(usr-tc) TCM software upload/tftp
Hi, How exactly does the software upload feature work in TCM? I've been trying to update some cards from behind a firewall, and have not had much luck. I've opened up incoming tftp (udp port 69), but I still get the "tftp timed out" error. Is there a (semi) easy way to just do this with ucd-snmp, some perl, a tftp server, and the correct OID's? How are the cards indexed for software download? Thanks, Charles | Charles Sprickman | Internet Channel | INCH System Administration Team | (212)243-5200 | spork@inch.com | access@inch.com - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Also sprach Charles Sprickman
How exactly does the software upload feature work in TCM? I've been trying to update some cards from behind a firewall, and have not had much luck. I've opened up incoming tftp (udp port 69), but I still get the "tftp timed out" error.
Is there a (semi) easy way to just do this with ucd-snmp, some perl, a tftp server, and the correct OID's? How are the cards indexed for software download?
It can be done. If I remember correctly, and its been a while since I've really looked into this. There are SNMP values that are set on a row in a table to tell the NMC to download the code using tftp. (Which you probably figured out so far) I don't remember the SNMP values off the top of my head, but I think I remember that it is documented in a lot of the software upgrade release notes from 3Com. Should be able to grab that and it'll tell you. The problem that I suspect that you're running into is that tftp will often "float" its port numbers....meaning that the initial contact is made to the tftp server on port 69, with the source port being a higher port number, then when the tftp server responds, it will use the port that the client sourced the connection from along with its own high port number...this means that the tftp "connection" (its udp, so its not a "true" connection in the tcp sense) no longer uses port 69 at all. This may be where your firewall is running into problems. :/ -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456 - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
On Fri, 7 Sep 2001, Jeff Mcadams wrote:
The problem that I suspect that you're running into is that tftp will often "float" its port numbers....meaning that the initial contact is made to the tftp server on port 69, with the source port being a higher port number, then when the tftp server responds, it will use the port that the client sourced the connection from along with its own high port number...this means that the tftp "connection" (its udp, so its not a "true" connection in the tcp sense) no longer uses port 69 at all. This may be where your firewall is running into problems. :/
Yeah, I started seeing all sorts of random ports being hit, so I just opened up all tcp/udp between the tch and laptop. Now it went ahead and erased flash, then crapped out. Just sitting there. Nothing in the firewall logs showing what's up, and it's real addresses behind the fw, no nat. I like "copy tftp://some.server/path/to/code slot0:" much better :) C
-- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Also sprach Charles Sprickman
Yeah, I started seeing all sorts of random ports being hit, so I just opened up all tcp/udp between the tch and laptop. Now it went ahead and erased flash, then crapped out. Just sitting there. Nothing in the firewall logs showing what's up, and it's real addresses behind the fw, no nat.
I like "copy tftp://some.server/path/to/code slot0:" much better :)
There is a sort of minimalist beauty to it, isn't there? ;) What type card are you upgrading? (I don't remember if you stated this in your original message)... If its a .sdl/.nac file combo, then the sdl file is downloaded before the erasing of flash occurs, so you have another problem than tftp being blocked. If its a .dmf file type (ie, the newer HiPer type cards), then they just download in one go, but I don't think they erase flash do they? Now I don't remember. If its the older .sdl/.nac combo, then there is two steps, you download the .sdl, then it erases flash, then you have to tell the NMC to download the nac file in another SNMP operation if I remember correctly. Again, the release notes for some of the later software releases I believe details the operations...its been so long since I've done this, and I don't know that I've ever done it fully manually, that I'm a bit fuzzy on it. I seem to remember that Mike Andrews had a utility that did software upgrades on cards as well...are you still on the list Mike? Am I remembering all of this correctly or not? -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456 - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Yup, the util's still on my web page, tho it's probably bit-rotted to hell by now. :) I know it's broken for flashing 486 NMCs right now. It also only works on Unix as-is, because it does a system() call to the tftp binary directly. (And tftp thru a firewall really is asking for trouble, because of the random port number issue.) Mike Andrews * mandrews@dcr.net * mandrews@bit0.com * http://www.bit0.com VP, sysadmin, & network guy, Digital Crescent Inc, Frankfort KY Internet access for Frankfort, Lexington, Louisville and surrounding counties www.fark.com: If it's not news, it's Fark. (Or something like that.) On Fri, 7 Sep 2001, Jeff Mcadams wrote:
Also sprach Charles Sprickman
Yeah, I started seeing all sorts of random ports being hit, so I just opened up all tcp/udp between the tch and laptop. Now it went ahead and erased flash, then crapped out. Just sitting there. Nothing in the firewall logs showing what's up, and it's real addresses behind the fw, no nat.
I like "copy tftp://some.server/path/to/code slot0:" much better :)
There is a sort of minimalist beauty to it, isn't there? ;)
What type card are you upgrading? (I don't remember if you stated this in your original message)...
If its a .sdl/.nac file combo, then the sdl file is downloaded before the erasing of flash occurs, so you have another problem than tftp being blocked. If its a .dmf file type (ie, the newer HiPer type cards), then they just download in one go, but I don't think they erase flash do they? Now I don't remember.
If its the older .sdl/.nac combo, then there is two steps, you download the .sdl, then it erases flash, then you have to tell the NMC to download the nac file in another SNMP operation if I remember correctly. Again, the release notes for some of the later software releases I believe details the operations...its been so long since I've done this, and I don't know that I've ever done it fully manually, that I'm a bit fuzzy on it.
I seem to remember that Mike Andrews had a utility that did software upgrades on cards as well...are you still on the list Mike? Am I remembering all of this correctly or not? -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
On Fri, 7 Sep 2001, Mike Andrews wrote:
Yup, the util's still on my web page, tho it's probably bit-rotted to hell by now. :) I know it's broken for flashing 486 NMCs right now.
How about T1/PRI cards (going through a 486 NMC)? I've pulled my TCM box out from behind the firewall, and still no-go on flashing this CT1 card over to PRI. TFTP timeout. Blinky-Blinky on the RUN/FLT. I'd like to do this using some non-windows tftp server so I can see what's happening... Is it asking for the file or not, etc...
It also only works on Unix as-is, because it does a system() call to the tftp binary directly. (And tftp thru a firewall really is asking for trouble, because of the random port number issue.)
Wait, yours pushes TO the NMC? Charles
Mike Andrews * mandrews@dcr.net * mandrews@bit0.com * http://www.bit0.com VP, sysadmin, & network guy, Digital Crescent Inc, Frankfort KY Internet access for Frankfort, Lexington, Louisville and surrounding counties www.fark.com: If it's not news, it's Fark. (Or something like that.)
On Fri, 7 Sep 2001, Jeff Mcadams wrote:
Also sprach Charles Sprickman
Yeah, I started seeing all sorts of random ports being hit, so I just opened up all tcp/udp between the tch and laptop. Now it went ahead and erased flash, then crapped out. Just sitting there. Nothing in the firewall logs showing what's up, and it's real addresses behind the fw, no nat.
I like "copy tftp://some.server/path/to/code slot0:" much better :)
There is a sort of minimalist beauty to it, isn't there? ;)
What type card are you upgrading? (I don't remember if you stated this in your original message)...
If its a .sdl/.nac file combo, then the sdl file is downloaded before the erasing of flash occurs, so you have another problem than tftp being blocked. If its a .dmf file type (ie, the newer HiPer type cards), then they just download in one go, but I don't think they erase flash do they? Now I don't remember.
If its the older .sdl/.nac combo, then there is two steps, you download the .sdl, then it erases flash, then you have to tell the NMC to download the nac file in another SNMP operation if I remember correctly. Again, the release notes for some of the later software releases I believe details the operations...its been so long since I've done this, and I don't know that I've ever done it fully manually, that I'm a bit fuzzy on it.
I seem to remember that Mike Andrews had a utility that did software upgrades on cards as well...are you still on the list Mike? Am I remembering all of this correctly or not? -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
I know the Cisco tftp server has a text window that displays what is happening if that would work for you. Mark Thornton San Marcos Internet, Inc 512-393-5300 ----- Original Message ----- From: "Charles Sprickman" <spork@inch.com> To: <usr-tc@lists.xmission.com> Sent: Monday, September 10, 2001 3:45 PM Subject: Re: (usr-tc) TCM software upload/tftp
On Fri, 7 Sep 2001, Mike Andrews wrote:
Yup, the util's still on my web page, tho it's probably bit-rotted to hell by now. :) I know it's broken for flashing 486 NMCs right now.
How about T1/PRI cards (going through a 486 NMC)? I've pulled my TCM box out from behind the firewall, and still no-go on flashing this CT1 card over to PRI. TFTP timeout. Blinky-Blinky on the RUN/FLT.
I'd like to do this using some non-windows tftp server so I can see what's happening... Is it asking for the file or not, etc...
It also only works on Unix as-is, because it does a system() call to the tftp binary directly. (And tftp thru a firewall really is asking for trouble, because of the random port number issue.)
Wait, yours pushes TO the NMC?
Charles
Mike Andrews * mandrews@dcr.net * mandrews@bit0.com *
VP, sysadmin, & network guy, Digital Crescent Inc, Frankfort KY Internet access for Frankfort, Lexington, Louisville and surrounding counties www.fark.com: If it's not news, it's Fark. (Or something like that.)
On Fri, 7 Sep 2001, Jeff Mcadams wrote:
Also sprach Charles Sprickman
Yeah, I started seeing all sorts of random ports being hit, so I just opened up all tcp/udp between the tch and laptop. Now it went ahead and erased flash, then crapped out. Just sitting there. Nothing in the firewall logs showing what's up, and it's real addresses behind the fw, no nat.
I like "copy tftp://some.server/path/to/code slot0:" much better :)
There is a sort of minimalist beauty to it, isn't there? ;)
What type card are you upgrading? (I don't remember if you stated this in your original message)...
If its a .sdl/.nac file combo, then the sdl file is downloaded before the erasing of flash occurs, so you have another problem than tftp being blocked. If its a .dmf file type (ie, the newer HiPer type cards), then they just download in one go, but I don't think they erase flash do they? Now I don't remember.
If its the older .sdl/.nac combo, then there is two steps, you download the .sdl, then it erases flash, then you have to tell the NMC to download the nac file in another SNMP operation if I remember correctly. Again, the release notes for some of the later software releases I believe details the operations...its been so long since I've done this, and I don't know that I've ever done it fully manually, that I'm a bit fuzzy on it.
I seem to remember that Mike Andrews had a utility that did software upgrades on cards as well...are you still on the list Mike? Am I remembering all of this correctly or not? -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
On Fri, 7 Sep 2001, Jeff Mcadams wrote:
I seem to remember that Mike Andrews had a utility that did software upgrades on cards as well...are you still on the list Mike? Am I remembering all of this correctly or not?
Does he ever! I'd downloaded a mess of his tools back when we still had netservers and all quads, and kind of put off using them... Grabbed them again today. wow! Fixed my PRI card! Kudos to Mike... This is my new way to update code. ---- oscar [/usr/local/home/spork/tch]$ ./usrflash.pl Name of NMC in target chassis: nmc-2 Making sure the hostname and community names are valid... OK. Enter the card number(s) to flash. If flashing multiple cards, they must be identical. Separate numbers with spaces: 1 Lastly, enter the names of the SDL (or DMF) file and the NAC file (if needed). Use full paths if necessary. NO CHECKING is done to make sure the file you specify is appropriate for the type of card you've selected -- this assumes you know what you are doing! Enter NAC or DMF filename: DP030105.NAC Enter SDL filename (leave blank for NMC cards): DP010001.SDL WARNING WARNING DISCLAIMER WARNING WARNING [snip] About to do an SDL Version 1 upload of NAC/DMF file "DP030105.NAC" and SDL file "DP010001.SDL" to nmc-2 cards 1 LAST CHANCE! Enter YES in all caps to proceed: YES Here goes... Sending command 5 to nmc... Command 'Software download' sent to nmc. Status (attempt 1): 1 Software download : In progress / No Error Success. TFTPing DP010001.SDL to nmc... tftp> Verbose mode on. tftp> mode set to octet tftp> putting DP010001.SDL to nmc:SDL [octet] Sent 28210 bytes in 6.9 seconds [32707 bits/sec] tftp> DEBUG: tftp returned code 0 Status (attempt 1): 1 Software download : In progress / Erasing flash Status (attempt 2): 1 Software download : In progress / Erasing flash Status (attempt 3): [etc.] 1 Software download : In progress / Downloading NAC file Success. TFTPing DP030105.NAC to nmc-2... tftp> Verbose mode on. tftp> mode set to octet tftp> putting DP030105.NAC to nmc:DP030105.NAC [octet] Sent 915100 bytes in 257.2 seconds [28463 bits/sec] tftp> DEBUG: tftp returned code 0 Status (attempt 1): 1 Software download : In progress / Resetting NAC Status (attempt 2): 1 Software download : Success / No Error Success. Flash complete! Just to check it, another fine tool: oscar [/usr/local/home/spork/tch]$ ./usrinv.pl nmc Querying nmc....... SL Description P.Code HW ver SW ver Serial # RAM Flash Dipswitches 1 3COM PRI-T1/E1 NAC 0NJ 5.0.0 3.1.5 xxxxxxxx 4096 1024 0x0005 Thanks much Jeff, for reminding me of this, and Mike for writing it. And so as not to taunt people looking at archives: http://www.dcr.net/~mandrews/usrtoys/ Well worth the effort of putting all your gear in the config files. Charles
-- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
participants (4)
-
Charles Sprickman -
Jeff Mcadams -
Mark Thornton -
Mike Andrews