Upgrade a Fabric IPsec Gateway VM

If Extreme Networks makes a new version of the Fabric IPsec Gateway available,uninstall the original virtual service, and then install the newer virtual service.

Before you begin

  • Ensure the new virtual service image version is compatible with the NOS release that runs on the switch. Only use the virtual service image version that is posted with the NOS release image. For more information about image files in a release, see Fabric Engine Release Notes. If necessary, upgrade the NOS image before you upgrade the virtual service image.

  • Note

    Note

    The Fabric IPsec Gateway image includes no integrity check. Use SCP to copy the file to the switch and confirm the file size before installation.

About this task

Steps in this procedure include examples or links to background procedures if you are unfamiliar with how to complete a particular step.

Procedure

  1. Within the VM, save the configuration. For more information, see Save Running Configuration to a File. 
    Switch:1>enable
Switch:1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch:1(config)#virtual-service figwOld console 
Connected to domain figw5.2 Escape character is ^Y 
FIGW> save config 
File already exists, do you want to overwrite [y/n]: y 
FIGW>
  2. Copy the configuration files (*.cfg), the shadov.txt file, which is an encrypted file that contains the authentication keys for the IPsec tunnels, and the default-config-file.txt file from the VM to intflash within the NOS. For more information, see Run a VM command from Network Operating System (NOS) CLI and Copy VM Files. 
    Switch:1(config)#mkdir figw
Switch:1(config)#virtual-service figwOld exec-command "ls /home/rwa/configs/"
    config.cfg 
    figw.cfg 
    figw_cli.log 
    new.cfg 
    shadov.txt
Switch:1(config)#virtual-service copy-file figwOld:/home/rwa/configs/config.cfg /intflash/figw/config.cfg
Switch:1(config)#virtual-service copy-file figwOld:/home/rwa/configs/new.cfg /intflash/figw/new.cfg
Switch:1(config)#virtual-service copy-file figwOld:/home/rwa/configs/figw.cfg /intflash/figw/figw.cfg
Switch:1(config)#virtual-service copy-file figwOld:/home/rwa/default-config-file.txt /intflash/figw/default-config-file.txt
Switch:1(config)#virtual-service copy-file figwOld:/home/rwa/configs/shadov.txt /intflash/figw/shadov.txt
  3. Verify the file copy: 
    Switch:1#ls figw/ 
Listing Directory /intflash/figw/: 
drwxr-xr-x 2 0 0 4096 Jun 17 13:46 ./ 
drwxr-xr-x 31 0 0 4096 Jun 17 13:43 ../ 
-rw-r--r-- 1 0 0 851 Jun 17 13:44 config.cfg 
-rw-r--r-- 1 0 0 8 Jun 17 13:46 default-config-file.txt 
-rw-r--r-- 1 0 0 0 Jun 17 13:45 figw.cfg 
-rw-r--r-- 1 0 0 851 Jun 17 13:45 new.cfg 
-rw-r--r-- 1 0 0 32 Jun 17 13:45 shadov.txt
  4. Disable the virtual service:

    no virtual-service WORD<1-128> enable

  5. Uninstall the virtual service:

    virtual-service WORD<1-128> uninstall

    Note

    Note

    When you uninstall the original virtual service, the system removes the complete virtual service configuration from the configuration file.

  6. Install the virtual service package using the new image:

    virtual-service WORD<1-128> install package WORD<1-512>

  7. Reconfigure the virtual service. For more information, see Configure a Virtual Service.
  8. Copy the files you saved from the old VM to the same folder path in the new VM: 
    Switch:1(config)#virtual-service copy-file /intflash/figw/config.cfg figwNew:/home/rwa/configs/config.cfg
Switch:1(config)#virtual-service copy-file /intflash/figw/figw.cfg figwNew:/home/rwa/configs/figw.cfg
Switch:1(config)#virtual-service copy-file /intflash/figw/new.cfg figwNew:/home/rwa/configs/new.cfg
Switch:1(config)#virtual-service copy-file /intflash/figw/shadov.txt figwNew:/home/rwa/configs/shadov.txt
Switch:1(config)#virtual-service copy-file /intflash/figw/default-config-file.txt figwNew:/home/rwa/default-config-file.txt
  9. Verify the file copy: 
    Switch:1(config)#virtual-service figwNew exec-command "ls /home/rwa/configs"
config.cfg 
figw.cfg 
figw_cli.log 
new.cfg 
shadov.txt
  10. Reboot the Fabric IPsec Gateway VM. For more information, see Reboot Fabric IPsec Gateway VM.
    Tip

    Tip

    As an alternative, you can disable and reenable the Fabric IPsec Gateway virtual service.

  11. Verify the running configuration of the new VM matches the configuration of the old VM: 
    Switch:1(config)#virtual-service figwNew figw-cli "show running-config"
set global ipsec-tunnel-src-vlan 30 
set global ipsec-tunnel-src-ip 30.30.30.2/24 
set global lan-intf-vlan 100 
set global lan-intf-ip 100.100.100.2/24 
set global lan-intf-gw-ip 100.100.100.102 
set global fe-tunnel-src-ip 102.102.102.102 
set global wan-intf-gw-ip 30.30.30.102 
set global mtu 1950 
set global services sshd enable 
set ipsec 104 auth-key ****** 
set ipsec 104 responder-only true 
set ipsec 104 fe-tunnel-dest-ip 104.104.104.104 
set ipsec 104 fragment-before-encrypt enable 
set ipsec 104 admin-state enable 
set ipsec 105 auth-key ****** 
set ipsec 105 responder-only true 
set ipsec 105 fe-tunnel-dest-ip 105.105.105.105 
set ipsec 105 fragment-before-encrypt enable 
set ipsec 105 admin-state enable 
set ipsec 107 auth-key ****** 
set ipsec 107 responder-only true 
set ipsec 107 fe-tunnel-dest-ip 192.168.22.107 
set ipsec 107 admin-state enable
  12. Remove the original image from the /var/lib/insight/packages/ directory on the switch:

    remove WORD<1-255>

9039040-00 Rev AB