HPE Community
Switching and Routing
1819734 Members
2954 Online
109606 Solutions
New Discussion

What to use for secondary image on a switch

 
zibby8008315
Occasional Visitor

‎07-14-2021 08:57 AM

‎07-14-2021 08:57 AM

What to use for secondary image on a switch

The primary image on my switches was pretty old...so much so that the switches showed up in a vulnerability scan.  So I've updated the primary image to the latest version on all of my switches.

My question is...what should I have for the secondary image?  The latest version?  One version behind?  Something else?

 

0 Kudos
2 REPLIES 2
Ivan_B
HPE Pro

‎07-14-2021 10:26 AM

‎07-14-2021 10:26 AM

Re: What to use for secondary image on a switch

Hi @zibby8008315 !

It is really up to you, but a common sense tells me it's good to have there a version that is not much older than the current image. Generally the logic behind those slots can be as follows (this doesn't exclude other rotation schemes, just an example):

- You buy and deploy the device. Primary: v1, Secondary: v1 (version numbers are arbitrary, just for illustration I will use simple integers)
- You decide to upgrade the software, but want to keep the current version just in case things go wrong. Primary: v2, Secondary: v1
- Next planned upgrade, same logic - we need to try newer version while keeping the current one in case the new one won't work well. Primary: v2, Secondary: v3. Use command "boot set-default flash secondary" to set the Secondary image as the default one
- Next planned upgrade. Primary: v4, Secondary: v3. Use command "boot set-default flash primary" to set the Primary image as the default one
etc...

I hope you got the logic - keep the current version in its Slot and use another slot for the newer version. 

 

I am an HPE employee

Accept or Kudo

parnassus
Honored Contributor

‎07-14-2021 12:45 PM - edited ‎07-14-2021 12:47 PM

‎07-14-2021 12:45 PM - edited ‎07-14-2021 12:47 PM

Re: What to use for secondary image on a switch

Hi @zibby8008315 

Add to the perfect example suggested by @Ivan_B just one additional point after the 2nd step:

- ONCE Primary slot is upgraded to v2 image (while Secondary slot is left with non booted v1 image) AND you evaluate that running v2 image is OK for your configuration, THEN do flash the Secondary slot v1 with the booted image v2 used on the Primary slot (the command is: copy flash flash secondary <- it copies/flashes the current running flash image - actually v2 image on Primary slot - into the Secondary slot without requiring you to (re)boot the switch since you don't change the already booted code [*]); both Secondary and Primary are now flashed with v2 identical images.

That's just to say that, in case you don't update too frequently, bewteen consecutive update procedures you're able to run a Switch with both flash images made equal (which is not a bad idea ONCE you verify the running code is OK).

[*] the command refers to legacy HP ProVision OS based switches or to newer HPE Aruba ArubaOS-Switch OS based switches.


I'm not an HPE Employee
Kudos and Accepted Solution banner
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.