PicOS® Enterprise Switches CLI Reference Guide V4.7

Jan 22, 2026 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

PicOS® Configuration Guide V4.7

Jan 22, 2026 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

PicOS® Software Installation and Upgrade Guide

Jan 21, 2026 - PicOS® Software Installation and Upgrade Guide 1. ONIE Version and BIOS/U-Boot Information of Verified Platforms The ONIE and BIOS/U-Boot Version information of platforms verified in the lab are listed below. The users can find the ONIE version information in the onie-syseeprom command output. Platform BIOS/U-Boot Version ONIE Version AS4610_54P none ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 159 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 15 4610-54P-O-AC-F Part Number 0x22 13 FP1ZZ5654001A Serial Number 0x23 12 EC1731000333 Base MAC Address 0x24 6 A8:2B:B5:70:43:40 Manufacture Date 0x25 19 08/22/2017 19:30:27 Label Revision 0x27 3 R01 Platform Name 0x28 23 arm-accton_as4610_54-r0 ONIE Version 0x29 13 2016.05.00.04 MAC Addresses 0x2A 2 55 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Vendor Name 0x2D 8 Edgecore Diag Version 0x2E 5 001.9 CRC-32 0xFE 4 0xDABC2397 Checksum is valid. AS4610_54T none ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 159 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 15 4610-54T-O-AC-F Part Number 0x22 13 F0PEC4654000Z Serial Number 0x23 12 EC1741001625 Base MAC Address 0x24 6 A8:2B:B5:CD:6C:C0 Manufacture Date 0x25 19 10/30/2017 12:56:49 Label Revision 0x27 3 R01 Platform Name 0x28 23 arm-accton_as4610_54-r0 ONIE Version 0x29 13 2016.05.00.04 MAC Addresses 0x2A 2 55 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Vendor Name 0x2D 8 Edgecore Diag Version 0x2E 5 001.9 CRC-32 0xFE 4 0xF40F7512 Checksum is valid. AS4610_54T_B none ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 159 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 15 4610-54T-O-AC-B Part Number 0x22 13 F0PEC4654003Z Serial Number 0x23 12 EC1631000053 Base MAC Address 0x24 6 C4:39:3A:FF:2D:C0 Manufacture Date 0x25 19 08/05/2016 11:45:43 Label Revision 0x27 3 R0A MAC Addresses 0x2A 2 55 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Vendor Name 0x2D 8 Edgecore Diag Version 0x2E 5 001.7 Platform Name 0x28 23 arm-accton_as4610_54-r0 ONIE Version 0x29 13 2018.02.00.03 CRC-32 0xFE 4 0x9DC28EDF Checksum is valid. AS4610_30P none ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 160 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 15 4610-30P-O-AC-F Part Number 0x22 13 F0PEC4630402Z Serial Number 0x23 12 EC1815000436 Base MAC Address 0x24 6 3C:2C:99:89:89:00 Manufacture Date 0x25 19 04/15/2018 23:45:48 Label Revision 0x27 4 R01A Platform Name 0x28 23 arm-accton_as4610_30-r0 ONIE Version 0x29 13 2016.05.00.04 MAC Addresses 0x2A 2 31 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Vendor Name 0x2D 8 Edgecore Diag Version 0x2E 5 001.9 CRC-32 0xFE 4 0xCD54AF53 Checksum is valid. AS4610_30T none ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 160 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 15 4610-30T-O-AC-F Part Number 0x22 13 F0PEC4630001Z Serial Number 0x23 12 EC1806001291 Base MAC Address 0x24 6 3C:2C:99:41:47:E0 Manufacture Date 0x25 19 02/12/2018 23:08:49 Label Revision 0x27 4 R01A Platform Name 0x28 23 arm-accton_as4610_30-r0 ONIE Version 0x29 13 2016.05.00.04 MAC Addresses 0x2A 2 31 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Vendor Name 0x2D 8 Edgecore Diag Version 0x2E 5 001.9 CRC-32 0xFE 4 0x4FF5BAD3 Checksum is valid. S4048-ON Version 2.16.1242. Copyright (C) 2013 American Megatrends, Inc. BIOS Date: 02/22/2017 02:29:52 Ver: 0ACBZ018 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 149 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 7 S4048ON Part Number 0x22 6 099TJK Serial Number 0x23 20 CN099TJK282985640054 Base MAC Address 0x24 6 34:17:EB:FA:90:C4 Manufacture Date 0x25 19 06/08/2015 20:36:30 Label Revision 0x27 3 A00 MAC Addresses 0x2A 2 256 Manufacturer 0x2B 5 28298 Country Code 0x2C 2 CN Service Tag 0x2F 7 FX4PX42 Vendor Extension 0xFD 6 0x36 0x37 0x34 0x2D 0x46 0x46 Platform Name 0x28 26 x86_64-dell_s4000_c2338-r0 Loader Version 0x29 8 3.21.1.1 CRC-32 0xFE 4 0x7EB3C763 Checksum is valid. S4128F-ON Version 2.17.1245. Copyright (C) 2017 American Megatrends, Inc. BIOS Date: 04/26/2017 04:20:58 Ver: 0ACBZ028 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 180 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 9 S4128F-ON Part Number 0x22 6 02NK09 Serial Number 0x23 20 CN02NK092829886J0109 Base MAC Address 0x24 6 E4:F0:04:DF:67:16 Manufacture Date 0x25 19 06/19/2018 11:32:52 Device Version 0x26 1 1 Label Revision 0x27 3 A02 Platform Name 0x28 30 x86_64-dellemc_s4128f_c2338-r0 ONIE Version 0x29 10 3.33.1.1-4 MAC Addresses 0x2A 2 128 Manufacturer 0x2B 5 28298 Country Code 0x2C 2 CN Vendor Name 0x2D 8 Dell EMC Diag Version 0x2E 10 3.33.3.0-1 Service Tag 0x2F 7 HPPKXC2 Vendor Extension 0xFD 4 0x00 0x00 0x02 0xA2 CRC-32 0xFE 4 0x1A25266A Checksum is valid. S4148T-ON Version 2.17.1245. Copyright (C) 2017 American Megatrends, Inc. BIOS Date: 07/06/2017 01:44:00 Ver: 0ACBZ028 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 180 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 9 S4148T-ON Part Number 0x22 6 0JD8R7 Serial Number 0x23 20 CN0JD8R7282987CN0053 Base MAC Address 0x24 6 E4:F0:04:80:EA:CC Manufacture Date 0x25 19 12/23/2017 16:32:17 Device Version 0x26 1 1 Label Revision 0x27 3 A01 MAC Addresses 0x2A 2 256 Manufacturer 0x2B 5 28298 Country Code 0x2C 2 CN Vendor Name 0x2D 8 Dell EMC Service Tag 0x2F 7 6SCCXC2 Vendor Extension 0xFD 4 0x00 0x00 0x02 0xA2 Platform Name 0x28 30 x86_64-dellemc_s4148t_c2338-r0 ONIE Version 0x29 10 3.33.1.1-6 Diag Version 0x2E 10 3.33.3.1-6 CRC-32 0xFE 4 0xD89AF6DE Checksum is valid. S4148F-ON Version 2.17.1245. Copyright (C) 2017 American Megatrends, Inc. BIOS Date: 12/04/2017 20:42:30 Ver: 0ACBZ028 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 179 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 9 S4148F-ON Part Number 0x22 6 0R2RKC Serial Number 0x23 20 TW0R2RKC2829872D0046 Base MAC Address 0x24 6 14:18:77:18:2C:B8 Manufacture Date 0x25 19 02/13/2017 19:32:31 Device Version 0x26 1 1 Label Revision 0x27 3 X01 MAC Addresses 0x2A 2 256 Manufacturer 0x2B 5 28298 Country Code 0x2C 2 TW Vendor Name 0x2D 8 DELL EMC Service Tag 0x2F 7 CM31XC2 Vendor Extension 0xFD 4 0x00 0x00 0x02 0xA2 Platform Name 0x28 29 x86_64-dellemc_s4100_c2338-r0 ONIE Version 0x29 10 3.33.1.1-4 Diag Version 0x2E 10 3.33.3.0-1 CRC-32 0xFE 4 0x42273778 Checksum is valid. AS7712_32X Version 2.16.1242. Copyright (C) 2013 American Megatrends, Inc. BIOS Date: 09/08/2015 11:15:24 Ver: ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 168 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 10/28/2015 20:33:51 Label Revision 0x27 4 R0AB Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Base MAC Address 0x24 6 CC:37:AB:63:8B:84 Serial Number 0x23 14 771232X1541003 Part Number 0x22 13 FP3ZZ7632014A Product Name 0x21 15 7712-32X-O-AC-F MAC Addresses 0x2A 2 131 Vendor Name 0x2D 8 Edgecore Diag Version 0x2E 7 0.0.5.4 Platform Name 0x28 27 x86_64-accton_as7712_32x-r0 ONIE Version 0x29 13 2018.11.00.02 CRC-32 0xFE 4 0x9208666A Checksum is valid. Z9100-ON Version 2.17.1245. Copyright (C) 2017 American Megatrends, Inc. BIOS Date: 02/22/2017 21:20:05 Ver: 0ACBZ028 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 168 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 8 Z9100-ON Part Number 0x22 6 04HW8N Serial Number 0x23 20 CN04HW8N7793163I0010 Base MAC Address 0x24 6 4C:76:25:E8:D7:C0 Manufacture Date 0x25 19 03/19/2016 12:39:24 Device Version 0x26 1 1 Label Revision 0x27 3 A00 Platform Name 0x28 26 x86_64-dell_z9100_c2538-r0 ONIE Version 0x29 8 3.23.1.3 MAC Addresses 0x2A 2 384 Manufacturer 0x2B 5 77931 Country Code 0x2C 2 CN Vendor Name 0x2D 4 DELL Diag Version 0x2E 6 01_010 Service Tag 0x2F 7 2QWRG02 Vendor Extension 0xFD 7 0x00 0x00 0x02 0xA2 0x2D 0x46 0x46 CRC-32 0xFE 4 0x3B190E49 Checksum is valid. AS7816_64X Version 2.19.1269. Copyright (C) 2018 American Megatrends, Inc. BIOS Date: 10/05/2018 08:57:44 Ver: AS7816-64X V36 20181004 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 171 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 11/02/2018 16:32:21 Label Revision 0x27 4 R01A Platform Name 0x28 27 x86_64-accton_as7816_64x-r0 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Vendor Name 0x2D 8 Edgecore Product Name 0x21 17 7816-64X-O-AC-F-R Part Number 0x22 13 FP3ZZ7664020A Serial Number 0x23 14 781664X1843004 Base MAC Address 0x24 6 B8:6A:97:73:6A:3E MAC Addresses 0x2A 2 300 ONIE Version 0x29 13 2018.11.00.02 Diag Version 0x2E 8 0.1.0.17 CRC-32 0xFE 4 0x84DD5474 Checksum is valid. Z9264F-ON Version 2.19.1266. Copyright (C) 2018 American Megatrends, Inc. BIOS Date: 09/17/2018 21:25:57 Ver: 0ACHI032 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 181 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 9 Z9264F-ON Part Number 0x22 6 0RWYT4 Serial Number 0x23 20 CN0RWYT4DND008660010 Base MAC Address 0x24 6 20:04:0F:05:D4:97 Manufacture Date 0x25 19 06/06/2018 03:00:21 Device Version 0x26 1 1 Label Revision 0x27 3 A00 Platform Name 0x28 30 x86_64-dellemc_z9264f_c3538-r0 ONIE Version 0x29 10 3.42.1.9-3 MAC Addresses 0x2A 2 640 Manufacturer 0x2B 5 DND00 Country Code 0x2C 2 CN Vendor Name 0x2D 8 Dell EMC Diag Version 0x2E 11 3.00.3.41-1 Service Tag 0x2F 7 20GKXC2 Vendor Extension 0xFD 4 0x00 0x00 0x02 0xA2 CRC-32 0xFE 4 0xD8EFCB81 Checksum is valid. ONIE:/ # AS5812_54T Version 2.16.1242. Copyright (C) 2013 American Megatrends, Inc. BIOS Date: 08/20/2015 10:55:33 Ver: A02 0820 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 168 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 08/11/2016 16:36:46 Diag Version 0x2E 7 1.0.0.5 Label Revision 0x27 4 R01A Platform Name 0x28 27 x86_64-accton_as5812_54t-r0 ONIE Version 0x29 13 2015.11.00.01 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Base MAC Address 0x24 6 C4:39:3A:FB:BF:6C Serial Number 0x23 14 581254T1631023 Part Number 0x22 13 FP1ZZ5654031A Product Name 0x21 15 5812-54T-O-AC-F MAC Addresses 0x2A 2 74 Vendor Name 0x2D 8 Edgecore CRC-32 0xFE 4 0xCBA5E40E Checksum is valid. HPE AL 6921-54X Version 2.16.1242. Copyright (C) 2013 American Megatrends, Inc. BIOS Date: 08/20/2015 10:55:33 Ver: ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 231 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 05/24/2016 14:49:30 Diag Version 0x2E 7 1.0.0.3 Label Revision 0x27 4 R01A Platform Name 0x28 27 x86_64-accton_as5812_54x-r0 ONIE Version 0x29 13 2015.11.00.01 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Base MAC Address 0x24 6 E0:07:1B:CB:20:50 Serial Number 0x23 10 TW65JQH009 Part Number 0x22 13 F0P8J5654000A Product Name 0x21 64 HPE Altoline 6921 48SFP+ 6QSFP+ x86 ONIE AC Front-to-Back Switch MAC Addresses 0x2A 2 74 Vendor Name 0x2D 26 Hewlett Packard Enterprise CRC-32 0xFE 4 0xADE27C84 Checksum is valid. AS5712_54X Version 2.16.1242. Copyright (C) 2013 American Megatrends, Inc. BIOS Date: 11/20/2014 10:55:31 Ver: ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 167 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 12/18/2014 11:22:02 Diag Version 0x2E 7 2.0.0.7 MAC Addresses 0x2A 2 74 Manufacturer 0x2B 6 Accton Country Code 0x2C 2 TW Vendor Name 0x2D 8 Edgecore Base MAC Address 0x24 6 70:72:CF:B7:65:44 Part Number 0x22 13 FP1ZZ5654001A Serial Number 0x23 14 571254X1419017 Label Revision 0x27 3 R0A Product Name 0x21 15 5712-54X-O-AC-F Platform Name 0x28 27 x86_64-accton_as5712_54x-r0 ONIE Version 0x29 13 2015.11.00.05 CRC-32 0xFE 4 0x37B6E65B Checksum is valid. N3248PXE-ON Version 2.19.1266. Copyright (C) 2019 American Megatrends, Inc. BIOS Date: 06/18/2019 23:21:39 Ver: 0ACHI040 ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 186 TLV Name Code Len Value -------------------- ---- --- ----- Product Name 0x21 11 N3248PXE-ON Part Number 0x22 6 0WYGRV Serial Number 0x23 20 TW0WYGRVDNT0097I0012 Base MAC Address 0x24 6 50:9A:4C:E6:7B:70 Manufacture Date 0x25 19 07/18/2019 17:41:23 Device Version 0x26 1 1 Label Revision 0x27 4 X01A Platform Name 0x28 32 x86_64-dellemc_n3248pxe_c3338-r0 ONIE Version 0x29 10 3.45.1.9-4 MAC Addresses 0x2A 2 128 Manufacturer 0x2B 5 DNT00 Country Code 0x2C 2 TW Vendor Name 0x2D 8 Dell EMC Diag Version 0x2E 11 3.00.3.41-2 Service Tag 0x2F 7 37QFXC2 2. Installing PicOS® on Bare Metal Switches 2.1 Introduction When using the ONIE installer to install PICOS, the installer reinstalls the software, rebuilds all the PICOS file system. This can erase the configuration files and system logs from the previous installation. After a successful ONIE installation of PICOS 4.x, the system generates multiple system partitions, including PicOS (partition size: 2G), PicOS2 (partition size: 2G), and User-Data partitions. Among them, PicOS and PicOS2 are two independent system boot partitions. One of them is the active partition on which the running system resides, and the other is the inactive partition. The two-system-boot-partition feature allows the system to revert to a previous version of the installed software package when it fails to upgrade PICOS by using the command upgrade2. The ONIE installer removes all partitions to rebuild a brand new OS only when there is no User-Data partition. However, if there exists a User-Data partition (for example, install a new version 4.0.1 from the old one 4.0.0), the ONIE installer only rewrites the "PicOS" partition, installs the new installation package to this partition and sets the system on "PicOS" partition as the default and sole boot system. User-Data partition is a reserved partition that is not affected by the ONIE installer and upgrade unless the user manually removes it. User-Data partition uses all the available space left on the disk. Users can use this partition to store files and data. This document describes how to install PICOS 4.x software using the ONIE installer. 2.2 Installation Notes and Tools The installation methods used to install a new PicOS® are traditional installation and nos-boot-mode installation. You can choose a suitable installation method that is convenient and appropriate for your installation environment. The installation methods used to install a new PICOS are traditional installation and nos-boot-mode installation. You can choose a suitable installation method that is convenient and appropriate for your installation environment. If you want to install PICOS through a console port, refer to sections Traditional Installation or Nos-boot-mode Installation. If you want to install the PICOS through a non-console port (through the management port), refer to section Nos-boot-mode Installation. You need to log in through the console port of the switch and perform the ONIE installation. Other NOSes, including user data, will be removed when installing PICOS under the ONIE environment. When the ONIE installer is used to downgrade the PICOS version from version 4.x to PICOS 3.x or lower versions, we first need to use ONIE to uninstall the higher version PICOS before proceeding with installing PICOS 3.x or a lower version. On the ARM platform, execute the command onie_uninstaller at the ONIE prompt to uninstall the current version of PICOS. On the x86 platform, select the "ONIE: Uninstall OS" option in the GRUB menu to uninstall the current version of PICOS. If you enter GRUB rescue mode and the switch has a GPT format partition, you can use the following commands to reset the GRUB boot variable to enter ONIE GRUB and then install PICOS. grub rescue> set prefix=(hd0,gpt2)/grub grub rescue> set root=(hd0,gpt2) grub rescue> insmod normal grub rescue> normal Do not plug in the USB disk during the onie-nos-installer process until ONIE starts up. If you have plugged in the USB disk before the installation operation, ONIE will find the installer on the USB disk when beginning the installation. On AS4610 series switches, when installation is complete, the installer will display: Please take out the usb disc, then remove the USB disk within 10 seconds after installation is successful, and before the machine restarts. All X86 platforms share one installation and upgrade package with the name fixed as: onie-installer-picos-VERSION-x86.bin, where VERSION is the release version. X86 platforms are listed below: FS: FS N9550-32D FS N8550-64C FS N5850-48S6Q FS N8550-48B8C FS S5580-48Y FS N8550-32C FS N8560-64C FS N8550-24CD8D FS N5570-48S6C Edgecore: Edgecore AS4630-54PE Edgecore AS5712-54X Edgecore AS5812-54T Edgecore AS5812-54X Edgecore AS7312-54X Edgecore AS7326-56X Edgecore AS7712-32X Edgecore AS7726-32X Edgecore AS7816-64X Edgecore AS5835-54X Edgecore AS9716-32D DELL: DELL N3248P-ON DELL N3248PXE-ON DELL N3224PX-ON DELL N3248X-ON DELL S4048-ON DELL S4148F-ON DELL S4148T-ON DELL S4128F-ON DELL S5224F-ON DELL S5296F-ON DELL S5212F-ON DELL S5248F-ON DELL Z9100-ON DELL Z9264F-ON DELL N3224T-ON DELL S4128T-ON 2.2.1 What is ONIE ONIE (Open Network Install Environment) is an open source project of OCP (Open Compute Project). ONIE provides the environment to install any network operating system on a bare metal network switch. ONIE liberates users from captive pre-installed network operating systems, like the Cisco IOS, and provides them with a choice. ONIE is a small Linux operating system that comes pre-installed as firmware on bare metal network switches. ONIE acts as an enhanced boot loader, extending the features provided by U-Boot. ONIE is used to install Pica8 PicOS® on compatible switches. The bare metal switches listed in the PICOS Hardware Compatibility List must be pre-loaded with ONIE prior to installing PicOS®. 2.3 Traditional Installation NOTE: You need to log in through the console port of the switch and perform the ONIE installation described in this section. The installation method described in this section only applies to platforms that have pre-installed ONIE. 2.3.1 Mind Map of Installation Process Figure1 shows the mind map of PicOS® installation process. Figure1 Mind Map of PicOS® installation process image.png 2.3.2 Manual Installation Process The following example describes the installation of PicOS® via manual installation method. Step1 Make sure that the installation package of .bin file has been load to the server (server could be HTTP, TFTP, or an FTP server or the switch local directory depending on the actual installation environment). Step2 Enter ONIE installation environment. The process is different on the following two types of platforms: ARM Platforms (AS4610 Series Switches) x86 Platform ARM Platforms (AS4610 Series Switches, S5440-12S) a) Verify that the switch is pre-loaded with ONIE, which will be used to load PICOS on the switch. Power on the switch and interrupt the boot sequence as follows: AS4610 Series Switches Hit any key to stop autoboot: S5440-12S Hit ctrl+b to stop autoboot: b) The user will then reach the U-Boot command prompt by running the command printenv at the U-Boot prompt. If the information displayed contains keywords like onie_initargs and onie_machine, the switch is pre-loaded with ONIE. LOADER->printenv active=image1 autoload=no baudrate=115200 bootcmd=run check_boot_reason;run PicOS_bootcmd;run onie_bootcmd bootdelay=10 check_boot_reason=if test -n $onie_boot_reason; then setenv onie_bootargs boot_reason=$onie_boot_reason; run onie_bootcmd; fi; consoledev=ttyS0 dhcp_user-class=arm-accton_as4610_54-r0_uboot dhcp_vendor-class-identifier=arm-accton_as4610_54-r0 ethact=eth-0 ethaddr=00:18:23:30:E7:8F fdtaddr=0xc00000 fpboot=setenv bootargs console=${consoledev},${baudrate} maxcpus=2 mem=1024M root=/dev/ram ${mtdparts} ubi.mtd=4 ethaddr=$ethaddr quiet gatewayip=192.168.0.1 initrd_high=0x80000000 ipaddr=192.168.0.1 loadaddr=0x70000000 loads_echo=1 mfg=mfg mfgdiags=run fpboot ; nand read ${loadaddr} diags ; bootm ${loadaddr} mfgdiags_recovery=nand read ${loadaddr} diags2 ; nand erase.part diags ; nand write ${loadaddr} diags mtdids=nand0=nand_iproc.0 mtdparts=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) netmask=255.255.255.0 nos_bootcmd=true onie_args=run onie_initargs onie_platformargs onie_bootcmd=echo Loading Open Network Install Environment ...; echo Platform: $onie_platform ; echo Version : $onie_version ; nand read $loadaddr $onie_start 0x00c00000 && run onie_args && bootm ${loadaddr} onie_dropbear_dss_host_key=begin-base64@600@d#AAAAB3NzaC1kc3MAAACBAIN7HOS7UGtQ+RS9R5Rdim9s4iadCBQ9SEFnHJZ2#ulK15hN2p1BOJ1Mf4qb/oHFGIt8hvopq157ejsJcSPuR9scXE2aYQO7r1+Ie#1MKoR3HyEFKgPhNUr0qYNiIaWGw2UUXivLUlhjmaPhjItsttb6AezNB6N1ap#TmIeEUse0NQBAAAAFQDndwbRrSsw6G/W4wd0LJVAjuyq2QAAAIAe/zGPyPNn#UwwV+i+j3l1W9IFhjA/ovXfX7PQtjHB7OJcInSpOA2gXLXHU2kYDkn+ymJQI#8Tn558nLHq64n9hIJzwaQH4ajMipBNwqR0WtpPXEaow9InDzjs+qFY0HAcTv#7DMEY9BGiJAUUSSCSFZ9dEYHIWUdk6WIpDUMX4b2ewAAAIB6bC+fHzr+Qaet#GjzynI0tApbzyydXKuIiIH6EDh2QEaP0E+TSxJ+C4xfyBAp1j0kvj0IYWR2P#H9ur0RaxDaCmKwIQs1gTJh/137Yd+OsqEV3JnrZxlEKk2DmI5c2wrGtl4oUp#XJfc+viahpFeCsGzsqGHHADWNsjlpKt457QCuQAAABUAk5406cTH4nZO0qlj#6irYf4WA65E=#====# onie_dropbear_rsa_host_key=begin-base64@600@r#AAAAB3NzaC1yc2EAAAADAQABAAAAgQCMTqwNhnJpuSLYAdRA/jjm1lyBaJF1#ovs3Hp0G7XkYnY4+JNPTCYgnmfMQnM83PQncuy89AqehJ2V22LGjpRiqT56K#MRr+hQoSWEbAObRd1azZF45pbxiQaQiQxNzIKbHDDWlGlycXfv8w9ZCElbxj#Ja7bkwmwg9EsBlW0d5u0BQAAAIAFr0FOyfn0OR1FiatvF624Aorcbl9oV/pc#JRghGfl8SxPihizz4bC7xAPCUkwd9ZHi+M2E6AjhIV69xjFKS0vYuQplvl8G#9R8YsnmP5B45TyLE3dW5V2/g+LQERQdFpRaSsPqEPHSlXPq4XHLGLRFItEBt#ohp41Qm+eA6efsAMIQAAAEEA4Y90xi8N1SuwjRk53fqpP8dC+FPnU850XtC1#cKG0rBt6v9qD+BTxxfE6GEpYM+N0fLyECbgBjA2LQF6CG3G15QAAAEEAnz3v#3POrcsMK2LkSNjWzAhzUqOWyOaNlhcvgh+2Xfj2tHyOTpZ09gCm483v1rui9#63uYu4QQurpATrHMcLIjoQ==#====# onie_initargs=setenv bootargs quiet console=$consoledev,$baudrate onie_machine=accton_as4610_54 onie_machine_rev=0 onie_platform=arm-accton_as4610_54-r0 onie_platformargs=setenv bootargs $bootargs serial_num=${serial#} ${platformargs} eth_addr=$ethaddr $onie_bootargs $onie_debugargs onie_recovery=nand read ${loadaddr} onie2 ; nand erase.part onie ; nand write ${loadaddr} onie onie_rescue=setenv onie_boot_reason rescue && boot onie_start=onie onie_sz.b=0x00c00000 onie_uninstall=setenv onie_boot_reason uninstall && boot onie_update=setenv onie_boot_reason update && boot onie_vendor_id=27658 onie_version=master-201603091701-dirty PicOS_bootcmd=usb start;run platformargs;setenv bootargs root=/dev/sda1 rw noinitrd console=$consoledev,$baudrate rootdelay=10 $mtdparts;ext2load usb 0:1 $loadaddr boot/uImage;bootm $loadaddr platform=accton_as4610_54 platformargs=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) maxcpus=2 mem=1024M ramdiskaddr=0x3000000 serial#=A626P1DL174300014 serverip=192.168.0.10 stderr=serial stdin=serial stdout=serial ubifscfg=ubi part nand0,4 0x0; ubifsmount fs ver=U-Boot 2012.10-gcbef171 (Mar 09 2016 - 17:01:14) - ONIE master-201603091701-dirty Environment size: 3992/65532 bytes c) From the U-Boot prompt, boot ONIE in rescue mode. LOADER-> run onie_rescue x86 Platform On the x86 platform, it uses the GRUB menu to install the OS via ONIE. a) Reboot the system, and enter the ONIE installation environment from the GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. b) From the GRUB prompt, choose ONIE: Rescue to Install OS, and boot ONIE in rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ |*ONIE: Install OS | | ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step3 Run onie-nos-install command as follows to manually install PicOS®. Install via TFTP ONIE# onie-nos-install tftp:///PICOS.bin Install via FTP When installing via FTP, you need to type username and password of the FTP server on which the image file is loaded. ONIE# onie-nos-install ftp://username:password@/PICOS.bin Install via HTTP ONIE# onie-nos-install http:///PICOS.bin Install from Local Directory a) In the ONIE rescue mode, copy the image file to the current directory. ONIE# scp username@/PICOS.bin . b) Run the command onie-nos-install to start the installation. ONIE# onie-nos-install PICOS.bin For example, ONIE:/ # onie-nos-install onie-installer-picos-4.0.0-8b1219e112-x86.bin discover: Rescue mode detected. No discover stopped. ONIE: Executing installer: onie-installer-picos-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. [1] PICOS L2/L3 (default) [2] PICOS Open vSwitch/OpenFlow Enter your choice (1,2):1 PICOS L2/L3 is selected. ONIE installation will overwrite the configuration file of existing system. It is recommended to follow the upgrade procedure to upgrade the system. Press any key to stop the installation... 10 9 8 7 6 5 4 3 2 1 ... The installer runs automatically. Before starting installation, it will prompt to choose the option to make PICOS boot into L2/L3 or OVS mode. If not selected, then PICOS boots into L2/L3. After finishing installation, the device reboots automatically, and the system then comes up running the new network operating system. NOTE: After the system restarts, you need to enter the username and password. The initial login username is admin, and the password is pica8. After the username and password are entered, the user will be asked to choose a new password for the admin. This is the only post-installation step after which the PICOS operating system can be used. 2.3.3 Automatic Installation Process The automatic installation process uses the DHCP message exchange process to download and install software packages. Step 1 Make sure the switch is connected to DHCP and HTTP servers, and the PICOS installation software package is downloaded to the HTTP server. a) DHCP server configuration: define the path of the installation package and then start the DHCP server service: host pica8-3922 { hardware ethernet 70:72:cf:12:34:56; fixed-address 192.168.2.50; option default-url = "http://192.168.2.42/onie-installer-picos-4.0.0-8b1219e112-x86.bin"; } b) Check if the .bin installation file is loaded onto the HTTP server: root@dev:/var/www# ls index.html onie-installer-powerpc.bin Step2 Install PicOS® via ONIE. The process is different on the following two types of platforms: ARM Platforms (AS4610 Series Switches) x86 Platform ARM Platforms (AS4610 Series Switches) a) Verify that the switch is pre-loaded with ONIE, which will be used to load PICOS on the switch. Power on the switch and interrupt the boot sequence by pressing any key when the following line is shown: Hit any key to stop autoboot: b) The user will then reach the U-Boot command prompt by running the command printenv at the U-Boot prompt. If the information displayed contains keywords like onie_initargs and onie_machine, the switch is pre-loaded with ONIE. LOADER-> printenv active=image1 autoload=no baudrate=115200 bootcmd=run check_boot_reason;run PicOS_bootcmd;run onie_bootcmd bootdelay=10 check_boot_reason=if test -n $onie_boot_reason; then setenv onie_bootargs boot_reason=$onie_boot_reason; run onie_bootcmd; fi; consoledev=ttyS0 dhcp_user-class=arm-accton_as4610_54-r0_uboot dhcp_vendor-class-identifier=arm-accton_as4610_54-r0 ethact=eth-0 ethaddr=00:18:23:30:E7:8F fdtaddr=0xc00000 fpboot=setenv bootargs console=${consoledev},${baudrate} maxcpus=2 mem=1024M root=/dev/ram ${mtdparts} ubi.mtd=4 ethaddr=$ethaddr quiet gatewayip=192.168.0.1 initrd_high=0x80000000 ipaddr=192.168.0.1 loadaddr=0x70000000 loads_echo=1 mfg=mfg mfgdiags=run fpboot ; nand read ${loadaddr} diags ; bootm ${loadaddr} mfgdiags_recovery=nand read ${loadaddr} diags2 ; nand erase.part diags ; nand write ${loadaddr} diags mtdids=nand0=nand_iproc.0 mtdparts=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) netmask=255.255.255.0 nos_bootcmd=true onie_args=run onie_initargs onie_platformargs onie_bootcmd=echo Loading Open Network Install Environment ...; echo Platform: $onie_platform ; echo Version : $onie_version ; nand read $loadaddr $onie_start 0x00c00000 && run onie_args && bootm ${loadaddr} onie_dropbear_dss_host_key=begin-base64@600@d#AAAAB3NzaC1kc3MAAACBAIN7HOS7UGtQ+RS9R5Rdim9s4iadCBQ9SEFnHJZ2#ulK15hN2p1BOJ1Mf4qb/oHFGIt8hvopq157ejsJcSPuR9scXE2aYQO7r1+Ie#1MKoR3HyEFKgPhNUr0qYNiIaWGw2UUXivLUlhjmaPhjItsttb6AezNB6N1ap#TmIeEUse0NQBAAAAFQDndwbRrSsw6G/W4wd0LJVAjuyq2QAAAIAe/zGPyPNn#UwwV+i+j3l1W9IFhjA/ovXfX7PQtjHB7OJcInSpOA2gXLXHU2kYDkn+ymJQI#8Tn558nLHq64n9hIJzwaQH4ajMipBNwqR0WtpPXEaow9InDzjs+qFY0HAcTv#7DMEY9BGiJAUUSSCSFZ9dEYHIWUdk6WIpDUMX4b2ewAAAIB6bC+fHzr+Qaet#GjzynI0tApbzyydXKuIiIH6EDh2QEaP0E+TSxJ+C4xfyBAp1j0kvj0IYWR2P#H9ur0RaxDaCmKwIQs1gTJh/137Yd+OsqEV3JnrZxlEKk2DmI5c2wrGtl4oUp#XJfc+viahpFeCsGzsqGHHADWNsjlpKt457QCuQAAABUAk5406cTH4nZO0qlj#6irYf4WA65E=#====# onie_dropbear_rsa_host_key=begin-base64@600@r#AAAAB3NzaC1yc2EAAAADAQABAAAAgQCMTqwNhnJpuSLYAdRA/jjm1lyBaJF1#ovs3Hp0G7XkYnY4+JNPTCYgnmfMQnM83PQncuy89AqehJ2V22LGjpRiqT56K#MRr+hQoSWEbAObRd1azZF45pbxiQaQiQxNzIKbHDDWlGlycXfv8w9ZCElbxj#Ja7bkwmwg9EsBlW0d5u0BQAAAIAFr0FOyfn0OR1FiatvF624Aorcbl9oV/pc#JRghGfl8SxPihizz4bC7xAPCUkwd9ZHi+M2E6AjhIV69xjFKS0vYuQplvl8G#9R8YsnmP5B45TyLE3dW5V2/g+LQERQdFpRaSsPqEPHSlXPq4XHLGLRFItEBt#ohp41Qm+eA6efsAMIQAAAEEA4Y90xi8N1SuwjRk53fqpP8dC+FPnU850XtC1#cKG0rBt6v9qD+BTxxfE6GEpYM+N0fLyECbgBjA2LQF6CG3G15QAAAEEAnz3v#3POrcsMK2LkSNjWzAhzUqOWyOaNlhcvgh+2Xfj2tHyOTpZ09gCm483v1rui9#63uYu4QQurpATrHMcLIjoQ==#====# onie_initargs=setenv bootargs quiet console=$consoledev,$baudrate onie_machine=accton_as4610_54 onie_machine_rev=0 onie_platform=arm-accton_as4610_54-r0 onie_platformargs=setenv bootargs $bootargs serial_num=${serial#} ${platformargs} eth_addr=$ethaddr $onie_bootargs $onie_debugargs onie_recovery=nand read ${loadaddr} onie2 ; nand erase.part onie ; nand write ${loadaddr} onie onie_rescue=setenv onie_boot_reason rescue && boot onie_start=onie onie_sz.b=0x00c00000 onie_uninstall=setenv onie_boot_reason uninstall && boot onie_update=setenv onie_boot_reason update && boot onie_vendor_id=27658 onie_version=master-201603091701-dirty PicOS_bootcmd=usb start;run platformargs;setenv bootargs root=/dev/sda1 rw noinitrd console=$consoledev,$baudrate rootdelay=10 $mtdparts;ext2load usb 0:1 $loadaddr boot/uImage;bootm $loadaddr platform=accton_as4610_54 platformargs=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) maxcpus=2 mem=1024M ramdiskaddr=0x3000000 serial#=A626P1DL174300014 serverip=192.168.0.10 stderr=serial stdin=serial stdout=serial ubifscfg=ubi part nand0,4 0x0; ubifsmount fs ver=U-Boot 2012.10-gcbef171 (Mar 09 2016 - 17:01:14) - ONIE master-201603091701-dirty Environment size: 3992/65532 bytes c) Input the command run onie_bootcmd, which will automatically install PICOS on the switch. LOADER -> run onie_bootcmd Loading Open Network Install Environment ... Platform: arm-accton_as4610_54-r0 Version : 2021.09.00.03 WARNING: adjusting available memory to 30000000 ## Booting kernel from Legacy Image at 02000000 ... Image Name: as4610_54x.1.6.1.3 Image Type: ARM Linux Multi-File Image (gzip compressed) Data Size: 3514311 Bytes = 3.4 MiB Load Address: 00000000 Entry Point: 00000000 Contents: Image 0: 2762367 Bytes = 2.6 MiB Image 1: 733576 Bytes = 716.4 KiB Image 2: 18351 Bytes = 17.9 KiB Verifying Checksum ... OK ## Loading init Ramdisk from multi component Legacy Image at 02000000 ... ## Flattened Device Tree from multi component Image at 02000000 Booting using the fdt at 0x02355858 Uncompressing Multi-File Image ... OK Loading Ramdisk to 2ff4c000, end 2ffff188 ... OK Loading Device Tree to 03ff8000, end 03fff7ae ... OK Cannot reserve gpages without hugetlb enabled setup_arch: bootmem as4610_54x_setup_arch() arch: exit pci 0000:00:00.0: ignoring class b20 (doesn't match header type 01) sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through ONIE: Using DHCPv4 addr: eth0: 192.168.2.77 / 255.255.255.0 discover: installer mode detected. Running installer. Please press Enter to activate this console. ONIE: Using DHCPv4 addr: eth0: 192.168.2.77 / 255.255.255.0 ONIE: Starting ONIE Service Discovery ONIE: Executing installer: http://192.168.2.42/onie-installer-picos-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. PicOS installation .............................................. ./var/local/ ./var/run Setup PicOS environment ... .............................................. XorPlus login: admin Password: You are required to change your password immediately (root enforced) Changing password for admin. (current) UNIX password: Enter new UNIX password: Retype new UNIX password: admin@PICOS$ x86 Platform On the x86 platform, it uses the GRUB menu to choose install the OS via ONIE. a) Reboot the system, and enter the ONIE installation environment from the GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. b) From the GRUB prompt, choose ONIE: Rescue to Install OS, and boot ONIE in rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ |*ONIE: Install OS | | ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ The installer runs and will reboot the system after installation is complete. NOTE: After the system restarts, you need to enter the username and password. The initial login username is admin, and the password is pica8. After the username and password are entered, the user will be asked to choose a new password for the admin. This is the only post-installation step after which the PICOS operating system can be used. 2.4 Nos-boot-mode Installation NOTE: The installation method described in this section applies to installation through both the console port and the management port. The installation method described in this section only applies to platforms that have pre-installed ONIE. The installation methods described in Traditional Installation must be performed through the console port. If you want to install the system through a non-console port, you can use the command nos-boot-mode to perform the installation, which is described in this section. Usage of the command nos-boot-mode: admin@PICOS$ sudo nos-boot-mode USAGE install or uninstall NOS(es) SYNOPSIS nos-boot-mode [install|uninstall] DESCRIPTION install- Install NOS uninstall- Remove all NOS(es) including PICOS NOTE: When the command nos-boot-mode install is executed, PICOS will switch to ONIE install mode, and the user should go on to complete the subsequent installation. The steps for the manual installation process and the automatic installation process using the command nos-boot-mode install are described below. When the command nos-boot-mode uninstall is executed, the system will remove all NOS(es), including PICOS, from the device. Therefore, it is suggested to use the command nos-boot-mode uninstall with caution. 2.4.1 Manual Installation Process Step 1 Make sure that the installation package of .bin file has been loaded to the server (server could be HTTP, TFTP, FTP server, or the switch local directory, depending on the actual installation environment). Step 2 Execute the nos-boot-mode install command to enter the ONIE installation environment. admin@PICOS:~$ sudo nos-boot-mode install Step 3 Type “yes” when the following prompt is shown, which will take the system to ONIE install mode. Type 'yes' to install NOS! Type 'no' to exit [no]/yes: Step 4 Run the command onie-nos-install as follows to manually install PICOS. Install via TFTP ONIE# onie-nos-install tftp:///PICOS.bin Install via FTP When installing via FTP, you need to type in the username and password for the FTP server on which the image file is loaded. ONIE# onie-nos-install ftp://username:password@/PICOS.bin Install via HTTP ONIE# onie-nos-install http:///PICOS.bin Install from Local Directory a) In ONIE rescue mode, copy the image file to the current directory. ONIE# scp username@/PICOS.bin . b) Run the command onie-nos-install to start the installation. ONIE# onie-nos-install PICOS.bin For example, ONIE:/ # onie-nos-install onie-installer-picos-4.0.0-8b1219e112-x86.bin discover: Rescue mode detected. No discover stopped. ONIE: Executing installer: onie-installer-picos-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. [1] PICOS L2/L3 (default) [2] PICOS Open vSwitch/OpenFlow Enter your choice (1,2):1 PICOS L2/L3 is selected. ONIE installation will overwrite the configuration file of existing system. It is recommended to follow the upgrade procedure to upgrade the system. Press any key to stop the installation... 10 9 8 7 6 5 4 3 2 1 ... The installer runs automatically. Before starting installation, it will prompt to choose the option to make PICOS boot into L2/L3 or OVS mode. If not selected, then PICOS boots into L2/L3. After finishing installation, the device reboots automatically, and the system then comes up running the new network operating system. NOTE: After the system restarts, you need to enter the username and password. The initial login username is admin, and the password is pica8. After the username and password are entered, the user will be asked to choose a new password for the admin. This is the only post-installation step after which the PICOS operating system can be used. 2.4.2 Automated Installation Process The automatic installation process uses the DHCP message exchange process to download and install software packages. Step 1 Make sure the switch is connected to DHCP and HTTP servers, and the PICOS installation software package is downloaded to the HTTP server. a) DHCP server configuration: define the path of the installation package and then start the DHCP server service: host pica8-3922 { hardware ethernet 70:72:cf:12:34:56; fixed-address 192.168.2.50; option default-url = "http://192.168.2.42/onie-installer-picos-4.0.0-8b1219e112-x86.bin"; } b) Check if the .bin installation file is loaded onto the HTTP server: root@dev:/var/www# ls index.html onie-installer-powerpc.bin Step 2 Execute the nos-boot-mode install command to enter the ONIE installation environment. admin@PICOS$ sudo nos-boot-mode install Step3 Type “yes” when the below prompt is shown, and the system will automatically complete the installation. Type 'yes' to install NOS! Type 'no' to exit [no]/yes: The installer runs automatically and will reboot the system after installation is completed. NOTE: After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 2.5 Verifying Version after Installation After system reboots automatically, the system will come up running the new network operating system. admin@PICOS# run show version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : as7312_54x Software Version : 4.0.0/8b1219e112 Software Released Date : 02/14/2025 Serial Number : 732656X1916012 System Uptime : 0 day 4 hour 25 minute Hardware ID : 9B04-DFF8-5D0E-8859 License Type : 1G PicOS(R) Perpetual License Device MAC Address : 80:A2:35:81:D5:F0 2.6 Appendix: Troubleshooting Installation/Upgrade Failure on AS7326-56X Installation or upgrade failure (for example, the switches cannot boot up after installation) may occur on the old AS7326-56X hardware models (revision is R01F and before). When booting PICOS on AS7326-56X and detect hardware rev R01F, the system will log a warning message to prompt the hardware revision R01F is a pre-production hardware reversion: "This hardware revision R01F is a pre-production hardware rev, PICOS has applied a work around to work with PICOS. Support will be provided on a best effort basis". To work around the issue, first, we need to check the “Label Revision”. If it is an old hardware model (revision is R01F or before), then we can perform the following provided solution after installation/upgrade to solve the problem. 2.6.1 Check Label Revision Under ONIE prompt, run “onie_syseeprom” to get the “Label Revision”. ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 166 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 04/27/2019 02:10:06 Label Revision 0x27 4 R01B Platform Name 0x28 27 x86_64-accton_as7326_56x-r0 ONIE Version 0x29 13 2018.05.00.05 Manufacturer 0x2B 6 Accton Diag Version 0x2E 7 0.0.1.0 Base MAC Address 0x24 6 80:A2:35:81:D5:F0 Serial Number 0x23 14 732656X1916012 Country Code 0x2C 2 TW Part Number 0x22 13 FP4ZZ7656005A Product Name 0x21 15 7326-56X-O-AC-F MAC Addresses 0x2A 2 256 Vendor Name 0x2D 6 Accton CRC-32 0xFE 4 0xC3D3F2DE Checksum is valid. ONIE:/ # 2.6.2 Solution You can follow the steps below after installation/upgrade to fix the problem of installation and upgrade failure on the old AS7326-56X hardware model (revision R01F or before). Step 1 Power cycle the switch. Step 2 From the GRUB menu, choose “ONIE” to enter the ONIE GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. Step 3 From the ONIE GRUB menu, choose “ONIE: Rescue” to launch ONIE in Rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ | ONIE: Install OS | |*ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step 4 Press Enter to display the ONIE prompt. Step 5 Mount the PicOS partition with label “PicOS”. ONIE:/ # blkid /dev/sda7: LABEL="User-Data" UUID="be63cef8-4560-4c48-ab5a-8f7ced5a950b" /dev/sda6: LABEL="PicOS2" UUID="f589e53f-4cd1-44ba-8384-f339f4e2b2ac" /dev/sda5: LABEL="PicOS" UUID="8ca5f7ed-5a15-4a2a-944c-4d8872647bf5" /dev/sda4: LABEL="PICOS-GRUB" UUID="782a1372-4b66-4783-b920-dab1df8ec6e4" /dev/sda3: LABEL="ACCTON-DIAG" UUID="3e4117d0-1926-472a-9d9e-08883df83d40" /dev/sda2: LABEL="ONIE-BOOT" UUID="1a90abd8-f065-4f7a-90a0-af122b8805fa" ONIE:/ # ONIE:/ # mount /dev/sda5 /mnt Step 6 Execute the following command to modify the I2C access address. ONIE:/ # sed -I "s/0x57/0x56/" /mnt/etc/rc_hw.sh ONIE:/ # sync Step 7 Unmount the PicOS partition. ONIE:/ # unmount /dev/sda5 Step8 Reboot the switch. ONIE:/ # reboot 3. Upgrading PicOS® from Version 4.0.0 or Later Using Upgrade Command NOTE: This document ONLY applies to upgrade from version 4.0.0 or the later version using the upgrade command. If you want to upgrade PicOS® from the version before 4.0.0, use ONIE installation process described in "Installing PicOS® on Bare Metal Switches". This upgrading guide is not available for FS S5810 Series and S5860 Series switches. N8560-32C and S5890-32C use the ONIE method for upgrade described in this guide, while the installation uses Rboot method, please refer to "Installing PicOS® for FS S5810/S5860 Series, S5890-32C, and N8560-32C Switches" for details on the installation process. The installation package name for N8560-32C and S5890-32C includes the suffix '-rboot', for example, N8560_picos-4.4.5-9bca0916a3-rboot.bin. The upgrade package, on the other hand, includes the suffix '-x86', such as picos-4.4.5-9bca0916a3-x86.bin. 3.1 Partitioning PicOS® 4.0.0 have multiple system partitions including PicOS® (partition size: 2G), PicOS®2 (partition size: 2G) and User-Data partitions. Among them, PicOS® and PicOS®2 are two independent system boot partitions. One of them is the active partition on which the running system resides, and the other is the inactive partition. The two-system-boot-partition feature allows the system to be reverted to a previous version of the installed software package when it fails to upgrade PicOS®. User-Data partition is a reserved partition which is not affected by ONIE installer and upgrade unless user manually removes it. User-Data partition uses all the available space left on the disk after installation. Users can use this partition to store files and data. 3.2 Supported Platforms PicOS® 4.x software requires to run on a high performance device, only the platforms listed in Switch Machine Outline and System Characteristics are supported upgrading to PicOS® 4.x. 3.3 Preparation before Upgrading NOTE If routed interface is configured, before upgrade, make sure that routed interface name and sub-interface name in the configuration file start with the string "rif-". Otherwise, upgrade will fail due to configuration error. Table 1. Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build a different upgrade environment according to the need 4 Getting the Required Upgrade Software Obtain the required supported upgrade software 5 Backing up Important Data in Flash All the important data in Flash is backed up 6 Checking Available Flash Space Flash space is enough to save upgrading package and other files 7 Pre-Upgrade Check: Remove EVPN Configuration on Unsupported Devices No EVPN-related configuration remains on the unsupported devices 8 Pre-Upgrade Configuration Check Ensure no Static VXLAN exists with EVPN VXLAN configured, and ACL rules must not contain destination-port or source-port without a protocol. 3.3.1 Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS:~$ version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : as7312_54x Software Version : 9.8.7-main/fd87d25a10 Software Released Date : 02/14/2025 Serial Number : 732656X1916012 System Uptime : 0 day 4 hour 25 minute Hardware ID : ACD2-F77A-BBA3-2849 License Type : 1G PicOS(R) Perpetual License Device MAC Address : 80:A2:35:81:D5:F0 3.3.2 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2025-10-28", "Hardware ID":"ACD2-F77A-BBA3-2849", "Site Name":"PICA8" } 3.3.3 Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment, the basic requirements are as follows: PC can log in to the device through serial or SSH. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. 3.3.4 Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following website for the latest version of upgrade software. https://www.pica8.com/support/ 3.3.5 Backing up Important Data in Flash Before upgrading, save the important data in Flash to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed. 3.3.6 Checking the Available Flash Space Use the df -h command to check the available flash space for saving the upgrade package. admin@PICOS:~$ df -h Filesystem Size Used Avail Use% Mounted on udev 989M 0 989M 0% /dev overlay 706M 57M 650M 8% / tmpfs 1009M 0 1009M 0% /dev/shm tmpfs 404M 5.9M 398M 2% /run tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 50M 192K 50M 1% /tmp /dev/ubi1_0 863M 376M 483M 44% /mnt/open 3.3.7 Pre-Upgrade Check: Remove EVPN Configuration on Unsupported Devices The following devices do not support EVPN. Before upgrading to PICOS 4.6.0E or later, please make sure to remove all EVPN-related configurations on these devices before proceeding. All ARM-based models: S3410 / AS4610 / S3910 / S5810 / S5860 / S3100 / S3270 / N3024 / N3048 / N3132 / S5440 series Check & Cleanup Steps Verify Device Model run show version Check for Current Configuration show | display set Manually delete all CLI configuration lines that contain the keyword “evpn”. If EVPN configurations are not removed, the following error will be displayed, and the upgrade process will stop: Error: The current version does not support EVPN. Please delete the EVPN related configuration before upgrading. Upgrade aborts. 3.3.8 Pre-Upgrade Configuration Check EVPN VXLAN Configuration Check Before upgrading the system to version 4.6.0E or later, if EVPN VXLAN has been configured on the device, please follow the instructions below to ensure a successful upgrade: Configuration Compatibility Requirement EVPN VXLAN is incompatible with Static VXLAN configurations (command format: set vxlans vni flood vtep ). If both EVPN VXLAN and Static VXLAN configurations exist before the upgrade, you must manually delete the Static VXLAN configuration before proceeding. Otherwise, the following error message will be displayed during the upgrade process, causing the upgrade to terminate: Error: The current version only supports EVPN VXLAN. Please delete the static VXLAN configuration before upgrading. Upgrade aborts. Automatic Handling by System If EVPN VXLAN is configured and no Static VXLAN configuration exists, the system will automatically add the following command during the upgrade to ensure compatibility with the updated EVPN VXLAN feature: set protocols evpn enable true Please complete the above checks and configuration adjustments before performing the upgrade to avoid upgrade failures caused by configuration conflicts. ACL Rules Configuration Check Before upgrading to version 4.5.3E or later, check the configuration file for ACL rules. If any ACL rule specifies a destination-port or source-port without a protocol, you must either delete the rule or add a condition specifying the protocol. Otherwise, the upgrade will be aborted. During the upgrade check, the system displays the following message: Error: ACL rules with port conditions must include a protocol. Please delete ACL rules that specify port without protocol before upgrading. Upgrade aborts. 3.4 Upgrading Notes Downgrade from PicOS® version 4.x to 3.x or to a lower version is NOT supported by using upgrade command. You can use ONIE installation when you want to downgrade. For details about ONIE installation, please refer to "Installing PicOS® on Bare Metal Switches". License check is performed for upgrade: If PicOS® has a license installed before the upgrade, the license will be copied and activated after the upgrade. Please check this section for the PICOS Licenses. If there is no license installed prior to upgrade, upgrade2 process can proceed but only the first four ports and the first two uplink ports (if exist) on the newly upgraded system can be used. If the service has expired, it is not allowed to upgrade a major release (e.g. 4.1 to 4.2). However, it will not affect upgrading to a minor release (e.g. 4.1.1 to 4.1.2). You can log in to the switch through its console port or using SSH. After successful login, you can run commands on the command line interface (CLI) to upgrade the device. When using FTP/TFTP to download the image, user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image might be modified during download, and the upgrade will fail during the MD5 check. When upgrading, the installer checks whether there is a user-data partition. If there exists a User-Data partition, the installer only rewrites the running system boot partition (PicOS®/ PicOS®2) and installs the new installation package to this partition. However, if there is no User-Data partition, the installer removes all the partitions to rebuild a brand new NOS. All X86 platforms share one installation and upgrade package with the name fixed as: onie-installer-picos-VERSION-x86.bin, where VERSION is the release version. X86 platforms are listed below: FS: FS N9550-32D FS N8550-64C FS N5850-48S6Q FS N8550-48B8C FS S5580-48Y FS N8550-32C Edgecore: Edgecore AS4630-54PE Edgecore AS5712-54X Edgecore AS5812-54T Edgecore AS5812-54X Edgecore AS7312-54X Edgecore AS7326-56X Edgecore AS7712-32X Edgecore AS7726-32X Edgecore AS7816-64X Edgecore AS5835-54X Edgecore AS9716-32D DELL: DELL N3248P-ON DELL N3248PXE-ON DELL N3224PX-ON DELL N3248X-ON DELL S4048-ON DELL S4148F-ON DELL S4148T-ON DELL S4128F-ON DELL S5224F-ON DELL S5296F-ON DELL S5212F-ON DELL S5248F-ON DELL Z9100-ON DELL Z9264F-ON DELL N3224T-ON DELL S4128T-ON During the upgrade process, please ensure that the power supply is functioning normally; otherwise, power interruption during the upgrade process could cause unpredictable problems. In previous 4.x.x versions, PicOS® allows the configuration of route leaking by importing BGP IPv4 routes from one user-defined VRF into another user-defined VRF, for example: set protocols bgp vrf vrf1 local-as 1 set protocols bgp vrf vrf1 ipv4-unicast import vrf vrf2 set protocols bgp vrf vrf2 local-as 2 That will cause configuration from PicOS® CLI is not consistent with FRR configuration. Specifically, FRR will add "set protocols bgp local-as 1" (local as number is same as the value in vrf1) to its configuration automatically, which is not in PicOS® CLI. From version 4.4.0, if "set protocols bgp local-as 1" is not configured, the above configurations are not allowed. Based on the above reasons, users are required to manually add the command "set protocols bgp local-as 1" (local as number is same as the value in vrf1) before the upgrade, if there's above configuration exists in the pre-upgrade version, thus to ensure that the configuration can be loaded successfully after the upgrade. 3.5 Usage of Upgrade Command admin@PICOS:~$ sudo upgrade USAGE Upgrade system with local new image SYNOPSIS upgrade [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default PicOS® upgrade is done via the command "upgrade" in bash (launching a shell script named "upgrade.sh"). This script will upgrade the image and back up configuration files automatically. The format of the upgrade package is *.bin. The option no-md5-check is removed from PicOS® 3.7.0 and later versions. If there is an MD5 file in the /cftmp directory, the upgrade script will check package integrity with MD5. Else if there is no MD5 file in the /cftmp directory, then skip the MD5 check step. The option factory-default is used to reset the configuration to factory default when performing upgrade. This option retains the license files from the previous version. If you want to backup a file during upgrade, use option backup-file=(*.lst) to define your own backup file list. The usage of option backup-file=(*.lst) is described in the below section. 3.5.1 Usage of Backup-file=(*.lst) Option During the upgrade process, the switch can automatically back up the following files in the following directories from the previous PicOS® system: /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/resolv.conf ./etc/network/interfaces /etc/picos/picos_start.conf /etc/picos/switch-public.key /etc/picos/pica.lic /pica/config/pica_startup.boot /pica/config/pica.conf.01 /pica/config/pica.conf.02 /pica/config/pica.conf.03 /pica/config/pica.conf.04 /pica/config/pica.conf.05 /ovs/ovs-vswitchd.conf.db /ovs/function.conf.db /ovs/config/meters /ovs/config/groups /ovs/config/flows /ovs/var/lib/openvswitch/pki/ /var/log/report_diag.log /var/log/report_diag.log.1 /var/log/report_diag.log.2 /var/log/report_diag.log.3 /var/log/report_diag.log.4 /var/log/report_diag.log.5 /cftmp/upgrade.log /cftmp/upgrade2.log /cftmp/auto/ If you want to save user files that are not in the above default backup file list, you need to first create or specify a .lst file and then add all those files that need to be backed up to this .lst file. You can use the backup-file=(*.lst) option to achieve this, where (*.lst) is the user created file with .lst format or specify the path to this file, for example: admin@PICOS:~$ sudo upgrade backup-file=/admin/back_files.lst onie-installer-picos-4.0.1-x86.bin For example, if you want to backup /home/admin/a.txt file during the process, then add /home/admin/a.txt to back_files.lst.In this example, back_files.lst is a user created file. The user has already added the file to back_files.lst that needs to be saved in the event of power off. admin@PICOS:~$ cat /admin/back_files.lst /home/admin/a.txt The above operations ensure that user can backup their important files with backup-file=(*.lst) option during the upgrade process. 3.6 Upgrading Procedure The upgrading procedure in this document gives an example of upgrading AS7312-54X from PicOS® 4.0.0 to 4.0.1. Step1 Copy the upgrade package (in the form of .bin) and the MD5 file to /cftmp directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@10.10.50.16:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-4.0.1-x86.bin /cftmp admin@PICOS:~$ sudo scp pica8@10.10.50.16:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-4.0.1-x86.bin.md5 /cftmp NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-as7312_54x-4.0.1-91bb175.bin /cftmp admin@PICOS:~$sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-as7312_54x-4.0.1-91bb175.bin.md5 /cftmp If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. Step2 Execute the sync operation. admin@PICOS:~$ sync Step3 Change directory to /cftmp. admin@PICOS:~$ cd /cftmp admin@PICOS:/cftmp$ Step4 Run the upgrade command. admin@PICOS:/cftmp$ sudo upgrade onie-installer-picos-4.0.1-x86.bin After finishing upgrade will reboot automatically, and the system will come up running the new network operating system. 3.7 Verifying Version after Upgrading admin@PICOS:~$ version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : as7312_54x Software Version : 4.0.1/91bb175 Software Released Date : 02/14/2025 Serial Number : 732656X1916012 System Uptime : 0 day 4 hour 25 minute Hardware ID : ACD2-F77A-BBA3-2849 License Type : 1G PicOS(R) Perpetual License Device MAC Address : 80:A2:35:81:D5:F0 3.8 Appendix: Troubleshooting Installation/Upgrade Failure on AS7326-56X Installation or upgrade failure (for example, the switches cannot boot up after installation) may occur on the old AS7326-56X hardware models (revision is R01F and before). When booting PICOS on AS7326-56X and detect hardware rev R01F, the system will log a warning message to prompt the hardware revision R01F is a pre-production hardware reversion: "This hardware revision R01F is a pre-production hardware rev, PICOS has applied a work around to work with PICOS. Support will be provided on a best effort basis". To work around the issue, first, we need to check the “Label Revision”. If it is an old hardware model (revision is R01F or before), then we can perform the following provided solution after installation/upgrade to solve the problem. 3.8.1 Check Label Revision Under ONIE prompt, run “onie_syseeprom” to get the “Label Revision”. ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 166 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 04/27/2019 02:10:06 Label Revision 0x27 4 R01B Platform Name 0x28 27 x86_64-accton_as7326_56x-r0 ONIE Version 0x29 13 2018.05.00.05 Manufacturer 0x2B 6 Accton Diag Version 0x2E 7 0.0.1.0 Base MAC Address 0x24 6 80:A2:35:81:D5:F0 Serial Number 0x23 14 732656X1916012 Country Code 0x2C 2 TW Part Number 0x22 13 FP4ZZ7656005A Product Name 0x21 15 7326-56X-O-AC-F MAC Addresses 0x2A 2 256 Vendor Name 0x2D 6 Accton CRC-32 0xFE 4 0xC3D3F2DE Checksum is valid. ONIE:/ # 3.8.2 Solution You can follow the steps below after installation/upgrade, to fix the problem of installation and upgrade failure on the old AS7326-56X hardware model (revision R01F or before). Step1 Power cycle the switch. Step2 From the GRUB menu, choose “ONIE” to enter ONIE GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. Step3 From ONIE GRUB menu, choose “ONIE: Rescue” to launch ONIE in Rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ | ONIE: Install OS | |*ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step4 Press Enter to display the ONIE prompt. Step5 Mount PicOS® partition with label is “PicOS®”. ONIE:/ # blkid /dev/sda7: LABEL="User-Data" UUID="be63cef8-4560-4c48-ab5a-8f7ced5a950b" /dev/sda6: LABEL="PicOS2" UUID="f589e53f-4cd1-44ba-8384-f339f4e2b2ac" /dev/sda5: LABEL="PicOS" UUID="8ca5f7ed-5a15-4a2a-944c-4d8872647bf5" /dev/sda4: LABEL="PICOS-GRUB" UUID="782a1372-4b66-4783-b920-dab1df8ec6e4" /dev/sda3: LABEL="ACCTON-DIAG" UUID="3e4117d0-1926-472a-9d9e-08883df83d40" /dev/sda2: LABEL="ONIE-BOOT" UUID="1a90abd8-f065-4f7a-90a0-af122b8805fa" ONIE:/ # ONIE:/ # mount /dev/sda5 /mnt Step6 Execute the following command to modify the I2C access address. ONIE:/ # sed -I "s/0x57/0x56/" /mnt/etc/rc_hw.sh ONIE:/ # sync Step7 Unmount the PicOS® partition. ONIE:/ # unmount /dev/sda5 Step8 Reboot the switch. ONIE:/ # reboot 4. Upgrading PicOS® from Version 3.0 or Later Using Upgrade2 4.1 Introduction NOTE： This document only applies to PicOS® upgrade from version 3.0 or later version using command upgrade2. If you want to upgrade PicOS® from the version before 3.0, use ONIE installation process described in "PicOS® Software Installation and Upgrade Guide". You cannot do a standard upgrade from 3.x to 4.x. This is because 3.x config and 4.x config are not compatible, and PICOS 4.x will not be able to boot with 3.x config after the upgrade. In order to upgrade from 3.x to 4.x, you MUST convert the configuration to 4.x before upgrade, see section Converting Configuration to 4.x before Upgrade (when Upgrade from Version 3.x to 4.x) in this guide for details. This upgrading guide is not available for FS S5810 Series and S5860 Series switches. N8560-32C and S5890-32C use the ONIE method for upgrade described in this guide, while the installation uses Rboot method, please refer to "Installing PICOS for FS S5810/S5860 Series, S5890-32C and N8560-32C Switches" for details on the installation process. The installation package names for N8560-32C and S5890-32C include the suffix '-rboot', for example, N8560_picos-4.4.5-9bca0916a3-rboot.bin. The upgrade package, on the other hand, includes the suffix '-x86', such as picos-4.4.5-9bca0916a3-x86.bin. PICOS 4.0.0 and later versions have multiple system partitions, including PicOS (partition size: 2G), PicOS2(partition size: 2G), and User-Data partitions. Among them, PicOS and PicOS2 are two independent system boot partitions. One of them is the active partition on which the running system resides, and the other is the inactive partition. The two-system-boot-partition feature allows the system to revert to a previous version of the installed software package when it fails to upgrade PICOS by using the command upgrade2. User-Data partition is a reserved partition which is not affected by ONIE installer and upgrade unless user manually removes it. User-Data partition uses all the available space left on the disk. Users can use this partition to store files and data. When running upgrade2, the new version PICOS image will be installed and boot onto the inactive partition automatically. Afterwards, the inactive partition will switch to active partition automatically when the switch boots up normally after the upgrade is finished, while the other partition where the old version resides will become the inactive partition. Upgrade2 method supports the system rollback function. The nos-rollback command can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. This can reduce the network interruption risk due to the failure of the system upgrade process and ensure the systems’ continuous availability. You can refer to the section Rollback Procedure in this page for details. The system also supports the upgrade method for PICOS version upgrade, you can refer to the document Upgrading PICOS from Version 4.0.0 or Later Using Upgrade Command for details. We recommend using the upgrade2 method to upgrade the NOS as it includes system backup and rollback features. 4.2 Preparation before Upgrading Table 1. Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed. 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build an upgrade environment according to the need. 4 Getting the Required Upgrade Software Obtain the required supported upgrade software. 5 Backing up Important Data All the important data was backed up. 6 Converting Configuration to 4.x before Upgrade (when Upgrade from Version 3.x to 4.x) 4.x configuration is generated from 3.x configuration file. 7 Pre-Upgrade Check: Remove EVPN Configuration on Unsupported Devices No EVPN-related configuration remains on the unsupported devices. 8 Pre-Upgrade Configuration Check Ensure no Static VXLAN exists with EVPN VXLAN configured, and ACL rules must not contain destination-port or source-port without a protocol. 4.2.1 Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS:~$ version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : as7312_54x Software Version : 4.4.4-s3000/eaf8c6573d Software Released Date : 02/14/2025 Serial Number : 463054NPEM2402002 System Uptime : 0 day 4 hour 25 minute Hardware ID : ACD2-F77A-BBA3-2849 License Type : 1G PicOS(R) Perpetual License Device MAC Address : 80:A2:35:81:D5:F0 4.2.2 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2025-10-28", "Hardware ID":"ACD2-F77A-BBA3-2849", "Site Name":"PICA8" } 4.2.3 Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment, the basic requirements are as follows: PC can log in to the device through serial or SSH. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. 4.2.4 Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following webpage for the latest version of upgrade software. https://www.pica8.com/support/ 4.2.5 Backing up Important Data Before upgrading, save the important data, e.g. the configuration file, to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed if needed. 4.2.6 Converting Configuration to 4.x before Upgrade (when Upgrade from Version 3.x to 4.x) NOTE: When upgrade PICOS from version 3.x to 4.x: When executing the upgrade2 command, no other option is supported except the option image_name. Backup the configuration file before upgrading. The OVS configuration for crossflow before the upgrade will be saved and restored automatically after the upgrade. You cannot do a standard upgrade from 3.x to 4.x. This is because 3.x configuration and 4.x configuration are not compatible, and PICOS 4.x will not be able to boot with 3.x configuration after the upgrade. In order to upgrade from 3.x to 4.x, follow the procedure below to prepare the 4.x configuration file before upgrade: Create directory /pica/config-4.x/. Contact Pica8 support to convert the 3.x configuration to the 4.x configuration in the configuration file pica_startup.boot. Copy the 4.x configuration file (converted from the 3.x configuration file in step 2) into the directory /pica/config-4.x just created. After upgrading from 3.x to 4.x and after rebooting, PICOS 4.x will look for the 4.x configuration in /pica/config-4.x. After completing these steps, the 4.x configuration file is ready, and you can continue with the upgrade process. If these steps are not performed before the upgrade, the system will load the default configuration file of 4.x, and the 3.x configuration will not be loaded after the upgrade. However, if this happens unexpectedly, you can also remedy it by loading the 4. x configuration file after upgrade, follow the steps below: Copy the 4.x configuration file pica_startup.boot (already converted from 3.x configuration file) into the directory /pica/config/. Run the command load override to load the 4. x configuration. admin@PICOS# load override /pica/config/pica_startup.boot admin@PICOS# Loading config file... Config file was loaded successfully. 4.2.7 Pre-Upgrade Check: Remove EVPN Configuration on Unsupported Devices The following devices do not support EVPN. Before upgrading to PICOS 4.6.0E or later, please make sure to remove all EVPN-related configurations on these devices before proceeding. All ARM-based models: S3410 / AS4610 / S3910 / S5810 / S5860 / S3100 / S3270 / N3024 / N3048 / N3132 / S5440 series Check & Cleanup Steps Verify Device Model run show version Check for Current Configuration show | display set Manually delete all CLI configuration lines that contain the keyword “evpn”. If EVPN configurations are not removed, the following error will be displayed, and the upgrade process will stop: Error: The current version does not support EVPN. Please delete the EVPN related configuration before upgrading. Upgrade aborts. 4.2.8 Pre-Upgrade Configuration Check EVPN VXLAN Configuration Check Before upgrading the system to version 4.6.0E or later, if EVPN VXLAN has been configured on the device, please follow the instructions below to ensure a successful upgrade: Configuration Compatibility Requirement EVPN VXLAN is incompatible with Static VXLAN configurations (command format: set vxlans vni flood vtep ). If both EVPN VXLAN and Static VXLAN configurations exist before the upgrade, you must manually delete the Static VXLAN configuration before proceeding. Otherwise, the following error message will be displayed during the upgrade process, causing the upgrade to terminate: Error: The current version only supports EVPN VXLAN. Please delete the static VXLAN configuration before upgrading. Upgrade aborts. Automatic Handling by System If EVPN VXLAN is configured and no Static VXLAN configuration exists, the system will automatically add the following command during the upgrade to ensure compatibility with the updated EVPN VXLAN feature: set protocols evpn enable true Please complete the above checks and configuration adjustments before performing the upgrade to avoid upgrade failures caused by configuration conflicts. ACL Rules Configuration Check Before upgrading to version 4.5.3E or later, check the configuration file for ACL rules. If any ACL rule specifies a destination-port or source-port without a protocol, you must either delete the rule or add a condition specifying the protocol. Otherwise, the upgrade will be aborted. During the upgrade check, the system displays the following message: Error: ACL rules with port conditions must include a protocol. Please delete ACL rules that specify port without protocol before upgrading. Upgrade aborts. 4.3 Upgrading Notes This upgrade2 guide only applies to PICOS upgrades from version 4.0.0 or later versions. When using upgrade2 to upgrade PICOS, you should make sure the “PicOS2” partition exists. When using upgrade2 to upgrade PICOS, you should make sure the partition type is GPT. When using upgrade2 to upgrade PICOS, you should make sure that ONIE is pre-loaded. License check is performed for upgrade: If PICOS has a license installed before the upgrade, the license will be copied and activated after the upgrade. Please check this section for the PICOS Licenses. If there is no license installed prior to upgrade, the upgrade2 process can proceed, but only the first four ports and the first two uplink ports (if exist) on the newly upgraded system can be used. If the license has expired, it is not allowed to upgrade a major release (e.g. 4.1 to 4.2). However, it will not affect upgrading to a minor release (e.g. 4.1.1 to 4.1.2). You can log in to a device through its console port or using SSH. After successful login, you can run commands on the command line interface (CLI) to upgrade the device. When using FTP/TFTP to download the image, the user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image might be modified during download, and the upgrade will fail during the MD5 check. The image is platform dependent, that is, the image should be consistent with the platform, otherwise the upgrade script will abort. An upgrade2.log file in /cftmp directory will be created, which will contain all the logs related to the upgrade2 process. All X86 platforms share one installation and upgrade package with the name fixed as: onie-installer-picos-VERSION-x86.bin, where VERSION is the release version. X86 platforms are listed below: FS: FS N9550-32D FS N8550-64C FS N5850-48S6Q FS N8550-48B8C FS N8550-32C Edgecore: Edgecore AS4630-54PE Edgecore AS5712-54X Edgecore AS5812-54T Edgecore AS5812-54X Edgecore AS7312-54X Edgecore AS7326-56X Edgecore AS7712-32X Edgecore AS7726-32X Edgecore AS7816-64X Edgecore AS5835-54X Edgecore AS9716-32D DELL: DELL N3248P-ON DELL N3248PXE-ON DELL N3224PX-ON DELL N3248X-ON DELL S4048-ON DELL S4148F-ON DELL S4148T-ON DELL S4128F-ON DELL S5224F-ON DELL S5296F-ON DELL S5212F-ON DELL S5248F-ON DELL Z9100-ON DELL Z9264F-ON DELL N3224T-ON DELL S4128T-ON In previous 4.x.x versions, PICOS allows the configuration of route leaking by importing BGP IPv4 routes from one user-defined VRF into another user-defined VRF, for example: set protocols bgp vrf vrf1 local-as 1 set protocols bgp vrf vrf1 ipv4-unicast import vrf vrf2 set protocols bgp vrf vrf2 local-as 2 That will cause configuration from PicOS® CLI is not consistent with FRR configuration. Specifically, FRR will add "set protocols bgp local-as 1" (local as number is same as the value in vrf1) to its configuration automatically, which is not in PicOS® CLI. From version 4.4.0, if "set protocols bgp local-as 1" is not configured, the above configurations are not allowed. Based on the above reasons, users are required to manually add the command "set protocols bgp local-as 1" (local as number is same as the value in vrf1) before the upgrade, if there's above configuration exists in the pre-upgrade version, thus to ensure that the configuration can be loaded successfully after the upgrade. 4.4 Usage of Upgrade2 Command admin@PICOS:~$ sudo upgrade2 USAGE Upgrade system with local new image SYNOPSIS upgrade2 [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default admin@PICOS:~$ For PicOS® go2cli version, users can run the upgrade2 command under CLI operational mode or configuration mode: admin@PICOS> upgrade2 image-file xx.bin Possible completions: <[Enter]> Execute this command backup-file Specify a user defined backup list(*.lst) factory-default Recovery configuration to factory default use-prev-config Use previous configuration, and syslog trace admin@PICOS# run upgrade2 image-file xx.bin Possible completions: <[Enter]> Execute this command backup-file Specify a user defined backup list(*.lst) factory-default Recovery configuration to factory default use-prev-config Use previous configuration, and syslog trace PICOS upgrade is done via the command upgrade2 in bash (launching a shell script named "upgrade2.sh"). This script will upgrade the image and backup configuration files automatically. Image name is in the form of .bin, which should be copied to the /cftmp directory before running the command upgrade2. The option factory-default is used to reset the configuration to factory default when performing the upgrade, but it retains the license files from the previous version. If you want to use the old configuration file in the new version, you can add the use-prev-config option when issuing the command upgrade2. The usage of the option use-prev-config is described in the section Usage of Use-prev-config Option. If you want to backup a file during upgrade, use backup-file=(*.lst) option to define your own backup file list. The usage of backup-file=(*.lst) option is described in the section Usage of Backup-file=(*.lst) Option. 4.4.1 Usage of use-prev-config Option The main function of the use-prev-config option is to decide whether to load the previous configuration file after a system reboot when performing upgrade2 or rollback to another version. If there is a command line in the old version configuration file that is not supported in the new system, with the use-prev-config option, that command will be skipped and continue loading the remaining configuration. By default, upgrade2 or rollback is performed without the use-prev-config option. The following table describes the usage of the use-prev-config option when performing upgrade2 or rollback. upgrade2 (From old version to new version) rollback (From current version to old version) with use-prev-config 1. Load the configuration file of the old version after the system reboot. 2. If there is a command line in the old version configuration file that is not supported in the new system, skip it and continue loading the remaining configuration. 1. Load the configuration file of the current version after the system reboot. 2. If there is a command line in the current configuration file that is not supported in the old system, skip it and continue loading the remaining configuration. without use-prev-config 1. Load the configuration file of the old version after reboot. 2. If there is a command in the old version configuration file that is not supported in the new system, load the default configuration file. Load the old version configuration file after rebooting. 4.4.2 Usage of Backup-file=(*.lst) Option During the upgrade process, the switch can automatically back up the following files in the following directories from the previous PicOS® system: /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/resolv.conf ./etc/network/interfaces /etc/picos/picos_start.conf /etc/picos/switch-public.key /etc/picos/pica.lic /pica/config/pica_startup.boot /pica/config/pica.conf.01 /pica/config/pica.conf.02 /pica/config/pica.conf.03 /pica/config/pica.conf.04 /pica/config/pica.conf.05 /ovs/ovs-vswitchd.conf.db /ovs/function.conf.db /ovs/config/meters /ovs/config/groups /ovs/config/flows /ovs/var/lib/openvswitch/pki/ /var/log/report_diag.log /var/log/report_diag.log.1 /var/log/report_diag.log.2 /var/log/report_diag.log.3 /var/log/report_diag.log.4 /var/log/report_diag.log.5 /cftmp/upgrade.log /cftmp/upgrade2.log /cftmp/auto/ If you want to save user files that are not in the above default backup file list, you need to first create or specify a .lst file and then add all those files that need to be backed up to this .lst file. You can use the backup-file=(*.lst) option to achieve this, where (*.lst) is the user created file with .lst format or specify the file path to this file, for example: admin@PICOS:~$ sudo upgrade2 backup-file=/admin/back_files.lst onie-installer-picos-as7312_54x-4.0.1-cc8d268.bin For example, if you want to backup /home/admin/a.txt file during the process, then add /home/admin/a.txt to back_files.lst. In this example, back_files.lst is a user created file. The user has already added the file to back_files.lst that needs to be saved in the event of power off. admin@PICOS:~$ sudo upgrade2 backup-file=/admin/back_files.lst onie-installer-picos-as7312_54x-4.0.1-cc8d268.bin The above operations ensure that user can backup their important files with backup-file=(*.lst) option during the upgrade process. 4.5 Upgrade Procedure The upgrading procedure in this document gives an example of upgrading from PicOS® 4.0.0 to 4.0.1 using upgrade2 command on AS7312_54X switch. Step1 Copy the upgrade package (in the form of .bin) and the MD5 file to /cftmp directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-as7312_54x-4.0.1-cc8d268.bin /cftmp admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-as7312_54x-4.0.1-cc8d268.bin.md5 /cftmp NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-as7312_54x-4.0.1-cc8d268.bin /cftmp admin@PICOS:~$sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/4.0.1/as7312_54x/onie-installer-picos-as7312_54x-4.0.1-cc8d268.bin.md5 /cftmp If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. For PicOS® go2cli version, users can run the scp command under CLI operational mode or configuration mode: Download a file: file scp get remote-file [local-file local-file-path] ip-address : [vrf ] Upload a file: file scp put local-file [remote-file ] ip-address : [vrf ] Step2 Execute the sync operation. admin@PICOS:~$ sync Step3 Change directory to /cftmp. admin@PICOS:~$ cd /cftmp Step4 Run upgrade2 command to begin upgrading. admin@PICOS:~$ sudo upgrade2 onie-installer-picos-as7312_54x-4.0.1-cc8d268.bin After finishing upgrade, the switch will reboot automatically, the system will come up running the new network operating system. NOTE： For PicOS® go2cli version, users can run the upgrade2 command under CLI operational mode or configuration mode. It will take 20-30 minutes to finish upgrading PicOS®. During the upgrade process, please be patient and do not perform any operation until the upgrade is complete, otherwise, the upgrade may be interrupted. 4.6 Rollback Procedure The upgrade2 method supports the system rollback function. The command nos-rollback can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. Usage of the command nos-rollback: admin@PICOS:~$ sudo nos-rollback USAGE Rollback to the previous system after next reboot SYNOPSIS nos-rollback [use-prev-config] DESCRIPTION use-prev-config - Use previous config, and syslog trace For details about the usage of use-prev-config, please refer to Usage of Use-prev-config Option. The rollback procedure is as follows: Step1 Run nos-rollback command for manually rollback. admin@PICOS:~$ sudo nos-rollback USAGE Rollback to the previous system after next reboot SYNOPSIS nos-rollback Checking prerequisites Attribute of current system [OK] Will switch from PICOS-4.4.5GA to the other system! Do you want to continue?[y/N]?y Updating default boot option Modify default boot option [OK] Rollback to the other system successful! Please reboot to enter the other system! admin@PICOS:~$ Step2 Reboot system manually to finish rollback. admin@PICOS:~$ sudo reboot You need to manually run reboot command to reboot the system after you have issued "nos-rollback" command. After rebooting successfully, the system will come up running the previous version of network operating system. 4.7 Verifying Version after Upgrade Use the command version to check the version after upgrading. admin@PICOS:~$ version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : as7312_54x Software Version : 4.0.1/cc8d268 Software Released Date : 02/14/2025 Serial Number : 463054NPEM2402002 System Uptime : 0 day 4 hour 25 minute Hardware ID : ACD2-F77A-BBA3-2849 License Type : 1G PicOS(R) Perpetual License Device MAC Address : 80:A2:35:81:D5:F0 4.8 Appendix: Troubleshooting Installation/Upgrade Failure on AS7326-56X Installation or upgrade failure (for example, the switches cannot boot up after installation) may occur on the old AS7326-56X hardware models (revision is R01F and before). When booting PICOS on AS7326-56X and detect hardware rev R01F, the system will log a warning message to prompt the hardware revision R01F is a pre-production hardware reversion: "This hardware revision R01F is a pre-production hardware rev, PICOS has applied a work around to work with PICOS. Support will be provided on a best effort basis". To work around the issue, first, we need to check the “Label Revision”. If it is an old hardware model (revision is R01F or before), then we can perform the following provided solution after installation/upgrade to solve the problem. 4.8.1 Check Label Revision Under ONIE prompt, run “onie_syseeprom” to get the “Label Revision”. ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 166 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 04/27/2019 02:10:06 Label Revision 0x27 4 R01B Platform Name 0x28 27 x86_64-accton_as7326_56x-r0 ONIE Version 0x29 13 2018.05.00.05 Manufacturer 0x2B 6 Accton Diag Version 0x2E 7 0.0.1.0 Base MAC Address 0x24 6 80:A2:35:81:D5:F0 Serial Number 0x23 14 732656X1916012 Country Code 0x2C 2 TW Part Number 0x22 13 FP4ZZ7656005A Product Name 0x21 15 7326-56X-O-AC-F MAC Addresses 0x2A 2 256 Vendor Name 0x2D 6 Accton CRC-32 0xFE 4 0xC3D3F2DE Checksum is valid. ONIE:/ # 4.8.2 Solution You can follow the steps below after installation/upgrade, to fix the problem of installation and upgrade failure on the old AS7326-56X hardware model (revision R01F or before). Step1 Power cycle the switch. Step2 From the GRUB menu, choose “ONIE” to enter ONIE GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. Step3 From ONIE GRUB menu, choose “ONIE: Rescue” to launch ONIE in Rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ | ONIE: Install OS | |*ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step4 Press Enter to display the ONIE prompt. Step5 Mount PicOS® partition with label is “PicOS®”. ONIE:/ # blkid /dev/sda7: LABEL="User-Data" UUID="be63cef8-4560-4c48-ab5a-8f7ced5a950b" /dev/sda6: LABEL="PicOS2" UUID="f589e53f-4cd1-44ba-8384-f339f4e2b2ac" /dev/sda5: LABEL="PicOS" UUID="8ca5f7ed-5a15-4a2a-944c-4d8872647bf5" /dev/sda4: LABEL="PICOS-GRUB" UUID="782a1372-4b66-4783-b920-dab1df8ec6e4" /dev/sda3: LABEL="ACCTON-DIAG" UUID="3e4117d0-1926-472a-9d9e-08883df83d40" /dev/sda2: LABEL="ONIE-BOOT" UUID="1a90abd8-f065-4f7a-90a0-af122b8805fa" ONIE:/ # ONIE:/ # mount /dev/sda5 /mnt Step6 Execute the following command to modify the I2C access address. ONIE:/ # sed -I "s/0x57/0x56/" /mnt/etc/rc_hw.sh ONIE:/ # sync Step7 Unmount the PicOS® partition. ONIE:/ # unmount /dev/sda5 Step8 Reboot the switch. ONIE:/ # reboot 5. Installing Debian Packages on PicOS® PicOS® uses a standard and non-modified Debian Linux distribution. It is very easy to install new packages or software on top of the existing PicOS® packages, using the standard Debian package management system. Here are some installation examples. 5.1 Installing GCC on PicOS® NOTE: If the FTP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the apt-get command when executing the apt-get operation. For example: admin@Xorplus:~$ sudo ip vrf exec mgmt-vrf apt-get update If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF configuration guide. Updating the software list on the source server admin@XorPlus$sudo apt-get update Hit http://ftp.tw.debian.org stable Release.gpg Hit http://ftp.tw.debian.org stable Release Hit http://ftp.tw.debian.org stable/main powerpc Packages Hit http://ftp.tw.debian.org stable/main Translation-en Reading package lists... Done admin@XorPlus$ Installing new software admin@XorPlus$sudo apt-get install make Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: make-doc The following NEW packages will be installed: make 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 399 kB of archives. After this operation, 1165 kB of additional disk space will be used. WARNING: The following packages cannot be authenticated! make Authentication warning overridden. Get:1 http://ftp.tw.debian.org/debian/ stable/main make powerpc 3.81-8.2 [399 kB] Fetched 399 kB in 6s (64.1 kB/s) Selecting previously unselected package make. (Reading database ... 16155 files and directories currently installed.) Unpacking make (from .../make_3.81-8.2_powerpc.deb) ... Processing triggers for man-db ... fopen: Permission denied Setting up make (3.81-8.2) ... admin@XorPlus$ admin@XorPlus$sudo apt-get install python Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: file libexpat1 libmagic1 mime-support python-minimal python2.7 python2.7-minimal Suggested packages: python-doc python-tk python2.7-doc binutils binfmt-support The following NEW packages will be installed: file libexpat1 libmagic1 mime-support python python-minimal python2.7 python2.7-minimal 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. Need to get 5045 kB of archives. After this operation, 18.3 MB of additional disk space will be used. Do you want to continue [Y/n]? Y WARNING: The following packages cannot be authenticated! libmagic1 libexpat1 file mime-support python2.7-minimal python2.7 python-minimal python Authentication warning overridden. Get:1 http://ftp.tw.debian.org/debian/ stable/main libmagic1 powerpc 5.11-2 [201 kB] Get:2 http://ftp.tw.debian.org/debian/ stable/main libexpat1 powerpc 2.1.0-1 [142 kB] Get:3 http://ftp.tw.debian.org/debian/ stable/main file powerpc 5.11-2 [51.7 kB] Get:4 http://ftp.tw.debian.org/debian/ stable/main mime-support all 3.52-1 [35.5 kB] Get:5 http://ftp.tw.debian.org/debian/ stable/main python2.7-minimal powerpc 2.7.3-6 [1753 kB] Get:6 http://ftp.tw.debian.org/debian/ stable/main python2.7 powerpc 2.7.3-6 [2639 kB] Get:7 http://ftp.tw.debian.org/debian/ stable/main python-minimal all 2.7.3-4 [42.6 kB] Get:8 http://ftp.tw.debian.org/debian/ stable/main python all 2.7.3-4 [180 kB] Fetched 5045 kB in 18s (267 kB/s) Selecting previously unselected package libmagic1:powerpc. (Reading database ... 16189 files and directories currently installed.) Unpacking libmagic1:powerpc (from .../libmagic1_5.11-2_powerpc.deb) ... Selecting previously unselected package libexpat1:powerpc. Unpacking libexpat1:powerpc (from .../libexpat1_2.1.0-1_powerpc.deb) ... Selecting previously unselected package file. Unpacking file (from .../file_5.11-2_powerpc.deb) ... Selecting previously unselected package mime-support. Unpacking mime-support (from .../mime-support_3.52-1_all.deb) ... Selecting previously unselected package python2.7-minimal. Unpacking python2.7-minimal (from .../python2.7-minimal_2.7.3-6_powerpc.deb) ... Selecting previously unselected package python2.7. Unpacking python2.7 (from .../python2.7_2.7.3-6_powerpc.deb) ... Selecting previously unselected package python-minimal. Unpacking python-minimal (from .../python-minimal_2.7.3-4_all.deb) ... Selecting previously unselected package python. Unpacking python (from .../python_2.7.3-4_all.deb) ... Processing triggers for man-db ... fopen: Permission denied Setting up libmagic1:powerpc (5.11-2) ... Setting up libexpat1:powerpc (2.1.0-1) ... Setting up file (5.11-2) ... Setting up mime-support (3.52-1) ... Setting up python2.7-minimal (2.7.3-6) ... Linking and byte-compiling packages for runtime python2.7... Setting up python2.7 (2.7.3-6) ... Setting up python-minimal (2.7.3-4) ... Setting up python (2.7.3-4) ... admin@XorPlus$ admin@XorPlus$sudo apt-get install g++ Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: g+-4.6 libstdc+6-4.6-dev Suggested packages: g+-multilib g-4.6-multilib gcc-4.6-doc libstdc6-4.6-dbg libstdc+6-4.6-doc The following NEW packages will be installed: g++ g+-4.6 libstdc+6-4.6-dev 0 upgraded, 3 newly installed, 0 to remove and 17 not upgraded. Need to get 0 B/8383 kB of archives. After this operation, 24.4 MB of additional disk space will be used. Do you want to continue [Y/n]? Y WARNING: The following packages cannot be authenticated! libstdc+6-4.6-dev g-4.6 g+ Authentication warning overridden. Selecting previously unselected package libstdc++6-4.6-dev. (Reading database ... 19555 files and directories currently installed.) Unpacking libstdc+6-4.6-dev (from .../libstdc+6-4.6-dev_4.6.3-14_powerpc.deb) ... Selecting previously unselected package g++-4.6. Unpacking g+-4.6 (from .../g+-4.6_4.6.3-14_powerpc.deb) ... Selecting previously unselected package g++. Unpacking g++ (from .../g++_4%3a4.6.3-8_powerpc.deb) ... Processing triggers for man-db ... Setting up libstdc++6-4.6-dev (4.6.3-14) ... Setting up g++-4.6 (4.6.3-14) ... Setting up g++ (4:4.6.3-8) ... update-alternatives: using /usr/bin/g++ to provide /usr/bin/c++ (c++) in auto mode admin@XorPlus$ 5.2 Installing Puppet on PicOS® NOTE: You can see an example of Puppet module to manipulate PicOS® configuration on our Github repository: https://github.com/Pica8/Configuration-Managers If the FTP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the apt-get command when executing the apt-get operation. For example: admin@Xorplus:~$ sudo ip vrf exec mgmt-vrf apt-get update If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF configuration guide. Step1 Use the correct repository for the specific application and CPU on the switch. Pica8 support can help in the choice of repository. admin@PICOS:~$sudo more /etc/apt/sources.list | grep -v "#" deb http://ftp.debian-ports.org/debian/ unstable main For a typical puppet installation, the latest standard debian repo is advised. Step2 Update the debian packages on PicOS®. admin@PICOS:~$ sudo apt-get update Hit http://ftp.tw.debian.org stable Release.gpg Hit http://ftp.tw.debian.org stable Release Hit http://ftp.tw.debian.org stable/main powerpc Packages Hit http://ftp.tw.debian.org stable/main Translation-en Reading package lists... Done admin@PICOS:~$ Step3 Install puppet client and configure it. admin@PICOS:~$ sudo apt-get install puppet Look at the puppet documentation to understand how to connect the puppet client to a puppet server. A simple installation would require at least minor modification on the puppet.conf file. more /etc/puppet/puppet.conf [agent] server = master.local.pica8.com Step4 Verify Puppet installation. admin@PICOS:~$ sudo puppet agent -t Notice: Using less secure serialization of reports and query parameters for compatibility Notice: with older puppet master. To remove this notice, please upgrade your master(s) Notice: to Puppet 3.3 or newer. Notice: See http://links.puppetlabs.com/deprecate_yaml_on_network for more information. Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb Info: Loading facts in /var/lib/puppet/lib/facter/instance_id.rb Info: Caching catalog for Roma Info: Applying configuration version '1405148228' Notice: Finished catalog run in 0.35 seconds 5.3 Installing Salt on PicOS® NOTE: You can see an example of Salt module to manipulate PicOS® configuration on our Github repository: https://github.com/pica8/Configuration-Managers If the FTP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the apt-get command when executing the apt-get operation. For example: admin@Xorplus:~$ sudo ip vrf exec mgmt-vrf apt-get update If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF configuration guide. Step1 Use the correct repository for the specific application and CPU on the switch. Pica8 support can help in the choice of repository. admin@PICOS:~$ sudo more /etc/apt/sources.list | grep -v "#" deb http://ftp.debian-ports.org/debian/ unstable main For a typical salt installation, the latest standard debian repo is advised. Step2 Update the debian packages on PicOS® admin@PICOS:~$ sudo apt-get update Hit http://ftp.tw.debian.org stable Release.gpg Hit http://ftp.tw.debian.org stable Release Hit http://ftp.tw.debian.org stable/main powerpc Packages Hit http://ftp.tw.debian.org stable/main Translation-en Reading package lists... Done admin@PICOS:~$ Step3 Install salt-common and salt-minion and configure it admin@PICOS:~$ sudo apt-get install salt-common admin@PICOS:~$ sudo apt-get install salt-minion Look at the salt documentation to understand how to connect the salt-minion to a salt-master. A simple installation would need at least minor modification on the minion configuration file. more /etc/salt/minion # Set the location of the salt master server, if the master server cannot be # resolved, then the minion will fail to start. master: salt.example.com 6. PICOS Installation and Upgrade Guide for FS S5810 Series, S3410 Series, S3270 Series, S5860 Series, S5890-32C and N8560-32C Switches 6.1 Installing PicOS® for FS S5810/S5860 Series, S5890-32C and N8560-32C Switches NOTE: N8560-32C and S5890-32C use the Rboot method for installation described in this guide, while upgrade still uses the ONIE method, please refer to Upgrading PICOS from Version 3.0 or Later Using Upgrade2 and Upgrading PICOS from Version 4.0.0 or Later Using Upgrade Command for details on the upgrade process. The installation package name for N8560-32C and S5890-32C includes the suffix '-rboot', for example, N8560_picos-4.4.5-9bca0916a3-rboot.bin. The upgrade package, on the other hand, includes the suffix '-x86', such as picos-4.4.5-9bca0916a3-x86.bin. Caution: When an incorrect installation file is detected, the system will display the error message “Ignore ERRORS? [YES/NO]:”. Users need to enter “no” to prevent the system from using the incorrect installation file for system installation. Do NOT enter “yes”, or the system will proceed with the incorrect installation file, which may cause a system crash. image.png PicOS® system can be installed under the Rboot menu through TFTP protocol for FS S5810 and S5860 Series switches. The following steps describe the installation procedure. Step 1 Power off and on to force restarting the switch, then press Ctrl+C to enter Rboot menu. Step 2 (Optional) If the TFTP server and the switch are in the different network segment, configure the gateway address first (if they are in the same network segment, no need to do this step). a) Enter 4 in the Rboot menu to access the Scattered utilities menu. image.png b) Enter 7 to set the gateway IP and IP netmask. c) Then, press Ctrl+Z to go back to the Rboot menu. Step 3 In Rboot menu, enter 0 to access Tftp utilities menu, and then enter 2 to perform TFTP upgrade. image.png Step 4 Use TFTP protocol to download the installation files, and then install PICOS. a) Configure the TFTP parameters. Local IP is the management interface IP of the switch, Remote IP is the IP of the TFTP server, Filename is the installation image directory and name located on the TFTP server. b) After downloaded the installation image successfully, you need to input Y manually, then the system will automatically start system installation process. image.png Wait a few minutes before the installation process is completed. When Success is displayed, it indicates that the installation process is successfully completed. Step 5 Press Ctrl+Z to go back to the Rboot menu, then type 2 to reboot the switch. image.png Then the device reboots and comes up running the new network operating system. Users need to enter the username and password after the system restarts, the initial login username is admin and password is pica8. Then users will be asked to set a new password for admin. This is the only post installation step after which the PICOS operating system can be used. 6.2 Installing PicOS® for FS S3410/S3270 Series Switches NOTE: The installation package name for S3410 includes the suffix '-rboot', for example, S3410-PicOS-4.4.5.14-2963b1e57b-rboot.bin. PicOS® system can be installed under the Uboot menu through TFTP protocol for FS S3410/S3270 Series switches. The following steps describe the installation procedure. Step 1 Power off and on to force restarting the switch, then press Ctrl+C to enter Uboot menu. Step 2 Enter 0 and then 1 in the Uboot menu to perform the installation process. image.png Step 3 Use TFTP protocol to download the installation files, and then install PICOS. a) Configure the TFTP parameters. Local IP is the management interface IP of the switch, Remote IP is the IP of the TFTP server, Filename is the installation image directory and name located on the TFTP server. image.png b) After downloaded the installation image successfully, you need to input Y manually, then the system will automatically start system installation process. c) Wait a few minutes before the installation process is completed. When Success is displayed, it indicates that the installation process is successfully completed. Step 4 Press Ctrl+Z to go back to the Uboot menu, then type 2 to reboot the switch. image.png Then the device reboots and comes up running the new network operating system. Users need to enter the username and password after the system restarts, the initial login username is admin and password is pica8. Then users will be asked to set a new password for admin. This is the only post installation step after which the PICOS operating system can be used. 6.3 Upgrading PicOS® by Using Upgrade2 for S5860 Series Switches (Login via Console Port) NOTE: This guide is only available for upgrading PicOS® for FS S5860 Series switches when login via the console port. For S5860 Series switches, due to limited space in /home/admin/ and /cftmp/, image files should be stored in the /mnt/open/ directory. 6.3.1 Introduction PicOS® supports upgrade2 method for system upgrade. There will be two separate systems on the device after the upgrade2 operation: PICOS and PICOS2. One of them will be the running system and the other will stay inactive. PICOS and PICOS2 system files and their respective configuration files are located in /mnt/open/picos/ of the flash. A list and brief description of these files is as follows. * uImage1.itb * picos1.sqsh * config1/backup_files //User-defined backup files list * config1/backup.tar.gz //Backup of latest.tar.gz * config1/latest.tar.gz //The newest configuration files * uImage2.itb * picos2.sqsh * config2/backup_files * config2/backup.tar.gz * config2/latest.tar.gz The upgrade2 installer installs the new system into the inactive system’s file. The inactive system will be overwritten. After this operation, the new system is the inactive system and then the installer modifies the boot menu to make the newly installed system to be the default boot system. Finally, the system will come up running the new network operating system when boots up normally after the upgrading is finished,. Upgrade2 method supports system rollback function. The "nos-rollback" command can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. This can reduce the network interruption risk due to the failure of system upgrade process and ensure the systems’ continuous availability. You can refer to section Rollback Procedure for details. We recommend using upgrade2 method to upgrade the NOS as there are functions of system backup and rollback. 6.3.2 Preparation before Upgrading Table 1. Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed. 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build an upgrade environment to get the upgrade software according to the need. 4 Getting the Required Upgrade Software Obtain the required supporting upgrade software. 5 Backing up Important Data in Flash All the important data in Flash is backed up. 6 Pre-Upgrade Check: Remove EVPN Configuration on Unsupported Devices No EVPN-related configuration remains on the unsupported devices. 7 Pre-Upgrade Configuration Check ACL rules must not contain destination-port or source-port without specifying a protocol. Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS:~$ version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S5860-24XB-U Software Version : 4.3.3.2/4b5f523 Software Released Date : 02/14/2025 Serial Number : 463054NPEM2402002 System Uptime : 0 day 4 hour 25 minute Hardware ID : 9B04-DFF8-5D0E-8859 License Type : 1G PicOS(R) Perpetual License Device MAC Address : 64:9d:99:d2:04:53 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2020-10-28", "Hardware ID":"ACD2-F77A-BBA3-2849", "Site Name":"PICA8" } Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment to get the upgrade software, the basic requirements are as follows: PC can log in to the device through serial. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following website for the latest version of upgrade software. http://www.pica8.com/support/customer Backing up Important Data in Flash Before upgrading, save the important data in Flash to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed. Pre-Upgrade Check: Remove EVPN Configuration on Unsupported Devices The following devices do not support EVPN. Before upgrading to PICOS 4.6.0E or later, please make sure to remove all EVPN-related configurations on these devices before proceeding. All ARM-based models: S3410 / AS4610 / S3910 / S5810 / S5860 / S3100 / S3270 / N3024 / N3048 / N3132 series Check & Cleanup Steps Verify Device Model run show version Check for Current Configuration show | display set Manually delete all CLI configuration lines that contain the keyword “evpn”. If EVPN configurations are not removed, the following error will be displayed, and the upgrade process will stop: Error: The current version does not support EVPN. Please delete the EVPN related configuration before upgrading. Upgrade aborts. Pre-Upgrade Configuration Check Before upgrading to version 4.5.3E or later, check the configuration file for ACL rules. If any ACL rule specifies a destination-port or source-port without a protocol, you must either delete the rule or add a condition specifying the protocol. Otherwise, the upgrade will be aborted. During the upgrade check, the system displays the following message: Error: ACL rules with port conditions must include a protocol. Please delete ACL rules that specify port without protocol before upgrading. Upgrade aborts. 6.3.3 Upgrading Notes Downgrade to an earlier version is NOT supported by using upgrade2 command. When using FTP/TFTP to download the image, user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image can be modified during download, and the upgrade will fail during the md5 check. The image file is a .bin file, for example S5860-24XB-U-picos-e-4.4.3.2-2f6f578-fs.bin. The image is platform dependent, that is, the image_name should be consistent with the platform, otherwise the upgrade script will abort. 6.3.4 Upgrading Procedure The upgrading procedure in this document gives an example of upgrading on S5860-24XB-U from PICOS 4.3.3.2 to 4.4.3.2 using upgrade2 command. NOTE： Usage of upgrade2 command: USAGE Upgrade system with local new image SYNOPSIS upgrade2 [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default PICOS upgrade is done via the command "upgrade2" in bash (launching a shell script named "upgrade2.sh"). This script will upgrade the image and back up configuration files automatically. Image name is in the form of .bin from version 3.1.0, which should be copied to the /mnt/open directory before running upgrade2 command. The no-md5-check option is removed from PICOS 3.1.0. If there is an MD5 file in the /mnt/open directory, the upgrade script will check package integrity with MD5. Else if there is no MD5 file in the /mnt/open directory, then skip the MD5 check step. The option factory-default is used to reset the configuration to factory default when performing upgrade, but it retains the license files from the previous version. Upgrade2 Procedure Step 1 Stop PicOS® service before upgrade. admin@PICOS:~$ sudo systemctl stop picos Step 2 Copy the upgrade package (in the form of .bin) and the MD5 file to /mnt/open directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/S5860-24XB-U/S5860-24XB-U-picos-e-4.4.3.2-2f6f578-fs.bin /mnt/open admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/S5860-24XB-U/S5860-24XB-U-picos-e-4.4.3.2-2f6f578-fs.bin.md5 /mnt/open NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/4.4.3.2/S5860-24XB-U/S5860-24XB-U-picos-e-4.4.3.2-2f6f578-fs.bin /mnt/open admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/4.4.3.2/S5860-24XB-U/S5860-24XB-U-picos-e-4.4.3.2-2f6f578-fs.bin.md5 /mnt/open If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. Step 3 Execute the sync operation. admin@PICOS:~$ sync Step 4 Change directory to /mnt/open. admin@PICOS:~$ cd /mnt/open Step 5 Run upgrade2 command to begin upgrading. admin@PICOS:/mnt/open$ sudo upgrade2 S5860-24XB-U-picos-e-4.4.3.2-2f6f578-fs.bin After finishing upgrade, the switch will reboot automatically, the system will come up running the new network operating system. NOTE： It will take 20 - 30 minutes to finish upgrading PICOS. During the upgrade process, please be patient and do not perform any operation until the upgrade is complete, otherwise, the upgrade may be interrupted. 6.3.5 Rollback Procedure The upgrade2 method supports system rollback function. The "nos-rollback" command can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. NOTE： Usage of nos-rollback command: admin@PicOS®:~$ sudo nos-rollback USAGE Rollback to the previous system after next reboot SYNOPSIS nos-rollback The rollback procedure is as follows: Step 1 Run nos-rollback command for manually rollback. admin@PICOS:~$ sudo nos-rollback Step 2 Reboot system manually to finish rollback. admin@PICOS:~$ sudo reboot You need to manually reboot the system after issued "nos-rollback" command and the system switching takes effect. After rebooting successfully, the system will come up running the previous version of network operating system. 6.3.6 Verifying Version after Upgrading admin@PICOS:~$ version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S5860-24XB-U Software Version : 4.4.3.2/4c5a643 Software Released Date : 02/14/2025 Serial Number : 463054NPEM2402002 System Uptime : 0 day 4 hour 25 minute Hardware ID : 9B04-DFF8-5D0E-8859 License Type : 1G PicOS(R) Perpetual License Device MAC Address : 64:9d:99:d2:04:53 6.4 Upgrading PicOS® by Using Upgrade2 for S5860 Series Switches (Login via Eth0 or Inband Management Interface) NOTE: This guide is only available for upgrading PicOS® for FS S5860 Series switches when login via the eth0 or inband management interface, and the supported version should be 4.4.5.7 or later versions before upgrade. During the upgrade process, the user connections and services will be interrupted. This means that users may lose access to the system, and any processes or transactions being handled by the services will be paused until the upgrade is complete. After the upgrade, users will need to reconnect to resume normal operations, and services will be restored. For S5860 Series switches, due to limited space in /home/admin/ and /cftmp/, image files should be stored in the /mnt/open/ directory. 6.4.1 Introduction PicOS® supports upgrade2 method for system upgrade. There will be two separate systems on the device after the upgrade2 operation: PICOS and PICOS2. One of them will be the running system and the other will stay inactive. PICOS and PICOS2 system files and their respective configuration files are located in /mnt/open/picos/ of the flash. A list and brief description of these files is as follows. *uImage1.itb *picos1.sqsh *config1/backup_files //User-defined backup files list *config1/backup.tar.gz //Backup of latest.tar.gz *config1/latest.tar.gz //The newest configuration files *uImage2.itb *picos2.sqsh *config2/backup_files *config2/backup.tar.gz *config2/latest.tar.gz The upgrade2 installer installs the new system into the inactive system’s file. The inactive system will be overwritten. After this operation, the new system is the inactive system and then the installer modifies the boot menu to make the newly installed system to be the default boot system. Finally, the system will come up running the new network operating system when boots up normally after the upgrading is finished,. Upgrade2 method supports system rollback function. The "nos-rollback" command can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. This can reduce the network interruption risk due to the failure of system upgrade process and ensure the systems’ continuous availability. You can refer to section Rollback Procedure for details. We recommend using upgrade2 method to upgrade the NOS as there are functions of system backup and rollback. 6.4.2 Preparation before Upgrading Table 1. Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed. 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build an upgrade environment to get the upgrade software according to the need. 4 Getting the Required Upgrade Software Obtain the required supporting upgrade software. 5 Backing up Important Data in Flash All the important data in Flash is backed up. 6 Pre-Upgrade Check: Remove EVPN Configuration on Unsupported Devices No EVPN-related configuration remains on the unsupported devices. 7 Pre-Upgrade Configuration Check ACL rules must not contain destination-port or source-port without specifying a protocol. Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS:~$ version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S5860-48MG-U Software Version : 4.4.5.7/4f6f523 Software Released Date : 02/14/2025 Serial Number : 463054NPEM2402002 System Uptime : 0 day 4 hour 25 minute Hardware ID : 9B04-DFF8-5D0E-8859 License Type : 1G PicOS(R) Perpetual License Device MAC Address : 64:9d:99:d7:7d:23 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2020-10-28", "Hardware ID":"ACD2-F77A-BBA3-2849", "Site Name":"PICA8" } Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment to get the upgrade software, the basic requirements are as follows: PC can log in to the device through SSH. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following website for the latest version of upgrade software. http://www.pica8.com/support/customer Backing up Important Data in Flash Before upgrading, save the important data in Flash to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed. Pre-Upgrade Check: Remove EVPN Configuration on Unsupported Devices The following devices do not support EVPN. Before upgrading to PICOS 4.6.0E or later, please make sure to remove all EVPN-related configurations on these devices before proceeding. All ARM-based models: S3410 / AS4610 / S3910 / S5810 / S5860 / S3100 / S3270 / N3024 / N3048 / N3132 series Check & Cleanup Steps Verify Device Model run show version Check for Current Configuration show | display set Manually delete all CLI configuration lines that contain the keyword “evpn”. If EVPN configurations are not removed, the following error will be displayed, and the upgrade process will stop: Error: The current version does not support EVPN. Please delete the EVPN related configuration before upgrading. Upgrade aborts. Pre-Upgrade Configuration Check Before upgrading to version 4.5.3E or later, check the configuration file for ACL rules. If any ACL rule specifies a destination-port or source-port without a protocol, you must either delete the rule or add a condition specifying the protocol. Otherwise, the upgrade will be aborted. During the upgrade check, the system displays the following message: Error: ACL rules with port conditions must include a protocol. Please delete ACL rules that specify port without protocol before upgrading. Upgrade aborts. 6.4.3 Upgrading Notes Downgrade to an earlier version is NOT supported by using upgrade2 command. When using FTP/TFTP to download the image, user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image can be modified during download, and the upgrade will fail during the md5 check. The image file is a .bin file, for example S5860-24XB-U-picos-e-4.4.5.7-2f6f578-fs.bin. Please find the log file related to PICOS upgrade process at /mnt/open/picos/config2/upgrade2.log and /mnt/open/picos/config1/upgrade2.log. This log file contains detailed information about the steps performed during the upgrade, including any errors or warnings that occurred. It can be used to troubleshoot issues or verify that the upgrade was completed successfully. The image is platform dependent, that is, the image_name should be consistent with the platform, otherwise the upgrade script will abort. During the upgrade process, power interruption is not allowed. 6.4.4 Upgrading Procedure The upgrading procedure in this document gives an example of upgrading on S5860-48MG-U from 4.4.5.7 to 4.4.5.8 using upgrade2 command. NOTE： Usage of upgrade2 command: USAGE Upgrade system with local new image SYNOPSIS upgrade2 [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default PICOS upgrade is done via the command "upgrade2" in bash (launching a shell script named "upgrade2.sh"). This script will upgrade the image and back up configuration files automatically. Image name is in the form of .bin , which should be copied to the /mnt/open directory before running upgrade2 command. The option factory-default is used to reset the configuration to factory default when performing upgrade, but it retains the license files from the previous version. Upgrade2 Procedure Step 1 Copy the upgrade package (in the form of .bin) and the MD5 file to /mnt/open directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/s5860/S5860_picos-4.4.5.8-7f06432992.bin /mnt/open admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/s5860/S5860_picos-4.4.5.8-7f06432992.bin.md5 /mnt/open NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/s5860/S5860_picos-4.4.5.8-7f06432992.bin /mnt/open admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/s5860/S5860_picos-4.4.5.8-7f06432992.bin.md5 /mnt/open If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. Step 2 Execute the sync operation. admin@PICOS:~$ sync Step 3 Change directory to /mnt/open. admin@PICOS:~$ cd /mnt/open Step 4 Run upgrade2 command to begin upgrading. admin@PICOS:/mnt/open$ sudo upgrade2 S5860_picos-4.4.5.8-7f06432992.bin Upgrading system... The connection may be interrupted. Please wait a moment to complete the upgrading procedure. admin@PICOS:/mnt/open$ NOTE： It will take about 5 minutes to finish upgrading PICOS. During the upgrade process, please be patient and do not perform any operation until the upgrade is complete, otherwise, the upgrade may be interrupted. During the upgrade process, the user connections and services will be interrupted. This means that users may lose access to the system, and any processes or transactions being handled by the services will be paused until the upgrade is complete. Step 5 After the upgrade, users will need to reconnect to resume normal operations, and services will be restored. admin@PICOS:~$ ssh admin@10.10.51.54 6.4.5 Rollback Procedure The upgrade2 method supports system rollback function. The "nos-rollback" command can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. NOTE： Usage of nos-rollback command: admin@PICOS:~$ sudo nos-rollback USAGE Rollback to the previous system after next reboot SYNOPSIS nos-rollback The rollback procedure is as follows: Step 1 Run nos-rollback command for manually rollback. admin@PICOS:~$ sudo nos-rollback Step 2 Reboot system manually to finish rollback. admin@PICOS:~$ sudo reboot You need to manually reboot the system after issued "nos-rollback" command and the system switching takes effect. After rebooting successfully, the system will come up running the previous version of network operating system. 6.4.6 Verifying Version after Upgrading admin@PICOS:~$ version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S5860-48MG-U Software Version : 4.4.5.8/7f06432992 Software Released Date : 02/14/2025 Serial Number : 463054NPEM2402002 System Uptime : 0 day 4 hour 25 minute Hardware ID : 9B04-DFF8-5D0E-8859 License Type : 1G PicOS(R) Perpetual License Device MAC Address : 64:9d:99:d7:7d:23 6.5 Upgrading PicOS® for FS S5810/S5860 Series Switches Using Upgrade Command (Login via Console Port) NOTE: This guide is only available for upgrading PicOS® for FS S5810/S5860 Series switches when login via the console port. S5810 Series switches only support the upgrade method and do not support the upgrade2 method. For S5810/S5860 Series switches, due to limited space in /home/admin/ and /cftmp/, image files should be stored in the /mnt/open/ directory. 6.5.1 Preparation before Upgrading Table 1. Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build a different upgrade environment to get the upgrade software according to the need 4 Getting the Required Upgrade Software Obtain the required supporting upgrade software 5 Backing up Important Data in Flash All the important data in Flash is backed up 6 Checking Available Flash Space Flash space is enough to save upgrading package and other files 7 Pre-Upgrade Check: Remove EVPN Configuration on Unsupported Devices No EVPN-related configuration remains on the unsupported devices. 8 Pre-Upgrade Configuration Check ACL rules must not contain destination-port or source-port without specifying a protocol. Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS:~$ version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S5810-48TS-P Software Version : 4.4.3.1/4f6f523 Software Released Date : 02/14/2025 Serial Number : 463054NPEM2402002 System Uptime : 0 day 4 hour 25 minute Hardware ID : 9B04-DFF8-5D0E-8859 License Type : 1G PicOS(R) Perpetual License Device MAC Address : 64:9d:99:d7:7d:23 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2020-10-28", "Hardware ID":"ACD2-F77A-BBA3-2849", "Site Name":"PICA8" } Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment to get the upgrade software, the basic requirements are as follows: PC can log in to the device through serial. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following website for the latest version of upgrade software. http://www.pica8.com/support/customer Backing up Important Data in Flash Before upgrading, save the important data (such as the configuration file) in Flash to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed. Where is the PicOS® configuration? OVSDB file L2/L3 Configuration Files Checking Available Flash Space Use the df command to check the available flash space. admin@PICOS:~$ df Filesystem 1K-blocks Used Available Use% Mounted on udev 493028 0 493028 0% /dev overlay 358904 57528 301376 17% / tmpfs 512720 0 512720 0% /dev/shm tmpfs 205088 3256 201832 2% /run tmpfs 5120 0 5120 0% /run/lock tmpfs 51200 292 50908 1% /tmp /dev/ubi1_0 402660 208320 189500 53% /mnt/open Pre-Upgrade Check: Remove EVPN Configuration on Unsupported Devices The following devices do not support EVPN. Before upgrading to PICOS 4.6.0E or later, please make sure to remove all EVPN-related configurations on these devices before proceeding. All ARM-based models: S3410 / AS4610 / S3910 / S5810 / S5860 / S3100 / S3270 / N3024 / N3048 / N3132 series Check & Cleanup Steps Verify Device Model run show version Check for Current Configuration show | display set Manually delete all CLI configuration lines that contain the keyword “evpn”. If EVPN configurations are not removed, the following error will be displayed, and the upgrade process will stop: Error: The current version does not support EVPN. Please delete the EVPN related configuration before upgrading. Upgrade aborts. Pre-Upgrade Configuration Check Before upgrading to version 4.5.3E or later, check the configuration file for ACL rules. If any ACL rule specifies a destination-port or source-port without a protocol, you must either delete the rule or add a condition specifying the protocol. Otherwise, the upgrade will be aborted. During the upgrade check, the system displays the following message: Error: ACL rules with port conditions must include a protocol. Please delete ACL rules that specify port without protocol before upgrading. Upgrade aborts. 6.5.2 Upgrading Notes The device is not supported to upgrade to a previous version. When using FTP/TFTP to download the image, user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image can be modified during download, and the upgrade will fail during the md5 check. The image is platform dependent, that is, the image_name should be consistent with the platform, otherwise the upgrade script will abort. The image file is a .bin file, for example S5810-48TS-P-picos-e-4.4.3.2-2f6f578-fs.bin. When upgrading, the installer checks whether there is a user-data partition. If there exists a User-Data partition, the installer only rewrites the running system boot partition (PicOS/ PicOS2) and installs the new installation package to this partition. However, if there is no User-Data partition, the installer removes all the partitions to rebuild a brand new NOS. Upgrade operation via upgrade commands is not allowed on non-default system, you can upgrade PICOS only on default system. When there are more than one PICOS, the default system is the one automatically booted into after system reboot. During the upgrade process, no power interruption is allowed. 6.5.3 Upgrading Procedure The upgrading procedure in this document gives an example of upgrading on S5860-24XB-U from PICOS 4.3.3.2 to 4.4.3.2 using upgrade2 command. NOTE： Usage of upgrade command: admin@PICOS:~$ sudo upgrade USAGE Upgrade system with local new image SYNOPSIS upgrade [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default PICOS upgrade is done via the command "upgrade" in bash (launching a shell script named "upgrade.sh"). This script will upgrade the image automatically. The file format of the upgrade package is *.bin. If there is an MD5 file in the /cftmp directory, the upgrade script will check package integrity with MD5. Else if there is no MD5 file in the /cftmp directory, then skip the MD5 check step. The option factory-default is used to reset the configuration to factory default when performing upgrade. This option retains the license files from the previous version. The upgrading procedure in this document gives an example of upgrading on S5810-48TS-P from PICOS 4.4.3.1 to 4.4.3.2. Step 1 Stop PicOS® service before upgrade. On FS S5810 Series and S5860 Series switches, use the following command: admin@PICOS:~$ sudo systemctl stop picos Step 2 Copy the upgrade package (in the form of .bin) and the MD5 file to /mnt/open/ directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/s5810/S5810-48TS-P-picos-e-4.4.3.2-2f6f578-fs.bin /mnt/open/ admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/s5810/S5810-48TS-P-picos-e-4.4.3.2-2f6f578-fs.bin.md5 /mnt/open/ NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/s5810/S5810-48TS-P-picos-e-4.4.3.2-2f6f578-fs.bin /mnt/open/ admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/s5810/S5810-48TS-P-picos-e-4.4.3.2-2f6f578-fs.bin.md5 /mnt/open/ If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. Step 3 Execute the sync operation. admin@PICOS:~$ sync Step 4 Change directory to /mnt/open/. admin@PICOS:~$ cd /mnt/open/ Step 5 Run the upgrade command. admin@PICOS:/mnt/open$ sudo upgrade S5810-48TS-P-picos-e-4.4.3.2-2f6f578-fs.bin After the upgrade is complete, the system will automatically reboot and run the new network operating system. 6.5.4 Verifying Version after Upgrading admin@PICOS:~$ version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S5810-48TS-P Software Version : 4.4.3.2/2f6f578 Software Released Date : 02/14/2025 Serial Number : 463054NPEM2402002 System Uptime : 0 day 4 hour 25 minute Hardware ID : 9B04-DFF8-5D0E-8859 License Type : 1G PicOS(R) Perpetual License Device MAC Address : 64:9d:99:d7:7d:23 6.6 Upgrading PicOS® for FS S5810/S5860 Series Switches Using Upgrade Command (Login via Eth0 or Inband Management Interface) NOTE: This guide is only available for upgrading PicOS® for FS S5810/S5860 Series switches when login via the eth0 or inband management interface, and the supported version should be 4.4.5.7 or later versions before upgrade. During the upgrade process, the user connections and services will be interrupted. This means that users may lose access to the system, and any processes or transactions being handled by the services will be paused until the upgrade is complete. After the upgrade, users will need to reconnect to resume normal operations, and services will be restored. S5810 Series switches only support the upgrade method and do not support the upgrade2 method. For S5810/S5860 Series switches, due to limited space in /home/admin/ and /cftmp/, image files should be stored in the /mnt/open/ directory. 6.6.1 Preparation before Upgrading Table 1. Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build a different upgrade environment to get the upgrade software according to the need 4 Getting the Required Upgrade Software Obtain the required supporting upgrade software 5 Backing up Important Data in Flash All the important data in Flash is backed up 6 Checking Available Flash Space Flash space is enough to save upgrading package and other files 7 Pre-Upgrade Check: Remove EVPN Configuration on Unsupported Devices No EVPN-related configuration remains on the unsupported devices. 8 Pre-Upgrade Configuration Check ACL rules must not contain destination-port or source-port without specifying a protocol. Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS:~$ version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S5860-48MG-U Software Version : 4.4.5.7/4f6f523 Software Released Date : 02/14/2025 Serial Number : 463054NPEM2402002 System Uptime : 0 day 4 hour 25 minute Hardware ID : 9B04-DFF8-5D0E-8859 License Type : 1G PicOS(R) Perpetual License Device MAC Address : 64:9d:99:d7:7d:23 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2020-10-28", "Hardware ID":"ACD2-F77A-BBA3-2849", "Site Name":"PICA8" } Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment to get the upgrade software, the basic requirements are as follows: PC can log in to the device through eth0 or inband management interface. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following website for the latest version of upgrade software. http://www.pica8.com/support/customer Backing up Important Data in Flash Before upgrading, save the important data (such as the configuration file) in Flash to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed. Where is the PicOS® configuration? OVSDB file L2/L3 Configuration Files Checking Available Flash Space Use the df command to check the available flash space. admin@PICOS:~$ df Filesystem 1K-blocks Used Available Use% Mounted on udev 493028 0 493028 0% /dev overlay 358904 57528 301376 17% / tmpfs 512720 0 512720 0% /dev/shm tmpfs 205088 3256 201832 2% /run tmpfs 5120 0 5120 0% /run/lock tmpfs 51200 292 50908 1% /tmp /dev/ubi1_0 402660 208320 189500 53% /mnt/open Pre-Upgrade Check: Remove EVPN Configuration on Unsupported Devices The following devices do not support EVPN. Before upgrading to PICOS 4.6.0E or later, please make sure to remove all EVPN-related configurations on these devices before proceeding. All ARM-based models: S3410 / AS4610 / S3910 / S5810 / S5860 / S3100 / S3270 / N3024 / N3048 / N3132 series Check & Cleanup Steps Verify Device Model run show version Check for Current Configuration show | display set Manually delete all CLI configuration lines that contain the keyword “evpn”. If EVPN configurations are not removed, the following error will be displayed, and the upgrade process will stop: Error: The current version does not support EVPN. Please delete the EVPN related configuration before upgrading. Upgrade aborts. Pre-Upgrade Configuration Check Before upgrading to version 4.5.3E or later, check the configuration file for ACL rules. If any ACL rule specifies a destination-port or source-port without a protocol, you must either delete the rule or add a condition specifying the protocol. Otherwise, the upgrade will be aborted. During the upgrade check, the system displays the following message: Error: ACL rules with port conditions must include a protocol. Please delete ACL rules that specify port without protocol before upgrading. Upgrade aborts. 6.6.2 Upgrading Notes The device is not supported to upgrade to a previous version. When using FTP/TFTP to download the image, user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image can be modified during download, and the upgrade will fail during the md5 check. The image is platform dependent, that is, the image_name should be consistent with the platform, otherwise the upgrade script will abort. The image file is a .bin file, for example S5810-48TS-P-picos-e-4.4.5.7-2f6f578-fs.bin. Please find the log file related to PICOS upgrade process at /mnt/open/picos/config2/upgrade.log and /mnt/open/picos/config1/upgrade.log. This log file contains detailed information about the steps performed during the upgrade, including any errors or warnings that occurred. It can be used to troubleshoot issues or verify that the upgrade was completed successfully. When upgrading, the installer checks whether there is a user-data partition. If there exists a User-Data partition, the installer only rewrites the running system boot partition (PicOS/ PicOS2) and installs the new installation package to this partition. However, if there is no User-Data partition, the installer removes all the partitions to rebuild a brand new NOS. Upgrade operation via upgrade commands is not allowed on non-default system, you can upgrade PICOS only on default system. When there are more than one PICOS, the default system is the one automatically booted into after system reboot. During the upgrade process, power interruption is not allowed. 6.6.3 Upgrading Procedure The upgrading procedure in this document gives an example of upgrading on S5860-48MG-U from 4.4.5.7 to 4.4.5.8 using upgrade2 command. NOTE： Usage of upgrade command: admin@PICOS:~$ sudo upgrade USAGE Upgrade system with local new image SYNOPSIS upgrade [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default PICOS upgrade is done via the command "upgrade" in bash (launching a shell script named "upgrade.sh"). This script will upgrade the image automatically. The file format of the upgrade package is *.bin. If there is an MD5 file in the /mnt/open directory, the upgrade script will check package integrity with MD5. Else if there is no MD5 file in the /mnt/open directory, then skip the MD5 check step. The option factory-default is used to reset the configuration to factory default when performing upgrade. This option retains the license files from the previous version. Upgrade2 Procedure The upgrading procedure in this document gives an example of upgrading on S5860-48MG-U from PICOS 4.4.5.7 to 4.4.5.8. Step 1 Copy the upgrade package (in the form of .bin) and the MD5 file to /mnt/open directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/s5860/S5860_picos-4.4.5.8-7f06432992.bin /mnt/open admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/s5860/S5860_picos-4.4.5.8-7f06432992.bin.md5 /mnt/open NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/s5860/S5860_picos-4.4.5.8-7f06432992.bin /mnt/open admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/s5860/S5860_picos-4.4.5.8-7f06432992.bin.md5 /mnt/open If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. Step 2 Execute the sync operation. admin@PICOS:~$ sync Step 3 Change directory to /mnt/open. admin@PICOS:~$ cd /mnt/open Step 4 Run upgrade2 command to begin upgrading. admin@PICOS:/mnt/open$ sudo upgrade S5860_picos-4.4.5.8-7f06432992.bin Upgrading system... The connection may be interrupted. Please wait a moment to complete the upgrading procedure. admin@PICOS:/mnt/open$ NOTE： It will take about 5 minutes to finish upgrading PICOS. During the upgrade process, please be patient and do not perform any operation until the upgrade is complete, otherwise, the upgrade may be interrupted. During the upgrade process, the user connections and services will be interrupted. This means that users may lose access to the system, and any processes or transactions being handled by the services will be paused until the upgrade is complete. Step 5 After the upgrade, users will need to reconnect to resume normal operations, and services will be restored. admin@PICOS:~$ ssh admin@10.10.51.54 6.6.4 Verifying Version after Upgrading admin@PICOS:~$ version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S5860-48MG-U Software Version : 4.4.5.8/7f06432992 Software Released Date : 02/14/2025 Serial Number : 463054NPEM2402002 System Uptime : 0 day 4 hour 25 minute Hardware ID : 9B04-DFF8-5D0E-8859 License Type : 1G PicOS(R) Perpetual License Device MAC Address : 64:9d:99:d7:7d:23 6.7 Upgrading PicOS® by Using Upgrade2 for S3410 Series Switches (Login via Console Port) NOTEs: This guide is only available for upgrading PicOS® for FS S3410 Series switches when login via the console port. The S3410 Series switches only support upgrade via the upgrade2 method. For S3410 Series switches, due to limited space in /home/admin/ and /cftmp/, image files should be stored in the /mnt/open/ directory. 6.7.1 Introduction PicOS® supports upgrade2 method for system upgrade. There will be two separate systems on the device after the upgrade2 operation: PICOS and PICOS2. One of them will be the running system and the other will stay inactive. PICOS and PICOS2 system files and their respective configuration files are located in /mnt/open/picos/ of the flash. A list and brief description of these files is as follows. * uImage1.itb * picos1.sqsh * config1/backup_files //User-defined backup files list * config1/backup.tar.gz //Backup of latest.tar.gz * config1/latest.tar.gz //The newest configuration files * uImage2.itb * picos2.sqsh * config2/backup_files * config2/backup.tar.gz * config2/latest.tar.gz The upgrade2 installer installs the new system into the inactive system’s file. The inactive system will be overwritten. After this operation, the new system is the inactive system and then the installer modifies the boot menu to make the newly installed system to be the default boot system. Finally, the system will come up running the new network operating system when boots up normally after the upgrading is finished,. Upgrade2 method supports system rollback function. The "nos-rollback" command can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. This can reduce the network interruption risk due to the failure of system upgrade process and ensure the systems’ continuous availability. You can refer to section Rollback Procedure for details. We recommend using upgrade2 method to upgrade the NOS as there are functions of system backup and rollback. 6.7.2 Preparation before Upgrading Table 1. Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed. 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build an upgrade environment to get the upgrade software according to the need. 4 Getting the Required Upgrade Software Obtain the required supporting upgrade software. 5 Backing up Important Data in Flash All the important data in Flash is backed up. 6 Pre-Upgrade Configuration Check Verify and clean up any unsupported or deprecated configurations before upgrading; otherwise, the upgrade will be interrupted or fail. Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS# run show version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S3410C-8TMS-P Software Version : 4.4.5.1/3c5f478 Software Released Date : 07/15/2025 Serial Number : TW0H74GDDNT0005B0006 System Uptime : 2 day 18 hour 39 minute Hardware ID : 22D1-C075-22AA-EFBF License Type : 1G PicOS(R) Perpetual License Device MAC Address : 18:5a:58:26:c3:21 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2025-10-28", "Hardware ID":"22D1-C075-22AA-EFBF", "Site Name":"PICA8" } Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment to get the upgrade software, the basic requirements are as follows: PC can log in to the device through serial. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following website for the latest version of upgrade software. http://www.pica8.com/support/customer Backing up Important Data in Flash Before upgrading, save the important data in Flash to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed. Pre-Upgrade Configuration Check Remove EVPN Configuration on Unsupported Devices The following devices do not support EVPN. Before upgrading to PICOS 4.6.0E or later, please make sure to remove all EVPN-related configurations on these devices before proceeding. All ARM-based models: S3410 / AS4610 / S3910 / S5810 / S5860 / S3100 / S3270 / N3024 / N3048 / N3132 series Check & Cleanup Steps Verify Device Model run show version Check for Current Configuration show | display set Manually delete all CLI configuration lines that contain the keyword “evpn”. If EVPN configurations are not removed, the following error will be displayed, and the upgrade process will stop: Error: The current version does not support EVPN. Please delete the EVPN related configuration before upgrading. Upgrade aborts. Check ACL Configurations Before upgrading to version 4.5.3E or later, check the configuration file for ACL rules. If any ACL rule specifies a destination-port or source-port without a protocol, you must either delete the rule or add a condition specifying the protocol. Otherwise, the upgrade will be aborted. During the upgrade check, the system displays the following message: Error: ACL rules with port conditions must include a protocol. Please delete ACL rules that specify port without protocol before upgrading. Upgrade aborts. Remove Deprecated Configurations on S3410 Series and S3270 Series Before upgrading S3410 Series and S3270 Series switches to version 4.7.1E or 4.7.1M, you must manually remove all configurations related to features that have been deprecated in the target version. The following configuration items must be deleted before the upgrade: If you upgrade the switch from version 4.4.5.x to 4.7.1E, you must remove all commands under the following feature modules: IS-IS, BGP, PIM, BFD, IPSG6, and certain commands under the CLI hierarchy set routing xx. If you upgrade the switch from version 4.4.5.x to 4.7.1M, you must remove all commands under the following feature modules: IS-IS, BGP, PIM, BFD, IPSG6, GRPC, IPv6 ND Inspection, IPv6 ND Snooping, Link Fault Signaling (LFS), MSDP, and certain commands under the CLI hierarchy set routing xx. If you upgrade the switch from version 4.7.1E to 4.7.1M, you must remove all commands under the following feature modules: GRPC, IPv6 ND Inspection, IPv6 ND Snooping, Link Fault Signaling (LFS), and MSDP. (For the detailed list of affected commands, refer to FS S3410 and S3270 Series Switches Unsupported Features and Limitations - Unsupported Features.) Failure to remove these configurations may result in configuration loss or upgrade failure. 6.7.3 Upgrading Notes Downgrade to an earlier version is NOT supported by using upgrade2 command. When using FTP/TFTP to download the image, user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image can be modified during download, and the upgrade will fail during the md5 check. The image file is a .bin file, for example S3410-picos-e-4.4.5.2-2f6f578-fs.bin. The image is platform dependent, that is, the image_name should be consistent with the platform, otherwise the upgrade script will abort. 6.7.4 Upgrading Procedure The upgrading procedure in this document gives an example of upgrading on S3410C-8TMS-P from PICOS 4.4.5.1 to 4.4.5.2 using upgrade2 command. NOTE： Usage of upgrade2 command: USAGE Upgrade system with local new image SYNOPSIS upgrade2 [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default PICOS upgrade is done via the command "upgrade2" in bash (launching a shell script named "upgrade2.sh"). This script will upgrade the image and back up configuration files automatically. Image name is in the form of .bin, which should be copied to the /mnt/open/ directory before running upgrade2 command. The option factory-default is used to reset the configuration to factory default when performing upgrade, but it retains the license files from the previous version. Upgrade2 Procedure Step 1 Stop PicOS® service before upgrade. admin@PICOS:~$ sudo /etc/init.d/picos stop Step 2 Copy the upgrade package (in the form of .bin) and the MD5 file to /mnt/open/ directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@198.51.100.20:/tftp/build/daily/S3410/S3410-picos-e-4.4.5.2-2f6f578-fs.bin /mnt/open/ admin@PICOS:~$ sudo scp pica8@198.51.100.20:/tftp/build/daily/S3410/S3410-picos-e-4.4.5.2-2f6f578-fs.bin.md5 /mnt/open/ NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@198.51.100.20:/tftp/build/4.4.5.2/S3410/S3410-picos-e-4.4.5.2-2f6f578-fs.bin /mnt/open/ admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@198.51.100.20:/tftp/build/4.4.5.2/S3410/S3410-picos-e-4.4.5.2-2f6f578-fs.bin.md5 /mnt/open/ If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. Step 3 Execute the sync operation. admin@PICOS:~$ sync Step 4 Change directory to /mnt/open/. admin@PICOS:~$ cd /mnt/open/ Step 5 Run upgrade2 command to begin upgrading. admin@PICOS:/mnt/open$ sudo upgrade2 S3410-picos-e-4.4.5.2-2f6f578-fs.bin After finishing upgrade, the switch will reboot automatically, the system will come up running the new network operating system. NOTE： It will take 20 - 30 minutes to finish upgrading PICOS. During the upgrade process, please be patient and do not perform any operation until the upgrade is complete, otherwise, the upgrade may be interrupted. 6.7.5 Rollback Procedure The upgrade2 method supports system rollback function. The "nos-rollback" command can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. NOTE： Usage of nos-rollback command: admin@PICOS:~$ sudo nos-rollback USAGE Rollback to the previous system after next reboot SYNOPSIS nos-rollback The rollback procedure is as follows: Step 1 Run nos-rollback command for manually rollback. admin@PICOS:~$ sudo nos-rollback Step 2 Reboot system manually to finish rollback. admin@PICOS:~$ sudo reboot You need to manually reboot the system after issued "nos-rollback" command and the system switching takes effect. After rebooting successfully, the system will come up running the previous version of network operating system. 6.7.6 Verifying Version after Upgrading admin@PICOS# run show version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S3410C-8TMS-P Software Version : 4.4.5.2/3c5f478 Software Released Date : 08/15/2025 Serial Number : TW0H74GDDNT0005B0006 System Uptime : 1 day 2 hour 15 minute Hardware ID : 22D1-C075-22AA-EFBF License Type : 1G PicOS(R) Perpetual License Device MAC Address : 18:5a:58:26:c3:21 6.8 Upgrading PicOS® by Using Upgrade2 for S3410 Series Switches (Login via Inband Management Interface) NOTE: This guide is only available for upgrading PicOS® for FS S3410 Series switches when login via the inband management interface, and the supported version should be 4.4.5.7 or later versions before upgrade. During the upgrade process, the user connections and services will be interrupted. This means that users may lose access to the system, and any processes or transactions being handled by the services will be paused until the upgrade is complete. After the upgrade, users will need to reconnect to resume normal operations, and services will be restored. The S3410 Series switches only support upgrade via the upgrade2 method. For S3410 Series switches, due to limited space in /home/admin/ and /cftmp/, image files should be stored in the /mnt/open/ directory. 6.8.1 Introduction PicOS® supports upgrade2 method for system upgrade. There will be two separate systems on the device after the upgrade2 operation: PICOS and PICOS2. One of them will be the running system and the other will stay inactive. PICOS and PICOS2 system files and their respective configuration files are located in /mnt/open/picos/ of the flash. A list and brief description of these files is as follows. * uImage1.itb * picos1.sqsh * config1/backup_files //User-defined backup files list * config1/backup.tar.gz //Backup of latest.tar.gz * config1/latest.tar.gz //The newest configuration files * uImage2.itb * picos2.sqsh * config2/backup_files * config2/backup.tar.gz * config2/latest.tar.gz The upgrade2 installer installs the new system into the inactive system’s file. The inactive system will be overwritten. After this operation, the new system is the inactive system and then the installer modifies the boot menu to make the newly installed system to be the default boot system. Finally, the system will come up running the new network operating system when boots up normally after the upgrading is finished,. Upgrade2 method supports system rollback function. The "nos-rollback" command can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. This can reduce the network interruption risk due to the failure of system upgrade process and ensure the systems’ continuous availability. You can refer to section Rollback Procedure for details. We recommend using upgrade2 method to upgrade the NOS as there are functions of system backup and rollback. 6.8.2 Preparation before Upgrading Table 1. Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed. 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build an upgrade environment to get the upgrade software according to the need. 4 Getting the Required Upgrade Software Obtain the required supporting upgrade software. 5 Backing up Important Data in Flash All the important data in Flash is backed up. 6 Pre-Upgrade Configuration Check Verify and clean up any unsupported or deprecated configurations before upgrading; otherwise, the upgrade will be interrupted or fail. Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS# run show version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S3410C-8TMS-P Software Version : 4.4.5.7/3c5f478 Software Released Date : 07/15/2025 Serial Number : TW0H74GDDNT0005B0006 System Uptime : 2 day 18 hour 39 minute Hardware ID : 22D1-C075-22AA-EFBF License Type : 1G PicOS(R) Perpetual License Device MAC Address : 18:5a:58:26:c3:21 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2025-10-28", "Hardware ID":"22D1-C075-22AA-EFBF", "Site Name":"PICA8" } Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment to get the upgrade software, the basic requirements are as follows: PC can log in to the device through SSH. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following website for the latest version of upgrade software. http://www.pica8.com/support/customer Backing up Important Data in Flash Before upgrading, save the important data in Flash to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed. Pre-Upgrade Check: Remove EVPN Configuration on Unsupported Devices The following devices do not support EVPN. Before upgrading to PICOS 4.6.0E or later, please make sure to remove all EVPN-related configurations on these devices before proceeding. All ARM-based models: S3410 / AS4610 / S3910 / S5810 / S5860 / S3100 / S3270 / N3024 / N3048 / N3132 series Check & Cleanup Steps Verify Device Model run show version Check for Current Configuration show | display set Manually delete all CLI configuration lines that contain the keyword “evpn”. If EVPN configurations are not removed, the following error will be displayed, and the upgrade process will stop: Error: The current version does not support EVPN. Please delete the EVPN related configuration before upgrading. Upgrade aborts. Check ACL Configurations Before upgrading to version 4.5.3E or later, check the configuration file for ACL rules. If any ACL rule specifies a destination-port or source-port without a protocol, you must either delete the rule or add a condition specifying the protocol. Otherwise, the upgrade will be aborted. During the upgrade check, the system displays the following message: Error: ACL rules with port conditions must include a protocol. Please delete ACL rules that specify port without protocol before upgrading. Upgrade aborts. Remove Deprecated Configurations on S3410 Series and S3270 Series Before upgrading S3410 Series and S3270 Series switches to version 4.7.1E or 4.7.1M, you must manually remove all configurations related to features that have been deprecated in the target version. The following configuration items must be deleted before the upgrade: If you upgrade the switch from version 4.4.5.x to 4.7.1E, you must remove all commands under the following feature modules: IS-IS, BGP, PIM, BFD, IPSG6, and certain commands under the CLI hierarchy set routing xx. If you upgrade the switch from version 4.4.5.x to 4.7.1M, you must remove all commands under the following feature modules: IS-IS, BGP, PIM, BFD, IPSG6, GRPC, IPv6 ND Inspection, IPv6 ND Snooping, Link Fault Signaling (LFS), MSDP, and certain commands under the CLI hierarchy set routing xx. If you upgrade the switch from version 4.7.1E to 4.7.1M, you must remove all commands under the following feature modules: GRPC, IPv6 ND Inspection, IPv6 ND Snooping, Link Fault Signaling (LFS), and MSDP. (For the detailed list of affected commands, refer to FS S3410 and S3270 Series Switches Unsupported Features and Limitations - Unsupported Features.) Failure to remove these configurations may result in configuration loss or upgrade failure. 6.8.3 Upgrading Notes Downgrade to an earlier version is NOT supported by using upgrade2 command. When using FTP/TFTP to download the image, user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image can be modified during download, and the upgrade will fail during the md5 check. The image file is a .bin file, for example S3410C-8TMS-P-picos-e-4.4.5.2-2f6f578-fs.bin. Please find the log file related to PICOS upgrade process at /mnt/open/picos/config2/upgrade2.log and /mnt/open/picos/config1/upgrade2.log. This log file contains detailed information about the steps performed during the upgrade, including any errors or warnings that occurred. It can be used to troubleshoot issues or verify that the upgrade was completed successfully. The image is platform dependent, that is, the image_name should be consistent with the platform, otherwise the upgrade script will abort. During the upgrade process, power interruption is not allowed. 6.8.4 Upgrading Procedure The upgrading procedure in this document gives an example of upgrading on S3410C-8TMS-P from PICOS 4.4.5.7 to 4.4.5.8 using upgrade2 command. NOTE： Usage of upgrade2 command: USAGE Upgrade system with local new image SYNOPSIS upgrade2 [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default PICOS upgrade is done via the command "upgrade2" in bash (launching a shell script named "upgrade2.sh"). This script will upgrade the image and back up configuration files automatically. Image name is in the form of .bin, which should be copied to the /mnt/open/ directory before running upgrade2 command. The option factory-default is used to reset the configuration to factory default when performing upgrade, but it retains the license files from the previous version. Upgrade2 Procedure Step 1 Copy the upgrade package (in the form of .bin) and the MD5 file to /mnt/open/ directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@198.51.100.20:/tftp/build/daily/S3410/S3410-picos-e-4.4.5.2-2f6f578-fs.bin /mnt/open/ admin@PICOS:~$ sudo scp pica8@198.51.100.20:/tftp/build/daily/S3410/S3410-picos-e-4.4.5.2-2f6f578-fs.bin.md5 /mnt/open/ NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@198.51.100.20:/tftp/build/4.4.5.8/S3410/S3410-picos-e-4.4.5.2-2f6f578-fs.bin /mnt/open/ admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@198.51.100.20:/tftp/build/4.4.5.8/S3410/S3410-picos-e-4.4.5.2-2f6f578-fs.bin.md5 /mnt/open/ If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. Step 2 Execute the sync operation. admin@PICOS:~$ sync Step 3 Change directory to /mnt/open/. admin@PICOS:~$ cd /mnt/open/ Step 4 Run upgrade2 command to begin upgrading. admin@PICOS:/mnt/open$ sudo upgrade2 S3410-picos-e-4.4.5.2-2f6f578-fs.bin Upgrading system... The connection may be interrupted. Please wait a moment to complete the upgrading procedure. admin@PICOS:/mnt/open$ NOTE： It will take about 5 minutes to finish upgrading PICOS. During the upgrade process, please be patient and do not perform any operation until the upgrade is complete, otherwise, the upgrade may be interrupted. During the upgrade process, the user connections and services will be interrupted. This means that users may lose access to the system, and any processes or transactions being handled by the services will be paused until the upgrade is complete. Step 5 After the upgrade, users will need to reconnect to resume normal operations, and services will be restored. admin@PICOS:~$ ssh admin@10.10.51.54 6.8.5 Rollback Procedure The upgrade2 method supports system rollback function. The "nos-rollback" command can be used to revert to a previous version of the installed software package. Moreover, if it fails to upgrade, the system can automatically rollback to the old system. NOTE： Usage of nos-rollback command: admin@PICOS:~$ sudo nos-rollback USAGE Rollback to the previous system after next reboot SYNOPSIS nos-rollback The rollback procedure is as follows: Step 1 Run nos-rollback command for manually rollback. admin@PICOS:~$ sudo nos-rollback Step 2 Reboot system manually to finish rollback. admin@PICOS:~$ sudo reboot You need to manually reboot the system after issued "nos-rollback" command and the system switching takes effect. After rebooting successfully, the system will come up running the previous version of network operating system. 6.8.6 Verifying Version after Upgrading admin@PICOS# run show version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S3410C-8TMS-P Software Version : 4.4.5.8/3c5f478 Software Released Date : 08/15/2025 Serial Number : TW0H74GDDNT0005B0006 System Uptime : 1 day 2 hour 15 minute Hardware ID : 22D1-C075-22AA-EFBF License Type : 1G PicOS(R) Perpetual License Device MAC Address : 18:5a:58:26:c3:21 6.9 Upgrading PicOS® for FS S3270 Series Switches Using Upgrade Command (Login via Console Port) NOTEs: This guide is only available for upgrading PicOS® for FS S3270 Series switches when login via the console port. S3270 Series switches only support the upgrade method and do not support the upgrade2 method. 6.9.1 Preparation before Upgrading Table 1. Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build a different upgrade environment to get the upgrade software according to the need 4 Getting the Required Upgrade Software Obtain the required supporting upgrade software 5 Backing up Important Data in Flash All the important data in Flash is backed up 6 Checking Available Flash Space Flash space is enough to save upgrading package and other files 7 Pre-Upgrade Configuration Check Verify and clean up any unsupported or deprecated configurations before upgrading; otherwise, the upgrade will be interrupted or fail. Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS# run show version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S3270-48TM Software Version : 4.4.5.15/bec5805091 Software Released Date : 02/20/2025 Serial Number : G1SK6UT007794 System Uptime : 1 day 16 hour 19 minute Hardware ID : 96DF-45C7-8B88-A1CB License Type : 1G PicOS(R) Perpetual License Device MAC Address : 64:9d:99:d7:25:99 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2026-10-28", "Hardware ID":"ACD2-F77A-BBA3-2849", "Site Name":"PICA8" } Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment to get the upgrade software, the basic requirements are as follows: PC can log in to the device through serial. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following website for the latest version of upgrade software. http://www.pica8.com/support/customer Backing up Important Data in Flash Before upgrading, save the important data (such as the configuration file) in Flash to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed. Where is the PicOS® configuration? OVSDB file L2/L3 Configuration Files Checking Available Flash Space Use the df command to check the available flash space. admin@PICOS:~$ df Filesystem 1K-blocks Used Available Use% Mounted on udev 493028 0 493028 0% /dev overlay 358904 57528 301376 17% / tmpfs 512720 0 512720 0% /dev/shm tmpfs 205088 3256 201832 2% /run tmpfs 5120 0 5120 0% /run/lock tmpfs 51200 292 50908 1% /tmp /dev/ubi1_0 402660 208320 189500 53% /mnt/open Pre-Upgrade Configuration Check Remove EVPN Configuration on Unsupported Devices The following devices do not support EVPN. Before upgrading to PICOS 4.6.0E or later, please make sure to remove all EVPN-related configurations on these devices before proceeding. All ARM-based models: S3410 / AS4610 / S3910 / S5810 / S5860 / S3100 / S3270 / N3024 / N3048 / N3132 series Check & Cleanup Steps Verify Device Model run show version Check for Current Configuration show | display set Manually delete all CLI configuration lines that contain the keyword “evpn”. If EVPN configurations are not removed, the following error will be displayed, and the upgrade process will stop: Error: The current version does not support EVPN. Please delete the EVPN related configuration before upgrading. Upgrade aborts. Check ACL Configurations Before upgrading to version 4.5.3E or later, check the configuration file for ACL rules. If any ACL rule specifies a destination-port or source-port without a protocol, you must either delete the rule or add a condition specifying the protocol. Otherwise, the upgrade will be aborted. During the upgrade check, the system displays the following message: Error: ACL rules with port conditions must include a protocol. Please delete ACL rules that specify port without protocol before upgrading. Upgrade aborts. Remove Deprecated Configurations on S3410 Series and S3270 Series Before upgrading S3410 Series and S3270 Series switches to version 4.7.1E or 4.7.1M, you must manually remove all configurations related to features that have been deprecated in the target version. The following configuration items must be deleted before the upgrade: If you upgrade the switch from version 4.4.5.x to 4.7.1E, you must remove all commands under the following feature modules: IS-IS, BGP, PIM, BFD, IPSG6, and certain commands under the CLI hierarchy set routing xx. If you upgrade the switch from version 4.4.5.x to 4.7.1M, you must remove all commands under the following feature modules: IS-IS, BGP, PIM, BFD, IPSG6, GRPC, IPv6 ND Inspection, IPv6 ND Snooping, Link Fault Signaling (LFS), MSDP, and certain commands under the CLI hierarchy set routing xx. If you upgrade the switch from version 4.7.1E to 4.7.1M, you must remove all commands under the following feature modules: GRPC, IPv6 ND Inspection, IPv6 ND Snooping, Link Fault Signaling (LFS), and MSDP. (For the detailed list of affected commands, refer to FS S3410 and S3270 Series Switches Unsupported Features and Limitations - Unsupported Features.) Failure to remove these configurations may result in configuration loss or upgrade failure. 6.9.2 Upgrading Notes The device is not supported to upgrade to a previous version. When using FTP/TFTP to download the image, user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image can be modified during download, and the upgrade will fail during the md5 check. The image is platform dependent, that is, the image_name should be consistent with the platform, otherwise the upgrade script will abort. The image file is a .bin file, for example S3270-PicOS-4.4.5.16-2d184f4453.bin. When upgrading, the installer checks whether there is a user-data partition. If there exists a User-Data partition, the installer only rewrites the running system boot partition (PicOS/ PicOS2) and installs the new installation package to this partition. However, if there is no User-Data partition, the installer removes all the partitions to rebuild a brand new NOS. Upgrade operation via upgrade commands is not allowed on non-default system, you can upgrade PICOS only on default system. When there are more than one PICOS, the default system is the one automatically booted into after system reboot. During the upgrade process, no power interruption is allowed. 6.9.3 Upgrading Procedure NOTE： Usage of upgrade command: admin@PicOS®:~$ sudo upgrade USAGE Upgrade system with local new image SYNOPSIS upgrade [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default PicOS® upgrade is done via the command "upgrade" in bash (launching a shell script named "upgrade.sh"). This script will upgrade the image automatically. The file format of the upgrade package is *.bin. If there is an MD5 file in the /cftmp directory, the upgrade script will check package integrity with MD5. Else if there is no MD5 file in the /cftmp directory, then skip the MD5 check step. The option factory-default is used to reset the configuration to factory default when performing upgrade. This option retains the license files from the previous version. The upgrading procedure in this document gives an example of upgrading on S3270-48TM from PICOS 4.4.5.15 to 4.4.5.16. Step 1 Stop PicOS® service before upgrade. On FS S3270 Series switches, use the following command: admin@PICOS:~$ sudo systemctl stop picos Step 2 Copy the upgrade package (in the form of .bin) and the MD5 file to /cftmp directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/S3270/S3270-PicOS-4.4.5.16-2d184f4453.bin /cftmp admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/S3270/S3270-PicOS-4.4.5.16-2d184f4453.bin.md5 /cftmp NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/S3270/S3270-PicOS-4.4.5.16-2d184f4453.bin /cftmp admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/S3270/S3270-PicOS-4.4.5.16-2d184f4453.bin.md5 /cftmp If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. Step 3 Execute the sync operation. admin@PICOS:~$ sync Step 4 Change directory to /cftmp. admin@PICOS:~$ cd /cftmp Step 5 Run the upgrade command. admin@PICOS:~/cftmp$ sudo upgrade /S3270/S3270-PicOS-4.4.5.16-2d184f4453.bin After the upgrade is complete, the system will automatically reboot and run the new network operating system. 6.9.4 Verifying Version after Upgrading admin@PICOS# run show version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S3270-48TM Software Version : 4.4.5.16/2d184f4453 Software Released Date : 02/20/2025 Serial Number : G1SK6UT007794 System Uptime : 1 day 16 hour 19 minute Hardware ID : 96DF-45C7-8B88-A1CB License Type : 1G PicOS(R) Perpetual License Device MAC Address : 64:9d:99:d7:25:99 6.10 Upgrading PicOS® for FS S3270 Series Switches Using Upgrade Command (Login via Inband Management Interface) NOTE: This guide is only available for upgrading PicOS® for FS S3270 Series switches when login via the inband management interface, and the supported version should be 4.4.5.7 or later versions before upgrade. During the upgrade process, the user connections and services will be interrupted. This means that users may lose access to the system, and any processes or transactions being handled by the services will be paused until the upgrade is complete. After the upgrade, users will need to reconnect to resume normal operations, and services will be restored. S3270 Series switches only support the upgrade method and do not support the upgrade2 method. 6.10.1 Preparation before Upgrading Table 1. Checklist before Upgrading No. Checking Items Checking Standard Results 1 Checking the Running PicOS® Version The currently running system software version is lower than the software version to be installed 2 Checking License Validation Run the license -s command to verify that the license expiration date extends beyond the planned upgrade date. If the license is close to expiration, consider renewing it to avoid interruptions. 3 Building Upgrade Environment Build a different upgrade environment to get the upgrade software according to the need 4 Getting the Required Upgrade Software Obtain the required supporting upgrade software 5 Backing up Important Data in Flash All the important data in Flash is backed up 6 Checking Available Flash Space Flash space is enough to save upgrading package and other files 7 Pre-Upgrade Configuration Check Verify and clean up any unsupported or deprecated configurations before upgrading; otherwise, the upgrade will be interrupted or fail. Checking the Running PicOS® Version Use the version command to check the version of the running system software. admin@PICOS# run show version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S3270-48TM Software Version : 4.4.5.15/bec5805091 Software Released Date : 02/20/2025 Serial Number : G1SK6UT007794 System Uptime : 1 day 16 hour 19 minute Hardware ID : 96DF-45C7-8B88-A1CB License Type : 1G PicOS(R) Perpetual License Device MAC Address : 64:9d:99:d7:25:99 Checking License Validation Before performing an upgrade, users can run the license -s command to check if the current license has expired, ensuring it is valid and preventing upgrade failure due to license expiration. admin@PICOS:~$ license -s { "Type":"1GE", "Feature":["Base Product", "Layer3", "OpenFlow"], "Support End Date":"2020-10-28", "Hardware ID":"ACD2-F77A-BBA3-2849", "Site Name":"PICA8" } Building Upgrade Environment Please make sure that you have set up an HTTP, TFTP or FTP protocol upgrading environment to get the upgrade software, the basic requirements are as follows: PC can log in to the device through eth0 or inband management interface. The communication between the server and the device works well. The upgrading file used by the device has already been stored on the server. Getting the Required Upgrade Software Please contact Pica8 technical support engineers at the following website for the latest version of upgrade software. http://www.pica8.com/support/customer Backing up Important Data in Flash Before upgrading, save the important data (such as the configuration file) in Flash to the local PC through FTP or TFTP, and then upload it to the switch after the upgrade is completed. Where is the PicOS® configuration? OVSDB file L2/L3 Configuration Files Checking Available Flash Space Use the df command to check the available flash space. admin@PICOS:~$ df Filesystem 1K-blocks Used Available Use% Mounted on udev 493028 0 493028 0% /dev overlay 358904 57528 301376 17% / tmpfs 512720 0 512720 0% /dev/shm tmpfs 205088 3256 201832 2% /run tmpfs 5120 0 5120 0% /run/lock tmpfs 51200 292 50908 1% /tmp /dev/ubi1_0 402660 208320 189500 53% /mnt/open Pre-Upgrade Configuration Check Remove EVPN Configuration on Unsupported Devices The following devices do not support EVPN. Before upgrading to PICOS 4.6.0E or later, please make sure to remove all EVPN-related configurations on these devices before proceeding. All ARM-based models: S3410 / AS4610 / S3910 / S5810 / S5860 / S3100 / S3270 / N3024 / N3048 / N3132 series Check & Cleanup Steps Verify Device Model run show version Check for Current Configuration show | display set Manually delete all CLI configuration lines that contain the keyword “evpn”. If EVPN configurations are not removed, the following error will be displayed, and the upgrade process will stop: Error: The current version does not support EVPN. Please delete the EVPN related configuration before upgrading. Upgrade aborts. Check ACL Configurations Before upgrading to version 4.5.3E or later, check the configuration file for ACL rules. If any ACL rule specifies a destination-port or source-port without a protocol, you must either delete the rule or add a condition specifying the protocol. Otherwise, the upgrade will be aborted. During the upgrade check, the system displays the following message: Error: ACL rules with port conditions must include a protocol. Please delete ACL rules that specify port without protocol before upgrading. Upgrade aborts. Remove Deprecated Configurations on S3410 Series and S3270 Series Before upgrading S3410 Series and S3270 Series switches to version 4.7.1E or 4.7.1M, you must manually remove all configurations related to features that have been deprecated in the target version. The following configuration items must be deleted before the upgrade: If you upgrade the switch from version 4.4.5.x to 4.7.1E, you must remove all commands under the following feature modules: IS-IS, BGP, PIM, BFD, IPSG6, and certain commands under the CLI hierarchy set routing xx. If you upgrade the switch from version 4.4.5.x to 4.7.1M, you must remove all commands under the following feature modules: IS-IS, BGP, PIM, BFD, IPSG6, GRPC, IPv6 ND Inspection, IPv6 ND Snooping, Link Fault Signaling (LFS), MSDP, and certain commands under the CLI hierarchy set routing xx. If you upgrade the switch from version 4.7.1E to 4.7.1M, you must remove all commands under the following feature modules: GRPC, IPv6 ND Inspection, IPv6 ND Snooping, Link Fault Signaling (LFS), and MSDP. (For the detailed list of affected commands, refer to FS S3410 and S3270 Series Switches Unsupported Features and Limitations - Unsupported Features.) Failure to remove these configurations may result in configuration loss or upgrade failure. 6.10.2 Upgrading Notes The device is not supported to upgrade to a previous version. When using FTP/TFTP to download the image, user should verify that the "binary" mode is being used. If the "binary" transfer mode is not being used, the image can be modified during download, and the upgrade will fail during the md5 check. The image is platform dependent, that is, the image_name should be consistent with the platform, otherwise the upgrade script will abort. The image file is a .bin file, for example S3270-PicOS-4.4.5.16-2d184f4453.bin. Please find the log file related to PICOS upgrade process at /mnt/open/picos/config2/upgrade.log and /mnt/open/picos/config1/upgrade.log. This log file contains detailed information about the steps performed during the upgrade, including any errors or warnings that occurred. It can be used to troubleshoot issues or verify that the upgrade was completed successfully. When upgrading, the installer checks whether there is a user-data partition. If there exists a User-Data partition, the installer only rewrites the running system boot partition (PicOS/ PicOS2) and installs the new installation package to this partition. However, if there is no User-Data partition, the installer removes all the partitions to rebuild a brand new NOS. Upgrade operation via upgrade commands is not allowed on non-default system, you can upgrade PICOS only on default system. When there are more than one PICOS, the default system is the one automatically booted into after system reboot. During the upgrade process, power interruption is not allowed. 6.10.3 Upgrading Procedure NOTE： Usage of upgrade command: admin@PICOS:~$ sudo upgrade USAGE Upgrade system with local new image SYNOPSIS upgrade [image_name] [factory-default] DESCRIPTION image_name - Image with bin format file(*.bin) factory-default - Recovery configuration to factory default PICOS upgrade is done via the command "upgrade" in bash (launching a shell script named "upgrade.sh"). This script will upgrade the image automatically. The file format of the upgrade package is *.bin. If there is an MD5 file in the /cftmp directory, the upgrade script will check package integrity with MD5. Else if there is no MD5 file in the /cftmp directory, then skip the MD5 check step. The option factory-default is used to reset the configuration to factory default when performing upgrade. This option retains the license files from the previous version. The upgrading procedure in this document gives an example of upgrading on S3270-48TM from PICOS 4.4.5.15 to 4.4.5.16. Step 1 Copy the upgrade package (in the form of .bin) and the MD5 file to /cftmp directory by either FTP, TFTP, HTTP or SCP according to the actual upgrade environment. The following example uses the SCP method. admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/S3270/S3270-PicOS-4.4.5.16-2d184f4453.bin /cftmp admin@PICOS:~$ sudo scp pica8@10.10.50.22:/tftp/build/daily/S3270/S3270-PicOS-4.4.5.16-2d184f4453.bin.md5 /cftmp The upgrading procedure in this document gives an example of upgrading on S3270-48TM from PICOS 4.4.5.15 to 4.4.5.16. NOTE: If management VRF is enabled, and the FTP/TFTP/HTTP/SCP server is connected via the Eth0/1 port, you need to add the string sudo ip vrf exec mgmt-vrf before the SCP command when executing the scp operation. The format is as follows: admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/S3270/S3270-PicOS-4.4.5.16-2d184f4453.bin /cftmp admin@PICOS:~$ sudo ip vrf exec mgmt-vrf scp pica8@10.10.50.22:/tftp/build/S3270/S3270-PicOS-4.4.5.16-2d184f4453.bin.md5 /cftmp If sudo ip vrf exec mgmt-vrf is not added, find the next hop routing information from the default VRF. For the usage of VRF, refer to the VRF Configuration Guide. Step 2 Execute the sync operation. admin@PICOS:~$ sync Step 3 Change directory to /cftmp. admin@PICOS:~$ cd /cftmp Step 4 Run the upgrade command. admin@PICOS:/cftmp$ sudo upgrade S3270-PicOS-4.4.5.16-2d184f4453.bin Upgrading system... The connection may be interrupted. Please wait a moment to complete the upgrading procedure. admin@PICOS:/cftmp$ NOTE: It will take about 5 minutes to finish upgrading PICOS. During the upgrade process, please be patient and do not perform any operation until the upgrade is complete, otherwise, the upgrade may be interrupted. During the upgrade process, the user connections and services will be interrupted. This means that users may lose access to the system, and any processes or transactions being handled by the services will be paused until the upgrade is complete. Step5 After the upgrade, users will need to reconnect to resume normal operations, and services will be restored. admin@PICOS:~$ ssh admin@10.10.51.54 6.10.4 Verifying Version after Upgrading admin@PICOS# run show version Copyright : Copyright (C) 2009-2025 Pica8, Inc. All Rights Reserved. Model : S3270-48TM Software Version : 4.4.5.16/2d184f4453 Software Released Date : 02/20/2025 Serial Number : G1SK6UT007794 System Uptime : 1 day 16 hour 19 minute Hardware ID : 96DF-45C7-8B88-A1CB License Type : 1G PicOS(R) Perpetual License Device MAC Address : 64:9d:99:d7:25:99 7. PicOS® Debian Package Upgrade User Guide 7.1 Overview PicOS® provides five Debian packages from release 3.2 to let users upgrade some of the available components manually, or reinstall PicOS® components in case some of them were broken. Available PicOS® Debian packages and the dependencies between them are described below: picos-linux PicOS® Linux Kernel, drivers and switching ASIC kernel modules picos-vasic PicOS® VASIC and line card management libraries and utilities Depends on picos-linux picos-xorplus PicOS® Layer 2 and Layer 3 software package Depends on picos-vasic, picos-utils picos-ovs PicOS® OVS package “picos-ovs” will have its own lib to access peripherals (such as FAN and PSU and LED) via sysfs Depends on picos-vasic, picos-utils picos-utils PicOS® common utilities and configuration files System config files, systemd units Common utility such as ZTP/diag In this way, we do not need to upgrade the entire PicOS® system if version changes only appear in one or several of the components. This provides an efficient and effective method of upgrading PicOS® system. NOTE： Some PicOS® component packages would depend on other parts, so the dependent ones should be installed first if they do not exist on the system. 7.2 How to use When new releases of PicOS® components have been made available to fix urgent issues, users can get the Debian packages from PicOS® support team. For example, the package users get might be "picos-xorplus-s4100-3.2.3-9dc8d94.deb" saved in the working directory. To install the package, the following command is OK: admin@Xorplus:~$ sudo dpkg -i picos-xorplus-s4100-3.2.3-9dc8d94.deb After finishing upgrade, the switch will reboot automatically, the system will come up running the PicOS® operating system with the new PicOS® component. NOTE： If certain PicOS® components have been removed from the running Linux system, this operation would be an installation instead of upgrade. In this case, users need to confirm the model compatibility manually by inputting Yes or Y at the prompt `Are you sure the model is MODEL (yes/no)?` 7.3 Verifying after Upgrade We can use the following command to check the status of PicOS® Debian packages after upgrade. admin@Xorplus:~$ dpkg -l | grep picos- ii picos-linux ii picos-ovs ii picos-utils ii picos-vasic ii picos-xorplus Here two “i” represent normal, the first one indicates that the package has been installed successfully. The second “i” indicates the installation dependencies between the components and configuration operations are successfully completed met. 7.4 Appendix PicOS® component package uninstall operation is provided as follows. NOTE： Uninstall the PicOS® component packages may cause severe system errors, we strongly recommend not to uninstall any of the PicOS® component package. The uninstall operation will uninstall all packages that depend on this package, either directly or indirectly. admin@Xorplus:~$ sudo apt remove picos-utils Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: picos-utils 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n]

PicOS® Enterprise Switches Web-based Configuration Guide V4.7.1

Jan 21, 2026 - PicOS® Enterprise Switches Web-based Configuration Guide V4.7.1 PicOS WEB User Configuration Manual is a comprehensive guide designed to assist users in configuring and managing devices running PicOS through a web-based interface. This manual provides detailed instructions and best practices for utilizing the features and functionalities offered by PicOS to ensure optimal network performance and management. Key Features 1. User-Friendly Interface: The web-based interface of PicOS offers an intuitive and user-friendly experience, allowing both novice and experienced users to easily navigate and configure their network devices. 2. Comprehensive Configuration Guide: The manual covers all aspects of PicOS configuration, from basic setup to advanced network features. It includes step-by-step instructions, screenshots, and examples to guide users through the configuration process. 3. Network Management: Detailed sections on network management tasks such as VLAN configuration, port management, and security settings are provided to help users effectively manage their network infrastructure. 4. Advanced Features: The manual delves into advanced features of PicOS, including QoS (Quality of Service), multicast routing, and dynamic routing protocols, enabling users to leverage the full potential of their network devices. 5. Regular Updates: The manual is regularly updated to include new features, enhancements, and best practices, ensuring that users have access to the latest information and tools for network configuration and management. Target Audience The "PicOS WEB Configuration Manual" is intended for network administrators, engineers, and IT professionals who are responsible for setting up and managing network devices running PicOS. It is also a valuable resource for anyone looking to gain a deeper understanding of network configuration and management using a web-based interface. Supported Hardwares Series Model Name Supported Versions S3270 S3270-10TM, S3270-24TM, S3270-48TM, S3270-10TM-P, S3270-24TM-P 4.7.1E, 4.7.1M S3410 S3410-24TS-P, S3410-48TS-P, S3410-10TF-P, S3410-24TS, S3410-48TS, S3410L-24TF, S3410L-48TF, S3410L-24TF-P, S3410C-16TF, S3410C-16TF-P, S3410C-16TMS-P, S3410C-8TMS-P 4.5, 4.7.1E, 4.7.1M S5580 S5580-48Y 4.7.1M S5810 S5810-48TS-P, S5810-28TS, S5810-28FS, S5810-48TS, S5810-48FS 4.5, 4.6, 4.7.1M S5860 S5860-20SQ, S5860-24XB-U, S5860-48XMG-U, S5860-24MG-U, S5860-24XMG, S5860-48MG-U, S5860-48XMG 4.5, 4.6, 4.7.1M S5870 S5870-48MX6BC-U, S5870-48T6BC-U, S5870-48T6BC 4.5, 4.6, 4.7.1M S5890 S5890-32C 4.7.1M Known Limitations When using the Web function, avoid using Chinese characters or other unsupported characters in the input field. Only the following characters are supported: Uppercase letters (A–Z), lowercase letters (a–z), digits (0–9), dot (.), forward slash (/), colon (:), comma (,), hyphen (-), underscore (_), and asterisk (*). If the Web page becomes unresponsive due to the input of Chinese characters or other unsupported characters, you can restore the Web service by performing the following steps: 1. Use the command set system services web disable true to disable the Web service. 2. Use the command set system services web disable false to restart the Web service. PicOS Network Configuration Step 1: Connect the computer to the console port of the switch using the console cable. Step 2: Start terminal emulation software, such as HyperTerminal, on your computer. Step 3: Set HyperTerminal parameters: baud rate to 115200, data bits to 8, parity to none, and stop bit to 1. image4.jpeg Step 4: After setting the parameters, click Connect. Step 5: Enter configure in the command to enter the layer 2 or layer 3 protocol configuration mode. Step 6: Enter the following command to configure the device IP and gateway. Method 1 Enter configuration mode and enter the following command to set the IP address and gateway of the switch's physical port network card eth0. Method 2 Enter Linux shell mode, ensure that you have super administrator privileges, and enter the following command to set the IP address of the physical port network card eth0 and the gateway of the switch. PicOS WEB Configuration Login Open the browser and enter the management IP address of the device, for example, http://192.168.1.1, and access the login page of the web configuration interface, as shown in the following picture. Enter the username and password (default admin/admin). Click the Login button to enter the network configuration interface. image5.jpeg Dashboard Click Dashboard to enter the dashboard page and view detailed information about the devices on the switch, including usage, panel, temperature, fan, etc. As shown in the following figure. image6.jpeg Parameter Description Theme Color Switch the theme color of the web. Theme Color: Select any theme color to switch. Reset Color: Reset the theme color to the default color. Save Jump to the file management page and save the configuration. Logout Log out and log in. Serial Number Device serial number. MAC Address Device MAC address. Firmware Version The current running version of the device. System Time Device system time. Uptime The time since the system and processes started. CPU Usage The CPU usage of the device. Memory Usage Memory usage of the device. Temperature Display device temperature. Fan Display device fan status, PWM, and speed. Interface Port Config Click Interface/Port Config/Port Config in the navigation bar. Enter the Port Config page. As shown in the following picture. This chapter describes the basic information about layer 2 ports and how to configure the basic information about layer 2 ports. image7.jpeg 1. Port Config Edit Port Step 1: Click the edit icon on the table toolbar to open the Edit dialog box. image9.jpeg Step 2: Configure the port. The descriptions of each parameter when setting the basic properties of a port are shown in the following table. Parameter Description Interface The unique identifier assigned to the port on the network device. Management The current operational status of the port. (e.g., enabled, disabled.) Speed Set port rate. (e.g. 1000,100,25000.) Flow Control Set port flow control status. (e.g., enabled, disabled.) Breakout (XE Port Only) Enable or disable port splitting mode, only 40G or 100G optical ports support splitting. Description Set port description. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Batch Edit Step 1: Select one or more rows of data in the table that require batch editing. image10.jpeg Step 2: Click the Batch Edit button to open the port editing dialog box. image11.jpeg Step 3: Configure the port. The descriptions of each parameter when setting the basic properties of a network port are shown in the following table. Parameter Description Interface The unique identifier assigned to the port on the network device. Management The current operational status of the port. (e.g. enabled, disabled.) Speed Set port rate. (e.g. 1000,100, 25000.) Flow Control Set port flow control status. (e.g. enabled, disabled.) Description Set port description. Step 4: After completing the settings, click the Apply button to finalize the properties configuration. 2. SVI Config Click Interface/ Port Config/SVI Config in the navigation bar, and enter the SVI config page. As shown in the following picture. This chapter describes how to configure the basic information about the VLAN interface. image12.jpeg Add SVI Step 1: Click the Add SVI button to open the add dialog box. image13.jpeg Step 2: Configure the SVI Port. The descriptions of each parameter when setting the basic properties of an L3 interface are shown in the following table. Parameter Description VLAN ID (Required) Enter a valid VLAN ID. It is an integer ranging from 1 to 4094. Interface (Required) Enter a valid VLAN interface. The maximum length of a VLAN name is 11. IPV4 Configure an IPv4 or IPv6 address for the L3 interface. The mask ranges from 4 to 32. The default value is 24. IPV6 Configure an IPv6 address for the L3 interface. The mask ranges from 1 to 128. The default value is 64. Description Set port description. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Edit SVI Step 1: Click the edit icon on the table toolbar to open the Edit dialog box. image15.jpeg Step 2: Configure the SVI Port. The descriptions of each parameter when setting the basic properties of an L3 interface are shown in the following table. Parameter Description Interface(Required) Enter a valid VLAN Interface. The maximum value length of the interface is 11. IPV4 Configure an IPv4 or IPv6 address for the L3 interface. The mask ranges from 4 to 32. The default value is 24. IPV6 Configure an IPv6 address for the L3 interface. The mask ranges from 1 to 128. The default value is 64. Description Set port description. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Delete or Batch Delete Step 1: Click the delete icon on the toolbar to pop up a delete dialog box or select the corresponding checkbox. After clicking the Batch Delete button, a delete confirmation dialog box will be prompted. image17.jpeg Step 2: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the data. Storm Control Click Interface/Storm Control to enter the storm control page and view the storm control of each interface on the switch, as shown in the following figure. This section mainly describes how to configure and view interface storm control. image18.jpeg Edit Step 1: Click the edit icon on the table toolbar to open the edit dialog box Storm Control. image20.jpeg Step 2: Configure storm control. The descriptions of each parameter when setting the basic properties of storm control are shown in the following table. Parameter Description Interface Name The port name is being configured. Mode Configure the rate unit for storm control of ports. Unicast Value Configure the unicast value for the port. PPS: The value ranges from 0.0 to 30000000.0. Ratio: The value ranges from 0.0 to 100.0. KBPS: Value must be numeric. Broadcast Value Configure the broadcast value of the port. PPS: The value ranges from 0.0 to 30000000.0. Ratio: The value ranges from 0.0 to 100.0. KBPS: Value must be numeric. Multicast Value Configure multicast values for ports. PPS: The value ranges from 0.0 to 30000000.0. Ratio: The value ranges from 0.0 to 100.0. KBPS: Value must be numeric. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Batch Edit Step 1: Select one or more rows of data in the table that require batch editing, click the Batch Edit button to open the port editing dialog box. image21.jpeg Step 2: Configure storm control. The descriptions of each parameter when setting the basic properties of storm control are shown in the following table. Parameter Description Interface Name The port name is being configured. Mode Configure the rate unit for storm control of ports. Unicast Value Configure the unicast value for the port. PPS: The value ranges from 0.0 to 30000000.0. Ratio: The value ranges from 0.0 to 100.0. KBPS: Value must be numeric. Broadcast Value Configure the broadcast value of the port. PPS: The value ranges from 0.0 to 30000000.0. Ratio: The value ranges from 0.0 to 100.0. KBPS: Value must be numeric. Multicast Value Configure multicast values for ports. PPS: The value ranges from 0.0 to 30000000.0. Ratio: The value ranges from 0.0 to 100.0. KBPS: Value must be numeric. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Refresh Click the Refresh button to refresh the table data. SPAN Click Interface/SPAN to enter the SPAN page, as shown in the following figure. This section mainly describes how to configure and view the interface mirror. image22.jpeg Add Step 1: Click the Add button on the table toolbar to open the add dialog box. image23.jpeg Step 2: Configure the SPAN. The descriptions of each parameter when setting the basic properties of a SPAN are shown in the following table. Parameter Description Mirror Name (Required) Configure the port mirror name. It shall consist of letters and numerals. The length of the mirror name should be less than 30. Output Interface (Required) Select the output port for the mirror. Ingress Interface Configure the input port for the image. Egress Interface Configure the input and output ports for the image. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Edit Step 1: Click the edit icon on the table toolbar to open the edit dialog box. image25.jpeg Step 2: Configure the SPAN. The descriptions of each parameter when setting the basic properties of a span are shown in the following table. Parameter Description Output Interface (Required) Select the output port for the mirror. Ingress Interface Configure the input port for the image. Egress Interface Configure the input and output ports for the image. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Delete Step 1: Click the button on the table toolbar. image27.jpeg Step 2: Click the Apply button to deliver the delete function. Batch Delete Step 1: Select one or more rows of data in the table that require batch editing. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. Link Aggregation This section mainly introduces how to configure and view link aggregation. 1. Global Config Click Interface/Link Aggregation/ Global Config to enter the link aggregation global config page and view the link aggregation global config on the switch, as shown in the following figure. This section mainly introduces how to configure and view the configuration lag hash mapping field. image28.jpeg 2. Link Aggregation Click Interface/Link Aggregation/Global Config to enter the link aggregation global config page and view the link aggregation global config on the switch, as shown in the following figure. This section mainly introduces how to configure and view link aggregation. image29.jpeg Add Step 1: Click the Add button on the table toolbar to open the add dialog box. image30.png Step 2: Configure the link aggregation. The descriptions of each parameter when setting the basic properties of a link aggregation are shown in the following table. Parameter Description Name (Required) LAG Name. Interface (Required) Select the interface for the link aggregation. Description Set port description. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Edit Step 1: Click the edit icon on the table toolbar to open the edit dialog box. image32.jpeg Step 2: Configure the link aggregation. The descriptions of each parameter when setting the basic properties of a link aggregation are shown in the following table. Parameter Description Name (Required) LAG name. (Prohibit Editing.) Interface (Required) Select the interface for the link aggregation. Description Set the port description Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Delete Step 1: Click the delete on the table toolbar to open the delete dialog box. image34.jpeg Step 2: Click the Apply button to deliver the delete function. Batch Delete Step 1: Select the checkbox for multiple rows of data in the table that require batch editing. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. MAC 1. Global Config Click Interface/MAC/Global Config to enter the MAC global config page, as shown in the following figure. This section mainly introduces how to configure and view the MAC aging time. image35.jpeg 2. MAC Address Table Click Interface/ MAC/MAC Address Table to enter the MAC address table page and view the MAC address table on the switch, as shown in the following figure. This section mainly describes how to configure and view the MAC address. image36.jpeg Add Step 1: Click the Add Static Address button on the table toolbar to open the add dialog box. image37.jpeg Step 2: Configure the static MAC address. The descriptions of each parameter when setting the basic properties of a static MAC address is shown in the following table. Parameter Description MAC Address (Required) Configure a static MAC address. VLAN ID(Required) VLAN ID is an integer ranging from 1-4094. Interface (Required) Select port. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Edit Step 1: Click the edit button on the table toolbar to open the edit dialog box. image39.jpeg Step 2: Configure the static MAC address. The descriptions of each parameter when setting the basic properties of a static MAC address are shown in the following table. Parameter Description MAC Address (Required) (Prohibit Editing) Static MAC address. VLAN ID(Required) The value is an integer ranging from1 to 4094. Interface (Required) Select the port. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Delete Step 1: Click the delete icon on the table toolbar to open the delete dialog box. image41.jpeg Step 2: Click the Apply button to deliver the delete function. Batch Delete Step 1: Select the checkbox for multiple rows of data in the table that require batch editing. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. STP 1. Global Config This chapter mainly introduces how to configure a spanning tree and view the configuration information and status of the Spanning Tree. Step 1: Click System/STP/Global Config to enter the STP page, as shown in the following figure. image42.jpeg Step 2: Global configure the STP. The descriptions of each parameter when setting the basic properties of a global STP are shown in the following table. Parameter Description STP Enable or disable spanning tree protocol status. STP Mode Sets the version of the spanning tree protocol on a switching device. Hello Time Sets the interval of the switching device to send BPDUs when spanning tree protocol is running. Bridge Priority Sets the bridge priority of the switching device when spanning tree protocol is running. Max Age Sets the BPDU aging time on the switching device when spanning tree protocol is running. Forward Delay Sets the value of the spanning tree protocol forward delay interval of a switching device. Max Hops (MSTP mode) Sets the maximum hops of a spanning tree when MSTP is running. MSTI (MSTP mode) Set the MSTI instance of the switch device. VLAN (PVST mode) Sets the VLAN instance. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. After the configuration is complete, the configuration and status of the spanning tree protocol mode information are displayed in the lower part of the page. 2. Port Config Click System/ STP/Port Config to enter the STP page, as shown in the following figure. This chapter mainly introduces how to configure a spanning tree and view the configuration information and status of the spanning tree. image43.jpeg Edit or Batch Edit image44.jpeg Step 1: Click the edit icon on the table toolbar to open the edit dialog box or select the checkbox for multiple rows of data in the table that require batch editing. Click the Batch Edit button on the table toolbar to open the edit dialog box. Step 2: Configure the STP interface. The descriptions of each parameter when setting the basic properties of an STP interface are shown in the following table. Parameter Description BPDU Filter Enable or disable BPDU Filter on a physical or LAG port in STP, RSTP, PVST, or MSTP mode. BPDU Guard Enable or disable BPDU Guard on a physical or LAG port for STP, RSTP, PVST, or MSTP modes. EDGE Enable or disable edge port configuration on physical or LAG ports in STP, RSTP, PVST, or MSTP mode. Path Cost Enable or disable setting the external path cost on a physical or LAG port in STP, RSTP, PVST, or MSTP mode. Manual Forwarding Configure the internal path cost on physical or LAG ports in STP, RSTP, PVST, or MSTP mode. Valid range: 0–200,000,000. Forwarding Port Enable or disable forwarding mode on a physical or LAG port in STP, RSTP, PVST, or MSTP mode. Mode Configures the link type of a port. Specifies the link type of the port. The value could be point-to-point or shared. The default value is point-to-point. point-to-point: specifies the current Ethernet port to work in full-duplex mode to achieve fast convergence. shared: specifies the current Ethernet port to work in half-duplex mode. Port Priority Specifies the priority value of a port. The value is an integer that ranges from 0 to 240. The default value is 128. Root Guard Enable or disable the Root Guard function for STP, RSTP, PVST, or MSTP. TCN Guard Configure TCN Guard (Topology Change Notification Guard) on a physical or LAG port in STP, RSTP, PVST, or MSTP mode. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Refresh Click the Refresh button to refresh the table data. ERPS Click Interface/ERPS to enter the ERPS page, as shown in the following figure. This section mainly describes how to configure and view ERPS. image46.jpeg Add Step 1: Click the Add button on the table toolbar to open the add dialog box. image47.jpeg Step 2: Configure the ERPS ring. The descriptions of each parameter when setting the basic properties of an ERPS ring are shown in the following table. Parameter Description Ring ID(Required) Create an ERPS ring with a given ID. A maximum of eight ERPS rings are supported on a device. The value range is 18. Instance ID(Required) Create an instance for the ERPS ring. A maximum of two instances can be configured for each ring. Control VLAN Configure a control VLAN. Note that the same control VLAN must be configured for all devices in the same ERPS ring instance. The value range is 1-4094. Port 0 Configure ERPS ring ports: port0. Port 1 Configure ERPS ring ports: port1. Step 3: After completing the settings, click Apply. Refresh Click the Refresh button to refresh the table data. Edit Step 1: Click the edit icon on the table toolbar to open the edit dialog box. image49.jpeg Step 2: Configure the ERPS ring. The descriptions of each parameter when setting the basic properties of an ERPS ring are shown in the following table. Parameter Description Ring ID(Required) Create an ERPS ring with a given ID. A maximum of eight ERPS rings are supported on a device. The value range is 1-8. Instance ID(Required) Create an instance for the ERPS ring. A maximum of two instances can be configured for each ring. Control VLAN Configure a control VLAN. Note that the same control VLAN must be configured for all devices in the same ERPS ring instance. The value range is 1-4094. Port 0 Configure ERPS ring ports: port0. Port 1 Configure ERPS ring ports: port1. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. DHCP Snooping This section mainly describes how to configure and view DHCP snooping. DHCP snooping is a network security feature that is used to ensure that DHCP clients obtain IP addresses from legitimate DHCP servers and record the binding relationship between IP addresses and MAC addresses of DHCP clients, to prevent DHCP attacks on the network. 1. Global Config Step 1: Click Interface/DHCP Snooping/Global Config to enter the global config page, as shown in the following figure. image50.jpeg Step 2: Global configure DHCP snooping. The descriptions of each parameter when setting the basic properties of DHCP snooping are shown in the following table. Parameter Description Trust Port Set the protocol DHCP snooping trust port. File Path Set the protocol DHCP snooping binding file. write-delay Delay timer for binding DHCP listening binding files. Input range 15-86400. DHCP Snooping option82 circuit-id Configure the DHCP snooping option 82 policy circuit-id. DHCP Snooping option82 remote id Configure the DHCP snooping option 82 policy circuit-id. DHCP Snooping option82 trust-all Enable option 82 trust-all functions for DHCP snooping. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. 2. VLAN Config Click Interface/ DHCP Snooping /VLAN Config to enter the global config page, as shown in the following figure. This chapter introduces how to configure DHCP listening on VLANs. image51.jpeg Edit or Batch Edit Step 1: Click the edit button on the toolbar to pop up an editing dialog box. Alternatively, select the corresponding checkbox to select multiple rows of data, click the Batch Edit button, and an editing dialog box will pop up. image53.jpeg Step 2: Configure the DHCP snooping on a VLAN. The descriptions of each parameter when setting the basic properties of a DHCP snooping on a VLAN are shown in the following table. Parameter Description Interface Configure DHCP snooping on a VLAN. DHCP Snooping Specify the DHCP snooping status on the VLAN. Enabled: enable DHCP snooping. Disabled: disabled DHCP snooping. Option82 Policy Configure the DHCP snooping option 82 policy. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Refresh Click the Refresh button to refresh the table data. 3. Port Config Click Interface/DHCP Snooping / Port Config to enter the port config page, as shown in the following figure. This chapter mainly displays the DHCP listening binding table. image54.jpeg MLAG Click Interface / MLAG to enter the MLAG page, as shown in the following figure. This section mainly describes how to configure and view MLAG. image55.jpeg 1. Global Config image56.jpeg Step 1: Globally configure the MLAG. The descriptions of each parameter when setting the basic properties of an MLAG are shown in the following table. Parameter Description Domain ID(Required) Configure an MLAG domain ID. Input range 1 to 255. Node (Required) Specify the node number for each MLAG peer device. One of the MLAG peer devices should be node 0, and the other is node 1. Peer IP(Required) Configure the peer IP address. The value is in the format of dotted decimal notation. For example, 192.168.10.10. Peer VLAN (Required) Configure MLAG peer VLAN. Peer Link Interface (Required) Configure the peer link port. NOTE: Peer-link port should be configured as a lag port. MLag Member Interface Configure the MLAG member port. Mlag Member Link Id (Required) Configure the link ID on the MLAG member port. Input range 1 to 255. Step 2: After completing the settings, click the Apply button to finalize the properties configuration. 2. Consistency Check Click the Consistency Check button to open the MLAG consistency check pop-up. Display the consistency of the MLAG domain and configuration to verify if the MLAG session status is normal. image57.jpeg Loopback Detection Click Interface/Loopback Detection to enter the loopback detection page, as shown in the following figure. This chapter introduces how to globally enable or disable loopback detection, set message interval time, and display the configuration and status information of loopback detection for ports. image58.jpeg 1. Global Config Step 1: Global configures loopback detection. The descriptions of each parameter when setting the basic properties of a loopback detection are shown in the following table. Parameter Description Enable Enable the loopback detection function globally. Message Interval(s) Configure the loopback detection message transmission period. Input range 10 to 60. Step 2: After completing the settings, click the Apply button to finalize the properties configuration. Edit and Batch Edit Step 1: Click the edit icon on the table toolbar to open the edit dialog box or select the checkbox that requires batch editing. Click the Batch Edit button to open the edit dialog box. image60.jpeg Step 2: Configure loopback detection. The descriptions of each parameter when setting the basic properties of a loopback detection are shown in the following table. Parameter Description Interface Device port. LBD Tx Enable or disable the loopback detection function on a specific interface. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Refresh Click the Refresh button to refresh the table data. SFlow SFlow (Sampling Flow) is a powerful network monitoring technology. providing real-time visibility of network traffic. It allows network administrators to gain a deeper understanding of network behavior by sampling and analyzing network traffic. 1. Global Config Step 1: Click Interface/ SFlow /Global Config to enter the global config page, as shown in the following figure. image61.jpeg Step 2: Globally configure the SFlow. The descriptions of each parameter when setting the basic properties of SFlow are shown in the following table. Parameter Description SFlow Enable or disable the SFlow protocol globally. Agent ID(Required) The value is in the format of dotted decimal notation. For example, 192.168.10.11. Source Address (Required) Source address IP. The value is in the format of dotted decimal notation. For example, 192.168.10.12. Collector Collector IP. The value is in the format of dotted decimal notation. For example,192.168.10.15. UDP Port (Required) The UDP port of the collector, 6343 by default. Polling Interval Polling interval. Input range 0 to 3600. Sampling Rate Ingress The sampling rate at the entrance. The rate is 0, or 100 to 1048576. Sampling Rate Egress Export sampling rate. The rate is 0, or 100 to 1048576. Header Len Input range: 14 to 1350. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. 2. Port Config Click Interface / SFlow / Port Config to enter the port config page, as shown in the following figure. This chapter introduces how to configure and view SFlow parameter information on a specific interface. Notice The SFlow protocol must be enabled on the global config page first. image63.jpeg Edit or Batch Edit image64.jpeg Step 1: Click the edit icon on the toolbar to pop up an editing dialog box. Alternatively, select the corresponding checkbox to select multiple rows of data, click the Batch Edit button, and an editing dialog box will pop up. Step 2: Configure the SFlow. The descriptions of each parameter when setting the basic properties of SFlow are shown in the following table. Parameter Description Interface (Required) Device port. Status Enable or disable the SFlow protocol for a specified device port. Header Len Input range 14~1350. Polling Interval Polling interval. Input range 0 to 3600. Sampling Rate Ingress The sampling rate at the entrance. The rate is 0, or 100 to 1048576. Sampling Rate Egress The export sampling rate. The rate is 0, or 100 to 1048576. Step 3: After completing the settings, click Apply. Refresh Click the Refresh button to refresh the table data. Advanced ACL 1. Basic ACL Click Advanced / ACL/ Basic ACL in the navigation bar. Enter the basic ACL setting page. As shown in the following picture. This chapter describes the basic information about basic ACL and how to configure the basic information about ACL. image66.jpeg Add Step 1: Click the Add button on the table toolbar to open the add dialog box. image67.jpeg Step 2: Configure the basic ACL. The descriptions of each parameter when setting the basic properties of an ACL are shown in the following table. Parameter Description Filter Name (Required) Specifies filter name, the value is a string type, spaces are not allowed. Sequence Specifies filter name, the value is a string type, spaces are not allowed. From Key Enter the from key. Click on the drop-down box to select the key you want to select. Then enter the corresponding value according to the selected key. Action Configure ACL operations as forward or discard. Forwarding Class Specifies forwarding class name, the value is a string type, spaces are not allowed. Policer Select the policer. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Batch Delete Step 1: Select one or more rows of data that require batch editing. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. Edit Step 1: Click the Edit icon on the table toolbar to open the edit dialog box. image69.jpeg Step 2: Configure the basic ACL. The descriptions of each parameter when setting the basic properties of an ACL are shown in the following table. Parameter Description Filter Name (Required) View filter name. Sequence View sequence. From Key Enter the from key. Click on the drop-down box to select the key you want to select. Then enter the corresponding value according to the selected key. Action Configure ACL operations as forward or discard. Forwarding Class Specifies forwarding class name, the value is a string type, spaces are not allowed. Policer Select the policer. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Delete Step 1: Click the delete icon on the table toolbar to open the delete dialog box. image71.jpeg Step 2: Click the Apply button to deliver the delete function. 2. Policer Click Advanced / ACL / Policer in the navigation bar. Enter the policer setting page. As shown in the following picture. This chapter describes the basic information about policer and how to configure the basic information about policer. image72.jpeg Add Step 1: Click the Add button on the table toolbar to open the add dialog box. image73.jpeg Step 2: Configure the policer. The descriptions of each parameter when setting the basic properties of policer are shown in the following table. Parameter Description Policer Name (Required) Specifies the policer name. The value is a string. Count Mode Specifies the count mode for the rate-limit and burst-limit of a policer. The value could be packets or kilobits. packet: packet per second. kbit: kbit per second. By default, the count mode is PPS. Burst Limit Specifies the burst limit value of a policer. The data rate unit is set by the firewall policer if-exceeding count-mode command. When the count mode is packet, the range of burst-limit is from 0 to 1000 PPS. When the count mode is kbit, the range of burst limit is from 0 to 100000000 kbit/s. Rate Limit Specifies the rate limit value of a policer. The data rate unit is set by set firewall policer if-exceeding count-mode command. When the count mode is packet, the range of rate limit is from 1 to 1000 PPS. When the count mode is kbit, the range of the rate limit is from 0 to 100000000 kbit/s. Action Configuring the action to drop the packets for a policer. Notice When the count mode is packet, the range of burst-limit and rate-limit are from 0 to 1000 PPS. When the count mode is kbit, the range of burst-limit and rate-limit is from 0 to 100000000 kbit/s. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Batch Delete Step 1: Select one or more rows of data that require batch editing. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. Edit Step 1: Click the edit icon on the table toolbar to open the edit dialog box. Step 2: Configure the policer. The descriptions of each parameter when setting the basic properties of a policer are shown in the following table. Parameter Description Policer Name (Required) Specifies the policer name. The value is a string. Count Mode Specifies the count mode for the rate-limit and burst-limit of a policer. The value could be packets or kbits. packet: packet per second. kbit: kbit per second. By default, the count mode is PPS. Burst Limit Specifies the burst limit value of a policer. The data rate unit is set by set firewall policer if-exceeding count-mode command. When the count mode is packet, the range of burst-limit is from 0 to 1000 PPS. When the count mode is kbit, the range of the burst limit is from 0 to 100000000 kbit/s. Rate Limit Specifies the rate limit value of a policer. The data rate unit is set by set firewall policer if-exceeding count-mode command. When the count mode is packet, the range of rate limit is from 1 to 1000PPS. When the count mode is kbit, the range of the rate limit is from 0 to 100000000 kbit/s. Action Configures the action to drop the packets for a policer. Notice When the count mode is packet, the range of burst-limit and rate-limit is from 0 to 1000 PPS. When the count mode is kbit, the range of burst-limit and rate-limit is from 0 to 100000000 kbit/s. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Delete Step 1: Click the delete icon on the table toolbar to open the delete dialog box. image78.jpeg Step 2: Click the Apply button to deliver the delete function. 3. Time Range Click Advanced / ACL / Time Range in the navigation bar. Enter the Time Range Setting page. As shown in the following picture. This chapter describes the basic information about Time Range and how to configure the basic information about it. image79.jpeg Add Step 1: Click the Add button on the table toolbar to open the add dialog box. image80.jpeg Step 2: Configure the time range. The descriptions of each parameter when setting the basic properties of a time range are shown in the following table. Parameter Description Time Range (Required) Specifies the time range name. The value is a string in alphanumeric format with no spaces. Periodic (Required) Specifies the periodic name. The value is an integer. Range: 0 to 9999. Date (Required) Specifies the days of the week. Start Time (Required) Specifies the starting time of a time range in 24-hour clock format. Format: HH:MM: SS. End Time (Required) Specifies the ending time of a time range in 24-hour clock format. Format: HH:MM: SS. Notice A pair of start time and end time forms a time range. Currently, only one periodic can be configured under a time range. However, multiple time periods can be configured under one period. All the time periods under the same time range take effect. In the same period, you cannot configure daily, weekdays, and weekends at the same time. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Batch Delete Step 1: Select the checkbox for multiple rows of data in the table that require batch editing. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. Edit Step 1: Click the edit icon on the table toolbar to open the edit dialog box. image83.jpeg Step 2: Configure the time range. The descriptions of each parameter when setting the basic properties of a time range are shown in the following table. Parameter Description Time Range (Required) Specifies the time range name. The value is a string in alpha-numeric format with no spaces. Periodic (Required) Specifies the periodic name. The value is an integer. Range: 0 to 9999. Date (Required) Specifies the days of the week. Start Time (Required) Specifies the starting time of a time range in 24-hour clock format. Format: HH:MM: SS. End Time (Required) Specifies the ending time of a time range in 24-hour clock format. Format: HH:MM: SS. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Delete Step 1: Click the delete icon on the table toolbar to open the delete dialog box. image85.jpeg Step 2: Click the Apply button to deliver the delete function. QoS 1. Classifier Click Advanced / QoS / Classifier in the navigation bar. Enter the classifier setting page. As shown in the following picture. This chapter describes the basic information about the classifier and how to configure the basic information about the classifier. image86.jpeg Add Step 1: Click the Add button on the table toolbar to open the add dialog box. image87.jpeg Step 2: Configure the classifier. The descriptions of each parameter when setting the basic properties of a classifier are shown in the following table. Parameter Description Classifier Name (Required) Set the classifier configuration name. Forwarding Class Name of forwarding class. If you have selected the forwarding class, you must enter the code point. And the code point, 0~7 for IEEE-802.1 and inet-precedence, 0~63 for DSCP. Trust Mode Priority-based. The value of trust-mode can be DSCP, IEEE 802.1p, or inet-precedence. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Batch Delete Step 1: Select one or more rows of data that require batch editing. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. Edit Step 1: Click the Edit icon on the table toolbar to open the edit dialog box. image89.jpeg Step 2: Configure the classifier. The descriptions of each parameter when setting the basic properties of a classifier are shown in the following table. Parameter Description Classifier Name (Required) Set the classifier configuration name. Forwarding Class Name of forwarding class. If you have selected the forwarding class, you must enter the code point and the code point, 0~7 for IEEE-802.1 and inet-precedence, 0~63 for DSCP. Code Point (Required) code-point, the valid range is 0~7 for ieee-802.1 and inet-precedence, 0~63 for DSCP. Trust Mode Priority-based. The value of trust-mode can be DSCP, IEEE 802.1p, or inet-precedence. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Delete Step 1: Click the delete icon on the table toolbar to open the delete dialog box. image91.jpeg Step 2: Click the Apply button to deliver the delete function. 2. Forwarding Class Click Advanced / QoS / Forwarding Class in the navigation bar. Enter the forwarding class setting page. As shown in the following picture. This chapter describes the basic information about the forwarding class and how to configure the basic information about the forwarding class. image92.jpeg Add Step 1: Click the Add button on the table toolbar to open the add dialog box. image93.jpeg Step 2: Configure the forwarding class. The descriptions of each parameter when setting the basic properties of a forwarding class are shown in the following table. Parameter Description Forwarding Class (Required) Set the name of the forwarding class. Local Priority Set special forwarding classes to configure local priority. The valid local priority numbers range from 0 to 23. Default value: 0. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Batch Delete Step 1: Select one or more rows of data that require batch editing. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. Edit Step 1: Click the edit icon on the table toolbar to open the edit dialog box. image95.jpeg Step 2: Configure the forwarding class. The descriptions of each parameter when setting the basic properties of a forwarding class are shown in the following table. Parameter Description Forwarding Class (Required) Set the name of the forwarding class. Local Priority Set special forwarding classes to configure local priority. The valid local priority numbers range from 0 to 23. Default value: 0. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Delete Step 1: Click the delete icon on the table toolbar to open the delete dialog box. image97.jpeg Step 2: Click the Apply button to deliver the delete function. 3. Interface Click Advanced / QoS / Interface in the navigation bar. Enter the interface setting page. As shown in the following picture. This chapter describes the basic information about the interface and how to configure the basic information about the interface. image98.jpeg Add Step 1: Click the Add button on the table toolbar to open the add dialog box. image99.jpeg Step 2: Configure the interface. The descriptions of each parameter when setting the basic properties of an interface are shown in the following table. Parameter Description Interface (Required) Physical interface. configure a classifier for the port. Gigabit Ethernet IEEE 802.3z or 802.3ae. Classifier Configure a classifier for the port. Classifier configuration. It is optionally implemented. IEEE 802.1 Enter IEEE-802.1. This value ranges from 0 to 7 and is an integer. DSCP Specifies a value to remark the DSCP priority in packets. The value is an integer in the range of 0 to 63. Inet Precedence Enter inet-precedence. This value ranges from 0 to 7 and is an integer. PFC Profile PFC Profile name, which has been defined in the class-of-service pfc-profile in advance. Scheduler Profile Specifies scheduler profile name, the value is a string type, spaces are not allowed. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Batch Delete Step 1: Select one or more rows of data that require batch editing. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. Edit Step 1: Click the Edit icon on the table toolbar to open the edit dialog box. image101.jpeg Step 2: Configure the interface. The descriptions of each parameter when setting the basic properties of an interface are shown in the following table. Parameter Description Interface (Required) View the physical interface. Classifier Configure a classifier for the port. Classifier configuration. It is optionally implemented. IEEE 802.1 Enter ieee-802.1. This value ranges from 0 to 7 and is an integer. DSCP Specifies a value to remark the DSCP priority in packets. The value is an integer in the range of 0 to 63. Inet Precedence Enter inet-precedence. This value ranges from 0 to 7 and is an integer. PFC Profile PFC Profile name, which has been defined in the class-of-service pfc-profile in advance. Scheduler Profile Specifies scheduler profile name, the value is a string type, spaces are not allowed. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Delete Step 1: Click the Delete icon on the table toolbar to open the delete dialog box. image103.jpeg Step 2: Click the Apply button to deliver the delete function. 4. PFC Profile Click Advanced / QoS / PFC Profile in the navigation bar. Enter the PFC profile setting page. As shown in the following picture. This chapter describes the basic information about the PFC profile and how to configure the basic information about the PFC profile. image104.jpeg Add Step 1: Click the Add button on the table toolbar to open the add dialog box. image105.jpeg Step 2: Configure the PFC profile. The descriptions of each parameter when setting the basic properties of a PFC profile is shown in the following table. Parameter Description PFC Profile (Required) Profile name, string type. Code Point 0~7 value, only matches IEEE802.1p field. Drop Value is true or false. The default value is false. If the value is false, the priority flow control function is enabled on this code point. Otherwise, the priority flow control function is disabled on this code point. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Batch Delete Step 1: Select the checkbox for multiple rows of data in the table that require batch editing. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. Edit Step 1: Click the edit icon on the table toolbar to open the edit dialog box. image107.jpeg Step 2: Configure the PFC profile. The descriptions of each parameter when setting the basic properties of a PFC profile is shown in the following table. Parameter Description PFC Profile (Required) Profile name, string type. Code Point 0~7 value, only matches the IEEE802.1p field. Drop Value is true or false. The default value is false. If the value is false, the priority flow control function is enabled on this code point. Otherwise, the priority flow control function is disabled on this code point. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Delete Step 1: Click the delete icon on the table toolbar to open the delete dialog box. image109.jpeg Step 2: Click the Apply button to deliver the delete function. 5. Scheduler Click Advanced / QoS / Scheduler in the navigation bar. Enter the scheduler setting page. As shown in the following picture. This chapter describes the basic information about the scheduler and how to configure the basic information of the scheduler. image110.jpeg Add Step 1: Click the Add button on the table toolbar to open the add dialog box. image111.jpeg Step 2: Configure the scheduler. The descriptions of each parameter when setting the basic properties of a scheduler are shown in the following table. Parameter Description Scheduler (Required) Specifies a CoPP scheduler name; the value is a string, spaces are not allowed. Mode Set service category scheduler mode. SP WFQ WRR Weight Specifies scheduler weight. The value is an integer that ranges from 1 to 32. Refer to Table 2 for the default value of the scheduler weight. Guaranteed Rate The minimum guaranteed bandwidth, only for WFQ. The valid guaranteed-rate range is 0-100000000. Max Rate Specifies the maximum rate of an interface queue. The value is an integer in kbit/s. Max Bandwidth PPS Specifies the maximum bandwidth for a CPU queue. The value is an integer. The lower limit of max-bandwidth-pps is 0, and the upper limit of max-bandwidth-pps is the maximum bandwidth that the CPU can receive. Min Bandwidth PPS Specifies the minimum bandwidth for a CPU queue. The value is an integer. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Batch Delete Step 1: Select one or more rows of data that require batch editing. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. Edit Step 1: Click the edit button on the table toolbar to open the edit dialog box. image113.jpeg Step 2: Configure the scheduler. The descriptions of each parameter when setting the basic properties of a scheduler are shown in the following table. Parameter Description Scheduler (Required) Specifies a CoPP scheduler name; the value is a string, spaces are not allowed. Mode Set service category scheduler mode SP WFQ WRR Weight Specifies scheduler weight. The value is an integer that ranges from 1 to 32. Refer to Table 2 for the default value of the scheduler weight. Guaranteed Rate The minimum guaranteed bandwidth, only for WFQ. The valid guaranteed-rate range is 0-100000000. Max Rate Specifies the maximum rate of an interface queue. The value is an integer in kbit/s. Max Bandwidth PPS Specifies the maximum bandwidth for a CPU queue. The value is an integer. The lower limit of max-bandwidth-pps is 0, and the upper limit of max-bandwidth-pps is the maximum bandwidth that the CPU can receive. Min Bandwidth PPS Specifies the minimum bandwidth for a CPU queue. The value is an integer. Step 3: After completing the settings, click the Apply button to finalize the properties configuration Delete Step 1: Click the Delete icon on the table toolbar to open the delete dialog box. image115.jpeg Step 2: Click the Apply button to deliver the delete function. 6. Scheduler Profile Click Advanced / QoS / Scheduler Profile in the navigation bar. Enter the scheduler profile setting page. As shown in the following picture. This chapter describes the basic information about the scheduler profile and how to configure the basic information about the scheduler profile. image116.jpeg Add Step 1: Click the Add button on the table toolbar to open the add dialog box. image117.jpeg Step 2: Configure the scheduler profile. The descriptions of each parameter when setting the basic properties of a scheduler profile are shown in the following table. Parameter Description Scheduler Profile (Required) Name of scheduler profile. Forwarding Class Select the name of the forwarding class. Scheduler Select the queue schedule configuration. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Batch Delete Step 1: Select one or more rows of data that require batch editing. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. Edit Step 1: Click the edit icon on the table toolbar to open the edit dialog box. image119.jpeg Step 2: Configure the scheduler profile. The descriptions of each parameter when setting the basic properties of a scheduler profile are shown in the following table. Parameter Description Scheduler Profile (Required) Name of scheduler profile. Forwarding Class Select the name of the forwarding class. Scheduler Select the queue schedule configuration. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Delete Step 1: Click the delete icon on the table toolbar to open the delete dialog box. image121.jpeg Step 2: Click the Apply button to deliver the delete function. 7. Buffer Management Click Advanced / QoS / Buffer Management in the navigation bar. Enter the buffer management Setting page. As shown in the following picture. This chapter describes the basic information about buffer management and how to configure the basic details of buffer management. image122.jpeg Add Step 1: Click the Add button on the table toolbar to open the add dialog box. image123.jpeg Step 2: Configure buffer management. The descriptions of each parameter when setting the basic properties of buffer management are shown in the following table. Parameter Description Egress Queue (Required) Specifies the interface queue. The value is an integer that ranges from 0 to 7. Shared Ratio Specifies the value of the dynamic threshold ratio of the available shared space. The value is an integer that ranges from 0 to 100, indicating 1% to 100%. The default value is 33. MC Queue Dynamic Shared Enable or disable the dynamic mode of buffer management of the queue. The value could be true or false. true: enable the dynamic mode of buffer management of the queue. false: disable the dynamic mode of buffer management of the queue. By default, the dynamic mode of buffer management is disabled. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Batch Delete Step 1: Select one or more rows of data that required batch editing. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. Edit Step 1: Click the edit icon on the table toolbar to open the edit dialog box. image125.jpeg Step 2: Configure the buffer management. The descriptions of each parameter when setting the basic properties of buffer management are shown in the following table. Parameter Description Egress Queue (Required) Specifies the interface queue. The value is an integer that ranges from 0 to 7. Shared Ratio Specifies the value of the dynamic threshold ratio of the available shared space. The value is an integer that ranges from 0 to 100, indicating 1% to 100%. The default value is 33. MC Queue Dynamic Shared Enable or disable the dynamic mode of buffer management of the queue. The value could be true or false. true: enable the dynamic mode of buffer management of the queue. false: disable the dynamic mode of buffer management of the queue. By default, the dynamic mode of buffer management is disabled. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Clear Step 1: Click the eraser icon on the table toolbar to open the clear dialog box. image127.jpeg Step 2: Click the Apply button to deliver the clear function. Network DHCP Server 1. DHCP Settings Click Network / DHCP Server / DHCP Settings in the navigation bar. Enter the DHCP setting page. As shown in the following picture. This chapter describes the basic information about the DHCP server and how to configure the basic information about DHCP server. image128.jpeg Add DHCP Step 1: Click on the Add DHCP button to open the DHCP server add dialog box. image129.jpeg Step 2: Configure the DHCP server. The descriptions of each parameter when setting the DHCP server are shown in the following table. Parameter Description Pool Name (Required) Set the DHCP pool name. Network (Required) Set the subnet network number and prefix length. (e.g. 192.168.1.0/24.) DNS Server Set the DNS server. Router Set the default route. Lease Time Set the duration of the lease, unit: minute, default value:60 minutes. Domain Name Set the domain name. Step 3: After completing the settings, click the Apply button to finalize the DHCP server configuration. Edit DHCP Step 1: Click the Edit icon on the table toolbar to open the edit dialog box. image131.jpeg Step 2: Configure DHCP. The descriptions of each parameter when setting the DHCP are shown in the following table. Parameter Description Network (Required) Set the subnet network number and prefix length. (e.g. 192.168.1.0/24.) DNS Server Set the DNS server. Router Set the default route. Lease Time Set the duration of the lease, unit: minute, default value: 60 minutes. Domain Name Set the domain name. Step 3: After completing the settings, click the Apply button to finalize the DHCP server configuration. Delete or Batch Delete Step 1: Click the delete icon on the toolbar to pop up a delete dialog box or select the corresponding checkbox to select multiple rows of data. After clicking the Batch Delete button, a delete confirmation dialog box will be prompted. image133.jpeg Step 2: Click the Apply button to delete the selected data. Refresh Click the Refresh button to refresh the table data. image134.jpeg 2. Address Binding Click Network / DHCP Server / Address Binding in the navigation bar. Enter the address binding page. As shown in the following picture. This chapter describes the basic information about DHCP address binding. image135.jpeg Refresh Click the Refresh button to refresh the table data. DHCP Relay 1. DHCP Relay IPv4 Click Network / DHCP Relay / DHCP Relay IPv4 in the navigation bar. Enter the DHCP Relay IPv4 page. As shown in the following picture. This chapter describes the basic information about DHCP relay IPv4 and how to configure the basic information about DHCP relay IPv4. image136.png (1) Option82 Config If you want to configure the parameters of DHCP relay option 82, you can follow the following steps. image137.jpeg Apply Step 1: Configure the DHCP relay IPv4 option 82. The descriptions of each parameter when setting the DHCP relay option 82 are shown in the following table. Parameter Description Trust All Trust the DHCP request packets with option 82. Circuit Id Set DHCP relay option 82 circuit ID formats. Remote Id Set DHCP relay option 82 remote ID formats. Step 2: After completing the settings, click the Apply button to finalize the DHCP relay option 82 configuration. (2) Interface Config If you want to configure the parameters of DHCP relay IPv4, you can follow the following steps. image138.jpeg Add Interface Step 1: Click on the Add Interface button to open the DHCP relay IPv4 add dialog box. image139.jpeg Step 2: Configure the DHCP relay IPv4. The descriptions of each parameter when setting the DHCP relay IPv4 are shown in the following table. Parameter Description Interface Name (Required) Select the L3 interface to configure DHCP relay. Interface State (Required) Set the subnet network number and prefix length. (e.g. 192.168.1.0/24.) Server Address Set the DNS server. Agent Address Set the default route. Step 3: After completing the settings, click the Apply button to finalize the DHCP relay IPv4 configuration. Edit Interface Step 1: Click the Edit icon on the table toolbar to open the edit dialog box. image141.jpeg image142.jpeg Step 2: Configure the DHCP relay IPv4. The descriptions of each parameter when setting the DHCP relay IPv4 are shown in the following table. Parameter Description Interface State (Required) Set the subnet network number and prefix length. (e.g. 192.168.1.0/24.) Server Address Set the DNS server. Agent Address Set the default route. Step 3: After completing the settings, click the Apply button to finalize the DHCP relay IPv4 configuration. Delete or Batch Delete Step 1: Click the Delete icon on the toolbar to pop up a delete dialog box, or select the corresponding checkbox to select multiple rows of data. After clicking the Batch Delete button, a delete confirmation dialog box will be prompted. image144.jpeg Step 2: Click the Apply button to delete the selected data. Refresh Click the Refresh button to refresh the table data. 2. DHCPv6 Relay Click Network / DHCP Relay / DHCPv6 Relay in the navigation bar. Enter the DHCPv6 relay page. As shown in the following picture. This chapter describes the basic information about DHCP relay IPv6 and how to configure the basic information about DHCP relay IPv6. image145.jpeg (1) Interface Config If you want to configure the parameters of DHCP relay IPv6, you can follow the following steps. Add Interface Step 1: Click on the Add Interface button to open the DHCP relay IPv6 Add dialog box. image146.jpeg Step 2: Configure the DHCP relay IPv6. The descriptions of each parameter when setting the DHCP relay IPv6 are shown in the following table. Parameter Description Interface (Required) Select the L3 interface to configure DHCP6 relay. Interface State (Required) Set the DHCP6 relay state. (e.g., enabled, disabled.) Destination Set the DHCP6 server address. Remote Id Set the DHCP6 Relay option remote ID. Step 3: After completing the settings, click the Apply button to finalize the DHCP Relay IPv6 configuration. Edit Interface Step 1: Click the Edit icon button on the table toolbar to open the edit dialog box. image148.jpeg image149.jpeg Step 2: Configure the DHCP relay IPv6. The descriptions of each parameter when setting the DHCP relay IPv6 are shown in the following table. Parameter Description Interface State (Required) Set the DHCP6 relay state. (e.g., enabled, disabled.) Destination Set the DHCP6 server address. Remote Id Set the DHCP6 relay option remote ID. Step 3: After completing the settings, click the Apply button to finalize the DHCP relay IPv6 configuration. Delete or Batch Delete Step 1: Click the delete icon on the toolbar to pop up a delete dialog box or select the corresponding checkbox. After clicking the Batch Delete button, a delete confirmation dialog box will be prompted. image151.jpeg Step 2: Click the Apply button to delete the selected data. Refresh Click the Refresh button to refresh the table data. image152.jpeg (2) Relay Stats If you want to view the latest data of DHCP relay IPv6 stats, you can follow the following steps. Refresh Click the Refresh button to refresh the table data. image153.jpeg IPv4 Static Route Click Network / IPv4 Static Route in the navigation bar. Enter the IPv4 static route page. AS shown in the following picture. This chapter describes the basic information about IPv4 static route information and how to configure the basic information about IPv4 static routes. image154.jpeg 1. Global Config If you want to configure the parameters of IP routing, you can follow the following steps. image155.jpeg Step 1: Configure the IP routing state. The descriptions of each parameter when setting the state of the IP routing state are shown in the following table. Parameter Description IP Routing State Set the enable of routing. Step 2: After completing the settings, click the Apply button to finalize the IPv4 static route configuration. 2. Static Route If you want to configure the parameters of an IPv4 static route, you can follow the following steps. image156.jpeg Add Static Route Step 1: Click on the Add Static Route button to open the static route add dialog box. image157.jpeg image158.png Step 2: Configure the Static Route. The descriptions of each parameter when setting the static route are shown in the following table. Parameter Description Static Route (Required) Establish static routes. Next Hop (Required) Set the next-hop router. Step 3: After completing the settings, click the Apply button to finalize the IPv4 static route configuration. Edit Interface Step 1: Click the Edit icon on the table toolbar to open the edit dialog box. image160.jpeg Step 2: Configure the IPv4 static route. The descriptions of each parameter when setting the IPv4 static route are shown in the following table. Parameter Description Next Hop (Required) Set the next-hop router. Step 3: After completing the settings, click the Apply button to finalize the IPv4 static route configuration. Delete or Batch Delete Step 1: Click the delete icon on the toolbar to pop up a delete dialog box or select the corresponding checkbox. After clicking the Batch Delete button, a delete confirmation dialog box will be prompted. image162.jpeg Step 2: Click the Apply button to delete the selected data. Refresh Click the Refresh button to refresh the table data. image163.jpeg IGMP Snooping 1. Global Config Click Network / IGMP Snooping / Global Config in the navigation bar. Enter the global config page. As shown in the following picture. This chapter describes the basic information about IGPM snooping globally and how to configure the basic information about IGMP snooping globally. image164.jpeg Step 1: Configure the state of IGMP snooping globally. The descriptions of each parameter when setting the state of the IGMP snooping global are shown in the following table. Parameter Description IGMP Snooping (Required) Enable the IGMP snooping module. Report suppression (Required) Set report suppression. Robustness variable (Required) Set the robustness variable. (Range from 2 to 4, the default is 2 and is an integer.) Router aging time (Required) Set the router-aging-time. (Range from 1 to 1000, the default is 260 and is an integer.) Max response time (Required) Set the max-response-time. (Range from 1 to 25, the default is 10, and is an integer.) Query interval (Required) Set the query interval. (Range from 1 to 18000, the default is 60, and is an integer.) Last member query count (Required) Set the last-member-query-count. (Range from 1 to 7, the default is 2, and is an integer.) Last member query interval (Required) Set the last member query interval. (Ranges from 1 to 32, the default is 2, and is an integer.) Step 2: After completing the settings, click the Apply button to finalize the IGMP snooping global configuration. 2. IGMP Snooping Information Click Network / IGMP Snooping / IGMP Snooping Information in the navigation bar. Enter the IGMP snooping information page. As shown in the following picture. This chapter describes the basic information about IGPM Snooping Information and how to configure the basic information about IGPM Snooping Information. image165.jpeg (1) VLAN If you want to configure the parameters of IGMP snooping VLAN, you can follow the following steps. Apply Step 1: Select a VLAN ID to view the information displayed and configuration. image166.jpeg Step 2: Configure the state of the IGMP snooping VLAN. The descriptions of each parameter when setting the state of the IGMP snooping VLAN are shown in the following table. Parameter Description IGMP Snooping VLAN State Enable IGMP snooping in the VLAN. IGMPv2 fast leave Enable fast leave. IGMP querier state Enable the IGMP-querier. IGMP querier source IP address (Required) Set the IP address of the IGMP-querier. IGMP other querier timer (Required) Set the other-querier-timer. (Range from 1 to 1000, the default is 120 and is an integer.) IGMP querier version (Required) Set the IGMP version. (Range from 1 to 2, the default is 2, and is an integer.) Step 3: After completing the settings, click the Apply button to finalize the IGMP snooping in VLAN configuration. Delete Step 1: Select a VLAN ID. Step 2: Click on the Delete button to open the port editing dialog box. image167.jpeg image168.jpeg Step 3: Click the Apply button to deliver the delete function. (2) Groups If you want to configure the parameters of IGMP snooping groups, you can follow the following steps. Add Group Step 1: Click on the Add Group button to open the IGMP snooping group add dialog box. image169.jpeg image170.jpeg Step 2: Configure the state of the IGMP snooping group. The descriptions of each parameter when setting the state of the IGMP snooping group are shown in the following table. Parameter Description VLAN ID (Required) Select the VLAN ID. Group (Required) Set the group. This value is the multicast address. Port (Required) Select the port. Step 3: After completing the settings, click the Apply button to finalize the IGMP Snooping Group configuration. Edit Group Step 1: Click the Edit icon on the table toolbar to open the edit dialog box. image172.jpeg Step 2: Configure the state of the IGMP snooping group. The descriptions of each parameter when setting the state of the IGMP snooping group are shown in the following table. Parameter Description Port (Required) Select the port. Step 3: After completing the settings, click the Apply button to finalize the IGMP snooping group configuration. Delete Step 1: Click the Delete icon on the toolbar to pop up a delete dialog box. image174.jpeg Step 2: Click the Apply button to delete the selected data. Refresh Click the Refresh button to refresh the table data. image175.jpeg (3) Mrouter If you want to configure the parameters of the IGMP snooping mrouter, you can follow the following steps. Add Mrouter Step 1: Click on the Add Mrouter button to open the IGMP snooping mrouter add dialog box. image176.jpeg image177.jpeg Step 2: Configure the state of the IGMP snooping mrouter. The descriptions of each parameter when setting the state of the IGMP snooping mrouter are shown in the following table. Parameter Description VLAN ID (Required) Select the VLAN ID. Port (Required) Select the port. Step 3: After completing the settings, click the Apply button to finalize the IGMP snooping mrouter configuration. Edit Mrouter Step 1: Click the Edit icon button on the table toolbar to open the edit dialog box. Step 2: Configure the state of the IGMP Snooping Mrouter. The descriptions of each parameter when setting the state of the IGMP snooping mrouter are shown in the following table. Parameter Description Port (Required) Select the port. image179.jpeg Step 3: After completing the settings, click the Apply button to finalize the IGMP snooping mrouter configuration. Delete Step 1: Click the delete icon button on the toolbar to pop up a delete dialog box. image181.jpeg Step 2: Click the Apply button to delete the selected data. Refresh Click the Refresh button to refresh the table data. image182.jpeg LLDP 1. Global Config Click Network / LLDP / Global Config in the navigation bar. Enter the global config page. As shown in the following picture. This chapter describes the basic information about the LLDP global. and how to configure the basic information about LLDP globally. image183.jpeg Step 1: Configure the state of the LLDP group. The descriptions of each parameter when setting the state of the LLDP group are shown in the following table. Parameter Description State (Required) Set the state of the LLDP. Advertisement Interval (Required) Set the advertisement interval. (Range from 5 to 32768, the default is 30, and is an integer.) Reinit Delay (Required) Set the reinit delay. (Range from 2 to 5, the default is 2, and is an integer.) Transmit Delay (Required) Set the transmit delay. (Range from 1 to 8192, the default is 2, and is an integer.) Hold Time Multiplier (Required) Set the hold time multiplier. (Range from 1 to 300, the default is 4, it is an integer.) Hold Timer The hold timer will be multiplied by the advertisement interval and hold time multiplier. Med Fast Start Repeat Count (Required) Set the med fast start repeat count (Range from 1 to 10, the default is 4, and is an integer.) Tlv Select (Required) Select the Tlv select and multiple options can be selected. (The value that can be selected is macphy-config, management-address, port-description, port-vlan, system-capabilities, system-description, and system-name.) Med Tlv selects (Required) Select the med Tlv select and multiple options can be selected. (The value that can be selected is inventory-management and network-policy.) Step 2: After completing the settings, click the Apply button to finalize the LLDP group configuration. 2. Interface Config Click Network / LLDP / Interface Config in the navigation bar. Enter the interface config page. As shown in the following picture. This chapter describes the basic information about LLDP interface configuration and how to configure the basic information about LLDP interface configuration. image184.jpeg Batch Edit Step 1: Select one or more rows of data that require batch editing. image185.jpeg Step 2: Click on the Batch Edit button to open the LLDP interface editing dialog box. image186.jpeg Step 3: Configure the state of the LLDP interface working mode. The descriptions of each parameter when setting the state of the LLDP interface are shown in the following table. Parameter Description Interface (Required) The unique identifier assigned to the port on the network device. Working Mode (Required) Select the working mode of the interface. (Options: disabled, tx_only, rx_only, tx_rx) Step 4: After completing the settings, click the Apply button to finalize the LLDP group configuration. Edit Step 1: Click the Edit icon on the table toolbar to open the edit dialog box. image188.jpeg Step 2: Configure the state of the LLDP interface working mode. The descriptions of each parameter when setting the state of the LLDP interface are shown in the following table. Parameter Description Interface (Required) The unique identifier assigned to the port on the network device. Working Mode (Required) Select the working mode of the interface. (Options: disabled, tx_only, rx_only, tx_rx.) Step 3: After completing the settings, click the Apply button to finalize the LLDP group configuration. Refresh Click the Refresh button to refresh the table data. image189.jpeg 3. Statistics Config Click Network / LLDP / Interface Config in the navigation bar. Enter the interface config page. As shown in the following picture. This chapter describes the basic information about LLDP interface configuration and how to configure the basic information about LLDP interface configuration. image190.jpeg Refresh Click the Refresh button to refresh the table data. image191.jpeg 4. Neighbours Info Click Network / LLDP / Neighbours Info in the navigation bar. Enter the Neighbours Info page. As shown in the following picture. This chapter describes the basic information about LLDP Neighbours Info. image192.jpeg Refresh Click the Refresh button to refresh the table data. image193.jpeg VLAN 1. VLAN Settings Click Network / VLAN / VLAN Setting in the navigation bar. Enter the VLAN settings page. As shown in the following picture. This chapter describes the basic information about VLAN settings and how to configure the basic information about VLAN. image194.png Batch Edit Step 1: Select one or more rows of data that require batch editing. image195.jpeg Step 2: Click on the Batch Edit button to open the VLAN name editing dialog box. image196.jpeg Step 3: Configure the VLAN. The descriptions of each parameter when setting the name of VLAN are shown in the following table. Parameter Description VLAN ID (Required) The unique identifier assigned to the VLAN ID on the network device. VLAN Name Set the VLAN name of the VLAN ID. Step 4: After completing the settings, click the Apply button to finalize the VLAN name configuration. Edit VLAN Step 1: Click the Edit icon on the table toolbar to open the edit dialog box. image198.jpeg Step 2: Configure the VLAN. The descriptions of each parameter when setting the name of a VLAN are shown in the following table. Parameter Description VLAN ID (Required) The unique identifier assigned to the VLAN ID on the network device. VLAN Name Set the VLAN name of the VLAN ID. Step 3: After completing the settings, click the Apply button to finalize the VLAN name configuration. Refresh Click the Refresh button to refresh the table data. 2. Interface Settings Click Network / VLAN / Interface Settings in the navigation bar. Enter the interface settings page. As shown in the following picture. This chapter describes the basic information about access/trunk ports and how to configure the basic information about interface settings. image199.jpeg Edit Port Step 1: Click the Edit button on the table toolbar to open the edit dialog box. image200.jpeg Step 2: Configure the port. The descriptions of each parameter when setting the basic properties of a port are shown in the following table. Parameter Description Interface (Required) The unique identifier assigned to the port on the network device. Port Mode (Required) Set the port mode of the interface. (e.g., access, trunk, pvlan-host, pvlan-secondary-trunk, pvlan-promiscuous, pvlan-promiscuous-trunk.) Native VLAN (Required) Set the native VLAN of the interface. (Range from 1 to 4094 and is an integer.) VLAN member (Required) Set the VLAN member of the interface. (Range from 1 to 4094 and is an integer.) Untagged (Required) Set the untagged. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Clear Step 1: Click the eraser icon on the table toolbar to open the Clear dialog. image202.jpeg Step 2: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. 3. Private VLAN Click Network / VLAN / Private VLAN in the navigation bar. Enter the private VLAN page. As shown in the following picture. This chapter describes the basic information about private VLAN and how to configure the basic information about private VLAN. image203.jpeg Add Private VLAN Step 1: Click on the Add Private VLAN button to open the private VLAN add dialog box. image204.jpeg Step 2: Configure the private VLAN. The descriptions of each parameter when setting the private VLAN are shown in the following table. Parameter Description Primary VLAN (Required) Set the primary VLAN. (Range from 1 to 4094 and is an integer.) Isolated VLAN Set the isolated VLAN. (Range from 1 to 4094 and is an integer.) Community VLAN Set the community VLAN. (Range from 1 to 4094 and is an integer.eg 2,3,4...) Step 3: After completing the settings, click the Apply button to finalize the private VLAN configuration. Edit Private VLAN Step 1: Click the Edit on the table toolbar to open the edit dialog box. image206.jpeg Step 2: Configure the private VLAN. The descriptions of each parameter when setting the private VLAN are shown in the following table. Parameter Description Isolated VLAN Set the isolated VLAN. (Range from 1 to 4094 and is an integer.) Community VLAN Set the community VLAN. (Range from 1 to 4094 and is an integer.eg 2,3,4 ) Step 3: After completing the settings, click the Apply button to finalize the private VLAN configuration. Delete Step 1: Click the Delete icon on the table toolbar to open the delete dialog box. Step 2 Click the Apply button to deliver the delete function. image208.jpeg Refresh Click the Refresh button to refresh the table data. image209.jpeg 4. VLAN MAC Click Network / VLAN / VLAN MAC in the navigation bar. Enter the VLAN MAC page. As shown in the following picture. This chapter describes the basic information about VLAN MAC and how to configure the basic information about VLAN MAC. image210.jpeg Add Mac-base Step 1: Click on the Add Mac-base button to open the VLAN MAC address and add dialog box. image211.jpeg Step 2: Configure the mac-base. The descriptions of each parameter when setting the mac-base are shown in the following table. Parameter Description Mac Address (Required) Set the MAC address. VLAN ID Set the VLAN ID. (Range from 1 to 4094 and is an integer.) Step 3: After completing the settings, click the Apply button to finalize the MAC address of the VLAN configuration. Edit Mac-base Step 1: Click the Edit icon on the table toolbar to open the edit dialog box. image213.jpeg Step 2: Configure the mac-base. The descriptions of each parameter when setting the mac-base are shown in the following table. Parameter Description VLAN ID (Required) Set the VLAN ID. (Range from 1 to 4094 and is an integer.) Step 3: After completing the settings, click the Apply button to finalize the MAC address of VLAN configuration. Delete or Batch Delete Step 1: Click the Delete icon on the toolbar to pop up a delete dialog box or select the corresponding checkbox. After clicking the Batch Delete button, a delete confirmation dialog box will be prompted. image215.jpeg Step 2：Click the Apply button to delete the selected data. Refresh Click the Refresh button to refresh the table data. Voice VLAN 1. OUl Settings Click Network / Voice VLAN / OUI Setting in the navigation bar. Enter the OUI Settings page. As shown in the following picture. This chapter describes the basic information about OUI settings. image216.jpeg Refresh Click the Refresh button to refresh the table data. 2. Interfaces Config Click Network / Voice VLAN / Interfaces in the navigation bar. Enter the voice interfaces page. As shown in the following picture. This chapter describes the basic information about voice interfaces and how to configure the basic information about interfaces. image217.jpeg Add Voice VLAN Step 1: Click on the Add Voice VLAN button to open the voice VLAN add dialog box. image218.jpeg Step 2: Configure the voice VLAN. The descriptions of each parameter when setting the voice VLAN are shown in the following table. Parameter Description Voice VLAN ID (Required) Set the voice VLAN. Local Priority (Required) Set the local priority. (Range from 0 to 7, the default value is 5, and the value must be an integer.) DSCP (Required) Set the DSCP. (Range from 0 to 63, the default value is 4, and the value must be an integer.) Aging Time (Required) Set the aging time. (Range from 5 to 43200, the default value is 1000, and the value must be an integer.) Voice Port (Required) Select the voice port. Port Mode The voice port of the mode is trunk. Mode Set the mode. (e.g., auto, manual.) Tagged Set the tagged. (e.g., untag, tag.) Step 3: After completing the settings, click the Apply button to finalize the voice VLAN configuration. Edit Voice VLAN Step 1: Click the Edit icon on the table toolbar to open the edit dialog box. image220.jpeg Step 2: Configure the voice VLAN. The descriptions of each parameter when setting the voice VLAN are shown in the following table. Parameter Description Local Priority (Required) Set the local priority. (Range from 0 to 7, the default value is 5, and the value must be an integer.) DSCP(Required) Set the DSCP. (Range from 0 to 63, the default value is 4, and the value must be an integer.) Aging Time (Required) Set the aging time. (Range from 5 to 43200, the default value is 1000, and the value must be an integer.) Port Mode The voice port of the mode is trunk. Mode Set the mode. (e.g., auto, manual.) Tagged Set the tagged. (e.g., untag, tag.) Step 3: After completing the settings, click the Apply button to finalize the voice VLAN configuration. Delete or Batch Delete Step 1: Click the Delete icon button on the toolbar to pop up a delete dialog box or select the corresponding checkbox. After clicking the Batch Delete button, a delete confirmation dialog box will be prompted. image222.jpeg Step 2: Click the Apply button to delete the selected data. Refresh Click the Refresh button to refresh the table data. SSH 1. Global Config Click Network / SSH / Global Configure in the navigation bar. Enter the Global Config page. As shown in the following picture. This chapter describes the basic information about SSH global config and how to configure the basic information about SSH global config. image223.jpeg SSH Connection Limit If you want to configure the parameters of the SSH connection limit, you can follow the following steps. image224.jpeg Step 1: Configure the SSH connection limit. The descriptions of each parameter when setting the SSH connection limit are shown in the following table. Parameter Description Protocol Version Set the protocol version. Connection Limit Set the connection limit. (Range from 0 to 254, and the value must be an integer.) Step 2: After completing the settings, click the Apply button to finalize the SSH connection limit configuration. Idle Timeout for SSH User If you want to configure the parameters of the Idle timeout for SSH users, you can follow the following steps. image225.jpeg Step 1: Configure the idle timeout of SSH users. The descriptions of each parameter when setting the idle timeout of SSH users are shown in the following table. Parameter Description Idle Timeout Set the idle timeout. (Range from 0 to 2000000 and is an integer.) Step 2: After completing the settings, click the Apply button to finalize the idle timeout of SSH user’s configuration. Port Number of the SSH server If you want to configure the parameters of the port number of the SSH server, you can follow the following steps. image226.jpeg Step 1: Configure the port number of the SSH server. The descriptions of each parameter when setting the port number of the SSH server are shown in the following table. Parameter Description Port Set the port. (Range from 1 to 65535, the default is 22 and is an integer.) Step 2: After completing the settings, click the Apply button to finalize the port number of the SSH server configuration. VRRP Click Network / VRRP in the navigation bar. Enter the VRRP page. As shown in the following picture. This chapter describes the basic information about VRRP information and how to configure the basic information about VRRP. image227.jpeg Add VRRP Step 1: Click on the Add VRRP button to open the add dialog box. image228.jpeg Step 2: Configure the VRRP. The descriptions of each parameter when setting the VRRP are shown in the following table. Parameter Description Interface (Required) Select the interface. VRID(Required) Set the connection limit. (Range from 1 to 254, and the value must be an integer.) Version (Required) Select the version. Disable Set the disable of the VRRP. IPv4/IPv6 Set IPv4/IPv6. Load Balance Set the load balance. Adver interval Set the adver interval. (Range from 1 to 255, the default value is 4 and the value must be an integer.) Time Interval Set the time interval. (Range from 60 to 14400, the default value is 120 and the value must be an integer.) Preempt Set the preempt. Priority (Required) Set the priority. (Range from 1 to 254, the default value is 100 and the value must be an integer.) Step 3: After completing the settings, click the Apply button to finalize the VRRP configuration. Edit VRRP Step 1: Click the Edit on the table toolbar to open the edit dialog box. image230.jpeg Step 2: Configure the VRRP. The descriptions of each parameter when setting the VRRP are shown in the following table. Parameter Description Version (Required) Select the version. Disable Set the disable of the VRRP. IPv4/IPv6 Set IPv4/IPv6. Load Balance Set the load balance. Adver Interval Set the adver interval. (Range from 1 to 255, the default value is 4 and the value must be an integer.) Time Interval Set the time interval. (Range from 60 to 14400, the default value is 120 and the value must be an integer.) Preempt Set the preempt. Priority (Required) Set the priority. (Range from 1 to 254, the default value is 100 and the value must be an integer.) Step 3: After completing the settings, click the Apply button to finalize the VRRP configuration. Delete Step 1: Click the Delete icon button on the table toolbar to open the delete dialog box. image232.jpeg Step 2: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. Security AAA This chapter describes the basic information about AAA (Authentication, Authorization, and Accounting) and how to configure the basic information about AAA. 1. Global Config Click Security / AAA / Global Config in the navigation bar. Enter the global config page. As shown in the following picture. This section mainly describes how to configure and view the global config. image233.jpeg Step 1: Configure the global config. The descriptions of each parameter when setting the basic properties of the global config are shown in the following table. Parameter Description Local Authentication Configuration Enable or disable the local authentication function. Local Authentication Fallback Configuration Enable or disable the local authentication fallback function. Step 2: After completing the settings, click the Apply button to finalize the global config properties configuration. 2. TACACS+ Step 1: Click Security / AAA / TACACS+ in the navigation bar. Enter the TACACS+ page. As shown in the following picture. This section mainly describes how to configure and view TACACS+. image234.jpeg Step 2: Configure the TACACS+. The descriptions of each parameter when setting the basic properties of TACACS+ are shown in the following table. Parameter Description Tacacs+ (Required) Enable or disable the TACACS+ function. Authorization Enable or disable the TACACS+ authorization. Accounting Enable or disable the TACACS+ accounting. Server-IP (Required) Configure the IPv4 addresses of TACACS+ servers. Separate multiple addresses with commas. Key (Required) Set the shared key of the TACACS+ server. The length of the key must be more than 6 characters. Port-Number Set the port number of a TACACS+ server. The Port-Number is a nonnegative integer, and the default value is 49. Timeout (Unit: second) Set the response timeout interval of a TACACS+ server. The timeout is a non-negative integer, and the default value is 5. Auth-Type Select TACACS+ authentication type. The value could be ASCII, chap, or pap, and the default value is ASCII. Source-Interface Select the source interface the switch uses to connect to the TACACS+ server. The value could be an L3 VLAN interface, loopback interface, routed interface, or sub-interface that enables inband management or eth0. By default, the source interface is eth0. Step 3: After completing the settings, click the Apply button to finalize the TACACS+ properties configuration. 3. RADIUS Click Security / AAA / RADIUS in the navigation bar. Enter the RADIUS page. As shown in the following picture. This section mainly describes how to configure and view RADIUS. image235.jpeg Source Interface Step 1: Configure the source interface. The descriptions of each parameter when setting the basic properties of the source interface are shown in the following table. Parameter Description Source-Interface Select the source interface the switch uses to connect to the RADIUS server. The value could be an L3 VLAN interface, loopback interface, routed interface, or sub-interface that enables inband management or eth0. By default, the source interface is eth0. Step 2: After completing the settings, click the Apply button to finalize the source interface properties configuration. 4. Authorization Config image236.jpeg RADIUS Authentication And Authorization Function Step 1: Configure the RADIUS Authentication and Authorization Function. The descriptions of each parameter when setting the basic properties of RADIUS authentication and authorization function are shown in the following table. Parameter Description RADIUS Authentication And Authorization Function Enable or disable the RADIUS authentication and authorization function. Step 2: After completing the settings, click the Apply button to finalize the RADIUS authentication and authorization function properties configuration. Add Step 1: Click the Add button to open the Add Authorization Server dialog box. image237.jpeg Step 2: Configure the authorization server. The descriptions of each parameter when setting the basic properties of the authorization server are shown in the following table. Parameter Description Server IP (Required) Set the IPv4 or IPv6 address of a RADIUS authentication and authorization server. Port Set the port number of a RADIUS authentication and authorization server. The Port is a nonnegative integer, and the default value is 1812. Shared Key Set the shared key of a RADIUS authentication and authorization server. Timeout (Unit: second) Set the response timeout interval of a RADIUS authentication and authorization server. The timeout is a nonnegative integer, and the default value is 5. Step 3: After completing the settings, click the Apply button to finalize the authorization server properties configuration. Batch Delete Step 1: Select one or more rows of data that require batch deleting. image238.jpeg Step 2: Click the Batch Delete button to open the delete confirmation dialog box. image239.jpeg Step 3: Click the Apply button to issue the configuration. Edit Step 1: Click the Edit icon to open the Edit Authorization Server dialog box. image241.jpeg Step 2: Edit the authorization server. The descriptions of each parameter when editing the basic properties of the authorization server are shown in the following table. Parameter Description Port Edit the Port. The Port is a nonnegative integer, and the default value is 1812. Shared Key Edit the shared key Timeout (Unit: second) Edit the Timeout. The timeout is a nonnegative integer, and the default value is 5. Step 3: After completing the editing, click Apply. Refresh Click the Refresh button to refresh the Authorization Config table data. 5. Accounting Config image242.jpeg RADIUS Accounting Function Step 1: Configure the RADIUS accounting function. The descriptions of each parameter when setting the basic properties of the RADIUS accounting function are shown in the following table. Parameter Description RADIUS Accounting Function Enable or disable the RADIUS accounting function. Step 2: After completing the settings, click the Apply button to finalize the RADIUS accounting function properties configuration. Add Accounting Server Step 1: Click the Add button to open the Add Accounting Server dialog box. image243.jpeg Step 2: Configure the accounting server. The descriptions of each parameter when setting the basic properties of the accounting server are shown in the following table. Parameter Description Server IP (Required) Set the IPv4 or IPv6 address of a RADIUS accounting server. Port Set the port number of a RADIUS accounting server. The port is a nonnegative integer, and the default value is 1812. Shared Key Set the shared key of a Radius accounting server. Timeout (Unit: second) Set the response timeout interval of a RADIUS accounting server. The timeout is a nonnegative integer, and the default value is 5. Step 3: After completing the settings, click the Apply button to finalize the accounting server properties configuration. Batch Delete Step 1: Select one or more rows of data that require batch deleting. image244.jpeg Step 2: Click the Batch Delete button to open the delete confirmation dialog box. image245.jpeg Step 3: Click the Apply button to issue the configuration. Edit Accounting Server Step 1: Click the edit button to open the Edit Accounting Server dialog box. image247.jpeg Step 2: Edit the accounting server. The descriptions of each parameter when editing the basic properties of the accounting server are shown in the following table. Parameter Description Port Edit the Port. The Port is a nonnegative integer, and the default value is 1812. Shared Key Edit the shared key Timeout (Unit: second) Edit the timeout. The timeout is a nonnegative integer, and the default value is 5. Step 3: After editing, click the Apply button to finalize the accounting server properties configuration. Refresh Click the Refresh button to refresh the Accounting Config table data. ARP This chapter describes the basic information about ARP, and how to configure the basic information about ARP. 1. ARP Information Click Security / ARP / ARP Information in the navigation bar. Enter the ARP information page. As shown in the following picture. This section mainly describes how to configure and view ARP information. (1) Aging Time image248.jpeg Step 1: Configure the aging time. The following table describes each parameter for setting the aging time’s basic properties. Parameter Description Aging Time (Unit: second) Set the amount of time the address will remain in cache. The default ARP aging time is 1200 seconds. Step 2: After completing the settings, click the Apply button to finalize the aging time properties configuration. (2) ARP Information Table image249.jpeg Refresh Click the Refresh button to refresh the ARP Information table data. Search Step 1: Enter the search keywords. Step 2: Click the Search button to query the specified ARPs, and the table will display the queried information found based on the search keywords. 2. ARP Statistics Click Security / ARP / ARP Statistics in the navigation bar. Enter the ARP statistics page. As shown in the following picture. This section mainly describes how to view ARP statistics. Click the Refresh button to refresh the ARP statistics. image250.jpeg 3. Static ARP Click Security / ARP / Static ARP in the navigation bar. Enter the Static ARP page. As shown in the following picture. This section mainly describes how to configure and view static ARP. image251.jpeg Add Step 1: Click the Add button to open the Add Static ARP dialog box. Step 2: Configure the static ARP. The descriptions of each parameter when setting the basic properties of static ARP are shown in the following table. Parameter Description Interface (Required) Select an L3 interface. Proxy Enable or disable proxy ARP on an interface. IP Address (Required) Set the IPv4 address in a static ARP entry, IP address, and selected L3 interface should belong to the same network segment. MAC Address (Required) Set the MAC address in a static ARP entry. Step 3: After completing the settings, click the Apply button to finalize the static ARP properties configuration. Batch Delete Step 1: Select one or more rows of data that require batch deleting. image253.jpeg Step 2: Click the Batch Delete button to open the delete confirmation dialog box. image254.jpeg Step 3: Click the Apply button to issue the configuration. Show more Addresses When multiple addresses are configured under an interface, click the show more button to display all the configured addresses under the current interface. image255.jpeg Click the Close button to hide the expanded addresses. image256.jpeg Edit Step 1: Click the edit button to open the Edit Static ARP dialog box. image258.jpeg Step 2: Configure the static ARP. The descriptions of each parameter when editing the basic properties of static ARP are shown in the following table. Parameter Description Proxy Edit the Proxy. IP Address Edit the IPv4 address in a static ARP entry, IP Address, and the selected L3 interface should belong to the same network segment. MAC Address Edit the MAC Address. Step 3: After completing the editing, click Apply. Delete Step 1: Click the Delete button to open the delete dialog box. image260.jpeg Step 2: Click the Apply button to issue the configuration. Refresh Click the Refresh button to refresh the Static ARP table data. Search Step 1: Enter the search keywords. Step 2: Click the Search button to query the specified static ARPs, and the table will display the queried information found based on the search keywords. ARP Inspection This chapter describes the basic information about ARP inspection and how to configure the basic information about ARP Inspection. 1. ARP Inspection Trust-Port Click Security / ARP Inspection / ARP Inspection Trust Port in the navigation bar. Enter the ARP Inspection Trust-Port page. As shown in the following picture. This section mainly describes how to configure and view ARP Inspection TrustPort. image261.jpeg Batch Edit Step 1: Select one or more rows of data that require batch editing. image262.jpeg Step 2: Click the Batch Edit button to open the Batch Edit dialog box. image263.jpeg Step 3: Configure the ARP inspection trust-port. The following table describes each parameter for configuring ARP Inspection Trust-Port basic properties. Parameter Description Interface Trust State Set or do not set the selected interfaces as a trust port on which ARP inspection will not be implemented. Step 4: After editing, click the Apply button to finalize the ARP inspection trust-port properties configuration. Edit Step 1: Click the Edit icon to open the edit dialog box. image265.jpeg Step 2: Configure the ARP inspection trust-port. The following table describes each parameter for configuring ARP Inspection Trust-Port basic properties. Parameter Description Interface Trust State Set or do not set the selected interfaces as a trust port on which ARP inspection will not be implemented. Step 3: After editing, click the Apply button to finalize the ARP inspection trust-port properties configuration. Refresh Click the Refresh button to refresh the ARP Inspection Trust-Port table data. Search Step 1: Enter the search keywords. Step 2: Click the Search button to query the specified ARP inspection trust-ports, and the table will display the queried information found based on the search keywords. 2. ARP Inspection Access-List Click Security / ARP / ARP Inspection Access List in the navigation bar. Enter the ARP inspection access list page. As shown in the following picture. This section mainly describes how to configure and view the ARP Inspection Access List. image266.jpeg Add ARP Inspection Access-List Step 1: Click the Add button to open the Add ARP Inspection Access-List dialog box. image267.jpeg Step 2: Configure the ARP inspection access list. The descriptions of each parameter when setting the basic properties of the ARP inspection access-list are shown in the following table. Parameter Description ACL Name (Required) Set the access list name in an ARP inspection access-list entry. IP Address Set the IPv4 address in an ARP inspection access-list entry. MAC Address Set the MAC address in an ARP inspection access-list entry. Step 3: After completing the settings, click the Apply button to finalize the ARP inspection access-list properties configuration. Batch Step 1: Select one or more rows of data that require batch deleting. image268.jpeg Step 2: Click the Batch Delete button to open the delete confirmation dialog box. image269.jpeg Step 3: Click the Apply button to issue the configuration. Show more Addresses When multiple addresses are configured under a static ACL, click the show more button to display all the configured addresses under the current static ACL. image270.jpeg Click the Close button to hide the expanded addresses. image271.jpeg Edit Step 1: Click the Edit icon to open the Edit ARP Inspection Access-List dialog box. image273.jpeg Step 2: Edit the ARP inspection access list. The descriptions of each parameter when editing the basic properties of ARP inspection access-list are shown in the following table. Parameter Description IP Address Edit the IPv4 address. MAC Address Edit the MAC Address. Step 3: After completing the editing, click the Apply button to finalize the ARP inspection access-list properties configuration. Delete Step 1: Click the Delete icon to open the delete confirmation dialog box. image275.jpeg Step 2: Click the Apply button to issue the configuration. Refresh Click the Refresh button to refresh the ARP Inspection Access-List table data. Search Step 1: Enter the search keywords. Step 2: Click the Search button to query the specified ARP inspection access-lists; the table will display the queried information found based on search keywords. 3. ARP Inspection VLAN Click Security / ARP / ARP Inspection VLAN in the navigation bar. Enter the ARP inspection VLAN page. As shown in the following picture. This section mainly describes how to configure and view ARP inspection VLAN. image276.jpeg Batch Delete Step 1: Select one or more rows of data that require batch deleting. image277.jpeg Step 2: Click the Batch Delete button to open the delete confirmation dialog box. image278.jpeg Step 3: Click the Apply button to issue the configuration. Edit Step 1: Click Edit to open the Edit ARP Inspection VLAN dialog box. image280.jpeg Step 2: Configure the ARP inspection VLAN. The descriptions of each parameter when editing the basic properties of ARP inspection VLAN are shown in the following table. Parameter Description VLAN Configuration Edit the VLAN configuration. VLAN Access-List Select access-lists. Step 3: After completing the editing, click the Apply button to finalize the ARP inspection VLAN properties configuration. Detail Click the book icon to open the selected VLAN statistics dialog box. image282.jpeg Refresh Click the Refresh button to refresh the ARP Inspection VLAN table data. Search Step 1: Enter the search keywords. Step 2: Click the Search button to query the specified ARP inspection VLANs, and the table will display the queried information found based on search keywords. 4. ARP Inspection DHCP-Binding Click Security / ARP / ARP Inspection DHCP Binding in the navigation bar. Enter the ARP Inspection DHCP Binding page. As shown in the following picture. This section mainly describes how to configure and view ARP Inspection DHCP Binding. This table includes the ARP entries generated from the DHCP snooping or DHCP relay table. image283.jpeg Refresh Click the Refresh button to refresh the ARP Inspection DHCP Binding table data. Search Step 1: Enter the search keywords. Step 2: Click the Search button to query the specified ARP inspection DHCP bindings, and the table will display the queried information found based on search keywords. Port Security Click Security / Port Security in the navigation bar. Enter the port security page. As shown in the following picture. This chapter describes the basic information about port security and how to configure the basic information about port security. image284.jpeg 1. Port Security image285.jpeg Edit Port Security Step 1: Click the Edit icon to open the edit port security dialog box. image287.jpeg image288.jpeg Step 2: Edit port security. The descriptions of each parameter when editing the basic properties of port security are shown in the following table. Parameter Description Port Security Enable or disable port security for the selected interface. Violation Select a protective action for the system to perform when the number of learned MAC addresses exceeds the MAC limit. The value could be protect, restrict, shutdown, or shutdown-temp. The default value is protect. protect: Discards packets with new source MAC addresses when the number of learned MAC addresses exceeds the limit. restrict: Discards packets with new source MAC addresses and generates a warning syslog message when the number of learned MAC addresses exceeds the limit. shutdown: Shuts the interface down, sets the interface status to error-disabled, and generates a warning syslog message when the number of learned MAC addresses exceeds the limit. shutdown-temp: Shuts the interface down temporarily, sets the interface status to error-discard, and generates a warning syslog message when the number of learned MAC addresses exceeds the limit. Block Type Select the type of packet that will be blocked in the egress direction of the secure port. The value could be all, broadcast, multicast, uni-multicast, or unicast. By default, packets will not be blocked by port security in the egress direction of the port. all: Discards all the packets in the egress direction of the port. broadcast: Discards only the broadcast packets in the egress direction of the port. multicast: Discards only the multicast packets in the egress direction of the port. uni-multi-cast: Discards both the unknown unicast packets and multicast packets in the egress direction of the port. unicast: Discards only the unknown unicast packets in the egress direction of the port. MAC Limit Set the maximum number of secure MAC addresses that can be learned on an interface. Range (1-1024), default value is 1. Sticky Enable or disable the sticky function on an interface. Step 3: After editing, click the Apply button to finalize the port security properties configuration. Refresh Click the Refresh button to refresh the Port Security table data. 2. Secure MAC Address Table Step 1: Click the interface name. image289.jpeg Step 2: Enter the Secure MAC Address table page. As shown in the following picture. image290.jpeg Add Step 1: Click the Add Static MAC Address button to open the Add Static MAC Address dialog box. (Please enable port security for the current port first.) image291.jpeg Step 2: Configure the static MAC address. The descriptions of each parameter when setting the basic properties of the static MAC address are shown in the following table. Parameter Description MAC Address Set a static secure MAC address. VLAN ID Select a VLAN. Step 3: After completing the settings, click the Apply button to finalize the static MAC address properties configuration. Batch Delete Step 1: Select one or more rows of data that require batch deleting. image292.jpeg Step 2: Click the Batch Delete button to open the delete confirmation dialog box. image293.jpeg Step 3: Click the Apply button to issue the configuration. Delete Step 1: Click the Delete icon to open the delete dialog box. image295.jpeg Step 2: Click the Apply button to issue the configuration. Refresh Click the Refresh button to refresh the Secure Mac Address table data. SNMP This chapter describes the basic information about SNMP, and how to configure the basic information about SNMP. 1. SNMP v1/v2 Community Click Security / SNMP / SNMP v1/v2 Community in the navigation bar. Enter the SNMP v1/v2 Community page. As shown in the following picture. This section mainly describes how to configure and view the SNMPv1/v2 community. image296.jpeg (1) SNMP Information Config image297.jpeg Step 1: Configure the SNMP information config. The descriptions of each parameter when setting the basic properties of the SNMP information config are shown in the following table. Parameter Description SNMP Location Set the physical location information of the device. SNMP Contact Set the contact information for system maintenance. Step 2: After completing the settings, click the Apply button to finalize the SNMP information configuration properties. (2) SNMP Community List image298.jpeg Add Step 1: Click the Add button to open the Add SNMP Community dialog box. image299.jpeg Step 2: Configure the SNMP community. The descriptions of each parameter when setting the basic properties of the SNMP community are shown in the following table. Parameter Description Community (Required) Set a SNMPv1 or SNMPv2c community name. Client IPs Configure the SNMP client IP addresses. Enter IPv4 addresses separated by commas. Authorization Select the authorization for an SNMP community. The value could be read-only or read-write. read-only: Indicates that the community with a specified name has read-only rights. read-write: Indicates that the community with a specified name has the read-write rights. Step 3: After completing the settings, click the Apply button to finalize the SNMP community properties configuration. Batch Delete Step 1: Select the checkbox for multiple rows of the SNMP community data in the table that require batch deletion. image300.jpeg Step 2: Click the Batch Delete button to open the delete confirmation dialog box. image301.jpeg Step 3: Click the Apply button to issue the configuration. Edit Step 1: Click the Edit icon to open the Edit SNMP Community dialog box. image303.jpeg Step 2: Configure the SNMP community settings. The table below describes each available parameter for basic community properties. Parameter Description Client IPs Edit the Client IPs. Authorization Select the authorization for an SNMP community. The value could be read-only or read-write. read-only: Indicates that the community with a specified name has read-only rights. read-write: Indicates that the community with a specified name has read-write rights. Step 3: After editing, click the Apply button to finalize the SNMP community properties configuration. Refresh Click the Refresh button to refresh the SNMP Community List table data. Search Step 1: Enter the search keywords. Step 2: Click the Search button to query the specified SNMP communities, and the table will display the queried information found based on the search keywords. 2. SNMP Trap Group Click Security /SNMP / SNMP Trap Group in the navigation bar. Enter the SNMP trap group page. As shown in the following picture. This section mainly describes how to configure and view the SNMP trap group. image304.jpeg (1) Global Config image305.jpeg Step 1: Global config. The descriptions of each parameter when setting the basic properties of the global config are shown in the following table. Parameter Description Version Choose the version of the SNMP trap messages. The default version is v2. Source Interface Select the source interface from which traps are sent. The value could be eth0, loopback interface, routed interface, sub-interface, or VLAN interface. Mac Threshold Status Enable or disable the function of monitoring the switch's MAC address table usage. Mac Threshold Limit Set the limit threshold for MAC address table usage monitoring to send SNMP trap messages. The default value is 50. Mac Threshold Interval (Unit: second) Set the time duration when the MAC address table usage continues to exceed the limit threshold. The default value is 300s. CPU Threshold Status Enable or disable the function of monitoring the switch CPU usage. CPU Threshold High Set the overload threshold for CPU usage monitoring to send SNMP Trap messages. Range (1-100), the default value is 80. CPU Threshold Low Set the low threshold for CPU usage monitoring to send SNMP trap messages. Range (1 - 100), the default value is 20. CPU Threshold Interval (Unit: second) Set the time duration for which the CPU usage continues to exceed the overload threshold or fall below the low threshold. Range (5-4294967295), the default value is 300s. Step 2: After completing the settings, click the Apply button to finalize the global config properties configuration. (2) SNMP Trap-Group Targets List image306.jpeg Add Step 1: Click the Add button to open the Add SNMP Trap-Group Targets dialog box. image307.jpeg Step 2: Configure the SNMP trap-group targets. The descriptions of each parameter when setting the basic properties of the SNMP trap-group targets are shown in the following table. Parameter Description IP (Required) Set the address of the target host that receives SNMP traps. Security Names (Required) Specify the user security names displayed on the NMS, separated by commas. For SNMPv3, the security name must match the username. The host and NMS must use the same security name; otherwise, the NMS will not receive trap messages from the host. For SNMPv1 and SNMPv2c, the NMS can receive traps from any host without requiring a security name. The security name is only used to identify different hosts sending traps. Step 3: After completing the settings, click the Apply button to finalize the SNMP trap-group targets properties configuration. Batch Delete Step 1: Select the checkbox for multiple rows of the SNMP trap-group targets data in the table that require batch deletion. image308.jpeg Step 2: Click the Batch Delete button to open the delete confirmation dialog box. image309.jpeg Step 3: Click the Apply button to issue the configuration. Edit Step 1: Click the Edit icon to open the Edit SNMP Trap-Group Targets dialog box. image311.jpeg Step 2: Edit the SNMP trap-group targets. The descriptions of each parameter when editing the basic properties of SNMP trapgroup targets are shown in the following table. Parameter Description Security Names (Required) Edit the security names (separated by commas) to configure the user identities displayed on the NMS. For SNMPv3, the security name must match the username. The host and NMS must use identical security names; otherwise, trap messages from the host will not be received by the NMS. For SNMPv1 and SNMPv2c, the NMS can receive trap messages from all hosts without having a security name configured. The security name is used to distinguish multiple hosts that generate trap messages. Step 3: After editing, click the Apply button to finalize the SNMP trap-group targets properties configuration. Refresh Click the Refresh button to refresh the SNMP Trap-Group Targets List table data. Search Step 1: Enter the search keywords. Step 2: Click the Search button to query the specified SNMP trap-group targets, and the table will display the queried information found based on search keywords. 3. SNMPv3 Config Click Security / SNMP / SNMPv3 Config in the navigation bar. Enter the SNMPv3 config page. As shown in the following picture. This section mainly describes how to configure and view the SNMPv3 Config. image312.jpeg (1) Global Config image313.jpeg Apply Step 1: Configure the global config. The descriptions of each parameter when setting the basic properties of the global config are shown in the following table. Parameter Description SNMPv3 Status Enable or disable SNMPv3. Step 2: After completing the settings, click the Apply button to finalize the global config properties configuration. (2) SNMPv3 Group List image314.jpeg Add Step 1: Click the Add button to open the Add SNMPv3 Group dialog box. image315.jpeg Step 2: Configure the SNMPv3 group. The descriptions of each parameter when setting the basic properties of SNMP v3 groups are shown in the following table. Parameter Description Group Name (Required) Set the name of an SNMP group. Security Level Select the security level of the SNMP group. The value could be AuthNoPriv, AuthPriv or NoAuthNoPriv. AuthNoPriv: authenticates SNMP messages without encryption. AuthPriv: authenticates and encrypts SNMP messages. NoAuthNoPriv: does not authenticate or encrypt SNMP messages. Read View Set a read-only view for an SNMP group. Write View Set a read-write view for an SNMP group. Notify View Set a notify view for an SNMP group. Step 3: After completing the settings, click the Apply button to finalize the SNMPv3 group properties configuration. Batch Delete Step 1: Select the checkbox for multiple rows of the SNMPv3 groups data in the table that require batch deletion. image316.jpeg Step 2: Click the Batch Delete button to open the delete confirmation dialog box. image317.jpeg Step 3: Click the Apply button to issue the configuration. Edit Step 1: Click the Edit icon to open the Edit SNMPv3 Group dialog box. image319.jpeg Step 2: Edit the SNMPv3 group. The descriptions of each parameter when editing the basic properties of the SNMPv3 group are shown in the following table. Parameter Description Security Level Select the security level of the SNMP group. The value could be AuthNoPriv, AuthPriv, or NoAuthNoPriv. AuthNoPriv: authenticates SNMP messages without encryption. AuthPriv: authenticates and encrypts SNMP messages. NoAuthNoPriv: does not authenticate or encrypt SNMP messages. Read View Edit the read view. Write View Edit the write view. Notify View Edit the notify view. Step 3: After editing, click the Apply button to finalize the SNMPv3 group properties configuration. Refresh Click the Refresh button to refresh the SNMPv3 Group List table data. (3) SNMPv3 USM User List image320.jpeg Add Step 1: Click the Add button to open the Add SNMPv3 USM User dialog box. image321.jpeg Step 2: Configure the SNMPv3 USM user. The descriptions of each parameter when setting the basic properties of SNMPv3 USM user are shown in the following table. Parameter Description USM Username (Required) Set the name of a user. Group Select the name of the group to which a user belongs. Authentication Mode Select the authentication mode for the user. The value could be MD5, none, or SHA. MD5: specifies HMAC-MD5-96 as the authentication protocol. none: do not authenticate the user. SHA: specifies HMAC-SHA-96 as the authentication protocol. Authentication Key Set the authentication key for the user. Privacy Mode Select a privacy mode for the user. The value could be 3des, aes128, des, or none. Privacy Key Set the privacy key for the user. Step 3: After completing the settings, click the Apply button to finalize the SNMPv3 USM user properties configuration. Batch Delete Step 1: Select the checkbox for multiple rows of the SNMPv3 USM users’ data in the table that require batch deleting. image322.jpeg Step 2: Click the Batch Delete button to open the delete confirmation dialog box. image323.jpeg Step 3: Click the Apply button to issue the configuration. Edit Step 1: Click the Edit icon to open the Edit SNMPv3 USM user dialog box. image325.jpeg Step 2: Edit the SNMPv3 USM user. The descriptions of each parameter when editing the basic properties of SNMPv3 usm user are shown in the following table. Parameter Description Group Select the group name. Group Select the name of the group to which a user belongs. Authentication Mode Select the authentication mode for the user. The value could be MD5, none, or SHA. MD5: specifies HMAC-MD5-96 as the authentication protocol. none: do not authenticate the user. SHA: specifies HMAC-SHA-96 as the authentication protocol. Authentication Key Edit the authentication key for the user. Privacy Mode Select a privacy mode for the user. The value could be 3des, aes128, des, or none. Privacy Key Edit the privacy key for the user. Step 3: After editing, click the Apply button to finalize the SNMPv3 USM user properties configuration. Refresh Click the Refresh button to refresh the SNMPv3 USM user list table data. RMON This chapter describes the basic information about RMON, and how to configure the basic information about RMON. 1. RMON Statistics Click Security / RMON / RMON Statistics in the navigation bar. Enter the RMON Statistics page. As shown in the following picture. This section mainly describes how to configure and view RMON statistics. image326.jpeg Add Step 1: Click the Add button to open the Add RMON Statistics dialog box. image327.jpeg Step 2: Configure the RMON statistics. The descriptions of each parameter when setting the basic properties of RMON statistics are shown in the following table. Parameter Description Index (Required) Set the RMON Ethernet statistics table index. The value is an integer that ranges from 1 to 255. Interface (Required) Select an interface. Owner (Required) Set the owner’s name of the RMON Ethernet statistics table. Step 3: After completing the settings, click the Apply button to finalize the RMON statistics properties configuration. Batch Delete Step 1: Select the checkbox for multiple rows of the RMON statistics data in the table that require batch deletion. image328.jpeg Step 2: Click the Batch Delete button to open the delete confirmation dialog box. image329.jpeg Step 3: Click the Apply button to issue the configuration. Edit Step 1: Click the Edit icon to open the Edit RMON Statistics dialog box. image331.jpeg Step 2: Edit the RMON statistics. The descriptions of each parameter when editing the basic properties of RMON statistics are shown in the following table. Parameter Description Interface (Required) Select an interface. Owner (Required) Edit the owner’s name of the RMON Ethernet statistics table. Step 3: After editing, click the Apply button to finalize the RMON statistics properties configuration. Detail Step 1: Click the book icon to open the selected RMON statistics data of the monitored dialog box. image332.jpeg Refresh Click the Refresh button to refresh the RMON Statistics table data. Search Step 1: Enter the search keywords. Step 2: Click the Search button to query the specified RMON statistics, and the table will display the queried information found based on the search keywords. 2. RMON History Click Security / RMON / RMON History in the navigation bar. Enter the RMON history page. As shown in the following picture. This section mainly describes how to configure and view RMON history. image333.jpeg Add Step 1: Click the Add button to open the Add RMON History dialog box. image334.jpeg Step 2: Configure the RMON history. The descriptions of each parameter when setting the basic properties of RMON history is shown in the following table. Parameter Description Index (Required) Set the RMON history statistics table index. The value is an integer that ranges from 1 to 65535. Interface (Required) Select an interface. Buckets (Required) Set the history statistics table capacity, that is, the maximum number of records that the history table can hold. The value is an integer that ranges from 1 to 65535. Interval (Required) Set the sampling interval for RMON history statistics. The value is an integer, in seconds, that ranges from 10 to 3600. Owner (Required) Set the owner’s name of the RMON history table. Step 3: After completing the settings, click the Apply button to finalize the RMON history properties configuration. Batch Delete Step 1: Select one or more rows of data that require batch deleting. image335.jpeg Step 2: Click the Batch Delete button to open the delete confirmation dialog box. image336.jpeg Step 3: Click the Apply button to issue the configuration. Edit Step 1: Click the Edit icon to open the Edit RMON history dialog box. image338.jpeg Step 2: Edit the RMON history. The descriptions of each parameter when editing the basic properties of RMON history are shown in the following table. Parameter Description Interface (Required) Select an interface. Buckets (Required) Edit the history statistics table capacity, that is, the maximum number of records that the history table can hold. The value is an integer that ranges from 1 to 65535. Interval (Required) Edit the sampling interval for RMON history statistics. The value is an integer, in seconds, that ranges from 10 to 3600. Owner (Required) Edit the owner’s name of the RMON Ethernet history table. Step 3: After completing the editing, click the Apply button to finalize the RMON history properties configuration. Detail Click the book icon to open the selected RMON history data in the monitored dialog box. image339.jpeg Refresh Click the Refresh button to refresh the RMON history table data. Search Step 1: Enter the search keywords. Step 2: Click the Search button to query the specified RMON history, and the table will display the queried information found based on the search keywords. 3. RMON Alarm Click Security / RMON / RMON Alarm in the navigation bar. Enter the RMON alarm page. As shown in the following picture. This section mainly describes how to configure and view an RMON alarm. image340.jpeg Add Step 1: Click the Add button to open the Add RMON Alarm dialog box. image341.jpeg Step 2: Configure the RMON alarm. The descriptions of each parameter when setting the basic properties of the RMON alarm are shown in the following table. Parameter Description Index (Required) Set the RMON alarm table index. The value is an integer that ranges from 1 to 65535. MIB Node (Required) Select the SNMP MIB OID of the RMON alarm. Sample Type (Required) Select the sampling type for the ROMN alarm. The value could be absolute or delta. absolute: If the sample type is absolute, this value will be the sampled value at the end of the period. delta: If the sample type is delta, this value will be the difference between the samples at the beginning and end of the period. Sampling Interval (Required) Set the sampling interval for the RMON alarm. The value is an integer, in seconds, that ranges from 10 to 3600. Rising Threshold (Required) Set the rising threshold. The value is an integer that ranges from 0 to 2147483647. Rising Event Index (Required) Set the rising event index. Falling Threshold (Required) Set the falling threshold. The value is an integer that ranges from 0 to 2147483647. Falling Event Index (Required) Set the falling event index. The value is an integer that ranges from 1-65535. Owner (Required) Set the owner’s name of the RMON alarm. Step 3: After completing the settings, click the Apply button to finalize the RMON alarm properties configuration. Batch Delete Step 1: Select one or more rows of data that require batch deleting. image342.jpeg Step 2: Click the Batch Delete button to open the delete confirmation dialog box. image343.jpeg Step 3: Click the Apply button to issue the configuration. Edit Step 1: Click the Edit icon to open the Edit RMON Alarm dialog box. image345.jpeg Step 2: Edit the RMON alarm. The descriptions of each parameter when editing the basic properties of the RMON alarm are shown in the following table. Parameter Description MIB Node (Required) Select the SNMP MIB OID of the RMON alarm. Sample Type (Required) Select the sampling type for the RMON alarm. The value could be absolute or delta. absolute: If the sample type is absolute, this value will be the sampled value at the end of the period. delta: If the sample type is delta, this value will be the difference between the samples at the beginning and end of the period. Sampling Interval (Required) Edit the sampling interval for the RMON alarm. The value is an integer, in seconds, that ranges from 10 to 3600. Rising Threshold (Required) Edit the rising threshold. The value is an integer that ranges from 0 to 2147483647. Rising Event Index (Required) Edit the rising event index. Falling Threshold (Required) Edit the falling threshold. The value is an integer that ranges from 0 to 2147483647. Falling Event Index (Required) Edit the falling event index. The value is an integer that ranges from 1– 65535. Owner (Required) Edit the owner’s name of the RMON alarm. Step 3: After completing the editing, click the Apply button to finalize the RMON alarm properties configuration. Refresh Click the Refresh button to refresh the RMON Alarm table data. Search Step 1: Enter the search keywords. Step 2: Click the Search button to query the specified RMON alarm, and the table will display the queried information found based on the search keywords. 4. RMON Event Click Security / RMON / RMON Event in the navigation bar. Enter the RMON event page. As shown in the following picture. This section mainly describes how to configure and view RMON events. image346.jpeg Add Step 1: Click the Add button to open the Add RMON Event dialog box. image347.jpeg Step 2: Configure the RMON event. The following table describes each parameter for setting the RMON event's basic properties. Parameter Description Index (Required) Set the RMON event table index. The value is an integer that ranges from 1 to 65535. Owner (Required) Set the owner’s name of the RMON event. Description (Required) Set the description for the RMON event. Enable Log, Enable Trap Choose the RMON event action type. The value could be none, log, trap, or log-trap. none: Nothing will be done if the event is triggered. log: If the event is triggered, an entry will be made into the log table. trap: If the event is triggered, an SNMP trap will be sent to the management station. log-trap: If the event is triggered, both the log and trap actions will be taken. Community (Required) Set the name of a community. Step 3: After completing the settings, click the Apply button to finalize the RMON event properties configuration. Batch Delete Step 1: Select one or more rows of data that require batch deleting. image348.jpeg Step 2: Click the Batch Delete button to open the delete confirmation dialog box. image349.jpeg Step 3: Click the Apply button to issue the configuration. Edit Step 1: Click the Edit icon to open the Edit RMON Event dialog box. image351.jpeg Step 2: Edit the RMON event. The descriptions of each parameter when editing the basic properties of the RMON event are shown in the following table. Parameter Description Owner (Required) Edit the owner’s name of the RMON event. Description(Required) Edit the description for the RMON event. Enable Log, Enable Trap Choose the RMON event action type. The value could be none, log, trap, or log-trap. none: Nothing will be done if the event is triggered. log: If the event is triggered, an entry will be made in the log table. trap: If the event is triggered, an SNMP trap will be sent to the management station. log-trap: If the event is triggered, both the log and trap actions will be taken. Community(Required) Edit the name of a community. Step 3: After editing, click the Apply button to finalize the RMON event properties configuration. Refresh Click the Refresh button to refresh the RMON Event table data. Search Step 1: Enter the search keywords. Step 2: Click the Search button to query the specified RMON event, and the table will display the queried information found based on the search keywords. System Reboot Click System / Reboot to enter the Reboot page, as shown in the following figure. This section mainly introduces how to restart the device. Click the reboot button to restart the device. image352.jpeg File Management Click System / File Management to enter the File Management page, as shown in the following figure. This chapter mainly introduces the specific steps of device upgrade and displays detailed information and a complete list of internal files of the device. image353.jpeg Upload File Step 1: Click on the Browse File button and select the file that needs to be uploaded. Step 2: Click the Upload button to upload the file. Save configuration to startup-config Step 1: Enter a valid file name. Step 2: Click the Save button to save the configuration successfully. You can view it on the file management page. Batch Delete Step 1: Select the checkbox that requires batch deletion. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Download Click on the Download icon in the file download operation bar of the table to download the file. Upgrade Click on the icon in the table operation bar to upgrade the current .bin file for the device running version. Reset Click on the Circular reset arrow icon in the table operation bar to upgrade the current .bin file for the device running version. Upload Config Click on the Upload icon (Three-line menu with end dots) in the operation bar of the file to be loaded into the table, and use the configuration information of the current configuration file. Refresh Click the Refresh button to refresh the table data. System Management Click System/System Management to enter the system management page, as shown in the following figure. This chapter mainly introduces how to configure and manage IP, gateway, device name, timezone, and time. image357.jpeg Base Settings Step 1: Enter a valid management IP address and gateway. Step 2: Click the Apply button to issue the function. Base Information Step 1: Enter a valid host name. Step 2: Click the Apply button to issue the function. Time Zone Name Step 1: Select the timezone name. Step 2: Click the Apply button to issue the function. Date and Time Step 1: Select the date and time. Step 2: Click the Apply button to issue the function. Log Click System / Log to enter the log page, as shown in the following figure. This chapter mainly displays the log information of the device. image358.jpeg Search Step 1: Enter search keywords. Step 2: Click the Search button to query the specified log, and the table will display the information after the query. Log Server Click System / Log Server to enter the Log Server page, as shown in the following figure. This chapter mainly introduces how to configure the local file and server IP. image359.jpeg Local File Step 1: Select the local save location of the syslog. The value could be disk or RAM. Step 2: Click the Apply button to issue the function. Add Step 1: Click the Add button on the table toolbar to open the add dialog box. image360.jpeg Step 2: Configure the server IP. The descriptions of each parameter when setting the basic properties of a server IP are shown in the following table. Parameter Description Server IP (Required) Enter the IP address of a remote syslog server. Port Enter the port of the remote syslog server. The value is an integer type. Protocol Select the transmission protocol for the remotesyslog server. The value could be TCP or UDP. Source Interface Select the source interface for sending/receiving syslog messages, e.g., VLAN 20, eth0, routed interface, subinterface, or loopback. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Batch Delete Step 1: Select the box that requires batch editing. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. Edit Step 1: Click the Edit icon on the table toolbar to open the edit dialog box. image362.jpeg Step 2: Configure the server IP. The descriptions of each parameter when setting the basic properties of a server IP are shown in the following table. Parameter Description Server IP(Required) Enter the IP address of a remote syslog server. Port Enter the port of the remote syslog server. The value is an integer. Protocol Select the transmission protocol for the remotesyslog server. The value could be TCP or UDP. Source Interface Select the source interface for sending/receiving syslog messages, e.g., VLAN20, eth0, routed interface, subinterface, or loopback. Step 3: After completing the settings, click Apply. Delete Step 1: Click the Delete icon on the table toolbar to open the delete dialog box. image364.jpeg Step 2: Click the Apply button to deliver the delete function. User Click System / Users to enter the Users page, as shown in the following figure. This chapter mainly displays user information and how to add, delete, and configure users. image365.jpeg Add User Step 1: Click the Add User button on the table toolbar to open the Add Users dialog box. image366.jpeg Step 2: Configure the user. The descriptions of each parameter when setting the basic properties of a user are shown in the following table. Parameter Description User Name New user's login username. Password New user's login password. Confirm Password Login password verification: Enter the new user's login password twice. Type Login permissions for new users. Read-only: This keyword gives view-only or read-only permissions to the user. This is the default option. Super-user: This keyword gives all permissions to the user. The default option is read-only. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Edit Step 1: Click the Edit icon on the table toolbar to open the Edit dialog box. image368.jpeg Step 2: Configure the user. The descriptions of each parameter when setting the basic properties of a user are shown in the following table. Parameter Description User Name (Prohibit Editing) New user's login username. Password New user's login password. Confirm Password Login password verification: Enter the new user's login password twice. Type Login permissions for new users. Read-only: This keyword gives view-only or read-only permissions to the user. This is the default option. super-user: This keyword gives all permissions to the user. The default option is read-only. Step 3: After completing the settings, click the Apply button to finalize the properties configuration. Delete Step 1: Click the Delete icon on the table toolbar to open the delete dialog box. image370.jpeg Step 2: Click the Apply button to deliver the delete function. Batch Delete Step 1: Select the checkbox that requires batch editing. Step 2: Click the Batch Delete button to open the deletion confirmation dialog box. Step 3: Click the Apply button to deliver the delete function. Refresh Click the Refresh button to refresh the table data. Diagnostics Ping Click Diagnostics / Ping to enter the Ping page, as shown in the following figure. The ping command is a method for troubleshooting the accessibility of devices and outputs the statistical results. image371.jpeg Parameter Description Dest IP/Domain Name Specifies the domain name or IPv4/IPv6 address of the destination host. NOTE: When pinging a link-local address, the out-of-band management VLAN interface must be specified together, otherwise, it will result in a link unreachable. Tracert Click Diagnostics/Tracert to enter the page, as shown in the following figure. The tracert command is used to check the route of packets when traveling from the source to the destination. When the network fails, the user can use this command to troubleshoot the fault point. image373.png Parameter Description. Dest IP/Domain Name Specifies the domain name or IPv4/IPv6 address of the destination host.

S3410 Series PicOS® Switches Data Sheet

Jan 21, 2026 - S3410 Series PicOS® Switches Data Sheet Product Overview The S3410 Series PicOS® enterprise switches provide a compact and cost-effective solution for for enterprise campus deployments. Built on the Broadcom BCM56150 chip, these switches offer flexible port configurations ranging from 24 to 48 ports, including 24 or 48× 10/100/1000BASE-T or 1G SFP access ports, along with 4× 10G SFP+ uplinks,. Available in a compact 1U form factor, they deliver up to 176 Gbps of reliable switching capacity for seamless connectivity across access devices. The S3410 switches are equipped with high-availability features, such as redundant, hot-swappable power supplies and smart fans, ensuring maximum uptime. Power over Ethernet (PoE)-enabled models support standards-based 802.3at PoE+, delivering up to 30W per port to power attached VoIP phones, Wi-Fi 6 wireless access points, or other standards-compliant PoE and PoE+ end network devices. With advanced Layer 2/3 features such as MLAG, OSPF, RIP, NAC, and sFlow, the S3410 series is designed for access-layer deployments in SMB, branches, retail, campus networks and enterprise edge. The S3410 Series is seamlessly integrated with the AmpCon-Campus management platform, enabling automated lifecycle management from Day 0 to Day 2+. The platform features Zero Touch Provisioning (ZTP) and topology discovery, optimizing workflow automation and enhancing visibility into the performance of connected devices. img_v3_02ll_bc55fcc8-6fd4-4a62-853f-ac1b042309cg.jpg Figure 1. S3410 Series Switches Features and Benefits Broadcom Chip Built on the Broadcom BCM56150 chip, the S3410 series switches offer high-speed data transfer, low latency, and high throughput, enhancing performance for superior stability and reliability. PicOS® Operating System The S3410 series switches run on the PicOS®. This unified operating system allows users to manage networks more efficiently and deploy new services more quickly, allowing all PicOS®-powered products to be updated simultaneously with the same software release. All features are fully regression tested, making each new release a true superset of the previous version. AmpCon-Campus Management Platform AmpCon-Campus management platform centrally manages PicOS® enterprise switches, providing automated full lifecycle management from Day 0 to Day 2+, enabling efficient automated deployment and configuration, monitoring and troubleshooting. Day 0: Enables Zero Touch Provisioning (ZTP), allowing the switch to automatically retrieve and apply initial configuration files without manual setup. Day 1: Fast deployment and configuration with Zero-Touch Provisioning (ZTP) and automation. AmpCon-Campus leverages ZTP for hands-free configuration of PicOS® enterprise switches, powered by flexible configuration templates that enable hundreds to thousands of switches to be deployed rapidly at scale with minimal errors. Day 2+: With automatic terminal identification and visual network topology display, easily view the health status of individual switches and their ports. For more information, see AmpCon-Campus Management Platform. img_v3_02ko_9b8129b0-6f04-4acd-ae1c-873bafd0ef9g.jpg Figure 2. AmpCon-Campus Management Platform Multi-Chassis Link Aggregation (MLAG) MLAG allows two S3410 switches to operate as independent devices with separate control planes while eliminating STP by enabling link aggregation on connected devices. This enhances network bandwidth, improves reliability and availability, and ensures seamless operation of critical services. img_v3_02ll_5ca8f0d5-a6f6-4fe9-be72-5816e09900ag.jpg Figure 3. Multi-Chassis Link Aggregation (MLAG) Security The S3410 series switches provide flexible and comprehensive user identity verification and access control through features such as ACLs, 802.1X, and AAA. It also supports IPv4 Source Guard, IPv4 DHCP Snooping and Dynamic ARP Inspection (DAI), which effectively manage network access, enhance security, and optimize resource usage. High Availability The S3410 series switches also include a variety of other high availability features, including redundant, hot-swappable power and fans, graceful protocol restart, Link Aggregation (LACP), Virtual Router Redundancy Protocol (VRRP), Bidirectional Forwarding Detection (BFD) for fast link failure detection, Unidirectional Link Detection (UDLD), and Ethernet Ring Protection Switching (ERPS), ensuring maximum uptime and reliability for mission-critical network operations. Product Specifications Physical Specifications Notice: Port Density includes both native xxG ports and ports that support downshifting. Port Density (with breakout cable) includes native xxG ports, downshifted ports, and the ports available after splitting. Table 1. Physical Specifications of S3410 Series Switches FS P/N S3410-24TS-P S3410-48TS-P S3410-24TS S3410-48TS Description S3410-24TS-P, 24-Port Gigabit Ethernet L2+ PoE+ Switch, 24 x PoE+ Ports @740W, with 2 x 10Gb SFP+ Uplinks and 2 x Combo SFP Ports, PicOS®, Support MLAG, Broadcom Chip S3410-48TS-P, 48-Port Gigabit Ethernet L2+ PoE+ Switch, 48 x PoE+ Ports @740W, with 2 x 10Gb SFP+ Uplinks and 2 x Combo SFP Ports, PicOS®, Support MLAG, Broadcom Chip S3410-24TS, 24-Port Gigabit Ethernet L2+ Switch, 24 x Gigabit RJ45, with 4 x 10Gb SFP+ Uplinks, PicOS®, Support MLAG, Broadcom Chip S3410-48TS, 48-Port Gigabit Ethernet L2+ Switch, 48 x Gigabit RJ45, with 4 x 10Gb SFP+ Uplinks, PicOS®, Support MLAG, Broadcom Chip Port 1G Port Density 28 52 28 52 2.5/5G Port Density - - - - 10G Port Density 2 2 4 4 Management Ports - - - - Console Port 1 1 1 1 Memory and processor Switch chip BCM56150 BCM56150 BCM56150 BCM56150 CPU ARM A9 Single-Core CPU, 1GHz ARM A9 Single-Core CPU, 1GHz ARM A9 Single-Core CPU, 1GHz ARM A9 Single-Core CPU, 1GHz DRAM 512 MB 512 MB 512 MB 512 MB SDRAM 512 MB 512 MB 512 MB 512 MB Flash memory 512 MB 512 MB 256 MB 256 MB Packet buffer 1.5MB 1.5MB 1.5MB 1.5MB Mean-time between failures MTBF (hours) >200K >200K >200K >200K Weight & Dimension Weight 12.79 lbs (5.8kg) 14.99 lbs (6.8kg) 8.75 lbs (3.97kg) 11.53 lbs (5.23kg) Dimension 1.73''x17.32''x12.59'' (44x440x320mm) 1.73''x17.32''x14.17'' (44x440x360mm) 1.72''x17.32''x9.69'' (43.6x440x246.1mm) 1.72''x17.32''x13.68'' (43.6x440x347.6 mm) Rack units (RU) 1 RU 1 RU 1 RU 1 RU Power supplies and fans Power supply 2 (1+1 Redundancy) Hotswappable (AC) 2 (1+1 Redundancy) Hotswappable (AC) 2 (1+1 Redundancy) Hotswappable (AC) 2 (1+1 Redundancy) Hotswappable (AC) Power-supply input receptacles C13 C13 C13 C13 Input-voltage range and frequency AC: 100-240VAC, 50-60Hz DC: :-48~-60VDC AC: 100-240VAC, 50-60Hz DC: :-48~-60VDC AC：100-240V, 50-60Hz DC: -36~-72VDC AC：100-240V, 50-60Hz DC: -36~-72VDC Input current AC: 7A Max DC: 16.5A Max AC: 7A Max DC: 16.5A Max AC: 2A Max DC: 3.15A MAX AC: 2A Max DC: 3.15A MAX Max. power consumption 370W (Single-power) 740W (Dual-power) 370W (Single-power) 740W (Dual-power) 27W 48W Fan number 2 Built-in 2 Built-in 1 Built-in 1 Built-in Airflow Left-to-Right Left-to-Right Right-to-Left Right-to-Left Acoustic noise <78dB <78dB ≤78dB ≤78dB PoE standard IEEE 802.3af/at IEEE 802.3af/at - - PoE budget 740W 740W - - Environmental Ranges Operating temperature 0 to 50ºC (32 to122°F ) 0 to 50ºC (32 to122°F ) 0 to 50ºC (32 to122°F ) 0 to 50ºC (32 to122°F ) Storage temperature -40 to 70ºC (-40 to 158°F) -40 to 70ºC (-40 to 158°F) -40 to 70ºC (-40 to 158°F) -40 to 70ºC (-40 to 158°F) Operating humidity 10% to 90% (Non-condensing) 10% to 90% (Non-condensing) 10% to 90% (Non-condensing) 10% to 90% (Non-condensing) Storage humidity 5% to 95% (Non-condensing) 5% to 95% (Non-condensing) 5% to 95% (Non-condensing) 5% to 95% (Non-condensing) Temperature alarm Supported Supported Supported Supported Acoustic noise <78dB <78dB <60dB <60dB Connectors Connectors and cabling 1G-T port: RJ-45 connector, Cat5E/Cat6/Cat6a UTP cabling 1G SFP Ports: 1G SFP Single Mode or Multimode Module + Patch Cord; 1G DAC/AOC 10G SFP ports: 10G SFP single-mode or multi-mode module + patch cord; 10G DAC/AOC Management console port: RJ-45 to DB9 cable for PC connection, 10G DAC/AOC connection or 10G SFP single-mode multimode module + jumper Power connectors Customers can provide power to a switch by using the internal power at the back of the switch. Internal power supply connector: The internal power supply is an auto-ranging unit. It supports input voltages between 200 and 240 VAC. Use the supplied AC power cord to connect the AC power connector to an AC power outlet. Notice: RJ45 ports can be used as 100M/1/2.5/5/10G ports for Ethernet connection. SFP+ ports can be used for 1/10G fiber connection, support 10G-T SFP+ copper transceivers but do not support 1G-T SFP copper transceivers. SFP28 can be used for 10/25G connection. QSFP+ can be used for 40G or 4x 10G connection. QSFP28 can be used for 40G/100G or 4x10G/4x25G connection. Table 2. Power Cord Information of S3410 Series Switches Countries Power Cord Standard Male Plug Female Connector Voltage Compatibility United States, Canada, Mexico, Puerto Rico, Guam, Japan, Virgin Islands (U.S.) US NEMA 5-15P IEC60320 C13 100-250VAC United Kingdom, Hong Kong, Singapore, Malaysia, Maldives, Qatar, India UK BS1363 IEC60320 C13 100-250VAC Continental Europe, South Africa, Switzerland, Italy, Indonesia EU CEE 7 IEC60320 C13 100-250VAC China, Australia, New Zealand, Argentina CN GB16A IEC60320 C13 100-250VAC Notice: Power cords are matched according to the delivery destination. Software Specifications Table 3. Software Specifications of S3410 Series Switches Functionality Description High Availability Multi-Chassis Link Aggregation (MLAG) Graceful protocol restart ( OSPFv2/v3) Virtual Router Redundancy Protocol (VRRP) Uplink Failure Detection (UFD) Unidirectional Link Detection (UDLD) Ethernet Ring Protection Switching (ERPS) Security Allowed MAC addresses configurable per port Self-signed certificate Dynamic Address Resolution Protocol (ARP) inspection (DAI) IPv4 Source Guard (IPSG) Local proxy ARP Static ARP support IPv4 DHCP Snooping AAA Radius/TACACS+, Console Login, OUT-band/INBAND Login, Local Authentication, local authentication fallback DoS attack protection Network Access Control（NAC） Enable or disable port security Trust Port, ARP Packets Validity Checking, User Legitimacy Checking, ARP Inspection Access List Control Plane Policing (CoPP) Device Management AmpCon-Campus Management Platform for Day 0, Day 1, and Day 2+ Configuration Deployment Zero touch provisioning (ZTP) SNMP v1/v2/v3, RMON sFlow Role-based CLI management and access CLI via console, telnet, or SSH Syslog management Power-on diagnostics Local file management, Configuration file management FTP/TFTP support HTTP support Install from a local directory, automatically install Certificate Configuration Dynamic Host Configuration Protocol（DHCP） Domain Name System (DNS) Network Time Protocol (NTP) Hardware management User management: console interface configuration, VTY interface configuration, Username, password, and permission configuration User login: console, SSH, telnet Layer 2 Features Spanning Tree Protocol (STP) Loopback Detection VLAN Port Mode: ACCESS, Trunk, Hybrid Routed VLAN interface (RVI) VLAN: Port-based VLAN, MAC Trace, MAC-based VLAN MAC address filtering QinQ: Basic QinQ, Flexible QinQ Static MAC address assignment for interface Link Aggregation and Link Aggregation Control Protocol (LACP) (IEEE 802.3ad) Address Resolution Protocol (ARP) Static MAC entries and Dynamic MAC Address Learning Static Link Aggregation (LAG) Configuration GARP VLAN Registration Protocol（GVRP） Multiple VLAN Registration Protocol（MVRP） Private VLAN Voice VLAN Ethernet Ring Protection Switching (ERPS) Unidirectional Link Detection (UDLD) Layer 3 Features IPv4/v6 Addressing, SVI, Routed interface Static ARP support Proxy Address Resolution Protocol (ARP) Virtual router IPv4/IPv6 static routing, Multiple nexthop static route Routing policy Routing protocols (RIP, RIPng, OSPF v2/v3) Route Map PBR (Policy-Based Routing) Bidirectional Forwarding Detection (BFD) protocol Virtual Router Redundancy Protocol (VRRP v2/v3) Multicast Features Internet Group Management Protocol (IGMP): v2, v3 IGMP snooping: v2, v3 Dynamic Host Configuration Protocol (DHCP) relay DHCP snooping SNMP, NTP, DNS, RADIUS, TACACS+, AAA SSH v1, v2 Dynamic ARP inspection (DAI) Filter based forwarding IPv6 Class of Service（CoS） IPv6 ping IPv6 traceroute Neighbor discovery protocol Path MTU discovery Quality of Service L2 and L3 QoS L2 classification criteria Traffic policing: guaranteed-rate, max-rate, Traffic classifier Queue scheduler: SP WRR WFQ Congestion avoidance capabilities: WRED Congestion avoidance: ECN Multicast IGMP v2/v3 snooping Multicast VLAN Registration (MVR) Mrouter port, static group, unregistered flood Link Aggregation Multichassis link aggregation (MLAG) Link Aggregation Control Protocol（LACP） Access Control List Downloadable ACL Dynamic ACL Match field: destination-address-ipv4, destination-address-ipv6, destination-mac-address, destination-port, ethertype, first-fragment, ip, is-fragment, protocol, source-address-ipv4, source-address-ipv6, source-mac-address, sourceport, time-range, vlan ACL-based Traffic Policer ACL-based QoS ACL-based remarked Troubleshooting Debugging: CLI via console, Telnet, or SSH Diagnostics: Show and debug command, statistics Traffic mirroring (port) IP tools: Extended ping and trace Platform Specifications Table 4. Platform Specifications of S3410 Series Switches FS P/N S3410-24TS-P S3410-48TS-P S3410-24TS S3410-48TS Performance specifications Switching capacity 128 Gbps 176 Gbps 128 Gbps 176 Gbps Forwarding rate 96 Mpps 132 Mpps 96 Mpps 132 Mpps Total number of MAC addresses 16381 16381 16381 16381 VLAN IDs 4,000 4,000 4,000 4,000 IPv4 unicast/multicast routes 426 426 426 426 IPv6 unicast/multicast routes 42 42 42 42 ARP entries 11956 11956 11956 11956 Jumbo frame 9216 bytes 9216 bytes 9216 bytes 9216 bytes Hardware queues per port 8 8 8 8 Standards Compliance IEEE Standards IEEE 802.1D IEEE 802.1w IEEE 802.1Q IEEE 802.1p IEEE 802.1ad IEEE 802.3ad IEEE 802.1AB IEEE 802.3x IEEE 802.1Qbb IEEE 802.1Qaz IEEE 802.1X IEEE 802.1ah IEEE 802.3ab IEEE 802.3bz IEEE 802.3ae IEEE 802.3by IEEE 802.3ba IEEE 802.3af IEEE 802.3at RFC – SPECIFIED MIBs RFC 1155 SMIv1 RFC 1213 MIB II RFC 1905 Protocol Operations for SNMPv2 RFC 1906 Transport Mappings for SNMPv2 RFC 1907 Management Information Base for SNMPv2 RFC 1908 Coexistence between SNMPv1 and SNMPv2 RFC 2578 SMIv2 RFC 2579 SNMPv2-TC RFC 2580 SNMPv2-CONF RFC 2863 IF-MIB RFC 3411 SNMP Management Frameworks Pica8 Private MIB Safety and Compliance At FS, our Quality Commitment lies in all aspects of processes, resources, and methods that enable us to build superior networks for our customers. Through a quality policy focusing on continuous improvement of products and services, we're able to achieve the highest levels of satisfaction for our customers. To that end, every FS employee is accountable for contributing to the value of the products and services we deliver. To get the detailed certification, please go to the Compliance Center. Table 5. Safety and Compliance of S3410 Series Switches Certification Standards Safety EMC Environmental Compliance Certifications CE-LVD CE-EMC FCC UKCA-EMC ISED VCCI CE-ROHS REACH Certification Marks image.png image.png image.png Svxcbvm0coYyfKxvB8XcO5nynMb.png CjxMbXQSOoGg77x9PAUc41SynBh.png image.png image.png image.png S3410-24TS-P √ √ √ - - - √ √ S3410-48TS-P √ √ √ √ √ - √ √ S3410-24TS √ √ √ - - √ √ √ S3410-48TS √ √ √ √ √ - √ √ Telco Common Language Equipment Identifier (CLEI) code Warranty, Service and Support FS S3410 Series Switches enjoy 5-year limited warranty against defects in materials or workmanship. For more information on FS Returns & Refunds policy, visit FS Product Warranty or FS Return Policy. FS provides a personal account manager, free professional technical support, and 24/7 live customer service for each customer. Professional Lab: Test each product with the latest and advanced networking equipment. Free Technical Support: Provide free & tailored solutions and services for your businesses. 80% Same-day Shipping: Immediate shipping for in-stock items. Fast Response: Direct and immediate assistance from an expert. For more information, visit FS Help Center. Ordering Information Table 6. Ordering information FS P/N Product description Switch hardware S3410-24TS-P S3410-24TS-P, 24-Port Gigabit Ethernet L2+ PoE+ Switch, 24 x PoE+ Ports @740W, with 2 x 10Gb SFP+ Uplinks and 2 x Combo SFP Ports, PicOS® , Support MLAG, Broadcom Chip S3410-48TS-P S3410-48TS-P, 48-Port Gigabit Ethernet L2+ PoE+ Switch, 48 x PoE+ Ports @740W, with 2 x 10Gb SFP+ Uplinks and 2 x Combo SFP Ports, PicOS® , Support MLAG, Broadcom Chip S3410-24TS S3410-24TS, 24-Port Gigabit Ethernet L2+ Switch, 24 x Gigabit RJ45, with 4 x 10Gb SFP+ Uplinks, PicOS® , Support MLAG, Broadcom Chip S3410-48TS S3410-48TS, 48-Port Gigabit Ethernet L2+ Switch, 48 x Gigabit RJ45, with 4 x 10Gb SFP+ Uplinks, PicOS® , Support MLAG, Broadcom Chip AmpCon-Campus Management Platform LIS-AMPCON-CAM-FPSW-Foundation-90D Free Trial of AmpCon-Campus Management Platform for PicOS® Enterprise Switches, Support Remote Deployment and Automate Network Management (Per Device) LIS-AMPCON-CAM-FPSW-Foundation-1Y AmpCon-Campus Management Platform for PicOS® Enterprise Switches with 1 Year Service Bundle, Support Remote Deployment and Automate Network Management (Per Device) LIS-AMPCON-CAM-FPSW-Foundation-3Y AmpCon-Campus Management Platform for PicOS® Enterprise Switches with 3 Years Service Bundle, Support Remote Deployment and Automate Network Management (Per Device) LIS-AMPCON-CAM-FPSW-Foundation-5Y AmpCon-Campus Management Platform for PicOS® Enterprise Switches with 5 Years Service Bundle, Support Remote Deployment and Automate Network Management (Per Device) Power supplies PSM-C440WACP Hot-swappable AC Power Module 440W, for S3410-24TS-P, S3410-48TS-P, S5810-48TS-P P1D-K0150-B Hot-swappable DC Power Module 500W, for S3410-24TS-P, S3410-48TS-P, S5810-48TS-P About FS FS Inc. is a trusted provider of ICT products and solutions to enterprise customers worldwide. Established in 2009, the company focuses on HPC, Data Center, Enterprise, Telecom, providing tailored product development and solution design based on professional customer needs. Leveraging dedicated R&D and testing teams, comprehensive technical service experts, a robust supply chain system, globalized warehousing centers, and convenient shopping platform, FS delivers a wide range of highly efficient customer-centric ICT products, solutions and services to global vertical industry and enterprise customers across ISP, telecom, retail, education, etc. Through continuous technology innovation and brand partnership, FS products and solutions have served more than 900,000 users in over 200 countries. Document History New or revised topic Described in Date Updates to FS S3410 Series Switches Data Sheet Updated All 2025-04-29 Updates to FS S3410 Series Switches Data Sheet Updated all 2024-08-15

PicOS® Enterprise Switches Software Download

Jan 21, 2026 - PicOS® Enterprise Switches Software Download Overview This document applies to all PicOS® enterprise switches. Browse the list to locate your product and view its available software downloads. All software versions require user login for download. For detailed information, please refer to: PicOS® Software Installation and Upgrade Guide. Software Download S3270 Series Switch Models Version Name Release Date Release Note Download S3270-10TM-P S3270-24TM-P S3270-10TM S3270-24TM PicOS® 4.7.1M Jan-2026 PicOS® Software Release Notes V4.7.1 S3270 Series Switches PicOS® 4.7.1M Software PicOS® 4.4.5.24 Jun-2025 PicOS® Software Release Notes V4.4.5 S3270 Series Switches PicOS® 4.4.5.24 Software PicOS® 4.4.5 May-2025 PicOS® Software Release Notes V4.4.5 S3270 Series Switches PicOS® 4.4.5 Software S3270-48TM PicOS® 4.7.1M Jan-2026 PicOS® Software Release Notes V4.7.1 S3270 Series Switches PicOS® 4.7.1M Software PicOS® 4.4.5.26 Jun-2025 PicOS® Software Release Notes V4.4.5 S3270-48TM Switch PicOS® 4.4.5.26 Software PicOS® 4.4.5 May-2025 PicOS® Software Release Notes V4.4.5 S3270 Series Switches PicOS® 4.4.5 Software S3410 Series (including S3410C and S3410L) Switch Models Version Name Release Date Release Note Download S3410C-8TMS-P S3410C-16TMS-P S3410C-16TF-P S3410C-16TF S3410-24TS-P S3410-24TS S3410L-24TF-P S3410L-24TF PicOS® 4.7.1M Jan-2026 PicOS® Software Release Notes V4.7.1 S3410 Series Switches PicOS® 4.7.1M Software PicOS® 4.4.5.24 Jun-2025 PicOS® Software Release Notes V4.4.5 S3410 Series Switches PicOS® 4.4.5.24 Software PicOS® 4.4.5.1 Oct-2024 PicOS® Software Release Notes V4.4.5 S3410 Series Switches PicOS® 4.4.5.1 Software S3410-48TS-P S3410-48TS S3410L-48TF PicOS® 4.7.1M Jan-2026 PicOS® Software Release Notes V4.7.1 S3410 Series Switches PicOS® 4.7.1M Software PicOS® 4.4.5.24 Jun-2025 PicOS® Software Release Notes V4.4.5 S3410 Series Switches PicOS® 4.4.5.24 Software S5810 Series Switch Models Version Name Release Date Release Note Download S5810-48TS-P S5810-28TS S5810-28FS S5810-48TS S5810-48FS PicOS® 4.7.1M Jan-2026 PicOS® Software Release Notes V4.7.1 S5810 Series Switches PicOS® 4.7.1M Software PicOS® 4.5.0M2 Jun-2025 PicOS® Software Release Notes V4.5.0 S5810 Series Switches PicOS® 4.5.0M2 Software PicOS® 4.5.0M Apr-2025 PicOS® Software Release Notes V4.5.0 S5810 Series Switches PicOS® 4.5.0M Software PicOS® 4.4.5.7 Oct-2024 PicOS® Software Release Notes V4.4.5 S5810 Series Switches PicOS® 4.4.5.7 Software PicOS 4.4.4.1 Apr-2024 S5810 Series Switches PicOS® Software Release Notes V4.4.4 S5810 Series Switches PicOS 4.4.4.1 Software PicOS 4.4.4 Apr-2024 S5810 Series Switches PicOS® Software Release Notes V4.4.4 S5810 Series Switches PicOS 4.4.4 Software PicOS 4.4.3.4 Feb-2024 - S5810 Series Switches PicOS 4.4.3.4 Software S5860 Series Switch Models Version Name Release Date Release Note Download S5860-20SQ S5860-24XB-U PicOS® 4.7.1M Jan-2026 PicOS® Software Release Notes V4.7.1 S5860 Series Switches PicOS® 4.7.1M Software PicOS® 4.5.0M2 Jun-2025 PicOS® Software Release Notes V4.5.0 S5860 Series Switches PicOS® 4.5.0M2 Software PicOS® 4.5.0M Apr-2025 PicOS® Software Release Notes V4.5.0 S5860 Series Switches PicOS® 4.5.0M Software PicOS® 4.4.5.7 Oct-2024 PicOS® Software Release Notes V4.4.5 S5860 Series Switches PicOS® 4.4.5.7 Software PicOS® 4.4.4 Apr-2024 S5860 Series Switches PicOS® Software Release Notes S5860 Series Switches PicOS 4.4.4 Software PicOS® 4.4.3.9 Mar-2024 - S5860-20SQ and S5860-24XB-U Switches PicOS 4.4.3.9 Software PicOS® 4.4.3.4 Feb-2024 - S5860-20SQ and S5860-24XB-U Switches PicOS 4.4.3.4 Software S5860-24XMG S5860-48XMG PicOS® 4.7.1M Jan-2026 PicOS® Software Release Notes V4.7.1 S5860 Series Switches PicOS® 4.7.1M Software PicOS® 4.5.0M2 Jun-2025 PicOS® Software Release Notes V4.5.0 S5860 Series Switches PicOS® 4.5.0M2 Software PicOS® 4.5.0M Apr-2025 PicOS® Software Release Notes V4.5.0 S5860 Series Switches PicOS® 4.5.0M Software PicOS® 4.4.5.7 Oct-2024 PicOS® Software Release Notes V4.4.5 S5860 Series Switches PicOS® 4.4.5.7 Software PicOS® 4.4.4 Apr-2024 S5860 Series Switches PicOS® Software Release Notes S5860 Series Switches PicOS 4.4.4 Software S5860-24MG-U S5860-48XMG-U PicOS® 4.7.1M Jan-2026 PicOS® Software Release Notes V4.7.1 S5860 Series Switches PicOS® 4.7.1M Software PicOS® 4.5.0M2 Jun-2025 PicOS® Software Release Notes V4.5.0 S5860 Series Switches PicOS® 4.5.0M2 Software PicOS® 4.5.0M Apr-2025 PicOS® Software Release Notes V4.5.0 S5860 Series Switches PicOS® 4.5.0M Software PicOS® 4.4.5.7 Oct-2024 PicOS® Software Release Notes V4.4.5 S5860 Series Switches PicOS® 4.4.5.7 Software PicOS® 4.4.4.1 Apr-2024 S5860 Series Switches PicOS® Software Release Notes S5860 Series Switches PicOS 4.4.4.1 Software PicOS® 4.4.4 Apr-2024 S5860 Series Switches PicOS® Software Release Notes S5860 Series Switches PicOS 4.4.4 Software S5870 Series Switch Models Version Name Release Date Release Note Download S5870-48T6BC-U S5870-48MX6BC-U S5870-48T6BC PicOS® 4.7.1M Jan-2026 PicOS® Software Release Notes V4.7.1 S5870 Series Switches PicOS® 4.7.1M Software PicOS® 4.5.0M2 Jun-2025 PicOS® Software Release Notes V4.5.0 S5870 Series Switches PicOS® 4.5.0M2 Software PicOS® 4.5.0M Apr-2025 PicOS® Software Release Notes V4.5.0 S5870 Series Switches PicOS® 4.5.0M Software PicOS® 4.4.5.7 Oct-2024 PicOS® Software Release Notes V4.4.5 S5870 Series Switches PicOS® 4.4.5.7 Software S5890 Series Switch Models Version Name Release Date Release Note Download S5890-32C PicOS® 4.7.1M Jan-2026 PicOS® Software Release Notes V4.7.1 S5890-32C Switch PicOS® 4.7.1M Software S5580 Series Switch Models Version Name Release Date Release Note Download S5580-48Y PicOS® 4.7.1M Jan-2026 PicOS® Software Release Notes V4.7.1 S5580-48Y Switch PicOS® 4.7.1M Software

PicOS® Software Release Notes V4.7.1

Jan 20, 2026 - PicOS® Software Release Notes V4.7.1 Introduction PICOS 4.7.1E has been released as an ESS (Early Sales Support) version for FS campus 'S-3***' series switches. PICOS 4.7.1M has been released as an M (Maintenance) version for major update. This release focuses on introducing new features to extend platform capabilities and ensure service stability. New Features: This release adds support for the DHCPv6 Client protocol, introduces MLAG Telemetry (based on gRPC) to improve switch management in AmpCon-Campus environments, and implements Fast PoE to enable rapid power recovery after reboots, enhancing the availability of connected devices. Issue Fixes: This release resolves MLAG packet loss/status anomalies and NAC authentication failures to improve core scenario stability, fixes forwarding and load‑balancing issues on dual‑chip platforms, and enhances the reliability of operational commands such as show tech-support. Supported Platforms Series Release Model Name S5580 4.7.1M S5580-48Y S5890 4.7.1M S5890-32C S5870 4.7.1M S5870-48MX6BC-U, S5870-48T6BC-U, S5870-48T6BC S5860 4.7.1M S5860-20SQ, S5860-24XB-U, S5860-24MG-U, S5860-24XMG, S5860-48XMG-U, S5860-48XMG, S5860-48MG-U S5810 4.7.1M S5810-48TS-P, S5810-28TS, S5810-28FS, S5810-48TS, S5810-48FS S3410 4.7.1M 4.7.1E S3410-24TS-P, S3410-24TS, S3410L-24TF-P, S3410L-24TF, S3410C-16TF, S3410C-16TF-P, S3410C-16TMS-P, S3410C-8TMS-P, S3410-48TS-P, S3410-48TS, S3410L-48TF S3270 4.7.1M 4.7.1E S3270-10TM, S3270-24TM, S3270-48TM, S3270-10TM-P, S3270-24TM-P New Features Layer 2 and Layer 3 Ticket ID Release Description - 4.7.1M DHCP Client The DHCPv6 (Dynamic Host Configuration Protocol for IPv6) Client function is used in IPv6 networks to automatically obtain IPv6 addresses, network configuration parameters (such as DNS server addresses), or IPv6 prefixes (via Prefix Delegation, PD) from a DHCPv6 Server. This feature is supported on all Campus S-Series switches, except the S3410 and S3270 series. - 4.7.1M LDAP LDAP is an open, cross-platform application-layer network protocol specifically designed for efficiently querying and modifying TCP/IP-based directory services. In essence, it defines a set of communication standards between clients and directory servers. PICOS LDAP supports the Simple Password security authentication method. This feature is supported on all Campus S-Series switches, except the S3410 and S3270 series. - 4.7.1M MLAG Telemetry gRPC as a high-performance communication framework, supports the retrieval of key MLAG status information—including Domain ID, Domain MAC, Node ID, Peer Link, Peer IP, Peer VLAN, Neighbor Status, Config Matched, MAC Synced, and Links. This feature enables real-time collection, analysis, and reporting of operational states and data from MLAG components, thereby facilitating quick network fault localization, performance optimization, and predictive maintenance. This feature is supported on all Campus S-Series switches, except the S3410 and S3270 series. - 4.7.1M Fast PoE Fast PoE allows the switch to save PoE settings even after restarting. The PSE begins supplying power to connected devices (PDs) just seconds after being powered on, without requiring the system to fully boot. This feature is supported on the following models: S5870-48MX6BC-U S5860-24MG-U S5860-48MG-U S5860-48XMG-U - 4.7.1M 4.7.1E Self-Signed Certificate A self-signed certificate is generated and signed by the switch itself rather than by a public Certificate Authority. It is used to encrypt HTTPS access to the switch’s web management interface and provides a basic level of identity authentication. In the 4.7.1E version, this feature is supported only on Campus S3000 Series switches; in the 4.7.1M version, this feature is supported on all Campus S-Series switches. Feature Enhancement Ticket ID Release Description - 4.7.1M ZTP API This release introduces the new ZTP API append_to_path for ZTP scripts, which dynamically defines the directory paths where the system searches for executable files. This command allows for the flexible specification of one or more custom directories during the ZTP automated deployment process. The system will then search for and execute required commands or scripts in these directories in the specified order. This feature is supported on all Campus S-Series switches, except the S3410 and S3270 series. - 4.7.1M Tech_support The tech_support file currently includes debugging information for VXLAN and EVPN, enabling users to collect the necessary data for troubleshooting. - 4.7.1M Me Port Behavior The default link mode for ME ports on the S5870 series switches is modified in version 4.7.1M. For new deployments, the port defaults to a link down state. If upgrading from an earlier version with the ME port already has an existing configuration, its state remains UP after the upgrade. - 4.7.1M 4.7.1E Rsyslog Level You can use the set system syslog server-ip log-level command to configure the log level for messages sent to a remote syslog server. In the 4.7.1E version, this feature is supported only on Campus S3000 Series switches; in the 4.7.1M version, this feature is supported on all Campus S-Series switches. - 4.7.1E Perpetual PoE Perpetual PoE (also known as PoE hot start) allows PSEs (Power Sourcing Equipment) to continue providing power to connected PDs during a system reboot. Supported reboot methods include: Reboot triggered by the CLI (request system reboot) Reboot initiated from the Linux shell Perpetual PoE also ensures uninterrupted power during software upgrades, including: Upgrades performed via CLI Upgrades initiated from the Linux shell Previously, Perpetual PoE is supported only on S5860 series, S5870-48MX6BC-U, and S5870-48T6BC-U models. The new release adds support for the following models: S3410L-24TF-P / S3410C-16TF-P / S3410C-16TMS-P / S3410C-8TMS-P / S3270-10TM-P / S3270-24TM-P L2L3 WEB Ticket ID Release Description - 4.7.1M The following switches now support L2/L3 Web management, and Web access is enabled by default. S5810 Series: S5810-48TS-P / S5810-28TS / S5810-28FS / S5810-48TS / S5810-48FS S5860 Series: S5860-20SQ / S5860-24XB-U / S5860-24MG-U / S5860-24XMG / S5860-48XMG-U / S5860-48XMG / S5860-48MG-U S3410 Series: S3410-24TS-P / S3410-24TS / S3410L-24TF-P / S3410L-24TF / S3410C-16TF / S3410C-16TF-P / S3410C-16TMS-P / S3410C-8TMS-P / S3410-48TS-P / S3410-48TS / S3410L-48TF S3270 Series: S3270-10TM / S3270-24TM / S3270-48TM / S3270-10TM-P / S3270-24TM-P The following switches now support L2/L3 Web management, but Web access is disabled by default. S5870 Series: S5870-48MX6BC-U / S5870-48T6BC-U / S5870-48T6BC S5890-32C S5580-48Y - 4.7.1E The following switches now support L2/L3 Web management, and Web access is enabled by default. S3410 Series: S3410-24TS-P / S3410-24TS / S3410L-24TF-P / S3410L-24TF / S3410C-16TF / S3410C-16TF-P / S3410C-16TMS-P / S3410C-8TMS-P / S3410-48TS-P / S3410-48TS / S3410L-48TF S3270 Series: S3270-10TM / S3270-24TM / S3270-48TM / S3270-10TM-P / S3270-24TM-P Fixed Issues Layer 2 and Layer 3 Ticket ID Release Description 19605 4.7.1M 【MLAG】In an MLAG scenario, packets loss occurs when you run the show tech_support command, and error prompts appear. Running the show tech_support command can trigger packet loss in the MLAG data plane and cause the command itself to fail with an error. It is fixed in 4.7.1M. 18446 4.7.1M 【MLAG/MLAG+EVPN】The MLAG domain status is "CONNECTING" while the peer is "ESTABLISHED" after the MLAG peer restarts or reboots. This occurs because the MLAG socket uses a Loopback address instead of the MLAG IP address. This issue occurs when one end of the MLAG switch restarts and attempts to establish an MLAG connection by using a non-MLAG link IP address, resulting in the failure to establish the MLAG connection. It is fixed in 4.7.1M. 20335 4.7.1M 【NAC】After NAC authentication, devices with authenticated MAC addresses cannot ping the directly connected switch. After NAC authentication is configured, ARP packets from authenticated MAC devices are incorrectly processed, preventing proper ARP table entry learning. This resulted in the failure to ping the directly connected switch. It is fixed in 4.7.1M. 19902 4.7.1M 【Dot1x】In a NAC+EVPN scenario, when ten hosts pass dot1x authentication, their MAC addresses are inconsistently learned. Some MAC addresses are learned on the physical port and others are learned on the VXLAN port. In an integrated NAC and EVPN deployment, the MAC addresses are inconsistently learned after multiple hosts passed 802.1X (dot1x) authentication. While some authenticated hosts' MAC addresses are correctly learned on VXLAN tunnel ports, others are incorrectly learned on the local physical access ports. This occurs because the dot1x module sends only a single batch notification to the LCMGR (Link Control Manager) upon VXLAN initialization, which contains all MAC addresses authenticated at that time. Subsequent hosts passing authentication does not trigger new notifications, causing their MAC addresses to be processed by the default physical port learning mechanism. It is fixed in 4.7.1M. 19822 4.7.1M 【S5860 Dual Chip】【MLAG】After configuring a static MAC address on the MLAG link, Layer 2 traffic cannot forward from the te-1/1/1 to te-1/1/47. On the S5860-48XMG-U and S5860-48XMG dual-chip devices, configuring a static MAC address on an MLAG link results in abnormal dropping of inter-chip traffic at the High-speed Interconnect (HG) port, consequently causing a traffic interruption. It is fixed in 4.7.1M. 19606 4.7.1M 【S5860][tech_support】An error log Failed to show hardware route is printed when you run the show tech_support command. When you run the show tech_support command to collect diagnostic information, the system incorrectly prints an error log Failed to show hardware route. It is fixed in 4.7.1M. 19509 4.7.1M 【S5860-48XMG-U】【Hash】LAG ports do not support load balancing for traffic that is forwarded across different switching chips . On the S5860-48XMG-U and S5860-48XMG dual-chip switches, the Link Aggregation Group (LAG) ports fail to perform load-sharing when traffic is forwarded across different chips. Instead, traffic may be forwarded over a single physical link within the LAG, causing uneven link utilization and potential congestion. It is fixed in 4.7.1M. 19754 4.7.1M 【S3410-48TS】There is an issue with cross-chip dot1x authentication. On dual-chip switches like the S3410-48TS, after dot1x authentication is completed, packets requiring cross-chip forwarding may be dropped abnormally due to processing errors. It is fixed in 4.7.1M. 20233 4.7.1M 【GRPC】The pica_snmp process crashes and generates a core dump when gRPC is enabled in the EVPN/VXLAN test environment. In an MLAG+VXLAN network, if a VLAN traversing the peer-link is configured with a VNI and corresponding VXLAN MAC entries exist, enabling GRPC or SNMP may cause a device crash and generate a core dump. It is fixed in 4.7.1M. 18751 4.7.1M 【Web】The PoE type for the switch front panel displayed on the Web Dashboard is incorrect. On the Web Dashboard, the PoE type for the S5860-48XMG-U switch front panel is displayed incorrect: ports 1-48 are shown as PoE++, but actually ports 1-24 are PoE++ and ports 25-48 are PoE+. It is fixed in 4.7.1M. 18999 4.7.1M Using commit confirmed 1 may cause a system reboot or unstable state. Executing the commit confirmed 1 command under specific conditions may cause system instability or an unplanned reboot. It is fixed in 4.7.1M. 18096 4.7.1M All logs are sent to the syslog server, regardless of the log-level setting being warning. Remote syslog servers receive all log messages even though the local log level is set to warning. Starting from version 4.7.1M, you can configure the log level for remote syslog servers using the CLI command: set system syslog server-ip log-level . 20368 4.7.1M 【LLDP】The customer requests that LLDP messages display the port description rather than the port number. The LLDP Port Description TLV is incorrectly set to the port identifier. In version 4.7.1M, the system now correctly advertises the configured port description in the LLDP Port Description TLV. 19649 4.7.1M 4.7.1E 【Print_arp】 print_arp process consumes 100% CPU and cannot terminate. When the number of ARP entries is large, the command show arp json may return fragmented output. Due to a code defect, the print_arp process may hang and fail to exit properly. As a result, the L2L3 WEB page becomes unresponsive, and repeated page refreshes further cause high CPU utilization and core file generation. In the 4.7.1E version, this bug is fixed only on Campus S3000 Series switches; in the 4.7.1M version, this bug is fixed on all Campus S-Series switches. 18446 4.7.1E MLAG domain status remains “CONNECTING” on one switch while the peer shows “ESTABLISHED” after restart The issue was caused by the MLAG socket binding to a loopback address instead of the configured MLAG IP address. When one MLAG peer restarts, it attempts to re-establish the MLAG connection using this incorrect address, preventing the MLAG session from coming up. It is fixed in 4.7.0E and 4.7.1E. Known Limitations Ticket ID Release Description - 4.7.1M PoE Default Status Limitations For AS4630_54PE and AS4630_54NPE platforms, PoE is enabled by default without any PoE configuration. If PoE settings are configured and then deleted, the AS4630_54NPE disables PoE, while the AS4630_54PE keeps PoE enabled. - 4.7.1M Functional Limitations OSPF multi-instance is not supported on any platforms. - 4.7.1M Performance Limitations MLAG In an MLAG scenario, lower-performance switches like the S5860 series support synchronization for only up to 6K MAC addresses. Due to this hardware limitation, the effective MAC address table capacity is reduced to 6K entries when MLAG is enabled. Exceeding this limit may cause MAC flapping or packet loss. Memory limitations On S5810 and S5860 devices, you need to place image files only in the /mnt/open/ directory. The device may automatically restart if a file transfer is interrupted after loading a large (1K entries) configuration that includes SNMP and gRPC settings. - 4.7.1M The following limitations apply only to the S3270 and S3410 series: IPv6 ND Inspection Unsupported on both S3410 and S3270 series. ND Snooping Unsupported on both S3410 and S3270 series. GRPC Unsupported on both S3410 and S3270 series. Multicast Source Discovery Protocol (MSDP) Unsupported on both S3410 and S3270 series. Link Fault Signaling (LFS) Unsupported on both S3410 and S3270 series. - 4.7.1M 4.7.1E The following limitations apply only to the S3270 and S3410 series: MLAG Unsupported on the S3270 series. Supported on the S3410 series. BGP / ISIS / PIM / BFD / IPSG6 Unsupported on both S3410 and S3270 series. VRF Unsupported on both S3410 and S3270 series. ECMP Unsupported on both S3410 and S3270 series. IGMP / PIM Unsupported on both S3410 and S3270 series. NAC Unsupported on the S3270 series. Supported on the S3410 series. Static MAC Address Maximum number changed from unlimited to 1,000. ARP & ND Maximum ARP entries changed from 12,000 → 1,000. Maximum ND entries changed from 6,000 → 1,000. Time Range Maximum number of time ranges changed from unlimited → 100. Maximum periods per time range changed from 10,000 → 50. 802.1X Default maximum number of 802.1X users changed from unlimited → 512. Port Security Maximum number of Port Security entries changed from 1,000 → 128. DHCP Relay Maximum number of DHCP Relay servers changed from unlimited → 20. SSH Maximum concurrent SSH sessions changed from 0–2 → 0–10. Default value set to 3. SNMP Maximum number of SNMP communities changed from unlimited → 15. Maximum number of SNMP hosts changed from unlimited → 10. DNS Server Maximum number of DNS servers changed from unlimited → 6. NTP Maximum number of NTP servers changed from unlimited → 20. L3 Interfaces (S3270 Series) Maximum number of L3 interfaces changed from 250 → 30. Known Issues Ticket ID Release Description 19014 4.7.1M 【MLAG】Adding or deleting VLAN configurations on non-member ports in MLAG causes packet loss for traffic across the MLAG member ports. Issue Description: Performing batch VLAN configuration changes (add/delete/modify) on multiple ports within a short period can lead to high CPU utilization. This process may temporarily disrupt the data plane forwarding pipeline and cause packet loss, even on ports not involved in the changes. Impact: Prolonged CPU utilization of excessive processes can cause CLI response delays or unresponsiveness. In severe cases, it may lead to a full system freeze, triggering an unexpected reboot, and resulting in service traffic loss. Root Cause: Creating or modifying a large number of VLANs on ports within a short time generates numerous sub-processes. The CPU, overwhelmed by these processes, is starved of cycles needed for packet reception. 19572 4.7.1M 【MLAG Performance】Traffic interruption after the switch is shutdown via the run request system reboot command. Issue Description: In an MLAG scenario, the reboot -f command ensures service continuity, while the run request system reboot command causes a severe traffic interruption. Root Cause: During a normal reboot, the port shutdown is one of the final steps after the packet forwarding service has stopped. The delay between the service stop and the physical port going down creates a window where traffic is dropped. This delay can vary with the scale of the switch configuration. Workaround: Using the reboot -f command to force a reboot. This method allows traffic to switch over immediately to the peer device. 16172 4.7.1M 【MLAG+DHCP Snooping+VRRP】DHCP Snooping bindings sometimes fail to synchronize to the peer device. Issue Description: In an MLAG and DHCP integrated network scenario, when a client connects to an MLAG orphan port, the DHCP Snooping binding entries generated by the local MLAG switch cannot be properly synchronized to the peer MLAG switch via the peer link. Impact: The peer MLAG switch lacks the DHCP Snooping binding information for that client. If traffic enters from the peer side, it may cause the client's packets to be incorrectly dropped, affecting network access and potentially compromising the consistency of network security policies. Root Cause: In the current software version, there is a synchronization logic issue when handling DHCP Snooping entries learned from orphan ports. These entries are not recognized as critical items that need to be synchronized over the peer link. Workaround: Avoid connecting client devices to MLAG orphan ports. Prioritize connecting them to the aggregated link ports configured with MLAG. 20347 4.7.1M 【MLAG+LACP】LACP status cannot negotiate up in scenarios with a large number of MLAG links configured. Issue Description: In scenarios with a large number of MLAG links configured, if LACP is enabled on all MLAG links, a single switch needs to process a high volume of LACP packets. Due to abnormal CPU packet processing, the switch fails to complete processing within the LACP interval, causing the affected LACP links to experience intermittent interruptions and recoveries (link flapping). Impact: This issue leads to unstable MLAG links, which may cause network service traffic interruptions, packet loss, and reduced reliability of services carried on the aggregated links. Root Cause: Under high-load conditions with a large number of MLAG links running LACP simultaneously, a software defect results in insufficient CPU processing efficiency (or high CPU usage due to other reasons), preventing prioritized handling of LACP control packets. This causes the system to miss the interaction timeout defined by the LACP protocol and may even lead to packet loss, ultimately triggering link flapping. Workaround: If possible, reduce the number of MLAG links with LACP enabled on a single switch. Consider adjusting the LACP timer interval to slow mode to provide a longer processing window. Note that this will increase convergence time. Adjust the bandwidth of the Control Plane Policing (CoPP) LACP queue. 20100 4.7.1M 【VRRP】When VRRP load balancing mode is enabled, the virtual IP sends ARP requests using two MAC addresses (00:00:5E:00:02:xx and 00:00:5E:00:01:xx), resulting in ARP MAC flapping. Issue Description: When VRRP load balancing mode is enabled, the system generates two virtual MAC addresses (00:00:5E:00:01:xx and 00:00:5E:00:02:xx). In specific scenarios, both addresses may send ARP request packets externally, causing the MAC address corresponding to the Virtual IP (VIP) learned by access switches to frequently alternate between the two. This results in MAC address table flapping. Impact: This issue leads to instability in the MAC address tables on downstream or Layer 2 network devices. In extreme cases, it may affect user network access experience. Root Cause: To achieve load balancing, the system kernel creates two virtual interfaces for the same Virtual IP. Each interface is assigned a different virtual MAC address as defined by the VRRP protocol standard (the primary/backup mode uses 00:00:5E:00:01:xx, while the load balancing extension uses 00:00:5E:00:02:xx). Both interfaces actively perform ARP advertisements, causing the network to receive ARP packets from two different source MAC addresses claiming ownership of the same IP address. 18259 4.7.1M 【EVPN】The overlay connected route may sometimes be missing from the hardware forwarding table (FIB). Issue Description: In complex multi-protocol routing environments, when EVPN overlay routes to the same network coexist with routes from other protocols (such as BGP or OSPF), convergence anomalies may occur during the system's internal route redistribution and optimal path calculation processes. A typical symptom is the erroneous deletion of EVPN overlay connected routes that should remain stable in the hardware forwarding table, resulting in traffic forwarding interruptions. Impact: This issue leads to route loss, consequently causing traffic loss. Root Cause: Within the module managing multiple routing protocol instances, a race condition occurs in the internal state machine under specific timing when processing route updates from different protocol sources pointing to the same prefix. This causes a valid route that should have been retained to be incorrectly marked as invalid during route redistribution and priority comparison, leading to a delete instruction being issued to the hardware. 19950 4.7.1M 【ECMP Route for VXLAN】An overlay ECMP route issue occurs, which are created via BGP EVPN and EVPN. Issue Description: In an EVPN VXLAN environment, Overlay ECMP routes dynamically learned via the BGP EVPN (with VXLAN tunnel endpoints as next hops) are incorrectly identified as Underlay ECMP routes. This may lead to unexpected traffic forwarding when load balancing is performed across multiple VXLAN tunnels. Impact: All switches running EVPN VXLAN with Overlay ECMP configured are affected. This issue is an internal forwarding-plane processing anomaly that typically does not affect basic connectivity but may impact the efficiency of traffic load balancing across VXLAN tunnels. Root Cause: The default logic for creating ECMP groups in the underlying layer is designed for Underlay routes. When the BGP EVPN protocol delivers ECMP entries for Overlay routes, the system fails to correctly recognize their next-hop type (VXLAN tunnel endpoints), thereby erroneously applying the default Underlay ECMP group creation mechanism. Workaround: It is recommended to temporarily avoid relying on ECMP load balancing across multiple VXLAN tunnels when designing the Overlay network. If performance issues arise, consider optimizing Underlay routing to converge Overlay traffic to a single optimal path. 21010 4.7.1M 【Ping】When running a continuous ping，pressing Ctrl+C fails to stop it. The command remains unresponsive and continues running. Issue Description: During prolonged or repeated ping operations, pressing Ctrl+C displays that the command has been interrupted, but the process does not actually stop, and ping packets continue to be sent. Impact: You cannot properly terminate long-running ping processes and must forcibly end the process or restart the terminal, impacting operational efficiency and user experience. Root Cause: In specific operating environments, a system anomaly blocks the delivery of the SIGINT signal (Ctrl+C) to the ping process. Workaround: When executing ping operations, avoid using the -c (packet count) parameter to initiate a large number of ping tests. Forcibly terminate the corresponding ping process using the kill -9 command. 20556 4.7.1M 【NTP】The NTP service error appear in the log ntpd daemon.err : leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): expired 491 days ago. Issue Description: The system's built-in leap second file /usr/share/zoneinfo/leap-seconds.list may expire on long-running or unupdated systems. This file is critical for applying accurate leap-second adjustments to UTC. Impact: An expired version will prevent the system from processing future leap second events, causing potential time drift of up to 1 second, inconsistent timestamps across logs, and may affect time-sensitive applications and protocols. Workaround: Manually download and update the file by using the provided command sudo curl -o /usr/share/zoneinfo/leap-seconds.list https://data.iana.org/time-zones/data/leap-seconds.list. You need to schedule a periodic (such as annual) check or update of this file. 20497 4.7.1M 【Web】After entering a Chinese comma and clicking Apply, the Web interface becomes unresponsive. A subsequent click causes the interface to freeze. Issue Description: Entering Chinese characters or special symbols in the Web GUI input field and clicking Apply causes the interface to become unresponsive. A subsequent click triggers a complete freeze of the Web interface. Switching to other Web pages also results in freezing, and after loading, the pages may display blank or no content. Impact: This issue prevents users from submitting configurations containing Chinese characters or special symbols via the Web interface, severely impacting configuration efficiency and user experience. Once the interface freezes, restarting the Web service is required to restore normal operation, increasing the complexity and disruption risk of maintenance tasks. Root Cause: A defect in the front-end input processing logic causes data interaction errors when processing specific characters, ultimately leading to unresponsive pages. Workaround: When entering configurations in the Web GUI input field, temporarily avoid using Chinese characters and special symbols other than A-Za-z0-9./:,-_*. If the Web interface freezes due to entering Chinese or special characters, you can restart it by restarting the Web service. Use the following CLI commands in sequence: set system services web disable true set system services web disable false 19949 4.7.1M 【BFD Stability】Enabling BFD in an MLAG scenario causes persistent BFD session resets, which causes repeated OSPF neighbor resets. Issue Description：In an MLAG dual-active system, when OSPF and BFD are both enabled on the peer link and the MLAG member links, BFD sessions experience intermittent and unexpected resets (flapping). This causes the dependent OSPF neighbor relationships to repeatedly disconnect and re-establish. Impact：In an MLAG deployment with OSPF over BFD enabled on all switches, this issue leads to unstable network routing, potentially causing brief service traffic interruptions or path changes. Root Cause: A conflict exists between the transmission/reception or processing path of BFD packets and internal synchronization mechanisms. Under specific timing conditions, this conflict triggers BFD detection timeouts. Workaround: Adjust the BFD parameters. Appropriately increase the transmit-interval and receive-interval for the BFD sessions, and increase the detect-multiplier. This enhances BFD's tolerance to transient jitter. 20051 4.7.1E 【MLAG/MAC-Move/S3410-DoubleChip】Link Migration of Aggregation Ports Causes MAC Update Failure on Master and Slave Chips On the dual-chip device, one master chip deleted and then relearned a MAC address on the same port in a short time. Software table handling error caused the MAC update failure. 19572 4.7.1E 【MLAG Performance】Traffic Interruption after the Switch is Shutdown via ”request system reboot” During a switch reboot, the ports remain up until the PICOS service is shut down. This creates a brief window between the reboot initiation and the port shutdown, during which traffic loss occurs. Upgrade Upgrade Scenarios Upgrade Limitations Upgrading from 4.7.1E to 4.7.1M on S3410 and S3270 Series switches In version 4.7.1M, commands related to IPv6 ND inspection, ND snooping, GRPC, Multicast Source Discovery Protocol (MSDP), and Link Fault Signaling (LFS) features are removed. If upgrading the switch from version 4.7.1E to 4.7.1M and these commands are already configured, you need to manually remove them before upgrading to avoid upgrade failure. S3270 does not support downloading the image file in the /mnt/open directory before upgrade. S3270 Series switches only support the upgrade method to upgrade the version.

PicOS® Quick Deployment Guide

Jan 16, 2026 - PicOS® Quick Deployment Guide 1. Getting Started with PicOS® 1.1 Understanding PicOS® 1.1.1 About the Quick Deployment Guide PicOS® Quick Deployment Guide provides a high-level introduction to PicOS® and explains basic concepts and operational principles for working with PicOS® network devices. In this guide, we explain the basics of PicOS®, including: Understanding the network operating system software How to access PicOS® network devices How to perform the initial device configuration, including the root password, hostname, management and loopback interfaces, user accounts, and backup router configuration 1.1.2 Operating system infrastructure PicOS® includes processes that run on the device, including IP routing, Ethernet switching, management interfaces, and various other functions. PicOS® runs on the routing engine. The routing engine kernel coordinates communication between software processes and provides a link to the packet forwarding engine. Using the CLI, you can configure device functions and set network interface properties. After activating the software configuration, the CLI user interface is used to monitor and manage operations, as well as diagnose protocol and network connectivity issues. Routing Engine and Packet Forwarding Engine A PicOS® network router or switch has two main software processing components: Packet Forwarding Engine – Handles packets, applies filters, routing policies, and other functions, and forwards packets to the next hop on the route to their final destination. Routing Engine – Provides three primary functions: Maintains the routing table used by network devices and controls the routing protocols running on the device. Performs packet forwarding by providing route lookup, filtering, and switching for incoming packets, then directing outgoing packets to the appropriate interface for transmission onto the network. Provides control and monitoring functions for the device. 1.2 Access a PicOS® Network Device 1.2.1 Overview of PicOS® Network Device Initial Configuration After installing and starting a PicOS® Networks device, you can begin the initial configuration. All devices come pre-installed with a version of PicOS®. The procedures in this guide show you how to connect the device to the network without enabling traffic forwarding. For complete information on enabling traffic forwarding, including examples, refer to the Software Configuration Guide. Notes: For an overview of PicOS® and detailed information on configuration statements and CLI commands, refer to PicOS® Configuration Guide V4.4.5. By default, console access to the device is enabled. Initially, connect to the device using the Console Port. Before configuring the device, gather the following information: The name the device will use on the network The IP address and prefix length information for the Ethernet interface The IP address of the default gateway The most common method for configuring the device is using CLI commands. 1.2.2 Console Port Overview The Console Port allows access to a device running PicOS®, regardless of its state, unless the device is completely powered off. By connecting to the Console Port, you can access the device at the root level without relying on a network connection. The Console Port connection provides continuous direct access to the device, which is typically available even if the primary network fails. We recommend using the Console Port connection for all PicOS® and software package upgrades, as this connection remains open during the upgrade process, allowing you to monitor status and progress. Other network-based connections, such as SSH or Telnet, are usually interrupted during a software upgrade, which may result in the loss of status updates or error messages. 1.2.3 How to Access a PicOS® Network Device for the First Time When you power on a device running PicOS®, it automatically starts up. To perform the initial configuration, you must connect a terminal or laptop to the device via the Console Port. By default, console port access to the device is enabled. However, remote management access and all management protocols (such as Telnet, FTP, and SSH) are disabled by default. First Time Access to the Network Device: a) Connect your laptop or desktop computer to the Console Port on the front panel of the device. Port Settings Use the following port settings to connect a terminal or a computer to the switch console port: Baud rate: 115200 Data bits: 8 Stop bits: 1 Note: The default width for terminal sessions through the Console Port is 80 characters. This means that the terminal client width should be at least 80 characters to properly use the Console Port. Most terminal clients have a default width of 80 characters. b) Power on the device and wait for it to boot. The software will start automatically. Once the boot process is complete, you will see the PicOS login: prompt on the console. c) Log in as the user admin. By default, PicOS® has two users: root and admin. On the first login, you must manually set the password for the admin account. The user should use pica8 as the password on the first login. After that, the system will prompt the user to change the default password. The new password must be a string of 8 to 512 case-sensitive characters. PicOS login: admin Password: (input default password "pica8") You are required to change your password immediately (administrator enforced) Changing password for admin. Current password: (input "pica8" again) New password: (input new password: the new password should be no less than eight characters) Retype new password: (input new password again) Linux PicOS 5.10.23 #2 SMP Mon Aug 12 09:14:57 CST 2024 x86_64 Synchronizing configuration...OK. Welcome to PicOS admin@PicOS> d) After the switch boots up, it automatically enters the PicOS® CLI. admin@PicOS> e) Type configure to access CLI configuration mode admin@PicOS> configure admin@PicOS# 1.3 Device Hostname 1.3.1 Hostname Overview Almost every device in a network has a hostname. The hostname is the name used to identify the device on the network. It is easier to remember than an IP address. When you first boot a PicOS® network device, the default hostname is PicOS®. The PicOS® prompt indicates that the device is loading the new PicOS® software from the factory settings. By definition, such devices do not have a configured hostname. As an administrator, you need to follow naming conventions for devices. One convention is to name the device based on its location, such as: germany-berlin-R1. Make sure the hostname is unique within the local network so that users can connect to the device using that hostname. You do not need to make the local hostname globally unique. In PicOS®, the hostname can contain any combination of letters, numbers, and hyphens. Special characters are not allowed. As a best practice, use short and meaningful hostnames because long hostnames are difficult to type and remember. 1.3.2 Configure the Device Hostname A host name distinguishes one device from another. The default host name is the system name PicOS®. You can modify the host name as required. a) In the configuration mode, specify or modify a host name for the switch. set system hostname b) set system hostname commit c) Verifying the Configuration After the configuration is completed, in the configuration mode, use run show system name command to view the new host name. d) Other Configurations To reset the hostname to default, use delete system hostname command. 1.4 Management Ethernet and Loopback Interfaces 1.4.1 Management Ethernet Interface Overview The management interface is the primary interface for remotely accessing the device. Typically, the management interface does not connect to the in-band network but instead connects to the device’s internal network. As a system administrator, you can use the management interface to access the device through the network using utilities such as SSH and Telnet. You can configure the device from anywhere, regardless of its physical location. SNMP can use the management interface to collect statistics from the device. Authorized users and management systems use the management interface to connect to the device over the network. Some PicOS® network devices have dedicated management ports on the front panel. For other types of platforms, you can configure the management interface on one of the network interfaces. You can dedicate this interface to management, or share it with other traffic. You must configure the management interface before users can access it. To set up the management interface, you need information such as its IP address, prefix, and next hop. We recommend configuring the device so that traffic is not routed between the management interface and other ports. On many devices running PicOS®, traffic cannot be routed between the management interface and other ports. Therefore, you should choose an IP address with a separate prefix (network mask) in a separate (logical) network. For devices running PicOS®, the management Ethernet interface is typically named ETH0. 1.4.2 Configure Management Interface PicOS® switches provide one or two Ethernet management ports for switch configuration and out-of-band network management. See Figure 1, which shows the console and management ports of the PicOS®-3930 switch. The port labeled ETHERNET is the management port, while the port labeled CONSOLE is the console port. Figure 1. Console and Management Ports image.png Configure IP Address for Management Interface To facilitate the device management and meet the requirement of separating the management traffic from the data traffic, the switch supports the in-band or out-of-band management interface with the factory default IP address 192.168.1.1/24. If the switch cannot obtain the IP address through DHCP, the factory default IP address is valid, and you can access it through PCs in the same network segment. Besides, you can manually configure the IP address as needed. a) In the configuration mode, specify the IP address for management interface. set system management-ethernet eth0 ip-address {IPv4 | IPv6} set l3-interface vlan-interface inband-mgmt address prefix-length b) Commit the configuration. commit c) Verifying the Configuration After the configuration is completed, in the configuration mode, use run show system management-ethernet command to view the MAC address, IP address, state and traffic statistics. d) Other Configurations To clear the configuration of management interface, use delete system management-ethernet eth0 ip-address command. 1.4.3 Loopback Interface Overview The Internet Protocol (IP) specifies a loopback network with the address range (IPv4) 127.0.0.0/8. Most IP implementations support a loopback interface (lo0) to represent the loopback facility. Any traffic sent by computer programs to the loopback network is sent to the same computer. The most commonly used IP addresses on the loopback network are 127.0.0.1 (IPv4) and ::1 (IPv6). The standard domain name for this address is localhost. You can use the loopback interface to identify the device. While you can use any interface address to determine if the device is online, the loopback address is the preferred method. Even though interfaces may be removed or have their addresses changed due to changes in the network topology, the loopback address will never change. When you ping a single interface address, the result does not always reflect the health of the device. For example, a mismatch in the subnet configuration at both ends of a point-to-point link can make the link appear down. Pinging an interface to check if a device is online may lead to misleading results. The interface could be unavailable due to issues unrelated to the device’s configuration or operation. The loopback interface helps address these issues. Benefits Since the loopback address never changes, it is the best way to identify a device on the network. The loopback interface is always up and accessible as long as there is a route to that IP address in the IP routing table. Thus, it can be used for diagnostics and troubleshooting. Protocols such as OSPF use the loopback address to determine protocol-specific attributes of the device or network. Additionally, certain commands (e.g., ping mpls) require the loopback address to function properly. 1.4.4 Loopback Interface Configuration The loopback interface is always Up to ensure network reliability. The loopback interface has the following features: The loopback interface is always Up and has the loopback feature. The loopback interface can be configured with the mask of all 1s. Based on the preceding features, the loopback interface has the following applications. The IP address of a loopback interface is specified as the source address of packets to improve network reliability. When no Router ID is configured for dynamic routing protocols, the maximum IP address of the loopback interface is configured as the router ID automatically. a) In the configuration mode, specify the name and IP address for the loopback interface. set l3-interface loopback address prefix-length 32 set l3-interface loopback address prefix-length 128 b) Commit the configuration. commit c) Verifying the Configuration After the configuration is completed, in the configuration mode, use run show l3-interface loopback command to view the state, IP address, description and traffic statistics. d) Other Configurations By default, the loopback interface is enabled when created. To disable the loopback interface, use set l3-interface loopback disable command. To clear the configuration of loopback interface, use delete l3-interface loopback interface command. 1.5 Initial User Account 1.5.1 User Account Overview User accounts provide a way for users to access the device. For each account, you can define the user's login name, password, and any other user information. While it is common to use a remote authentication server to centrally store user information, it is also a good practice to configure at least one non-root user on each device. This way, you can still access the device even if the connection to the remote authentication server is interrupted. This non-root user is typically given a generic name, such as admin. 1.5.2 Configure User Account in the Configuration Group Here are two types of user accounts: super-user and read-only. The newly created user account, by default, is read-only. NOTE: "net-admin" is not allowed to use when configuring a username. Creating a User Class and Password admin@XorPlus# set system login user ychen authentication plain-text-password pica8 admin@XorPlus#set system login user ychen class super-user admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Login Announcement after Login admin@XorPlus# set system login announcement "welcome the switch-1101" admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Multi-line Login Announcement after Login The following example configures a multi-line announcement which will be printed on the teminal after user login. admin@XorPlus# set system login multiline-announcement 1 message "**********************************************" admin@XorPlus# set system login multiline-announcement 2 message "Welcome to the system！" admin@XorPlus# set system login multiline-announcement 3 message "**********************************************" admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Login Banner before Login admin@XorPlus# set system login banner "Hello! Welcome!" admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Configuring a Multi-line Login Banner before Login The following example configures a multi-line banner which will be printed on the teminal before user login. admin@Xorplus# set system login multiline-banner 1 message "*********************NOTICE***********************" admin@Xorplus# set system login multiline-banner 2 message "This is a property of Pica8." admin@Xorplus# set system login multiline-banner 3 message "All users log-in are subject to company monitoring!" admin@Xorplus# set system login multiline-banner 4 message "**************************************************" admin@Xorplus# commit 1.5.3 Enable Remote Access Services Configuring the SSH Connection Limit admin@XorPlus# set system services ssh protocol-version v2 admin@XorPlus# set system services ssh connection-limit 5 admin@XorPlus# commit Waiting for merging configuration. Commit OK. Save done. admin@XorPlus# Enabling and Disabling Inband Service By default, SSH with inband interfaces are disabled. You can enable inband services by entering the command below. Set the L3 VLAN interface VLAN400 in the default VRF as the in-band management port. admin@Xorplus# set system inband vlan-interface VLAN400 admin@Xorplus# commit Set the loopback interface IP in the default VRF as the in-band management IP. admin@Xorplus# set system inband loopback 192.168.10.1 admin@Xorplus# commit Set the routed interface rif-ge3 in the default VRF as the in-band management port. admin@Xorplus# set system inband routed-interface rif-ge3 admin@Xorplus# commit Configuring the Idle Timeout for SSH User admin@Xorplus# set system services ssh idle-timeout 60 admin@XorPlus# commit Waiting for merging configuration. Commit OK. Save done. admin@XorPlus# Configuring the Port Number of the SSH server Users can use this command to configure the new port number of SSH server to prevent attackers from accessing the standard port of SSH service and ensure security. The default listening port number of the SSH server is 22. Note that, if the modified port number is not 22, the client needs to specify port number when logging in using SSH. admin@Xorplus# set system services ssh port 30 admin@Xorplus# commit Enabling Telnet Service The PicOS® switch supports functioning as a telnet server. To enable the telnet server function, users can enable the telnet service. The following command enables telnet service on the device. NOTEs: Telnet service is insecure. Do not enable a telnet server if you don't know what exactly it may mean. Limit to a maximum of 20 connections within 10 seconds. Terminate the session in 60 seconds if the connection is not successful. admin@PicOS# set system services telnet disable false admin@PicOS# commit 2. PicOS® Overview When using ONIE installer to install PicOS®, the installer reinstalls the software, rebuilds all the PicOS® file system. This can erase the configuration files and system logs from the previous installation. After a successful ONIE installation of PicOS® 4.x, the system generates multiple system partitions including PicOS® (partition size: 2G), PicOS®2 (partition size: 2G) and User-Data partitions. Among them, PicOS® and PicOS®2 are two independent system boot partitions. One of them is the active partition on which the running system resides, and the other is the inactive partition. The two-system-boot-partition feature allows the system to revert to a previous version of the installed software package when the it fails to upgrade PicOS® by using upgrade2 command. The ONIE installer removes all partitions to rebuild a brand new OS only when there is no User-Data partition. However, if there exists a User-Data partition (for example, install a new version 4.0.1 from the old one 4.0.0), the ONIE installer only rewrites the "PicOS®" partition, installs the new installation package to this partition and sets the system on "PicOS®" partition as the default and sole boot system. User-Data partition is a reserved partition which is not affected by ONIE installer and upgrade unless user manually removes it. User-Data partition uses all the available space left on the disk. Users can use this partition to store files and data. This document describes how to install PicOS® 4.x software using ONIE installer. 3. Install, Upgrade, and Downgrade PicOS® Software 3.1 Overview of Software Installation and Upgrade 3.1.1 What is ONIE ONIE (Open Network Install Environment) is an open source project of OCP (Open Compute Project). ONIE provides the environment to install any network operating system on a bare metal network switch. ONIE liberates users from captive pre-installed network operating systems, like the Cisco IOS, and provides them with a choice. ONIE is a small Linux operating system that comes pre-installed as firmware on bare metal network switches. ONIE acts as an enhanced boot loader, extending the features provided by U-Boot. ONIE is used to install PicOS® on compatible switches. The bare metal switches listed in the PicOS® Hardware Compatibility List must be pre-loaded with ONIE prior to installing PicOS®. 3.2 Preparation for Software Installation and Upgrade The installation methods used to install a new PicOS® are traditional installation and nos-boot-mode installation. You can choose a suitable installation method that is convenient and appropriate for your installation environment. If you want to install PicOS® through a console port, refer to PicOS® Configuration Guide V4.4.5. If you want to install the PicOS® through a non-console port (through the management port), refer to PicOS® Configuration Guide V4.4.5. Notes： You need to log in through the console port of the switch and perform the ONIE installation. Other NOSes including user data will be removed when install PicOS® under ONIE environment. When the ONIE installer is used to downgrade the PicOS® version from version 4.x to PicOS® 3.x or lower versions, we first need to use ONIE to uninstall the higher version PicOS® before proceeding with installing PicOS® 3.x or a lower version. On the ARM platform, execute the onie_uninstaller command at the ONIE prompt to uninstall the current version PicOS®. On the x86 platform, select the "ONIE: Uninstall OS" option in the GRUB menu to uninstall the current version PicOS®. If you enter GRUB rescue mode and the switch has GPT format partition, you can use the following commands to reset the GRUB boot variable to enter ONIE GRUB and then install PicOS®. grub rescue> set prefix=(hd0,gpt2)/grub grub rescue> set root=(hd0,gpt2) grub rescue> insmod normal grub rescue> normal Do not plug in the USB disk during onie-nos-installer process until ONIE starts up. If you have plugged in the USB disk before the installation operation, ONIE will find the installer on the USB disk when beginning the installation. On AS4610 series switches, when installation is complete, the installer will display: Please take out the usb disc, then remove the USB disk within 10 seconds after installation successful, and before machine restarts. All X86 platforms share one installation and upgrade package with the name fixed as: onie-installer-PicOS-VERSION-x86.bin, where VERSION is the release version. X86 platform are listed below: FS N9550-32D FS N8520-32D FS N9550-32D FS N8610-32D FS N8610-64D FS N9550-64D FS N8550-64C FS N5850-48S6Q FS N8550-48B8C FS S5580-48Y FS S5890-32C FS N8560-32C FS N8550-32C FS N8550-64C FS N8560-64C FS N8550-24CD8D FS S6860-24CD8D FS N5570-48S6C Edgecore AS4625-54P Edgecore AS4625-54T Edgecore AS4630-54TE Edgecore AS4630-54NPE Edgecore AS4630-54PE Edgecore AS5712-54X Edgecore AS5812-54T Edgecore AS5812-54X Edgecore AS7312-54X Edgecore AS7312-54XS Edgecore AS7326-56X Edgecore AS7712-32X Edgecore AS7726-32X Edgecore AS6812-32X Edgecore AS7816-64X Edgecore AS5835-54X Edgecore AS5835-54T Edgecore AS9716-32D Edgecore AS9726-32DB Edgecore AS9737-32DB Edgecore AS9736-64D DELL N3248P-ON DELL N3248PXE-ON DELL N3248TE-ON DELL N3224PX-ON DELL N3224P-ON DELL N3248X-ON DELL S4048-ON DELL S4148F-ON DELL S4148T-ON DELL S4128F-ON DELL S5224F-ON DELL S5296F-ON DELL S5212F-ON DELL S5248F-ON DELL S5232F-ON DELL Z9100-ON DELL Z9264F-ON DELL N3224T-ON DELL S4128T-ON DELL N3224F-ON DELL N2224PX-ON DELL N2224X-ON DELL N2248PX-ON DELL N2248X-ON DELL N3208PX-ON Delta AG7648 Delta AG5648 v1-R Delta AG9032v1 3.3 Upgrade and Downgrade Software 3.3.1 Traditional Installation NOTE： You need to log in through the console port of the switch and perform the ONIE installation described in this section. The installation method described in this section only applies to platforms that have pre-installed ONIE. 3.3.2 Manual Installation Process The following example describes the installation of PicOS® via manual installation method. Step1 Make sure that the installation package of .bin file has been load to the server (server could be HTTP, TFTP, or an FTP server or the switch local directory depending on the actual installation environment). Step2 Enter ONIE installation environment. The process is different on the following two types of platforms: ARM Platforms (AS4610 Series Switches) a) Verify that the switch is pre-loaded with ONIE, which will be used to load PicOS® on the switch. Power on the switch and interrupt the boot sequence by pressing any key when the following line is shown: Hit any key to stop autoboot: b) User will then reach the U-Boot command prompt indicated by ->. Run the printenv command at the U-Boot prompt. If the information displayed contains keywords like onie_initargs and onie_machine, the switch is pre-loaded with ONIE. LOADER->printenv active=image1 autoload=no baudrate=115200 bootcmd=run check_boot_reason;run PicOS_bootcmd;run onie_bootcmd bootdelay=10 check_boot_reason=if test -n $onie_boot_reason; then setenv onie_bootargs boot_reason=$onie_boot_reason; run onie_bootcmd; fi; consoledev=ttyS0 dhcp_user-class=arm-accton_as4610_54-r0_uboot dhcp_vendor-class-identifier=arm-accton_as4610_54-r0 ethact=eth-0 ethaddr=00:18:23:30:E7:8F fdtaddr=0xc00000 fpboot=setenv bootargs console=${consoledev},${baudrate} maxcpus=2 mem=1024M root=/dev/ram ${mtdparts} ubi.mtd=4 ethaddr=$ethaddr quiet gatewayip=192.168.0.1 initrd_high=0x80000000 ipaddr=192.168.0.1 loadaddr=0x70000000 loads_echo=1 mfg=mfg mfgdiags=run fpboot ; nand read ${loadaddr} diags ; bootm ${loadaddr} mfgdiags_recovery=nand read ${loadaddr} diags2 ; nand erase.part diags ; nand write ${loadaddr} diags mtdids=nand0=nand_iproc.0 mtdparts=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) netmask=255.255.255.0 nos_bootcmd=true onie_args=run onie_initargs onie_platformargs onie_bootcmd=echo Loading Open Network Install Environment ...; echo Platform: $onie_platform ; echo Version : $onie_version ; nand read $loadaddr $onie_start 0x00c00000 && run onie_args && bootm ${loadaddr} onie_dropbear_dss_host_key=begin-base64@600@d#AAAAB3NzaC1kc3MAAACBAIN7HOS7UGtQ+RS9R5Rdim9s4iadCBQ9SEFnHJZ2#ulK15hN2p1BOJ1Mf4qb/oHFGIt8hvopq157ejsJcSPuR9scXE2aYQO7r1+Ie#1MKoR3HyEFKgPhNUr0qYNiIaWGw2UUXivLUlhjmaPhjItsttb6AezNB6N1ap#TmIeEUse0NQBAAAAFQDndwbRrSsw6G/W4wd0LJVAjuyq2QAAAIAe/zGPyPNn#UwwV+i+j3l1W9IFhjA/ovXfX7PQtjHB7OJcInSpOA2gXLXHU2kYDkn+ymJQI#8Tn558nLHq64n9hIJzwaQH4ajMipBNwqR0WtpPXEaow9InDzjs+qFY0HAcTv#7DMEY9BGiJAUUSSCSFZ9dEYHIWUdk6WIpDUMX4b2ewAAAIB6bC+fHzr+Qaet#GjzynI0tApbzyydXKuIiIH6EDh2QEaP0E+TSxJ+C4xfyBAp1j0kvj0IYWR2P#H9ur0RaxDaCmKwIQs1gTJh/137Yd+OsqEV3JnrZxlEKk2DmI5c2wrGtl4oUp#XJfc+viahpFeCsGzsqGHHADWNsjlpKt457QCuQAAABUAk5406cTH4nZO0qlj#6irYf4WA65E=#====# onie_dropbear_rsa_host_key=begin-base64@600@r#AAAAB3NzaC1yc2EAAAADAQABAAAAgQCMTqwNhnJpuSLYAdRA/jjm1lyBaJF1#ovs3Hp0G7XkYnY4+JNPTCYgnmfMQnM83PQncuy89AqehJ2V22LGjpRiqT56K#MRr+hQoSWEbAObRd1azZF45pbxiQaQiQxNzIKbHDDWlGlycXfv8w9ZCElbxj#Ja7bkwmwg9EsBlW0d5u0BQAAAIAFr0FOyfn0OR1FiatvF624Aorcbl9oV/pc#JRghGfl8SxPihizz4bC7xAPCUkwd9ZHi+M2E6AjhIV69xjFKS0vYuQplvl8G#9R8YsnmP5B45TyLE3dW5V2/g+LQERQdFpRaSsPqEPHSlXPq4XHLGLRFItEBt#ohp41Qm+eA6efsAMIQAAAEEA4Y90xi8N1SuwjRk53fqpP8dC+FPnU850XtC1#cKG0rBt6v9qD+BTxxfE6GEpYM+N0fLyECbgBjA2LQF6CG3G15QAAAEEAnz3v#3POrcsMK2LkSNjWzAhzUqOWyOaNlhcvgh+2Xfj2tHyOTpZ09gCm483v1rui9#63uYu4QQurpATrHMcLIjoQ==#====# onie_initargs=setenv bootargs quiet console=$consoledev,$baudrate onie_machine=accton_as4610_54 onie_machine_rev=0 onie_platform=arm-accton_as4610_54-r0 onie_platformargs=setenv bootargs $bootargs serial_num=${serial#} ${platformargs} eth_addr=$ethaddr $onie_bootargs $onie_debugargs onie_recovery=nand read ${loadaddr} onie2 ; nand erase.part onie ; nand write ${loadaddr} onie onie_rescue=setenv onie_boot_reason rescue && boot onie_start=onie onie_sz.b=0x00c00000 onie_uninstall=setenv onie_boot_reason uninstall && boot onie_update=setenv onie_boot_reason update && boot onie_vendor_id=27658 onie_version=master-201603091701-dirty PicOS_bootcmd=usb start;run platformargs;setenv bootargs root=/dev/sda1 rw noinitrd console=$consoledev,$baudrate rootdelay=10 $mtdparts;ext2load usb 0:1 $loadaddr boot/uImage;bootm $loadaddr platform=accton_as4610_54 platformargs=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) maxcpus=2 mem=1024M ramdiskaddr=0x3000000 serial#=A626P1DL174300014 serverip=192.168.0.10 stderr=serial stdin=serial stdout=serial ubifscfg=ubi part nand0,4 0x0; ubifsmount fs ver=U-Boot 2012.10-gcbef171 (Mar 09 2016 - 17:01:14) - ONIE master-201603091701-dirty Environment size: 3992/65532 bytes c) From U-Boot prompt, boot ONIE in rescue mode. LOADER-> run onie_rescue x86 Platform On x86 platform, it uses GRUB menu to install OS via ONIE. a) Reboot the system, and enter ONIE installation environment from the GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. b) From GRUB prompt, choose ONIE: Rescue to Install OS, boot ONIE in rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ |*ONIE: Install OS | | ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step3 Run onie-nos-install command as follows to manually install PicOS®. Install via TFTP ONIE# onie-nos-install tftp:///PicOS.bin Install via FTP When installing via FTP, you need to type username and password of the FTP server on which the image file is loaded. ONIE# onie-nos-install ftp://username:password@/PicOS.bin Install via HTTP ONIE# onie-nos-install http:///PicOS.bin Install from Local Directory a) In ONIE rescue mode, copy the image file to the current directory. ONIE# scp username@/PicOS.bin . b) Run onie-nos-install command to start installation. ONIE# onie-nos-install PicOS.bin For example, ONIE:/ # onie-nos-install onie-installer-PicOS-4.0.0-8b1219e112-x86.bin discover: Rescue mode detected. No discover stopped. ONIE: Executing installer: onie-installer-PicOS-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. [1] PicOS L2/L3 (default) [2] PicOS Open vSwitch/OpenFlow Enter your choice (1,2):1 PicOS L2/L3 is selected. ONIE installation will overwrite the configuration file of existing system. It is recommended to follow the upgrade procedure to upgrade the system. Press any key to stop the installation... 10 9 8 7 6 5 4 3 2 1 ... The installer runs automatically, before start installation, it will prompt to choose the option to make PicOS® to boot into L2/L3 or OVS mode. If not selected, then PicOS® boots into L2/L3. After finishing installation, the device reboots automatically, the system then comes up running the new network operating system. NOTEs： After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.3 Automatic Installation Process The automatic installation process uses the DHCP message exchange process to download and install software packages. Step1 Make sure the switch is connected to DHCP and HTTP servers and the PicOS® installation software package is downloaded to the HTTP server. a) DHCP server configuration: define the path of the installation package and then start DHCP server service: host pica8-3922 { hardware ethernet 70:72:cf:12:34:56; fixed-address 192.168.2.50; option default-url = "http://192.168.2.42/onie-installer-PicOS-4.0.0-8b1219e112-x86.bin"; b) Check if the .bin installation file is loaded onto the HTTP server: root@dev:/var/www# ls index.html onie-installer-powerpc.bin Step2 Install PicOS® via ONIE. The process is different on the following two types of platforms: ARM Platforms (AS4610 Series Switches) a) Verify that the switch is pre-loaded with ONIE, which will be used to load PicOS® on the switch. Power on the switch and interrupt the boot sequence by pressing any key when the following line is shown: Hit any key to stop autoboot: b) User will then reach the U-Boot command prompt indicated by ->. Run the printenv command at the U-Boot prompt. If the information displayed contains keywords like onie_initargs and onie_machine, the switch is pre-loaded with ONIE. LOADER-> printenv active=image1 autoload=no baudrate=115200 bootcmd=run check_boot_reason;run PicOS_bootcmd;run onie_bootcmd bootdelay=10 check_boot_reason=if test -n $onie_boot_reason; then setenv onie_bootargs boot_reason=$onie_boot_reason; run onie_bootcmd; fi; consoledev=ttyS0 dhcp_user-class=arm-accton_as4610_54-r0_uboot dhcp_vendor-class-identifier=arm-accton_as4610_54-r0 ethact=eth-0 ethaddr=00:18:23:30:E7:8F fdtaddr=0xc00000 fpboot=setenv bootargs console=${consoledev},${baudrate} maxcpus=2 mem=1024M root=/dev/ram ${mtdparts} ubi.mtd=4 ethaddr=$ethaddr quiet gatewayip=192.168.0.1 initrd_high=0x80000000 ipaddr=192.168.0.1 loadaddr=0x70000000 loads_echo=1 mfg=mfg mfgdiags=run fpboot ; nand read ${loadaddr} diags ; bootm ${loadaddr} mfgdiags_recovery=nand read ${loadaddr} diags2 ; nand erase.part diags ; nand write ${loadaddr} diags mtdids=nand0=nand_iproc.0 mtdparts=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) netmask=255.255.255.0 nos_bootcmd=true onie_args=run onie_initargs onie_platformargs onie_bootcmd=echo Loading Open Network Install Environment ...; echo Platform: $onie_platform ; echo Version : $onie_version ; nand read $loadaddr $onie_start 0x00c00000 && run onie_args && bootm ${loadaddr} onie_dropbear_dss_host_key=begin-base64@600@d#AAAAB3NzaC1kc3MAAACBAIN7HOS7UGtQ+RS9R5Rdim9s4iadCBQ9SEFnHJZ2#ulK15hN2p1BOJ1Mf4qb/oHFGIt8hvopq157ejsJcSPuR9scXE2aYQO7r1+Ie#1MKoR3HyEFKgPhNUr0qYNiIaWGw2UUXivLUlhjmaPhjItsttb6AezNB6N1ap#TmIeEUse0NQBAAAAFQDndwbRrSsw6G/W4wd0LJVAjuyq2QAAAIAe/zGPyPNn#UwwV+i+j3l1W9IFhjA/ovXfX7PQtjHB7OJcInSpOA2gXLXHU2kYDkn+ymJQI#8Tn558nLHq64n9hIJzwaQH4ajMipBNwqR0WtpPXEaow9InDzjs+qFY0HAcTv#7DMEY9BGiJAUUSSCSFZ9dEYHIWUdk6WIpDUMX4b2ewAAAIB6bC+fHzr+Qaet#GjzynI0tApbzyydXKuIiIH6EDh2QEaP0E+TSxJ+C4xfyBAp1j0kvj0IYWR2P#H9ur0RaxDaCmKwIQs1gTJh/137Yd+OsqEV3JnrZxlEKk2DmI5c2wrGtl4oUp#XJfc+viahpFeCsGzsqGHHADWNsjlpKt457QCuQAAABUAk5406cTH4nZO0qlj#6irYf4WA65E=#====# onie_dropbear_rsa_host_key=begin-base64@600@r#AAAAB3NzaC1yc2EAAAADAQABAAAAgQCMTqwNhnJpuSLYAdRA/jjm1lyBaJF1#ovs3Hp0G7XkYnY4+JNPTCYgnmfMQnM83PQncuy89AqehJ2V22LGjpRiqT56K#MRr+hQoSWEbAObRd1azZF45pbxiQaQiQxNzIKbHDDWlGlycXfv8w9ZCElbxj#Ja7bkwmwg9EsBlW0d5u0BQAAAIAFr0FOyfn0OR1FiatvF624Aorcbl9oV/pc#JRghGfl8SxPihizz4bC7xAPCUkwd9ZHi+M2E6AjhIV69xjFKS0vYuQplvl8G#9R8YsnmP5B45TyLE3dW5V2/g+LQERQdFpRaSsPqEPHSlXPq4XHLGLRFItEBt#ohp41Qm+eA6efsAMIQAAAEEA4Y90xi8N1SuwjRk53fqpP8dC+FPnU850XtC1#cKG0rBt6v9qD+BTxxfE6GEpYM+N0fLyECbgBjA2LQF6CG3G15QAAAEEAnz3v#3POrcsMK2LkSNjWzAhzUqOWyOaNlhcvgh+2Xfj2tHyOTpZ09gCm483v1rui9#63uYu4QQurpATrHMcLIjoQ==#====# onie_initargs=setenv bootargs quiet console=$consoledev,$baudrate onie_machine=accton_as4610_54 onie_machine_rev=0 onie_platform=arm-accton_as4610_54-r0 onie_platformargs=setenv bootargs $bootargs serial_num=${serial#} ${platformargs} eth_addr=$ethaddr $onie_bootargs $onie_debugargs onie_recovery=nand read ${loadaddr} onie2 ; nand erase.part onie ; nand write ${loadaddr} onie onie_rescue=setenv onie_boot_reason rescue && boot onie_start=onie onie_sz.b=0x00c00000 onie_uninstall=setenv onie_boot_reason uninstall && boot onie_update=setenv onie_boot_reason update && boot onie_vendor_id=27658 onie_version=master-201603091701-dirty PicOS_bootcmd=usb start;run platformargs;setenv bootargs root=/dev/sda1 rw noinitrd console=$consoledev,$baudrate rootdelay=10 $mtdparts;ext2load usb 0:1 $loadaddr boot/uImage;bootm $loadaddr platform=accton_as4610_54 platformargs=mtdparts=nand_iproc.0:1m(uboot),2m(shmoo),1m(nenv),12m(onie),3992m(open),12m(onie2),2m(vpd),6m(sys_eeprom),16m(diags),16m(diags2),32m(diags_fs) maxcpus=2 mem=1024M ramdiskaddr=0x3000000 serial#=A626P1DL174300014 serverip=192.168.0.10 stderr=serial stdin=serial stdout=serial ubifscfg=ubi part nand0,4 0x0; ubifsmount fs ver=U-Boot 2012.10-gcbef171 (Mar 09 2016 - 17:01:14) - ONIE master-201603091701-dirty Environment size: 3992/65532 bytes c) Input command run onie_bootcmd, which will automatically install PicOS® on the switch. LOADER -> run onie_bootcmd Loading Open Network Install Environment ... Platform: arm-accton_as4610_54-r0 Version : 2021.09.00.03 WARNING: adjusting available memory to 30000000 ## Booting kernel from Legacy Image at 02000000 ... Image Name: as4610_54x.1.6.1.3 Image Type: ARM Linux Multi-File Image (gzip compressed) Data Size: 3514311 Bytes = 3.4 MiB Load Address: 00000000 Entry Point: 00000000 Contents: Image 0: 2762367 Bytes = 2.6 MiB Image 1: 733576 Bytes = 716.4 KiB Image 2: 18351 Bytes = 17.9 KiB Verifying Checksum ... OK ## Loading init Ramdisk from multi component Legacy Image at 02000000 ... ## Flattened Device Tree from multi component Image at 02000000 Booting using the fdt at 0x02355858 Uncompressing Multi-File Image ... OK Loading Ramdisk to 2ff4c000, end 2ffff188 ... OK Loading Device Tree to 03ff8000, end 03fff7ae ... OK Cannot reserve gpages without hugetlb enabled setup_arch: bootmem as4610_54x_setup_arch() arch: exit pci 0000:00:00.0: ignoring class b20 (doesn't match header type 01) sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through sd 0:0:0:0: [sda] No Caching mode page present sd 0:0:0:0: [sda] Assuming drive cache: write through ONIE: Using DHCPv4 addr: eth0: 192.168.2.77 / 255.255.255.0 discover: installer mode detected. Running installer. Please press Enter to activate this console. ONIE: Using DHCPv4 addr: eth0: 192.168.2.77 / 255.255.255.0 ONIE: Starting ONIE Service Discovery ONIE: Executing installer: http://192.168.2.42/onie-installer-PicOS-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. PicOS installation .............................................. ./var/local/ ./var/run Setup PicOS environment ... .............................................. XorPlus login: admin Password: You are required to change your password immediately (root enforced) Changing password for admin. (current) UNIX password: Enter new UNIX password: Retype new UNIX password: admin@XorPlus$ x86 Platform On x86 platform, it uses GRUB menu to choose install OS via ONIE. a) Reboot the system, and enter ONIE installation environment from the GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. b) From GRUB prompt, choose ONIE: Rescue to Install OS, boot ONIE in rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ |*ONIE: Install OS | | ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ The installer runs and will reboot the system after installation is complete. NOTEs： After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.4 Nos-boot-mode Installation NOTE： The installation method described in this section applies to installation through both the console port and the management port. The installation method described in this section only applies to platforms that have pre-installed ONIE. The installation methods described in PicOS® Configuration Guide V4.4.5 must be performed through the console port. If you want to install the system through a non-console port, you can use the nos-boot-mode command to perform the installation which is described in this section. Usage of nos-boot-mode command: admin@Xorplus$sudo nos-boot-mode USAGE install or uninstall NOS(es) SYNOPSIS nos-boot-mode [install|uninstall] DESCRIPTION install- Install NOS uninstall- Remove all NOS(es) including PicOS® When nos-boot-mode install command is executed, PicOS® will switch to ONIE install mode, and the user should go on to complete the subsequent installation. The steps for the manual installation process and the automatic installation process using the nos-boot-mode install command are described below. When nos-boot-mode unsinstall command is executed, the system will remove all NOS(es) including PicOS® from the device. Therefore, it is suggested to use the nos-boot-mode unsinstall command with caution. 3.3.5 Manual Installation Process Step1 Make sure that the installation package of .bin file has been loaded to the server (server could be HTTP, TFTP, or an FTP server or the switch local directory depending on the actual installation environment). Step2 Execute the nos-boot-mode install command to enter ONIE installation environment. admin@Xorplus:~$ sudo nos-boot-mode install Step3 Type “yes” when the below prompt is shown, which will take the system will to ONIE install mode. Type 'yes' to install NOS! Type 'no' to exit [no]/yes: Step4 Run onie-nos-install command as follows to manually install PicOS®. Install via TFTP ONIE# onie-nos-install tftp:///PicOS.bin Install via FTP When installing via FTP, you need to type in the username and password for the FTP server on which the image file is loaded. ONIE# onie-nos-install ftp://username:password@/PicOS.bin Install via HTTP ONIE# onie-nos-install http:///PicOS.bin Install from Local Directory a) In ONIE rescue mode, copy the image file to the current directory. ONIE# scp username@/PicOS.bin . b) Run onie-nos-install command to start installation. ONIE# onie-nos-install PicOS.bin For example, ONIE:/ # onie-nos-install onie-installer-PicOS-4.0.0-8b1219e112-x86.bin discover: Rescue mode detected. No discover stopped. ONIE: Executing installer: onie-installer-PicOS-4.0.0-8b1219e112-x86.bin Verifying image checksum ... OK. Preparing image archive ... OK. [1] PicOS L2/L3 (default) [2] PicOS Open vSwitch/OpenFlow Enter your choice (1,2):1 PicOS L2/L3 is selected. ONIE installation will overwrite the configuration file of existing system. It is recommended to follow the upgrade procedure to upgrade the system. Press any key to stop the installation... 10 9 8 7 6 5 4 3 2 1 ... The installer runs automatically, before start installation, it will prompt to choose the option to make PicOS® to boot into L2/L3 or OVS mode. If not selected, then PicOS® boots into L2/L3. After finishing installation, the device reboots automatically, the system then comes up running the new network operating system. NOTEs： After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.6 Automated Installation Process The automatic installation process uses the DHCP message exchange process to download and install software packages. Step1 Make sure the switch is connected to DHCP and HTTP servers, and the PicOS® installation software package is downloaded to the HTTP server. a) DHCP server configuration: define the path of the installation package and then start DHCP server service: host pica8-3922 { hardware ethernet 70:72:cf:12:34:56; fixed-address 192.168.2.50; option default-url = "http://192.168.2.42/onie-installer-PicOS-4.0.0-8b1219e112-x86.bin"; } b) Check if the .bin installation file is loaded onto the HTTP server: root@dev:/var/www# ls index.html onie-installer-powerpc.bin Step2 Execute the nos-boot-mode install command to enter ONIE installation environment. admin@Xorplus$ sudo nos-boot-mode install Step3 Type “yes” when the below prompt is shown, and the system will automatically complete the installation. Type 'yes' to install NOS! Type 'no' to exit [no]/yes: The installer runs automatically and will reboot the system after installation is completed. NOTEs： After the system restarts, you need to enter the username and password, the initial login username is admin and password is pica8. After the username and password are entered, user will be asked to choose a new password for admin. This is the only post installation step after which the PicOS® operating system can be used. 3.3.7 Verifying Version after Installation After system reboots automatically, the system will come up running the new network operating system. admin@Xorplus> show version Copyright (C) 2009-2022 Pica8, Inc. =================================== Hardware Model : as7312_54x Linux System Version/Revision : 4.0.0/8b1219e112 Linux System Released Date : 5/18/2021 L2/L3 Version/Revision : 4.0.0/8b1219e112 L2/L3 Released Date : 5/18/2021 OVS/OF Version/Revision : 4.0.0/8b1219e112 OVS/OF Released Date : 5/18/2021 3.3.8 Appendix: Troubleshooting Installation/Upgrade Failure on AS7326-56X Installation or upgrade failure (for example, the switches cannot boot up after install) may occur on the old AS7326-56X hardware models (revision is R01F and before). When booting PicOS® on AS7326-56X and detect hardware rev R01F, the system will log a warning message to prompt the hardware revision R01F is a pre-production hardware reversion: "This hardware revision R01F is a pre-production hardware rev, PicOS® has applied a work around to work with PicOS®. Support will be provided on a best effort basis". To work around the issue, first we need to check the “Label Revision”. If it is an old hardware model (revision is R01F or before), then, we can perform the following provided solution after installation/upgrade to solve the problem. 3.3.9 Check Label Revision Under ONIE prompt, run “onie_syseeprom” to get the “Label Revision”. ONIE:/ # onie-syseeprom TlvInfo Header: Id String: TlvInfo Version: 1 Total Length: 166 TLV Name Code Len Value -------------------- ---- --- ----- Manufacture Date 0x25 19 04/27/2019 02:10:06 Label Revision 0x27 4 R01B Platform Name 0x28 27 x86_64-accton_as7326_56x-r0 ONIE Version 0x29 13 2018.05.00.05 Manufacturer 0x2B 6 Accton Diag Version 0x2E 7 0.0.1.0 Base MAC Address 0x24 6 80:A2:35:81:D5:F0 Serial Number 0x23 14 732656X1916012 Country Code 0x2C 2 TW Part Number 0x22 13 FP4ZZ7656005A Product Name 0x21 15 7326-56X-O-AC-F MAC Addresses 0x2A 2 256 Vendor Name 0x2D 6 Accton CRC-32 0xFE 4 0xC3D3F2DE Checksum is valid. ONIE:/ # 3.3.10 Solution You can follow the steps below after installation/upgrade, to fix the problem of installation and upgrade failure on the old AS7326-56X hardware model (revision R01F or before). Step1 Power cycle the switch. Step2 From the GRUB menu, choose “ONIE” to enter ONIE GRUB menu: +----------------------------------------------------------------------------+ | PicOS | |*ONIE | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. Step3 From ONIE GRUB menu, choose “ONIE: Rescue” to launch ONIE in Rescue mode. GNU GRUB version 2.02~beta2+e4a1fe391 +----------------------------------------------------------------------------+ | ONIE: Install OS | |*ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | DIAG: Accton Diagnostic | | | | | | | | | | | | | +----------------------------------------------------------------------------+ Step4 Press Enter to display the ONIE prompt. Step5 Mount PicOS® partition with label is “PicOS”. ONIE:/ # blkid /dev/sda7: LABEL="User-Data" UUID="be63cef8-4560-4c48-ab5a-8f7ced5a950b" /dev/sda6: LABEL="PicOS2" UUID="f589e53f-4cd1-44ba-8384-f339f4e2b2ac" /dev/sda5: LABEL="PicOS" UUID="8ca5f7ed-5a15-4a2a-944c-4d8872647bf5" /dev/sda4: LABEL="PicOS-GRUB" UUID="782a1372-4b66-4783-b920-dab1df8ec6e4" /dev/sda3: LABEL="ACCTON-DIAG" UUID="3e4117d0-1926-472a-9d9e-08883df83d40" /dev/sda2: LABEL="ONIE-BOOT" UUID="1a90abd8-f065-4f7a-90a0-af122b8805fa" ONIE:/ # ONIE:/ # mount /dev/sda5 /mnt Step6 Execute the following command to modify the I2C access address. ONIE:/ # sed -I "s/0x57/0x56/" /mnt/etc/rc_hw.sh ONIE:/ # sync Step7 Unmount the PicOS® partition. ONIE:/ # unmount /dev/sda5 Step8 Reboot the switch. ONIE:/ # reboot 4. Zero Touch Configuration 4.1 Overview of ZTP 4.1.1 ZTP Fundamentals NOTEs: Currently, the IPv6 ZTP is not supported. You are suggested to implement ZTP for unconfigured devices, or the error prompts may appear. Before using ZTP, you should configure the switch with two partitions of active partition and backup partition. The active partition can be used for upgrade and the backup partition can be used to save the current version, which can make sure the original version can be recovered once the upgrade is failed. ZTP (Zero Touch Provisioning) is a technology for automated upgrade and configuration of unconfigured network devices. You can automatically upgrade and configure devices with the provision script of ZTP before the PicOS® is up, obtaining the required configuration information without manual intervention, including IP addresses, routing, security policies, etc. When large numbers of switches need to be upgraded to new versions or issued with configuration files, you can use ZTP to reduce labor costs and improve deployment efficiency. It can implement fast, accurate and reliable device deployment. ZTP Process Figure 2. ZTP Workflow of White-Box Switches image.png After a switch is powered on, the switch sends DHCP Discover to get an IP address, and the DHCP server provides the switch with an IP address. The switch sends a request to the DHCP server, and the DHCP server sends a response including the HTTP server address. The switch sends an HTTP request to the HTTP server to get the shell script, and the HTTP server sends an HTTP response with the shell script. The switch executes the shell script to complete the ZTP deployment, including downloading a PicOS image, installing PicOS and its license, registering with the AmpCon-Campus server, updating switch configurations, and rebooting the switch. 4.1.2 DHCP Configuration of ZTP Option Parameters The DHCP server obtains network configuration information required by ZTP through option parameters. The request packets sent by DHCP client carry option 55, and the reply packets responded by DHCP server carry option 7, 66 and 67. The function of option parameters is shown as below. Table 1. Option description Option Description Carrier 55 Specifies the network configuration parameters need to be obtained from the server. It includes the boot file name, TFTP server address, Syslog server address and gateway. Client 7 Specifies the IP address of Syslog server. Server 66 Specifies the IP address of TFTP(HTTP) server allocated for the client. Server 67 Specifies the boot file name allocated for the client. Server DHCP Server Configuration When the switch is served as the DHCP server, you can configure the DHCP server through PicOS® commands (suggested) or Linux commands. PicOS® command Here is an example of configuring the DHCP server through PicOS® commands, which specifies the IP address of Syslog server as 192.168.10.1, the IP address of TFTP server as 192.168.10.1, and the working path of provision script on the TFTP server as ./provision.sh. For detailed information of related commands, see Configuring DHCP server. admin@PicOS# set protocols dhcp server pool pool1 log-server 192.168.10.1 admin@PicOS# set protocols dhcp server pool pool1 tftp-server 192.168.10.2 admin@PicOS# set protocols dhcp server pool pool1 bootfile-name file-path ./provision.sh admin@PicOS# commit Linux command Here is an example of configuring the DHCP server through Linux commands. host pica8-pxxxx {*************************//////////////////////////////////////////////////////////////////////////////////////// hardware ethernet 08:9e:01:62:d5:62; option bootfile-name "pica8/provision.script"; option tftp-server-name "xx.xx.xx.xx"; option log-servers xx.xx.xx.xx; fixed-address xx.xx.xx.xx; } The elements of the segment above are described below: host: the host name of the PicOS® switch. hardware ethernet: the MAC address of the PicOS® switch. bootfile-name: the file name of the shell scripts and its path relative to the TFTP root directory. tftp-server-name: the IP address of the TFTP server. log-servers: the IP address of the log server that will receive logs from ZTP. fixed-address: optional. Configure a fixed IP address as management IP of the switch. PicOS® switches send a vendor-class-identifier to the DHCP server in the format of pica8-pxxxx where xxxx is the switch model. It is possible for the customer to use the vendor-class-identifier to identify PicOS® switches. 4.1.3 Provision Script The provision script describes what is required and how to execute when you upgrade and configure PicOS® through ZTP. You can customize the provision script through running the generate_script file. The generate_script is provided in the format of Shell and Python, and you can click generate_script.py or generate_script.sh to download. The detailed contents are shown as below. import os def prompt_choice(): print("""Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file "picos_start.conf" from file server 9. Get PicOS configuration file "pica_startup.boot" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file "ovs-vswitchd.conf.db" from file server""") return input("Enter your choice: ") def generate_script(): config_commands = [] while True: choice = prompt_choice() if choice == 'done': break if choice == '1': ip = input("Enter syslog server IP address: ") config_commands.append(f"add_remote_syslog_server {ip}") elif choice == '2': ip = input("Enter the syslog server IP address to remove: ") config_commands.append(f"remove_remote_syslog_server {ip}") elif choice == '3': remote_file_name = input("Enter file name in TFTP server: ") local_file_name = input("Enter file name with path in local: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"tftp_get_file {remote_file_name} {local_file_name} {ip}") elif choice == '4': local_file_name = input("Enter file name with path in local: ") file_name = input("Enter file name with HTTP server URL:: ") config_commands.append(f"http_get_file {local_file_name} {file_name}") elif choice == '5': config_commands.append("ztp_enable") elif choice == '6': config_commands.append("ztp_disable") elif choice == '7': file_name = input("Enter tftp file name or http url: ") revision = input("Enter the software revision of the image: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f'if [ "$revision" != "{revision}" ]; then get_picos_image {file_name} {ip}; fi') elif choice == '8': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_picos_startup_file {file_name} {ip}") elif choice == '9': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_l2l3_config_file {file_name} {ip}") elif choice == '10': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"l2l3_load_config {file_name} {ip}") elif choice == '11': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_ovs_config_file {file_name} {ip}") else: print("Invalid choice, please try again.") print("\n") # Generate Shell script script_name = "provision.sh" with open(script_name, 'w') as script_file: script_file.write("#!/bin/bash\n") script_file.write("source /usr/bin/ztp-functions.sh\n") script_file.write("\n") for command in config_commands: script_file.write(f"{command}\n") print(f"\nGenerated Shell script has been saved as {script_name}") # Run script generation program generate_script() #!/bin/bash function prompt_choice() { echo "Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file \"picos_start.conf\" from file server 9. Get PicOS configuration file \"pica_startup.boot\" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file \"ovs-vswitchd.conf.db\" from file server" read -rp "Enter your choice: " choice } function generate_script() { local config_commands=() local revision="" while true; do prompt_choice case $choice in 1) read -rp "Enter syslog server IP address: " ip config_commands+=("add_remote_syslog_server $ip") ;; 2) read -rp "Enter the syslog server IP address to remove: " ip config_commands+=("remove_remote_syslog_server $ip") ;; 3) read -rp "Enter file name in TFTP server: " remote_file_name read -rp "Enter file name with path in local: " local_file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("tftp_get_file $remote_file_name $local_file_name $ip") ;; 4) read -rp "Enter file name with path in local: " local_file_name read -rp "Enter file name with HTTP server URL: " file_name config_commands+=("http_get_file $local_file_name $file_name") ;; 5) config_commands+=("ztp_enable") ;; 6) config_commands+=("ztp_disable") ;; 7) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter the software revision of the image:" revision read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("if [ \"\$revision\" != \"$revision\" ]; then get_picos_image $file_name $ip; fi") ;; 8) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_picos_startup_file $file_name $ip") ;; 9) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_l2l3_config_file $file_name $ip") ;; 10) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("l2l3_load_config $file_name $ip") ;; 11) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_ovs_config_file $file_name $ip") ;; done) break ;; *) echo "Invalid choice, please try again." ;; esac printf "\n" done # Generate Shell script local script_name="provision.sh" { echo "#!/bin/bash" echo "source /usr/bin/ztp-functions.sh" echo "" for command in "${config_commands[@]}"; do echo "$command" done } > "$script_name" printf "\n" echo "Generated Shell script has been saved as $script_name" } # Run script generation program generate_script Generate Script in the Shell Format Shell Script Content #!/bin/bash function prompt_choice() { echo "Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file \"PicOS_start.conf\" from file server 9. Get PicOS configuration file \"pica_startup.boot\" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file \"ovs-vswitchd.conf.db\" from file server" read -rp "Enter your choice: " choice } function generate_script() { local config_commands=() local revision="" while true; do prompt_choice case $choice in 1) read -rp "Enter syslog server IP address: " ip config_commands+=("add_remote_syslog_server $ip") ;; 2) read -rp "Enter the syslog server IP address to remove: " ip config_commands+=("remove_remote_syslog_server $ip") ;; 3) read -rp "Enter file name in TFTP server: " remote_file_name read -rp "Enter file name with path in local: " local_file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("tftp_get_file $remote_file_name $local_file_name $ip") ;; 4) read -rp "Enter file name with path in local: " local_file_name read -rp "Enter file name with HTTP server URL: " file_name config_commands+=("http_get_file $local_file_name $file_name") ;; 5) config_commands+=("ztp_enable") ;; 6) config_commands+=("ztp_disable") ;; 7) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter the software revision of the image:" revision read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("if [ \"\$revision\" != \"$revision\" ]; then get_PicOS_image $file_name $ip; fi") ;; 8) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_PicOS_startup_file $file_name $ip") ;; 9) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_l2l3_config_file $file_name $ip") ;; 10) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("l2l3_load_config $file_name $ip") ;; 11) read -rp "Enter tftp file name or http url: " file_name read -rp "Enter TFTP server IP address (optional): " ip config_commands+=("get_ovs_config_file $file_name $ip") ;; done) break ;; *) echo "Invalid choice, please try again." ;; esac printf "\n" done # Generate Shell script local script_name="provision.sh" { echo "#!/bin/bash" echo "source /usr/bin/ztp-functions.sh" echo "" for command in "${config_commands[@]}"; do echo "$command" done } > "$script_name" printf "\n" echo "Generated Shell script has been saved as $script_name" } # Run script generation program generate_script Option Description of Shell Script NOTEs: Make sure that names of all files configured in the script is the same with files placed in the file server, or the switch cannot obtain them successfully. The IP address of TFTP server from DHCP server will be valid if it is not configured in the script. Option Description Example Add remote Syslog server Specify the IPv4 address of the Syslog server. Open 1 image.png The IPv4 address of Syslog server is configured as 10.10.30.1. Remove remote Syslog server Delete the IPv4 address of the Syslog server.10.10.30.1 Open 2 image.png The IPv4 address 10.10.30.1 of Syslog server is deleted. Get file from TFTP server Download a file with specified name from the TFTP server with a specified IP address and path, and save it in local with another specified name. Note： The path /cftmp is valid if you don’t specify the local path here. Open 3 image.png The file remote-file.txt in the TFTP server 10.10.30.2 is downloaded and is saved in local as local-file.txt. Get file from HTTP server Download a file with specified name from the HTTP server with a specified URL and save it in local with another specified name. Note： The root path is valid if you don’t specify the local path here. Open 4 image.png The file remote-file.txt in the HTTP server 10.10.30.2 is downloaded and is saved in local as local-file.txt. Enable ZTP auto-run when switch boot up Enable ZTP function after completing this ZTP process. Note： You are suggested to configure this option at last, or it may be invalid. Open 5 image.png Disable ZTP auto-run when switch boot up Disable ZTP function after completing this ZTP process. Note： You are suggested to configure this option at last, or it may be invalid. Open 6 image.png Get PicOS® image from file server and upgrade Download the PicOS® image from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Then, upgrade the switch to the new version. Notes： You should specify the version number to make sure the switch only upgrades one time. You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 7 image.png The image onie-installer-PicOS-9.8.7-main-43d73dd983-x86v.bin in the working path of the TFTP server 10.10.30.2 is downloaded, and the switch is upgraded to this new version with the version number 43d73dd983. Get PicOS® startup file "PicOS_start.conf" from file server Download the PicOS® startup file PicOS_start.conf from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Note： You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 8 image.png The file PicOS_start.conf from the HTTP server 10.10.30.3 is downloaded. Get PicOS® configuration file "pica_startup.boot" from file server Download the L2/l3 configuration file pica_startup.boot from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Note： You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 9 image.png The file pica_startup.boot from the HTTP server 10.10.30.3 is downloaded. Get file with PicOS® L2/L3 CLI commands list and execute these commands Download the L2/l3 command file from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Notes： You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. You can modify the file ztpl2l3_cfg.cli as needed. For example, if you need to specify VLAN 10 and VLAN 20, you can configure as follows:set vlans vlan-id 20 set vlans vlan-id 30 Open 10 image.png he file ztpl2l3_cfg.cli in the working directory of the TFTP server 10.10.30.2 is downloaded. Get PicOS® OVS configuration file "ovs-vswitchd.conf.db" from file server Download the OVS configuration file ovs-vswitchd.conf.db from the TFTP server with the specified IP address, path and name, or from the HTTP server with URL. Notes： You don’t need to configure the TFTP server IP address when downloading files from the HTTP server. Open 11 image.png The file ovs-vswitchd.conf.db from the HTTP server 10.10.30.3 is downloaded. Generate Script in the Python Format Python Script Content import os def prompt_choice(): print("""Please choose an option to configure (enter the number to select, enter 'done' to generate the script): 1. Add remote Syslog server 2. Remove remote Syslog server 3. Get file from TFTP server 4. Get file from HTTP server 5. Enable ZTP auto-run when switch boot up 6. Disable ZTP auto-run when switch boot up 7. Get PicOS image from file server and upgrade 8. Get PicOS startup file "PicOS_start.conf" from file server 9. Get PicOS configuration file "pica_startup.boot" from file server 10. Get file with PicOS L2/L3 CLI commands list and execute these commands 11. Get PicOS OVS configuration file "ovs-vswitchd.conf.db" from file server""") return input("Enter your choice: ") def generate_script(): config_commands = [] while True: choice = prompt_choice() if choice == 'done': break if choice == '1': ip = input("Enter syslog server IP address: ") config_commands.append(f"add_remote_syslog_server {ip}") elif choice == '2': ip = input("Enter the syslog server IP address to remove: ") config_commands.append(f"remove_remote_syslog_server {ip}") elif choice == '3': remote_file_name = input("Enter file name in TFTP server: ") local_file_name = input("Enter file name with path in local: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"tftp_get_file {remote_file_name} {local_file_name} {ip}") elif choice == '4': local_file_name = input("Enter file name with path in local: ") file_name = input("Enter file name with HTTP server URL:: ") config_commands.append(f"http_get_file {local_file_name} {file_name}") elif choice == '5': config_commands.append("ztp_enable") elif choice == '6': config_commands.append("ztp_disable") elif choice == '7': file_name = input("Enter tftp file name or http url: ") revision = input("Enter the software revision of the image: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f'if [ "$revision" != "{revision}" ]; then get_PicOS_image {file_name} {ip}; fi') elif choice == '8': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_PicOS_startup_file {file_name} {ip}") elif choice == '9': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_l2l3_config_file {file_name} {ip}") elif choice == '10': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"l2l3_load_config {file_name} {ip}") elif choice == '11': file_name = input("Enter tftp file name or http url: ") ip = input("Enter TFTP server IP address (optional): ") config_commands.append(f"get_ovs_config_file {file_name} {ip}") else: print("Invalid choice, please try again.") print("\n") # Generate Shell script script_name = "provision.sh" with open(script_name, 'w') as script_file: script_file.write("#!/bin/bash\n") script_file.write("source /usr/bin/ztp-functions.sh\n") script_file.write("\n") for command in config_commands: script_file.write(f"{command}\n") print(f"\nGenerated Shell script has been saved as {script_name}") # Run script generation program generate_script() Option Description of Python Script The description of the Python script is the same with the Shell script. For detailed information, see Option Description of Shell Script. Configuration Example for Generating Provision.sh Take the Shell script as an example to introduce how to use it: a) Upload the Shell script generate_script.sh to the Linux environment. b) Use the command chmod +x generate_script.sh to enable the executable permission. c) Enter command ./generate_script.sh to run the script, and options are shown as below. image.png d) Select options of 1, 3 and 6 in sequence as needed, and enter done to generate the script. generate-20240918-062650.png e) The file named provision.sh is generated in the current directory, which includes all selected options. The content of provision script is shown as below. image-20241014-100713.png 4.2 Enabling or Disabling ZTP NOTE: By default, ZTP is enabled on PicOS® switches. If ZTP is left enabled, the PicOS® switch will try to download a new script every time the switch is booted. This is not a desirable situation, so ZTP should be disabled when it is no longer needed. Four methods are supported to disable or enable ZTP, as detailed below: Enable or disable ZTP through running the provision script. To generate the corresponding provision script, select options of 5 and 6 when running the generate_script, as shown below. image-20241014-101247.png Note： you are suggested to select this option at last, or the option may be invalid. Enable or disable ZTP through the command set system ztp enable in PicOS® configuration mode. The following example disables ZTP using the command set system ztp enable : dmin@XorPlus# set system ztp enable false admin@XorPlus# commit Enable or disable ZTP via the ztp-config script included with PicOS®. The following example disables ZTP using the ztp-config script run from the Linux shell: admin@LEAF-A$sudo ztp-config Please configure the default PicOS ZTP options: (Press other key if no change) [1] PicOS ZTP enabled * default [2] PicOS ZTP disabled Enter your choice (1,2):2 PicOS ZTP is disabled. admin@LEAF-A$ Manually edit the PicOS® configuration file PicOS_start.conf and change the value of the ztp_disable variable. The following snippet from the PicOS® configuration file shows that ZTP has been disabled (ztp_disable=true). admin@LEAF-A$more /etc/PicOS/PicOS_start.conf | grep ztp ztp_disable=true To enable ZTP, you need to set ztp_disable to false. 4.3 Preparation before ZTP Deployment Before powering on the switch to start ZTP deployment, you should make the following preparations: Items Preparations DHCP client It is network reachable, which can communicate with the DHCP server and file server. File server It is configured successfully and is network reachable. DHCP server It is network reachable. If the switch is served as the server, you should configure the IP address of file server, the path and name of provision script and the IP address of Syslog server (optional). Required files Obtain files (image file, L2/L3 configuration file, OVS configuration file, L2/L3 command file or startup file) from FS stuffs, and save them in the working directory of file servers.Note: the provision.sh is generated through running the generate_script file. For details, see Configuration Example for Generating Provision.sh. 4.4 Example for Implementing ZTP Deployment through DHCP 4.4.1 Overview Figure 3. Typical topology of ZTP implementation image.png In Figure 3, switches are configured respectively as the DHCP client and DHCP server. The client uses information configured on a DHCP server to locate the software image and configuration files on the TFTP server, and then download specified files to upgrade system and load configurations. The data plan is shown as below: Device Interface VLAN and IP Address DHCP server te-1/1/1te-1/1/2te-1/1/3 VLAN: 10IP address: 192.168.10.2/24 TFTP server eth0 IP address: 192.168.10.1/24 The image information of Client1 and Client2, and the files to be loaded are shown as below: Device Current version Files to be loaded Client1 PicOS®-9.8.7 Image: PicOS®-9.8.7-main-43d73dd983-x86v.binCommand file: ztpl2l3_cfg.cli Client2 PicOS®-4.4.0 4.4.2 Procedure DHCP Server Step 1 Configure VLAN and interface. admin@PicOS# set vlans vlan-id 10 admin@ PicOS # set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 10 admin@ PicOS # set interface gigabit-ethernet te-1/1/2 family ethernet-switching native-vlan-id 10 admin@ PicOS # set interface gigabit-ethernet te-1/1/3 family ethernet-switching native-vlan-id 10 admin@ PicOS # set vlans vlan-id 10 l3-interface vlan10 admin@ PicOS # set l3-interface vlan-interface vlan10 address 192.168.10.2 prefix-length 24 admin@ PicOS # commit Step 2 Configure DHCP pool. admin@PicOS# set protocols dhcp server pool pool1 network address 192.168.10.2 prefix-length 24 admin@PicOS# set protocols dhcp server pool pool1 lease-time 1440 admin@ PicOS # set protocols dhcp server pool pool1 range range1 low 192.168.10.3 admin@ PicOS # set protocols dhcp server pool pool1 range range1 high 192.168.10.20 admin@ PicOS # set protocols dhcp server pool pool1 tftp-server 192.168.10.1 admin@ PicOS # set protocols dhcp server pool pool1 bootfile-name file-path provision.sh admin@ PicOS # set ip routing enable true admin@ PicOS # commit TFTP Server Step 1 Set the basic configuration of TFTP server. Make sure that the TFTP server is network reachable, which can communicate with the DHCP server and DHCP client. Step 2 Configure files needed to be saved in the TFTP server. For the provision file provision.sh, you need to run generate_script with options 7 and 10 selected to generate it. For details, see Option Description of Shell Script. For the L2/L3 command file ztpl2l3_cfg.cli, you can modify it as needed, such as configuring VLAN20 and VLAN30. Step 3 Save the image file, provision script and L2/L3 command file to the working path of TFTP server. Note： The working path of TFTP server here is /home/admin/tftp, and you should modify it based on the actual circumstances. Step 4 Generate the MD5 file. Enter the directory which saves image file, and run the following Linux command to generate MD5 file. The generated MD5 file will be saved in this directory. Note： The MD5 file name must be the format of image-file-name.md5, otherwise the DHCP server cannot recognize it. admin@TFTP:~$ cd /home/admin/tftp admin@TFTP:~/tftp$ md5sum onie-installer-PicOS-9.8.7-main-43d73dd983x86v.bin > onie-installer-PicOS-9.8.7-main-43d73dd983-x86v.bin.md5 Step 5 View the files saved in the directory of /home/admin/tftp. admin@PicOS:~$ ls /home/admin/tftp ls-20240923-075709.png DHCP Client After completing the above configuration, start client1 and client2. 4.4.3 Verifying the Configuration View the upgrade process of client1 and client2. Client1: for the version is already V9.8.7, it directly loads L2/L3 command configurations. image-20241015-082949.png Client2: for the version is V4.4.0, it upgrades to V9.8.7 and then loads L2/L3 command configurations. image-20241015-083941.png View the L2/L3 command configurations of client1 and client2. image.png 4.5 Appendix: ZTP API The ZTP makes use of the API (application programming interface) defined in the ztp-functions.sh file located in the /usr/bin directory. The API description is shown as below, and you can refer to it when configuring the ZTP function, such as running the generate_script to generate the provision script. NOTE: For APIs with name changed, please use the correct name in the corresponding version, or the error prompt will appear. API Description Parameter Return Value Supported Version ztp_disable Disable ZTP auto-run when switch boots up None 0 = success,1 = failed All ztp_enable Enable ZTP auto-run when switch boots up None 0 = success,1 = failed All add_remote_syslog_server Add the remote Syslog server Parameter #1: the IP address of remote Syslog server(eg: 192.168.1.200) 0 = success,1 = failed All remove_remote_syslog_server Remove the remote Syslog server Parameter #1: the IP address of remote Syslog server(eg: 192.168.1.200) 0 = success,1 = failed All tftp_get_file Get file from TFTP server Parameter #1: file name in TFTP serverParameter #2: file name with path in localParameter #3: IP address of TFTP server 0 = success,1 = failed All http_get_file Get file from HTTP server Parameter #1: file name with path in localParameter #2: file name with HTTP server URL 0 = success,1 = failed V4.5.0E or later versions get_l2l3_config_file Get PicOS® configuration file "pica_startup.boot" from file server Parameter #1:For TFTP download: it is the configuration file name with path on TFTP severFor HTTP download: it is the configuration file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_get_l2l3_config_file. get_ovs_config_file Get PicOS® OVS configuration file "ovs-vswitchd.conf.db" from file server Parameter #1:For TFTP download: it is the configuration file name with path on TFTP severFor HTTP download: it is the configuration file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_ get_ovs_config_file. get_PicOS_startup_file Get PicOS startup file "PicOS_start.conf" from file server Parameter #1:For TFTP download: it is the startup file name with path on TFTP severFor HTTP download: it is the startup file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_ get_PicOS_startup_file. get_PicOS_image Get PicOS image from file server and upgrade Parameter #1:For TFTP download: it is the image file name with path on TFTP severFor HTTP download: it is the image file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed V4.5.0E or later versionsNote: in the previous versions, the name is tftp_ get_PicOS_image. l2l3_load_config Get a file with PicOS® L2/L3 commands list, and execute these commands. Parameter #1:For TFTP download: it is the commands file name with path on TFTP severFor HTTP download: it is the commands file name with HTTP server URL. Parameter #2 does not need to be setParameter #2: TFTP server IP address, if not set, the TFTP server IP address from DHCP server will be used 0 = success,1 = failed All 5. Configuration Statements and Operational Commands License Installation 5.1 Getting Started with PicOS® License 5.1.1 PicOS® License The PicOS® License (software license) is a software usage authorization that allows users to utilize PicOS®’s Debian Linux operating system, L2/L3 switching and routing functions, as well as OpenFlow features on the corresponding hardware device. The license is specific to the switch it is bound to and is not valid on any other switch. Therefore, it cannot be transferred across devices without authorization. However, once authorized, it remains valid permanently. 5.2 PicOS® License Operation Process 5.2.1 Activating the PicOS® License Follow the steps below to generate and install the PicOS® license. a) Get the switch’s speed type and hardware ID by issuing the following command at switch’s Linux prompt: admin@XorPlus$ license –s b) Use the assigned credential (SSO) by PicOS® License team (license@pica8.com) to login at “License Portal” website. image.png c) In the “License Portal” page, click “New Switch License” as shown below: image.png d) In “New Switch License” page, select Speed type and Feature type based on your purchased order. Then, enter the switch’s hardware ID. License name is optional. image.png e) After clicking the “Add License” button, the license will be added to the database. f) Click the “+” sign of the newly added license to display the “Download” button. image.png g) Click the “Download” button to download the license to the host. The license file name is “hardware_ID.lic”. For example: xxxx-xxxx-xxxx-xxxx.lic image.png h) Copy the downloaded license file (xxxx.lic) to the switch’s folder /home/admin/ by using scp or tftp etc. admin@XorPlus$ sudo scp xxxx.lic /home/admin/ i) Install the license by issuing the following command: admin@XorPlus$ sudo license -i /home/admin/xxxx.lic j) Restart the PicOS® service to activate the license: admin@XorPlus$ sudo systemctl restart PicOS k) After the switch rebooted, use the following command to verify the installed license. admin@XorPlus$ license –sor admin@XorPlus> license show 5.2.2 Installing the PicOS® License Installing License under Linux prompt Installing the License Notes： If no license is installed, only the first four ports and the first two uplink ports (if exist) of the switch are available after the upgrade. To upgrade the switch without production impact, user should install a license before the upgrade. It is possible to install a license in PicOS® 2.3 (starting with PicOS® 2.3.3). To upgrade a switch from a PicOS® version earlier than 2.3, it may be necessary to upgrade to PicOS® 2.3 first to install a license on the system. To avoid this step, user can run a script that can install the license on PicOS® releases earlier than 2.3. Please refer to PicOS® Configuration Guide V4.4.5 or look at the section below for older PicOS® releases. The license file cannot name pica.lic, or license will install failed. Customers can download the generated license file and copy it to the /etc/PicOS/ directory. The following example shows the contents of a switch-based license file: { "Type": "1GE", "Feature":["Open Flow", "Base Product", "Layer3"], "Hardware ID":"8A68-A7AC-D702-70D2", "Expire Date":"2020-10-28" } In the license file shown above, the type is 1GE while the feature is Base Product, Layer3, and Open Flow. Hardware ID is unique to every switch. Note： The switch cannot upgrade to a PicOS® version whose build date is later than the license expiration date. The following example shows the contents of a site-based license file: { "Type": "1GE", "Feature":["Open Flow", "Base Product", "Layer3"], "Mode":"site", "Site Name":"CompanyA", "Expire Date":"2020-10-28" } The license file can be installed with the command-line utility called license with the -i option. The following example installs a license file named js.lic: admin@PicOS:~$ cd /etc/PicOS admin@PicOS:/etc/PicOS$ ls -l total 32 drwxrwxr-x 2 root xorp 4096 Feb 4 22:00 ./ drwxrwxr-x 60 root xorp 4096 Feb 4 21:56 ../ -rw-rw-r-- 1 root xorp 26 Feb 4 18:27 fs_status -rw-r--r-- 1 root root 399 Feb 4 21:59 js.lic -rw-rw-r-- 1 root xorp 247 Sep 4 2014 license.conf -rw-rw-r-- 1 root xorp 183 Aug 10 2014 p2files.lst -rw-rw-r-- 1 root xorp 488 Feb 4 18:28 PicOS_start.conf -rw-r--r-- 1 root root 251 Feb 4 22:00 public.key admin@PicOS:~$ sudo license -i js.lic License successfully added, the switch need to be rebooted to activate the license. admin@PicOS:~$ ls -l total 32 drwxrwxr-x 2 root xorp 4096 Feb 4 22:00 ./ drwxrwxr-x 60 root xorp 4096 Feb 4 21:56 ../ -rw-rw-r-- 1 root xorp 26 Feb 4 18:27 fs_status -rw-rw-r-- 1 root xorp 247 Sep 4 2014 license.conf -rw-rw-r-- 1 root xorp 183 Aug 10 2014 p2files.lst -rw-r--r-- 1 root root 382 Feb 4 22:00 pica.lic -rw-rw-r-- 1 root xorp 488 Feb 4 18:28 PicOS_start.conf -rw-r--r-- 1 root root 251 Feb 4 22:00 public.key -rw-r--r-- 1 root root 251 Feb 4 22:00 switch-public.key admin@PicOS:~$ If the license is installed successfully, after license -i command, the following message will be displayed: License successfully added, the switch need to be rebooted to activate the license. To activate the new license, the switch must be restarted. Displaying License Information User can display the license information using the license -s command at the Linux shell. The following example displays information about the switch-based license: admin@PicOS:~$ license -s { "Type": "1GE", "Feature": ["Open Flow", "Base Product", "Layer3"], "Expire Date": "2020-10-28", "Hardware ID": "8A68-A7AC-D702-70D2" } The following example displays information about the site-based license: admin@PicOS:~$ license -s { "Type": "1GE", "Feature": ["Base Product", "Layer3", "Open Flow"], "Expire Date": "2020-10-28", "Hardware ID": "8A68-A7AC-D702-70D2", "Site Name": " CompanyA " } If the license is not valid, the license -s command generates the following output: admin@PicOS:~$ license -s Invalid license. Use below information to create a license. Type: 1GE Hardware ID: 8A68-A7AC-D702-70D2 admin@PicOS-OVS$ If no license is installed, the license -s command generates the following output: admin@PicOS:~$ license -s No license installed. Use below information to create a license. Type: 1GE Hardware ID: 8A68-A7AC-D702-70D2 admin@PicOS-OVS$ Add License Directly From License Command User can also add the license directly from the license command. The PicOS® 2.6 image supports this command. (1) Paste the license content. (2) Press enter and then press crtl+d. Example for P5401, add a site license: admin@PicOS:/ovs$ sudo license -i - sJXhrpDdd2ZsMemcJ26fqvjjw7vH30gf/4OVtLsROgPNl2VjFQhIJvS3zliF+DK+ tW2QpssH0JB4n8ae9/SumsRWdwdPpbQNB1WaeNq0onWdoTRz2HGiH+XudDAm6B37 kQvCGev7pAe0tCjnB+63F3Z5ZGPbQE89/fNSBGkE6mfZ6dG1F/86C9Bn/MyqkQSI 4uDtRwfo46elZOmwn5aD/mGyh/i2qg8IfhssIn0CbHVaJY8hyt7tYuvgkEb6Xlhx 7i9+qnk9c15ksBdak0f8gxorZDOCacwWACDt/K8NJokOMWTDLnLmDczrXO0Z5l75 eGc7ZygxCjd/jzc5oW9cgIyd License successfully added, the switch need to be rebooted to activate the license. admin@PicOS:/ovs$ Reboot system and license can be activated. Installing and Removing License for PicOS® go2cli Version Installing License under CLI Operation Mode The following steps describe how to install a license under CLI operation mode for PicOS® go2cli version. a) Before loading a license, upload the license file to the device. The following example uploads the license file 10GE-SITE-PICA8.lic to the default path. By default, the TFTP downloaded file is saved in directory /cftmp/. admin@PicOS> file tftp get remote-file /tftp/license/10GE-SITE-PICA8.lic local-file 10GE-SITE-PICA8.lic ip-address 10.10.50.22 b) Run the license install command to install the license. admin@PicOS> license install /cftmp/10GE-SITE-PICA8.lic When the license has been successfully installed, it will display the following information: License successfully added, the switch need to be rebooted to activate the license. c) Reboot the switch or restart PicOS® to activate the license. Choose either one: Reboot the switch admin@PicOS> request system reboot Restart PicOS® service licadmin@PicOS> start shell sh admin@PicOS:~$ sudo service PicOS restart admin@PicOS:~$ exit exit admin@PicOS> d) After PicOS® starts up, run the license show command to view the license information. admin@PicOS> license show { "Type": "10GE", "Feature": ["Base Product", "Layer3", "OpenFlow"], "Support End Date": "2020-10-28", "Hardware ID": "196B-A2AE-147A-73F2", "Site Name": "PICA8" } Removing License under CLI Operation Mode The following steps describe how to remove a license under CLI operation mode for PicOS® go2cli version. admin@PicOS> license remove admin@PicOS> license show No license installed. Use below information to create a license. Type: 10GE Hardware ID: 196B-A2AE-147A-73F2 5.2.3 PicOS® License FAQ User may encounter various problems during license installation as detailed below. The public.key file cannot be found. admin@PicOS:~$ sudo license -i js.lic Install failed: Cannot find public key. The license file does not exist. admin@PicOS:~$ sudo license -i js.lic Install failed: No such file or directory. The header or the key is disrupted. admin@PicOS:~$ sudo license -i js.lic Install failed: License or KEY is disrupted. The license format is not valid. admin@PicOS:~$ sudo license -i js.lic Install failed: License format error. The license file is not compatible with the switch (verify failed). admin@PicOS:~$ sudo license -i js.lic Install failed: Invalid license.

PicOS® Troubleshooting Guide

Jan 16, 2026 - PicOS® Troubleshooting Guide 1. L2/L3 Troubleshooting Guide This guide describes how to identify and resolve common problems related to the PicOS® software used on supported switches. 1.1 Monitoring and Debugging L2/L3 protocols 1.1.1 Find and Configure the Log File By default, the syslog local-file is ram. The log file name is "message" which is in the directory "/tmp/log" admin@XorPlus$cd /tmp/log admin@XorPlus$ls lastlog lighttpd messages wtmp You can use "tail -f /tmp/log/messages" to display the log messages. You can set the syslog local-file location to disk. The log file name is "messages" which is in the directory of "/var/log" admin@XorPlus# set system syslog local-file disk admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# admin@XorPlus$cd /var/log/ admin@XorPlus$ls apt dmesg fsck last_death lastlog messages news ntpstats wtmp admin@XorPlus$ You can use "tail -f /var/log/messages" to show the log messages. 1.1.2 Enable Important Debugs Enable debug interface： ##Global Interface traceoptions. admin@XorPlus# set interface traceoptions flag Possible completions: <[Enter]> Execute this command all Configure all tracing config Configure configuration tracing ethernet-switching-options Configure ethernet-switching-options tracing neighbor-event Configure neighbor event tracing packets Configure received or sent packets event tracing port-security Configure port security tracing raw-packet Configure receive raw packet tracing route-event Configure route event tracing static-ethernet-switching Configure static-ethernet-switching tracing timer Configure timer tracing admin@XorPlus# set interface traceoptions flag config <[Enter]> Execute this command disable Disable configuration tracing admin@XorPlus# set interface traceoptions flag config disable false admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# admin@XorPlus# set interface traceoptions line-card ? Possible completions: <[Enter]> Execute this command statistic Configure line card statistic module trace trace-level Configure line card trace level trace-type Configure line card trace type admin@XorPlus# set interface traceoptions line-card trace-level all disable false admin@XorPlus# commit Commit OK. Enable debug of protocals: admin@Xorplus# set protocols Possible completions: <[Enter]> Execute this command arp Configure ARP bgp Configure BGP inter-domain routing dhcp Dynamic Host Configuration Protocol dot1x 802.1x protocol igmp Configure the IGMP protocol igmp-snooping Configure the igmp snooping lacp Link Aggregation Control Protocol lldp Link Layer Discovery Protocol 802.1AB mlag Configure MLAG neighbour Configure Neighbour Discovery Protocol netconf Configure NETCONF ospf Configure the OSPF protocol ovsdb Enable OVSDB pim PIM protocol sflow Configure sflow snmp Simple network management protocol configuration spanning-tree Configure Spanning Tree static Configure static routes udld Unidirectional Link Detection Protocol vrrp Configure VRRP admin@Xorplus# set protocols bgp traceoption updates in admin@Xorplus# commit Commit OK Save Done! Enable debug of LLDP: ## LLDP global traceoptions. admin@Xorplus# set protocols lldp traceoptions flag Possible completions: <[Enter]> Execute this command all Configure all events and packets tracing configuration Configure configuration tracing message-in Configure received message tracing message-out Configure send message tracing state-change Configure LLDP state change tracing admin@Xorplus# set protocols lldp traceoptions flag message-in disable false admin@XorPlus# commit Commit OK. Enable debug of LACP: ## LACP global traceoptions. admin@Xorplus# set protocols lacp traceoptions flag Possible completions: <[Enter]> Execute this command all Configure all events and packets tracing configuration Configure configuration tracing fallback Configure FALLBACK tracing message-in Configure received message tracing message-out Configure send message tracing mlag Configure MLAG tracing state-change Configure LACP state change tracing admin@Xorplus# set protocols lacp traceoptions flag message-in disable false admin@XorPlus# commit Commit OK. ##LACP per interface traceoptions. admin@Xorplus# set protocols lacp traceoptions interface ge-1/1/1 flag Possible completions: <[Enter]> Execute this command all Configure all events and packets tracing configuration Configure configuration tracing message-in Configure received message tracing message-out Configure send message tracing state-change Configure LACP state change tracing admin@Xorplus# set protocols lacp traceoptions interface ge-1/1/1 flag configuration disable false admin@XorPlus# commit Commit OK. Enable debug of UDLD: ## UDLD global traceoptions. admin@Xorplus# set protocols udld traceoptions Possible completions: <[Enter]> Execute this command all Configure all events and packets tracing configuration Configure configuration tracing event Configure event tracing packet Configure the sending/receiving packets tracing raw-packet Configure UDLD raw packet tracing state-change Configure state change tracing timer Configure UDLD timer tracing admin@Xorplus# set protocols udld traceoptions event disable false admin@XorPlus# commit Commit OK. Enable debug of BGP: admin@XorPlus# set protocols bgp traceoption ? admin@XorPlus# set protocols bgp traceoption Possible completions: <[Enter]> Execute this command bestpath BGP bestpath evpn EVPN keepalives BGP IPv4 neighbor to debug neighbor-events BGP Neighbor Events updates BGP updates zebra BGP zebra messages admin@XorPlus# set protocols bgp traceoption updates in admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Enable debug of ospf: admin@XorPlus# set protocols ospf traceoption ? Possible completions: <[Enter]> Execute this command ism Configure tracing of OSPF interface state machine lsa Configure tracing of OSPF link state advertisement nsm Configure tracing of OSPF neighbor state machine packet Configure tracing of OSPF packets zebra Configure tracing of zebra information admin@XorPlus# set protocols ospf traceoption packet all detail admin@XorPlus# commit Enable debug of stp: admin@XorPlus# set protocols spanning-tree traceoptions interface ge-1/1/1 ? Possible completions: <[Enter]> Execute this command all Configure all tracing operations bridge-detection-machine Configure bridge detection state machine tracing configuration Configure configuration tracing events Configure events tracing message-in Configure receive message tracing message-out Configure send message tracing mlag Configure mlag tracing port-information-machine Configure port information state machine tracing port-migration-machine Configure port migration state machine tracing port-receive-machine Configure port receive state machine tracing port-role-selection-machine Configure port role selection state machine tracing port-role-transition-machine Configure port role transition state machine tracing port-state-transition-machine Configure port state transition state machine tracing port-transmit-machine Configure port transmit state machine tracing state-machine-variables Configure state machine variables tracing timers Configure timers tracing topology-change-machine Configure topology change state machine tracing admin@XorPlus# set protocols spanning-tree traceoptions interface ge-1/1/1 all disable false admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# Enable debug of igmp: admin@XorPlus# set protocols igmp traceoption ? Possible completions: <[Enter]> Execute this command events IGMP protocol events packets IGMP protocol packets trace IGMP internal daemon activity admin@XorPlus# set protocols igmp traceoption events admin@XorPlus# commit Commit OK. Save done. admin@XorPlus# 1.1.3 Find the Core Dump File When the device crashes, it will create a core file which can be found in a directory called pica/core. admin@R2:/pica/core$ pwd /pica/core 1.1.4 Find the last_death file for Troubleshooting You can view the last_death file after the device crashes. It will record the last log message and is located in /var/log directory. admin@R2:/pica/core$ cd /var/log/ admin@R2:/var/log$ ls btmp faillog fsck lastlog messages report_diag.log dmesg frr last_death lighttpd private wtmp 1.2 Routing and Forwarding Table 1.2.1 Check the Software and Hardware Route Tables To display the hardware host route table, use the show route forward-host ipv4 all command in L2/L3 operation mode. admin@Switch> show route forward-host ipv4 all Address HWaddress Port --------------- ----------------- --------- 10.10.3.2 48:6E:73:02:03:DA ge-1/1/48 Total host count:1 To display the hardware route table, use the show route forward-route ipv4 all command in L2/L3 operation mode. admin@Switch> show route forward-route ipv4 all Destination NextHopMac Port --------------- ----------------- --------- 10.10.3.0/24 48:6E:73:02:04:64 connected 101.101.101.0/24 48:6E:73:02:03:DA ge-1/1/48 102.102.102.0/24 48:6E:73:02:03:DA ge-1/1/48 Total route count:4 To display the software route table, use the show route ipv4 command in L2/L3 operation mode. admin@Switch> show route ipv4 If PicOS® is running in OVS mode, check the software and hardware flow tables. 1.3 Using Pipe (|) Filter Functions 1.3.1 Pipe (|) Filter Functions This topic describes the pipe (|) filter functions supported in the PicOS® L2/L3 CLI (command-line interface). The PicOS® L2/L3 mode has a growing number of CLI commands that users can use to troubleshoot common problems. These commands usually generate a lot of output. The use of pipe (|) filter functions increases readability of command output, making troubleshooting more effective. The following filter functions are available with the PicOS® L2/L3: Function Description compare Compare configuration changes with a prior version count Count occurrences display Display additional configuration information except Show only the lines of output that do not contain a pattern find Show output starting from the first occurrence of a pattern match Show only the lines of output that contain a pattern no-more Disable pagination of command output 1.3.2 Comparing Configurations The compare filter compares the current committed configuration with a previously committed configuration. admin@XorPlus# show | compare rollback nn nn is the index into the list of previously committed configurations, also known as the rollback number. The range of values for nn is 01-48. For example: admin@XorPlus# show | compare rollback 03 1.3.3 Counting the Number of Output Lines To count the number of lines in the output of a command, enter count after the pipe symbol (|). The following example uses count with the show command in configuration mode to display the number of non-default configuration lines: admin@XorPlus# show | count Count: 11 lines 1.3.4 Displaying Output that Matches a Pattern To display only the lines of output that match a pattern, enter match after the pipe symbol (|). The following example displays the status of only TbE (terabit Ethernet) interfaces: admin@XorPlus> show interface brief | match te- te-1/1/1 Enabled Down Disabled Full Auto te-1/1/2 Enabled Down Disabled Full Auto te-1/1/3 Enabled Down Disabled Full Auto te-1/1/4 Enabled Down Disabled Full Auto te-1/1/5 Enabled Down Disabled Full Auto te-1/1/6 Enabled Down Disabled Full Auto te-1/1/7 Enabled Down Disabled Full Auto te-1/1/8 Enabled Down Disabled Full Auto te-1/1/9 Enabled Down Disabled Full Auto te-1/1/10 Enabled Down Disabled Full Auto 1.3.5 Omitting Output that Matches a Pattern To omit lines from the output of a command that make up a pattern, enter except after the pipe symbol (|). The following example uses except with the show interface brief command in the operation mode to list the interfaces that are not down: admin@XorPlus> show interface brief | except Down 1.3.6 Preventing Output from Being Paginated By default, if the output of a command is longer than the length of terminal screen, user will see the --More-- message to display the remaining output. Press the space bar to display the remaining output. User can disable pagination by entering no-more after the pipe symbol (|). The following example displays the output of show command, executed in PicOS® L2/L3 configuration mode, all at once: admin@XorPlus# show | no-more This feature is useful, for example, when user wants to copy the entire output of a command and paste it into an e-mail to be sent to technical support. 1.4 Using the show tech-support Command 1.4.1 Show Tech-Support Command When contacting Pica8 for technical support, issue the command show tech-support because it captures the complete status of a PicOS® switch. It is recommended to send the output of show tech-support command along with the system log. The following samples describe how to obtain the output. Log in to the switch and enter the cli command at the Linux shell to reach the PicOS® L2/L3 operation mode. admin@Leaf-1$cli Synchronizing configuration...OK. Pica8 PicOS Version 2.6 Welcome to PicOS L2/L3 on Leaf-1 admin@Leaf-1> Enter the show tech-support command. admin@Leaf-1> show tech_support Start...... Item 1: Display version finished! Item 2: Display interface finished! Item 3: Display pica configuration finished! Item 4: Display system config files finished! Item 5: Display system process finished! Item 6: Display fdb table finished! Item 7: Display fdb entries finished! Item 8: Display ospf neighbors finished! Item 9: Display ospf interfaces finished! Item 10: Display kernel route table finished! Item 11: Display kernel ipv4 neigh table finished! Item 12: Display kernel ipv6 neigh table finished! Item 13: Display kernel neigh vrf finished! Item 14: Display hard-route table finished! Item 15: Display system hard-route for host finished! Item 16: Dispaly system spanning tree interfaces finished! Item 17: Dispaly spanning tree bridge finished! Item 18: Display vlans table finished! Item 19: Display vlan-interfaces finished! Item 20: Display core-dump finished! Item 21: Display system uptime finished! Item 22: Display arp table! Item 23: Display neighbor table! Item 24: Display routes table! Item 25: Display ipv4 routes in hardware table! Item 26: Display ipv6 routes in hardware table! Item 27: Display ipv4 hosts in hardware table! Item 28: Display ipv6 hosts in hardware table! Item 29: Display copp statistics! Item 30: Display mlag domain! Item 31: Display mlag link! Item 32: Display mlag config consistency! Item 33: Display mlag statistic! Item 34: Display license! Item 35: Display set! Item 36: Get error event from log! Item 37: Display frr configuration finished! Process BCM commands, total count=47 The information has been stored in /tmp/Leaf-1-201507050614-techSupport.log, please forward to support@pica8.com The last line of the output of show tech-support command provides the name and location of the file to which the output was saved. In the above example, the name of the file is Leaf-1-201507050614-techSupport.log that has been saved to the /tmp directory. You can transfer the file, generated by show tech-support command, from the switch to your computer over SCP (Secure Copy Protocol). There is a nice free Windows utility called WinSCP, available for download at https://winscp.net/eng/download.php, which you can use to copy the file from the switch to your computer over SCP. 2. PicOS® OVS Troubleshooting This section details basic procedures to troubleshoot PicOS® switches in OVS (Open vSwitch) mode. 2.1 Verifying PicOS® Mode Verify if PicOS® is actually running in OVS (Open vSwitch) mode, as described in Checking PicOS® Mode. When PicOS® is running in the OVS mode, two processes should be running: ovsdb-server and ovs-vswitchd. admin@XorPlus$ps -ef | grep ovs root 1356 1 0 Jan26 ? 00:00:10 /ovs/sbin/ovsdb-server /ovs/ovs-vswitchd.conf.db --pidfile --remote=punix:/ovs/var/run/openvswitch/db.sock root 1358 1 0 Jan26 ? 00:19:07 /ovs/sbin/ovs-vswitchd --enable-shared-lcmgr In CrossFlow mode, the router stack must have been initialized in addition to having ovsdb-server and ovs-vswitchd processes running. admin@XorPlus$ps -ef | grep pica root 12430 1 0 Jan07 ? 00:05:49 pica_cardmgr root 12432 1 0 Jan07 ? 01:03:19 pica_sif root 12439 1 0 Jan07 ? 00:08:45 pica_lacp root 12441 1 19 Jan07 ? 4-10:50:14 pica_lcmgr root 12447 1 0 Jan07 ? 00:09:58 pica_login root 13218 1 0 Jan07 ? 00:20:47 pica_mstp root 13236 1 0 Jan07 ? 01:25:30 /pica/bin/xorp_rtrmgr -d -L local0.info -P /var/run/xorp_rtrmgr.pid 2.2 Verifying Bridge Configuration For the bridge and ports to forward frames in hardware, the datapath_type configured for each entity must be set to pica8. admin@PicOS-OVS$ovs-vsctl show ac9e5b1e-4234-4158-9214-5660b9343779 Bridge east Controller "tcp:172.16.0.142:6653" is_connected: true fail_mode: standalone Port "ae1" tag: 1 Interface "ae1" type: "pica8_lag" options: {lacp-mode=active, lacp-system-priority="32768", lacp-time=slow, lag_type=lacp, link_speed=auto, members="te-1/1/2"} Port "te-1/1/2" tag: 1 Interface "te-1/1/2" type: "pica8" options: {flow_ctl=none, link_speed=auto} Port "te-1/1/1" tag: 1 Interface "te-1/1/1" type: "pica8" options: {flow_ctl=none, link_speed=auto} admin@PicOS-OVS$ovs-ofctl show east OFPT_FEATURES_REPLY (OF1.4) (xid=0x2): dpid:1deb0ae61be44040 n_tables:254, n_buffers:256 capabilities: FLOW_STATS TABLE_STATS PORT_STATS GROUP_STATS OFPST_PORT_DESC reply (OF1.4) (xid=0x4): 1(te-1/1/1): addr:ff:ff:ff:ff:ff:00 config: 0 state: LINK_UP current: 1GB-FD COPPER advertised: 1GB-FD 10GB-FD FIBER supported: 10MB-FD 100MB-FD 1GB-FD 10GB-FD FIBER AUTO_NEG speed: 1000 Mbps now, 10000 Mbps max 2(te-1/1/2): addr:ff:ff:ff:ff:ff:00 config: 0 state: LINK_DOWN current: 1GB-FD COPPER advertised: 1GB-FD 10GB-FD FIBER supported: 10MB-FD 100MB-FD 1GB-FD 10GB-FD FIBER AUTO_NEG speed: 1000 Mbps now, 10000 Mbps max 1025(ae1): addr:ff:ff:ff:ff:ff:00 config: 0 state: LINK_UP current: 1GB-FD COPPER advertised: 1GB-FD 10GB-FD FIBER supported: 10MB-FD 100MB-FD 1GB-FD 10GB-FD FIBER AUTO_NEG speed: 1000 Mbps now, 10000 Mbps max LOCAL(east): addr:0a:e6:1b:e4:40:40 config: 0 state: LINK_UP current: 10MB-FD COPPER supported: 10MB-FD COPPER speed: 10 Mbps now, 10 Mbps max OFPT_GET_CONFIG_REPLY (OF1.4) (xid=0x6): frags=normal miss_send_len=0 admin@PicOS-OVS$ Once the ports are configured and verified, flows can be managed in OVS. 2.3 Checking Flow Discrepancies Check ovs-vswitchd flow discrepancies between the control plane and hardware: admin@PicOS-OVS$ovs-ofctl dump-tables br0 | grep -v active=0: 0: active=4, lookup=n/a, matched=n/a admin@PicOS-OVS$ovs-ofctl dump-flows br0 OFPST_FLOW reply (OF1.4) (xid=0x2): cookie=0x0, duration=1449.903s, table=0, n_packets=n/a, n_bytes=0, in_port=1,dl_src=00:00:3d:a6:c8:f2 actions=output:2 cookie=0x0, duration=1444.537s, table=0, n_packets=n/a, n_bytes=0, in_port=1,dl_src=00:00:3d:a6:c9:14 actions=output:1 cookie=0x0, duration=71723.842s, table=0, n_packets=n/a, n_bytes=0, mpls,in_port=1,dl_vlan=1,mpls_label=10 actions=output:3 cookie=0x0, duration=74839.581s, table=0, n_packets=n/a, n_bytes=923443200, in_port=1 actions=output:2 Display hardware flows as shown below: admin@PicOS-OVS$ovs-appctl pica/dump-flows #24 normal permanent priority=32769,in_port=1,dl_src=00:00:3d:a6:c8:f2, actions:2 #23 normal permanent priority=32769,in_port=1,dl_src=00:00:3d:a6:c9:14, actions:1 #22 normal permanent priority=32769,mpls,in_port=1,dl_vlan=1,mpls_label=10, actions:3 #21 normal permanent priority=32769,in_port=1, actions:2 #20 normal permanent priority=0, actions:drop Total 5 flows in HW. 2.4 Displaying OVSDB Display the full OVSDB (Open vSwitch Database) as shown below: admin@Leaf1$ovsdb-client dump Bridge table _uuid controller datapath_id datapath_type external_ids fail_mode flood_vlans flow_tables ipfix lldp_enable mirrors name netflow other_config ports protocols sflow status stp_enable ------------------------------------ -------------------------------------- ------------------ ------------- ------------ --------- ----------- ----------- ----- ----------- ------- -------- ------- ------------ ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -------------- ----- ------ ---------- c880536a-b614-41bf-9870-2d0bdab3664f [bedb4af7-2125-4346-8c89-bf61bd21f63b] "4c3e486e730203da" "pica8" {} [] [] {} [] false [] "ECODE3" [] {} [31605950-d9be-40b2-9ccb-bc4fd09991f0, 61ac5778-554f-4553-83ae-3bbc19ccf715, 62b35f47-e8ca-4496-8b37-f9bfbb7e80b0, 6dee5c6a-e9b8-41f7-87ef-b9379637a7c4, 99ac75b7-9fa1-4583-85f7-66d3145e7fa4] ["OpenFlow13"] [] {} false 2.5 Debug Packet-In Messages To debug the protocol messages between the switch and the controller, use the ovs-ofctl snoop command in the OVS mode. The following commands debug the protocol messages exchanged between the br0 bridge and the controller: admin@Switch$ovs-ofctl snoop br0 3. PicOS® System Troubleshooting User can troubleshoot by checking system logs and PicOS® works mode. Reset the Switch to Factory Default Automating Ping to Multiple Hosts Troubleshooting Switch Crashes CPU/Memory Rate Limit High CPU Utilization Backup Partition for PicOS® SSH Server Preparation Linux_configure.py script Provision.py script How to Disable Weak SSH Cipher/ MAC Algorithms in PicOS® Check log using two methods as follows: NOTE: Users should not put their other files in the /tmp directory, because the space size limit of the /tmp directory is 50M, once exceeded, it will lead to unpredictable system errors. System logs are stored in two locations: /var/log/messages This directory is stored in Flash. and /tmp/log/messages This directory is stored in RAM. Switches use flash memory that has a limited number of lifetime write operations. Hence, it is important that logs are not written continuously to the flash memory. This would dramatically impact the lifetime of the flash memory. This is why most of the log information is written by default on the /tmp directory. admin@XorPlus$df Filesystem 1K-blocks Used Available Use% Mounted on rootfs 6202636 900184 4987368 16% / /dev/root 6202636 900184 4987368 16% / tmpfs 207348 28 207320 1% /run tmpfs 5120 0 5120 0% /run/lock tmpfs 414680 0 414680 0% /run/shm tmpfs 51200 36 51164 1% /tmp The "/tmp" directory is mounted on "tmpfs" which is a filesystem mounted in RAM. The tmp logs are moved to /var/log when dramatic events occur like system crash or system reboot. Checking PicOS® works mode as follows: In L2/L3 Mode (Or XORP), only the XORP system is running. admin@PicOS-OVS$ps aux | grep ovs | grep -v grep admin@PicOS-OVS$ admin@XorPlus$ps aux | grep xorp | grep -v grep root 16383 0.0 1.2 18100 6596 ? S Jan29 5:26 xorp_policy root 16385 0.3 2.5 34980 13380 ? Ss Jan29 99:20 /pica/bin/xorp_rtrmgr -d -L local0.info -P /var/run/xorp_rtrmgr.pid In OVS Mode, only the OVS daemon is running. admin@PicOS-OVS$ps aux | grep xorp | grep -v grep admin@PicOS-OVS$ admin@PicOS-OVS$ps aux | grep ovs | grep -v grep root 1984 0.0 0.1 6696 2524 ? S Nov13 0:10 ovsdb-server /ovs/ovs-vswitchd.conf.db --pidfile --remote=ptcp:6640:10.10.51.166 --remote=punix:/ovs/var/run/openvswitch/db.sock root 1989 25.6 1.5 113256 32392 ? Sl Nov13 1393:50 ovs-vswitchd --pidfile=ovs-vswitchd.pid --overwrite-pidfile 3.1 Reset the Switch to Factory Default Occasionally, it could be useful to reset the equipment to factory default (to erase all configurations or tools on the equipment). This can be done using the Upgrade command and an image of PicOS, for details about the usage of Upgrade command, please see Upgrading PICOS from Version 4.0.0 or Later Using Upgrade Command. Here is an example: admin@XorPlus$sudo upgrade picos-2.4-P3295-13912.tar.gz factory-default 3.2 Automating Ping to Multiple Hosts PicOS® switches support ping, which may be used to test connectivity to remote IP addresses. Users often want to test connectivity to all subnets in their network. This can be accomplished manually by pinging IP addresses in all subnets one-by-one, but that method is error-prone and tedious. This section describes how to write a simple re-usable script to ping a number of IP addresses at once. This script is especially useful when troubleshooting connectivity in a network, and user needs to ping a number of IP addresses again and again for verification. User can create the script once and use it again and again from the PicOS® L2/L3 operation mode. This requires a text editor to create the script and save it as a file on user's PicOS® switch. PicOS® includes the vi text editor, which can be run from the Linux shell on user's PicOS® switch. We choose to call our script pingAll.sh though user may choose any other name. The .sh file extension is not mandatory, though we recommend using it to make it obvious to anyone that the file is a shell script. admin@Leaf-1$vi pingAll.sh Inside the vi editor, press i to be able to insert text. Paste the following lines of text (after modifying them for user's network): ip[0]='192.168.42.2' ip[1]='192.168.42.4' ip[2]='192.168.42.5' ip[3]='192.168.42.9' ip[4]='192.168.42.20' ip[5]='192.168.42.40' ip[6]='192.168.42.60' ip[7]='192.168.42.100' ip[8]='192.168.42.110' ip[9]='192.168.42.120' ip[10]='192.168.42.130' ip[11]='192.168.42.240' ip[12]='192.168.42.22' for ((i=0; i <=12; i++)) do ping -c 3 ${ip[$i]} done Press Esc and then enter :wq to save the file and exit the vi editor. Some information about the script follows. The ip[] array has thirteen elements (ip[0] – ip[12]) and each element holds an IP address. User can change both the IP addresses and the number of array elements. The script will send three ping requests to each IP address in the ip[] array, one by one. If user is familiar with shell scripting or programming in C-like languages, the script should be self-descriptive. Even if user is an absolute beginner to programming and scripting, user should be able to modify and use the script after some research. List the contents of user's home directory. admin@Leaf-1$ls pingAll.sh Make the new file pingAll.sh executable. admin@Leaf-1$chmod +x pingAll.sh Enter the PicOS® L2/L3 operation mode. admin@Leaf-1$cli Synchronizing configuration...OK. Pica8 PicOS Version 2.6 Welcome to PicOS L2/L3 on Leaf-1 admin@Leaf-1> Run the script from PicOS® L2/L3 operation mode. admin@Leaf-1> bash /home/admin/pingAll.sh PING 192.168.42.2 (192.168.42.2) 56(84) bytes of data. 64 bytes from 192.168.42.2: icmp_req=1 ttl=64 time=4.66 ms 64 bytes from 192.168.42.2: icmp_req=2 ttl=64 time=0.848 ms 64 bytes from 192.168.42.2: icmp_req=3 ttl=64 time=0.910 ms --- 192.168.42.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 0.848/2.142/4.669/1.787 ms PING 192.168.42.4 (192.168.42.4) 56(84) bytes of data. 64 bytes from 192.168.42.4: icmp_req=1 ttl=64 time=8.27 ms 64 bytes from 192.168.42.4: icmp_req=2 ttl=64 time=1.98 ms 64 bytes from 192.168.42.4: icmp_req=3 ttl=64 time=2.94 ms --- 192.168.42.4 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 1.986/4.401/8.273/2.765 ms PING 192.168.42.5 (192.168.42.5) 56(84) bytes of data. 64 bytes from 192.168.42.5: icmp_req=1 ttl=64 time=6.59 ms 64 bytes from 192.168.42.5: icmp_req=2 ttl=64 time=3.22 ms 64 bytes from 192.168.42.5: icmp_req=3 ttl=64 time=1.81 ms --- 192.168.42.5 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 1.812/3.876/6.594/2.006 ms 3.3 Troubleshooting Switch Crashes The PicOS® switch may restart after detecting an unrecoverable error. This situation is usually referred to as a system crash. When the switch crashes, it will create a core file that user can use to figure out what went wrong. The core file is stored in the directory /pica/core. Use the file list command in PicOS® L2/L3 operation mode to display the contents of the directory. admin@LEAF-A> file list /pica/core total 0 The output above shows that there is no file in the /pica/core directory. The switch we used never crashed and did not create any core file. The PicOS® writes the last log messages to the /var/log/last_death file after a system crash. admin@LEAF-A> file show /var/log/last_death | count Count: 405 lines admin@LEAF-A> file show /var/log/last_death | match lcmgr Jun 23 2015 04:08:56 XorPlus local0.info : [PICA_MONITOR]Process pica_lcmgr, running, PID 2823 Jun 23 2015 04:08:56 XorPlus local0.info : [PICA_MONITOR]Monitor for process pica_lcmgr started Jun 23 2015 04:44:32 XorPlus local0.err : [LCMGR]Someone set counter interval to ZERO!! Jun 23 2015 04:44:34 XorPlus local0.err : [RTRMGR]XRL Death: class lcmgr01 instance lcmgr01-5eeea3b7d435a0b7277ba879a582fff6@127.0.0.1 time:Thu Jan 1 00:43:34 1970 death module:lcmgr01 3.4 CPU/Memory Rate Limit From PicOS® 2.6, we added the CPU rate limit for processes of PicOS®. Including pica_lcmgr, pica_sif, and ovs-vswitchd. Summary: The default CPU usage is 40% if not provided, and default memory size is 150 MB. The warning message will be printed if the memory size is bigger than the default value. The CPU limitation is based on all CPU's on the system. If the system CPU is P2020 dual cores, 40% CPU limitation is equal to 80% single CPU. Running CPU/memory rate limit tools manually as follows: sudo /pica/bin/system/tools/pica_monitor -v -c 40 -m 150 pica_lcmgr Checking CPU/memory rate limit tools as follows: admin@XorPlus$ps -aux | grep pica_monitor warning: bad ps syntax, perhaps a bogus '-'? See http://gitorious.org/procps/procps/blobs/master/Documentation/FAQ root 3420 0.6 0.7 38944 3896 ? S 3.5.3 Step 3 Check the core dump in the /pica/core directory. 3.5.4 Step 4 To display the virtual interfaces configured on the switch, use the ifconfig command at the Linux shell: admin@Switch$ifconfig eth0 Link encap:Ethernet HWaddr 48:6e:73:02:04:63 inet addr:192.168.42.110 Bcast:192.168.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2379952 errors:0 dropped:0 overruns:0 frame:0 TX packets:1060135 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:354374731 (337.9 MiB) TX bytes:152816006 (145.7 MiB) Base address:0x2000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:98303973 errors:0 dropped:0 overruns:0 frame:0 TX packets:98303973 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:860429061 (820.5 MiB) TX bytes:860429061 (820.5 MiB) vlan.3 Link encap:Ethernet HWaddr 48:6e:73:02:04:64 inet addr:10.10.3.1 Bcast:10.10.3.255 Mask:255.255.255.0 inet6 addr: fe80::4a6e:73ff:302:464/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:36973 errors:0 dropped:0 overruns:0 frame:0 TX packets:36446 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:2927602 (2.7 MiB) TX bytes:2743024 (2.6 MiB) 3.5.5 Step 5 To display packets on a specific virtual interface, use the tcpdump command at the Linux shell: admin@Switch$sudo tcpdump -i vlan.3 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vlan.3, link-type EN10MB (Ethernet), capture size 65535 bytes To debug the protocol messages between the switch and the controller, use the ovs-ofctl snoop command in the OVS mode. The following commands debug the protocol messages exchanged between the br0 bridge and the controller: admin@Switch$ovs-ofctl snoop br0 3.5.6 Common Causes In the CrossFlow mode, both L2/L3 and OVS processes are running. The switch has to process both OVS protocol messages and the L2/L3 packets like BPDUs, OSPF packets, and BGP packets. The switch is likely to have a higher CPU utilization in the CrossFlow mode compared with the L2/L3 or OVS modes. Normally, the CPU-bound packets are less than 1000 pps (packets per second), and the CPU utilization is not high. However, the eth0 management interface has no rate limiting configured. Therefore, an attacker can send a large number of packets to the management interface, making the switch slow and even unusable for legitimate traffic. 3.5.7 Possible Fixes User can deploy the following fixes for high CPU utilization: Add a default drop flow for table-miss packets, to prevent these packet from causing high CPU utilization. Remove some flows with actions: Controller, LOCAL Make sure that the controller is not sending exessive OpenFlow messages to the switch. Configure the management interface eth0 at a low speed like 10 Mbps, using the ethtool -s eth0 speed 10 command. Reload the switch 3.6 Backup Partition for PicOS® Backup partition for PicOS®: PowerPc Platform: We use backup partitions for PicOS® to upgrade the system and recover PicOS®. Usually users need to reserve about 400 MB for partition 2(eg:sda2). The rest of the SD card belongs to partition 1(eg：sda1). If the size of the SD card is 2 GB, partition 1 should be 1.6GB (1600M) and partition 2 is 400M. Command (m for help): p Disk /dev/sda: 8004 MB, 8004304896 bytes 247 heads, 62 sectors/track, 1020 cylinders, total 15633408 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 Device Boot Start End Blocks Id System /dev/sda1 62 12603421 6301680 83 Linux ------the primary partition for PicOS /dev/sda2 12603422 15620279 1508429 83 Linux ------the backup partition for PicOS X86 platform: There are two partitioning ways used with ONIE, GPT and MBR. With GPT partitioning, the sda1/2MB, is allocated to GRUB as BOOT PARTITION. The second partition is used by ONIE itself. The 3rd or others are free, and can be used by NOS. In this mode, the 3rd partition is allocated to PicOS® GRUB, for the grub bootup config files. 4th and 5th are for PicOS® and PicOS®-BACKUP. When the user runs uninstall from ONIE, all partitions except 1st and 2nd are reserved, all NOS are wiped out. With MBR partitioning mode (which is not recommended), the GRUB boot codes are saved before MBR sector and first partition, the first partition is used by ONIE itself. PicOS® begins from the 2nd partition for PicOS®-GRUB, PicOS® and PicOS®-BACKUP partitions. eg:(With MBR) /dev/sda1: LABEL="ONIE-BOOT" UUID="08ae2c6a-6f14-498f-8e13-d0e7c0a567c1" /dev/sda3: LABEL="PicOS" UUID="b2735e76-8594-41b9-87e7-d25113dc22f7" ------the primary partition for PicOS /dev/sda2: LABEL="PICOS-GRUB" UUID="ca79674b-70fc-4540-b9ef-c98c3afadce3" /dev/sda4: LABEL="PICOS-BAK" UUID="92028225-403a-44d4-a40e-25e26d46373b" ------the backup partition for PicOS eg:(with GPT) Disk /dev/sda: 15649200 sectors, 7.5 GiB Logical sector size: 512 bytes Disk identifier (GUID): 1687245E-B39A-48E5-860B-D7967A67FBE8 Partition table holds up to 128 entries First usable sector is 34, last usable sector is 15649166 Partitions will be aligned on 1-sector boundaries Total free space is 8547665 sectors (4.1 GiB) Number Start (sector) End (sector) Size Code Name 1 2048 6143 2.0 MiB EF02 GRUB-BOOT 2 6144 268287 128.0 MiB 3000 ONIE-BOOT 3 268288 1244140 476.5 MiB 0700 PICOS-GRUB 4 1244141 5150390 1.9 GiB 0700 PicOS -----the primary partition for PicOS 5 5150391 7103515 953.7 MiB 0700 PICOS-BAK ------the backup partition for PicOS 3.7 SSH Server Preparation Add the PKI files、two scripts and the PicOS® image on the ssh server. 1: The directory of ssl-private-key (Our openssl connection is not ready, so you only need to create these key files on the server) root@dev-1:/ssl#ls cacert.pem sc-cert.pem sc-privkey.pem 3.8 Linux_configure.py script This script usually starts automatically at the end of the configuration interactive shell. This script can set hostname, create accounts and update the time via ntp. You can modify or add this script to define the hostname and accounts and passwords. root@dev-1:/pica8# vim linux_configure.py _hostname = "HostName-Test" _accounts = {"lily":"1R.O.4HRDfvEY", "tom":"7hCft0situjJQ"} NOTE: The password of the user should be created by password generator. 3.9 Provision.py script This script usually starts automatically at the end of configuration interactive shell. It is used to download PKI files、PicOS® image and linux_configure.py, and then for updating the image and running the linxu_configure.py. You should modify the scipt to define the directory of the files. root@dev-1:/pica8# vim provision.py _server_paths = { "pki_sw_pri_key":"/ssl/sc-privkey.pem", "pki_sw_ca":"/ssl/sc-cert.pem", "pki_ctl_ca":"/ssl/cacert.pem", "ovs_upgrade_deb":"/pica8/pica-ovs-2.5-P3290-17741.deb", "linux_configure_script":"/pica8/linux_configure.py" } 3.10 How to Disable Weak SSH Cipher/ MAC Algorithms in PicOS® 3.10.1 Requirement Some of the security scans may show below Server-to-Client or Client-To-server encryption algorithms as vulnerable: arcfour arcfour128 arcfour256 Below are some of the Message Authentication Code (MAC) algorithms: hmac-md5 hmac-md5-96 hmac-sha1-96 NOTE: PicOS® 3.1.0 and the later version use OpenSSH(?) version is 6.7p1 and following are default Ciphers: chacha20-poly1305@openssh.com, aes128-ctr,aes192-ctr,aes256-ctr, aes128-gcm@openssh.com,aes256-gcm@openssh.com 3.10.2 Description Verify weak cipher and MAC algorithms are currently used by the SSH running in PicOS® switch. Perform following three steps: First check the cipher and MAC algorithms currently supported in the PicOS® SSH protocol. Check the version of SSH: root@Xorplus:/etc/ssh# ssh -v OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013 Check what cipher and MAC algorithms are currently supported. From another Linux Server run the following to list the cipher and MAC algorithms supported by PicOS®, using the following command: nmap --script ssh2-enum-algos -sV -p 22 Example output: root@AutomationServer1 html]# nmap --script ssh2-enum-algos -sV -p 22 172.16.0.191 Starting Nmap 6.40 ( http://nmap.org ) at 2019-03-14 14:13 PDT Nmap scan report for 172.16.0.191 Host is up (0.00079s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.0p1 (protocol 2.0) | ssh2-enum-algos: | kex_algorithms (7) | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 | ecdh-sha2-nistp521 | diffie-hellman-group-exchange-sha256 | diffie-hellman-group-exchange-sha1 | diffie-hellman-group14-sha1 | diffie-hellman-group1-sha1 | server_host_key_algorithms (3) | ssh-rsa | ssh-dss | ecdsa-sha2-nistp256 | encryption_algorithms (13) | aes128-ctr | aes192-ctr | aes256-ctr | arcfour256 | arcfour128 | aes128-cbc | 3des-cbc | blowfish-cbc | cast128-cbc | aes192-cbc | aes256-cbc | arcfour | rijndael-cbc@lysator.liu.se | mac_algorithms (11) | hmac-md5 | hmac-sha1 | umac-64@openssh.com | hmac-sha2-256 | hmac-sha2-256-96 | hmac-sha2-512 | hmac-sha2-512-96 | hmac-ripemd160 | hmac-ripemd160@openssh.com | hmac-sha1-96 | hmac-md5-96 From the above output decide which cipher or MAC algorithm you want to disable. For example say you want to disable arcfour cipher algorithm. 3.10.3 Solution Disable weak Cipher and MAC algorithms used by the SSH running in PicOS® switch by performing the following three steps: Disable the weak Cipher and MAC algorithms used by the SSH running in PicOS® switch as follows: You could disable the Ciphers using the command below: # vi /etc/ssh/sshd_config Press key 'i' to insert and copy the lines below to the end of the file (put only the cipher and MAC algorithms that needs to supported, and not include the weaker cipher and Mac algorithms). Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc Macs hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512 Save the file. On the PicOS® switch restart SSH with the following Linux command: /etc/init.d/ssh restart Verify whether weak Cipher and MAC algorithms are now not used by the SSH running in PicOS® switch: From another Linux Server run the following to list the cipher and MAC algorithms supported by PicOS®, using the following command: nmap --script ssh2-enum-algos -sV -p 22 You will see arcfour cipher algorithm is not used by SSH from the following output. This would show the only the allowed cipher and MAC algorithms now. Example output: root@AutomationServer1 html]# nmap --script ssh2-enum-algos -sV -p 22 172.16.0.191 Starting Nmap 6.40 ( http://nmap.org ) at 2019-03-14 14:35 PDT Nmap scan report for 172.16.0.191 Host is up (0.00055s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.0p1 (protocol 2.0) | ssh2-enum-algos: | kex_algorithms (7) | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 | ecdh-sha2-nistp521 | diffie-hellman-group-exchange-sha256 | diffie-hellman-group-exchange-sha1 | diffie-hellman-group14-sha1 | diffie-hellman-group1-sha1 | server_host_key_algorithms (3) | ssh-rsa | ssh-dss | ecdsa-sha2-nistp256 | encryption_algorithms (8) | aes128-ctr | aes192-ctr | aes256-ctr | aes128-cbc | 3des-cbc | blowfish-cbc | aes192-cbc | aes256-cbc | mac_algorithms (4) | hmac-sha1 | umac-64@openssh.com | hmac-sha2-256 | hmac-sha2-512 4. Technical Support Execute the diagnostic command show tech_support to send information to Pica8 Technical Support and receive a diagnostic report back. 4.1 Executing the Diagnostic Command admin@XorPlus> show tech_support Start...... Item 1: Display version finished! Item 2: Display interface finished! Item 3: Display pica configuration finished! Item 4: Display system config files finished! Item 5: Display system process finished! Item 6: Display fdb table finished! Item 7: Display fdb entries finished! Item 8: Display ospf neighbors finished! Item 9: Display ospf interfaces finished! Item 10: Display kernel route table finished! Item 11: Display kernel ipv4 neigh table finished! Item 12: Display kernel ipv6 neigh table finished! Item 13: Display kernel neigh vrf finished! Item 14: Display hard-route table finished! Item 15: Display system hard-route for host finished! Item 16: Dispaly system spanning tree interfaces finished! Item 17: Dispaly spanning tree bridge finished! Item 18: Display vlans table finished! Item 19: Display vlan-interfaces finished! Item 20: Display core-dump finished! Item 21: Display system uptime finished! Item 22: Display arp table! Item 23: Display neighbor table! Item 24: Display routes table! Item 25: Display ipv4 routes in hardware table! Item 26: Display ipv6 routes in hardware table! Item 27: Display ipv4 hosts in hardware table! Item 28: Display ipv6 hosts in hardware table! Item 29: Display copp statistics! Item 30: Display mlag domain! Item 31: Display mlag link! Item 32: Display mlag config consistency! Item 33: Display mlag statistic! Item 34: Display license! Item 35: Display set! Item 36: Get error event from log! Item 37: Display frr configuration finished! Process BCM commands, total count=47 The information has been stored in /tmp/XorPlus-201307052220-techSupport.log, please forward to support@pica8.com admin@XorPlus> 5. General PicOS® FAQ We have summarized the general PicOS® FAQ here, please download it from the following link: General_PICOS_FAQ.docx 6. Traceoptions Configuration Commands set interface traceoptions flag config disable true set interface traceoptions flag ethernet-switching-options disable true set protocols mlag traceoptions all disable false set interface traceoptions flag neighbor-event disable true set interface traceoptions flag packets disable true set interface traceoptions flag route-event disable true set interface traceoptions flag static-ethernet-switching disable true set interface traceoptions line-card statistic disable true set interface traceoptions line-card trace-level all disable true set interface traceoptions line-card trace-level api debug disable true set interface traceoptions line-card trace-level api error disable true set interface traceoptions line-card trace-level api information disable true set interface traceoptions line-card trace-level api warning disable true set interface traceoptions line-card trace-level sdk debug disable true set interface traceoptions line-card trace-level sdk error disable true set interface traceoptions line-card trace-level sdk information disable true set interface traceoptions line-card trace-level sdk warning disable true set interface traceoptions line-card trace-level xrl debug disable true set interface traceoptions line-card trace-level xrl error disable true set interface traceoptions line-card trace-level xrl information disable true set interface traceoptions line-card trace-level xrl warning disable true set interface traceoptions line-card trace-type all disable true set interface traceoptions line-card trace-type configuration disable true set interface traceoptions line-card trace-type link-change disable true set interface traceoptions line-card trace-type mac-update disable true set interface traceoptions line-card trace-type packet disable true set interface traceoptions line-card trace-type packet-receive disable true set interface traceoptions line-card trace-type packet-transmit disable true set interface traceoptions line-card trace-type statistics disable true 7. Displaying the Debugging Message User can configure the debugging message in a current window. 7.1 Syslog Monitor On admin@XorPlus> syslog monitor on Nov 21 2000 22:27:39 XorPlus local0.warn : [SIF]Interface ge-1/1/3, changed state to up Nov 21 2000 22:27:41 XorPlus local0.warn : root logined the switch Nov 21 2000 22:41:18 XorPlus local0.info xinetd[1102]: START: telnet pid=7650 from=10.10.50.16 Nov 21 2000 22:41:23 XorPlus authpriv.debug login[7651]: pam_unix(login:account): account admin has password changed in future Nov 21 2000 22:41:26 XorPlus local0.warn : admin logined the switch Nov 21 2000 22:55:58 XorPlus local0.info xinetd[1102]: START: telnet pid=8039 from=10.10.51.16 Nov 21 2000 22:56:01 XorPlus authpriv.debug login[8040]: pam_unix(login:account): account root has password changed in future Nov 21 2000 23:31:13 XorPlus local0.info xinetd[1102]: START: telnet pid=9028 from=10.10.50.16 Nov 21 2000 23:31:16 XorPlus authpriv.debug login[9029]: pam_unix(login:account): account admin has password changed in future Nov 21 2000 23:31:21 XorPlus local0.warn : admin logined the switch admin@XorPlus>

Jan 09, 2026 - PicOS® vs. SONiC Operating System Comparison Document overview This document aims to comprehensively compare PicOS® and SONiC software, with a focus on showcasing the strengths of PicOS®. Through comparisons of software positioning and functionality, we will summarize the positioning advantages of PicOS® across various dimensions and explore its functional features. Readers will gain insights into these two software platforms through this document, aiding in the selection of an operating system that best suits their needs. Software positioning PicOS® features easy integration, supports multiple hardware platforms, and offers the Ampcon™ unified management platform, enhancing flexibility and efficiency in network configuration and management. Additionally, PicOS® provides extensive protocol support, including MLAG, EVPN, VXLAN, among others, delivering reliable solutions for enterprise networks and data center environments. SONiC is an open-source network operating system characterized by openness, high scalability, and programmability. Its flexible programmable interface and rich automation tools simplify network configuration and management, making it particularly suitable for environments requiring flexibility and customization. Dimensions PicOS® SONiC Operating System Linux-based network operating system supporting multiple hardware brands, including Edgecore, Delta, Dell, FS, etc. Linux-based network operating systemsupporting multiplehardware brands, including Mellanox, Broadcom, Dell, etc. Management Platform Supports the Ampcon™ management platform to simplify network management, providing a web-based user interface, and enabling zero-touch provisioning (ZTP), deployment, and lifecycle management. No unified management platform, managed basedonRESTAPI and YANG models, supporting the management of network devices in an open, standardized manner. Application Scenarios More suitable for enterprise networks and data center environments that require stability and ease of management. More suitable for large data centers and cloud serviceprovider environments that require high network automation and flexibility. Security Features Features Supports iptables firewall, IPSec, SSL/TLS, ACL, SSH, SNMPv3, etc., compatible with open-source intrusion detection systems like Snort, and supports custom security configurations. Supports standard Linux security tools such as ACL control, DDoS protection, and MACsec, suitable for high-securityrequirements in data center environments. Performance and Stability Adopts a modular design allowing independent component operation and updates, supports protocols such as PFC/ECN, BGP, OSPF, EVPN VXLAN, MLAG. Adopts a microservices architecture, with modular designsuitable for complex topologies, while supporting protocolslike BGP, OSPF, EVPN, VXLAN. Virtualization and Emulator Support Provides PicOS-V, which supports free virtual machines (VMs) without the requirement for switch hardware. PicOS-V can run on popular virtual machine management programs like VMware, GNS3, and VirtualBox. Does not directly provide virtualization or emulator support. To run and test in a virtualized environment, users needtochoose other tools or platforms to implement it themselves. Software Updates and Lifecycle Regularly releases stable version updates by the team, with a relatively controllable update pace, clear lifecycle management. It also provides stable maintenance versions, allowing flexible patch releases to address urgent customer issues. Driven by the open-source community for updates, it mayhave a higher update frequency. The community introducesfeatures and optimizations based on demand, but thequality and stability of updates rely on the community'smaintenance efforts and vendor support for secondarydevelopment. Support and Services Provides official support and extensive third-party hardware compatibility, ensuring fast response times. Additionally, it offers software customization services to tailor and develop specific features based on customer business needs. Relies on community support and support frompartners, with relatively limited commercial support. Users may needan internal technical team to address the majority of technical issues. Learning Costs Based on the Linux system, supports common Linux commands and automation tools (such as Ansible), suitable for existing Linux technical teams with low learning costs. As an open-source project with complex networking functionalities and configuration options, the learningcurvefor new users may be steep, requiring time and effort tobecome familiar with the system. Software function Compared with SONiC, PicOS® has more comprehensive support for Layer 2 functions and securityfunctions, and has more advantages in supporting important functions such as Voice VLAN, DynamicARPinspection (DAI), and NAC, and can provide more complete network management and security guarantees. Primary Specifications Secondary Specifications PicOS® SONiC System Management System time management: manual method, NTP, PTP Y Y Layer 2 Switching Configuration Voice VLAN Y N Spanning Tree Protocol Y Y Private VLAN Y N Ethernet Ring Protection Switching (ERPS) Y N IP Service Configuration Guide Dynamic ARP inspection(DAI) Y N Equal-Cost Multipath Routing (ECMP) Y Y IPv6 Y Y DHCP Relay Agent Y Y DHCP Snooping Y Y IP Routing Configuration OSPF Y Y OSPFv3 Y Y IPV4/IPv6 BGP Y Y IS-IS Y Y Precision-time protocol(PTP) N Y Multicas Configuration IGMP Y Y Multicast Listener Discovery(MLD) N Y PIM Y Y IGMP Snooping Y Y VPN Generic Routing Encapsulation Protocol (GRE) Y Y VXLAN VXLAN Y Y EVPN Y Y High Availability Dynamic Load Balancing Y Y Virtual Router Redundancy Protocol (VRRP) Y Y MLAG Y Y VSU(Virtual Switching Unit)【RJ】 Virtual Chassis Technology【Juniper】 N N MPLS N N EFM OAM Y N Uplink Failure Detection (UFD) Y N Lossless Network PFC, Priority Flow Control Y Y PFC Wachdog Y Y ECN, Explicit Congestion Notification Y Y DLB, Dynamic Load Balancing Y Y Security Media Access Control Security (MACsec) N Y NAC Y N IPv4SG (IPv4 Source Guard) Y N IPv6SG (IPv6 Source Guard) Y N QoS Service Configuration Queue scheduler Y Y Traffic policing Y Y Congestion management : WRED Y Y Congestion avoidance : ECN Y Y Network Management and Monitoring RESTCONF Y Y NETCONF Y Y POE(Power over Ethernet) Y N/A Telemetry Protocol Y Y SDN Y Y Remote Network Monitoring (RMON) Y N Online resources PicOS® Enterprise Switches: https://www.fs.com/c/picos-enterprise-switches-4223 PicOS® Data Center Switches: https://www.fs.com/c/picos-data-center-switches-5125 AmpCon™-DC Platform: https://www.fs.com/c/ampcon-campus-platform-5513 AmpCon™-Campus Platform: https://www.fs.com/c/ampcon-dc-management-platform-4227