M8 V800R022C00SPC600 Upgrade Guide

NetEngine 8000 M8,M14&PTN6900-2-M8C,M14&NE40E-X2-
M14
V800R022C00SPC600
Upgrade Guide
Issue 01
Date 2022-10-31
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2023. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees
or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: https://www.huawei.com
Email: support@huawei.com
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. i

NetEngine 8000 M8,M14&PTN6900-2-
M8C,M14&NE40E-X2-M14
Upgrade Guide About This Document
About This Document
Purpose
This document provides instructions on how to upgrade routers to V800R022C00SPC600.
This document applies to the upgrade from an earlier version to V800R022C00SPC600. For
details about the supported upgrade paths, see 1.1 Upgrade Notes for Versions.
Intended Audience
This document is intended for:
 System maintenance engineers
 Data configuration engineers
 Network monitoring engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates an imminently hazardous situation which, if
not avoided, will result in death or serious injury.
Indicates a potentially hazardous situation which, if not
avoided, could result in death or serious injury.
avoided, may result in minor or moderate injury.

avoided, could result in equipment damage, data loss,
performance deterioration, or unanticipated results.
NOTICE is used to address practices not related to
personal injury.
Calls attention to important information, best practices
and tips.
NOTE is used to address information not related to
personal injury, equipment damage, and environment
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. ii

Upgrade Guide About This Document
Symbol Description
deterioration.
Change History
Issue Date Description
01 2022-10-31 This issue is the first official release.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. iii

Upgrade Guide Contents
Contents
About This Document ............................................................................................................... ii

1 Before You Start ........................................................................................................................ 1
1.1 Upgrade Notes for Versions ................................................................................................................................... 1
1.1.1 Upgrade Notes for the NetEngine 8000 M14, PTN 6900-2-M14, and NE40E-X2-M14 Products .......................... 1
1.1.2 Upgrade Notes for the NetEngine 8000 M8 and PTN 6900-2-M8C Product ......................................................... 3
1.2 Upgrade Schemes .................................................................................................................................................. 4
1.3 Impact of the Upgrade ........................................................................................................................................... 5
1.3.1 Impact on the System During the Upgrade .......................................................................................................... 5
1.3.2 Impact of the Upgrade on the System .................................................................................................................. 5
1.4 Precautions............................................................................................................................................................ 6
1.5 Precautions for IFIT Deployment During Upgrade ................................................................................................10
1.6 Board Memory Optimization ................................................................................................................................ 11
1.7 Installing the IKEv1 MOD File .............................................................................................................................13
1.8 Security Hardening ...............................................................................................................................................14
1.8.1 Upgrade Description of E-Trunk Deployment ....................................................................................................14
1.8.2 Upgrade Description of Security Hardening Related to Default Configurations ...................................................16
1.8.3 Upgrade Description of License Algorithms .......................................................................................................20
1.8.4 Security Description of CRL File Loading..........................................................................................................20
2 Upgrade Process Overview ................................................................................................... 23

3 Preparing for the Upgrade .................................................................................................... 25
3.1 Pre-upgrade Checklist...........................................................................................................................................25
3.2 Preparing Spare Parts............................................................................................................................................26
3.3 Using the OpenPGP Tool to Verify Integrity of a File ............................................................................................27
3.4 Obtaining Upgrade Reference Documents .............................................................................................................27
3.5 Checking the Curent System Software Version ......................................................................................................28
3.6 Checking the Operating Status of the Device .........................................................................................................28
3.7 Establishing an Upgrade Environment Using SFTP ...............................................................................................34
3.8 Backing Up Key Data Saved in the cfcard .............................................................................................................35
3.9 Checking Remaining Space in the cfcard ..............................................................................................................36
4 Performing the Upgrade ........................................................................................................ 39

4.1 Upgrading the System Software Using uUpgrade ..................................................................................................39
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. iv

Upgrade Guide Contents
4.2 Upgrading the System Software Using Command Lines ........................................................................................41

4.3 Upgrading the System Software Using the BootROM ...........................................................................................51
5 Verifying the Upgrade ........................................................................................................... 58

5.1 Verification Checklist ...........................................................................................................................................58
5.2 Verifying the System Software Version .................................................................................................................59
5.3 Verifying that Boards Successfully Register ..........................................................................................................60
5.4 Verifying that the GTL License Functions Properly ...............................................................................................60
5.5 Verifying the Version Consistency on Components ................................................................................................61
5.6 Verifying the Running Status of the Device ...........................................................................................................62
5.7 Verifying Configurations.......................................................................................................................................62
5.8 Verifying Services ................................................................................................................................................63
6 Rolling Back to the Source Version ..................................................................................... 64

6.1 Rolling Back to the Source Version Guide .............................................................................................................64
6.2 Application Scenario.............................................................................................................................................64
6.2.1 Precautions ........................................................................................................................................................65
6.2.2 One-Command Version Rollback .......................................................................................................................69
6.3 Verifying the Rollback ..........................................................................................................................................70
7 Troubleshooting ..................................................................................................................... 72
7.1 Boards or Fans Fail to Be Upgraded ......................................................................................................................72
7.1.1 Fault Symptom ..................................................................................................................................................72
7.1.2 Fault Analysis ....................................................................................................................................................72
7.1.3 Troubleshooting Procedure (Board Firmware EPLD Fault) .................................................................................73
7.2 IPU Fails to Be Registered ....................................................................................................................................74
7.2.1 Fault Symptom ..................................................................................................................................................74
7.2.2 Fault Analysis ....................................................................................................................................................74
7.2.3 Troubleshooting Procedure ................................................................................................................................75
7.3 System Software on the Device Is Incorrect or No System Software Exists ............................................................75
7.3.1 Fault Symptom ..................................................................................................................................................75
7.3.2 Fault Analysis ....................................................................................................................................................75
7.3.3 Troubleshooting Procedure ................................................................................................................................75
8 Configuring the Default Configuration File ...................................................................... 76

A Uploading/Downloading Files ............................................................................................ 81
B Memory and CPU Usage of Boards ..................................................................................... 86
C Shortcut Key Usage on the Serial Interface ....................................................................... 87
D BootLoad Menu Usage ......................................................................................................... 89
E Upgrade Record...................................................................................................................... 95
F Acronyms and Abbreviations............................................................................................... 97
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. v

Upgrade Guide 1 Before You Start
1 Before You Start
1.1 Upgrade Notes for Versions

1.2 Upgrade Schemes
1.3 Impact of the Upgrade
1.4 Precautions
1.5 Precautions for IFIT Deployment During Upgrade
1.6 Board Memory Optimization
1.7 Installing the IKEv1 MOD File
1.8 Security Hardening
1.1 Upgrade Notes for Versions

1.1.1 Upgrade Notes for the NetEngine 8000 M14, PTN 6900-2-
M14, and NE40E-X2-M14 Products
For information about how to upgrade the NetEngine 8000 M14, PTN 6900-2-M14, and
NE40E-X2-M14 products, refer to the upgrade procedure in this document.
The following table lists the upgrade information about the NetEngine 8000 M14, PTN 6900-
2-M14, and NE40E-X2-M14 products.
Table 1-1 Upgrade information of historical versions that can be upgraded
package Historical Version Description

model
NetEngine V800R012C00SPC300 Refer to the procedure in this document to
8000 M14 upgrade the version.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 1

package Historical Version Description

model

PTN 6900-2- V800R012C00SPC300 Refer to the procedure in this document to
M14 upgrade the version.
NE40E-X2- V800R012C00SPC300 Refer to the procedure in this document to


1.1.2 Upgrade Notes for the NetEngine 8000 M8 and PTN 6900-2-
M8C Product
1. For information about how to upgrade the NetEngine 8000 M8 and PTN 6900-2-M8C
products, refer to the upgrade procedure in this document.
2. The following table lists the upgrade information about the NetEngine 8000 M8 and
PTN 6900-2-M8C products.
Table 1-2 Upgrade information of historical versions that can be upgraded
Package Historical Description

Model Version
NetEngine V800R012C00SP Refer to the procedure in this document to upgrade
8000 M8 C300 the version.
PTN 6900-2- V800R012C00SP Refer to the procedure in this document to upgrade
M8C C300 the version.

1.2 Upgrade Schemes

Table 1-3 lists upgrade schemes supported by routers.
Table 1-3 Upgrade schemes supported by routers
Upgrade Usage Advantage Prerequisites Section

Scheme Scenario
uUpgrade This mode is The operation  Version For details, see
(recommended) recommended procedure is software uUpgrade Tool
when the device simple. transfer Guide.
is running iUpgrade can requires the
properly. record and support of
compare check the network
items before environment
and after the .
upgrade, and  A third-
supports batch party
upgrade. FTP/TFTP
server
program is
required.
 The CF card
has enough
space to
store the
target
version
software
package and
target patch.
Use command The router is Use this scheme A server is 4.2 Upgrading
lines for a direct operating and to upgrade any available to the System
upgrade to carrying source version. transmit system Software Using
V800R022C00 services The upgrade software. Command
SPC600 properly. procedure is The router has Lines
(recommended) simple and the been configured
impact on as an SFTP
services is server or a
minimal. third-party
SFTP server
application has
been installed.
BootROM The BootROM Any source Network 4.3 Upgrading
upgrade scheme version can be resources are the System
is applicable to upgraded using available to Software Using
the following this scheme. If transfer system the BootROM
scenarios: the system software files.
 The router is software fails to
upgraded for be installed
the first when the router

Upgrade Usage Advantage Prerequisites Section

Scheme Scenario
time, and its is faulty, only
system this scheme is
software is applicable.
faulty or NOTE
unavailable. The upgrade
 Both IPUs procedure is
fail to be complicated and
registered services may be
affected.
after the
router is
restarted to
install the
target
system
software.
 After the
target
system
software is
installed, the
master IPU
can be
registered,
but the slave
IPU fails to
be
registered.
1.3 Impact of the Upgrade

1.3.1 Impact on the System During the Upgrade
Services will be interrupted after the upgrade is complete and the router is restarted. If the
router has not been configured, the restart takes about 10 minutes. If the router has been
configured, the time taken to restart the device depends on the size of the configuration file.
1.3.2 Impact of the Upgrade on the System
For detailed information about feature and command updates after an upgrade, see
V800R022C00SPC600 Delta Information.

Impact on command lines

Some command lines in the source version are different from those in V800R022C00SPC600.
After the upgrade, some configurations are no longer effective. To ensure that configuration
files after the upgrade are complete, see the source version V800R022C00SPC600 Delta
Information.
Before the upgrade, use the uMC tool (downloaded at https://tools-umc.huawei.com) to
perform evaluation and configuration conversion. For detailed tool operations, contact
Huawei technical support engineers.
1.4 Precautions
Contact Huawei technical personnel for assistance and support during the upgrade process.
Note the following function about administrator rights, password, and login management:
 Log in through the console port
The non-authentication mode has been canceled. When you log in for the first time, you
must configure a password and keep this password properly.
 Telnet/SSH login The non-authentication mode has been canceled.
Choose to specify the authentication mode as AAA or password. If you do not specify an
authentication mode, Telnet or SSH users cannot log in.
 Administrator password management
Simple authentication is no longer supported for newly configured local users in the
target version. If passwords in simple authentication have been set, they are retained after
an upgrade. Changing the passwords to ciphertext passwords is recommended.
Before you upgrade a version earlier than V800R010C10SPC100 to V800R022C00SPC600
or later, save the configuration file of the source version. If the upgrade fails, you can roll
back to the source version using the saved configuration file.
 License version compatibility: To cope with the increasingly severe security situation,
the digital signature algorithm of the product license is upgraded from V800R021C00 to
RSA3072. Therefore, pay attention to the version compatibility when using the license
file.
− The license applied for in V800R021C00 and later versions cannot be used in
V800R0013 and earlier versions.
− The license applied for in V800R013 and earlier versions can continue to be used in
V800R021C00 and later versions.
− If the device that supports version downgrade is delivered with V800R021C00 and
the license of the corresponding version and the version needs to be downgraded to
a version earlier than V800R021C00 on the live network, you need to apply for the
license of the earlier version on the ESDP website.

 As the memory size of some boards is relatively small, when a large amount of memory is
consumed in heavy traffic scenarios, service performance or functions may be
compromised. In V800R021C00SPC100, the zRAM feature is added on some types of
boards. zRAM can compress the system memory, which is equivalent to increasing the
available memory of the system.
 zRAM newly supports main control boards and case-shaped devices with 8 GB or less
memory, and interface boards (LPUs and NPUs only) with 2 GB or less memory. The
available memory of a board with 1 GB memory can increase by 150 MB. If the memory
size of a board is greater than or equal to 2 GB, its total memory size can increase by 1/4.
For example, if the memory size of a board is 8 GB, its available memory size can
increase by 2 GB; if the memory size of a board is 4 GB, its available memory size of the
board can increase by 1 GB; if the memory size of a board is 2 GB, its available memory
size can increase by 512 MB.
 After an upgrade, the display of memory usage on a zRAM-enabled main control board
and case-shaped device is optimized. Specifically, in the display health command output,
the value of Total increases by 1/4 of the total memory size, and the value of Used
increases by 200 MB for a board with 2 GB or less memory and by 300 MB for a board
with 4 GB or more memory (the increase indicates the expected cache consumption). The
value of Memory Usage changes accordingly.
 After an upgrade, the display of memory usage on a zRAM-enabled interface board is
optimized. Specifically, in the display health command output, the value of Total
increases by 512 MB for a 2-GB board and 150 MB for a 1-GB board. The value of Used
increases by 200 MB for a board with 2 GB or less memory (the increase indicates the
expected cache consumption). The value of Memory Usage changes accordingly.
The following uses the NetEngine 8000 M8 as an example to describe the memory change
before and after an upgrade.
Before the upgrade:
<HUAWEI> display health
----------------------------------------------------------------
Slot CPU Usage Memory Usage(Used/Total)
----------------------------------------------------------------
10 IPU(Master) 21% 46% 3276MB/7022MB
9 IPU(Slave) 14% 36% 2541MB/7022MB
----------------------------------------------------------------
After the upgrade:
----------------------------------------------------------------
----------------------------------------------------------------
10 IPU(Master) 21% 39% 3576MB/9070MB
9 IPU(Slave) 14% 31% 2841MB/9070MB
----------------------------------------------------------------
Precautions for Upgrading the NetEngine 8000 M14 and PTN 6900-2-M14
If the NetEngine 8000 M14 or PTN 6900-2-M14 is to be upgraded from
V800R012C00SPC300 to a later version, you need to install V800R012SPH019 or a later
patch first; otherwise, an error message is displayed when you specify the system software file
for the next startup. An error message example on the NetEngine 8000 M14 is as follows:

<HUAWEI> startup system-software NetEngine8000-M8-M14_V800R022C00SPC600.cc all

Error: The system file does not match with the current device in slot 15, please
check the file.
Error: The system file does not match with the current device in slot 16, please
check the file.
For details about how to select and load a patch file, see Patch Release Notes.
Upgrade Precautions for the NetEngine 8000 M14, NE40E-X2-M14, and PTN 6900-
2-M14
If the device model is NetEngine 8000 M14, NE40E-X2-M14, or PTN 6900-2-M14 with two
main control boards and the EPLD version is 100, ensure that you succeed in logging in to the
device at least once during the upgrade. Otherwise, the upgrade of the standby main control
board takes a long time (about 40 minutes).
To determine the EPLD version, run the display version command and check the EPLD field
in the command output.
IPU version information:
IPU (Master) 15 : uptime is 0 day, 12 hours, 59 minutes
StartupTime 2020/11/30 21:40:49
SDRAM Memory Size : 16384 M bytes
FLASH Memory Size : 128 M bytes
CFCARD Memory Size : 4096 M bytes
IPU CR8D0IPU2TC1 version information
CPU PCB Version : DP51CPUA REV A
EPLD Version : 100
NPU PCB Version : CR81IPU2TAS REV A
EPLD Version : 100
FPGA Version : 110
NP Version : 100
TM Version : 100
NSE Version : NSE REV A
BootROM Version : 08.15
The automatic EPLD upgrade process is as follows:

1. The device restarts.
2. The active main control board registers, and then the standby main control board
automatically upgrades the EPLD and registers.
3. When data synchronization between the two main control boards is completed, an
active/standby main control board switchover is automatically performed, which triggers
a restart of the original active main control board.
4. The new standby main control board automatically upgrades the EPLD. After the EPLD
is upgraded on the new standby main control board, data synchronization is performed.
When the data synchronization is completed, the EPLD is successfully upgraded on both
main control boards.

 During an EPLD upgrade, do not power off or remove and then insert boards. Otherwise,
the boards may fail to work properly.
 During the EPLD upgrade, subcard registration starts only after the standby main control
board registers. This takes about 15 minutes. If the standby main control board fails to
register repeatedly due to an exception, the subcard registration is suppressed for an hour.
In this case, you can manually remove and then insert the faulty main control board to
speed up subcard registration.
Precautions for Upgrading 03033BLN Subcards

Assume that 03033BLN subcards are used and the system software needs to be upgraded
from a version earlier than V800R012C10SPC300 to V800R012C10SPC300 or a later
version. If DCN is disabled on GigabitEthernet 0/x/8 or GigabitEthernet 0/x/9 before the
upgrade, it is automatically enabled after the upgrade. If you do not want to enable DCN after
the upgrade, run the undo dcn command on the corresponding interface.
Precautions for the Upgrade

Stage Precautions
Pre-upgrade Ensure that the logging function is enabled to record upgrade operations.
Ensure that no power migration operations are performed before upgrade.
Upgrade in  Do not power off or restart the router, or remove or install any boards
process during the upgrade.
 All commands with the slave parameter are applicable only when dual
IPUs are available.
 The NetEngine 8000 M series devices do not have independent SFUs.
Therefore, the upgrade of independent SFUs is not required.
 Do not perform an upgrade if the board CPU usage exceeds 90%. High
CPU usage slows down the upgrade process or results in an upgrade
failure. Stop the operation and wait for a period of time. If the CPU
usage is higher than 75% for a long time, contact Huawei technical
support. You are advised to perform the upgrade after the CPU usage
falls below 75%.
Post-upgrade After the upgrade is complete, ensure that all boards and subcards are
registered properly and no data is lost.
Upgrade References
 Before the upgrade, contact Huawei technical personnel or log in to Huawei support
website to download the reference documents that may be used during the upgrade. (The
reference documents vary according to SPC versions. Therefore, obtain the reference
documents of the corresponding SPC versions.) For enterprise users, visit
https://support.huawei.com/enterprise. For carrier users, visit https://support.huawei.com.
− Upgrade Guide
− Release Notes

− GTL License Application Guide

− PAF Selection Guide
− Version Mapping
− Command, alarm, and MIB delta information
For details, see 3.4 Obtaining Upgrade Reference Documents.
 Follow instructions in this document and record all operations in E Upgrade Record .
The records will help troubleshoot possible upgrade problems or a failure.
 Before changing the system software, determine whether to apply for a GTL license. For
information about how to select a GTL license file, see the GTL License Application
Instructions.
1.5 Precautions for IFIT Deployment During Upgrade

IFIT configurations in a version earlier than V800R012C10SPC300 (old version) are
incompatible with those in V800R012C10SPC300 or later (new version). If IFIT
configurations exit in both old and new versions, services are interrupted. Therefore, on a
network where IFIT services are deployed, ensure that devices all run an old or a new version
during service upgrade.
If IFIT services have been deployed on the network, you need to disable IFIT services before
upgrading the devices to a new version. Then, upgrade all devices and deploy IFIT again.
Otherwise, service traffic forwarding will be interrupted during the upgrade.
To disable the IFIT service, perform the following steps:

Step 1 Enter the system view.
<HUAWEI>system-view
Enter system view,return user view with return command.
Warning: The slave board is not in position. Exercise caution when performing this
operation.
Step 2 Run the undo ifit command to disable global IFIT services, and run the commit command to
commit the configuration.
[~HUAWEI]undo ifit
Warning: This operation will delete all IFIT instances. Continue? [Y/N]:y
[*HUAWEI]commit
----End
The license control of IFIT services in versions earlier than V800R021C00SPC100 (old
versions) is different from that in V800R021C00SPC100 and later versions (new versions).
After a device running an old version is upgraded to a new version, if IFIT Enhanced Package
and IFIT Poor-QoE Demarcation Package are not included in the license, the number of
newly generated IFIT hop-by-hop dynamic flow (transitinput and transitoutput) instances is
limited. If automatic flow learning and reverse flow learning are not configured before the
upgrade, the functions cannot be configured after the upgrade due to license restrictions. In

addition, the number of newly configured static hop-by-hop instances is limited. If the
preceding configurations already exist on the device before the upgrade, the original
configurations are not affected, and a license inactive alarm is reported. If the preceding
functions are not configured before the upgrade but need to be configured after the upgrade,
load the IFIT Poor-QoE Demarcation Package (the IFIT hop-by-hop dynamic flow function
and number of static hop-by-hop instances) and IFIT Enhanced Package (automatic flow
learning and reverse flow learning) before the upgrade.
1.6 Board Memory Optimization

The continuous increase of service traffic and deployment of new features result in ever-
increasing memory usage on a device. To prevent memory from becoming a bottleneck that
hinders long-term evolution, the memory of 8 GB boards is optimized in
V800R022C00SPC600, which reduces the CPU consumption and the memory consumption
by 500 MB to 900 MB (varying according to the number of configured command lines) after
an upgrade to the target version.
The process deployment modes of V800R022C00SPC600 and later greatly differ from those
of earlier versions. In an upgrade to V800R022C00SPC600 or later, the system automatically
uses the CFG upgrade mode, which takes a longer time than the DB upgrade mode. This
impact is not involved in an upgrade of V800R022C00SPC600 or later.
The upgrade duration to be prolonged varies according to the number of configured command
lines. For example, if 50,000 command lines are configured, the memory consumption is
reduced by 940 MB, the upgrade duration is prolonged by about 7 minutes, and the overall
upgrade duration is about 15 minutes (with the successful login time being considered the end
time of the duration).
Only the first time of upgrade to V800R022C00SPC600 or later takes a longer time. After the
first time of upgrade is complete, the startup duration at a device restart or board replacement
is not affected, and the duration of an upgrade from V800R022C00SPC600 to a later version
is not affected.
It is common to have 50,000 command lines configured. If excessive command lines are
configured, plan the operation window properly. In a test with 200,000 command lines
configured, it takes 37 minutes before a login is allowed (30 minutes longer than that in the
upgrade scenario without the board memory optimization feature).
Memory information before the upgrade (50,000 command lines exist):

----------------------------------------------------------------
----------------------------------------------------------------
9 IPU(Master) 33% 58% 5461MB/9372MB
10 IPU(Slave) 17% 45% 4291MB/9372MB
----------------------------------------------------------------
Memory information after the upgrade (50,000 command lines exist):

----------------------------------------------------------------


----------------------------------------------------------------
9 IPU(Master) 31% 48% 4514MB/9366MB
10 IPU(Slave) 18% 35% 3359MB/9366MB
----------------------------------------------------------------
Benefit and cost analysis: Assuming that 50,000 command lines are configured, the memory
consumption is reduced by more than 900 MB, and the CPU usage is reduced by about 2%
after an upgrade to the target version. The upgrade takes about 15 minutes, which is 7 minutes
longer than that in the upgrade scenario without the board memory optimization feature.
Check whether a board is an 8 GB one as follows:
The SDRAM Memory Size field in the display version command output indicates the total
physical memory size.
<HUAWEI> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.221 (NetEngine 8000 V800R022C10SPC500)
Copyright (C) 2012-2022 Huawei Technologies Co., Ltd.
HUAWEI NetEngine 8000 M8 uptime is 2 days, 0 hour, 3 minutes
NetEngine 8000 M8 version information:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
BKP version information:
PCB Version : CR81BKP08A REV B
IPU Slot Quantity : 2
CARD Slot Quantity : 8
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IPU version information:
IPU (Master) 9 : uptime is 2 days, 0 hour, 1 minute

StartupTime 2023/01/16 08:17:00
SDRAM Memory Size : 8192 M bytes
FLASH Memory Size : 64 M bytes
CFCARD Memory Size : 4096 M bytes
IPU CR8DIPU1T2C1 version information:
PCB Version : CR81IPU1T2C1 REV B
EPLD Version : 105
FPGA Version : 104
NP Version : 100
TM Version : 100
NSE Version : NSE REV A
BootROM Version : 08.99
PIC1: CR5D00LAXF91 version information
StartupTime : 2023/01/16 08:19:09
PCB Version : CR51LAXFE0 REV B
EPLD Version : 108
FPGA Version : 105
CHIP Version : 100
PIC2: CR5D0E5XMF94 version information
StartupTime : 2023/01/16 08:19:05
PCB Version : CR51E2VBC0 REV A
EPLD Version : 107
FPGA Version : 001
CHIP Version : 100
PIC3: CR5D00E4XM25 version information

StartupTime : 2023/01/16 08:19:08

PCB Version : CR51E4YFA0 REV A
EPLD Version : 108
FPGA Version : 105
CHIP Version : 100
PIC4: CR5D0E5XMF94 version information
StartupTime : 2023/01/16 08:19:08
PCB Version : CR51E2VBC0 REV A
EPLD Version : 107
FPGA Version : 001
CHIP Version : 100
PIC5: CR5DE2NE4X14 version information
StartupTime : 2023/01/16 08:19:10
PCB Version : CR51E2NBF1 REV A
FPGA Version : 002
CHIP Version : 100
PIC6: CR8DE1NE2VC1 version information
StartupTime : 2023/01/16 08:19:16
PCB Version : CR81E2VBD0 REV B
FPGA Version : 108
FPGA2 Version : 108
CHIP Version : 000
PIC7: CR5D00EAGF95 version information
StartupTime : 2023/01/16 08:19:01
PCB Version : CR51EAGF0 REV D
EPLD Version : 107
PIC8: CR8D00E4XFC1 version information
StartupTime : 2023/01/16 08:19:10
PCB Version : CR81E4XA0 REV B
FPGA Version : 002
CHIP Version : 100
1.7 Installing the IKEv1 MOD File

V800R012C10SPC300 and later versions do not support IKEv1. If IKEv1 is used in
V800R012C10SPC300 and later versions, IPsec services will be adversely affected after the
upgrade. To use the IKEv1 function, download an IKEv1 MOD file first. To do so, log in to
https://support.huawei.com or https://support.huawei.com/enterprise , apply for a software
package, and download a correct MOD file together with the software package.
Perform the following operations to check whether the IKEv1 function is enabled on a device:
1. Check the IKEv1 configuration. Check whether the IKEv1 peer configuration exists.
<HUAWEI>display ike peer brief | include v1
Info: It will take a long time if the content you search is too much or the
string you input is too long, you can press CTRL_C to break.
current ike peer number: 2
---------------------------------------------------------------------
Peer Name Version Exchange-mode Proposal Id-type RemoteAddr
---------------------------------------------------------------------
peer860_1 v1 main 60 ip 40.0.0.0 40.1.4.0
The command output contains the peer configuration, indicating that the IKEv1
configuration exists. Then go to the next step.

2. Check whether an IKEv1 tunnel is established for each peer.

<HUAWEI>display ike sa | include v1
current sa Num :2000
Single-homing :2000 Multi-homing M and M|B :0 Multi-homing S and
S|B :0
None-backup sa :2000 Backup sa :0
Spu board slot 8, IKE SA Information:
Current IKE SA number: 2
-----------------------------------------------------------------------------
conn-id peer flag phase ext vpn
-----------------------------------------------------------------------------
954 10.0.0.149 RD v1:2 - -
57443 10.0.0.149 RD|ST v1:1 - -
If tunnel information is displayed, IKEv1 tunnel information is in use. In this case, the
IKEv1 MOD file needs to be installed.
If the IKEv1 MOD file is not installed and an upgrade is performed, the IKEv1
configuration will be lost, IPsec services will be adversely affected, and no IKEv1 tunnel
can be established.
 By default, the IKEv1 function is not supported in the target version. After the upgrade, the IKEv1
configuration will be lost, and IPsec services will be adversely affected.
 For the IKEv1 MOD-based upgrade in a dual-system environment, upgrade the backup device and
then the master device. If the IKEv1 MOD file is not installed on the backup device, the device
cannot receive the backup data of IKEv1 tunnels.
 If IKEv1 is configured but the IKEv1 MOD file is not specified for the next startup, the IKEv1
configuration will be lost after an upgrade. As a result, the restored configurations become
inconsistent with those on the peer end, and tunnels cannot be established. In this case, check the
IKEv1-related configurations and reconfigure the IPsec and IKE encryption and authentication
algorithms.
----End
1.8 Security Hardening

1.8.1 Upgrade Description of E-Trunk Deployment
In V800R021C00SPC100 and later versions, E-Trunk does not support authentication based
on the default key. After an E-Trunk is created, if no encryption key is configured, E-Trunk
negotiation with the peer end fails. If a version earlier than V800R021C00SPC100 is not
configured with an encryption key, the default key is used after the version is upgraded. As a
result, the E-Trunk function cannot be used after the upgrade, affecting service deployment
that depends on the function.
If E-Trunk has been deployed before an upgrade, check whether a key has been configured. If
not, configure the same key (different from the default key 00E0FC0000000000) in the E-
Trunk view on both ends of the E-Trunk before the upgrade. The default key cannot be used
for authentication after the upgrade. If you do not perform this configuration, E-Trunk
negotiation will fail after the upgrade, affecting services.

To configure an E-Trunk encryption key, perform the following steps:

Step 1 Check whether the E-Trunk feature is deployed. If not, upgrades are not affected.
[HUAWEI]display e-trunk brief
E-TRUNK-ID State VPN-Instance Peer-IP Source-IP
----------------------------------------------------------------------------------
-----------------
1 Master _public_ - -
2 Master _public_ - -
----------------------------------------------------------------------------------
-----------------
Total:2 Master:2 Backup:0 Init:0
Step 2 In the existing E-Trunk view, check whether an encryption key is configured. If an encryption
key is configured, as shown in the following command output, the upgrade of the E-Trunk is
not affected.
[HUAWEI-e-trunk-1]display this
#
e-trunk 1
security-key simple root@123
authentication-mode enhanced-hmac-sha256
#
return
If an encryption key is not configured in the E-Trunk view, as shown in the following
command output, the upgrade of the E-Trunk will be affected.
#
e-trunk 2
#
return
Step 3 Configure an encryption key in the E-Trunk view where an encryption key does not exist.
Note: Configure the same encryption key in the E-Trunk view on both ends of an E-Trunk.
[HUAWEI-e-trunk-2]security-key cipher Root@1234
[HUAWEI-e-trunk-2]disp
#
e-trunk 2
security-key cipher %^%#e+,;P~l@H9Tk]{%K)b9Ad_ZgS/th}5N"i_>!E&N*%^%#
#
return
Step 4 After the configuration is complete, run the display e-trunk command to check whether E-
Trunk negotiation works normally. If the State field value is Master or Backup and the Send
and Receive field values increase normally, the E-Trunk function is normal. Otherwise, check
whether the encryption keys configured on both ends of the E-Trunk are the same.
[HUAWEI-e-trunk-1]display e-trunk 1
The E-Trunk information
E-TRUNK-ID : 1 Revert-Delay-Time (s) : 120
Priority : 100 System-ID : 38ba-234a-ed02

VPN-Instance : _public_
Peer-IP : 1.1.1.1 Source-IP : 1.1.1.2
State : Master Causation : PRI
Send-Period (100ms) : 10 Fail-Time (100ms) : 200
Receive : 7 Send : 25
RecDrop : 0 SndDrop : 0
Peer-Priority : 100 Peer-System-ID : 38ba-26be-9a01
Peer-Fail-Time (100ms) : 200 BFD-Session : -
Description : -
Sequence : Disable
Dynamic-BFD : Disabled BFD-State : -
TX (ms) : - RX (ms) : -
Multiplier : -
----End
1.8.2 Upgrade Description of Security Hardening Related to

Default Configurations
In V800R022C00SPC600 and later versions, the following security hardening configuration is
included in the default configuration file: Weak algorithms are disabled globally.
To ensure that weak algorithms can still be used after configurations are cleared or default
configurations are restored in the target version, activate the custom_default.defcfg file of
the matching version before the upgrade.
Security Hardening Configuration Deleted Configuration Added to or

from the Default Reserved in the Default
Configuration File Configuration File
Strong verification on weak - #
algorithms (which forbids crypto weak-algorithm disable
weak algorithms)
After the upgrade, you can run the undo crypto weak-algorithm disable command in the
system view to disable weak algorithms.
In V800R021C00SPC100 and later versions, the default account and SSH/SNMP all port
listening configuration are removed from the default configuration file of the device (only
management network port listening is retained), but the functions of first login and password
change upon the first login are added. In addition, weak algorithms are removed, and DTLS
data channel encryption is used by default in transmission mode. The removed configurations
are stored in the default-custom.defcfg file. You can tailor and load the file as needed. The
detailed changes are as follows:
1. The default account and SNMP/SSH all port listening configurations are removed from
the default configuration file. By default, only SSH login through the management
network port or login through the serial port is supported. In addition, the first-login
process is triggered upon the first login, requiring you to create a username and
password. Note that the first-login process is disabled during SSH login if the process
has been triggered during serial port login.
Securit Configuration Removed from the Default Configuration Added to or

y Retained in the Default

Harden Configuration File Configuration File

ing
Default #
account aaa
local-user root password irreversible-cipher
$1c$]f(3Q<j7uS$!0!)8@e`\+lj]vQx\2l&y-
$M(|\n_ERFU_BF$!6X$
local-user root service-type ssh
local-user root level 15
local-user root expire 2000-01-01
#
ssh user root
ssh user root authentication-type password
ssh user root service-type stelnet snetconf
ssh server-source all-interface
Enablin snmp-agent protocol source all-interface undo snmp-agent protocol source
g all-interface
SNMP undo ssh server-source all-
and interface
SSH on
all undo ssh ipv6 server-source all-
interfac interface
es
2. By default, the function of requiring a new user to change the password upon the first
login is enabled; however, this function is disabled in upgrade scenarios. To enable this
function, run the undo user-password password-force-change disable command in the
AAA view.
3. Weak algorithms are removed from the default.cfg file. If SSH-based login is used,
ensure that the login tool supports the security algorithms in the default configuration
file.
Security Configuration Removed from the Default Configuration Added to or

Hardenin Configuration File Retained in the Default
g Configuration File
Weak ssh server key-exchange ssh server key-exchange
algorithm dh_group_exchange_sha256 dh_group_exchange_sha256
dh_group_exchange_sha1
dh_group14_sha1 ecdh_sha2_nistp256
ecdh_sha2_nistp384 ecdh_sha2_nistp521
ssh server publickey ecc rsa rsa_sha2_256 ssh server publickey
rsa_sha2_512 rsa_sha2_256 rsa_sha2_512
ssh client key-exchange ssh client key-exchange
dh_group_exchange_sha256 dh_group_exchange_sha256

ssh client publickey ecc rsa rsa_sha2_256 ssh client publickey

4. In transmission mode, the DCN DTLS encryption channel is enabled by default. A

device uses this default configuration cannot interwork with a device running an earlier
version or a device that is not enabled with the DTLS encryption channel. If such two
devices are interconnected, the DCN login fails in transmission mode.
Security Configuration Removed from the Configuration Added to or
Hardening Default Configuration File Retained in the Default
Configuration File
Enabling the #
DCN DTLS dtls policy qx_dtls_client
encryption
channel by #
default in dcn security-mode enable
transmission #
mode
 The dcn security-mode enable command takes effect only in the default.cfg or *.defcfg
default configuration file. This command cannot be run by a user, and no configuration
information is generated for it.
 The dcn security-mode enable command automatically generates the bind client dtls-
policy qx_dtls_client command in the DCN view if a DTLS policy named qx_dtls_client
exists.
 To disable the DTLS encryption channel of DCN, run the undo bind client dtls-policy
command in the DCN view.
5. If weak algorithms and protocols exist in the system, an alarm is reported to prompt you
to perform rectification.
According to security requirements, if the system contains insecure cryptographic algorithms or

protocols, an alarm needs to be reported.
a. If weak algorithms and protocols exist in the system, the system generates the
following alarm:
<HUAWEI>display alarm active | include secure
Info: It will take a long time if the content you search is too much or
the string you input is too long, you can press CTRL_C to break.
1:Critical 2:Major 3:Minor 4:Warning
--------------------------------------------------------------------------
------
Sequence AlarmId Level Date Time Description
--------------------------------------------------------------------------
------

59 0xF10466 2 2021-10-07 11:18:40 With the development of

cryptographic technologies and the improvement of computing capabilities,
some cryptographic algorithm and protocols are deprecated. Please use more
secure algorithms and protocols. (Type=insecure algorithm)
58 0xF10466 2 2021-10-07 11:18:40 With the development of
cryptographic technologies and the improvement of computing capabilities,
some cryptographic algorithm and protocols are deprecated. Please use more
secure algorithms and protocols. (Type=insecure protocol)
--------------------------------------------------------------------------
------
b. You can run the display security risk command to query the insecure protocols or
algorithms used in the system. Perform security hardening based on Repair Action
displayed to clear the alarm.
<HUAWEI>display security risk
Risk Level : high
Feature Name : SSH_CLIENT
Risk Type : insecure-algorithm
Risk Information : Insecure key exchange algorithms (dh_group1_sha1,
dh_group_exchange_sha1, dh_group14_sha1, ecdh_sha2_nistp256,
ecdh_sha2_nistp384, ecdh_sha2_nistp521) are enabled in SSH client
Repair Action : It is recommended to disable the insecure key exchange
algorithms
Risk Level : medium

Feature Name : TELNET
Risk Type : insecure-protocol
Risk Information : The Telnet server function is used
Repair Action : Use Stelnet
If weak algorithms or protocols need to be reserved for compatibility, you can use the
following methods to shield the alarm:
Run the info-center command in the system view to filter out the alarm.
[~HUAWEI]info-center filter-id bymodule-alias system hwsecurityrisk
[~HUAWEI]info-center filter-id bymodule-alias system hwsecurityriskclear
 Before running the reset saved-configuration command or the reset button to clear the
configuration, check whether the .defcfg file is configured.
 If the default behavior of the device needs to be the same as the previous one, you can run the
startup default-configuration configuration-file command to specify the customized defcfg file
during the production of a new device.
 You can also customize the .defcfg file for a live-network device when it is upgraded to
V800R021C00SPC100 or later If you add the preceding removed configurations to the
customized .defcfg file, the device retains the same default configuration restoration behavior as that
in the earlier version. For details, see the following operations.
 If a device is downgraded to a version earlier than V800R021C00SPC100, delete the default
configuration file or load the defcfg file customized for the source version.
 You can disable the weak algorithm in V800R022C00SPC600. If you do not need to disable it,
setting the latest .defcfg file is recommended. This prevents the weak algorithm from becoming
unavailable after the configuration is cleared using the reset saved-configuration command or the
reset button.

1.8.3 Upgrade Description of License Algorithms

License version compatibility: To cope with the increasingly severe security situation, the
digital signature algorithm of the product license is upgraded from V800R021C00 to
RSA3072. Therefore, pay attention to the version compatibility when using the license file.
 The license applied for in V800R021C00 and later versions cannot be used in V800R013
and earlier versions.
 The license applied for in V800R013 and earlier versions can continue to be used in
V800R021C00 and later versions.
If the license file of the new algorithm is replaced after the upgrade to V800R021C00, the
rollback will be incompatible. This section describes the impact of version rollback.
Prerequisites
1. The version is upgraded. By default, the new version still uses the license file of the old
version.
2. The license file of the new algorithm is activated.
3. Rollback is performed.
Impact of the Rollback

1. Upgrades are not affected.
2. If the license file is not replaced in the new version, the rollback has no impact.
3. A direct rollback is not allowed after the license file of the new algorithm is activated in
the new version. When the system software package for next startup is specified, the
system checks whether the current license file matches the system software package for
next startup. If they do not match, an error message is displayed to indicate that the
license file is incompatible with the system software package.
4. The rollback is allowed after the license file of the old version is used.
1.8.4 Security Description of CRL File Loading

The device allows you to load the certificate revocation list (CRL) file.
1. If the device runs V800R021 or a later version, it checks whether the CRL is empty
when loading the CRL file. If it is empty, the CRL file fails to be loaded. The device,
however, does not check whether the CRL is empty in a configuration restoration
scenario after a device restart. To check whether the CRL is empty, you can download
the CRL file to a local PC and double-click the file to perform the check.

2. If the device runs V800R021 or a later version, it checks whether the CRL file is updated
too long ago. If the time during which the CRL file is not updated exceeds the precaution
threshold, the device reports an alarm (SSLCertificateExpiredEarlyWarning) indicating
that the CRL file has expired. To check the next update time of the CRL, you can
download the CRL file to a local PC and double-click the file to perform the check.

3. You can run the ssl certificate alarm-threshold early-alarm <time> command in the
system view to set the time threshold for the CRL file. The default time threshold is 90
days.
4. If you need to use the CRL file, update it periodically to prevent the device from
reporting alarms due to expiration.

Upgrade Guide 2 Upgrade Process Overview
2 Upgrade Process Overview
Figure 2-1 shows a flowchart for upgrading the router.
Figure 2-1 Upgrade flowchart
Table 2-1 lists the upgrade procedures.

Upgrade Guide 2 Upgrade Process Overview
Table 2-1 Upgrade Procedure
No. Upgrade Description Time Required (on a Mandato

Procedure 100 Mbit/s LAN) ry or
Optional
1 3.1 Pre- Describes precautions About 10 minutes. Mandatory
upgrade and preparations for
Checklist the upgrade.
2 4 Performing Describes how to In CLI mode: Mandatory

the Upgrade upgrade the system 1. Configure FTP or
software. SFTP to upload the
required files, such as
software package and
patch file. This
operation takes about
30 minutes, depending
on the file size.
2. Configure the next
restart of the software
package and perform
an upgrade. This
operation takes about
20 minutes.
In BootROM mode: about
20 minutes
3 5 Verifying Describes how to About 10 minutes. Mandatory
the Upgrade verify the upgrade. If
the upgrade is
successful, the
upgrade task is
complete; if the
upgrade fails, a
rollback must be
performed.
4 6 Rolling Describes how to roll About 20 minutes. Optional
Back to the back the system to the
Source source version.
Version
NOTE
The time required for a rollback refers to the duration between the start of the rollback and the time all
boards are registered on an unconfigured router. The time listed here is an estimate; actual rollback time
varies with the size of the configuration file and the number of boards.

Upgrade Guide 3 Preparing for the Upgrade
3 Preparing for the Upgrade
3.1 Pre-upgrade Checklist

3.2 Preparing Spare Parts
3.3 Using the OpenPGP Tool to Verify Integrity of a File
3.4 Obtaining Upgrade Reference Documents
3.5 Checking the Curent System Software Version
3.6 Checking the Operating Status of the Device
3.7 Establishing an Upgrade Environment Using SFTP
3.8 Backing Up Key Data Saved in the cfcard
3.9 Checking Remaining Space in the cfcard
3.1 Pre-upgrade Checklist

Verify that you have completed all the tasks listed in Table 3-1 and record the check results in
the Check Result column.
Table 3-1 Pre-upgrade Checklist
No. Task Criteria Check

Result
1 3.2 Preparing Ensure that the network cables and serial interface
Spare Parts cables needed for the installation are available (in the
BootROM upgrade scenario, prepare for network and
serial integrated cables in advance). If there are
enough spare interface boards, prepare a spare
interface board for every working interface board. If
there are not enough spare interface boards, prepare a
spare interface board for each type of LPU. For other
types of boards, for example, IPUs, prepare at least
one spare board for each type of board.
2 3.3 Using the The PGP digital signature of the system software
OpenPGP

No. Task Criteria Check

Result
Tool to Verify package passes the verification.
Integrity of a
File
3 3.4 Obtaining The target system software (.cc) and documents
Upgrade relevant to the upgrade have been obtained from
Reference Huawei.
Documents
4 3.5 Checking Information about the current system software version
the Curent has been verified and recorded.
System
Software
Version
5 3.6 Checking The MPUs and subcards are running properly.
the Operating The pre-upgrade operating status of all boards has
Status of the been recorded to provide reference for possible
Device upgrade troubleshooting.
6 3.7 The upgrade environment has been set up.
Establishing
an Upgrade
Environment
Using SFTP
7 3.8 Backing All important data on the CF card has been backed up,
Up Key Data including the configuration file, system software, patch
Saved in the files, and GTL license file (if any).
cfcard NOTE
For details about how to enable functions on an interface
board or a service board after the GTL license file is
activated, see the chapter "FAQ" in the GTL License
Application Instructions.
8 3.9 Checking The CF card has sufficient space to store the target
Remaining upgrade software.
Space in the
cfcard
3.2 Preparing Spare Parts

Ensure that the network cables, standard serial cables and serial adapter cables needed for
the installation are available. If there are enough spare interface boards, prepare a spare
interface board for every working interface board. If there are not enough spare interface
boards, prepare a spare interface board for each type of interface board. For other types of
boards, for example, IPUs, prepare at least one spare board for each type of board.

3.3 Using the OpenPGP Tool to Verify Integrity of a File

To prevent a software package from being maliciously tampered with during transmission or
storage, download the corresponding digital signature file for integrity verification when
downloading the software package.
After the software package is downloaded, verify its PGP digital signature according to the
OpenPGP Signature Verification Guide. If the software package fails the verification, do not
use the software package, and contact Huawei technical support engineers.
Before a software package is used in installation or upgrade, its digital signature also needs to
be verified according to the OpenPGP Signature Verification Guide to ensure that the software
package is not tampered with.
Visit either of the following websites to obtain the OpenPGP Signature Verification Guide:
 Carrier customers: https://support.huawei.com/carrier/digitalSignatureAction
 Enterprise customers: https://support.huawei.com/enterprise/en/tool/pgp-verify-
TL1000000054
3.4 Obtaining Upgrade Reference Documents

Contact Huawei technical personnel to obtain the latest upgrade software package and
documents, or obtain them from Huawei support website.
Step 1 Log in to the home page of Huawei support website. For carrier users, log in to
https://support.huawei.com. For enterprise users, log in to
https://support.huawei.com/enterprise. For the first time of login, perform step 2 to register. If
you are a registered user, go to step 3.
Step 2 Click Register and complete the registration process as prompted. If the registration succeeds,
you will receive your user name and password.
Step 3 Enter the user name, password, and verification code. Then click Log In.
Step 4 For an enterprise user, choose Technical Support > Product and Solution Support >
Enterprise Network >Routers > Service Routers > NetEngine 8000 M Series. Select the
device model. In the Documentation page, download the required product documentation. In
the Software Download page, click the target software package (.cc) and fill information in
the Software Requests page displayed to apply for the download permission.
Step 5 For carrier users:
 NetEngine 8000 M: Choose Support > Products Support > Network > Data
Communication > Service Router > NetEngine 8000 Series Router > NetEngine
8000 M.
 NE40E-X2-M: Choose Support > Products Support > Network > Data
Communication > Service Router > NetEngine40E Series Router > NE40E-M.
 PTN 6900-2-M: Choose Support > Products Support > Network > Data
Communication > Service Router > PTN 6900 Series > PTN 6900-M.
On the Product Documentation tab, download the required product documentation
from the product documentation list. On the Software tab, select the software version
and the .cc file, and fill required information in "Software Request" to download the
system software.

----End
Configuration Files
The configuration file of V800R022C00SPC600 includes the user configuration file
(*.cfg/*.zip).
The user configuration file stores service configurations, and the device configuration file
stores hardware configurations.
System Software
System Software Name Product Model
NetEngine8000-M8- NetEngine 8000 M8
M14_V800R022C00SPC600.cc
NetEngine 8000 M14
NE40E-X2-M14_V800R022C00SPC600.cc NE40E-X2-M14
PTN6900-2-M8C- PTN 6900-2-M8C
M14_V800R022C00SPC600.cc
PTN 6900-2-M14
If the NetEngine 8000 M14 or PTN 6900-2-M14 needs to be upgraded to

V800R012C10SPC300 or a later version, you need to install V800R012SPH019 or a later
patch first. You are advised to read through Precautions for Upgrading the NetEngine 8000
M14 and PTN 6900-2-M14 before performing the upgrade.
3.5 Checking the Curent System Software Version

Run the display version command in the user view to view the current system software
version.
<HUAWEI>display version
VRP (R) software, Version 8.191 (NetEngine 8000 V800R012C00SPC300)
HUAWEI NetEngine 8000 M14 uptime is 0 day, 1 hour, 18 minutes
In this command output, the characters in bold are the Current system software version. If the
Current system software version is the target version, no upgrade is required.
3.6 Checking the Operating Status of the Device

Check the operating status of IPUs and Interface Boards
 Single-chassis Scenario

Run the display device command in the user view to check the operating status of IPUs
and PICs to check that they are functioning properly.
<HUAWEI>display device
NetEngine 8000 M14's Device status:
-------------------------------------------------------------------------------
Slot # Type Online Register Status Role LsId Primary
-------------------------------------------------------------------------------
1 PIC Present Registered Normal OTHER 0 NA
15 IPU Present Registered Normal MMB 0 Master
16 IPU Present Registered Normal MMB 0 Slave
17 PWR Present Registered Normal OTHER 0 NA
19 FAN Present Registered Normal OTHER 0 NA
20 CLK Present Registered Normal OTHER 0 Master
21 CLK Present Registered Normal OTHER 0 Slave
-------------------------------------------------------------------------------
If Unregistered is displayed in the Register field, the board in that slot is not registered.
If Abnormal is displayed in the Status field, the board in that slot is not functioning
properly.
If the master IPU is registered, its registration state is displayed as Registered.

If a board fails to be registered or runs abnormally, run the display board-reset
hardware-alarm error-code command in the diagnostic view to identify the cause. If
this is an abnormality, contact Huawei technical personnel to determine whether the
upgrade can be performed and the board needs to be replaced. Record the board status.
After the upgrade is complete, check the running status of the board again. If the board
is still not working properly, follow the procedure in section "7.1 Boards or Fans Fail to
Be Upgraded" or contact Huawei technical support personnel.
Check the subcard register status

Run the display device pic-status command in the user view to check the subcard register
status.
<HUAWEI>display device pic-status
Pic-status information :
--------------------------------------------------------------------------------
Pic# Status Type Port_count Init_result Logic_down
--------------------------------------------------------------------------------
15/1 Registered ETH_10xGFD_CARD 10 SUCCESS SUCCESS
15/2 Registered LAN_WAN_10x10GF_CARD 10 SUCCESS SUCCESS
15/4 Registered LAN_WAN_4x10GXD_CARD 4 SUCCESS SUCCESS
15/9 Registered ETH_2x100GB_CARD 2 SUCCESS SUCCESS
15/12 Registered ETH_2x100GB_CARD 2 SUCCESS SUCCESS

15/13 Registered ETH_10xGFD_CARD 10 SUCCESS SUCCESS

--------------------------------------------------------------------------------
The Init_result and Logic_down fields of all subcards must be "SUCCESS".

Solutions in case of an exception: If there are unregistered subcards, perform the following
operations:
1. Check whether exception alarms are generated. For details, see View alarm information.
2. If the problem persists, contact Huawei technical support personnel.
Check the temperature of the boards

Run the display temperature slot slotid command in the user view to check the temperature
of the boards.
<HUAWEI>display temperature slot 15
Base-Board, Unit:C, Slot 15

----------------------------------------------------------------------------
PCB I2C ADDr Chl Status Minor Major Fatal FanTMin FanTMax Temp(C)
----------------------------------------------------------------------------
IPU2TA 8 73 0 NORMAL 75 85 90 50 60 42
CPUA 8 73 1 NORMAL 90 100 105 65 75 20
IPU2TA 8 75 0 NORMAL 85 95 100 55 65 53
IPU2TA 8 255 0 NORMAL 105 115 120 80 90 62
IPU2TA 8 255 1 NORMAL 105 115 120 80 90 62
IPU2TA 8 255 2 NORMAL 105 115 120 80 90 60
IPU2TA 8 255 3 NORMAL 105 115 120 80 90 60
IPU2TA 8 255 4 NORMAL 105 115 120 80 90 65
IPU2TA 8 255 5 NORMAL 105 115 120 80 90 64
IPU2TA 8 255 6 NORMAL 105 115 120 80 90 64
IPU2TA 8 255 7 NORMAL 105 115 120 80 90 64
IPU2TA 8 255 8 NORMAL 105 115 120 83 93 57
IPU2TA 8 255 9 NORMAL 95 105 110 73 83 56
IPU2TA 8 255 10 NORMAL 95 105 110 73 83 60
IPU2TA 8 255 11 NORMAL 105 115 120 83 93 56
IPU2TA 8 255 12 NORMAL 95 105 110 73 83 57
IPU2TA 8 255 13 NORMAL 95 105 110 73 83 60
CPUA 8 255 14 NORMAL 105 115 120 80 90 61
CPUA 8 255 15 NORMAL 105 115 120 80 90 61
CPUA 8 255 16 NORMAL 105 115 120 80 90 51
CPUA 8 255 17 NORMAL 105 115 120 80 90 66
EAGFD 0 75 0 NORMAL 75 80 85 47 52 34
EAGFD 0 76 0 NORMAL 70 75 80 60 65 33
EAGFD 255 77 0 NORMAL 100 105 110 85 90 53
LAXFE 1 76 0 NORMAL 95 100 105 65 70 44
LAXFE 1 255 1 NORMAL 105 110 120 90 95 52
LAXFE 1 255 2 NORMAL 105 110 120 90 95 51
LAXFE 2 76 0 NORMAL 95 100 105 65 70 43
LAXFE 2 255 1 NORMAL 105 110 120 90 95 48
LAXFE 2 255 2 NORMAL 105 110 120 90 95 51
L4XFD 3 75 0 NORMAL 70 75 80 53 58 39
L4XFD 3 76 0 NORMAL 70 75 80 60 65 40
L4XFD 255 77 0 NORMAL 100 105 110 82 87 47

L4XFD 255 78 0 NORMAL 100 105 110 82 87 47

L4XFD 255 79 0 NORMAL 100 105 110 82 87 48
L4XFD 255 80 0 NORMAL 100 105 110 82 87 47
LAXFE 6 76 0 NORMAL 95 100 105 65 70 41
LAXFE 6 255 1 NORMAL 105 110 120 90 95 47
LAXFE 6 255 2 NORMAL 105 110 120 90 95 48
E2NBCM2 16 255 0 NORMAL 85 90 95 50 55 38
E2NBCM2 16 255 1 NORMAL 105 110 120 90 95 50
E2NBCM2 16 255 2 NORMAL 105 110 120 90 95 52
E2NBCM2 16 255 3 NORMAL 100 105 110 85 90 38
E2NBCM2 19 255 0 NORMAL 85 90 95 50 55 37
E2NBCM2 19 255 1 NORMAL 105 110 120 90 95 47
E2NBCM2 19 255 2 NORMAL 105 110 120 90 95 51
E2NBCM2 19 255 3 NORMAL 100 105 110 85 90 37
EAGFD 20 75 0 NORMAL 75 80 85 47 52 34
EAGFD 20 76 0 NORMAL 70 75 80 60 65 33
EAGFD 255 77 0 NORMAL 100 105 110 85 90 55
LAXFE 21 76 0 NORMAL 95 100 105 65 70 42
LAXFE 21 255 1 NORMAL 105 110 120 90 95 47
LAXFE 21 255 2 NORMAL 105 110 120 90 95 50
----------------------------------------------------------------------------
The status of all monitored objects must be NORMAL. If any monitored object is not in the
NORMAL state, rectify faults.
Solutions in case of an exception: If the Temp values exceed 60, turning down the air-
conditioner in the equipment room.
If the state does not change to normal after faults are rectified, contact Huawei technical
personnel.
Check the interface board and PIC running status

Run the display device slotid command in the user view to check the interface board running
status.
<HUAWEI>display device 15
IPU CR8D0IPU2TC2 15's detail information:
---------------------------------------------------------------------------
Description: Integrated Network Processing Unit (IPU-2T)
Board status: Normal
Register: Registered
Uptime: 2020/01/15 15:57:33
CPU Utilization(%): 21%
Mem Usage(%): 22%
Statistic information:
Statistic item Statistic number
SERDES interface link lost: 0
MAC Address: e000-84ed-b453
MAC Base Addr: 5ce8-8300-39a8
MAC Block size: 17
---------------------------------------------------------------------------
PIC1: CR5D00EAGF70 information:
Description:10-Port 100/1000Base-X-SFP Physical Interface Card(PIC)
Uptime: 2020/01/15 15:59:20
Card type: ETHERNET
Port number: 10

Converge info: non-converge

PIC2: CR5D00LAXF91 information:
Description:10-Port 10GE/GE LAN/WAN-SFP+ MACsec Physical Interface Card(PIC)
Uptime: 2020/01/15 15:59:30
Card type: ETHERNET
Port number: 10
Uptime: 2020/01/15 15:59:41
Card type: ETHERNET
Port number: 10
PIC4: CR5D00L4XF72 information:
Description:4-Port 10GBase LAN/WAN-SFP+ Physical Interface Card(PIC)
Uptime: 2020/01/15 15:59:40
Card type: ETHERNET
Port number: 4
Uptime: 2020/01/15 15:59:31
Card type: ETHERNET
Port number: 10
PIC9: CR5DE2NE4X14 information:
Description:2-Port 100GBase/50GBase-QSFP28 FlexE MACsec Interface Card(PIC)
Uptime: 2020/01/15 15:59:33
Card type: ETHERNET
Port number: 2
PIC12: CR5DE2NE4X14 information:
Description:2-Port 100GBase/50GBase-QSFP28 FlexE MACsec Interface Card(PIC)
Uptime: 2020/01/15 15:59:40
Card type: ETHERNET
Port number: 2
PIC13: CR5D00EAGF70 information:
Description:10-Port 100/1000Base-X-SFP Physical Interface Card(PIC)
Uptime: 2020/01/15 15:59:18
Card type: ETHERNET
Port number: 10
Uptime: 2020/01/15 15:59:32
Card type: ETHERNET
Port number: 10
---------------------------------------------------------------------------
Check the logs

The logs on an IPU and interface board are stored in the logfile directory in cfcard:/.

<HUAWEI>dir cfcard:/logfile/
Directory of cfcard:/logfile/
Idx Attr Size(Byte) Date Time FileName

1 -rw- 1,048,576 Jan 15 2020 15:56:51 VRP_STDBUFF_1_15_1_15
2 -rw- 525,273 Jan 15 2020 17:52:01 VRP_STDBUFF_1_16_1_16
3 drwx - Jan 15 2020 17:51:45 bootinfo
4 -rw- 1,073,246 Jan 15 2020 18:04:28 diag.log
5 -rw- 1,717 Jan 15 2020 15:56:42 hiboot_bootinfo.1.gz
6 -rw- 1,196 Jan 15 2020 15:56:42 hiboot_bootinfo.2.gz
7 -rw- 93,518 Jan 15 2020 17:40:24 log.dblg
8 -rw- 5,257,245 Jan 15 2020 17:58:28 log.log
9 -rw- 1,495,080 Jan 09 2020 17:30:57 logbuf.arm1.log
10 -rw- 1,586,896 Jan 15 2020 15:58:59 logbuf.log
11 drwx - Dec 09 2019 16:57:20 mpelog
12 drwx - Jan 15 2020 12:42:50 pads
13 drwx - Jan 15 2020 11:44:38 security
14 -rw- 88,085 Jan 15 2020 17:52:15 temperature_diag.log
......
3,432,448 KB total (259,656 KB free)
Exception handling: If the following logs are frequently generated, record these logs and
contact Huawei engineers for analysis.
6 -rw- 1,073,246 Jan 15 2020 18:04:28 diag.log
If there are too many log files in the log directory or the available space of the log directory is
insufficient, save the logs to a local computer or log server in time and delete unneeded logs
from the device to ensure that the log directory has sufficient space for storing new logs.
Check the memory usage of IPUs

Run the display health command in the user view to check the memory usage of IPUs. Check
that IPUs are functioning properly.
<HUAWEI>display health
----------------------------------------------------------------
----------------------------------------------------------------
15 IPU(Master) 30% 22% 3384MB/15267MB
16 IPU(Slave) 13% 18% 2764MB/15267MB
----------------------------------------------------------------
For information about memory usage on each board in various scenarios on a device running
V800R022C00SPC600 , see B Memory and CPU Usage of Boards.
View alarm information

Run the display alarm all command in the user view to view alarm information. Check that
all the IPUs and LPUs are functioning properly.

<HUAWEI>display alarm all
If alarms are displayed, contact Huawei technical support personnel for assistance
determining whether or not to continue the upgrade.
Keep a detailed record of the operating status of each board for use as a troubleshooting
reference.
3.7 Establishing an Upgrade Environment Using SFTP
 If SFTP is used for upgrade, the router functions as a client and the PC functions as a server, install
the SFTP server application on the PC. The SFTP server application does not come with the router;
therefore, you must purchase and install the SFTP server application separately.
 Using SFTP is recommended.
You can download the system software using SFTP in the command line view, specify the
system software as the startup system software, and then restart the device to complete the
upgrade. For details, see 4.2 Upgrading the System Software Using Command Lines.
Figure 3-1 shows the basic networking diagram for establishing an upgrade environment
using SFTP.
A PC can also function as a server to store the downloaded system software. You will need to connect
the PC to the router using a network cable.
The general requirements for establishing an upgrade environment using SFTP are as follows:
 The RS-232 serial interface on the PC and the console interface on the device are
connected using a console cable.
 The server and the Ethernet interface on the IPU of the device are connected using a
network cable.
 The IP addresses of the server and the Ethernet interface on the device are on the same
network segment.
 Upgrade files, including the system software are stored on the server.
Figure 3-1 Networking diagram for upgrading the router using SFTP
This document assumes that:

 The IP address of the Ethernet interface is x.x.x.x/x.

 The IP address of the PC is x.x.x.x/x.
3.8 Backing Up Key Data Saved in the cfcard

Make sure that you back up the key data (configuration-related files) that is stored in the
cfcard before upgrade. After upgrade, you can load the backup files again.
The key data includes the configuration file, patch file, system software before the upgrade,
and GTL file.
Perform the following steps to save the configuration file:
1. Run the save [ config-filename ] command in the user view.
The extension of a configuration file name must be .cfg or .zip. The system configuration file must be
saved in the root directory on the storage device.
<HUAWEI>save vrpcfg.zip
Warning: Are you sure to save the configuration to cfcard:/vrpcfg.zip? [Y/N]:y
Now saving the current configuration to the slot 15
Info: Save the configuration successfully.
Warning: Are you sure to save the configuration to slave#cfcard:/vrpcfg.zip?
[Y/N]:y
Now saving the current configuration to the slot 16 .
1. The save and save config-filename commands have different functions. Note the following
when using them.
 The save command saves the current configuration to the configuration file for the next
startup on the storage device. You can use the display startup command to view
information about the configuration file for the next startup. By default, the configuration
file of the next startup is cfcard:/vrpcfg.zip.
 The save config-filename command backs up the current configuration to the file specified
by config-filename on the storage device. The command execution does not affect the
current startup configuration file. If config-filename is specified the same as the
configuration file for the next startup and the storage path for the configuration file, the
save config-filename command functions the same as the save command.
2. If you have run the save config-filename command to back up the current configuration
and still want to deliver the new configuration, you must run the save config-filename
command again to back up the new configuration to the configuration file. This ensures
that the new configuration restores after the device restarts.
2. Set a PC as the SFTP server, configure a user named huawei with the password ******,
and store the target system software in the file directory of the FTP server. This example
assumes that the IP address of the SFTP server is X.X.X.X/X, and the IP address of the
Ethernet interface on the router is X.X.X.X/X.

 In this example, a PC functions as an SFTP server. For more methods to upload/download files, refer
to the procedure in chapter A Uploading/Downloading Files.
 If the router functions as a client, and the PC functions as a server, install the SFTP server
application on your PC before the upgrade. The SFTP server application does not come with the
router; therefore. you must purchase and install the SFTP server application separately.
3. Log in to the SFTP server.
Run the sftp ip-address command on the router to set up an FTP connection with the PC
and enter the FTP client view.
<HUAWEI>system-view
[~HUAWEI]sftp X.X.X.X
Trying X.X.X.X ...
Press CTRL+K to abort
Connected to X.X.X.X ...
Warning: The negotiated encryption or digest algorithm is insecure. Using a
security algorithm (AES-256, SHA-256) is recommended.
Please input the username:huawei
Enter password:**********
sftp-client>
4. At the prompt sftp-client>, run the put remote-filename [ local-filename ] command to
upload files from the FTP server.
For example, download the configuration file (vrpcfg.zip), GTL license file, and the pre-
upgrade system software (V800R012C00SPC300) to the local directory for backup.
sftp-client>put vrpcfg.zip vrpcfgbackup.zip
Local file: vrpcfg.zip ---> Remote file: / vrpcfgbackup.zip
Uploading the file. Please wait...\
Uploading file successfully ended.
File upload is completed in 0 seconds.
sftp-client>put NetEngine8000-M14-V800R012C00SPC300.cc NetEngine8000-M14-

V800R012C00SPC300backup.cc
Local file: NetEngine8000-M14-V800R012C00SPC300.cc ---> Remote file: /
NetEngine8000-M14-V800R012C00SPC300backup.cc
Uploading the file. Please wait...\
Uploading file successfully ended.
File upload is completed in 221 seconds.
3.9 Checking Remaining Space in the cfcard

Checking Remaining Space
Run the dir command in the user view to check whether the remaining space in the cfcards of
the master and slave IPUs is sufficient for storing the target system software.
The cfcard has internal partitions. The remaining space information shown in the dir cfcard: command
output greatly differs from that shown in the dir cfcard:/logfile/ command output. Before you install the
target system software, run the dir cfcard: command to verify whether the remaining space is sufficient.
<HUAWEI>dir cfcard:
Directory of cfcard:/


0 dr-x - Jan 15 2020 16:42:42 $_checkpoint
1 dr-x - Jan 08 2020 21:04:35 $_install_hpg
2 dr-x - Jan 08 2020 21:04:35 $_install_mod
3 dr-x - Jan 14 2020 15:31:41 $_license
4 drwx - Jan 14 2020 23:18:33 $_package_bak
5 drwx - Jan 09 2020 17:03:17 $_package_cache
6 dr-x - Jan 15 2020 15:26:59 $_security_info
7 dr-x - Jan 14 2020 14:30:01 $_startup
8 dr-x - Jan 15 2020 15:58:42 $_system
9 dr-x - Dec 09 2019 16:57:54 $_user
10 drwx - Jan 15 2020 18:28:28 KPISTAT
11 -rw- 15,501 Jan 13 2020 19:27:59 NE8000MV800R012SPH001.PAT
12 -rw- 381,762,213 Jan 15 2020 10:36:29 NetEngine8000-M14-
V800R012C00SPC300.cc
13 drwx - Jan 13 2020 15:30:20 VS_vs1
14 drwx - Jan 15 2020 15:58:56 bill
15 drwx - Jan 14 2020 21:46:00 bootlogfile
16 drwx - Dec 09 2019 16:57:49 business-trace
17 drwx - Dec 17 2019 12:27:41 linuxlog
18 drwx - Jan 15 2020 17:53:05 logfile
19 drwx - Dec 09 2019 16:55:23 lost+found
20 drwx - Jan 15 2020 14:51:39 pmdata
21 drwx - Jan 15 2020 04:59:38 said
23 -rw- 1,603 Jan 11 2020 20:28:27 vrpcfg.zip
24 drwx - Dec 16 2019 14:40:54 ztp
......
3,432,448 KB total (717,146 KB free)
//3,432,448 KB total indicates the capacity of the CF card, and 717,146 KB free indicates the
remaining space of the CF card.
<HUAWEI>dir slave#cfcard:
Directory of slave#cfcard:/

3 dr-x - Jan 14 2020 15:31:41 $_license
5 -rw- - Jan 09 2020 16:49:39 $_package_cach
8 dr-x - Jan 14 2020 14:31:22 $_startup
9 dr-x - Jan 15 2020 17:52:22 $_system
10 dr-x - Dec 09 2019 17:20:53 $_user
11 drwx - Jan 14 2020 13:35:00 KPISTAT
14 drwx - Jan 13 2020 15:30:20 VS_vs1
15 drwx - Jan 15 2020 17:52:14 bill


18 drwx - Jan 15 2020 17:51:50 logfile
19 drwx - Nov 30 2019 19:56:11 lost+found
20 -rw- 0 Dec 17 2019 12:02:02 perf_trace.cmf
21 drwx - Dec 27 2019 17:19:53 pmdata
22 drwx - Dec 17 2019 21:07:10 said
24 -rw- 1,603 Jan 11 2020 20:28:27 vrpcfg.zip
25 drwx - Dec 10 2019 15:58:24 ztp
......
3,432,448 KB total (717,146 KB free)
Deleting Unnecessary Files

If the remaining space in the cfcard is insufficient for storing the upgrade system software,
delete unnecessary files.
To delete unnecessary files from the cfcards on the master and slave IPUs, run the following
commands in the user view:
 The files deleted using the delete command are saved in the Recycle Bin. You can restore
files in the Recycle Bin using the undelete command. Files in the Recycle Bin still occupy
space in the cfcard.
 The file name huawei.pat is only an example.
 The reset recycle-bin command permanently deletes all files from the recycle bin. This
means that these deleted files cannot be restored.
<HUAWEI> delete cfcard:/backupelb.txt

<HUAWEI> delete slave#cfcard:/backupelb.txt
Run the following command to restore mistakenly deleted files stored in the Recycle Bin:
<HUAWEI> undelete cfcard:/backupelb.txt
Info:Undeleted file cfcard:/backupelb.txt.
<HUAWEI> undelete slave#cfcard:/backupelb.txt
Info:Undeleted file slave#cfcard:/backupelb.txt.
Run the following commands to permanently delete unnecessary files:

<HUAWEI> reset recycle-bin cfcard:/
<HUAWEI> reset recycle-bin slave#cfcard:/

Upgrade Guide 4 Performing the Upgrade
4 Performing the Upgrade
4.1 Upgrading the System Software Using uUpgrade

4.2 Upgrading the System Software Using Command Lines
4.3 Upgrading the System Software Using the BootROM
4.1 Upgrading the System Software Using uUpgrade

Purpose To upgrade the system software.
Impact Services will be interrupted during the post-upgrade restart.
Time The upgrade takes approximately 50 minutes, including the time for
Required downloading and uploading the system software package.
Prerequisites  The network environment is normal.

 uUpgrade has been installed correctly.
Procedure for loading a pre-configuration file

1. Select a file (manually)

(Optional) Target Version Defcfg: pre-configuration file of the target version.

(Optional) Original Version Defcfg: pre-configuration file of the source version. The
current effective .defcfg file cannot be read from the device and deletion of the file
cannot be precluded. Therefore, you need to upload the .defcfg file of the current version
in case the original pre-configuration is cleared after a rollback. For an upgrade from
V800R021C00SPC100 to a later version, if a .defcfg file has been loaded to the current
version, this field must also be set.
2. Upload the file (automatically)
− The .defcfg file of the target version is uploaded to the CF card of the device. The
system displays a message indicating that the file is uploaded successfully.
− The .defcfg file of the source version is uploaded to the CF card and the file name is
backed up to the saveInfo file. The system displays a message indicating that the
file is uploaded successfully.
3. Load the file (automatically)
After the device is upgraded and restarted, if a .defcfg file is specified, the
specified .defcfg file is loaded; if no .defcfg file is specified, the current configuration is
cleared.
After the device is rolled back and restarted, if the .defcfg file of the source version is
specified, the specified .defcfg file is loaded. If no .defcfg file is specified, the current
configuration is cleared.
4. Loading completed (automatically)
Check whether the default configuration file is loaded successfully.
− Success: The system displays a message indicating that the default configuration
file is loaded successfully.
− Failure: A solution is displayed according to the failure cause. Available messages
are as follows:
 The configuration file does not exist.Save the defcfg file to the cfcard
directory.

 The size of configuration file exceed the upper limit.(50 KB).Theoretically, the
size of the defcfg file cannot exceed 50 KB, check whether the file is a defcfg
file.
 Invalid file name or file name extension.(*.defcfg),please change the file name
extension to defcfg.
 The system is not ready.Please check and try again.
 The device has insufficient space.Clearing the Disk Space (Spaces of
/opt/vrpv8/data).
 Failed to set the configuration for booting system.Contact Huawei employees
to locate the fault.
 Unknown error.Unknown error, please check the command output.
 Get CFG process failed.
 Start up defcfg file failed.
For details about other processes, see IP Toolkit V100R021C10SPC110 NE Upgrade
User Guide 1.3.
To download the uUpgrade tool, visit either of the following websites as required and ensure that the
uUpgrade tool is of the latest version:
Carrier network: https://support.huawei.com/carrier/navi?coltype=software#col=software&path=PBI1-
7275726/PBI1-7275757/PBI1-21039046/PBI1-21621186
Enterprise network: https://support.huawei.com/enterprise/en/enterprises-common/ibox-pid-
21621186/software
For details about how to install the uUpgrade tool and how to upgrade the uUpgrade tool, see the guide
released with the uUpgrade tool at the support website.
4.2 Upgrading the System Software Using Command

Lines
Purpose To upgrade router system software.
Impact Services will be interrupted during the post-upgrade restart.
Time About 50 minutes, including the time for uploading and downloading the
Required software package
Prerequisites  The router that runs a version earlier than the target version is
functioning properly.
 The router and the PC can ping each other successfully.
 The CF card has sufficient space to store the target system software.
 The current configuration file and system software have been backed
up.

Upgrade Flowchart
Figure 4-1 Flowchart for upgrading the system software using command lines
Upgrade Procedure (Using the Router as an SFTP Client)
 This example only describes how to download files by using the router as an SFTP client. For more
methods to upload/download files, refer to the procedure in chapter A Uploading/Downloading Files.
 During the upgrade, the router will be restarted, interrupting services temporarily. Therefore, choose
an appropriate time to upgrade the router, minimizing the impact on services.
 On a router that has two IPUs, the system software on the master IPU must be the same as that on
the slave IPU.
 The following example describes how to upgrade the router from V800R012C00SPC300 to
V800R022C00SPC600.
1. Set the SFTP server.
Set a PC as the SFTP server, configure a user named huawei with the password
huawei@123, and store the target system software in the file directory of the FTP server.
This example assumes that the IP address of the FTP server is X.X.X.X/X, and the IP
address of the Ethernet interface on the router is X.X.X.X.
2. Log in to the SFTP server.
Run the sftp ip-address command on the router to set up an FTP connection with the PC

<HUAWEI>system-view
[~HUAWEI]sftp X.X.X.X
Trying X.X.X.X ...
Connected to X.X.X.X ...
Warning: The negotiated encryption or digest algorithm is insecure. Using a
security algorithm (AES-256, SHA-256) is recommended.
Please input the username:huawei
Enter password:**********
sftp-client>
3. At the sftp-client> prompt, run the get local-filename [ remote-filename ] command to
upload the specified files to the router.
The system software of the master and slave IPUs must be the same.
sftp-client>get NetEngine8000-M8-M14_V800R022C00SPC600.cc
Remote file: /NetEngine8000-M8-M14_V800R022C00SPC600.cc ---> Local file:
NetEngine8000-M8-M14_V800R022C00SPC600.cc
Downloading the file. Please wait.../
Downloading file successfully ended.
File download is completed in 743.13 seconds.
4. Copy files to the cfcard on the slave IPU and view uploaded files.
Run the copy source-filename destination-filename command to copy system software,
and the GTL license file from the master IPU's cfcard to the slave IPU's cfcard.
<HUAWEI>copy cfcard:/NetEngine8000-M8-M14_V800R022C00SPC600.cc
slave#cfcard:/NetEngine8000-M8-M14_V800R022C00SPC600.cc
Warning: File cfcard:/NetEngine8000-M8-M14_V800R022C00SPC600.cc will be copied
to slave#cfcard:/
NetEngine8000-M8-M14_V800R022C00SPC600.cc. Continue? [Y/N]:y
100% completed.
After the preceding operations, run the dir command to view the uploaded or
downloaded files and verify that the files have been uploaded or downloaded completely.
 After uploading or downloading files, verify their completeness. If the files are not uploaded or
downloaded completely due to insufficient storage space, delete unnecessary files from the cfcard.
For instructions on how to delete unnecessary files from the cfcard, see 3.9 Checking Remaining
Space in the cfcard.
 Verify the uploaded files by checking file sizes and dates.
 Run the check system-software filename command to check the integrity of the uploaded software
package.
 You are advised to verify the integrity of the target system software by checking the byte count.
<HUAWEI>dir cfcard:
Directory of cfcard:/

3 dr-x - Jan 14 2020 15:31:41 $_license

7 dr-x - Jan 14 2020 14:30:01 $_startup

8 dr-x - Jan 15 2020 15:58:42 $_system
9 dr-x - Dec 09 2019 16:57:54 $_user
10 drwx - Jan 15 2020 18:28:28 KPISTAT
13 drwx - Jan 13 2020 15:30:20 VS_vs1
14 drwx - Jan 15 2020 15:58:56 bill
17 drwx - Dec 17 2019 12:27:41 linuxlog
18 drwx - Jan 15 2020 17:53:05 logfile
19 drwx - Dec 09 2019 16:55:23 lost+found
20 drwx - Jan 15 2020 14:51:39 pmdata
21 drwx - Jan 15 2020 04:59:38 said
23 -rw- 1,603 Jan 11 2020 20:28:27 vrpcfg.zip
24 drwx - Dec 16 2019 14:40:54 ztp
M14_V800R022C00SPC600.cc
......
3,432,448 KB total (261,804 KB free)

<HUAWEI> dir slave#cfcard:
Directory of slave#cfcard:/

3 dr-x - Jan 14 2020 15:31:41 $_license
5 -rw- - Jan 09 2020 16:49:39 $_package_cach
8 dr-x - Jan 14 2020 14:31:22 $_startup
9 dr-x - Jan 15 2020 17:52:22 $_system
10 dr-x - Dec 09 2019 17:20:53 $_user
11 drwx - Jan 14 2020 13:35:00 KPISTAT
14 drwx - Jan 13 2020 15:30:20 VS_vs1
15 drwx - Jan 15 2020 17:52:14 bill
18 drwx - Jan 15 2020 17:51:50 logfile
19 drwx - Nov 30 2019 19:56:11 lost+found
20 -rw- 0 Dec 17 2019 12:02:02 perf_trace.cmf
21 drwx - Dec 27 2019 17:19:53 pmdata
22 drwx - Dec 17 2019 21:07:10 said
24 -rw- 1,603 Jan 11 2020 20:28:27 vrpcfg.zip
25 drwx - Dec 10 2019 15:58:24 ztp


M14_V800R022C00SPC600.cc
......
3,432,448 KB total (336,396 KB free)

<HUAWEI>check system-software NetEngine8000-M8-M14_V800R022C00SPC600.cc
Caution!!! Confirm to check startup file! Continue? [Y/N]:y
Info: Prepare to check system software cfcard:/NetEngine8000-M8-
M14_V800R022C00SPC600.cc
Please
wait ..........................................................................
......................
Info: The SHA256 hash value of the system software is
d76a9989a4d64bb5909a387e18b8c1f98142b37e3e22ff71b673bec3576f5b46.
Info: System software signature check passed!
5. (Optional) Verify that the version of registered board matches the source version.
<HUAWEI>check hardware-compatibility cfcard:/NetEngine8000-M8-
M14_V800R022C00SPC600.cc
-------------------------------------------------------------------------------
----
Slot# BoardType Result Detail
-------------------------------------------------------------------------------
----
15 CR81IPU2TA Compatible NA
16 CR81IPU2TA Compatible NA
15/1 CR51EAGFD0 Compatible NA
15/2 CR51LAXFE0 Compatible NA
15/4 CR51L4XFD0 Compatible NA
15/9 CR51E2NBF0 Compatible NA
15/12 CR51E2NBF0 Compatible NA
15/13 CR51EAGFD0 Compatible NA
-------------------------------------------------------------------------------
----
If Compatible is displayed for each item in the command output, the target system
software supports all boards. In this case, go to the next step. If Not Compatible is
displayed, the target system software does not support some boards. In this case, contact
Huawei technical support personnel to confirm whether to proceed with the upgrade. The
incompatible reasons displayed in the Detail field can be:
− Unknown Board: indicates a board type that is not supported.
− Unknown Pic: indicates a subcard type that is not supported.
The Slot# column indicates the slot ID of each board. The BoardType column indicates the type of each
board, which is obtained from the electronic label of each board. The Result column indicates the
upgrade feasibility check result. The Detail column indicates the detailed cause why a board is not
compatible.
6. (Optional) To use the IKEv1 function, load the IKEv1 MOD file during the upgrade. Log
in to https://support.huawei.com, apply for the system software package, download the
MOD file with the system software package, and copy the MOD file to the root directory
of the CF card on each IPU. For example, download
NetEngine8000V800R022C00SPC600_IKE_V1.0.MOD.

 Before an upgrade to V800R022C00SPC600, upload

NetEngine8000V800R022C00SPC600_IKE_V1.0.MOD to the $_install_mod directory of the CF
cards of the master and slave IPUs and specify the MOD file to be loaded for the next startup.
 In a dual-system scenario, load the MOD file on the backup device first. If the IKEv1 MOD file is
not loaded on the backup device, the device cannot receive IKEv1 backup data sent by the master
device.
 If NetEngine8000V800R022C00SPC600_IKE_V1.0.MOD is not loaded, the IKEv1 function is
unavailable and related commands cannot be run. For details about whether to load the IKEv1 MOD
file, see 1.7 Installing the IKEv1 MOD File.
For an upgrade to V800R012C10, pay attention to Steps a to c.
a. Log in to https://support.huawei.com or https://support.huawei.com/enterprise,
apply for and download the software package together with the MOD file, and copy
NetEngine8000V800R022C00SPC600_IKE_V1.0.MOD to the $_install_mod
directory on the CF card of each IPU.
b. Specify the MOD file to be loaded for the next startup.
<HUAWEI>install-module NetEngine8000V800R022C00SPC600_IKE_V1.0.MOD next-
startup
Info: Succeeded in setting the next-startup module.
After the device is restarted, enable IKEv1. For details, see 14
If the device does not have the IKE MOD file loaded or IKEv1 is not enabled, an
alarm indicating that IKEv1 is not supported is generated, after the device receives
IKEv1 negotiation packets.
<HUAWEI>display alarm all
-------------------------------------------------------------------------
-------
Index Level Date Time Info
-------------------------------------------------------------------------
-------
1 Critical 2020-10-15 22:49:16.806 The local device does not support
IKE V1 service.
[OID:1.3.6.1.4.1.2011.5.25.224.5.9]
-------------------------------------------------------------------------
-------
c. (Optional) If the loaded MOD file is not needed, unload it.
 If no IKEv1 configurations exist, perform the following opreations to unload
the MOD file directly.
1) Disable IKEv1. If the IKEv1 configuration still exists, delete the IKEv1
configuration.
<HUAWEI> system
[~HUAWEI]undo ike v1 enable
[*HUAWEI]commit
[HUAWEI]
2) Wait 240 seconds, which ensures that all resources are released. An
attempt made within 240s to uninstall the file fails, and the system
displays a message indicating that the uninstallation cannot be performed.
3) Unload the MOD file.
<HUAWEI> uninstall-module
NetEngine8000V800R022C00SPC600_IKE_V1.0.MOD
This will uninstall the module. Are you sure? [Y/N]:
Info: Operating, please wait for a moment...

Info: uninstalling NetEngine8000V800R022C00SPC600_IKE_V1.0.MOD

.........done.
Info: Succeeded in uninstalling the module.
 If the IKEv1 configuration exists, delete it according to the prompt message
1) An attempt to disable IKEv1 fails, and the following message is
displayed.
<HUAWEI>system
[~HUAWEI]undo ike v1 enable
Error: You can not disable IKE v1 without delete V1 in ike peer
config
2) Check IKEv1 peer information.
[~HUAWEI]display ike peer brief | include v1
Info: It will take a long time if the content you search is too
much or the string you input is too long, you can press CTRL_C
to break.
current ike peer number: 512
----------------------------------------------------------------
-----
Peer Name Version Exchange-mode Proposal Id-type
RemoteAddr
----------------------------------------------------------------
-----
todta9 v1 main 100 ip 23.0.0.9
3) Disable IKEv1 in the corresponding peer view.
<HUAWEI>system
[~HUAWEI]ike peer todta9
[~HUAWEI-ike-peer-todta9]version 2
[*HUAWEI-ike-peer-todta9]undo version 1
[*HUAWEI-ike-peer-todta9]commit
[~HUAWEI-ike-peer-todta9]quit
After completing the preceding opreations, unload the MOD file. For details,
see the procedure in the scenario where no IKEv1 configuration exists.
7. Specify system software, and the configuration file for the next startup.
 For the router with dual IPUs, the configuration file to be loaded must have been stored in the
cfcards of both the master and slave IPUs.
 If the iupgrade tool is used, the configuration file used during next startup will be changed.
 Before loading the patch file, run the check patch command to check the integrity of the patch
package to ensure that the target software is secure and available.
 Specify system software before specifying the PAF and license files; otherwise, the system may use
the default PAF and license files during startup.
 The system loads PAF and license files contained in system software by default. If you have
specified a user-defined PAF file for next startup, you can use the startup paf default command to
re-specify the default PAF file for next startup.
 If dual IPUs are installed on the router, the configuration file must have been stored in CF cards on
both IPUs before being loaded; the PAF file, license file, and system software on the master IPU
must be the same as those on the slave IPU. Any inconsistency will cause trouble in restarting the
router.
 If the NetEngine 8000 M14 or PTN 6900-2-M14 needs to be upgraded to V800R012C10SPC300 or
a later version, you need to install V800R012SPH019 or a later patch first; otherwise, an error
message is displayed when you specify the system software file for the next startup. For details
about the patch, see Precautions for Upgrading the NetEngine 8000 M14 and PTN 6900-2-M14.

Specify the system software to be loaded to both IPUs for the next startup.
<HUAWEI>startup system-software NetEngine8000-M8-M14_V800R022C00SPC600.cc
<HUAWEI>startup system-software NetEngine8000-M8-M14_V800R022C00SPC600.cc
slave-board
or
<HUAWEI> startup system-software NetEngine8000-M8-M14_V800R022C00SPC600.cc all
(Optional) Specifies the patch file to be loaded when the device is started.
<HUAWEI>check patch huawei.pat
Warning: Package verification consumes system CPU resources. Continue? [Y/N]:y
Info: Prepare to check file huawei.pat, please wait...done.
Info: Digital signature verification of the system patch succeeded.
<HUAWEI> startup patch huawei.pat all
Info: Operating, please wait for a moment........done.
Info: Succeeded in setting startup the patch.
(Optional) Specify the startup paf file for the router.
<HUAWEI>startup paf huawei.bin
Info: Succeeded in setting main board resource file for system.
(Optional) Specify the startup configuration file for the router. If no configuration file is
specified, the configuration file of the source version is used during the next startup.
If the configuration file for the next startup is specified, 8 cannot be performed. Otherwise, the specified
configuration file for the next startup will be overridden.
<HUAWEI>startup saved-configuration vrpcfg.zip
Info: Operating, please wait for a moment.......done. Info:
Succeeded in setting the configuration for booting system.
8. Save configurations.
<HUAWEI>save
Warning: The current configuration will be written to the device.
Are you sure to continue? [Y/N]:y
Now saving the current configuration to the slot 15 .
Now saving the current configuration to the slot 16 .......
9. (Optional) Block users from getting online and cut off online users.
 If the router to be upgraded has no service, skip this step.

 This step must be performed on the router that has services; otherwise, a reboot will cause logoff and
result in login attempt failures.
a. Block users from getting online in the AAA domain.
The block command used in the AAA domain view blocks a domain. After this
command is used, new users in the domain cannot get online, but online users in
this domain are not affected.
View online users in all domains.
<HUAWEI>system-view
[~HUAWEI]aaa
[~HUAWEI-aaa]display domain
------------------------------------------------------------------------
------

Domain name State CAR Access-limit Online BODNum

RptVSMNum
------------------------------------------------------------------------
------
default0 Active 0 32000 0 0 0
default1 Active 0 32000 0 0 0
default_admin Active 0 32000 2 0 0
test Active 0 32000 1 0 0
------------------------------------------------------------------------
------
Total 3,3 printed
Run the block command in each domain that has users.
<HUAWEI>system-view
[~HUAWEI]aaa
[~HUAWEI-aaa]domain test
[~HUAWEI-aaa-domain-test]block
b. Get users offline.

Run the cut access-user command in the AAA view to get users offline in each
domain that has online users found using the display domain command. This
process takes less than 1 minute if there are a lot of online users.
[~HUAWEI-aaa]cut access-user domain test
Wait for a certain period of time and run the display domain command to verify
that all users are offline. After all users go offline, shut down the BAS interface and
save the configuration (do not shut down the remote login interface). And then back
up the configuration file for possible rollback (Do not run the block or cut access-
user command for the default_admin domain).
 If a large number of users are online, running the cut access-user command results in increasing
CPU usage because many protocol packets are exchanged. After online users get offline, CPU usage
reduces and becomes stable. (The block and cut access-user domains cannot include the
administrative user domain. The default administrative user domain is default_admin.)
 The cut access-user command takes effect only once and is not saved into the configuration file.
Running this command does not affect the follow-up upgrade procedure.
 Before you run the cut access-user command, ensure that the number of online users in each
domain is less than or equal to 50% of the total number of users. In addition, run this command to
log out users in a different domain only after all users in the domain where this command is last run
are logged out. Running this command simultaneously for two or more domains will overburden the
RADIUS server (for example, suddenly increase the CPU and memory usage), thereby causing
system instability.
 If the number of users in a domain exceeds 50% of the total number of users, you can run the cut
access-user interface or cut access-user slot command to log out users from a specified interface or
board. This prevents a large number of users from being logged out, reducing the burden on the
RADIUS server.
10. Reboot the device.
 Some commands and functions may change because the configuration file changes after the reboot.
 The reboot fast command is used for quick restart of the router without prompting the user to
confirm whether to save current configurations.
<HUAWEI>reboot
MPU 15:
Next startup system software: cfcard:/NetEngine8000-M8-M14_V800R022C00SPC600.cc
Next startup saved-configuration file: Vrpcfg.zip

Next startup paf file: default

Next startup patch package: NULL
The configuration information of any other MPU is the same as that of MPU 15.
System will reboot! Continue? [Y/N]:y
11. After the restart, run the display startup command to verify that the router is running
target system software.
<HUAWEI>display startup
MainBoard:
Configured startup system software: cfcard:/NetEngine8000-M8M14-
Startup system software: cfcard:/NetEngine8000-M8M14-
Next startup system software: cfcard:/NetEngine8000-M8-
M14_V800R022C00SPC600.cc
Startup saved-configuration file: cfcard:/Vrpcfg.zip
Next startup saved-configuration file: cfcard:/Vrpcfg.zip
Startup paf file: default
Startup patch package: NULL
SlaveBoard:
Configured startup system software: cfcard:/ NetEngine8000-M8M14-
Startup system software: cfcard:/ NetEngine8000-M8M14-
M14_V800R022C00SPC600.cc
Startup saved-configuration file: cfcard:/Vrpcfg.zip
Next startup saved-configuration file: cfcard:/Vrpcfg.zip
12. (Optional) After restart, load a desired GTL license file.

Run the license active license name command to activate a GTL license in the following
scenarios:
− Scenario 1: Activate a license for the first time.
<HUAWEI>license active gtl.xml
Now activing the License.............done.
− Scenario 2: A license file with the same name resides on a main control board that is
not the master main control board.
Enter Y or N to confirm the activation operation. Enter Y to activate the license.
Enter N to use the existing license.
Warning: A file with the same name exists on the other board. This
operation will replace the existing one. Continue? [Y/N]:y
− Scenario 3: A license file has been activated. The new license to be activated has
higher specifications than the existing activated one.

− Scenario 4: A license file has been activated. The new license to be activated has
lower specifications than the existing activated one.
Enter Y or N to confirm the activation operation. Enter Y to activate the license.
Enter N to use the existing license.
Warning: This operation will reduce current resource or function.
Continue? [Y/N]:y
13. Check services after the upgrade.
After the device starts up, check the subcard registration status. If all subcards are
registered, check the configuration recovery status and check that no configuration loss
occurs. Then, run the undo shutdown command on the network-side interface and check
whether the network-side protocol status is restored.
(Optional)Run the undo block command, and then run the undo shutdown command on
one downstream BAS interface. Check that services are normal. Then enter all the
domains of online users on the BAS interface, and check that user services are normal.
14. If the IKEv1 MOD file is installed, enable IKEv1 and save the configuration.
Enable IKEv1 globally.
<HUAWEI>system
[~HUAWEI]ike v1 enable
[*HUAWEI]commit
[~HUAWEI]quit
<HUAWEI>
Save the configuration.
<HUAWEI>save
Warning: The current configuration will be written to the device.
Are you sure to continue? [Y/N]:y
Now saving the current configuration to the slot 15 ............
----End
Troubleshooting
If the IPU cannot be properly registered or the router cannot be telneted to but the BootROM
menu is displayed, you can implement a rollback to restore the source system software.
Another upgrade can be planned and performed after the router works properly. For
information about version rollback, see section 7.2 IPU Fails to Be Registered.
If any boards fail to run properly or register, see section 7.1 Boards or Fans Fail to Be
Upgraded.
4.3 Upgrading the System Software Using the BootROM

Purpose To upgrade the device using the BootROM when the device fails to
start up.
Impact Services are interrupted when the host software on the master IPU is
being upgraded.

Time Required It takes approximately 20 minutes to upgrade the device with

minimum configuration on a LAN.
Prerequisites The device has Ethernet interfaces for communicating with an FTP
server.
CFcards have enough free space to store the system software.
Upgrade Flowchart
Figure 4-2 Upgrading the system software using the Console interface
Procedure
1. Connect the Console interface and the COM interface of a PC, and configure the
HyperTerminal.
2. Run the FTP and TFTP Server programs on the PC.
In this step, the window displayed may vary because the FTP and TFTP software may be different for
different devices. The TFTP and FTP software must be stored in the same directory which is used for
storing system software.
Set parameters for the FTP server program, including the file directory, user name, and
password. For details, see Figure 4-3.

Figure 4-3 FTP parameter settings
Set parameters for the SFTP server program, including the user name, password, port
number, and file directory.
3. Restart the router. The HyperTerminal interface displays the following information:
boot from area 0
Build at 19:43:45 on Dec 17 2019
Totem_PLL: 1600 MHz, Nimbus_PLL: 2000 MHz
Totem B Cluster L1/L2 Cache Mbist OK
Reset times is 2

Single-Processor Single-Core Serial Execute Memory Init

[S0][GetDimmSpdData]
[ResetAllSlaveCore][12733]Single-P Single-C of serial execute memory training.
DDR three step test success
#INIT_TEST(0x09080001) [Memory_Test(CPU_DDR_3STep)] ...... pass

#END
Press [Ctrl+T] to entry diag menu in 1 seconds
Load M7 Firmware.........Done
Initialize mmu
[RcCfgDefConfig]:[4237L]: Port_id = 0 Expected Max Width = 0x1
Not need init pcie ep!

Config M7 done.
Board Type:2070D
get LED pin num zero!
[nb_config_led:257] Invalid LED index: 0
Slotid:16,17
Press [Ctrl+A] to enter BIOS menu 0
freq:0x5F5E1000 , reg = 0x7A280801 frac=0x1000000.
CPLD check:OK
PLL check: OK
#INIT_TEST(0x09080002) [CPU_POST] ...... pass

#END
The 1st before reset cause, type: CPU, source: oneself
The 2nd before reset cause, type: CPU, source: oneself
The 3th before reset cause, type: power on, source: oneself
The 4th before reset cause, type: unknown, source: oneself
BTFL(area=0 media=0)
BTFL(area=0 start_flag=1)
BTFL(area=0 unsuccess_times=0)
BTFL(area=0 mainflash=0)
BTFL(area=0 os_unsuccess_times=0)
BTFL(area=0 os_boot_area=0)
[next_gen_mtd_get_file:518] file->flash_addr
[next_gen_mtd_get_file:531] Load uefi from mtd(0x0) area0
[next_gen_mtd_get_file:542] Read uefi, len=0x5326D8 ...
uefi signature check pass!
Begin to update uefi boot area 0 ... OK
System will reboot to start with new uefi ...
[next_gen_bt_reboot:416] next_gen_bt_reboot , continue boot
System is warm reboot ...
Reset cpu by epld
boot from area 0
Build at 21:30:20 on Jan 7 2020
Reset times is 3
......
[DRV]install_starry_hi162x_cx_IPU_stage2.sh found successful.

Press Ctrl+R to enter the Recovery mode and restore factory configurations.
Press CTRL+B to enter BOOT menu: 3
4. Press Ctrl+B within 3 seconds after the message of Press Ctrl+B to enter Menu: 3 is
displayed.
Password:
5. Enter a password and access the main menu.
 No preset password is required for the BootLoad menu. Modifying the preset password to prevent
security risks is recommended.
 From V800R012C00, you can run the set boot password command in the system view to change
the BootLoad password.
[~HUAWEI]set boot password slot 15
Please set a login password (6-255)
Enter old password:
Enter new password:
Confirm new password:
Info: The password was changed successfully
 When a device is upgraded from a version earlier than V800R012C00SPC300 to
V800R022C00SPC600, the BootLoad password before the upgrade is used. You are advised to
change the password after the upgrade.
Choose 5. Password manager submenu from the BootLoad menu to change the password. The
password must be a string of 6 to 255 characters that contain at least two of the following: uppercase
letters, lowercase letters, digits, and special characters. The password cannot contain question marks (?)
or spaces.
Main Menu
1. Default startup
2. Ethernet submenu
3. Startup parameters submenu
4. List file
5. Password manager submenu
6. Reboot
Enter your choice(1-6): 2

6. Select Ethernet submenu to enter the Ethernet interface submenu.
Ethernet submenu
1. Update software
2. Display parameters
3. Modify parameters
0. Return

7. Select Modify parameters to set related parameters.
FTP type(0:SFTP 1:FTP 2:TFTP) : 1 - \\FTP type
Server IP address : X.X.X.X - X.X.X.X \\FTP server address
Local IP address : X.X.X.X - \\Configure an IP address that can
be used for communication with the FTP server.
Local IP mask : X.X.X.X - \\Configure a mask used for
communication with the FTP server.

FTP username : ftpname - dyd \\ftp or tftp user name

FTP password : ****** - *** \\ftp or tftp user name
Ethernet submenu
1. Update software
0. Return
Select Update software to set the system software to be loaded.
Update software
1. Update system software

2. Update system software with disk format
0. Return

Select Update system software to set the system software to be loaded.
8. After parameter setting is complete, enter the system software name to load the system
software from Update software.
Update software
1. Update system software

2. Update system software with disk format
0. Return
Current startup file is "NetEngine8000-M8-M14_V800R022C00SPC600.cc".

Please input file name: NetEngine8000-M8-M14_V800R022C00SPC600.cc
File:[NetEngine8000-M8-M14_V800R022C00SPC600.cc] already exists! Are you sure

to overwrite it? Yes(y) or No(n): y
Current patch file is "<NULL>".

Please input patch name:
Downloading "NetEngine8000-M8-M14_V800R022C00SPC600.cc" ...
check download file size: 316 MB
Done.
package cms check success !
Get format value 0, start_mode 0 boot_area 0, format_part /bootbak
Get invalid format flag 0, continue to boot.
Boot Disk: flash
Startup File: NetEngine8000-M8-M14_V800R022C00SPC600.cc
[FAILED] Failed unmounting Temporary Directory (/tmp).

[ OK ] Stopped Network Service.
[ OK ] Unmounted /boot.
[ OK ] Unmounted /opt/vrpv8/var.
[ OK ] Unmounted /opt/vrpv8/data.
[ OK ] Unmounted /bootbak.
[ OK ] Stopped Apply Kernel Variables.

[ OK ] Stopped target Swap.

[ OK ] Unmounted /opt/vrpv8/home.
[ OK ] Reached target Unmount All Filesystems.
[ OK ] Stopped target Local File Systems (Pre).
[ OK ] Stopped Create Static Device Nodes in /dev.
[ OK ] Stopped Create System Users.
[ OK ] Stopped Remount Root and Kernel File Systems.
[ OK ] Reached target Shutdown.
[ OK ] Reached target Final Step.
[ OK ] Started Reboot.
[ OK ] Reached target Reboot.
SEfuse T10 version: AVS0 Enabled
boot from area 0
Build at 21:30:20 on Jan 7 2020
Reset times is 37
......
Please Press ENTER.

9. Verify that the system software has been upgraded successfully.
<HUAWEI>check version startup
M14_V800R022C00SPC600.cc, please wait ......
Info: Software version match Ok!
The message Info: Software version match Ok! indicates that the upgrade is
successful. Otherwise, you need to perform the upgrade again.
10. (Optional) Install the latest patches for the new system software.
For detailed instructions on how to install patches, refer to the pertaining patch release
notes.

Upgrade Guide 5 Verifying the Upgrade
5 Verifying the Upgrade
5.1 Verification Checklist

5.2 Verifying the System Software Version
5.3 Verifying that Boards Successfully Register
5.4 Verifying that the GTL License Functions Properly
5.5 Verifying the Version Consistency on Components
5.6 Verifying the Running Status of the Device
5.7 Verifying Configurations
5.8 Verifying Services
5.1 Verification Checklist

Table 5-1 Verification checklist
No. Item Expected Result Actual Result

1 5.2 Verifying the System The system software version is
Software Version correct.
2 5.3 Verifying that Boards Boards and subboards are
Successfully Register successfully registered.
3 5.4 Verifying that the The GTL license is functioning
GTL License Functions properly.
Properly
4 5.5 Verifying the Version The MonitorBus version is
Consistency on consistent with the system
Components software version.
5 5.6 Verifying the Running The device is running properly.
Status of the Device
6 5.7 Verifying The new configuration file is the
Configurations same as the saved configuration

No. Item Expected Result Actual Result

file.
7 5.8 Verifying Services Services are available, and
registered users are not forced
offline.
5.2 Verifying the System Software Version

After the upgrade, run the display version command and the display startup command in
any view to check the system software version of the router. The display in bold is the current
system software version of the router. Check whether the system software is the target
version. If the version is not the target version, review the upgrade steps to determine the
cause of the problem and then perform the version upgrade again.
<HUAWEI>display version
VRP (R) software, Version 8.201 (NE40E V800R022C00SPC600)
HUAWEI NetEngine 8000 M14 uptime is 0 day, 17 hours, 40 minutes
MainBoard:
Configured startup system software: cfcard:/NetEngine8000-M8-
M14_V800R022C00SPC600.cc
Startup system software: cfcard:/NetEngine8000-M8-
M14_V800R022C00SPC600.cc
M14_V800R022C00SPC600.cc
Startup saved-configuration file: cfcard:/vrpcfg.zip
Next startup saved-configuration file: cfcard:/vrpcfg.zip
SlaveBoard:
M14_V800R022C00SPC600.cc
M14_V800R022C00SPC600.cc
M14_V800R022C00SPC600.cc
Startup saved-configuration file: cfcard:/vrpcfg.zip

5.3 Verifying that Boards Successfully Register

Run the display device command in any view to check the registration status of boards. The
registration status should be Normal.
<Huawei>display device
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
5.4 Verifying that the GTL License Functions Properly

Display information about the license files on master and slave IPUs.
<HUAWEI>display license
Active License : cfcard:/LICNetEngine8000M14.xml
License state : Normal
Revoke ticket : No ticket
RD of Huawei Technologies Co., Ltd.
Product name : NetEngine 8000

Product version : V800R012
License Serial No : XXXXXXXXXXXXXXXXX
Creator : Huawei Technologies Co., Ltd.
Created Time : 2020-01-14 15:30:44
-------------------------------------------------------------
Feature name : Trial0
Authorize type : comm
Expired date : PERMANENT
Trial days : --
Item name Item type Value Description

-------------------------------------------------------------
XXXXXXXXXXXX -- 1 NetEngine 8000 M XXX Function License
XXXXXXXXXXXX Function YES NetEngine 8000 M XXX Function License

......
Master board license state: Demo. The license for the current configuration will
expire in XX day(s).
Apply for authentic license before the current license expires.
All of the items in the list above are controlled by the GTL license. A Used value of 0
indicates that a function is unavailable; a value of 1 indicates that it is available. A Control
value indicates the number of authorized resources. Use the list to check whether Authorize
type, Expired date, and Control value for GTL license items are the same as what you
applied for.
5.5 Verifying the Version Consistency on Components

If there are version inconsistencies after the upgrade, perform a manual upgrade by following
the instructions in 7.1 Boards or Fans Fail to Be Upgraded.
Run the check version startup command in the user view to verify the software upgrade
result.
 If the upgrade succeeded, the display is as follows:
M14_V800R022C00SPC600.cc, please wait .................
.................................
Info: Software version match Ok!
The preceding information indicates that the software version of each component on the
device is the same as the current system software version. A detailed list for each
component is not displayed.
 If the upgrade failed, the display is as follows:
.................................
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Slot# Type Content CurVer ExactVer State Upgrade Suggestion
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15 IPU EPLD xxx xxx Incompatible Must
The preceding information indicates that the EPLD version of the IPU in slot 15 is
different from that in the current system software. You need to upgrade the EPLD of this
IPU.
If there are inconsistencies such as the one shown in the preceding display, you must
perform a manual upgrade to correct the problem. For detailed instructions, see section
7.1 Boards or Fans Fail to Be Upgraded.

V800R022C00SPC600 does not support automatic EPLD upgrade on the master IPU, but
supports automatic EPLD upgrade on the slave IPU. To automatically upgrade the EPLD on
the master IPU, perform a master/slave IPU switchover first.
5.6 Verifying the Running Status of the Device

Run the display health and display alarm active commands in the user view to check the
running status of the device. Make sure that IPUs and LPUs are functioning properly.
<HUAWEI>display health
----------------------------------------------------------------
----------------------------------------------------------------
15 IPU(Master) 30% 22% 3384MB/15267MB
16 IPU(Slave) 13% 18% 2764MB/15267MB
----------------------------------------------------------------
<HUAWEI>display alarm active
Keep a detailed record of the operating status of each board for use as a troubleshooting
reference.
5.7 Verifying Configurations

Run the display current-configuration command in any view to check the router
configurations after the router starts up. Run the compare configuration command in the
user view to compare the new configuration file with the saved configuration file.
The following display shows that no configurations are lost:
<HUAWEI>compare configuration
Building configuration.....
Info:The current configuration is the same as the next startup configuration file.
The following display shows that some configurations are lost:

<HUAWEI>compare configuration
Building configuration....
Warning: The current configuration is not the same as the next startup
configuration file. There may be several differences, and the following are some
configurations beginning from the first:
====== Current configuration line 65831 ======
eth-trunk 63
undo dcn
#
interface GigabitEthernet0/4/0
undo shutdown
undo dcn
#
interface GigabitEthernet0/4/1
undo shutdown
#

5.8 Verifying Services

Two methods are available for verifying whether services are running properly.
 Compare data entries from the upgraded routing table, FIB table, MAC table and other
tables with pre-upgrade entries from the same tables to determine if any data is lost.
Check whether the traffic volumes of services are the same before and after the upgrade.
If the traffic volumes of services are different, contact Huawei technical support
personnel.
 Confirm with the network management personnel of the customer to check whether the
services are normal, whether the NMS synchronization is normal, and whether the NMS
server is running properly.
Check whether services are running properly before running the save command.

Upgrade Guide 6 Rolling Back to the Source Version
6 Rolling Back to the Source Version
6.1 Rolling Back to the Source Version Guide

6.2 Application Scenario
6.3 Verifying the Rollback
6.1 Rolling Back to the Source Version Guide
If the rollback fails or any issue occurs during the rollback, contact Huawei technical support
engineers in a timely manner and record the symptoms and all the operations that have been
done to perform the rollback.
6.2 Application Scenario

In the following cases, roll back the system software to the source version:
Device malfunctions after the upgrade.
How to Perform the Rollback:
 If device can start properly after an upgrade, roll back to the source version using
command lines (CMLs).
 If device can start properly after an upgrade, run the rollback command to roll back to
the source version within 48 hours. The patch file and configuration file will roll back
along the command.
 If device cannot start properly after an upgrade and stays in the BIOS state, roll back to
the source version using the FTP method.
 If device fails to start three times, it will automatically roll back to a version with which
it successfully started last time.

 By default, Device tries each software package for a maximum of three times and will automatically
restart upon a start failure.
 When System fails to start three times, it considers that the system software is invalid. To start
Device using the system software, power it off or rename the system software package.
 If an earlier system software version is unavailable after a rollback, Device stays in the BIOS state.
6.2.1 Precautions
This section describes important precautions that must be taken during a rollback:
 When a rollback is in progress, services will be temporarily interrupted. The interruption
time depends on the rollback method and service configuration.
 Before performing a rollback, contact Huawei technical support engineers to determine if
the target version for the rollback requires a patch. If yes, install the required patch after
the rollback.
 After performing a rollback, some new add board and subboard, which added on the new
version, maybe abnormal or unregister. If you need, contact Huawei technical support
engineers.
 After the rollback command is run, the system configuration file and patch file will
automatically roll back. The configuration in the target version will be lost. For any
questions, contact Huawei technical support personnel.
Before performing a rollback, upload the configuration file that you have backed up before
the upgrade o NE, and set "Next startup saved-configuration file" to use the backed up
configuration file.
Backing Up Key Data Saved in the cfcard

Before a rollback, back up configuration files in the CF card to a PC using the FTP or TFTP
method. For details, see section 3.8 Backing Up Key Data Saved in the cfcard." When the
rollback is complete, reload the backup configuration files into the CF card.
Upgrading the System Software Using Command Lines

If device restarts successfully but some services are unavailable, roll back to the source
version using CMLs.
A rollback using CMLs is performed in the same way as an upgrade using CMLs, for details
about the upgrade process, see the "4.2 Upgrading the System Software Using Command
Lines"。
If the system software, license file, paf file, and patch for the new version are stored in the CF
card, you do not need to upload them. Instead, you need to specify the system software and
configuration file for the next start, run the reboot command in user view and then restart
device.
Two methods are available for a version rollback.

Use the current configuration file for a version rollback.

Step 1 Check patch running information.
MainBoard:
M14_V800R022C00SPC600.cc
M14_V800R022C00SPC600.cc
M14_V800R022C00SPC600.cc
Startup saved-configuration file: cfcard:/vrpcfg.cfg
Next startup saved-configuration file: cfcard:/vrpcfg.cfg
SlaveBoard:
M14_V800R022C00SPC600.cc
M14_V800R022C00SPC600.cc
M14_V800R022C00SPC600.cc
The text in bold indicates patch information. In the preceding command output, NULL is
displayed for patch information, indicating that no patch file is running.
In this situation, go to Step 2. If patch files are displayed, run the patch delete all command
to delete the patch files and then go to Step 2.
<HUAWEI> patch delete all
Patch files must be deleted under the guidance of Huawei technical support personnel.
Step 2 Specify the target system software that control boards will load during startup.
The following uses NetEngine8000-M8M14-V800R012C00SPC300.cc as an example.
<HUAWEI>startup system-software NetEngine8000-M8M14-V800R012C00SPC300.cc all
Info: Operating, please wait for a
moment............................................................................
..................................................................................
...done.
Info: Succeeded in setting the software for booting system in slot 10
Info: Succeeded in setting the software for booting system in slot 11.
 The system software cannot be specified if it fails the CRC check or does not match the device
model.
 The all parameter is not required when only one MPU.

Step 3 Check the files that the device is to load at the next startup.
MainBoard:
M14_V800R022C00SPC600.cc
M14_V800R022C00SPC600.cc
Next startup system software: cfcard:/NetEngine8000-M8M14-
SlaveBoard:
M14_V800R022C00SPC600.cc
M14_V800R022C00SPC600.cc
Step 4 Perform a CRC check on the system software to be loaded at the next startup.
<HUAWEI>check system-software NetEngine8000-M8M14-V800R012C00SPC300.cc
Info: Prepare to check system software cfcard:/NetEngine8000-M8M14-
V800R012C00SPC300.cc, please wait..........
d76a9989a4d64bb5909a387e18b8c1f98142b37e3e22ff71b673bec3576f5b46.
Step 5 Save the configuration.

<HUAWEI>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]Y
Now saving the current configuration to the slot 11.
Save the configuration successfully.
Now saving the current configuration to the slot 10.
Save the configuration successfully.
Step 6 Restart the device.

<HUAWEI>reboot
MPU 11:
Next startup system software: cfcard:/NetEngine8000-M8M14-V800R012C00SPC300.cc

----End
Use another configuration file for a version rollback

Step 1 Check patch running information.
MainBoard:
Configured startup system software: cfcard:/NetEngine8000-M8M14-
Startup system software: cfcard:/NetEngine8000-M8M14-
The text in bold indicates patch information. In the preceding command output, NULL is
displayed for patch information, indicating that no patch file is running.
In this situation, go to Step 2. If patch files are displayed, run the patch delete all command
to delete the patch files and then go to Step 2.
<HUAWEI>patch delete all
 Patch files must be deleted under the guidance of Huawei technical support personnel.
Step 2 Specify the target system software that control boards will load during startup.
The following uses NetEngine8000-M8M14-V800R012C00SPC300.cc as an example.
<HUAWEI>startup system-software NetEngine8000-M8M14-V800R012C00SPC300.cc all
Info: Operating, please wait for a
moment............................................................................
..................................................................................
...done.
Info: Succeeded in setting the software for booting system in slot 10
Info: Succeeded in setting the software for booting system in slot 11.
 The system software cannot be specified if it fails the CRC check or does not match the device
model.
 The all parameter is not required when only one MPU.
Step 3 Disable the device from automatically saving the configuration.

<HUAWEI>system-view
[~HUAWEI]undo set save-configuration
[~HUAWEI]commit
[HUAWEI]quit
 After this command is run, configurations are no longer automatically saved.

Step 4 Specify the configuration file to be loaded at the next startup. The following uses etn.zip as
an example.
<HUAWEI> startup saved-configuration etn.zip
Info: Operating, please wait for a moment.......done.
Info: Succeeded in setting the configuration for booting system.
The configuration file to be loaded at the next startup must have been stored in the CF cards of both the
master and slave control boards.
Step 5 Check the files that the device is to load at the next startup.
MainBoard:
M14_V800R022C00SPC600.cc
M14_V800R022C00SPC600.cc
Next startup saved-configuration file: cfcard:/ atn.zip
Step 6 Perform a CRC check on the system software to be loaded at the next startup.
<HUAWEI>check system-software NetEngine8000-M8M14-V800R012C00SPC300.cc
Info: Prepare to check system software cfcard:/NetEngine8000-M8M14-
V800R012C00SPC300.cc, please wait..........
a5b1a9d545131690c4a706ca568a38144e7fb70c97fbea3547ed965d4524629b.
Step 7 Restart the device.

<HUAWEI>reboot fast
MPU 11:
Next startup system software: cfcard:/NetEngine8000-M8M14-V800R012C00SPC300.cc
Next startup saved-configuration file: cfcard:/atn.zip
----End
6.2.2 One-Command Version Rollback

If the device can restart properly and only some services are unavailable, you can run the
rollback command within 48 hours to perform a rollback.
Step 1 Log in to the device using Telnet or the HyperTerminal

Step 2 Run the display rollback information command in the user view to check the version
rollback information.
<HUAWEI>display rollback information
--------------------------------------------------------------------------------
software package: cfcard:/NetEngine8000-M8M14-V800R012C00SPC300.cc
config file: cfcard:/vrpcfg.zip
patch file: cfcard:/patch.pat
rollback remaining time: 04:31:28
If no version rollback information is displayed, the source version does not support the rollback
command, or the system has been running for more than 48 hours continuously.In this situation, you can
perform the rollback using CMLs.
Step 3 Run the rollback command to roll back to the source version.
<HUAWEI>rollback
Checking rollback version information.....
Rollback software: cfcard:/NetEngine8000-M8M14-V800R012C00SPC300.cc
Rollback configuration: cfcard:/ vrpcfg.zip
Rollback patch: cfcard:/patch.pat
The system will rollback to the previous version, the current configuration will
be lost.
Continue?[Y/N]
Please select [Y/N]:y
----End
After the rollback command is run, the ATN device will check the validity of the source version,
configuration file, and patch file (if patches are running before the upgrade). If the check fails, the
rollback cannot be performed. You can roll back only to the source version through CMLs.
Follow-up Procedure
Reload the backup configuration files to the CF card after the rollback is complete.
6.3 Verifying the Rollback
The version rollback verification procedure provided here lists only key check items. For detailed
operating instructions, see the chapters pertaining to version rollback in the upgrade guide.
Procedure
Step 1 Run the display startup command to check the system software.
Check whether the target version software is used to start the device.
Step 2 Run the display current configuration command to check whether the configuration file
rollback is successful.
Step 3 Check whether the configuration file is the same as the configured one.

----End
Expected Results
 The device version is the source version.
 The device works properly, and all services are normal.

Upgrade Guide 7 Troubleshooting
7 Troubleshooting
7.1 Boards or Fans Fail to Be Upgraded

7.2 IPU Fails to Be Registered
7.3 System Software on the Device Is Incorrect or No System Software Exists
7.1 Boards or Fans Fail to Be Upgraded

7.1.1 Fault Symptom
 After the system software is upgraded, some boards fail to register or do not function
properly.
 After the system software is upgraded, the fans fail to register or do not function
properly.
 After a new board is installed, it fails to register or function properly.
7.1.2 Fault Analysis

1. Run the display device command in the user view to view information about the status
of all boards on the device.
<HUAWEI>display device
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------


-------------------------------------------------------------------------------
If Unregistered is displayed in the Register field, the board in the specified slot is not
registered. If Abnormal is displayed in the Status field, the board in the specified slot is
not functioning properly.
2. Run the check version startup command in the user view to display any components
whose versions do not match the target system software version.
.................................
Slot# Type Content CurVer ExactVer State Upgrade Suggestion
15 IPU EPLD 100 104 Incompatible Must
The preceding information indicates that the version of the EPLD in slot 15 is
inconsistent with the system software version. You need to upgrade the EPLD in slot 15.
7.1.3 Troubleshooting Procedure (Board Firmware EPLD Fault)
The NetEngine 8000 M14 usually does not support automatic EPLD upgrade, but the EPLD
can be upgraded separately using the test bus.
1. On a device with dual main control boards, the EPLD of the master main control board
cannot be upgraded directly. If you must upgrade the EPLD of the master main control
board, first perform a master/slave main control board switchover and then upgrade the
EPLD on what is now the slave main control board.
2. For a device with a single main control board, the EPLD of the main control board can
be directly upgraded. Before an upgrade, the system displays a message indicating that
an upgrade risk exists. Remove the risk and confirm that the upgrade will not be affected
before performing the upgrade.
Precautions for the upgrade:
1. Before the upgrade, save the configurations of a board to be upgraded.
2. During the upgrade, do not remove or insert any board or power off the device.
Otherwise, the device may become abnormal and cannot be restored.
Upgrading the EPLD of a Board
If the boards register successfully but Huawei technical support engineers confirm that the firmware of a
board is abnormal, use the following method to upgrade the EPLD of the involved board.
Run the upgrade ipu by-testbus slotid { startup | file-name } upgradeType boardType
command in the diagnostic view to upgrade the EPLD of the board in a specified slot.

 slotid: specifies the slot ID of a board that is not running properly.

 startup: uses the current software package at a next startup.
 file-name: specifies the name of a software package stored on the CF card as the software package to
be loaded at a next startup.
 upgradeType: The value can be ipu-epld or pic-epld.
ipu-epld: indicates that the EPLD of an interface board is to be upgraded. If firmware of a board is
faulty, configure the ipu-epld parameter for an upgrade.
pic-epld: indicates that the EPLD of a specified subcard is to be upgraded.
 boardType: specifies the EPLD type on a board.
The value can be cpua or ipu2ta.
After the preceding operations are complete, the upgraded board automatically resets and does
not save the board configuration. Ensure that the corresponding configuration has been saved
before performing the following operations:
[~HUAWEI-diagnose]upgrade ipu by-testbus 15 startup ipu-epld ?
cpua CPUA BOARD
ipu2ta IPU2TA BOARD
[~HUAWEI-diagnose]upgrade ipu by-testbus 15 startup ipu-epld cpua
M14_V800R022C00SPC600.cc.
Warning: This command may affect operation by wrong use, please carefully use
it with HUAWEI engineer's direction. Are you sure to do this operation? [Y/N]:
This command is used to upgrade the EPLD of a board whose firmware is not running
properly. (In this example, the slot ID is 15. Enter the slot ID based on the actual situation.)
7.2 IPU Fails to Be Registered

7.2.1 Fault Symptom
 When the router resets after the system software is upgraded, neither of the two IPUs can
be registered.
 The router cannot be telneted to.
 After the system software is upgraded, the master IPU is registered successfully but the
slave IPU fails to be registered.

 If the IPU fails to be registered due to unknown reasons during the upgrade and the
system cannot start, roll back the system software to the source version using the
BootROM.
 If only the master IPU can be successfully registered after the upgrade because the
system software versions on the master and slave IPUs are different, upgrade the slave
IPU using the BootROM.

7.2.3 Troubleshooting Procedure

For detailed troubleshooting procedures, see 4.3 Upgrading the System Software Using the
BootROM.
7.3 System Software on the Device Is Incorrect or No

System Software Exists
7.3.1 Fault Symptom
The device cannot load the system software successfully.

If system software was not delivered with the device or the system software is incorrect, use a
management network port to load the system software.
7.3.3 Troubleshooting Procedure

Uploading the System Software Using a Management Network Port
For detailed troubleshooting procedures, see 7.2.3 Troubleshooting Procedure.

Upgrade Guide 8 Configuring the Default Configuration File
8 Configuring the Default Configuration

File
Background
In V800R021C00SPC100 and later versions, the default account and SSH/SNMP all port
listening configuration are removed from the default configuration file of the device (only
management network port listening is retained), but the functions of first login and password
change upon the first login are added. In addition, weak algorithms are removed, and DTLS
data channel encryption is used by default in transmission mode. The removed configurations
are stored in the default-custom.defcfg file. You can tailor and load the file as needed.
Activate the pre-configuration file after the upgrade.The detailed changes are as follows:
1. The default account and SNMP/SSH all port listening configurations are removed from
the default configuration file. By default, only SSH login through the management
network port or login through the serial port is supported. In addition, the first-login
process is triggered upon the first login, requiring you to create a username and
password. Note that the first-login process is disabled during SSH login if the process
has been triggered during serial port login.
Securit Configuration Removed from the Default Configuration Added to or
y Configuration File Retained in the Default
Harden Configuration File
ing
Default #
account aaa
$1c$]f(3Q<j7uS$!0!)8@e`\+lj]vQx\2l&y-
$M(|\n_ERFU_BF$!6X$
local-user root level 15
#
ssh user root

Enablin snmp-agent protocol source all-interface undo snmp-agent protocol source

g all-interface
SNMP undo ssh server-source all-
and interface
SSH on
all undo ssh ipv6 server-source all-
interfac interface
es
2. By default, the function of requiring a new user to change the password upon the first
login is enabled; however, this function is disabled in upgrade scenarios. To enable this
function, run the undo user-password password-force-change disable command in the
AAA view.
3. Weak algorithms are removed from the default.cfg file. If SSH-based login is used,
ensure that the login tool supports the security algorithms in the default configuration
file.
Weak ssh server key-exchange ssh server key-exchange
algorithm dh_group_exchange_sha256 dh_group_exchange_sha256
ssh server publickey ecc rsa rsa_sha2_256 ssh server publickey
ssh client key-exchange ssh client key-exchange
dh_group_exchange_sha256 dh_group_exchange_sha256
ssh client publickey ecc rsa rsa_sha2_256 ssh client publickey
4. In transmission mode, the DCN DTLS encryption channel is enabled by default. A

device uses this default configuration cannot interwork with a device running an earlier
version or a device that is not enabled with the DTLS encryption channel. If such two
devices are interconnected, the DCN login fails in transmission mode.
Enabling #
the DCN dtls policy qx_dtls_client
DTLS
encryptio #

n channel dcn security-mode enable

by #
default in
transmiss
ion mode
 The dcn security-mode enable command takes effect only in the default.cfg or *.defcfg
default configuration file. This command cannot be run by a user, and no configuration
information is generated for it.
 The dcn security-mode enable command automatically generates the bind client dtls-
policy qx_dtls_client command in the DCN view if a DTLS policy named qx_dtls_client
exists.
 To disable the DTLS encryption channel of DCN, run the undo bind client dtls-policy
command in the DCN view.
 Before running the reset saved-configuration command or the reset button to clear the
configuration, check whether the .defcfg file is configured.
 If the default behavior of the device needs to be the same as the previous one, you can run the
startup default-configuration configuration-file command to specify the customized defcfg file
during the production of a new device.
 You can also customize the .defcfg file for a live-network device when it is upgraded to
V800R021C00SPC100 or later If you add the preceding removed configurations to the
customized .defcfg file, the device retains the same default configuration restoration behavior as that
in the earlier version. For details, see the following operations.
 If a device is downgraded to a version earlier than V800R021C00SPC100, delete the default
configuration file or load the defcfg file customized for the source version.
Procedure
Step 1 Run the display ha component running-state | include CFG9 command to check the ID of
the process where the CFG component resides. The value in the PID column indicates the ID
of the process where the CFG component resides.
<HUAWEI> system-view
[~HUAWEI] diagnose
[~HUAWEI-diagnose] display ha component running-state | include CFG9
Info: It will take a long time if the content you search is too much or the string
you input is too long, you can press CTRL_C to break.
--------------------------------------------------------------------------------
NAME CID PID Type Version Board
Process State
--------------------------------------------------------------------------------
CFG9 0x80CB000C 0xCB0009 0xCB 1.2.103 17
3 PRIMARY
--------------------------------------------------------------------------------
Step 2 Run the display cmf-info file debug-info process locationId command to check whether the
device has a default configuration file.
Here, locationId specifies the process ID of the CFG component. For example:

[~HUAWEI] diagnose
[~HUAWEI-diagnose] display cmf-info file debug-info process 3
Startup default-configuration file summary info :
Setting state : true
File size : 8751
If the value of Setting state is true, the device has a default configuration file.
If no command output is displayed, the device does not have a default configuration file. In
this case, perform Step 3 to configure a default configuration file.
Step 3 Configure the .defcfg file.
1. Create a configuration file with the file name extension .defcfg.
2. For details about the content in the .defcfg file, see the following examples:
!Router function begin
#
undo crypto weak-algorithm disable
#
aaa
$1c$]f(3Q<j7uS$!0!)8@e`\+lj]vQx\2l&y-$M(|\n_ERFU_BF$!6X$
local-user root user-group manage-ug
user-password password-force-change disable
#
snmp-agent protocol source-status all-interface
#
stelnet server enable
snetconf server enable
ssh user root
ssh ipv6 server-source all-interface
#
ssh server key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1
dh_group14_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521
#
ssh server publickey ecc rsa rsa_sha2_256 rsa_sha2_512
#
ssh client key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1
#
ssh client publickey ecc rsa rsa_sha2_256 rsa_sha2_512
#
return
!Router function end
!Transport function begin

#
undo crypto weak-algorithm disable
#
aaa


$1c$]f(3Q<j7uS$!0!)8@e`\+lj]vQx\2l&y-$M(|\n_ERFU_BF$!6X$
local-user root service-type ssh mml
local-user root user-group manage-ug
user-password password-force-change disable
#
snmp-agent protocol source-status all-interface
#
stelnet server enable
snetconf server enable
ssh user root
ssh ipv6 server-source all-interface
#
ssh server key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1
#
ssh server publickey ecc rsa rsa_sha2_256 rsa_sha2_512
#
ssh client key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1
#
ssh client publickey ecc rsa rsa_sha2_256 rsa_sha2_512
#
undo dcn security-mode enable
#
undo dtls policy qx_dtls_client
#
return
!Transport function end
----End

Upgrade Guide A Uploading/Downloading Files
A Uploading/Downloading Files
A.1 Using a Router as an FTP/TFTP Client and a PC as an

FTP/TFTP Server
A.1.1 Uploading or Downloading the System Software Using
TFTP (Using a Router as an TFTP Client)
1. Configure the TFTP server.
Configure a PC as the TFTP server and store the target system software in the file
directory of the TFTP server. This example assumes that the IP address of the TFTP
server is X.X.X.X/X, and the IP address of the Ethernet interface on the router is
X.X.X.X
2. Download the router's system software.
The system software to be downloaded must have been saved in the file directory of the TFTP server.
On the router, run the tftp ip-address getsource-filename [ destination-filename ]
command to download the system software from the PC.
<HUAWEI>tftp X.X.X.X get NetEngine8000-M8-M14_V800R022C00SPC600.cc
Transfer file in binary mode.
Now begin to download file from remote tftp server, please wait for a
while...
|
TFTP: 171900428 bytes received in 303 seconds.
File downloaded successfully.
A.1.2 Uploading or Downloading the System Software Using FTP

(Using a Router as an FTP Client)
1. Set the FTP server.
Set a PC as the FTP server, configure a user named huawei with the password
huawei@123, and store the target system software in the file directory of the FTP server.
This example assumes that the IP address of the FTP server is X.X.X.X/X, and the IP
address of the Ethernet interface on the router is X.X.X.X.
2. Log in to the FTP server.

Run the ftp ip-address command on the router to set up an FTP connection with the PC
<HUAWEI>ftp X.X.X.X
Trying X.X.X.X ...
Connected to X.X.X.X.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(X.X.X.X:(none)):huawei
331 Give me your password, please
Password: ***
230 Logged in successfully
3. Download the router's system software.
Run the get source-filename [ destination-filename ] command in the FTP client view to
download the router's system software from the PC. After the download is complete, run
the bye command or quit command to terminate the FTP connection and return to the
user view.
[ftp]get NetEngine8000-M8-M14_V800R022C00SPC600.cc
200 PORT command okay
150 "C:\ NetEngine8000-M8-M14_V800R022C00SPC600.cc " file ready to send
(171900428 bytes) in ASCII mode
226 Transfer finished successfully.
FTP: 171900428 byte(s) received in 147.816 second(s) 89.80Kbyte(s)/sec.
[ftp] bye
221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye
A.2 Using a Router as an SFTP Server

1. Configure a local key pair on the SSH server.
<HUAWEI>system-view
[HUAWEI]sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be:SSH Server_Host
% RSA keys defined for HUAWEI_Host already exist.
Confirm to replace them? Please select [Y/N]:y
The range of public key size is (2048 ~ 2048).
NOTE: Key pair generation will take a short while
2. Create an SSH user on the server.
The SSH user can be authenticated in six modes: password, RSA, password-RSA, DSA, password-dsa,
and all.
 When the SSH user adopts the password, password-DSA, or password-RSA authentication mode,
configure a local user with the same name.
 When the SSH user adopts the RSA, password-RSA, DSA, password-DSA, or all authentication
mode, the server should save the RSA or DSA public key for the SSH client.
− Configure the VTY user interface.
[SSH Server]user-interface vty 0 4
[SSH Server-ui-vty0-4] authentication-mode aaa
[SSH Server-ui-vty0-4] protocol inbound ssh
[SSH Server-ui-vty0-4] quit
− Create Client001 for the SSH user.
Create an SSH user with the name Client001. The authentication mode is password.

[SSH Server]ssh user client001

[SSH Server]ssh user client001 authentication-type password
Set huawei as the password for the Client001 of the SSH user.
[SSH Server]aaa
[SSH Server-aaa]local-user client001 password cipher huawei@123
[SSH Server-aaa]local-user client001 service-type ssh
[SSH Server-aaa]local-user client001 level 3
[SSH Server-aaa]quit
− Create Client002 for the SSH user.

Create an SSH user with user name Client002 and RSA authentication.
[SSH Server]ssh user client002
[SSH Server]ssh user client002 authentication-type rsa
3. Configure the RSA public key of the server.
The following provides an example of how to create a local key pair on an NE40E that functions as an
SFTP client. If your client is not an NE40E, see the corresponding usage guide of your client.
a. Generate a local key pair on the client.
[HUAWEI] sysname client002
[client002] rsa local-key-pair create
b. View the RSA public key generated on the client.
[client002] display rsa local-key-pair public
=====================================================
Time of Key pair created: 16:38:51 2018/09/30
Key name: client002_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
1D7E3E1B
0203
010001
Host public key for PEM format code:
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7
yP3y98tnTlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b
---- END SSH2 PUBLIC KEY ----
Public key code for pasting into OpenSSH authorized_keys file :
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7yP3y98tn
TlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b rsa-key
=====================================================
Time of Key pair created: 16:38:51 2018/09/30
Key name: client002_Server
Key type: RSA encryption Key
=====================================================
Key code:

3067
0260
BCFAC085 49A2E70E 1284F901 937D7B63 D7A077AB
D2797280 4BCA86C0 4CD18B70 5DFAC9D3 9A3F3E74
9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27
1C76ABAB 743C568B 1B35EC7A 8572A096 BCA9DF0E
BC89D3DB 5A83698C 9063DB39 A279DD89
0203
010001
c. Send the RSA public key generated on the client to the server.
[SSH Server]rsa peer-public-key RsaKey001
Enter "RSA public key" view, return system view with "peer-public-key end"
[SSH Server-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end"
[SSH Server-rsa-key-code]3047
[SSH Server-rsa-key-code]BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
[SSH Server-rsa-key-code]203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
[SSH Server-rsa-key-code]EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
[SSH Server-rsa-key-code]1D7E3E1B
[SSH Server-rsa-key-code]public-key-code end
[SSH Server-rsa-public-key]peer-public-key end
4. Bind the RSA public key of SSH client to Client002 of the SSH user.
[SSH Server]ssh user client002 assign rsa-key RsaKey001
5. Enable the STelnet service on the SSH server.
[SSH Server]sftp server enable
6. Configure the service type and authorized directory of the SSH user.
Two SSH users are configured on the SSH server, namely, Client001 and Client002. The
password authentication mode is configured for Client001 and the RSA authentication
mode is configured for Client002.
[SSH Server]ssh user client001 service-type sftp
[SSH Server]ssh user client001 sftp-directory cfcard
[SSH Server]ssh user client002 service-type sftp
[SSH Server]ssh user client002 sftp-directory cfcard
You are advised not to use the device as an SFTP server for a long time. To use the device as
an SFTP server temporarily, apply for authorization from the customer. After the SFTP server
function is used, delete the SFTP account and disable the function in a timely manner.
A.3 Using a Router as an SFTP Client

Enabling the first authentication on Client001.
<HUAWEI>system-view
[HUAWEI]sysname client001
[client001]ssh client first-time enable
Enabling the first authentication on Client002.

<HUAWEI>system-view
[HUAWEI]sysname client002
[client002]ssh client first-time enable
Connect the STelnet client Client001 to the SSH server with the password authentication
mode.
[client001]sftp X.X.X.X
Please input the username:client001
Trying X.X.X.X ...
sftp-client>
Connect the STelnet client Client002 to the SSH server with the RSA authentication mode.
When the SSH user adopts the RSA authentication mode, the server should save the RSA or DSA public
key for the SSH client. For configuration details, see Using an Router as an SFTP Server.
[client002]sftp X.X.X.X
Please input the username: client002
Trying X.X.X.X ...
sftp-client>

Upgrade Guide B Memory and CPU Usage of Boards
B Memory and CPU Usage of Boards
For the memory usages of the NetEngine 8000 M series products in V800R022C00SPC600
with empty configuration of all service boards and main control boards, see the Release Notes
of the corresponding product..

Upgrade Guide C Shortcut Key Usage on the Serial Interface
C Shortcut Key Usage on the Serial

Interface
When you use a serial cable to connect the serial interface on a PC to the console interface on
the IPU while the IPU is starting, the following message is displayed:
boot from area 0
Build at 21:30:20 on Jan 7 2020
Reset times is 7
Single-Processor Single-Core Serial Execute Memory Init
[S0][GetDimmSpdData]
[ResetAllSlaveCore][12733]Single-P Single-C of serial execute memory training.
DDR three step test success
#INIT_TEST(0x09080001) [Memory_Test(CPU_DDR_3STep)] ...... pass

#END
Load M7 Firmware.........Done
Initialize mmu
[RcCfgDefConfig]:[4237L]: Port_id = 0 Expected Max Width = 0x1
Not need init pcie ep!

Config M7 done.
Board Type:2070D
Slotid:16,17
freq:0x5F5E1000 , reg = 0x7A280801 frac=0x1000000.
CPLD check:OK
PLL check: OK
#INIT_TEST(0x09080002) [CPU_POST] ...... pass

#END
The 1st before reset cause, type: CPU, source: oneself
The 2nd before reset cause, type: CPU, source: oneself
The 3th before reset cause, type: CPU, source: oneself
The 4th before reset cause, type: CPU, source: oneself

Upgrade Guide C Shortcut Key Usage on the Serial Interface
[next_gen_mtd_get_file:518] file->flash_addr
[next_gen_mtd_get_file:531] Load uefi from mtd(0x0) area0
[next_gen_mtd_get_file:542] Read uefi, len=0x5326D8 ...
uefi signature check pass!
[next_gen_mtd_get_file:531] Load os_pkg from mtd(0xC00000) area0
[next_gen_mtd_get_file:542] Read os_pkg, len=0x20D6F98 ...
os_pkg signature check pass!
Use eth2 as default
EFI stub: Booting Linux Kernel...
EFI stub: EFI_RNG_PROTOCOL unavailable, no randomness supplied
EFI stub: Generating empty DTB
Failed to handle fs_proto
EFI stub: ERROR: Failed initrd from command line!
EFI stub: Exiting boot services and installing virtual address map...
[ 5.277309] rtc-efi rtc-efi: can't read time
[ 5.330489] rtc-efi rtc-efi: can't read time
[ 5.381555] rtc-efi rtc-efi: hctosys: unable to read the hardware clock
[ 5.462293] **** Total Boot time: 5462 ms, uncompress initrd cost 3863 ms ****
SELinux: Could not open policy file <= /etc/selinux/standard/policy/policy.30: No
such file or directory
[ 5.677156] systemd[1]: Failed to find module 'autofs4'
[ OK ] Started PSSP SEVICE.
Starting DRV_INIT_END SERVICE...
[DRV]Begin Starry Ext Init...

[DRV]starry_ext_run yes
[DRV]install_starry_hi162x_cx_IPU_stage2.sh found successful.
Press Ctrl+R to enter the Recovery mode and restore factory configurations.
BootLoad Menu
Press Ctrl+B to enter bootload Menu...
Press Ctrl+B to enter the BootLoad menu. The BootLoad menu is used when you want to
upgrade the system software package, modify the system type, and set the board startup
parameters using TFTP or FTP on an Ethernet interface. If the system fails to restart due to a
hardware or software failure on a board, the BootLoad menu can be used to restore it.

Upgrade Guide D BootLoad Menu Usage
D BootLoad Menu Usage
Message
Entering a Password
Password:
A password is required for accessing the BootLoad menu. By default, no password is

required. You need to set a password before entering the BootLoad menu.
 No preset passwords are required for the BootLoad and BootROM. Seting the preset passwords to
prevent security risks is necessary.
 The new password must be a string of 6 to 255 characters that contain at least two of the following:
uppercase letters, lowercase letters, digits, and special characters. The password cannot contain
question marks (?) or spaces.
Entering the BootLoad Menu

Main Menu
1. Default startup
2. Ethernet submenu
4. List file
6. Reboot
Enter your choice(1-6):
Starting the System Using the Default Method

Choose 1 from the BootLoad menu to start the system using the default method (obtaining the
startup path from the configuration files).
Enter the Ethernet interface submenu

Choose 2 from the BootLoad menu to enter the Ethernet interface submenu for the
configuration during the system software upgrade.
Ethernet submenu
1. Update software
0. Return
In the boot phase, FTP is used to load the small system of the system software header.
Therefore, when using the BootLoad menu to upgrade the system software, you must use the
FTP tool and specify the path.
1. Load the system software through the Ethernet interface and start the system
Enter 1 in the Ethernet interface submenu to load the system software through the
Ethernet interface and start the system for version upgrade.
2. Display Ethernet interface parameter settings
Enter 2 in the Ethernet interface submenu to display Ethernet interface parameters.
3. Modify Ethernet interface loading parameters
Enter 3 in the Ethernet interface submenu to access Ethernet interface settings. Before
the upgrade, you must set the Ethernet interface loading parameters.
NOTE:
Net type define:
0(SFTP) 1(FTP) 2(TFTP)
Please check network parameters:
ENTER = no change; '.' = clear; Ctrl+C = quit
FTP type(0:SFTP 1:FTP 2:TFTP) : 1 -
Server IP address : X.X.X.X -
Local IP address : X.X.X.X -
Local IP mask : X.X.X.X -
FTP username :
FTP password :
Item Description Remark

FTP Indicates the FTP type of the network.
type(0:SFTP
1:FTP
2:TFTP)
Server IP IP address of the FTP and TFTP server -
address
Server IP IP address of the Ethernet interface on the IPU -
address
Local IP Subnet mask -
mask

Item Description Remark

user name FTP user name -
user FTP login password -
password
4. Return to the BootLoad menu

Enter 0 in the Ethernet interface submenu to return to the BootLoad menu.
5. Access the startup parameter setting submenu
Choose 3 from the BootLoad menu to access the startup parameter setting submenu and
set the name and path of the startup file.
Startup parameters submenu
1. Display current startup configuration

2. Modify the startup file
3. Modify the configuration file
4. Modify the patch file
0. Return
6. Display the startup configuration

Enter 1 in the startup parameter setting submenu to display the current startup
configuration.

0. Return

Current boot disk : flash
Current startup file : NetEngine8000-M8-M14_V800R022C00SPC600.cc
Current config file : vrpcfg.zip
Current patch file : <NULL>
7. Modify the startup system software
Enter 2 in the startup parameter setting submenu to modify the startup system software.

0. Return

'.' = clear field; Ctrl+C = quit; Enter = use current configuration

Current startup file is "NetEngine8000-M8-M14_V800R022C00SPC600.cc", modify the

file name if needed.
Input the new file name:
After the preceding information is displayed, enter the name of the new system software.
Enter 3 in the startup parameter setting submenu to modify the configuration file.

0. Return

Current config file is "M14_0828.cfg", modify the file name if needed.


Enter 4 in the startup parameter setting submenu to modify the patch file.

0. Return

Current patch file is "<NULL>", modify the file name if needed.

10. Return to the BootLoad menu
Choose 0 to return to the BootLoad menu.
Display the File List

Choose 4 from the BootLoad menu to display the file list.
Main Menu
1. Default startup
2. Ethernet submenu
4. List file
6. Reboot
DIR> 4080 Thu Nov 14 00:00:00 2019 pmdata

207647 Mon Nov 11 16:20:29 2019 NE8000MV800R012SPH001.PAT

DIR> 4080 Thu Nov 14 08:15:36 2019 said
952258 Fri Nov 15 17:40:20 2019 said/said_trace.log
DIR> 4080 Thu Nov 7 20:28:20 2019 bill
2132 Thu Nov 7 20:28:20 2019 bill/lam-bills.ini
DIR> 4080 Thu Aug 22 19:10:14 2019 bill/data
498036 Thu Oct 31 14:35:21 2019 starry_test
DIR> 4080 Thu Aug 22 19:09:15 2019 diaginfo
340 Thu Aug 22 19:09:15 2019 diaginfo/pdv_info
DIR> 4080 Fri Jan 1 00:00:30 2010 bootfile
10528 Thu Aug 22 19:07:11 2019 lcsbox_ex
4640 Fri Nov 15 17:33:21 2019 lcsbox
DIR> 4080 Thu Nov 7 16:10:17 2019 bootlogfile
1297 Wed Aug 28 19:44:03 2019 vrpcfg.zip
DIR> 4080 Mon Aug 26 12:38:44 2019 rootbak
DIR> 4080 Thu Nov 14 06:18:13 2019 security
1236 Mon Jul 15 10:11:12 2019 security/server_ca.pem
1894 Mon Jul 15 10:11:12 2019 security/server_nm.pem
8816 Mon Jul 15 10:11:12 2019 security/trust.cer
3586 Mon Jul 15 10:11:12 2019 security/trust_ca.cer
440 Wed Aug 21 10:17:23 2019 pdt_5u_pdt_tm_boot.log
14088 Wed Aug 21 10:18:15 2019 pdt_5u_blackpp.log
13416 Wed Aug 21 10:17:24 2019 pdt_5u_pdt_np_sdk.log
68736 Wed Aug 21 10:17:23 2019 pdt_5u_fe_boot.log
DIR> 4080 Wed Aug 28 22:27:38 2019 business-trace
DIR> 4080 Wed Aug 28 22:27:38 2019 business-trace/auto-trace
DIR> 4080 Wed Aug 28 22:27:38 2019 business-trace/PingAccessPkt
DIR> 4080 Fri Nov 15 06:20:18 2019 KPISTAT
Change the BootLoad Password

Enter the password management submenu
Choose 5 from the BootLoad menu to enter the password management submenu.
Password manager submenu
1. Modify bootloader password

2. Reset bootloader password
0. Return
Change the BootLoad Password

Choose 1 from the password management submenu to set the BootLoad password. The preset
password is WWW@HUAWEI. The password must be a string of no less than six characters
with at least two of the following: upper-case letters, lower-case letters, digits, and special
characters.
Password manager submenu
1. Modify bootloader password

2. Reset bootloader password
0. Return

Old password:
The old password is invalid.
Old password:
New password:
Confirm password:
The entered confirm password does not match the password.
New password:
Confirm password:
The password is changed successfully.
Rebooting the System

Select 6 in the BootLoad menu to reboot the system.

Upgrade Guide E Upgrade Record
E Upgrade Record
Site Upgrade Date

Source Version Target Version
Upgrade Engineers Customer:
Huawei:
Upgrade Successful
(Y/N)
Upgrade Checklist Result Resolution Specifics
Pre-Upgrade Check Check whether required
service parts are available.
Check the version of the
current system software.
Check whether a new GTL
is needed.
Check the running status of
the device.
Check the upgrade
environment.
Check whether required
upgrade software is
available.
Check whether key data is
backed up.
Check whether the
remaining space in the CF
card is sufficient.
Check whether unsupported
boards exist on the router.
Upgrade Check Check FTP server

Upgrade Guide E Upgrade Record
Site Upgrade Date

configurations.
Check the procedure for
upgrading the system
software.
(Optional) Check the
procedure for upgrading the
slave IPU.

upgrading the GTL.
upgrading the configuration
file.
Post-Upgrade Check Check the version of the
system software after the
upgrade.
Check board registration.
Check the running status of
the GTL.
(Optional) Check the
software versions of boards.
Check the configuration file.
Check whether services are
running properly.

Upgrade Guide F Acronyms and Abbreviations
F Acronyms and Abbreviations
FTP File Transfer Protocol
I
IPU Integrated Network Processing Unit

M8 V800R022C00SPC600 Upgrade Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

M8 V800R022C00SPC600 Upgrade Guide

Uploaded by

Copyright:

Available Formats

NetEngine 8000 M8,M14&PTN6900-2-M8C,M14&NE40E-X2-

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. i

About This Document

Indicates a potentially hazardous situation which, if not

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. ii

01 2022-10-31 This issue is the first official release.

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. iii

About This Document ............................................................................................................... ii

2 Upgrade Process Overview ................................................................................................... 23

4 Performing the Upgrade ........................................................................................................ 39

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. iv

4.2 Upgrading the System Software Using Command Lines ........................................................................................41

5 Verifying the Upgrade ........................................................................................................... 58

6 Rolling Back to the Source Version ..................................................................................... 64

8 Configuring the Default Configuration File ...................................................................... 76

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. v

1 Before You Start

1.1 Upgrade Notes for Versions

1.1 Upgrade Notes for Versions

Table 1-1 Upgrade information of historical versions that can be upgraded

package Historical Version Description

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 1

package Historical Version Description

NetEngine V800R013C00SPC100 Refer to the procedure in this document to

NE40E-X2- V800R013C00SPC100 Refer to the procedure in this document to

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 2

Table 1-2 Upgrade information of historical versions that can be upgraded

Package Historical Description

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 3

1.2 Upgrade Schemes

Table 1-3 Upgrade schemes supported by routers

Upgrade Usage Advantage Prerequisites Section

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 4

Upgrade Usage Advantage Prerequisites Section

1.3 Impact of the Upgrade

1.3.2 Impact of the Upgrade on the System

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 5

Impact on command lines

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 6

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 7

<HUAWEI> startup system-software NetEngine8000-M8-M14_V800R022C00SPC600.cc all

The automatic EPLD upgrade process is as follows:

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 8

Precautions for Upgrading 03033BLN Subcards

Precautions for the Upgrade

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 9

− GTL License Application Guide

1.5 Precautions for IFIT Deployment During Upgrade

To disable the IFIT service, perform the following steps:

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 10

1.6 Board Memory Optimization

Memory information before the upgrade (50,000 command lines exist):

Memory information after the upgrade (50,000 command lines exist):

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 11

Slot CPU Usage Memory Usage(Used/Total)

NetEngine 8000 M8 version information:

IPU (Master) 9 : uptime is 2 days, 0 hour, 1 minute

Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 12

StartupTime : 2023/01/16 08:19:08

1.7 Installing the IKEv1 MOD File