether the uploaded configurations are added. image.png 2.3.7 Optional: Setting Golden Config The backup file with Golden Config will never be deleted. When the switch operation is compromised, the backup file with Golden Config is used to roll back a switch. You can also check whether the switch is operating as designed by comparing running configurations with the backup configuration file with Golden Config. To set Golden Config, follow these steps: 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Snapshot List. 3. Locate a backup file, and then click Set Golden Config. 2.3.8 Optional: Adding or Deleting Configuration File Tags You can add or delete tags for a backup configuration file. Follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Snapshot List. Locate a backup snapshot, and then click Tag Management. To add a tag, enter the tag name, and then click Add > Save. image.png To delete a tag, locate the tag, click the deletion icon, and then click Save. 2.4 Comparing Running or Backup Configurations You can compare running configurations or backup configurations on one switch or on different switches. Running configurations Configurations that are currently running on a switch Backup configurations Configuration files that were backed up as described in "2.3 Backing up Switch Configurations" 2.4.1 Procedure 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the first SN field, click Select to choose one switch to compare. 3. In the pop-up window, select the switch. 4. In the first Select Config drop-down list, select a running configuration file or a backup configuration file. NOTE The running configuration is available only for online switches (switches can connect with the AmpCon-Campus server). image.png 5. In the second SN field, click Select to choose another switch to compare. 6. In the pop-up window, select the switch. 7. In the second Select Config drop-down list, select a running configuration file or a backup configuration file. Then, you can see configuration differences as follows: image.png 2.5 Comparing Running Configurations with Initial Configurations You can compare running configurations with initial configurations on the same switch. Initial configurations Configurations that you selected when you add a switch configuration, including the global configuration file and the configuration template Running configurations Configurations that are currently running on the switch NOTE This feature doesn’t support the following scenarios: Comparing configurations on different switches Comparing configurations on imported switches Comparing configurations on disconnected switches (switches can’t connect with the AmpCon-Campus server) 2.5.1 Prerequisites Check the Mgmt IP column on the “Switch” page, and ensure that the switch to compare is connected to the AmpCon-Campus server. √: The switch is connected to the AmpCon-Campus server. x: The switch is not connected to the AmpCon-Campus server. image.png Ensure that the switch to compare is not in Imported status on the “Switch” page. NOTE After you Return Merchandise Authorization (RMA) to replace an imported switch with a new switch, the new switch is shown as Provisioning Success. However, you can’t compare running configurations with initial configurations on this new switch. This is because the new switch is configured by using the backup configuration file or uploaded configurations of the imported switch during the deployment process, instead of by creating a switch configuration. 2.5.2 Procedure 1. In the AmpCon-Campus UI, click Service > Config Template. 2. In the SN field, click Select. image.png 3. In the pop-up window, select the switch to compare. image.png 4. In the Template field, click Select. 5. In the pop-up window, select the global configuration file and the configuration template that you pushed to the switch during the initial switch deployment process. Then, click Generate. image.png 6. In the SN drop-down list, select Running Config(set format) or Running Config(all set format). Running Config(set format): Displays configurations as the show | display set command result in the switch Running Config(all set format): Displays configurations as the show all | display set command result in the switch Then, you can see differences between the running configurations and the initial configurations on the switch. image.png STEP3 : Keep Going Now that you have your devices connected and in tip-top condition, you can keep going onto the next stages of automating your enterprise network deployment. Use these links to continue your journey with AmpCon-Campus enterprise network automation. 3.1 What's Next? If you want to Then Monitor these switches easily See the Monitoring Switches section in the AmpCon-Campus Management Platform User Manual V2.1.1 Have AmpCon-Campus licenses and PicOS® licenses See the Managing Licenses section in the AmpCon-Campus Management Platform User Manual V2.1.1 Run Ansible playbooks with AmpCon-Campus See the Running Ansible Playbooks for Automation section in the AmpCon-Campus Management Platform User Manual V2.1.1 3.2 General Information If you want to Then See all FS AmpCon-Campus documentation Visit AmpCon-Campus Documentation 3.3 Learn with Videos Our video library continues to grow! We’ve created many videos that demonstrate how to do everything from install your hardware to configure advanced AmpCon-Campus network features. Here are some great video and training resources that will help you expand your knowledge of AmpCon-Campus. If you want to Then Watch short demos to learn how to use AmpCon-Campus to automate and validate the design, deployment, and operation of enterprise network networks, from Day 0 through Day 2+ Watch PicOS® & PicOS-V, AmpCon™ Configuration Guide playlist on the official YouTube channel for FS.com Get short and concise tips and instructions that provide quick answers, clarity, and insight into specific features and functions of FS technologies Watch FS Networks YouTube main page

Home/
Documentazione/
PicOS® Switch Aziendali/
AmpCon-Campus Piattaforma di Gestione /
LIS-AMPCON-CAM-FPSW-Foundation-3Y/
Deployment Guide/

PicOS® vs. SONiC Operating System Comparison

22 ago. 2025 - PicOS® vs. SONiC Operating System Comparison Document overview This document aims to comprehensively compare PicOS® and SONiC software, with a focus on showcasing the strengths of PicOS®. Through comparisons of software positioning and functionality, we will summarize the positioning advantages of PicOS® across various dimensions and explore its functional features. Readers will gain insights into these two software platforms through this document, aiding in the selection of an operating system that best suits their needs. Software positioning PicOS® features easy integration, supports multiple hardware platforms, and offers the Ampcon™ unified management platform, enhancing flexibility and efficiency in network configuration and management. Additionally, PicOS® provides extensive protocol support, including MLAG, EVPN, VXLAN, among others, delivering reliable solutions for enterprise networks and data center environments. SONiC is an open-source network operating system characterized by openness, high scalability, and programmability. Its flexible programmable interface and rich automation tools simplify network configuration and management, making it particularly suitable for environments requiring flexibility and customization. Dimensions PicOS® SONiC Operating System Linux-based network operating system supporting multiple hardware brands, including Edgecore, Delta, Dell, FS, etc. Linux-based network operating systemsupporting multiplehardware brands, including Mellanox, Broadcom, Dell, etc. Management Platform Supports the Ampcon™ management platform to simplify network management, providing a web-based user interface, and enabling zero-touch provisioning (ZTP), deployment, and lifecycle management. No unified management platform, managed basedonRESTAPI and YANG models, supporting the management of network devices in an open, standardized manner. Application Scenarios More suitable for enterprise networks and data center environments that require stability and ease of management. More suitable for large data centers and cloud serviceprovider environments that require high network automation and flexibility. Security Features Features Supports iptables firewall, IPSec, SSL/TLS, ACL, SSH, SNMPv3, etc., compatible with open-source intrusion detection systems like Snort, and supports custom security configurations. Supports standard Linux security tools such as ACL control, DDoS protection, and MACsec, suitable for high-securityrequirements in data center environments. Performance and Stability Adopts a modular design allowing independent component operation and updates, supports protocols such as PFC/ECN, BGP, OSPF, EVPN VXLAN, MLAG. Adopts a microservices architecture, with modular designsuitable for complex topologies, while supporting protocolslike BGP, OSPF, EVPN, VXLAN. Virtualization and Emulator Support Provides PicOS-V, which supports free virtual machines (VMs) without the requirement for switch hardware. PicOS-V can run on popular virtual machine management programs like VMware, GNS3, and VirtualBox. Does not directly provide virtualization or emulator support. To run and test in a virtualized environment, users needtochoose other tools or platforms to implement it themselves. Software Updates and Lifecycle Regularly releases stable version updates by the team, with a relatively controllable update pace, clear lifecycle management. It also provides stable maintenance versions, allowing flexible patch releases to address urgent customer issues. Driven by the open-source community for updates, it mayhave a higher update frequency. The community introducesfeatures and optimizations based on demand, but thequality and stability of updates rely on the community'smaintenance efforts and vendor support for secondarydevelopment. Support and Services Provides official support and extensive third-party hardware compatibility, ensuring fast response times. Additionally, it offers software customization services to tailor and develop specific features based on customer business needs. Relies on community support and support frompartners, with relatively limited commercial support. Users may needan internal technical team to address the majority of technical issues. Learning Costs Based on the Linux system, supports common Linux commands and automation tools (such as Ansible), suitable for existing Linux technical teams with low learning costs. As an open-source project with complex networking functionalities and configuration options, the learningcurvefor new users may be steep, requiring time and effort tobecome familiar with the system. Software function Compared with SONiC, PicOS® has more comprehensive support for Layer 2 functions and securityfunctions, and has more advantages in supporting important functions such as Voice VLAN, DynamicARPinspection (DAI), and NAC, and can provide more complete network management and security guarantees. Primary Specifications Secondary Specifications PicOS® SONiC System Management System time management: manual method, NTP, PTP Y Y Layer 2 Switching Configuration Voice VLAN Y N Spanning Tree Protocol Y Y Private VLAN Y N Ethernet Ring Protection Switching (ERPS) Y N IP Service Configuration Guide Dynamic ARP inspection(DAI) Y N Equal-Cost Multipath Routing (ECMP) Y Y IPv6 Y Y DHCP Relay Agent Y Y DHCP Snooping Y Y IP Routing Configuration OSPF Y Y OSPFv3 Y Y IPV4/IPv6 BGP Y Y IS-IS Y Y Precision-time protocol(PTP) N Y Multicas Configuration IGMP Y Y Multicast Listener Discovery(MLD) N Y PIM Y Y IGMP Snooping Y Y VPN Generic Routing Encapsulation Protocol (GRE) Y Y VXLAN VXLAN Y Y EVPN Y Y High Availability Dynamic Load Balancing Y Y Virtual Router Redundancy Protocol (VRRP) Y Y MLAG Y Y VSU(Virtual Switching Unit)【RJ】 Virtual Chassis Technology【Juniper】 N N MPLS N N EFM OAM Y N Uplink Failure Detection (UFD) Y N Lossless Network PFC, Priority Flow Control Y Y PFC Wachdog Y Y ECN, Explicit Congestion Notification Y Y DLB, Dynamic Load Balancing Y Y Security Media Access Control Security (MACsec) N Y NAC Y N IPv4SG (IPv4 Source Guard) Y N IPv6SG (IPv6 Source Guard) Y N QoS Service Configuration Queue scheduler Y Y Traffic policing Y Y Congestion management : WRED Y Y Congestion avoidance : ECN Y Y Network Management and Monitoring RESTCONF Y Y NETCONF Y Y POE(Power over Ethernet) Y N/A Telemetry Protocol Y Y SDN Y Y Remote Network Monitoring (RMON) Y N Online resources PicOS® Enterprise Switches: https://www.fs.com/c/picos-enterprise-switches-4223 PicOS® Data Center Switches: https://www.fs.com/c/picos-data-center-switches-5125 AmpCon™-DC Platform: https://www.fs.com/c/ampcon-campus-platform-5513 AmpCon™-Campus Platform: https://www.fs.com/c/ampcon-dc-management-platform-4227

Home/
Documentazione/
PicOS® Switch Aziendali/
1/2.5G PicOS® Switch/
S3270-10TM/
Competitive Comparison/