Huawei Switch Firmware Upgrade [2021] -

In the modern enterprise network, the Huawei switch is a workhorse. It handles hundreds of gigabits of data, segments VLANs, enforces security policies, and maintains uptime. However, even the most robust hardware is only as good as the software that drives it.

display version # Confirm target version is active display device # All cards should be "Normal" status, not "Fault" display cpu-usage # Should stabilize under 30% after ARP table rebuilds display memory-usage # Ensure no memory leaks (consistent values) display logbuffer # Look for "Upgrade successful" or error codes like "L2IF/3/NO_PORT" For core switches (e.g., S12700, S7700, CE12800) that cannot go offline, Huawei offers ISSU. This upgrades the standby MPU first, switches traffic, then upgrades the active MPU. Huawei Switch Firmware Upgrade

<Huawei> issu check file S7700-V200R021C10.cc # Validates compatibility <Huawei> issu start file S7700-V200R021C10.cc # Begins the process <Huawei> display issu state # Monitor progress Warning: Do not configure or reboot manually during ISSU. Packet loss is usually under 1 second, but LACP and BFD sessions may reset. Failure 1: "The file is not supported on this device." Cause: Wrong architecture. S5720-52P-PWR uses a different VRP compilation than S5720-28X. Fix: Download the specific file from Huawei’s "Software Download" section matched to your S5720-52P-PWR exact PID. Failure 2: Switch boots to "BootROM" menu only. Cause: The firmware file is corrupt or the bootloader variable is wrong. Fix: At the BootROM prompt (press Ctrl+B during boot), select option 4 (Update from Network), or 7 (Skip current configuration). If the main firmware is deleted, use XModem: bash BootROM> 2 # Enter serial submenu BootROM> 3 # Download using XModem # In your terminal software (PuTTY/TeraTerm), send the file via XModem-1K. Failure 3: VRPD process crashes repeatedly. Cause: The previous config uses a deprecated command (e.g., stp mode rstp replaced by stp mode mstp ). Fix: Boot with factory settings: bash <Huawei> reset saved-configuration <Huawei> reboot Then manually reapply your config line-by-line, converting obsolete commands. Failure 4: Licenses are missing post-upgrade. Cause: Major version jumps often invalidate old licenses (e.g., V200R010 to V200R020). Fix: Generate a new license file from Huawei’s License Center using the switch’s ESN ( display esn ). Upload it via: bash <Huawei> license active LIC_S5720_2024.dat Part 7: The Enterprise Automation Approach (Python + NETCONF) Manually upgrading 50 edge switches is tedious. Modern Huawei switches support NETCONF over SSH. Sample Python script using ncclient : In the modern enterprise network, the Huawei switch

Bookmark Huawei’s official support portal (support.huawei.com) and subscribe to VRP security bulletins. Perform a trial upgrade on a lab switch this quarter. Your network’s reliability depends on it. Disclaimer: Firmware versions mentioned (e.g., V200R021C10) are examples. Always consult the official Huawei documentation specific to your chassis model. display version # Confirm target version is active

A (often referred to as a system software or VRP upgrade) is not merely a routine maintenance task; it is a critical security imperative. Outdated firmware contains unpatched vulnerabilities, memory leaks, and compatibility issues with newer hardware or protocols like EVPN and VXLAN.

<Huawei> startup system-software S5720-V200R021C10.cc Verification:

<Huawei> display startup # Expected output: "Startup system software: S5720-V200R021C10.cc" If your firmware includes a web management file ( .web.7z ) or a patch file ( .pat ), load them: