If Extreme Networks makes a new version of the Fabric IPsec Gateway available,uninstall the original virtual service, and then install the newer virtual service.
Ensure the new virtual service image version is compatible with the NOS release that runs on the switch. Only use the virtual service image version that is posted with the NOS release image. For more information about image files in a release, see Fabric Engine Release Notes. If necessary, upgrade the NOS image before you upgrade the virtual service image.
Note
The Fabric IPsec Gateway image includes no integrity check. Use SCP to copy the file to the switch and confirm the file size before installation.
Steps in this procedure include examples or links to background procedures if you are unfamiliar with how to complete a particular step.
Switch:1>enable Switch:1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch:1(config)#virtual-service figwOld console Connected to domain figw5.2 Escape character is ^Y FIGW> save config File already exists, do you want to overwrite [y/n]: y FIGW>
Switch:1(config)#mkdir figw Switch:1(config)#virtual-service figwOld exec-command "ls /home/rwa/configs/" config.cfg figw.cfg figw_cli.log new.cfg shadov.txt Switch:1(config)#virtual-service copy-file figwOld:/home/rwa/configs/config.cfg /intflash/figw/config.cfg Switch:1(config)#virtual-service copy-file figwOld:/home/rwa/configs/new.cfg /intflash/figw/new.cfg Switch:1(config)#virtual-service copy-file figwOld:/home/rwa/configs/figw.cfg /intflash/figw/figw.cfg Switch:1(config)#virtual-service copy-file figwOld:/home/rwa/default-config-file.txt /intflash/figw/default-config-file.txt Switch:1(config)#virtual-service copy-file figwOld:/home/rwa/configs/shadov.txt /intflash/figw/shadov.txt
Switch:1#ls figw/ Listing Directory /intflash/figw/: drwxr-xr-x 2 0 0 4096 Jun 17 13:46 ./ drwxr-xr-x 31 0 0 4096 Jun 17 13:43 ../ -rw-r--r-- 1 0 0 851 Jun 17 13:44 config.cfg -rw-r--r-- 1 0 0 8 Jun 17 13:46 default-config-file.txt -rw-r--r-- 1 0 0 0 Jun 17 13:45 figw.cfg -rw-r--r-- 1 0 0 851 Jun 17 13:45 new.cfg -rw-r--r-- 1 0 0 32 Jun 17 13:45 shadov.txt
no virtual-service WORD<1-128> enable
virtual-service WORD<1-128> uninstall
Note
When you uninstall the original virtual service, the system removes the complete virtual service configuration from the configuration file.
virtual-service WORD<1-128> install package WORD<1-512>
Switch:1(config)#virtual-service copy-file /intflash/figw/config.cfg figwNew:/home/rwa/configs/config.cfg Switch:1(config)#virtual-service copy-file /intflash/figw/figw.cfg figwNew:/home/rwa/configs/figw.cfg Switch:1(config)#virtual-service copy-file /intflash/figw/new.cfg figwNew:/home/rwa/configs/new.cfg Switch:1(config)#virtual-service copy-file /intflash/figw/shadov.txt figwNew:/home/rwa/configs/shadov.txt Switch:1(config)#virtual-service copy-file /intflash/figw/default-config-file.txt figwNew:/home/rwa/default-config-file.txt
Switch:1(config)#virtual-service figwNew exec-command "ls /home/rwa/configs" config.cfg figw.cfg figw_cli.log new.cfg shadov.txt
Tip
As an alternative, you can disable and reenable the Fabric IPsec Gateway virtual service.
Switch:1(config)#virtual-service figwNew figw-cli "show running-config" set global ipsec-tunnel-src-vlan 30 set global ipsec-tunnel-src-ip 30.30.30.2/24 set global lan-intf-vlan 100 set global lan-intf-ip 100.100.100.2/24 set global lan-intf-gw-ip 100.100.100.102 set global fe-tunnel-src-ip 102.102.102.102 set global wan-intf-gw-ip 30.30.30.102 set global mtu 1950 set global services sshd enable set ipsec 104 auth-key ****** set ipsec 104 responder-only true set ipsec 104 fe-tunnel-dest-ip 104.104.104.104 set ipsec 104 fragment-before-encrypt enable set ipsec 104 admin-state enable set ipsec 105 auth-key ****** set ipsec 105 responder-only true set ipsec 105 fe-tunnel-dest-ip 105.105.105.105 set ipsec 105 fragment-before-encrypt enable set ipsec 105 admin-state enable set ipsec 107 auth-key ****** set ipsec 107 responder-only true set ipsec 107 fe-tunnel-dest-ip 192.168.22.107 set ipsec 107 admin-state enable
remove WORD<1-255>