Shulou(Shulou.com)06/01 Report--

The core firewall usg6650web page cannot log in normally, and telnet can log in normally. After consulting Huawei engineers on August 27th, 2014, we successfully located the cause of the failure: "the authentication process hung up and could not send a message to AAA,telnet to log in because the local password was configured and AAA authentication was not carried out."

The solution offered by Huawei engineers is to upgrade the existing software version V100R001C00SPC100 to V100R001C10SPC100 + SPH101.

After a coordinated study, the upgrade of the firewall is scheduled to take place at 11:00 on the evening of September 4, 2014.

Preparatory work:

1: confirm version information

2: confirm the current version of the file

The current version file is suampua10v1r1c00spc1100.bin

3: prepare tools and documents

Equipment: notebook, configuration cable, USB disk, usg5320

Document: HUAWEI USG6000 series V100R001C10SPH101 patch manual 01

HUAWEI Secospace USG6000 V100R001C10SPC100 upgrade instruction 01

USG6000V100R001C10SPC100.bin

USG6000V100R001C10SPH101

Upgrade step: one: back up all the files of the cf card and import the new version of the startup software.

1: insert the U disk into the firewall usb interface, and udisk0: filesystem status is OK appears. When prompted, it means that the u disk is mounted successfully.

2014-09-03 21:23:02 HLJT-FW-6650% MDEV/4/INFO (l) Mobile storage Disk udisk0: attached.Starting filesystem checking,don't pull out the device until the process finishes.

2014-09-03 21:23:07 HLJT-FW-6650% MDEV/4/INFO (l) Mobile storage Disk udisk0: filesystem status is OK.

2: execute "copy?" under the system attempt The appearance of "udisk0:" means that the u disk can be used normally.

Copy?

STRING [drive] [path] [file name]

Hda1: Cfcard device name

Udisk0: normal identification of USB device name# USB disk #

Vdbfs: Hard disk device name

3: list all files in hda1:

Dir

21:25:55 2014-09-03

Directory of hda1:/

0-rw- 119309177 Dec 20 2013 17:53:36 suampua10v1r1c00spc100.bin

1-rw- 61 Sep 02 2014 16:34:56 private-data.txt

2 drw--Dec 20 2013 18:03:32 isp

3-rw- 163Jun 14 2014 22:33:40 precheckinfo.txt

4 drw--Dec 20 2013 18:04:24 umdb

5-rw- 41121 Sep 02 2014 16:34:56 vrpcfg1.cfg

6-rw- 2727936 Aug 10 2014 00:01:02 url_backup.sdb

7-rw- 32768 Jun 14 2014 09:32:58 userinfo.db

8-rw- 185 Jun 14 2014 10:32:58 ngepanic12_a.txt

9-rw- 4874 Jun 20 2014 16:35:44 licsecospaceusg6600v100r001_2014062005ax60.dat

10-rw- 132 Aug 10 2014 16:18:20 trace-cmd.sh-0.tar.gz

11-rw- 82873 Aug 10 2014 16:18:20 trace-harddisk_recv.o-0.tar.gz

12-rw- 142 Aug 10 2014 16:18:36 trace-diskscan.sh-0.tar.gz

13-rw- 139 Aug 10 2014 16:18:20 trace-emergency.sh-0.tar.gz

14-rw- 97079 Aug 10 2014 16:18:30 trace-daemon.out-0.tar.gz

15-rw- 967 Aug 10 2014 16:18:36 trace-emergency.sh-1.tar.gz

16-rw- 960 Aug 10 2014 16:18:36 trace-cmd.sh-1.tar.gz

17-rw- 129 Aug 10 2014 16:18:36 trace-sh-0.tar.gz

18-rw- 969 Aug 10 2014 16:18:36 trace-diskscan.sh-1.tar.gz

19-rw- 0 Sep 03 2014 21:05:12 10.1.34.33.txtttt

20-rw- 1048576 Sep 03 2014 21:25:00 usg6000v100r001c10spc100.bin

-More-[42D [42D]

1200640 KB total with 244544 KB free

Execute the copy command to back up the files in the cf card to a U disk

Copy hda1:/ suampua10v1r1c00spc100.bin udisk0:

21:30:05 2014-09-03

Copy hda1:/ suampua10v1r1c00spc100.bin to udisk0:/ suampua10v1r1c00spc100.bin? [Y/N]: y

When deciding whether to copy file hda1:/ suampua10v1r1c00spc100.bin to udisk0:/ suampua10v1r1c00spc100.bin, the user chose Y.

Using the same method, back up other files to a U disk.

4: execute the copy command to import the startup file from the U disk into the root directory of the device CF card # must be the root directory, otherwise it will cause the upgrade to fail #

Copy udisk0:/usg6650-new/usg6000v100r001c10spc100.bin hda1:/

21:30:05 2014-09-03

Copy udisk0:/usg6650-new/usg6000v100r001c10spc100.bin to hda1:/usg6000v100r001c10spc100.bin? [Y/N]: y

When deciding whether to copy file udisk0:/usg6650-new/usg6000v100r001c10spc100.bin to hda1:/usg6000v100r001c10spc100.bin, the user chose Y.

/\ | /\

1% complete | /\ |

2% complete/\ | /\

3% complete | /\ |

...

97% complete/\ | /

98% complete\ | /\ |

99% complete/\ | /

100% complete

New version of Info:Copied file udisk0:/usg6650-new/usg6000v100r001c10spc100.bin to hda1:/usg6000v100r001c10spc100.bin...Done# file import completed #

Check the file in the cf card and confirm that the import is successful

Dir hda1:/

21:30:37 2014-09-03

Directory of hda1:/

0-rw- 119309177 Dec 20 2013 17:53:36 suampua10v1r1c00spc100.bin

1-rw- 61 Sep 02 2014 16:34:56 private-data.txt

2 drw--Dec 20 2013 18:03:32 isp

3-rw- 163Jun 14 2014 22:33:40 precheckinfo.txt

4 drw--Dec 20 2013 18:04:24 umdb

5-rw- 41121 Sep 02 2014 16:34:56 vrpcfg1.cfg

6-rw- 2727936 Aug 10 2014 00:01:02 url_backup.sdb

7-rw- 32768 Jun 14 2014 09:32:58 userinfo.db

8-rw- 185 Jun 14 2014 10:32:58 ngepanic12_a.txt

9-rw- 4874 Jun 20 2014 16:35:44 licsecospaceusg6600v100r001_2014062005ax60.dat

10-rw- 132 Aug 10 2014 16:18:20 trace-cmd.sh-0.tar.gz

11-rw- 82873 Aug 10 2014 16:18:20 trace-harddisk_recv.o-0.tar.gz

12-rw- 142 Aug 10 2014 16:18:36 trace-diskscan.sh-0.tar.gz

13-rw- 139 Aug 10 2014 16:18:20 trace-emergency.sh-0.tar.gz

14-rw- 97079 Aug 10 2014 16:18:30 trace-daemon.out-0.tar.gz

15-rw- 967 Aug 10 2014 16:18:36 trace-emergency.sh-1.tar.gz

16-rw- 960 Aug 10 2014 16:18:36 trace-cmd.sh-1.tar.gz

17-rw- 129 Aug 10 2014 16:18:36 trace-sh-0.tar.gz

18-rw- 969 Aug 10 2014 16:18:36 trace-diskscan.sh-1.tar.gz

19-rw- 146516519 Sep 03 2014 21:30:26 usg6000v100r001c10spc100.bin

# the new version file already exists in the root directory of the CF card #

-More-[42D [42D1200640 KB total (102464 KB free)]

-More-[42D [42D]

Two: restart the device

1: confirm the current configuration file and version file of the device and the configuration file and version file loaded at the next startup, as shown in the following figure.

2: use the startup system-software command to specify the version file to be loaded at the next startup, as shown in the following figure.

3: before upgrading, be sure to execute display startup to view startup information, as shown below.

4: restart the device

Three: confirm that the upgrade is successful

1: view the version when the device is rebooted

2: view startup information and other hardware information

3:Web logs in to the firewall to check that the status of each business is normal and the firewall has been upgraded successfully.

Four: problems encountered in the process of upgrading

1: U disk cannot be recognized by firewall

During the initial firewall data backup and data upload, it was found that many u disks could not be identified by the firewall, the prompt message was mount failure, and the u disk was identified normally after being replaced many times. After consulting and upgrading, we know that the precautions when using u disk are as follows:

During the process of identification, reading and writing of U disk (that is, when the indicator light on U disk flashes), hot-swapping the U disk in use is not allowed.

Otherwise, it may cause serious consequences such as data loss, file system corruption, system abnormal reset and so on.

Do not unplug the flash drive immediately after inserting the flash drive. In particular, do not repeatedly and quickly plug and unplug, the best interval is 5 seconds.

Go. Don't insert it immediately after unplugging it, wait 5 seconds before inserting it. Otherwise, it may cause the device not to recognize the flash drive.

When upgrading the version of the software through a flash drive, it is recommended to use the Netac U208 model, if a non-specified U is used.

Disk, then there will be the risk of upgrade failure.

2: business version loading problem

It takes about 15 minutes for the device to restart. The business version will not load successfully immediately after the device is rebooted. It takes about 5 minutes for the business version to start normally after the device is started (it also has something to do with the business version. At present, there are two business versions in our company). At this time, you have to be patient and cannot operate on the device.

3: after rebooting, it is found that the two interfaces in the lan area cannot telnet properly.

After upgrading, it is found that the business is normal, but 10.X.X.253 and 10.X.XX.253 cannot be normal telent and ping.

After troubleshooting, it is found that ospf is normal and other interfaces can telent ping normally. After tracking the two ip, it is found that after the packet arrives at the firewall, it is directly matched with the policy route and forwarded to the external network interface.

It returns to normal after the first policy route destination ip address is added to these two addresses.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.