Search result for "319527"
Types
Types
Sort by
PicOS® Quick Deployment Guide
Nov 04, 2025 - PicOS® Quick Deployment Guide 1. Getting Started with PicOS® 1.1 Understanding PicOS® 1.1.1 About the Quick Deployment Guide PicOS® Quick Deployment Guide provides a high-level introduction to PicOS® and explains basic concepts and operational principles for working with PicOS® network devices. In this guide, we explain the basics of PicOS®, including: Understanding the network operating system software How to access PicOS® network devices How to perform the initial device configuration, including the root password, hostname, management and loopback interfaces, user accounts, and backup router configuration 1.1.2 Operating system infrastructure PicOS® includes processes that run on the device, including IP routing, Ethernet switching, management interfaces, and various other functions. PicOS® runs on the routing engine. The routing engine kernel coordinates communication between software processes and provides a link to the packet forwarding engine. Using the CLI, you can configure device functions and set network interface properties. After activating the software configuration, the CLI user interface is used to monitor and manage operations, as well as diagnose protocol and network connectivity issues. Routing Engine and Packet Forwarding Engine A PicOS® network router or switch has two main software processing components: Packet Forwarding Engine – Handles packets, applies filters, routing policies, and other functions, and forwards packets to the next hop on the route to their final destination. Routing Engine – Provides three primary functions: Maintains the routing table used by network devices and controls the routing protocols running on the device. Performs packet forwarding by providing route lookup, filtering, and switching for incoming packets, then directing outgoing packets to the appropriate interface for transmission onto the network. Provides control and monitoring functions for the device. 1.2 Access a PicOS® Network Device 1.2.1 Overview of PicOS® Network Device Initial Configuration After installing and starting a PicOS® Networks device, you can begin the initial configuration. All devices come pre-installed with a version of PicOS®. The procedures in this guide show you how to connect the device to the network without enabling traffic forwarding. For complete information on enabling traffic forwarding, including examples, refer to the Software Configuration Guide. Notes: For an overview of PicOS® and detailed information on configuration statements and CLI commands, refer to PicOS® Configuration Guide V4.4.5. By default, console access to the device is enabled. Initially, connect to the device using the Console Port. Before configuring the device, gather the following information: The name the device will use on the network The IP address and prefix length information for the Ethernet interface The IP address of the default gateway The most common method for configuring the device is using CLI commands. 1.2.2 Console Port Overview The Console Port allows access to a device running PicOS®, regardless of its state, unless the device is completely powered off. By connecting to the Console Port, you can access the device at the root level without relying on a network connection. The Console Port connection provides continuous direct access to the device, which is typically available even if the primary network fails. We recommend using the Console Port connection for all PicOS® and software package upgrades, as this connection remains open during the upgrade process, allowing you to monitor status and progress. Other network-based connections, such as SSH or Telnet, are usually interrupted during a software upgrade, which may result in the loss of status updates or error messages. 1.2.3 How to Access a PicOS® Network Device for the First Time When you power on a device running PicOS®, it automatically starts up. To perform the initial configuration, you must connect a terminal or laptop to the device via the Console Port. By default, console port access to the device is enabled. However, remote management access and all management protocols (such as Telnet, FTP, and SSH) are disabled by default. First Time Access to the Network Device: a) Connect your laptop or desktop computer to the Console Port on the front panel of the device. Port Settings Use the following port settings to connect a terminal or a computer to the switch console port: Baud rate: 115200 Data bits: 8 Stop bits: 1 Note: The default width for terminal sessions through the Console Port is 80 characters. This means that the terminal client width should be at least 80 characters to properly use the Console Port. Most terminal clients have a default width of 80 characters. b) Power on the device and wait for it to boot. The software will start automatically. Once the boot process is complete, you will see the PicOS login: prompt on the console. c) Log in as the user admin. By default, PicOS® has two users: root and admin. On the first login, you must manually set the password for the admin account. The user should use pica8 as the password on the first login. After that, the system will prompt the user to change the default password. The new password must be a string of 8 to 512 case-sensitive characters. PicOS login: admin Password: (input default password "pica8") You are required to change your password immediately (administrator enforced) Changing password for admin. Current password: (input "pica8" again) New password: (input new password: the new password should be no less than eight characters) Retype new password: (input new password again) Linux PicOS 5.10.23 #2 SMP Mon Aug 12 09:14:57 CST 2024 x86_64 Synchronizing configuration...OK. Welcome to PicOS admin@PicOS> d) After the switch boots up, it automatically enters the PicOS® CLI. admin@PicOS> e) Type configure to access CLI configuration mode admin@PicOS> configure admin@PicOS# 1.3 Device Hostname 1.3.1 Hostname Overview Almost every device in a network has a hostname. The hostname is the name used to identify the device on the network. It is easier to remember than an IP address. When you first boot a PicOS® network device, the default hostname is PicOS®. The PicOS® prompt indicates that the device is loading the new PicOS® software from the factory settings. By definition, such devices do not have a configured hostname. As an administrator, you need to follow naming conventions for devices. One convention is to name the device based on its location, such as: germany-berlin-R1. Make sure the hostname is unique within the local network so that users can connect to the device using that hostname. You do not need to make the local hostname globally unique. In PicOS®, the hostname can contain any combination of letters, numbers, and hyphens. Special characters are not allowed. As a best practice, use short and meaningful hostnames because long hostnames are difficult to type and remember. 1.3.2 Configure the Device Hostname A host name distinguishes one device from another. The default host name is the system name PicOS®. You can modify the host name as required. a) In the configuration mode, specify or modify a host name for the switch. set system hostname b) set system hostname commit c) Verifying the Configuration After the configuration is completed, in the configuration mode, use run show system name command to view the new host name. d) Other Configurations To reset the hostname to default, use delete system hostname command. 1.4 Management Ethernet and Loopback Interfaces 1.4.1 Management Ethernet Interface Overview The management interface is the primary interface for remotely accessing the device. Typically, the management interface does not connect to the in-band network but instead connects to the device’s internal network. As a system administrator, you can use the management interface to access the device through the network using utilities such as SSH and Telnet. You can configure the device from anywhere, regardless of its physical location. SNMP can use the management interface to collect statistics from the device. Authorized users and management systems use the management interface to connect to the device over the network. Some PicOS® network devices have dedicated management ports on the front panel. For other types of platforms, you can configure the management interface on one of the network interfaces. You can dedicate this interface to management, or share it with other traffic. You must configure the management interface before users can access it. To set up the management interface, you need information such as its IP address, prefix, and next hop. We recommend configuring the device so that traffic is not routed between the management interface and other ports. On many devices running PicOS®, traffic cannot be routed between the management interface and other ports. Therefore, you should choose an IP address with a separate prefix (network mask) in a separate (logical) network. For devices running PicOS®, the management Ethernet interface is typically named ETH0. 1.4.2 Configure Management Interface PicOS® switches provide one or two Ethernet management ports for switch configuration and out-of-band network management. See Figure 1, which shows the console and management ports of the PicOS®-3930 switch. The port labeled ETHERNET is the management port, while the port labeled CONSOLE is the console port. Figure 1. Console and Management Ports image.png Configure IP Address for Management Interface To facilitate the device management and meet the requirement of separating the management traffic from the data traffic, the switch supports the in-band or out-of-band management interface with the factory default IP address 192.168.1.1/24. If the switch cannot obtain the IP address through DHCP, the factory default IP address is valid, and you can access it through PCs in the same network segment. Besides, you can manually configure the IP address as needed. a) In the configuration mode, specify the IP address for management interface. set system management-ethernet eth0 ip-address {IPv4 | IPv6} set l3-interface vlan-interface inband-mgmt address prefix-length b) Commit the configuration. commit c) Verifying the Configuration After the configuration is completed, in the configuration mode, use run show system management-ethernet command to view the MAC address, IP address, state and traffic statistics. d) Other Configurations To clear the configuration of management interface, use delete system management-ethernet eth0 ip-address command. 1.4.3 Loopback Interface Overview The Internet Protocol (IP) specifies a loopback network with the address range (IPv4) 127.0.0.0/8. Most IP implementations support a loopback interface (lo0) to represent the loopback facility. Any traffic sent by computer programs to the loopback network is sent to the same computer. The most commonly used IP addresses on the loopback network are 127.0.0.1 (IPv4) and ::1 (IPv6). The standard domain name for this address is localhost. You can use the loopback interface to identify the device. While you can use any interface address to determine if the device is online, the loopback address is the preferred method. Even though interfaces may be removed or have their addresses changed due to changes in the network topology, the loopback address will never change. When you ping a single interface address, the result does not always reflect the health of the device. For example, a mismatch in the subnet configuration at both ends of a point-to-point link can make the link appear down. Pinging an interface to check if a device is online may lead to misleading results. The interface could be unavailable due to issues unrelated to the device’s configuration or operation. The loopback interface helps address these issues. Benefits Since the loopback address never changes, it is the best way to identify a device on the network. The loopback interface is always up and accessible as long as there is a route to that IP address in the IP routing table. Thus, it can be used for diagnostics and troubleshooting. Protocols such as OSPF use the loopback address to determine protocol-specific attributes of the device or network. Additionally, certain commands (e.g., ping mpls) require the loopback address to function properly. 1.4.4 Loopback Interface Configuration The loopback interface is always Up to ensure network reliability. The loopback interface has the following features: The loopback interface is always Up and has the loopback feature. The loopback interface can be configured with the mask of all 1s. Based on the preceding features, the loopback interface has the following applications. The IP address of a loopback interface is specified as the source address of packets to improve network reliability. When no Router ID is configured for dynamic routing protocols, the maximum IP address of the loopback interface is configured as the router ID automatically. a) In the configuration mode, specify the name and IP address for the loopback interface. set l3-interface loopback address prefix-length 32 set l3-interface loopback address prefix-length 128 b) Commit the configuration. commit c) Verifying the Configuration After the configuration is completed, in the configuration mode, use run show l3-interface loopback command to view the state, IP address, description and traffic statistics. d) Other Configurations By default, the loopback interface is enabled when created. To disable the loopback interface, use set l3-interface loopback disable command. To clear the configuration of loopback interface, use delete l3-interface loopback interface command. 1.5 Initial User Account 1.5.1 User Account Overview User accounts provide a way for users to access the device. For each account, you can define the user's login name, password, and any other user information. While it is common to use a remote authentication server to centrally store user information, it is also a good practice to configure at least one non-root user on each device. This way, you can still access the device even if the connection to the remote authentication server is interrupted. This non-root user is typically given a generic name, such as admin. 1.5.2 Configure User Account in the Configuration Group Here are two types of user accounts: super-user and read-only. The newly created user account, by default, is read-only. NOTE: "net-admin" is not allowed to use when configuring a username. Creating a User Class and Password admin@XorPlus# set system login user ychen authentication plain-text-password pica8 admin@XorPlus#set system login user ychen class super-user admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Login Announcement after Login admin@XorPlus# set system login announcement "welcome the switch-1101" admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Multi-line Login Announcement after Login The following example configures a multi-line announcement which will be printed on the teminal after user login. admin@XorPlus# set system login multiline-announcement 1 message "**********************************************" admin@XorPlus# set system login multiline-announcement 2 message "Welcome to the system!" admin@XorPlus# set system login multiline-announcement 3 message "**********************************************" admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Login Banner before Login admin@XorPlus# set system login banner "Hello! Welcome!" admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Multi-line Login Banner before Login The following example configures a multi-line banner which will be printed on the teminal before user login. admin@Xorplus# set system login multiline-banner 1 message "*********************NOTICE***********************" admin@Xorplus# set system login multiline-banner 2 message "This is a property of Pica8." admin@Xorplus# set system login multiline-banner 3 message "All users log-in are subject to company monitoring!" admin@Xorplus# set system login multiline-banner 4 message "**************************************************" admin@Xorplus# commit 1.5.3 Enable Remote Access Services Configuring the SSH Connection Limit admin@XorPlus# set system services ssh protocol-version v2 admin@XorPlus# set system services ssh connection-limit 5 admin@XorPlus# commit Waiting for merging configuration. Commit OK. Save done. admin@XorPlus# Enabling and Disabling Inband Service By default, SSH with inband interfaces are disabled. You can enable inband services by entering the command below. Set the L3 VLAN interface VLAN400 in the default VRF as the in-band management port. admin@Xorplus# set system inband vlan-interface VLAN400 admin@Xorplus# commit Set the loopback interface IP in the default VRF as the in-band management IP. admin@Xorplus# set system inband loopback 192.168.10.1 admin@Xorplus# commit Set the routed interface rif-ge3 in the default VRF as the in-band management port. admin@Xorplus# set system inband routed-interface rif-ge3 admin@Xorplus# commit Configuring the Idle Timeout for SSH User admin@Xorplus# set system services ssh idle-timeout 60 admin@XorPlus# commit Waiting for merging configuration. Commit OK. Save done. admin@XorPlus# Configuring the Port Number of the SSH server Users can use this command to configure the new port number of SSH server to prevent attackers from accessing the standard port of SSH service and ensure security. The default listening port number of the SSH server is 22. Note that, if the modified port number is not 22, the client needs to specify port number when logging in using SSH. admin@Xorplus# set system services ssh port 30 admin@Xorplus# commit Enabling Telnet Service The PicOS® switch supports functioning as a telnet server. To enable the telnet server function, users can enable the telnet service. The following command enables telnet service on the device. NOTEs: Telnet service is insecure. Do not enable a telnet server if you don't know what exactly it may mean. Limit to a maximum of 20 connections within 10 seconds. Terminate the session in 60 seconds if the connection is not successful. admin@PicOS# set system services telnet disable false admin@PicOS# commit 2. PicOS® Overview When using ONIE installer to install PicOS®, the installer reinstalls the software, rebuilds all the PicOS® file system. This can erase the configuration files and system logs from the previous installation. After a successful ONIE installation of PicOS® 4.x, the system generates multiple system partitions including PicOS® (partition size: 2G), PicOS®2 (partition size: 2G) and User-Data partitions. Among them, PicOS® and PicOS®2 are two independent system boot partitions. One of them is the active partition on which the running system resides, and the other is the inactive partition. The two-system-boot-partition feature allows the system to revert to a previous version of the installed software package when the it fails to upgrade PicOS® by using upgrade2 command. The ONIE installer removes all partitions to rebuild a brand new OS only when there is no User-Data partition. However, if there exists a User-Data partition (for example, install a new version 4.0.1 from the old one 4.0.0), the ONIE installer only rewrites the "PicOS®" partition, installs the new installation package to this partition and sets the system on "PicOS®" partition as the default and sole boot system. User-Data partition is a reserved partition which is not affected by ONIE installer and upgrade unless user manually removes it. User-Data partition uses all the available space left on the disk. Users can use this partition to store files and data. This document describes how to install PicOS® 4.x software using ONIE installer. 3. Install, Upgrade, and Downgrade PicOS® Software 3.1 Overview of Software Installation and Upgrade 3.1.1 What is ONIE ONIE (Open Network Install Environment) is an open source project of OCP (Open Compute Project). ONIE provides the environment to install any network operating system on a bare metal network switch. ONIE liberates users from captive pre-installed network operating systems, like the Cisco IOS, and provides them with a choice. ONIE is a small Linux operating system that comes pre-installed as firmware on bare metal network switches. ONIE acts as an enhanced boot loader, extending the features provided by U-Boot. ONIE is used to install PicOS® on compatible switches. The bare metal switches listed in the PicOS® Hardware Compatibility List must be pre-loaded with ONIE prior to installing PicOS®. 3.2 Preparation for Software Installation and Upgrade The installation methods used to install a new PicOS® are traditional installation and nos-boot-mode installation. You can choose a suitable installation method that is convenient and appropriate for your installation environment. If you want to install PicOS® through a console port, refer to PicOS® Configuration Guide V4.4.5. If you want to install the PicOS® through a non-console port (through the management port), refer to PicOS® Configuration Guide V4.4.5. Notes: You need to log in through the console port of the switch and perform the ONIE installation. Other NOSes including user data will be removed when install PicOS® under ONIE environment. When the ONIE installer is used to downgrade the PicOS® version from version 4.x to PicOS® 3.x or lower versions, we first need to use ONIE to uninstall the higher version PicOS® before proceeding with installing PicOS® 3.x or a lower version. On the ARM platform, execute the onie_uninstaller command at the ONIE prompt to uninstall the current version PicOS®. On the x86 platform, select the "ONIE: Uninstall OS" option in the GRUB menu to uninstall the current version PicOS®. If you enter GRUB rescue mode and the switch has GPT format partition, you can use the following commands to reset the GRUB boot variable to enter ONIE GRUB and then install PicOS®. grub rescue> set prefix=(hd0,gpt2)/grub grub rescue> set root=(hd0,gpt2) grub rescue> insmod normal grub rescue> normal Do not plug in the USB disk during onie-nos-installer process until ONIE starts up. If you have plugged in the USB disk before the installation operation, ONIE will find the installer on the USB disk when beginning the installation. On AS4610 series switches, when installation is complete, the installer will display: Please take out the usb disc, then remove the USB disk within 10 seconds after installation successful, and before machine restarts. All X86 platforms share one installation and upgrade package with the name fixed as: onie-installer-PicOS-VERSION-x86.bin, where VERSION is the release version. X86 platform are listed below: FS N9550-32D FS N8520-32D FS N9550-32D FS N8610-32D FS N8610-64D FS N9550-64D FS N8550-64C FS N5850-48S6Q FS N8550-48B8C FS S5580-48Y FS S5890-32C FS N8560-32C FS N8550-32C FS N8550-64C FS N8560-64C FS N8550-24CD8D FS S6860-24CD8D FS N5570-48S6C Edgecore AS4625-54P Edgecore AS4625-54T Edgecore AS4630-54TE Edgecore AS4630-54NPE Edgecore AS4630-54PE Edgecore AS5712-54X Edgecore AS5812-54T Edgecore AS5812-54X Edgecore AS7312-54X Edgecore AS7312-54XS Edgecore AS7326-56X Edgecore AS7712-32X Edgecore AS7726-32X Edgecore AS6812-32X Edgecore AS7816-64X Edgecore AS5835-54X Edgecore AS5835-54T Edgecore AS9716-32D Edgecore AS9726-32DB Edgecore AS9737-32DB Edgecore AS9736-64D DELL N3248P-ON DELL N3248PXE-ON DELL N3248TE-ON DELL N3224PX-ON DELL N3224P-ON DELL N3248X-ON DELL S4048-ON DELL S4148F-ON DELL S4148T-ON DELL S4128F-ON DELL S5224F-ON DELL S5296F-ON DELL S5212F-ON DELL S5248F-ON DELL S5232F-ON DELL Z9100-ON DELL Z9264F-ON DELL N3224T-ON DELL S4128T-ON DELL N3224F-ON DELL N2224PX-ON DELL N2224X-ON DELL N2248PX-ON DELL N2248X-ON DELL N3208PX-ON Delta AG7648 Delta AG5648 v1-R Delta AG9032v1 3.3 Upgrade and Downgrade Software 3.3.1 Traditional Installation NOTE: You need to log in through the console port of the switch and perform the ONIE installation described in this section. The installation method described in this section only applies to platforms that have pre-installed ONIE. 3.3.2 Manual Installation Process The following example describes the installation of PicOS® via manual installation method. Step1 Make sure that the installation package of .bin file has been load to the server (server could be HTTP, TFTP, or an FTP server or the switch local directory depending on the actual installation environment). Step2 Enter ONIE installation environment. The process is different on the following two types of platforms: ARM Platforms (AS4610 Series Switches) a) Verify that the switch is pre-loaded with ONIE, which will be used to load PicOS® on the switch. Power on the switch and interrupt the boot sequence by pressing any key when the following line is shown: Hit any key to stop autoboot: b) User will then reach the U-Boot command prompt indicated by ->. Run the printenv command at the U-Boot prompt. If the information displayed contains keywords like onie_initargs and onie_machine, the switch is pre-loaded with ONIE. LOADER->printenv active=image1 autoload=no baudrate=115200 bootcmd=run check_boot_reason;run PicOS_bootcmd;run onie_bootcmd bootdelay=10 check_boot_reason=if test -n $onie_boot_reason; then setenv onie_bootargs boot_reason=$onie_boot_reason; run onie_bootcmd; fi; consoledev=ttyS0 dhcp_user-class=arm-accton_as4610_54-r0_uboot dhcp_vendor-class-identifier=arm-accton_as4610_54-r0 ethact=eth-0 ethaddr=00:18:23:30:E7:8F fdtaddr=0xc00000 fpboot=setenv bootargs console=${consoledev},${baudrate} maxcpus=2 mem=1024M root=/dev/ram ${mtdparts} ubi.mtd=4 ethaddr=$ethaddr quiet gatewayip=192.168.0.1 initrd_high=0x80000000 ipaddr=192.168.0.1 loadaddr=0x70000000 loads_echo=1 mfg=mfg mfgdiags=run fpboot ; nand read ${loadaddr} diags ; bootm ${loadaddr} mfgdiags_recovery=nand read ${loadaddr} diags2 ; nand erase.part diags ; nand write ${loadaddr} diags mtdids=nand0=nand_iproc.0 mtdparts=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) netmask=255.255.255.0 nos_bootcmd=true onie_args=run onie_initargs onie_platformargs onie_bootcmd=echo Loading Open Network Install Environment ...; echo Platform: $onie_platform ; echo Version : $onie_version ; nand read $loadaddr $onie_start 0x00c00000 && run onie_args && bootm ${loadaddr} onie_dropbear_dss_host_key=begin-base64@600@d#AAAAB3NzaC1kc3MAAACBAIN7HOS7UGtQ+RS9R5Rdim9s4iadCBQ9SEFnHJZ2#ulK15hN2p1BOJ1Mf4qb/oHFGIt8hvopq157ejsJcSPuR9scXE2aYQO7r1+Ie#1MKoR3HyEFKgPhNUr0qYNiIaWGw2UUXivLUlhjmaPhjItsttb6AezNB6N1ap#TmIeEUse0NQBAAAAFQDndwbRrSsw6G/W4wd0LJVAjuyq2QAAAIAe/zGPyPNn#UwwV+i+j3l1W9IFhjA/ovXfX7PQtjHB7OJcInSpOA2gXLXHU2kYDkn+ymJQI#8Tn558nLHq64n9hIJzwaQH4ajMipBNwqR0WtpPXEaow9InDzjs+qFY0HAcTv#7DMEY9BGiJAUUSSCSFZ9dEYHIWUdk6WIpDUMX4b2ewAAAIB6bC+fHzr+Qaet#GjzynI0tApbzyydXKuIiIH6EDh2QEaP0E+TSxJ+C4xfyBAp1j0kvj0IYWR2P#H9ur0RaxDaCmKwIQs1gTJh/137Yd+OsqEV3JnrZxlEKk2DmI5c2wrGtl4oUp#XJfc+viahpFeCsGzsqGHHADWNsjlpKt457QCuQAAABUAk5406cTH4nZO0qlj#6irYf4WA65E=#====# onie_dropbear_rsa_host_key=begin-base64@600@r#AAAAB3NzaC1yc2EAAAADAQABAAAAgQCMTqwNhnJpuSLYAdRA/jjm1lyBaJF1#ovs3Hp0G7XkYnY4+JNPTCYgnmfMQnM83PQncuy89AqehJ2V22LGjpRiqT56K#MRr+hQoSWEbAObRd1azZF45pbxiQaQiQxNzIKbHDDWlGlycXfv8w9ZCElbxj#Ja7bkwmwg9EsBlW0d5u0BQAAAIAFr0FOyfn0OR1FiatvF624Aorcbl9oV/pc#JRghGfl8SxPihizz4bC7xAPCUkwd9ZHi+M2E6AjhIV69xjFKS0vYuQplvl8G#9R8YsnmP5B45TyLE3dW5V2/g+LQERQdFpRaSsPqEPHSlXPq4XHLGLRFItEBt#ohp41Qm+eA6efsAMIQAAAEEA4Y90xi8N1SuwjRk53fqpP8dC+FPnU850XtC1#cKG0rBt6v9qD+BTxxfE6GEpYM+N0fLyECbgBjA2LQF6CG3G15QAAAEEAnz3v#3POrcsMK2LkSNjWzAhzUqOWyOaNlhcvgh+2Xfj2tHyOTpZ09gCm483v1rui9#63uYu4QQurpATrHMcLIjoQ==#====# onie_initargs=setenv bootargs quiet console=$consoledev,$baudrate onie_machine=accton_as4610_54 onie_machine_rev=0 onie_platform=arm-accton_as4610_54-r0 onie_platformargs=setenv bootargs $bootargs serial_num=${serial#} ${platformargs} eth_addr=$ethaddr $onie_bootargs $onie_debugargs onie_recovery=nand read ${loadaddr} onie2 ; nand erase.part onie ; nand write ${loadaddr} onie onie_rescue=setenv onie_boot_reason rescue && boot onie_start=onie onie_sz.b=0x00c00000 onie_uninstall=setenv onie_boot_reason uninstall && boot onie_update=setenv onie_boot_reason update && boot onie_vendor_id=27658 onie_version=master-201603091701-dirty PicOS_bootcmd=usb start;run platformargs;setenv bootargs root=/dev/sda1 rw noinitrd console=$consoledev,$baudrate rootdelay=10 $mtdparts;ext2load usb 0:1 $loadaddr boot/uImage;bootm $loadaddr platform=accton_as4610_54 platformargs=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) maxcpus=2 mem=1024M ramdiskaddr=0x3000000 serial#=A626P1DL174300014 serverip=192.168.0.10 stderr=serial stdin=serial stdout=serial ubifscfg=ubi part nand0,4 0x0; ubifsmount fs ver=U-Boot 2012.10-gcbef171 (Mar 09 2016 - 17:01:14) - ONIE master-201603091701-dirty Environment size: 3992/65532 bytes c) From U-Boot prompt, boot ONIE in rescue mode. LOADER-> run onie_rescue x86 Platform On x86 platform, it uses GRUB menu to install OS via ONIE. a) Reboot the system, and enter ONIE installation environment from the GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. b) From GRUB prompt, choose ONIE: Rescue to Install OS, boot ONIE in rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ |*ONIE: Install OS | | ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step3 Run onie-nos-install command as follows to manually install PicOS®. Install via TFTP ONIE# onie-nos-install tftp:///PicOS.bin Install via FTP When installing via FTP, you need to type username and password of the FTP server on which the image file is loaded. ONIE# onie-nos-install ftp://username:password@/PicOS.bin Install via HTTP ONIE# onie-nos-install http:///PicOS.bin Install from Local Directory a) In ONIE rescue mode, copy the image file to the current directory. ONIE# scp username@/PicOS.bin . b) Run onie-nos-install command to start installation. ONIE# onie-nos-install PicOS.bin For example, ONIE:/ # onie-nos-install onie-installer-PicOS-4.0.0-8b1219e112-x86.bin discover: Rescue mode detected. No discover stopped. ONIE: Executing installer: onie-installer-PicOS-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. [1] PicOS L2/L3 (default) [2] PicOS Open vSwitch/OpenFlow Enter your choice (1,2):1 PicOS L2/L3 is selected. ONIE installation will overwrite the configuration file of existing system. It is recommended to follow the upgrade procedure to upgrade the system. Press any key to stop the installation... 10 9 8 7 6 5 4 3 2 1 ... The installer runs automatically, before start installation, it will prompt to choose the option to make PicOS® to boot into L2/L3 or OVS mode. If not selected, then PicOS® boots into L2/L3. After finishing installation, the device reboots automatically, the system then comes up running the new network operating system. NOTEs: After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.3 Automatic Installation Process The automatic installation process uses the DHCP message exchange process to download and install software packages. Step1 Make sure the switch is connected to DHCP and HTTP servers and the PicOS® installation software package is downloaded to the HTTP server. a) DHCP server configuration: define the path of the installation package and then start DHCP server service: host pica8-3922 { hardware ethernet 70:72:cf:12:34:56; fixed-address 192.168.2.50; option default-url = "http://192.168.2.42/onie-installer-PicOS-4.0.0-8b1219e112-x86.bin"; b) Check if the .bin installation file is loaded onto the HTTP server: root@dev:/var/www# ls index.html onie-installer-powerpc.bin Step2 Install PicOS® via ONIE. The process is different on the following two types of platforms: ARM Platforms (AS4610 Series Switches) a) Verify that the switch is pre-loaded with ONIE, which will be used to load PicOS® on the switch. Power on the switch and interrupt the boot sequence by pressing any key when the following line is shown: Hit any key to stop autoboot: b) User will then reach the U-Boot command prompt indicated by ->. Run the printenv command at the U-Boot prompt. If the information displayed contains keywords like onie_initargs and onie_machine, the switch is pre-loaded with ONIE. LOADER-> printenv active=image1 autoload=no baudrate=115200 bootcmd=run check_boot_reason;run PicOS_bootcmd;run onie_bootcmd bootdelay=10 check_boot_reason=if test -n $onie_boot_reason; then setenv onie_bootargs boot_reason=$onie_boot_reason; run onie_bootcmd; fi; consoledev=ttyS0 dhcp_user-class=arm-accton_as4610_54-r0_uboot dhcp_vendor-class-identifier=arm-accton_as4610_54-r0 ethact=eth-0 ethaddr=00:18:23:30:E7:8F fdtaddr=0xc00000 fpboot=setenv bootargs console=${consoledev},${baudrate} maxcpus=2 mem=1024M root=/dev/ram ${mtdparts} ubi.mtd=4 ethaddr=$ethaddr quiet gatewayip=192.168.0.1 initrd_high=0x80000000 ipaddr=192.168.0.1 loadaddr=0x70000000 loads_echo=1 mfg=mfg mfgdiags=run fpboot ; nand read ${loadaddr} diags ; bootm ${loadaddr} mfgdiags_recovery=nand read ${loadaddr} diags2 ; nand erase.part diags ; nand write ${loadaddr} diags mtdids=nand0=nand_iproc.0 mtdparts=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) netmask=255.255.255.0 nos_bootcmd=true onie_args=run onie_initargs onie_platformargs onie_bootcmd=echo Loading Open Network Install Environment ...; echo Platform: $onie_platform ; echo Version : $onie_version ; nand read $loadaddr $onie_start 0x00c00000 && run onie_args && bootm ${loadaddr} onie_dropbear_dss_host_key=begin-base64@600@d#AAAAB3NzaC1kc3MAAACBAIN7HOS7UGtQ+RS9R5Rdim9s4iadCBQ9SEFnHJZ2#ulK15hN2p1BOJ1Mf4qb/oHFGIt8hvopq157ejsJcSPuR9scXE2aYQO7r1+Ie#1MKoR3HyEFKgPhNUr0qYNiIaWGw2UUXivLUlhjmaPhjItsttb6AezNB6N1ap#TmIeEUse0NQBAAAAFQDndwbRrSsw6G/W4wd0LJVAjuyq2QAAAIAe/zGPyPNn#UwwV+i+j3l1W9IFhjA/ovXfX7PQtjHB7OJcInSpOA2gXLXHU2kYDkn+ymJQI#8Tn558nLHq64n9hIJzwaQH4ajMipBNwqR0WtpPXEaow9InDzjs+qFY0HAcTv#7DMEY9BGiJAUUSSCSFZ9dEYHIWUdk6WIpDUMX4b2ewAAAIB6bC+fHzr+Qaet#GjzynI0tApbzyydXKuIiIH6EDh2QEaP0E+TSxJ+C4xfyBAp1j0kvj0IYWR2P#H9ur0RaxDaCmKwIQs1gTJh/137Yd+OsqEV3JnrZxlEKk2DmI5c2wrGtl4oUp#XJfc+viahpFeCsGzsqGHHADWNsjlpKt457QCuQAAABUAk5406cTH4nZO0qlj#6irYf4WA65E=#====# onie_dropbear_rsa_host_key=begin-base64@600@r#AAAAB3NzaC1yc2EAAAADAQABAAAAgQCMTqwNhnJpuSLYAdRA/jjm1lyBaJF1#ovs3Hp0G7XkYnY4+JNPTCYgnmfMQnM83PQncuy89AqehJ2V22LGjpRiqT56K#MRr+hQoSWEbAObRd1azZF45pbxiQaQiQxNzIKbHDDWlGlycXfv8w9ZCElbxj#Ja7bkwmwg9EsBlW0d5u0BQAAAIAFr0FOyfn0OR1FiatvF624Aorcbl9oV/pc#JRghGfl8SxPihizz4bC7xAPCUkwd9ZHi+M2E6AjhIV69xjFKS0vYuQplvl8G#9R8YsnmP5B45TyLE3dW5V2/g+LQERQdFpRaSsPqEPHSlXPq4XHLGLRFItEBt#ohp41Qm+eA6efsAMIQAAAEEA4Y90xi8N1SuwjRk53fqpP8dC+FPnU850XtC1#cKG0rBt6v9qD+BTxxfE6GEpYM+N0fLyECbgBjA2LQF6CG3G15QAAAEEAnz3v#3POrcsMK2LkSNjWzAhzUqOWyOaNlhcvgh+2Xfj2tHyOTpZ09gCm483v1rui9#63uYu4QQurpATrHMcLIjoQ==#====# onie_initargs=setenv bootargs quiet console=$consoledev,$baudrate onie_machine=accton_as4610_54 onie_machine_rev=0 onie_platform=arm-accton_as4610_54-r0 onie_platformargs=setenv bootargs $bootargs serial_num=${serial#} ${platformargs} eth_addr=$ethaddr $onie_bootargs $onie_debugargs onie_recovery=nand read ${loadaddr} onie2 ; nand erase.part onie ; nand write ${loadaddr} onie onie_rescue=setenv onie_boot_reason rescue && boot onie_start=onie onie_sz.b=0x00c00000 onie_uninstall=setenv onie_boot_reason uninstall && boot onie_update=setenv onie_boot_reason update && boot onie_vendor_id=27658 onie_version=master-201603091701-dirty PicOS_bootcmd=usb start;run platformargs;setenv bootargs root=/dev/sda1 rw noinitrd console=$consoledev,$baudrate rootdelay=10 $mtdparts;ext2load usb 0:1 $loadaddr boot/uImage;bootm $loadaddr platform=accton_as4610_54 platformargs=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) maxcpus=2 mem=1024M ramdiskaddr=0x3000000 serial#=A626P1DL174300014 serverip=192.168.0.10 stderr=serial stdin=serial stdout=serial ubifscfg=ubi part nand0,4 0x0; ubifsmount fs ver=U-Boot 2012.10-gcbef171 (Mar 09 2016 - 17:01:14) - ONIE master-201603091701-dirty Environment size: 3992/65532 bytes c) Input command run onie_bootcmd, which will automatically install PicOS® on the switch. LOADER -> run onie_bootcmd Loading Open Network Install Environment ... Platform: arm-accton_as4610_54-r0 Version : 2021.09.00.03 WARNING: adjusting available memory to 30000000 ## Booting kernel from Legacy Image at 02000000 ... Image Name: as4610_54x.1.6.1.3 Image Type: ARM Linux Multi-File Image (gzip compressed) Data Size: 3514311 Bytes = 3.4 MiB Load Address: 00000000 Entry Point: 00000000 Contents: Image 0: 2762367 Bytes = 2.6 MiB Image 1: 733576 Bytes = 716.4 KiB Image 2: 18351 Bytes = 17.9 KiB Verifying Checksum ... OK ## Loading init Ramdisk from multi component Legacy Image at 02000000 ... ## Flattened Device Tree from multi component Image at 02000000 Booting using the fdt at 0x02355858 Uncompressing Multi-File Image ... OK Loading Ramdisk to 2ff4c000, end 2ffff188 ... OK Loading Device Tree to 03ff8000, end 03fff7ae ... OK Cannot reserve gpages without hugetlb enabled setup_arch: bootmem as4610_54x_setup_arch() arch: exit pci 0000:00:00.0: ignoring class b20 (doesn't match header type 01) sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through ONIE: Using DHCPv4 addr: eth0: 192.168.2.77 / 255.255.255.0 discover: installer mode detected. Running installer. Please press Enter to activate this console. ONIE: Using DHCPv4 addr: eth0: 192.168.2.77 / 255.255.255.0 ONIE: Starting ONIE Service Discovery ONIE: Executing installer: http://192.168.2.42/onie-installer-PicOS-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. PicOS installation .............................................. ./var/local/ ./var/run Setup PicOS environment ... .............................................. XorPlus login: admin Password: You are required to change your password immediately (root enforced) Changing password for admin. (current) UNIX password: Enter new UNIX password: Retype new UNIX password: admin@XorPlus$ x86 Platform On x86 platform, it uses GRUB menu to choose install OS via ONIE. a) Reboot the system, and enter ONIE installation environment from the GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. b) From GRUB prompt, choose ONIE: Rescue to Install OS, boot ONIE in rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ |*ONIE: Install OS | | ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ The installer runs and will reboot the system after installation is complete. NOTEs: After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.4 Nos-boot-mode Installation NOTE: The installation method described in this section applies to installation through both the console port and the management port. The installation method described in this section only applies to platforms that have pre-installed ONIE. The installation methods described in PicOS® Configuration Guide V4.4.5 must be performed through the console port. If you want to install the system through a non-console port, you can use the nos-boot-mode command to perform the installation which is described in this section. Usage of nos-boot-mode command: admin@Xorplus$sudo nos-boot-mode USAGE install or uninstall NOS(es) SYNOPSIS nos-boot-mode [install|uninstall] DESCRIPTION install- Install NOS uninstall- Remove all NOS(es) including PicOS® When nos-boot-mode install command is executed, PicOS® will switch to ONIE install mode, and the user should go on to complete the subsequent installation. The steps for the manual installation process and the automatic installation process using the nos-boot-mode install command are described below. When nos-boot-mode unsinstall command is executed, the system will remove all NOS(es) including PicOS® from the device. Therefore, it is suggested to use the nos-boot-mode unsinstall command with caution. 3.3.5 Manual Installation Process Step1 Make sure that the installation package of .bin file has been loaded to the server (server could be HTTP, TFTP, or an FTP server or the switch local directory depending on the actual installation environment). Step2 Execute the nos-boot-mode install command to enter ONIE installation environment. admin@Xorplus:~$ sudo nos-boot-mode install Step3 Type “yes” when the below prompt is shown, which will take the system will to ONIE install mode. Type 'yes' to install NOS! Type 'no' to exit [no]/yes: Step4 Run onie-nos-install command as follows to manually install PicOS®. Install via TFTP ONIE# onie-nos-install tftp:///PicOS.bin Install via FTP When installing via FTP, you need to type in the username and password for the FTP server on which the image file is loaded. ONIE# onie-nos-install ftp://username:password@/PicOS.bin Install via HTTP ONIE# onie-nos-install http:///PicOS.bin Install from Local Directory a) In ONIE rescue mode, copy the image file to the current directory. ONIE# scp username@/PicOS.bin . b) Run onie-nos-install command to start installation. ONIE# onie-nos-install PicOS.bin For example, ONIE:/ # onie-nos-install onie-installer-PicOS-4.0.0-8b1219e112-x86.bin discover: Rescue mode detected. No discover stopped. ONIE: Executing installer: onie-installer-PicOS-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. [1] PicOS L2/L3 (default) [2] PicOS Open vSwitch/OpenFlow Enter your choice (1,2):1 PicOS L2/L3 is selected. ONIE installation will overwrite the configuration file of existing system. It is recommended to follow the upgrade procedure to upgrade the system. Press any key to stop the installation... 10 9 8 7 6 5 4 3 2 1 ... The installer runs automatically, before start installation, it will prompt to choose the option to make PicOS® to boot into L2/L3 or OVS mode. If not selected, then PicOS® boots into L2/L3. After finishing installation, the device reboots automatically, the system then comes up running the new network operating system. NOTEs: After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.6 Automated Installation Process The automatic installation process uses the DHCP message exchange process to download and install software packages. Step1 Make sure the switch is connected to DHCP and HTTP servers, and the PicOS® installation software package is downloaded to the HTTP server. a) DHCP server configuration: define the path of the installation package and then start DHCP server service: host pica8-3922 { hardware ethernet 70:72:cf:12:34:56; fixed-address 192.168.2.50; option default-url = "http://192.168.2.42/onie-installer-PicOS-4.0.0-8b1219e112-x86.bin"; } b) Check if the .bin installation file is loaded onto the HTTP server: root@dev:/var/www# ls index.html onie-installer-powerpc.bin Step2 Execute the nos-boot-mode install command to enter ONIE installation environment. admin@Xorplus$ sudo nos-boot-mode install Step3 Type “yes” when the below prompt is shown, and the system will automatically complete the installation. Type 'yes' to install NOS! Type 'no' to exit [no]/yes: The installer runs automatically and will reboot the system after installation is completed. NOTEs: After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.7 Verifying Version after Installation After system reboots automatically, the system will come up running the new network operating system. admin@Xorplus> show version Copyright (C) 2009-2022 Pica8, Inc. =================================== Hardware Model : as7312_54x Linux System Version/Revision : 4.0.0/8b1219e112 Linux System Released Date : 5/18/2021 L2/L3 Version/Revision : 4.0.0/8b1219e112 L2/L3 Released Date : 5/18/2021 OVS/OF Version/Revision : 4.0.0/8b1219e112 OVS/OF Released Date : 5/18/2021 3.3.8 Appendix: Troubleshooting Installation/Upgrade Failure on AS7326-56X Installation or upgrade failure (for example, the switches cannot boot up after install) may occur on the old AS7326-56X hardware models (revision is R01F and before). When booting PicOS® on AS7326-56X and detect hardware rev R01F, the system will log a warning message to prompt the hardware revision R01F is a pre-production hardware reversion: "This hardware revision R01F is a pre-production hardware rev, PicOS® has applied a work around to work with PicOS®. Support will be provided on a best effort basis". To work around the issue, first we need to check the “Label Revision”. If it is an old hardware model (revision is R01F or before), then, we can perform the following provided solution after installation/upgrade to solve the problem. 3.3.9 Check Label Revision Under ONIE prompt, run “onie_syseeprom” to get the “Label Revision”. ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 166 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 04/27/2019 02:10:06 Label Revision 0x27 4 R01B Platform Name 0x28 27 x86_64-accton_as7326_56x-r0 ONIE Version 0x29 13 2018.05.00.05 Manufacturer 0x2B 6 Accton Diag Version 0x2E 7 0.0.1.0 Base MAC Address 0x24 6 80:A2:35:81:D5:F0 Serial Number 0x23 14 732656X1916012 Country Code 0x2C 2 TW Part Number 0x22 13 FP4ZZ7656005A Product Name 0x21 15 7326-56X-O-AC-F MAC Addresses 0x2A 2 256 Vendor Name 0x2D 6 Accton CRC-32 0xFE 4 0xC3D3F2DE Checksum is valid. ONIE:/ # 3.3.10 Solution You can follow the steps below after installation/upgrade, to fix the problem of installation and upgrade failure on the old AS7326-56X hardware model (revision R01F or before). Step1 Power cycle the switch. Step2 From the GRUB menu, choose “ONIE” to enter ONIE GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. Step3 From ONIE GRUB menu, choose “ONIE: Rescue” to launch ONIE in Rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ | ONIE: Install OS | |*ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step4 Press Enter to display the ONIE prompt. Step5 Mount PicOS® partition with label is “PicOS”. ONIE:/ # blkid /dev/sda7: LABEL="User-Data" UUID="be63cef8-4560-4c48-ab5a-8f7ced5a950b" /dev/sda6: LABEL="PicOS2" UUID="f589e53f-4cd1-44ba-8384-f339f4e2b2ac" /dev/sda5: LABEL="PicOS" UUID="8ca5f7ed-5a15-4a2a-944c-4d8872647bf5" /dev/sda4: LABEL="PicOS-GRUB" UUID="782a1372-4b66-4783-b920-dab1df8ec6e4" /dev/sda3: LABEL="ACCTON-DIAG" UUID="3e4117d0-1926-472a-9d9e-08883df83d40" /dev/sda2: LABEL="ONIE-BOOT" UUID="1a90abd8-f065-4f7a-90a0-af122b8805fa" ONIE:/ # ONIE:/ # mount /dev/sda5 /mnt Step6 Execute the following command to modify the I2C access address. ONIE:/ # sed -I "s/0x57/0x56/" /mnt/etc/rc_hw.sh ONIE:/ # sync Step7 Unmount the PicOS® partition. ONIE:/ # unmount /dev/sda5 Step8 Reboot the switch. ONIE:/ # reboot 4. Zero Touch Configuration 4.1 Overview of ZTP 4.1.1 ZTP Fundamentals NOTEs: Currently, the IPv6 ZTP is not supported. You are suggested to implement ZTP for unconfigured devices, or the error prompts may appear. Before using ZTP, you should configure the switch with two partitions of active partition and backup partition. The active partition can be used for upgrade and the backup partition can be used to save the current version, which can make sure the original version can be recovered once the upgrade is failed. ZTP (Zero Touch Provisioning) is a technology for automated upgrade and configuration of unconfigured network devices. You can automatically upgrade and configure devices with the provision script of ZTP before the PicOS® is up, obtaining the required configuration information without manual intervention, including IP addresses, routing, security policies, etc. When large numbers of switches need to be upgraded to new versions or issued with configuration files, you can use ZTP to reduce labor costs and improve deployment efficiency. It can implement fast, accurate and reliable device deployment. ZTP Process Figure 2. ZTP Workflow of White-Box Switches image.png After a switch is powered on, the switch sends DHCP Discover to get an IP address, and the DHCP server provides the switch with an IP address. The switch sends a request to the DHCP server, and the DHCP server sends a response including the HTTP server address. The switch sends an HTTP request to the HTTP server to get the shell script, and the HTTP server sends an HTTP response with the shell script. The switch executes the shell script to complete the ZTP deployment, including downloading a PicOS image, installing PicOS and its license, registering with the AmpCon-Campus server, updating switch configurations, and rebooting the switch. 4.1.2 DHCP Configuration of ZTP Option Parameters The DHCP server obtains network configuration information required by ZTP through option parameters. The request packets sent by DHCP client carry option 55, and the reply packets responded by DHCP server carry option 7, 66 and 67. The function of option parameters is shown as below. Table 1. Option description Option Description Carrier 55 Specifies the network configuration parameters need to be obtained from the server. It includes the boot file name, TFTP server address, Syslog server address and gateway. Client 7 Specifies the IP address of Syslog server. Server 66 Specifies the IP address of TFTP(HTTP) server allocated for the client. Server 67 Specifies the boot file name allocated for the client. Server DHCP Server Configuration When the switch is served as the DHCP server, you can configure the DHCP server through PicOS® commands (suggested) or Linux commands. PicOS® command Here is an example of configuring the DHCP server through PicOS® commands, which specifies the IP address of Syslog server as 192.168.10.1, the IP address of TFTP server as 192.168.10.1, and the working path of provision script on the TFTP server as ./provision.sh. For detailed information of related commands, see Configuring DHCP server. admin@PicOS# set protocols dhcp server pool pool1 log-server 192.168.10.1 admin@PicOS# set protocols dhcp server pool pool1 tftp-server 192.168.10.2 admin@PicOS# set protocols dhcp server pool pool1 bootfile-name file-path ./provision.sh admin@PicOS# commit Linux command Here is an example of configuring the DHCP server through Linux commands. host pica8-pxxxx {*************************//////////////////////////////////////////////////////////////////////////////////////// hardware ethernet 08:9e:01:62:d5:62; option bootfile-name "pica8/provision.script"; option tftp-server-name "xx.xx.xx.xx"; option log-servers xx.xx.xx.xx; fixed-address xx.xx.xx.xx; } The elements of the segment above are described below: host: the host name of the PicOS® switch. hardware ethernet: the MAC address of the PicOS® switch. bootfile-name: the file name of the shell scripts and its path relative to the TFTP root directory. tftp-server-name: the IP address of the TFTP server. log-servers: the IP address of the log server that will receive logs from ZTP. fixed-address: optional. Configure a fixed IP address as management IP of the switch. PicOS® switches send a vendor-class-identifier to the DHCP server in the format of pica8-pxxxx where xxxx is the switch model. It is possible for the customer to use the vendor-class-identifier to identify PicOS® switches. 4.1.3 Provision Script The provision script describes what is required and how to execute when you upgrade and configure PicOS® through ZTP. You can customize the provision script through running the generate_script file. The generate_script is provided in the format of Shell and Python, and you can click generate_script.py or generate_script.sh to download. The detailed contents are shown as below. import os def prompt_choice(): print("""Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file "picos_start.conf" from file server 9. Get PicOS configuration file "pica_startup.boot" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file "ovs-vswitchd.conf.db" from file server""") return input("Enter your choice: ") def generate_script(): config_commands = [] while True: choice = prompt_choice() if choice == 'done': break if choice == '1': ip = input("Enter syslog server IP address: ") config_commands.append(f"add_remote_syslog_server {ip}") elif choice == '2': ip = input("Enter the syslog server IP address to remove: ") config_commands.append(f"remove_remote_syslog_server {ip}") elif choice == '3': remote_file_name = input("Enter file name in TFTP server: ") local_file_name = input("Enter file name with path in local: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"tftp_get_file {remote_file_name} {local_file_name} {ip}") elif choice == '4': local_file_name = input("Enter file name with path in local: ") file_name = input("Enter file name with HTTP server URL:: ") config_commands.append(f"http_get_file {local_file_name} {file_name}") elif choice == '5': config_commands.append("ztp_enable") elif choice == '6': config_commands.append("ztp_disable") elif choice == '7': file_name = input("Enter tftp file name or http url: ") revision = input("Enter the software revision of the image: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f'if [ "$revision" != "{revision}" ]; then get_picos_image {file_name} {ip}; fi') elif choice == '8': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_picos_startup_file {file_name} {ip}") elif choice == '9': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_l2l3_config_file {file_name} {ip}") elif choice == '10': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"l2l3_load_config {file_name} {ip}") elif choice == '11': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_ovs_config_file {file_name} {ip}") else: print("Invalid choice, please try again.") print("\n") # Generate Shell script script_name = "provision.sh" with open(script_name, 'w') as script_file: script_file.write("#!/bin/bash\n") script_file.write("source /usr/bin/ztp-functions.sh\n") script_file.write("\n") for command in config_commands: script_file.write(f"{command}\n") print(f"\nGenerated Shell script has been saved as {script_name}") # Run script generation program generate_script() #!/bin/bash function prompt_choice() { echo "Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file \"picos_start.conf\" from file server 9. Get PicOS configuration file \"pica_startup.boot\" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file \"ovs-vswitchd.conf.db\" from file server" read -rp "Enter your choice: " choice } function generate_script() { local config_commands=() local revision="" while true; do prompt_choice case $choice in 1) read -rp "Enter syslog server IP address: " ip config_commands+=("add_remote_syslog_server $ip") ;; 2) read -rp "Enter the syslog server IP address to remove: " ip config_commands+=("remove_remote_syslog_server $ip") ;; 3) read -rp "Enter file name in TFTP server: " remote_file_name read -rp "Enter file name with path in local: " local_file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("tftp_get_file $remote_file_name $local_file_name $ip") ;; 4) read -rp "Enter file name with path in local: " local_file_name read -rp "Enter file name with HTTP server URL: " file_name config_commands+=("http_get_file $local_file_name $file_name") ;; 5) config_commands+=("ztp_enable") ;; 6) config_commands+=("ztp_disable") ;; 7) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter the software revision of the image:" revision read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("if [ \"\$revision\" != \"$revision\" ]; then get_picos_image $file_name $ip; fi") ;; 8) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_picos_startup_file $file_name $ip") ;; 9) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_l2l3_config_file $file_name $ip") ;; 10) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("l2l3_load_config $file_name $ip") ;; 11) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_ovs_config_file $file_name $ip") ;; done) break ;; *) echo "Invalid choice, please try again." ;; esac printf "\n" done # Generate Shell script local script_name="provision.sh" { echo "#!/bin/bash" echo "source /usr/bin/ztp-functions.sh" echo "" for command in "${config_commands[@]}"; do echo "$command" done } > "$script_name" printf "\n" echo "Generated Shell script has been saved as $script_name" } # Run script generation program generate_script Generate Script in the Shell Format Shell Script Content #!/bin/bash function prompt_choice() { echo "Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file \"PicOS_start.conf\" from file server 9. Get PicOS configuration file \"pica_startup.boot\" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file \"ovs-vswitchd.conf.db\" from file server" read -rp "Enter your choice: " choice } function generate_script() { local config_commands=() local revision="" while true; do prompt_choice case $choice in 1) read -rp "Enter syslog server IP address: " ip config_commands+=("add_remote_syslog_server $ip") ;; 2) read -rp "Enter the syslog server IP address to remove: " ip config_commands+=("remove_remote_syslog_server $ip") ;; 3) read -rp "Enter file name in TFTP server: " remote_file_name read -rp "Enter file name with path in local: " local_file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("tftp_get_file $remote_file_name $local_file_name $ip") ;; 4) read -rp "Enter file name with path in local: " local_file_name read -rp "Enter file name with HTTP server URL: " file_name config_commands+=("http_get_file $local_file_name $file_name") ;; 5) config_commands+=("ztp_enable") ;; 6) config_commands+=("ztp_disable") ;; 7) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter the software revision of the image:" revision read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("if [ \"\$revision\" != \"$revision\" ]; then get_PicOS_image $file_name $ip; fi") ;; 8) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_PicOS_startup_file $file_name $ip") ;; 9) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_l2l3_config_file $file_name $ip") ;; 10) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("l2l3_load_config $file_name $ip") ;; 11) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_ovs_config_file $file_name $ip") ;; done) break ;; *) echo "Invalid choice, please try again." ;; esac printf "\n" done # Generate Shell script local script_name="provision.sh" { echo "#!/bin/bash" echo "source /usr/bin/ztp-functions.sh" echo "" for command in "${config_commands[@]}"; do echo "$command" done } > "$script_name" printf "\n" echo "Generated Shell script has been saved as $script_name" } # Run script generation program generate_script Option Description of Shell Script NOTEs: Make sure that names of all files configured in the script is the same with files placed in the file server, or the switch cannot obtain them successfully. The IP address of TFTP server from DHCP server will be valid if it is not configured in the script. Option Description Example Add remote Syslog server Specify the IPv4 address of the Syslog server. Open 1 image.png The IPv4 address of Syslog server is configured as 10.10.30.1. Remove remote Syslog server Delete the IPv4 address of the Syslog server.10.10.30.1 Open 2 image.png The IPv4 address 10.10.30.1 of Syslog server is deleted. Get file from TFTP server Download a file with specified name from the TFTP server with a specified IP address and path, and save it in local with another specified name. Note: The path /cftmp is valid if you don’t specify the local path here. Open 3 image.png The file remote-file.txt in the TFTP server 10.10.30.2 is downloaded and is saved in local as local-file.txt. Get file from HTTP server Download a file with specified name from the HTTP server with a specified URL and save it in local with another specified name. Note: The root path is valid if you don’t specify the local path here. Open 4 image.png The file remote-file.txt in the HTTP server 10.10.30.2 is downloaded and is saved in local as local-file.txt. Enable ZTP auto-run when switch boot up Enable ZTP function after completing this ZTP process. Note: You are suggested to configure this option at last, or it may be invalid. Open 5 image.png Disable ZTP auto-run when switch boot up Disable ZTP function after completing this ZTP process. Note: You are suggested to configure this option at last, or it may be invalid. Open 6 image.png Get PicOS® image from file server and upgrade Download the PicOS® image from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Then, upgrade the switch to the new version. Notes: You should specify the version number to make sure the switch only upgrades one time. You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 7 image.png The image onie-installer-PicOS-9.8.7-main-43d73dd983-x86v.bin in the working path of the TFTP server 10.10.30.2 is downloaded, and the switch is upgraded to this new version with the version number 43d73dd983. Get PicOS® startup file "PicOS_start.conf" from file server Download the PicOS® startup file PicOS_start.conf from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Note: You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 8 image.png The file PicOS_start.conf from the HTTP server 10.10.30.3 is downloaded. Get PicOS® configuration file "pica_startup.boot" from file server Download the L2/l3 configuration file pica_startup.boot from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Note: You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 9 image.png The file pica_startup.boot from the HTTP server 10.10.30.3 is downloaded. Get file with PicOS® L2/L3 CLI commands list and execute these commands Download the L2/l3 command file from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Notes: You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. You can modify the file ztpl2l3_cfg.cli as needed. For example, if you need to specify VLAN 10 and VLAN 20, you can configure as follows:set vlans vlan-id 20 set vlans vlan-id 30 Open 10 image.png he file ztpl2l3_cfg.cli in the working directory of the TFTP server 10.10.30.2 is downloaded. Get PicOS® OVS configuration file "ovs-vswitchd.conf.db" from file server Download the OVS configuration file ovs-vswitchd.conf.db from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Notes: You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 11 image.png The file ovs-vswitchd.conf.db from the HTTP server 10.10.30.3 is downloaded. Generate Script in the Python Format Python Script Content import os def prompt_choice(): print("""Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file "PicOS_start.conf" from file server 9. Get PicOS configuration file "pica_startup.boot" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file "ovs-vswitchd.conf.db" from file server""") return input("Enter your choice: ") def generate_script(): config_commands = [] while True: choice = prompt_choice() if choice == 'done': break if choice == '1': ip = input("Enter syslog server IP address: ") config_commands.append(f"add_remote_syslog_server {ip}") elif choice == '2': ip = input("Enter the syslog server IP address to remove: ") config_commands.append(f"remove_remote_syslog_server {ip}") elif choice == '3': remote_file_name = input("Enter file name in TFTP server: ") local_file_name = input("Enter file name with path in local: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"tftp_get_file {remote_file_name} {local_file_name} {ip}") elif choice == '4': local_file_name = input("Enter file name with path in local: ") file_name = input("Enter file name with HTTP server URL:: ") config_commands.append(f"http_get_file {local_file_name} {file_name}") elif choice == '5': config_commands.append("ztp_enable") elif choice == '6': config_commands.append("ztp_disable") elif choice == '7': file_name = input("Enter tftp file name or http url: ") revision = input("Enter the software revision of the image: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f'if [ "$revision" != "{revision}" ]; then get_PicOS_image {file_name} {ip}; fi') elif choice == '8': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_PicOS_startup_file {file_name} {ip}") elif choice == '9': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_l2l3_config_file {file_name} {ip}") elif choice == '10': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"l2l3_load_config {file_name} {ip}") elif choice == '11': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_ovs_config_file {file_name} {ip}") else: print("Invalid choice, please try again.") print("\n") # Generate Shell script script_name = "provision.sh" with open(script_name, 'w') as script_file: script_file.write("#!/bin/bash\n") script_file.write("source /usr/bin/ztp-functions.sh\n") script_file.write("\n") for command in config_commands: script_file.write(f"{command}\n") print(f"\nGenerated Shell script has been saved as {script_name}") # Run script generation program generate_script() Option Description of Python Script The description of the Python script is the same with the Shell script. For detailed information, see Option Description of Shell Script. Configuration Example for Generating Provision.sh Take the Shell script as an example to introduce how to use it: a) Upload the Shell script generate_script.sh to the Linux environment. b) Use the command chmod +x generate_script.sh to enable the executable permission. c) Enter command ./generate_script.sh to run the script, and options are shown as below. image.png d) Select options of 1, 3 and 6 in sequence as needed, and enter done to generate the script. generate-20240918-062650.png e) The file named provision.sh is generated in the current directory, which includes all selected options. The content of provision script is shown as below. image-20241014-100713.png 4.2 Enabling or Disabling ZTP NOTE: By default, ZTP is enabled on PicOS® switches. If ZTP is left enabled, the PicOS® switch will try to download a new script every time the switch is booted. This is not a desirable situation, so ZTP should be disabled when it is no longer needed. Four methods are supported to disable or enable ZTP, as detailed below: Enable or disable ZTP through running the provision script. To generate the corresponding provision script, select options of 5 and 6 when running the generate_script, as shown below. image-20241014-101247.png Note: you are suggested to select this option at last, or the option may be invalid. Enable or disable ZTP through the command set system ztp enable in PicOS® configuration mode. The following example disables ZTP using the command set system ztp enable : dmin@XorPlus# set system ztp enable false admin@XorPlus# commit Enable or disable ZTP via the ztp-config script included with PicOS®. The following example disables ZTP using the ztp-config script run from the Linux shell: admin@LEAF-A$sudo ztp-config Please configure the default PicOS ZTP options: (Press other key if no change) [1] PicOS ZTP enabled * default [2] PicOS ZTP disabled Enter your choice (1,2):2 PicOS ZTP is disabled. admin@LEAF-A$ Manually edit the PicOS® configuration file PicOS_start.conf and change the value of the ztp_disable variable. The following snippet from the PicOS® configuration file shows that ZTP has been disabled (ztp_disable=true). admin@LEAF-A$more /etc/PicOS/PicOS_start.conf | grep ztp ztp_disable=true To enable ZTP, you need to set ztp_disable to false. 4.3 Preparation before ZTP Deployment Before powering on the switch to start ZTP deployment, you should make the following preparations: Items Preparations DHCP client It is network reachable, which can communicate with the DHCP server and file server. File server It is configured successfully and is network reachable. DHCP server It is network reachable. If the switch is served as the server, you should configure the IP address of file server, the path and name of provision script and the IP address of Syslog server (optional). Required files Obtain files (image file, L2/L3 configuration file, OVS configuration file, L2/L3 command file or startup file) from FS stuffs, and save them in the working directory of file servers.Note: the provision.sh is generated through running the generate_script file. For details, see Configuration Example for Generating Provision.sh. 4.4 Example for Implementing ZTP Deployment through DHCP 4.4.1 Overview Figure 3. Typical topology of ZTP implementation image.png In Figure 3, switches are configured respectively as the DHCP client and DHCP server. The client uses information configured on a DHCP server to locate the software image and configuration files on the TFTP server, and then download specified files to upgrade system and load configurations. The data plan is shown as below: Device Interface VLAN and IP Address DHCP server te-1/1/1te-1/1/2te-1/1/3 VLAN: 10IP address: 192.168.10.2/24 TFTP server eth0 IP address: 192.168.10.1/24 The image information of Client1 and Client2, and the files to be loaded are shown as below: Device Current version Files to be loaded Client1 PicOS®-9.8.7 Image: PicOS®-9.8.7-main-43d73dd983-x86v.binCommand file: ztpl2l3_cfg.cli Client2 PicOS®-4.4.0 4.4.2 Procedure DHCP Server Step 1 Configure VLAN and interface. admin@PicOS# set vlans vlan-id 10 admin@ PicOS # set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 10 admin@ PicOS # set interface gigabit-ethernet te-1/1/2 family ethernet-switching native-vlan-id 10 admin@ PicOS # set interface gigabit-ethernet te-1/1/3 family ethernet-switching native-vlan-id 10 admin@ PicOS # set vlans vlan-id 10 l3-interface vlan10 admin@ PicOS # set l3-interface vlan-interface vlan10 address 192.168.10.2 prefix-length 24 admin@ PicOS # commit Step 2 Configure DHCP pool. admin@PicOS# set protocols dhcp server pool pool1 network address 192.168.10.2 prefix-length 24 admin@PicOS# set protocols dhcp server pool pool1 lease-time 1440 admin@ PicOS # set protocols dhcp server pool pool1 range range1 low 192.168.10.3 admin@ PicOS # set protocols dhcp server pool pool1 range range1 high 192.168.10.20 admin@ PicOS # set protocols dhcp server pool pool1 tftp-server 192.168.10.1 admin@ PicOS # set protocols dhcp server pool pool1 bootfile-name file-path provision.sh admin@ PicOS # set ip routing enable true admin@ PicOS # commit TFTP Server Step 1 Set the basic configuration of TFTP server. Make sure that the TFTP server is network reachable, which can communicate with the DHCP server and DHCP client. Step 2 Configure files needed to be saved in the TFTP server. For the provision file provision.sh, you need to run generate_script with options 7 and 10 selected to generate it. For details, see Option Description of Shell Script. For the L2/L3 command file ztpl2l3_cfg.cli, you can modify it as needed, such as configuring VLAN20 and VLAN30. Step 3 Save the image file, provision script and L2/L3 command file to the working path of TFTP server. Note: The working path of TFTP server here is /home/admin/tftp, and you should modify it based on the actual circumstances. Step 4 Generate the MD5 file. Enter the directory which saves image file, and run the following Linux command to generate MD5 file. The generated MD5 file will be saved in this directory. Note: The MD5 file name must be the format of image-file-name.md5, otherwise the DHCP server cannot recognize it. admin@TFTP:~$ cd /home/admin/tftp admin@TFTP:~/tftp$ md5sum onie-installer-PicOS-9.8.7-main-43d73dd983x86v.bin > onie-installer-PicOS-9.8.7-main-43d73dd983-x86v.bin.md5 Step 5 View the files saved in the directory of /home/admin/tftp. admin@PicOS:~$ ls /home/admin/tftp ls-20240923-075709.png DHCP Client After completing the above configuration, start client1 and client2. 4.4.3 Verifying the Configuration View the upgrade process of client1 and client2. Client1: for the version is already V9.8.7, it directly loads L2/L3 command configurations. image-20241015-082949.png Client2: for the version is V4.4.0, it upgrades to V9.8.7 and then loads L2/L3 command configurations. image-20241015-083941.png View the L2/L3 command configurations of client1 and client2. image.png 4.5 Appendix: ZTP API The ZTP makes use of the API (application programming interface) defined in the ztp-functions.sh file located in the /usr/bin directory. The API description is shown as below, and you can refer to it when configuring the ZTP function, such as running the generate_script to generate the provision script. NOTE: For APIs with name changed, please use the correct name in the corresponding version, or the error prompt will appear. API Description Parameter Return Value Supported Version ztp_disable Disable ZTP auto-run when switch boots up None 0 = success,1 = failed All ztp_enable Enable ZTP auto-run when switch boots up None 0 = success,1 = failed All add_remote_syslog_server Add the remote Syslog server Parameter #1: the IP address of remote Syslog server(eg: 192.168.1.200) 0 = success,1 = failed All remove_remote_syslog_server Remove the remote Syslog server Parameter #1: the IP address of remote Syslog server(eg: 192.168.1.200) 0 = success,1 = failed All tftp_get_file Get file from TFTP server Parameter #1: file name in TFTP serverParameter #2: file name with path in localParameter #3: IP address of TFTP server 0 = success,1 = failed All http_get_file Get file from HTTP server Parameter #1: file name with path in localParameter #2: file name with HTTP server URL 0 = success,1 = failed V4.5.0E or later versions get_l2l3_config_file Get PicOS® configuration file "pica_startup.boot" from file server Parameter #1:For TFTP download: it is the configuration file name with path on TFTP severFor HTTP download: it is the configuration file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_get_l2l3_config_file. get_ovs_config_file Get PicOS® OVS configuration file "ovs-vswitchd.conf.db" from file server Parameter #1:For TFTP download: it is the configuration file name with path on TFTP severFor HTTP download: it is the configuration file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_ get_ovs_config_file. get_PicOS_startup_file Get PicOS startup file "PicOS_start.conf" from file server Parameter #1:For TFTP download: it is the startup file name with path on TFTP severFor HTTP download: it is the startup file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_ get_PicOS_startup_file. get_PicOS_image Get PicOS image from file server and upgrade Parameter #1:For TFTP download: it is the image file name with path on TFTP severFor HTTP download: it is the image file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_ get_PicOS_image. l2l3_load_config Get a file with PicOS® L2/L3 commands list, and execute these commands. Parameter #1:For TFTP download: it is the commands file name with path on TFTP severFor HTTP download: it is the commands file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed All 5. Configuration Statements and Operational Commands License Installation 5.1 Getting Started with PicOS® License 5.1.1 PicOS® License The PicOS® License (software license) is a software usage authorization that allows users to utilize PicOS®’s Debian Linux operating system, L2/L3 switching and routing functions, as well as OpenFlow features on the corresponding hardware device. The license is specific to the switch it is bound to and is not valid on any other switch. Therefore, it cannot be transferred across devices without authorization. However, once authorized, it remains valid permanently. 5.2 PicOS® License Operation Process 5.2.1 Activating the PicOS® License Follow the steps below to generate and install the PicOS® license. a) Get the switch’s speed type and hardware ID by issuing the following command at switch’s Linux prompt: admin@XorPlus$ license –s b) Use the assigned credential (SSO) by PicOS® License team (license@pica8.com) to login at “License Portal” website. image.png c) In the “License Portal” page, click “New Switch License” as shown below: image.png d) In “New Switch License” page, select Speed type and Feature type based on your purchased order. Then, enter the switch’s hardware ID. License name is optional. image.png e) After clicking the “Add License” button, the license will be added to the database. f) Click the “+” sign of the newly added license to display the “Download” button. image.png g) Click the “Download” button to download the license to the host. The license file name is “hardware_ID.lic”. For example: xxxx-xxxx-xxxx-xxxx.lic image.png h) Copy the downloaded license file (xxxx.lic) to the switch’s folder /home/admin/ by using scp or tftp etc. admin@XorPlus$ sudo scp xxxx.lic /home/admin/ i) Install the license by issuing the following command: admin@XorPlus$ sudo license -i /home/admin/xxxx.lic j) Restart the PicOS® service to activate the license: admin@XorPlus$ sudo systemctl restart PicOS k) After the switch rebooted, use the following command to verify the installed license. admin@XorPlus$ license –sor admin@XorPlus> license show 5.2.2 Installing the PicOS® License Installing License under Linux prompt Installing the License Notes: If no license is installed, only the first four ports and the first two uplink ports (if exist) of the switch are available after the upgrade. To upgrade the switch without production impact, user should install a license before the upgrade. It is possible to install a license in PicOS® 2.3 (starting with PicOS® 2.3.3). To upgrade a switch from a PicOS® version earlier than 2.3, it may be necessary to upgrade to PicOS® 2.3 first to install a license on the system. To avoid this step, user can run a script that can install the license on PicOS® releases earlier than 2.3. Please refer to PicOS® Configuration Guide V4.4.5 or look at the section below for older PicOS® releases. The license file cannot name pica.lic, or license will install failed. Customers can download the generated license file and copy it to the /etc/PicOS/ directory. The following example shows the contents of a switch-based license file: { "Type": "1GE", "Feature":["Open Flow", "Base Product", "Layer3"], "Hardware ID":"8A68-A7AC-D702-70D2", "Expire Date":"2020-10-28" } In the license file shown above, the type is 1GE while the feature is Base Product, Layer3, and Open Flow. Hardware ID is unique to every switch. Note: The switch cannot upgrade to a PicOS® version whose build date is later than the license expiration date. The following example shows the contents of a site-based license file: { "Type": "1GE", "Feature":["Open Flow", "Base Product", "Layer3"], "Mode":"site", "Site Name":"CompanyA", "Expire Date":"2020-10-28" } The license file can be installed with the command-line utility called license with the -i option. The following example installs a license file named js.lic: admin@PicOS:~$ cd /etc/PicOS admin@PicOS:/etc/PicOS$ ls -l total 32 drwxrwxr-x 2 root xorp 4096 Feb 4 22:00 ./ drwxrwxr-x 60 root xorp 4096 Feb 4 21:56 ../ -rw-rw-r-- 1 root xorp 26 Feb 4 18:27 fs_status -rw-r--r-- 1 root root 399 Feb 4 21:59 js.lic -rw-rw-r-- 1 root xorp 247 Sep 4 2014 license.conf -rw-rw-r-- 1 root xorp 183 Aug 10 2014 p2files.lst -rw-rw-r-- 1 root xorp 488 Feb 4 18:28 PicOS_start.conf -rw-r--r-- 1 root root 251 Feb 4 22:00 public.key admin@PicOS:~$ sudo license -i js.lic License successfully added, the switch need to be rebooted to activate the license. admin@PicOS:~$ ls -l total 32 drwxrwxr-x 2 root xorp 4096 Feb 4 22:00 ./ drwxrwxr-x 60 root xorp 4096 Feb 4 21:56 ../ -rw-rw-r-- 1 root xorp 26 Feb 4 18:27 fs_status -rw-rw-r-- 1 root xorp 247 Sep 4 2014 license.conf -rw-rw-r-- 1 root xorp 183 Aug 10 2014 p2files.lst -rw-r--r-- 1 root root 382 Feb 4 22:00 pica.lic -rw-rw-r-- 1 root xorp 488 Feb 4 18:28 PicOS_start.conf -rw-r--r-- 1 root root 251 Feb 4 22:00 public.key -rw-r--r-- 1 root root 251 Feb 4 22:00 switch-public.key admin@PicOS:~$ If the license is installed successfully, after license -i command, the following message will be displayed: License successfully added, the switch need to be rebooted to activate the license. To activate the new license, the switch must be restarted. Displaying License Information User can display the license information using the license -s command at the Linux shell. The following example displays information about the switch-based license: admin@PicOS:~$ license -s { "Type": "1GE", "Feature": ["Open Flow", "Base Product", "Layer3"], "Expire Date": "2020-10-28", "Hardware ID": "8A68-A7AC-D702-70D2" } The following example displays information about the site-based license: admin@PicOS:~$ license -s { "Type": "1GE", "Feature": ["Base Product", "Layer3", "Open Flow"], "Expire Date": "2020-10-28", "Hardware ID": "8A68-A7AC-D702-70D2", "Site Name": " CompanyA " } If the license is not valid, the license -s command generates the following output: admin@PicOS:~$ license -s Invalid license. Use below information to create a license. Type: 1GE Hardware ID: 8A68-A7AC-D702-70D2 admin@PicOS-OVS$ If no license is installed, the license -s command generates the following output: admin@PicOS:~$ license -s No license installed. Use below information to create a license. Type: 1GE Hardware ID: 8A68-A7AC-D702-70D2 admin@PicOS-OVS$ Add License Directly From License Command User can also add the license directly from the license command. The PicOS® 2.6 image supports this command. (1) Paste the license content. (2) Press enter and then press crtl+d. Example for P5401, add a site license: admin@PicOS:/ovs$ sudo license -i - sJXhrpDdd2ZsMemcJ26fqvjjw7vH30gf/4OVtLsROgPNl2VjFQhIJvS3zliF+DK+ tW2QpssH0JB4n8ae9/SumsRWdwdPpbQNB1WaeNq0onWdoTRz2HGiH+XudDAm6B37 kQvCGev7pAe0tCjnB+63F3Z5ZGPbQE89/fNSBGkE6mfZ6dG1F/86C9Bn/MyqkQSI 4uDtRwfo46elZOmwn5aD/mGyh/i2qg8IfhssIn0CbHVaJY8hyt7tYuvgkEb6Xlhx 7i9+qnk9c15ksBdak0f8gxorZDOCacwWACDt/K8NJokOMWTDLnLmDczrXO0Z5l75 eGc7ZygxCjd/jzc5oW9cgIyd License successfully added, the switch need to be rebooted to activate the license. admin@PicOS:/ovs$ Reboot system and license can be activated. Installing and Removing License for PicOS® go2cli Version Installing License under CLI Operation Mode The following steps describe how to install a license under CLI operation mode for PicOS® go2cli version. a) Before loading a license, upload the license file to the device. The following example uploads the license file 10GE-SITE-PICA8.lic to the default path. By default, the TFTP downloaded file is saved in directory /cftmp/. admin@PicOS> file tftp get remote-file /tftp/license/10GE-SITE-PICA8.lic local-file 10GE-SITE-PICA8.lic ip-address 10.10.50.22 b) Run the license install command to install the license. admin@PicOS> license install /cftmp/10GE-SITE-PICA8.lic When the license has been successfully installed, it will display the following information: License successfully added, the switch need to be rebooted to activate the license. c) Reboot the switch or restart PicOS® to activate the license. Choose either one: Reboot the switch admin@PicOS> request system reboot Restart PicOS® service licadmin@PicOS> start shell sh admin@PicOS:~$ sudo service PicOS restart admin@PicOS:~$ exit exit admin@PicOS> d) After PicOS® starts up, run the license show command to view the license information. admin@PicOS> license show { "Type": "10GE", "Feature": ["Base Product", "Layer3", "OpenFlow"], "Support End Date": "2020-10-28", "Hardware ID": "196B-A2AE-147A-73F2", "Site Name": "PICA8" } Removing License under CLI Operation Mode The following steps describe how to remove a license under CLI operation mode for PicOS® go2cli version. admin@PicOS> license remove admin@PicOS> license show No license installed. Use below information to create a license. Type: 10GE Hardware ID: 196B-A2AE-147A-73F2 5.2.3 PicOS® License FAQ User may encounter various problems during license installation as detailed below. The public.key file cannot be found. admin@PicOS:~$ sudo license -i js.lic Install failed: Cannot find public key. The license file does not exist. admin@PicOS:~$ sudo license -i js.lic Install failed: No such file or directory. The header or the key is disrupted. admin@PicOS:~$ sudo license -i js.lic Install failed: License or KEY is disrupted. The license format is not valid. admin@PicOS:~$ sudo license -i js.lic Install failed: License format error. The license file is not compatible with the switch (verify failed). admin@PicOS:~$ sudo license -i js.lic Install failed: Invalid license.
PicOS® FAQ
Oct 07, 2025 - PicOS® FAQ Models: PicOS®License、PicOS®Switches Chapter 1 General PicOS® FAQ 1.1 What is PicOS®? PicOS® is Network Operating System (NOS) for enterprise networks within distributed campuses and data centers. PicOS® includes legacy Layer-2 / Layer-3 switching mode (L2/L3 mode) and OpenFlow through Open vSwitch (OVS) which is called OVS mode. 1.2 What is OpenFlow? OpenFlow is becoming a required feature in commercial Ethernet switches, routers and wireless access points – and provides a standardized interface to the forwarding tables, to allow the advantages of an SDN architecture to be realized, independent of the internal workings of their network devices. OpenFlow is open-source software governed by the Open Networking Foundation (https://www.opennetworking.org) and is supported by Pica8. 1.3 What is OVS? OVS stands for Open vSwitch, which is a multilayer software switch developed by Nicira and now governed by this community: https://www.openvswitch.org. OVS has been ported to the PicOS® environment and is what brings OpenFlow functionality to PicOS®. 1.4 What is ONIE? ONIE stands for Open Network Install Environment, which is a small operating system, pre-installed as firmware on each switch. It provides an environment for automated operating system provisioning. 1.5 What are switches supported by PicOS®? PicOS® compatible hardware includes FS, Dell, Delta, and Edgecore. For specific models, please check the documentation (PicOS® Hardware Compatibility Matrix) 1.6 What is a PicOS® License? A PicOS® license is a legal instrument governing the use and upgrade of PicOS® on a specific device. FS is using a Perpetual License model, which means you own the software and can use your software as long as you want. If there is no legitimate license installed in the switch, only the first four physical ports will be enabled. The expiration date is applied when you begin to upgrade the switch to a newer version of PicOS®. The upgrade will not take effect if the expiration date is earlier than the build date of the PicOS® image. 1.7 How does PicOS® pricing work?And how long is the license valid for? FS offers a single license model, which means that each device only needs one license to use all functions anywhere on the network.The cost varies depending on the license speed. Once purchased, the license is permanently valid. If you purchase FS PicOS® switch, you will obtain PicOS® software License, and 5 years technical support service. 1.8 Does PicOS® have a regular update schedule? We typically release new version updates every 3 to 6 months. When a new PicOS® software version is available, you can find it in the Resource section on the FS website. You have the option to download and install the update from the website, or you can get in touch with your Account Manager (AM) for details on version updates, bug fixes, and new features, as well as to obtain the installation package. Please note: You can only install the software on hardware that is still under a valid service period. If the license has expired, it is not allowed to upgrade a major release (e.g. 4.1 to 4.2). However, it will not affect upgrading to a minor release (e.g. 4.1 .1 to 4.1.2). 1.9 What are the differences between PicOS® and Cumulus Linux? Cumulus Linux is a network operating system based on Debian Linux and employs an open network operating system (ONOS) architecture. PicOS®, also based on Debian Linux, is developed by Pica8. Both Cumulus Linux and PicOS® offer traditional CLI (command-line interface) management and support a wide range of network protocols and features, such as BGP, OSPF, VXLAN, and VRF. They both provide relatively open platforms, supporting flexible network architecture and deployment options. PicOS® is cost-effective, utilizing ARM for software, which requires lower memory and storage, resulting in lower overall costs. Cumulus Linux is typically used for building large-scale data center networks and cloud service provider networks, whereas PicOS® is commonly used in enterprise networks and smaller-scale data centers. PicOS® v4.4.x supports most data center applications that Cumulus does. 1.10 PicOS® and FSOS are installed on switches, which one performs better? When the switch hardware is identical, both PicOS® and FSOS can maximize the chip's performance. However, PicOS® supports ZTP deployment and AmpCon unified management, which can significantly reduce your operational costs. 1.11 Can FSOS switches that have been purchased be switched to PicOS®? The N8560, S5860, and S5810 series switches can be switched to PicOS®. However, this switch may result in functional changes. In order to ensure stability, we have strict switching protocols in place. You can get in touch with your Account Manager (AM) to submit a request for evaluation. If there is no business impact, we will assist with the switch. 1.12 Where do I download a PicOS® GA version? If you have the SSO account, please go to “PicOS® and AmpCon™ Release” site and select the PICOS image under PICOS-GA sub-directory. 1.13 What is the MD5 file? The MD5 and SHA512 files are the MD5 and SHA512 checksum of the associated PICOS image. It is used to check the completeness of the download. Chapter 2 Installation and configuration 2.1 How do I access the console port? 1. Use a serial to RJ45 reverse cable (i.e. a RS232 serial connector on one end and a RJ45 connector on the other end). 2. Connect the RJ45 reverse connector to the switch’s Console port. 3. Connect the RS232 connector to the host. 4. Set the host’s terminal emulator: baud rate: 115200 data bits: 8 stop bits: 1 parity bits: 0 flow control: none 2.2 How do I use ONIE to install PicOS®? 1. Copy the PICOS installer to a TFTP, FTP or HTTP server. 2. The original installed NOS could be overwritten by PICOS after installing PICOS. If the NOS is PICOS, it will erase the original configuration. 3. Connect the host to the switch’s Console port and connect the switch’s Management port to the network to connect to the server. 4. Turn on the switch. 5. Select ONIE in Grub. 6. Select ONIE rescue mechanism. 7. At the ONIE prompt, set switch IP address and launch onie-nos-install. TFTP is used in the following example. It could be replaced by FTP or HTTP. a.b.c.d isthe IP address and x is the subnet mask length. ONIE# ifconfig eth0 a.b.c.d/x ONIE# onie-nos-install tftp://local-tftp-server/ 8. For details, please refer to“PICOS System and Configuration Guide” at http://docs.pica8.com/ 2.3 What isthe next step after installing PicOS® successfully? After installing PicOS® successfully, you can login by using the default username,“admin”, and password,“pica8”. PicOS® will force you to change the password. Then, you will be in a PicOS® operation mode, and the switch isrunning in L2/L3 mode. 2.4 When do I use sudo? sudo stands for super user do. sudo allowsthe “admin”user account to run those super user executable programs, such as picos_boot, upgrade, reboot, ... 2.5 How do I upgrade the switch? 1. Copy PICOS image and its MD5 file to /cftmp in the switch. 2. Launch the upgrade2 script at /cftmp. Please refer to“Upgrading PicOS from Version 2.11 or Later Using Upgrade2”for the details about“upgrade2”. Example: admin@XorPlus$ cd /cftmp admin@XorPlus$ sudo upgrade2 2.6 How do I generate and install the PicOS® license? 1. Get the switch’s speed type and hardware ID by issuing the following command at switch’s Linux prompt: admin@XorPlus$ license –s 2. Use the assigned credential (SSO) by PicOS® License team (license@pica8.com) to login at“License Portal”website. 3. In the“License Portal”page, click“New Switch License” as shown below: image.png 4. In “New Switch License" page, select Speed type and Feature type based on your purchase dorder. Then, enter the switch’s hardware ID. License name is optional. image.png 5. Afterclicking the “Add License” button, the license will be added to the database. 6. Click the “+” sign of the newly added license to display the “Download" button. image.png 7. Click the “Download” button to download the license to the host. The license file name is “hardware ID.lic”. For example: xxxx-xxxx-xxxx-xxxx.lic image.png 8. Copy the downloaded license file (xxxx.lic) to the switch’s/ home/ admin/ folder 9. Install the license by issuing the following command: admin@XorPlus$sudolicense-i/home/admin/xxxx.lic 10. Restart the PicOS® service to activate the license: admin@XorPlus$sudoreboot 2.7Whathappenstothelicenseandconfigurationafterupgradingtoanewversion? ONIE installer does not save the license and configuration before installing a different version of PicOS®. Use the upgrade2 script to upgrade the switch to a different version if you want to preserve the license and configuration. 2.8 How do I configure PICOS to start in OVS mode? By default, the switch starts at L2/L3 mode. Run the “picos_boot” command, enter the needed information and restart the PICOS service. admin@XorPlus$ sudo picos_boot Enter the needed information by picos_boot script. admin@XorPlus$ sudo service picos restart For details, please refer to “Changing PicOS® Mode from CLI”. 2.9 Am I running in L2/L3 mode or OVS mode? If you can launch the CLI, you are running in L2/L3 mode. Otherwise, you are running in OVS mode. Example: admin@PICOS> show version CLI command Copyright (C) 2009-2022 Pica8, Inc. =================================== Base ethernet MAC Address : 8c:ea:1b:88:5b:81 Hardware Model : AS4610_54T_B Linux System Version/Revision : 4.3.0/110f8aa30d Linux System Released Date : 07/09/2022 L2/L3 Version/Revision : 4.3.0/110f8aa30d L2/L3 Released Date : 07/09/2022 2.10 What are SFP, SFP+ and QSFP optical modules supported by PicOS®? PicOS® supports any off-the-shelf SFP, SFP+ and QSFP optical modules as long as they are compatible to the standard. 2.11 What is the PicOS® interface naming convention? PicOS® interface name starts with two alphabetical letters. The first letter identifies the speed, and the second letter is always “e” as in Ethernet. The first two letters are followed by “-1/1“(chassis-number/board-number) and then the last number is the physical port number of the switch. Here are examples, where x is the port number: 1G/2.5G: ge-1/1/x 10G/25G: te-1/1/x 40G/100G: xe-1/1/x (PICOS 3.2+ release) 2.12 Can I connect the SFP optical module to SFP+ port? Yes, it will work only if the SFP+ port’s link speed is set to 1G. 1. In OVS mode, here is the command to set the interface speed to 1G. admin@XorPlus$ ovs-vsctl set interface te-1/1/x options:link_speed=1G 2. In L2/L3 mode, here is the CLI command to set the interface speed to 1G. admin@XorPlus> configure admin@XorPlus# set interface gigabit-ethernet te-1/1/x speed 1000 admin@XorPlus# commit You may need to configure the speed of its peer to 1G as well in order to bring up the connection. 2.13 Can I split the QSFP port into four SFP+ ports? In general, the answer is yes. Due to the hardware limitation, some of the ports are restricted to 40G or 100G only. For details, please refer to “40G Changes too 4*10G in L2/L3”. 2.14 How do I know which PicOS® version is running? Run “show version” at the Linux prompt to display the running PICOS version. >show version 2.15 Can I access switch via ssh? Yes. By default, you can access the switch via ssh. Telnet is disable by default. 2.16 Where are the PicOS® documents? The PICOS documents are at https://docs.pica8.com/ Chapter 3 L2/L3 Mode 3.1 What is CLI? CLI stands for Command Line Interface. It is a user interface to show and configure the L2/L3 configuration. 3.2 How do I launch CLI? PICOS starts in CLI operation mode if it is running in L2/L3 mode 3.3 How can I enter CLI Configuration mode? After entering CLI, you are in Operation mode. In Operation mode, you can only enter the CLI commands to display the current configuration. You need to issue “configure” to enter the Configuration mode. Then, you are eligible to configure the current configuration. admin@XorPlus> configure admin@XorPlus# 3.4 What is the IP address of the Management port? By default, the Management port will get its IP address from the DHCP server. Use the following CLI command to show it: admin@XorPlus> show system management-ethernet You can also configure it to a static IPv4 address in CLI Configuration mode: admin@XorPlus# set system management-ethernet eth0 ip-address IPv4 a.b.c.d/x admin@XorPlus# commit 3.5 Does PicOS® support OpenFlow in L2/L3 mode? The simple answer is Yes. For details, please refer to “OpenFlow in Crossflow Mode”. 3.6 Where are the L2/L3 configuration files? The L2/L3 configuration files are in the /pica/config/ folder. “pica.conf” is the current running configuration file and “pica_startup.boot” is the configuration file used at service initialization. 3.7 What can I do if I have a problem to report? Send a problem report to support@pica8.com. The report includes the description of the problem, the network topology and the file generated by the following CLI command: admin@XorPlus> show tech_support 3.8 How can I reset the L2/L3 configuration to factory default? Issue the following CLI command in configuration mode: # rollback default # commit Chapter 4 OVS Mode 4.1 Which OVS version am I running? You can get the OVS version running inside the PicOS® with this command: admin@XorPlus$ ovs-appctl version 4.2 Why does “ovs-ofctl show < newly-added-bridge-name>” fail after upgrading PicOS®? It is possibly caused by the changes in OVS DB schemas. Please send the OVS configuration (/ovs/ovs-vswitchd.conf.db) and version information (old and new) to support@pica8.com to evaluate. At the same time, perform the following steps to recover: admin@XorPlus$ sudo cp /ovs/ovs-vswitchd.conf.db /ovs/ovs-vswitchd.conf.db.orig admin@XorPlus$ sudo rm /ovs/ovs-vswitchd.conf.db admin@XorPlus$ sudo service picos restart Base on /ovs/ovs-vswitchd.conf.db.orig to configure again. 4.3 Why is the link not up after connecting the DAC (Direct Attach Copper) cable? For DAC cable, the system needs this information to perform properly. admin@XorPlus$ ovs-vsctl set interface options:is_dac=true 4.4 How do I configure a trunk port? By default, each port is an access port. Issue the following command to configure the port to trunk: admin@XorPlus$ ovs-vsctl set port vlan_mode=trunk 4.5 How do I change the default VLAN ID? In PICOS, the default VLAN ID is 1 no matter whether it is access or trunk. You can change it by issuing the following command: admin@XorPlus$ ovs-vsctl set port tag=x 4.6 How do I add VLANs to the trunk port? If it is not specified, the trunk port supports the entire set of valid VLAN numbers, from 1 to 4094. It only supports the VLANs defined as in trunks as the example below: admin@XorPlus$ ovs-vsctl set port trunks=100,200,300 4.7 I know that the switch behaves according to the application of the Controller. What happens when it is not connected to the Controller? The behavior of the bridge is defined by its controller failure mode: secure and standalone. By default, a newly added bridge is in secure mode. It can be changed by: admin@XorPlus$ ovs-vsctl set-fail-mode [standalone | secure] 4.8 Why does the switch keep dropping the traffic even after adding bridge and ports? PicOS®/OVS mode adds a default DROP flow (priority=0, actions=drop) to the hardware table when the bridge is in secure mode. If there are no other flows added in the table, the ingress packets will be discarded. 4.9 What happens to the flows added manually before connecting to the Controller? By default, PicOS®/OVS mode flushes the flows in the hardware table after connecting to the Controller. If you prefer to keep these flows, issue the following command: admin@XorPlus$ ovs-vsctl set bridge other_config:enable-flush=false 4.10 How will the bridge behave if it is in standalone mode? PicOS®/OVS mode adds the NORMAL flow (priority=0, actions=normal) to the hardware table when the bridge is in standalone mode. In this case, the bridge will behave as a L2 switch by adding the flows to the hardware table according to the ingress packets. 4.11 Can I delete a flow by using its cookie number? Yes, the command is: admin@XorPlus$ ovs-ofctl del-flows br0 cookie=/-1 4.12 What is the command to dump the flows in a bridge’s flow table? admin@XorPlus$ ovs-ofctl dump-flows 4.13 What is the command to dump the flows in hardware? admin@XorPlus$ ovs-appctl pica/dump-flows 4.14 How do I disable in-band management? By default, the remote in-band management to each bridge is enabled in OVS mode. You can disable in-band management by issuing the following command: admin@XorPlus$ ovs-vsctl set bridge other-config:disable-in-band=true 4.15 How can I reset OVS configuration to factory default? Delete the OVS configuration file and restart the PICOS service. admin@XorPlus$ sudo rm /ovs/ovs-vswitchd.conf.db admin@XorPlus$ sudo service picos restart Chapter 5 Service and Warranty 5.1 Can FS provide technical support and maintenance services? Of course, we have a professional engineering team ready to provide prompt technical support and maintenance services. You can purchase them on-demand through the FS website: https://www.fs.com/c/picos-license-4226. If you already own an FS PicOS® switch, it includes 5 years of free technical service, so no additional purchase is necessary. For more details on our support and maintenance services, please review the following agreements: EULA (End User License Agreement): https://www.fs.com/policies/end_user_license_agreement.html and Standard Software Maintenance and Support Agreement: https://www.fs.com/policies/standard_software_maintenance_and_support_agreement.html. 5.2 Does PicOS® support product demonstrations or trials so that users can better understand the actual operation and effect of the software? We provide free PicOS-V virtual machines without additional hardware investment, making it easier for users to understand the software function and experience its operation in advance. If you want to know more about PicOS-V, you can check out the FS official website https://www.fs.com/products/195659.html and click Start Trial to start the trial. And if you have any questions during the trial process, you can contact our local customer service in time at https://www.fs.com/contact_us.html. 5.3 Does PicOS® support customization functions? Yes, FS has established a strategic partnership with Pica8 to offer software development and customization services to our customers, meeting their network customization and future upgrade needs. These services include hardware OEM model adaptation, software product OEM customization, and the development of specific functions tailored to your requirements. 5.4 Does the PicOS® license support only one device? PicOS® uses a single license model, requiring one license per device. When purchasing a license, make sure to choose the correct speed. Once activated, the license is valid for the lifetime of the device and covers all features. If the switch does not have a valid license installed, only the first four physical ports will be enabled. 5.5 What is the expiration date of the technical support services? The PicOS® license offers service terms of 1, 3, and 5 years. FS PicOS® switches include five years of free service. After this period, timely renewal is required. If you renew before the original service expires, the new term starts from the original expiration date. If you renew after the original service expires, the new term starts from the order date. For example, if the original service expired on 2023.12.31 and the service was interrupted for 2 months before the customer placed an order on 2024.3.1 for a 1-year service, the renewed service would expire on 2025.2.28.
PicOS® vs. SONiC Operating System Comparison
Aug 22, 2025 - PicOS® vs. SONiC Operating System Comparison Document overview This document aims to comprehensively compare PicOS® and SONiC software, with a focus on showcasing the strengths of PicOS®. Through comparisons of software positioning and functionality, we will summarize the positioning advantages of PicOS® across various dimensions and explore its functional features. Readers will gain insights into these two software platforms through this document, aiding in the selection of an operating system that best suits their needs. Software positioning PicOS® features easy integration, supports multiple hardware platforms, and offers the Ampcon™ unified management platform, enhancing flexibility and efficiency in network configuration and management. Additionally, PicOS® provides extensive protocol support, including MLAG, EVPN, VXLAN, among others, delivering reliable solutions for enterprise networks and data center environments. SONiC is an open-source network operating system characterized by openness, high scalability, and programmability. Its flexible programmable interface and rich automation tools simplify network configuration and management, making it particularly suitable for environments requiring flexibility and customization. Dimensions PicOS® SONiC Operating System Linux-based network operating system supporting multiple hardware brands, including Edgecore, Delta, Dell, FS, etc. Linux-based network operating systemsupporting multiplehardware brands, including Mellanox, Broadcom, Dell, etc. Management Platform Supports the Ampcon™ management platform to simplify network management, providing a web-based user interface, and enabling zero-touch provisioning (ZTP), deployment, and lifecycle management. No unified management platform, managed basedonRESTAPI and YANG models, supporting the management of network devices in an open, standardized manner. Application Scenarios More suitable for enterprise networks and data center environments that require stability and ease of management. More suitable for large data centers and cloud serviceprovider environments that require high network automation and flexibility. Security Features Features Supports iptables firewall, IPSec, SSL/TLS, ACL, SSH, SNMPv3, etc., compatible with open-source intrusion detection systems like Snort, and supports custom security configurations. Supports standard Linux security tools such as ACL control, DDoS protection, and MACsec, suitable for high-securityrequirements in data center environments. Performance and Stability Adopts a modular design allowing independent component operation and updates, supports protocols such as PFC/ECN, BGP, OSPF, EVPN VXLAN, MLAG. Adopts a microservices architecture, with modular designsuitable for complex topologies, while supporting protocolslike BGP, OSPF, EVPN, VXLAN. Virtualization and Emulator Support Provides PicOS-V, which supports free virtual machines (VMs) without the requirement for switch hardware. PicOS-V can run on popular virtual machine management programs like VMware, GNS3, and VirtualBox. Does not directly provide virtualization or emulator support. To run and test in a virtualized environment, users needtochoose other tools or platforms to implement it themselves. Software Updates and Lifecycle Regularly releases stable version updates by the team, with a relatively controllable update pace, clear lifecycle management. It also provides stable maintenance versions, allowing flexible patch releases to address urgent customer issues. Driven by the open-source community for updates, it mayhave a higher update frequency. The community introducesfeatures and optimizations based on demand, but thequality and stability of updates rely on the community'smaintenance efforts and vendor support for secondarydevelopment. Support and Services Provides official support and extensive third-party hardware compatibility, ensuring fast response times. Additionally, it offers software customization services to tailor and develop specific features based on customer business needs. Relies on community support and support frompartners, with relatively limited commercial support. Users may needan internal technical team to address the majority of technical issues. Learning Costs Based on the Linux system, supports common Linux commands and automation tools (such as Ansible), suitable for existing Linux technical teams with low learning costs. As an open-source project with complex networking functionalities and configuration options, the learningcurvefor new users may be steep, requiring time and effort tobecome familiar with the system. Software function Compared with SONiC, PicOS® has more comprehensive support for Layer 2 functions and securityfunctions, and has more advantages in supporting important functions such as Voice VLAN, DynamicARPinspection (DAI), and NAC, and can provide more complete network management and security guarantees. Primary Specifications Secondary Specifications PicOS® SONiC System Management System time management: manual method, NTP, PTP Y Y Layer 2 Switching Configuration Voice VLAN Y N Spanning Tree Protocol Y Y Private VLAN Y N Ethernet Ring Protection Switching (ERPS) Y N IP Service Configuration Guide Dynamic ARP inspection(DAI) Y N Equal-Cost Multipath Routing (ECMP) Y Y IPv6 Y Y DHCP Relay Agent Y Y DHCP Snooping Y Y IP Routing Configuration OSPF Y Y OSPFv3 Y Y IPV4/IPv6 BGP Y Y IS-IS Y Y Precision-time protocol(PTP) N Y Multicas Configuration IGMP Y Y Multicast Listener Discovery(MLD) N Y PIM Y Y IGMP Snooping Y Y VPN Generic Routing Encapsulation Protocol (GRE) Y Y VXLAN VXLAN Y Y EVPN Y Y High Availability Dynamic Load Balancing Y Y Virtual Router Redundancy Protocol (VRRP) Y Y MLAG Y Y VSU(Virtual Switching Unit)【RJ】 Virtual Chassis Technology【Juniper】 N N MPLS N N EFM OAM Y N Uplink Failure Detection (UFD) Y N Lossless Network PFC, Priority Flow Control Y Y PFC Wachdog Y Y ECN, Explicit Congestion Notification Y Y DLB, Dynamic Load Balancing Y Y Security Media Access Control Security (MACsec) N Y NAC Y N IPv4SG (IPv4 Source Guard) Y N IPv6SG (IPv6 Source Guard) Y N QoS Service Configuration Queue scheduler Y Y Traffic policing Y Y Congestion management : WRED Y Y Congestion avoidance : ECN Y Y Network Management and Monitoring RESTCONF Y Y NETCONF Y Y POE(Power over Ethernet) Y N/A Telemetry Protocol Y Y SDN Y Y Remote Network Monitoring (RMON) Y N Online resources PicOS® Enterprise Switches: https://www.fs.com/c/picos-enterprise-switches-4223 PicOS® Data Center Switches: https://www.fs.com/c/picos-data-center-switches-5125 AmpCon™-DC Platform: https://www.fs.com/c/ampcon-campus-platform-5513 AmpCon™-Campus Platform: https://www.fs.com/c/ampcon-dc-management-platform-4227
S5580 Series PicOS® Switches Data Sheet
Jul 01, 2025 - S5580 Series PicOS® Switches Data Sheet Product Overview The S5580 series ethernet switch delivers high availability, scalability, and performance for enterprise campus deployments. Built on Broadcom BCM56873 Trident 3 Chip,these switches provide 10GbE, 25GbE and 100GbE (split into 4x 10/25G via breakout cables) ports in a compact 1U form factor,delivering up to 4 Tbps of reliable connectivity to secure routers, servers, and switches. All S5580 switches are equipped with high-availability features, such as redundant, hot-swappable power supplies and smart fans, ensuring maximum uptime. With advanced Layer 2/3 features such as MLAG, BGP, OSPF, NAC, and sFlow, EVPN-VXLAN,supporting advanced features like MLAG and EVPN-VXLAN, they are ideal for enterprise data center top-of-rack (TOR) and service provider aggregation deployments. The S5580 series switches can be managed by the AmpCon-Campus management platform(Above Version 2.2.0), enabling automated lifecycle management from Day 0 to Day 2+. The platform features Zero Touch Provisioning (ZTP), topology discovery, and real-time telemetry, optimizing workflow automation and enhancing visibility into the performance of connected devices. img_v3_02n6_8c5eb58e-d6cf-4c8f-8be7-63f8bdf1608g.jpg Figure 1. S5580 Series Switches Features and Benefits Broadcom Chip Built on the Broadcom BCM56873 chip, the S5580 series switches offer high-speed data transfer, low latency, and high throughput, enhancing performance for superior stability and reliability. PicOS® Operating System the S5580 series switches run on the PicOS®. This unified operating system allows users to manage networks more efficiently and deploy new services more quickly, allowing all PicOS®-powered products to be updated simultaneously with the same software release. All features are fully regression tested, making each new release a true superset of the previous version. AmpCon-Campus Management Platform* AmpCon-Campus management platform centrally manages PicOS® enterprise switches, providing automated full lifecycle management from Day 0 to Day 2+, enabling efficient automated deployment and configuration, monitoring and troubleshooting. Day 0: Enables Zero Touch Provisioning (ZTP), allowing the switch to automatically retrieve and apply initial configuration files without manual setup. Day 1: Fast deployment and configuration with Zero-Touch Provisioning (ZTP) and automation. AmpCon-Campus leverages ZTP for hands-free configuration of PicOS® enterprise switches, powered by flexible configuration templates that enable hundreds to thousands of switches to be deployed rapidly at scale with minimal errors. Day 2+: Support Telemetry, collecting real-time device data and sending it to the AmpCon-Campus management platform. It enables switch health monitoring and anomaly detection, providing fault alerts and triggering email notifications to help administrators quickly diagnose and resolve network issues, streamlining IT operations and enhancing the user experience. For more information, see AmpCon-Campus Management Platform. image.png Figure 2. AmpCon-Campus Management Platform Notice: *To be managed by AmpCon-Campus, make sure the AmpCon-Campus version is 2.2.0 or higher. End-to-end Campus Fabric with EVPN-VXLAN EVPN-VXLAN decouples the physical network (Underlay) from the virtual network (Overlay), flexibly providing Layer 2 and Layer 3 connectivity between endpoints across campus and data centers. It enables tenant isolation, allowing a single network to serve multiple purposes while enhancing network scalability, security, and flexibility. image.png Figure 3. End-to-end Campus Fabric with EVPN-VXLAN Multi-Chassis Link Aggregation (MLAG) MLAG allows two S5580 series switches to operate as independent devices with separate control planes while eliminating STP by enabling link aggregation on connected devices. This enhances network bandwidth, improves reliability and availability, and ensures seamless operation of critical services. img_v3_02lm_78d08607-9f05-40bd-b027-6683877aa1eg.jpg Figure 4. Multi-Chassis Link Aggregation (MLAG) Security The S5580 series switches provides flexible and comprehensive user identity verification and access control through features such as ACLs, 802.1X, and AAA. It also supports IPv4/IPv6 Source Guard, IPv6 DHCP Guard, IPv4/IPv6 DHCP Snooping, Dynamic ARP Inspection (DAI), and IPv6 ND Detection and Snooping, which effectively manage network access, enhance security, and optimize resource usage. High Availability The S5580 series switches also includes a variety of other high availability features, including redundant, hot-swappable power and fans, graceful protocol restart, equal-cost multipath (ECMP), Link Aggregation (LACP), Virtual Router Redundancy Protocol (VRRP), Bidirectional Forwarding Detection (BFD) for fast link failure detection, Unidirectional Link Detection (UDLD), and Ethernet Ring Protection Switching (ERPS), ensuring maximum uptime and reliability for mission-critical network operations. Product Specifications Physical Specifications Tables 1 through 2 show the FS S5580 series switches physical specifications. Notice: Port Density includes both native xxG ports and ports that support downshifting. Port Density (with breakout cable) includes native xxG ports, downshifted ports, and the ports available after splitting. Table 1. Physical specifications of the S5580 Series Switches FS P/N S5580-48S S5580-48Y Description S5580-48S, 48-Port Ethernet L3 Switch, 48 x 10Gb SFP+, with 8 x 100Gb QSFP28 Uplinks, PicOS®, Support EVPN-VXLAN&MLAG, Broadcom Chip S5580-48Y,48-Port Ethernet L3 Switch, 48 x 25Gb SFP28, 8 x 100Gb QSFP28 Uplinks, PicOS®, Support EVPN-VXLAN&MLAG, Broadcom Chip Port 1G Port Density 48 50 10G Port Density 48 50 25G Port Density - 48 40G Port Density 8 8 100G Port Density 8 8 10G Port Density (with breakout cable) 80 82 25G Port Density (with breakout cable) 32 80 Management Ports 1 1 Console Port 1 1 USB Port 1 1 Memory and processor Switch chip Broadcom BCM56873 Trident III Broadcom BCM56873 Trident III CPU ARM A9 Quad-Core CPU, 1.2GHz Intel® Xeon® D-1518 processor quad_x0002_core 2.2 GHz DRAM 4GB 2x 8GB SO-DIMM DDR4 SDRAM 4GB 1GB Flash memory 8GB (EMMC) 64GB Latency 7.56μs 1.28μs Packet buffer 32MB 32MB Mean-time between failures MTBF (hours) >300,000 >366,000 Weight & Dimension Weight 14.2 lbs (6.44kg) 23.96 lbs (10.87kg), with two installed PSUs Dimension 1.73''x17.4''x15.24'' (44x442x387mm) 1.72”x17.26”x20.28” (43.8x438.4x515mm) Rack units (RU) 1 RU 1 RU Power supplies and fans Power supply Dual 1+1 redundant power supplies (AC or DC) Dual 1+1 redundant power supplies(AC) Power-supply input receptacles C13 C13 Input-voltage range and frequency Rated voltage range: -AC input: 100-240VAC; 50-60Hz Maximum voltage range: -AC input: 90-264VAC; 47-63Hz; -DC Input: -36V DC~-72V DC Rated voltage range: 100-240VAC; 50-60Hz Maximum voltage range: -AC input: 90-264VAC; 47-63Hz; Input current AC input: 8A (MAX) at 90V DC Input: 23A (MAX) 6A Power cord rating 10A 10A Power supply efficiency 92% (230Vac 50% load) 85% (220Vac 50% load) Power max rating 550W 550W Max. power consumption 300W 550W Output ratings Main output: 12V 45A Standby output: 12V 2.1A Main output: 12V 12.5A Output holdup time 12ms 20ms Fan number 4x Hot-swappable Fans (3+1 Redundancy) 6x Hot-swappable Fans (5+1 Redundancy) Airflow Front-to-Back Back-to-Front Acoustic noise <78dB <78dB Maximum fan speed 23500rpm 18000rpm Environmental Ranges Operating temperature 0 to 45ºC (32 to 113°F ) 0 to 45°C(32 to 113°F ) Storage temperature -40 to 70ºC (-40 to 158°F) -40 to 70°C(-40 to 158°F) Operating humidity 10% to 90% (Non-condensing) 5% to 95%(Non-condensing) Storage humidity 5% to 95% (Non-condensing) 5% to 95% (Non-condensing) Temperature alarm Supported Supported Connectors Connectors and cabling SFP+ transceivers: LC fiber connectors (single-mode or multimode fiber) SFP28 transceivers: LC fiber connectors (single-mode or multimode fiber) QSFP+ transceivers: MPO and LC fiber connectors (single-mode or multimode fiber) QSFP28 transceivers:MPO and LC fiber connectors (single-mode or multimode fiber) Ethernet management port: RJ-45 connectors, 4-pair Cat5 UTP cabling Management console port: RJ-45-to-DB9 cable for PC connections Power connectors Customers can provide power to a switch by using the internal power at the back of the switch Internal power supply connector: The internal power supply is an auto-ranging unit. It supports input voltages between 100 (115 for 1100WAC) and 240 VAC. Use the supplied AC power cord to connect the AC power connector to an AC power outlet Notice: SFP28 can be used for a 10/25G connection. QSFP28 can be used for 40/100G or 4x 10/25G connections. Table 2. Power cord information of the S5580 Series Switches Countries Power Cord Standard Male Plug Female Connector Voltage Compatibility Maximum Input Amps United States, Canada, Mexico, Puerto Rico, Guam, Japan, Virgin Islands (U.S.) US NEMA 5-15P IEC60320 C13 100-250VAC 10A United Kingdom, Hong Kong, Singapore, Malaysia, Maldives, Qatar, India UK BS1363 IEC60320 C13 100-250VAC 13A Continental Europe, South Africa, Switzerland, Italy, Indonesia EU CEE 7 IEC60320 C13 100-250VAC 16A China, Australia, New Zealand, Argentina CN GB16A IEC60320 C13 100-250VAC 10A Notice: Power cords are matched according to the delivery destination. Software Specifications Table 3. Software Specifications of the S5580 Series Switches Functionality Description High Availability Multi-Chassis Link Aggregation (MLAG) Backup port Ethernet Ring Protection Switching (ERPS) :v1,v2 Unidirectional Link Detection (UDLD) Bidirectional Forwarding Detection(BFD) Uplink failure detection (UFD) Priority Flow Control (PFC) Virtual Router Redundancy Protocol (VRRP) EFM OAM Security Support configuring login methods BPDU Filter, BPDU Root Guard, BPDU TCN-Guard, BPDU-Guard Static ARP DHCP snooping, DHCP snooping trust-port, DHCP snooping option82, DHCPv6 snooping IPv6 RA Guard AAA Radius Authentication, Radius Authorization, Radius Accounting;TACACS+ Authentication, TACACS+ Authorization, TACACS+ Accounting;Console Login, OUT-band/INBAND Login, Local Authentication, local authentication fallback Network Access Control(NAC) Enable or disable port security Trust Port, ARP Packets Validity Checking, User Legitimacy Checking, Dynamic ARP Inspection Control Plane Policing (CoPP) IPv4/IPv6 Source Guard (IPSG) IPv6 DHCP Guard Enable ND inspection on a VLAN, Validate source-mac ND Snooping (only for S5580-48Y) Device Management Hardware management of system FAN and PSU Syslog management Recover default configuration and password Zero Touch Provisioning (ZTP) System file management User management System time management: manual method, NTP Ethernet Ports Management Configuration Enable or disable the Ethernet port SNMP v2/v3 SNMP Access control, SNMP authentication, SNMP privacy, SNMP Trap, SNMP VRF RESTCONF NETCONF Boot-messages (only for S5580-48Y), connections, cpu-usage, fan, hwinfo, memory-usage, processes, rollback, rpsu, serial-number, temperature Telemetry Protocol Openflow sFlow Layer 2 Features Configuring port speed Port breakout Storm Control Clock and Data Recovery (CDR) Static MAC entries and Dynamic MAC Address Learning Port access mode Port-based VLAN MAC-based VLAN QinQ GARP VLAN Registration Protocol(GVRP) Multiple VLAN Registration Protocol(MVRP) Private VLAN Voice VLAN Spanning Tree Protocol:STP,RSTP,MSTP,PVST+,Edge port Layer 2 protocol messages such as CDP, LLDP, LACP and STP are supported and can be transmitted through BPDU tunnels. Ethernet Ring Protection Switching (ERPS) :v1,v2 Unidirectional Link Detection (UDLD) Loopback Detection Dynamic ARP VXLAN LLDP Mode, Selecting Optional TLVs, LLDP med Local port mirror, ERSPAN Layer 3 Features IPv4 Basic Configuration ARP Proxy DHCP: DHCP server and DHCP client, DHCP relay and dhcp relay option82, DHCPv6 Relay Equal-Cost Multipath Routing (ECMP) Virtual Routing and Forwarding (VRF) IPv6 NDP IPv6 ECMP Path MTU Discovery IPv4/v6 Addressing, SVI IPv4/IPv6 static routing, Multiple nexthop static route Routing protocols (RIP, RIPng, OSPF v2/v3, IS-IS v4/v6 (PicOS 4.4.5 and above), BGP v4/v6) Route Map PBR (Policy-Based Routing) Internet Group Management Protocol (IGMP): v2, v3 IGMP snooping: v2, v3 PIM-SM Multicast Source Discovery Protocol (MSDP) Generic Routing Encapsulation Protocol (GRE) BGP EVPN Quality of Service PTP Flow statistics Forwarding Error Correction (FEC) PFC, Priority Flow Control PFC Watchdog (only for S5580-48Y) PFC Deadlock Prevention (only for S5580-48Y) ECN, Explicit Congestion Notification Easy ECN (only for S5580-48Y) Queue scheduler: SP WRR WFQ Traffic policing: guaranteed-rate, max-rate, Traffic classifier Congestion management: WRED Congestion avoidance: ECN Multicast PIM SM Static RP Dynamic RP PIM-SSM PIM over GRE Tunnel Multicast routing and forwarding Multicast VLAN Registration (MVR) IGMP v2/v3 snooping, mrouter port, static group, unregistered flood Link Aggregation Static LAG Dynamic LAG (LACP) Resilient LAG Hashing Symmetric Hash for LAG Multichassis link aggregation (MLAG) DLB, Dynamic Load Balancing Access Control List Match field: destination-address-ipv4, destination-address-ipv6 , destination-mac-address, destination-port, ether-type, first-fragment, ip, is-fragment, protocol, source-address-ipv4, source-address-ipv6, source-mac-address, source-port, time-range, vlan ACL-based Traffic Policer ACL-based QoS ACL-based remarked Base ACL ERSPAN Troubleshooting Boot diagnose Local loopback Link Fault Signaling (LFS) Time Domain Reflectometry (TDR) MAC Trace Manual forwarding Ethernet statistics function (etherStatsTable in RMON MIB) History statistics function (etherHistoryTable in RMON MIB) Event definition function (eventTable and logTable in RMON MIB) Alarm threshold setting function (alarmTable in RMON MIB) Tcpdump (only for S5580-48Y) Platform Specifications Tables 4 show the FS S5580-48Y switch platform specifications. Table 4. Platform Specifications of the S5580-48Y Switch FS P/N S5580-48S S5580-48Y Performance specifications Layer Type Layer 3 Layer 3 Switching capacity 2.56 Tbps 4 Tbps Forwarding rate 1904 Mpps 2000 Mpps Total number of MAC addresses 32,768 98K IPv4 routes 16,000 168K IPv6 routes 14,000 100K VLAN IDs 4K 4K Jumbo frame 9216 bytes 9216 bytes Standards Compliance IEEE Standards IEEE 802.1D IEEE 802.1w IEEE 802.1Q IEEE 802.1p IEEE 802.1ad IEEE 802.3ad IEEE 802.1AB IEEE 802.3x IEEE 802.1Qbb IEEE 802.1X IEEE 802.3ae IEEE 802.3by IEEE 802.3ba IEEE 802.1ax RFC – SPECIFIED MIBs RFC 791 IP RFC 792 ICMP RFC 793 TCP RFC 768 UDP RFC 1058 RIP RFC 2453 RIP v2 RFC 2328 OSPF v2 RFC 1771 BGP-4 RFC 1997 BGP Communities Attribute RFC 2236 IGMP v2 RFC 3376 IGMP v3 RFC 4601 PIM-SM(Recised) RFC 2338 VRRP RFC 2138 RADIUS Authentication RFC 2139 RADIUS Accounting RFC 2131 DHCP RFC 2132 DHCP Options & BOOTP Extensions RFC 3046 DHCP Relay Agent Info Option RFC 3031 MPLS Architecture RFC 5880 BFD Base Protocol RFC 1142 OSI IS-IS Intra-domain Routing Protocol RFC 3618 MSDP Safety and Compliance At FS, our Quality Commitment lies in all aspects of processes, resources, and methods that enable us to build superior networks for our customers. Through a quality policy focusing on continuous improvement of products and services, we're able to achieve the highest levels of satisfaction for our customers. To that end, every FS employee is accountable for contributing to the value of the products and services we deliver. To get the detailed certification, please go to the Compliance Center. Table 5. Safety and Compliance of the S5580-48Y Switch Certification Standards EMC Environmental Compliance Others Certifications CE-EMC FCC ISED UKCA ISO 14001 RoHS REACH WEEE DEEE ISO 9001 Certification Marks image.png image.png img_v3_02kq_ac9e4a6d-1047-44fd-819a-560fe663583g.png image.png image.png image.png image.png image.png image.png image.png S5580-48S √ √ √ √ √ - - √ √ √ S5580-48Y √ √ √ - √ √ √ - - √ Telco Common Language Equipment Identifier (CLEI) code Warranty, Service and Support FS S5580-48Y switch enjoys a 5-year limited warranty against defects in materials or workmanship. For more information on FS Returns & Refunds policy, visit FS Product Warranty or FS Return Policy. FS provides a personal account manager, free professional technical support, and 24/7 live customer service for each customer. Professional Lab: Test each product with the latest and advanced networking equipment. Free Technical Support: Provide free & tailored solutions and services for your businesses. 80% Same-day Shipping: Immediate shipping for in-stock items. Fast Response: Direct and immediate assistance from an expert. For more information, visit FS Help Center. Ordering Information Table 6. Ordering information FS P/N Product description Switch hardware S5580-48S S5580-48S, 48-Port Ethernet L3 Switch, 48 x 10Gb SFP+, with 8 x 100Gb QSFP28 Uplinks, PicOS®, Support EVPN-VXLAN&MLAG, Broadcom Chip S5580-48Y S5580-48Y,48-Port Ethernet L3 Switch, 48 x 25Gb SFP28, 8 x 100Gb QSFP28 Uplinks, PicOS®, Support EVPN-VXLAN&MLAG, Broadcom Chip AmpCon-Campus Management Platform LIS-AMPCON-CAM-FPSW-Foundation-90D Free Trial of AmpCon-Campus Management Platform for PicOS® Enterprise Switches, Support Remote Deployment and Automate Network Management (Per Device) LIS-AMPCON-CAM-FPSW-Foundation-1Y AmpCon-Campus Management Platform for PicOS® Enterprise Switches with 1 Year Service Bundle, Support Remote Deployment and Automate Network Management (Per Device) LIS-AMPCON-CAM-FPSW-Foundation-3Y AmpCon-Campus Management Platform for PicOS® Enterprise Switches with 3 Years Service Bundle, Support Remote Deployment and Automate Network Management (Per Device) LIS-AMPCON-CAM-FPSW-Foundation-5Y AmpCon-Campus Management Platform for PicOS® Enterprise Switches with 5 Years Service Bundle, Support Remote Deployment and Automate Network Management (Per Device) About FS FS Inc. is a trusted provider of ICT products and solutions to enterprise customers worldwide. Established in 2009, the company focuses on HPC, Data Center, Enterprise, Telecom, providing tailored product development and solution design based on professional customer needs. Leveraging dedicated R&D and testing teams, comprehensive technical service experts, a robust supply chain system, globalized warehousing centers, and convenient shopping platform, FS delivers a wide range of highly efficient customer-centric ICT products, solutions and services to global vertical industry and enterprise customers across ISP, telecom, retail, education, etc. Through continuous technology innovation and brand partnership, FS products and solutions have served more than 900,000 users in over 200 countries. Document History New or revised topic Described in Date Adds S5580-48S switch Updated All 2025-06-18 Updates to FS S5580-48Y Switch Data Sheet Updated All 2025-04-25 Updates to FS S5580-48Y Switch Data Sheet Updated All 2025-03-20
S5580-48S(AC) Instruction Manual of Safety and Compliance Information
Jun 11, 2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.
S5580-48S Switch Quick Start Guide V1.0
Jun 10, 2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.