Secospace USG2110 V100R001C03SPC200 Upgrade Guide (English Document)

Contents

Template Revision DescriptionPrecautionsWhen opening the template, click Enable Macros in the Security Warning dialog box.Set the properties of Word as follows:

Step 1 Choose Tools > Macro > Security.Step 2 Select the Medium option in the Security tab page.Step 3 Select the Trust access to Visual Basic Project option in the Trusted Publisher tab page.

When generating a release notes document for the customer, the following parts labeled (INTERNAL) are automatically deleted: Paragraphs in the body or a table cell

Item lists in the body or a table cell Heading 1, 2, or 3 and the related information under the heading

Block labels and the related information in the blocks The Template Revision Description sectionInstructions for Authors

When using the template, authors must read the following instructions: Use this template for information development. When using this template, delete the writing instructions in blue. When saving the document, do not delete the macros or delete the information in the Template Revision Description section. Click the Add Control ID button on the toolbar to label a controlled part with (INTERNAL). Click , the Renew Domain button on the HuaweiTool toolbar. Modify only the following items: Product&Project Name Product Version Document Version Release Date

Do not manually modify the information in the cover, header, or footer. Do not label common information in this document with (INTERNAL). Otherwise, the parts labeled (INTERNAL) are deleted. Instructions for Field EngineersWhen using the template, field engineers must read the following instructions: Click the Add Control ID button on the toolbar to label a controlled part with (INTERNAL). Review the parts labeled (INTERNAL). If the labeled parts must be delivered to the customer, manually delete the label (INTERNAL). Click the Generate User RN button on the toolbar to generate a release notes document for the customer according to the prompt.

The generated document does not contain controlled or sensitive information or the macros.The title and information of the document remain unchanged.Revision Records

V1.00Initial release.

Version Upgrade Guide

Secospace USG2110 Unified Security GatewayV100R001C03SPC200

Issue02

Date2010-07-27

DOCPROPERTY Confidential

Huawei Symantec Technologies Co., Ltd.

Huawei Symantec Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any assistance, please contact our local representative office, agency, or customer service center.

Huawei Symantec Technologies Co., Ltd.

Address:Building 1

The West Zone Science Park of UESTC, No.88, Tianchen Road

Chengdu, 611731

P.R.China

Website:http://www.huaweisymantec.com

Email:[email protected]

Copyright Chengdu Huawei Symantec Technologies Co., Ltd. 2010. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Chengdu Huawei Symantec Technologies Co., Ltd.Trademarks and Permissions and other Huawei Symantec trademarks are trademarks of Chengdu Huawei Symantec Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

About this Document

Author

Prepared byHondlidongDate2010-07-26

Reviewed byLiangruixia, Yinyanjin, Fuchao, Sungang, YangyuenanDate2010-07-26

Approved byJiao ChengweiDate2010-07-27

Summary

This document provides version upgrade instructions for the target version being USG2110V100R001C03SPC005. The user is advised to read the entire document prior to upgrading the system.This document includes:ChapterDetails

1

REF _Ref226273170 \h Upgrade MethodsDescribes the upgrade mode and supported versions.

2

REF _Ref226273188 \h Impact of the UpgradeDescribes the upgrade impact.

3

REF _Ref226273205 \h Upgrade ProcessDescribes the upgrade flow chart and procedure.

4

REF _Ref226273225 \h Preparations for the UpgradeDescribes the preparations for upgrade.

5

REF _Ref226273243 \h Upgrade OperationsDescribes the upgrade operations.

6

REF _Ref226273262 \h Upgrade VerificationDescribes how to verify upgrade.

7

REF _Ref119319596 \h \* MERGEFORMAT Version Rollback

Describes how to roll back the version.

HistoryIssueDetailsDateAuthorApproved by

SRG20-10 V100R001C03SPC200Sixth issue2010-07-27honglidongJiao Chengwei

USG2110 V100R001C03SPC005Third issue2010-3-12Fan YouzhongJiao Chengwei

USG2110 V100R001C03SPC004Second issue2010-01-04Fan YouzhongJiao Chengwei

USG2110 V100R001C03SPC003First issue2009-11-30Fan YouzhongJiao Chengwei

Contents

121 Upgrade Methods

121.1 Upgrade Mode

121.1.1 Upgrade During Device Startup

121.1.2 Upgrade During Device Running

132 Impact of the Upgrade

132.1 Impact on the Current System During Upgrade

132.2 Impact on the Current System

132.2.1 Authentication After Device Startup

132.2.2 Upgrade Notes

153 Upgrade Process

153.1 Upgrade Flow Chart and Procedure During Device Startup

153.1.1 Upgrade Flow Chart

153.1.2 Upgrade Procedure

163.2 Upgrade Flow Chart and Procedure During Device Running



184 Preparations for the Upgrade

184.1 Preparations for Upgrade

184.1.1 Preparing Upgrade Tools

214.1.2 Preparing Upgrade References

214.1.3 Preparing Upgrade Software

214.2 Checklist Before the Upgrade

214.2.1 Querying the Host Software Version

235 Upgrade Operations

235.1 Backing up and Loading the Configuration File

235.1.1 Backing up the Configuration File

245.1.2 Loading the Configuration File

255.2 Upgrade During Device Power-on

295.3 Upgrade Operations During Device Running

305.4 Activate license file

326 Upgrade Verification

326.1 Upgrade Verification

326.2 Upgrade Verification

337 Version Rollback

34A Upgrade Record

35B Acronyms and Abbreviations

Figures

15Figure3-1 Flow chart of upgrade during device startup

16Figure3-2 Flow chart of upgrade during device running

18Figure4-1 Connecting a serial port of the PC to the console port of the USG2110

19Figure4-2 Connecting the Ethernet interface of the PC to the Ethernet interface of the USG2110

19Figure4-3 Connection Description dialog box

20Figure4-4 Connect To dialog box

20Figure4-5 Setting the port properties

Tables

15Table3-1 Procedure for upgrade during device startup

17Table3-2 Procedure for upgrade during device running

21Table4-1 Checklist before the upgrade

32Table6-1 Upgrade verification

2 Upgrade Methods

This chapter describes how to perform an upgrade by using follow methods.2.1 Upgrade Mode

You can upgrade USG2110 in either of the following modes. 2.1.1 Upgrade During Device Startup

Before the USG2110 starts the BootROM, enter the BootROM main menu. On the Ethernet submenu, configure the Ethernet interface. Then, load the host software package from the FTP server.2.1.2 Upgrade During Device Running

When the USG2110 is running properly, you can load the host software package from the FTP server by running FTP commands. Set the host software and path for next startup, and then, System will be upgraded when Device Startup.

3 Impact of the Upgrade

3.1 Impact on the Current System During Upgrade

If the device is running on the incumbent network, adopt the method described in section 1.1.1 "Upgrade During Device Startup." Services are interrupted during the entire upgrade process. If adopting the method described in section 1.1.2 "Upgrade During Device Running" to load the software upgrade package, you need to restart the device to complete the upgrade. Services may be interrupted due to the device restart. You can decide when to restart the device after upgrade as required.

3.2 Impact on the Current System

3.2.1 Authentication After Device Startup

The default user name and password of login as a Console user are admin and Admin@123 respectively. For example:

**********************************************************

* All rights reserved (2008-2009) *

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed.*

**********************************************************

User interface con0 is available

Please Press ENTER.

NOTICE:This is a private communication system.

Unauthorized access or use may lead to prosecution.

Login authentication

Username: adminPassword:

%Feb 11 14:49:03 2009 YS SHELL/5/LOGIN: admin login from con0

3.2.2 Upgrade Notes

Save the host software, configuration file, and license file before upgrade in case of version rollback. Avoid the power failure during upgrade. The file may not be completely uploaded or downloaded and therefore is unavailable due to the power failure. The default password of BootROM for the USG2110 is secoway. The USG2110 supports the function of restricting the number of IP address-based users. The function is controlled by the license. By default, only 20 users are allowed to access with no license, however, the limitation is removed by activating with license.

4 Upgrade Process4.1 Upgrade Flow Chart and Procedure During Device Startup


Figure4-1 Flow chart of upgrade during device startup


Table4-1 Procedure for upgrade during device startupNo.OperationImpactDurationMandatory or Optional

1Load the host software package through the BootROM during startup. Enter the BootROM main menu and set the Ethernet interface parameters. For the first-time loading, you must load the host software package through the BootROM; otherwise, the Equipment cannot start. 1 minutesMandatory

Load the host software package, vrpcfg.zip and License.dat to the FLASH.

Complete the loading and set the path of the host software package.

2Start Equipment from FLASHNone2.0 minutesMandatory

4.2 Upgrade Flow Chart and Procedure During Device Running


Figure4-2 Flow chart of upgrade during device running


Table4-2 Procedure for upgrade during device runningNo.OperationImpactDurationMandatory or Optional

1Load the host software during device running by running commands. Configure the FTP server, set the user name and password, and save the host software package, vrpcfg.zip and License.dat to the FTP directory. When the Flash memory is insufficient, the file cannot be completely loaded. In this case, you need to delete certain files from the Flash memory.About 2 minutesMandatory

Upload the host software package, vrpcfg.zip and License.dat by running FTP commands.

Configure that the loaded host software package is used for next startup.

2Restart the EquipmentDuration of Equipment startup is affected by the number of configuration items in configuration file. The more items, the longer startup duration. About 2 minutesMandatory

5 Preparations for the Upgrade

5.1 Preparations for Upgrade5.1.1 Preparing Upgrade Tools

Task Description

Connect the PC to the USG2110 through serial port cables and network cables.

The FTP software is required because it is mandatory for upgrade. The serial port of the PC must be connected to the USG2110 because you need to check whether the USG2110 starts up or runs properly during upgrade. The physical link between the Ethernet interfaces is used to transmit software. Therefore, the Ethernet interfaces must be available.

Precautions

The FTP server must be installed on the PC. The FTP server is not described here because it is the third party software.

Operation Procedure

Step 1 Connect a serial port of the PC to the console port of the USG2110 through the console cable. Figure5-3 Connecting a serial port of the PC to the console port of the USG2110

Step 2 Connect the Ethernet interface of the PC to the Ethernet interface of the USG2110 through the network cable. Figure5-4 Connecting the Ethernet interface of the PC to the Ethernet interface of the USG2110

Step 3 Start the FTP server on the PC.

Step 4 Save the host software package to be upgraded to the FTP root directory. Refer to section 4.1.3 "Preparing Upgrade Software" to get the host software package.Step 5 Configure the serial port.1. Run the terminal emulation program (such as the Windows XP HyperTerminal) on the PC. Choose Start > All programs > Accessories > Communications > Hyper Terminal, and display the Connection Description dialog box.2. In the Name field, enter the name of the connection between the PC and the USG2110, for example, COMM1 .Select an icon in Icon, as shown in Figure4-3.Figure5-5 Connection Description dialog box

3. Click OK to display the Connect To dialog box.

4. Select the serial port for connecting the PC and the USG2110 from the connect using drop-down list, for example, COM1, as shown in Figure4-4.

Figure5-6 Connect To dialog box

5. Click OK to display the COM1 Properties dialog box as shown in Figure4-5.

6. Set the communications parameters of the port, as shown in Figure4-5.

Figure5-7 Setting the port properties

7. Click OK.----EndResult Verification

Start the USG2110. Check whether the startup information collected through the serial port is displayed on the HyperTerminal of the PC. If yes, it indicates that the connection between the PC and the USG2110 is established and the serial port cable is well connected.

5.1.2 Preparing Upgrade References

You must upgrade the USG2110 by following the upgrade instructions: USG2110 V100R001C03SPC200 Release Notes (English Document).doc USG2110 V100R001C03SPC200 User Guide (English Document).doc5.1.3 Preparing Upgrade Software

Download software package:

USG2110V100R001C03SPC200.bin (7,071,556 Byte)Precautions

You must download the preceding files to the FTP root directory on the PC.

5.2 Checklist Before the Upgrade

Table5-3 Checklist before the upgrade

SNItemCriteria

1Querying the host software versionCheck whether the version number of the host software is consistent with that of the software package.

5.2.2 Querying the Host Software Version

In the command line view, run the display version command to view the version of the host software running on the device.

display versionHuawei Symantec Versatile Security Platform Software

Software Version : USG2110 V100R001C03SPC200 (VSP (R) Software, Version 3.30)

Copyright (C) 2008-2009 Chengdu Huawei Symantec Technologies Co., Ltd. All right

s reserved.

Secospace USG2110 uptime is 0 week(s), 0 day(s), 0 hour(s), 7 minute(s)

Rpu's version information:

128M bytes SDRAM

32M bytes FLASH

Pcb Version : VER.A

CPLD logic Version : 003

Small BootROM Version : 106

Big BootROM Version : 127

00:02:52 04-02-20006 Upgrade OperationsFor security reasons, you should save system configurations before upgrade and then restart the device. Therefore, system configurations can be restored in case of the upgrade failure.6.1 Backing up and Loading the Configuration File

6.1.1 Backing up the Configuration File

You can back up the configuration file in the following ways if necessary, The host software involved in the document is usg2110.bin, the configuration file is vrpcfg.zip, and the backup configuration file is backup.zip globally.Screen Copying

On the terminal of the USG2110, run the display current-configuration command to copy all the information that is displayed on the screen into a TXT file and save it. The configuration file is backed up.

Through TFTP

Step 2 (Optional) After starting the USG2110, run the following commands to back up the configuration file in the Flash memory. This step is for forming the good habit of backing up the configuration file in the Flash memory.

copy vrpcfg.zip flash:/backup.zipCopy flash:/abc to flash:/backup.zip?[confirm]:

Before press ENTER you must choose 'YES' or 'NO'[Y/N]: y100% complete

%Copied file flash:/vrpcfg.zip to flash:/backup.zip.

Step 3 On the PC, start the TFTP server application program, and specify the transmission path for downloading the configuration file and the IP address and port number of the TFTP server.

Step 4 On the USG2110, run the tftp command. The parameters are the IP address of the TFTP server, operation type, and name of the configuration file.

tftp 10.110.24.209 put vrpcfg.zipNow begin to copy file to remote tftp server, please wait for a while...\

TFTP: 656 bytes sent in 1 seconds.

File uploaded successfully.

----End

Through FTP



Before press ENTER you must choose 'YES' or 'NO'[Y/N]:y100% complete


Step 6 On the PC, start the FTP server application program, and specify the transmission path for downloading the configuration file and the IP address and port number of the FTP server.

Step 7 On the USG2110, run the ftp command. Enter the parameters of the FTP server IP address, user name, and password. After logging in to the USG2110 successfully, enter the operation type and configuration file name.

ftp 10.110.24.209

Trying 10.110.24.209 ...

Press CTRL+K to abort

Connected to 10.110.24.209.

220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user

User(10.110.24.209:(none)):USG2110331 Give me your password, please

Password:

230 Logged in successfully05:54:22 02-13-2009

[ftp] put vrpcfg.zip

Now begin to copy file to remote ftp server, please wait for a while...\

FTP: 656 bytes sent in 1 seconds.

File uploaded successfully.

----End

6.1.2 Loading the Configuration File

You can edit the configuration file in offline mode according to the specified format and load the file to the USG2110 through FTP or TFTP. Or you can load the backed up configuration file to the USG2110 through FTP or TFTP. You can load the configuration file in the following ways:

Through TFTP

Step 8 (Optional) On the USG2110, run the following commands to back up the configuration file vrpcfg.zip. This step is for forming the good habit of backing up the configuration file when updating it.


Before press ENTER you must choose 'YES' or 'NO'[Y/N]: y100% complete


Step 9 On the PC, start the TFTP server application program, and specify the transmission path for uploading the configuration file and the IP address and port number of the TFTP server.

Step 10 On the USG2110, run the tftp command. The parameters are the IP address of the TFTP server, operation type, and name of the configuration file.

tftp 10.110.24.209 get vrpcfg.zipNow begin to download file from remote tftp server, please wait for a while..\ TFTP: 656 bytes received in 0 seconds. File downloaded successfully.

----EndThrough FTP



Before press ENTER you must choose 'YES' or 'NO'[Y/N]:y100% complete


Step 12 On the PC, start the FTP server application program, and specify the transmission path for downloading the configuration file and the IP address and port number of the FTP server.

Step 13 On the USG2110, run the ftp command. Enter the parameters of the FTP server IP address, user name, and password. After logging in to the USG2110 successfully, enter the operation type and configuration file name.

ftp 10.110.24.209

Trying 10.110.24.209 ...




User(10.110.24.209:(none)):USG2110331 Give me your password, please

Password:

230 Logged in successfully

05:54:22 02-13-2009

[ftp] get vrpcfg.zip

----End

6.2 Upgrade During Device Power-onStep 14 Turn on the power supply to power on the USG2110.

Step 15 When starting the USG2110, you can view the MPU startup process on the serial port tool. When the following information is displayed, press Ctrl+B to enter the BootROM main menu.

Starting...

Decompressing .........Done!Starting ...

*************************************************************

* *

* Unified Security Gateway 2110 Bootrom, Ver1.27 *

* *

*************************************************************

CPU type : MPC8248

CPU L1 Cache : 32KB

CPU Clock Speed : 200MHz

Memory Size : 128M

Press Ctrl+B to Enter Boot Menu... 4Password:

==========================================

| Boot With Default Mode |

| Boot From Flash |

| Enter Serial SubMenu |

| Enter Ethernet SubMenu |

| Change Flash Boot File |

| Modify Bootrom Password |

| Recover Console Password |

| Reboot |

=============================================================

Enter your choice(0-7):

Press Ctrl+B within five seconds. When Password: is displayed, enter the password to enter the BootROM main menu. Enter the password after entering the BootROM main menu. The default password for the USG2110 is secoway.

Step 16 On the BootROM main menu, enter 4 to enter the Ethernet submenu.

Enter your choice(0-7): 4Boot From Net Port...

===========================================

| Download Program To SDRAM And Run |

| Download Program To Flash |

| Change Boot Parameter... |

| Exit To Main Menu |

============================================================= Step 17 Modify the settings of Ethernet interface configuration parameters. On the Ethernet submenu, enter 3 to open the interface. After setting the parameters, return to the Ethernet submenu. Enter your choice(0-3): 3Change Boot Parameter Through Net Port.

Note: Two protocols for download, tftp & ftp.

You can modify the flags following the menu.

tftp--0x80, ftp--0x0.

Available Boot Device: [motfcc0]

'.' = clear field; '-' = go to previous field; ^D = quit

boot device : motfcc0

processor number : 0

host name : usg2110file name : usg2110.bininet on ethernet (e) : 2.2.2.2

inet on backplane (b):

host inet (h) : 2.2.2.242

gateway inet (g) :

user (u) : usg2110ftp password (pw) (blank = use rsh): usg2110flags (f) : 0x0

target name (tn) : usg2110.binstartup script (s) :

other (o) :

Parameters need to be set are as follows:

file name: indicates the file to be downloaded. Set this parameter to usg2110.bin.You can directly enter the new file name after the displayed file name. This modification method is also applicable to the following parameters.

boot device: is used to set the interface for downloading the usg2110.bin file by the USG2110. inet on Ethernet: is used to set the IP address of the USG2110. This IP address and the IP address of the PC providing FTP services should be in the same network segment.

host inet: is used to set the actual IP address of the PC providing FTP services.

user: indicates the FTP user name.

ftp password: indicates the password of the FTP user.

Step 18 Download the usg2110.bin file to the Flash. On the Ethernet submenu, enter 2 to download files from the FTP server. For example, Step 19 Download the file from the FTP server.

===========================================





=============================================================Enter your choice(0-3): 2

DownLoad Program To Flash Through Net Port.

boot device : sbeunit number : 2processor number : 0host name : hpfile name : usg2110.bininet on ethernet (e) : 3.3.3.2host inet (h) : 3.3.3.1user (u) : usg2110ftp password (pw) : usg2110flags (f) : 0x0target name (tn) : usg2110.binAttached TCP/IP interface to wancom0.

Subnet Mask: 0xfffff800

Attaching network interface lo0... done.

Loading...

Done

7071556 bytes downloaded.

flash:/usg2110.bin already exist.

delete it?(Y/N):y

Deleting file...done.

Writing flash...................done.

If you start the USG2110 for the first time, enter 5 to set the Flash memory description area.

If you use the Flash memory for the first time, the Flash memory file system will format itself before any files in the Flash can be read or written. The following information is displayed:

Formatting Flash, please waiting several minutes...doneAlso, during system power-on, you can upload only the host software rather than the configuration file or license file. After the system runs properly, you can upload the configuration file and license file through FTP or TFTP.

Step 20 On the Ethernet submenu, enter 0 to return to the BootROM main menu.

===========================================





=============================================================

Enter your choice(0-3): 0==========================================

| Boot With Default Mode |

| Boot From Flash |

| Enter Serial SubMenu |

| Enter Ethernet SubMenu |

| Change Flash Boot File |

| Modify Bootrom Password |

| Recover Console Password |

| Reboot |

============================================================= Step 21 On the BootROM main menu, enter 2 to start the file.

Enter your choice(0-7): 2Booting From Flash...

The Boot File is < flash:/ usg2110.bin >

Decompressing ..................................................................

..................................................................Done!Starting

at 0x80400000...----End6.3 Upgrade Operations During Device Running

Step 22 Configure the USG2110 to ensure the connectivity between the USG2110 and the PC in Figure4-2.Step 23 Log in to the FTP server through the FTP client. In user mode, you can log in to the FTP server by entering ftp .The following information is displayed:

ftp 3.3.3.1Trying 3.3.3.1 ...




User(3.3.3.1:(none)): usg2110331 Give me your password, please

Password:


[ftp]Step 24 Obtain the required usg2110.bin file. You can obtain this file by entering get usg2110.bin on the FTP client.

[ftp] get usg2110.bin200 PORT command okay

150 "D:\ usg2110.bin " file ready to send (9606880 bytes) in ASCII mode

226 Transfer finished successfully.

FTP: 7071556 byte(s) received in 51.384 second(s) 140.08Kbyte(s)/sec.[ftp]Step 25 (Optional) To upload the license file and configuration file, you can enter get vrpcfg.zip respectively on the FTP client.

[ftp] get vrpcfg.zip200 PORT command okay

150 "D:\ vrpcfg.zip " file ready to send (886 bytes) in ASCII mode


FTP: 886 byte(s) received in 10.384 second(s) 140.08Kbyte(s)/sec.[ftp]Step 26 In the user view, enter the startup system-software usg2110.bin command line to set the host software for next startup.

startup system-software usg2110.bin You will change the startup software! Continue?[Y/N]: yStartup from the system-software flash:/ usg2110.bin?[Y/N]: y16:34:26 02-11-2009

Step 27 (Optional) To set the configuration file for next startup, you can enter the startup saved-configuration vrpcfg.zip command line in the user view.

startup saved-configuration vrpcfg.zipStartup from the saved-configuration flash:/vrpcfg.zip?[Y/N]: y06:52:40 02-13-2009 Step 28 After the USG2110 is restarted, the usg2110.bin file runs automatically to perform the installation. The configuration file is loaded.

----End

When downloading the software package, if the system prompts insufficient Flash memory, delete unnecessary files from the Flash and download the software package.

6.4 Activate license fileStep 29 Log in to the FTP server through the FTP client. In user mode, you can log in to the FTP server by entering ftp .The following information is displayed: ftp 10.2.1.2Trying 10.2.1.2 ...




User(10.2.1.2:(none)):usg2110331 Give me your password, please

Password:


Step 30 Obtain the required on1020586.dat file. You can obtain this file by entering get on1020586.dat on the FTP client.[ftp] get on1020586.dat15:00:11 2009/03/17

200 PORT command okay

150 "E:\bin\ on1020586.dat" file ready to send (2844 bytes) in ASCII mode


FTP: 2844 byte(s) received in 4.916 second(s) 578.51byte(s)/sec.

Step 31 After the USG2110 is restartedIf you use the license file for the first time, run the following command to activate the license file in the system view (if the license file is activated and not changed during the restart of the USG2110, it does not need to be activated):

[USG2110] license file on1020586.dat14:49:16 2009/03/17

Active license successfully.

Step 32 If you want to replace license file, make sure the original is inactivated then activate the new license file.[USG2110] undo license file14:51:45 2009/03/17

[USG2110]

2009-03-17 14:51:45 Eudemon %%01FWLCNS/5/FWLCNSLOG(l):

Deactivate the license file

[USG2110] license file on1020588.dat

14:59:16 2009/03/17

Active license successfully.

Step 33 Run the display license command to view the license information.[USG2110] display license 15:11:05 2009/03/17

Device ESN is: 210235G0580000000000

The file activated is: flash:/ on1020588.dat

The time when activated is: 2009/03/17 15:11:02

VFW: 2

VPN: 2

GTP: DEFAULT ----End7 Upgrade Verification7.1 Upgrade VerificationTable7-4 Upgrade verificationSNItem Criteria

1Checking whether the version of the host software is correctUse the command line. The version number displayed should be :

V100R001C03SPC100

2Checking whether the configuration file is successfully uploadedCheck whether the device configuration is consistent with the configuration file.

P Print Appendix "A

REF _Ref226271838 \h Upgrade Record" in advance for recording.

7.2 Upgrade VerificationOperation Procedure

Step 1 Run the display version command in the command line view to check whether the output is correct.

Step 2 Run the display current-configuration command in the command line view to check whether the configuration is consistent with the uploaded configuration file.

----EndResult Verification

If the version information in the command line output is the same as the verification checklist shown in Table6-1

REF _Ref226271895 \h Upgrade verification, it indicates that the software version is correct.

8 Version Rollback

If the system upgrade fails, you need to roll back the version. For details, see section 5.2 "Upgrade During Device Power-on" and section 5.3 "Upgrade Operations During Device Running" to upload the host software, configuration file, and license file of the original version.

A Upgrade RecordOffice NameUpgrade Date

Version Before UpgradeVersion After Upgrade

Upgrade PersonnelCustomer Personnel:

Huawei Symantec Personnel:

Whether the upgrade is successful

Check Items for UpgradeConclusionException Handling

Check before upgrade

Check of upgrade procedures

Verification check after upgrade

B Acronyms and AbbreviationsA

AAAAuthentication, Authorization and AccountingIt provides a framework for configuring the security functions of authentication, authorization, and accounting. It is a kind of management on network security.

ACLAccess Control ListA sequential instruction list consisting of a series of permit | deny statements. In the scenario where a firewall is deployed on a network, an ACL is applied to the interface of a router, and the router determines which packets can be received and which should be denied according to the ACL. In QoS, ACLs are also used for traffic classification.

ARPAddress Resolution ProtocolA protocol used to resolve an IP address into an Ethernet MAC address. RFC 826 defines the protocol.

AUXAuxiliary portAuxiliary (port). A kind of line device. An AUX port provides an EIA/TIA-232 DTE interface that is usually used to perform a dial-up access through a Modem.

D

DNSDomain Name SystemA system used to map a human-friendly domain name to an IP address.

DoSDenial of ServiceDenial of Service

F

FTPFile Transfer ProtocolAn application layer protocol used to transmit files between remote hosts. FTP is implemented on the basis of the corresponding file system.

FLASHFLASH memoryFLASH memory

I

ICMPInternet Control Message ProtocolA Layer 2 protocol that reports errors and provides other information relevant to IP packet processing.

IKEInternet Key ExchangeA protocol used to exchange keys between Oakley and SKEME through ISAKMP.

IPInternet ProtocolA protocol that provides connectionless best effort delivery of datagram across heterogeneous physical networks. IP is a network layer protocol in the TCP/IP protocol stack.

IPSecIP SecurityA series of protocols defined by the Internet Engineering Task Force (IETF). This protocol family includes a set of system structures concerning data security on the IP network, including such protocols as AH, ESP, and IKE.

L

L2TPLayer Two Tunneling ProtocolA well-accepted protocol drafted by the IETF and finalized also by Microsoft and other companies. This protocol combines the advantages of PPTP and L2F.

LANLocal Area NetworkLocal Area Network. A network consisting of personal computers and workstations residing in the same building or within several kilometers in circumference. LAN features high speed and low error rate. Ethernet, FDDI, and Token Ring are three main realization technologies of LANs.

M

MACMedia Access ControlThe lower of the two sub-layers of the Data Link Layer. The MAC layer is closer to the physical layer.

MANMetropolis Area NetworkA network of LANs or computers within a wide geographical area such as a university campus. A MAN usually adopts the same technology as a LAN. A MAN can cover dozens of kilometers wide or a metropolitan (city-wide) area.

MPUMain Processing UnitMain Processing Unit

N

NATNetwork Address TranslationA mechanism for reducing the need for globally unique IP addresses. NAT allows an organization with private IP addresses to connect to the Internet by translating those addresses into a globally unique and routable IP address.

NAPTNetwork Address and Port TranslationNetwork Address and Port Translation

NMSNetwork Management StationNetwork management workstation. A workstation that communicates with the Agent to take statistics on network traffic.

O

OSPFOpen Shortest Path FirstOpen Shortest Path First

P

PINGpacket internet groperA utility program which tests access to a device by sending a series of messages and measuring the replies, such as an ICMP Echo message and its acknowledgment.

PPPPoint to Point ProtocolA dedicated transmission link between two devices.

PPPoEPPP over EthernetPPP over Ethernet

R

RADIUSRemote Authentication Dial In User ServiceA distributed server/client system developed by Livinggston Enterprise. RADIUS can provide the AAA function. As an authentication and accounting protocol, RADIUS can realize access authentication, authorization, and accounting functions for a great number of users through serial port and Modem.

RIPRouting Information ProtocolRouting Information Protocol. A routing protocol that calculates routes with the D-V algorithm and selects routes according to the hop number. RIP is widely used in small-sized networks.

RPURouting Process UnitPath Process Unit

S

SNMPSimple Network Management ProtocolA network management protocol used in TCP/IP networks. SNMP is a widely accepted and used industrial standard, which aims to ensure the transmission of management information between two points. The administrator can search for and change information, perform troubleshooting and fault diagnosis, plan the capacity, and generate reports on any node.

SRUSwitch Router UnitSwitch Router Unit

SSHSecure ShellA set of network standards and protocols that provide secure Telnet access.

T

TCPTransmission Control ProtocolA transport layer protocol that provides a connection-oriented, full-duplex, and point-to-point service between hosts.

U

UDPUser Datagram ProtocolPart of the TCP/IP protocol suite. UDP is a standard, connectionless, host-to-host protocol that is used over packet-switched computer communication networks. UDP does not provide the reliability and ordering guarantees that TCP does.

V

VPNVirtual Private NetworkVirtual Private Network. A new technology that helps implement a private network link, which is carried on a public network. Virtual indicates that the network logically exists.

VRPVersatile Routing PlatformA versatile operating system platform developed by Huawei Symantec and acts as the general operating system platform of Huawei data communication products.

VTVirtual TemplateA logic interface in VRP.

Enter the BootROM menu

Load the host software

.

Set the host software and path for next startup

Start the device from the Flash

End

xxxviiiHuawei Symantec Proprietary and Confidential Copyright Chengdu Huawei Symantec Technologies Co., Ltd.Issue (2010-07-27)

Documents

Secospace USG2110 V100R001C03SPC200 Upgrade Guide (English Document)