The firewall of H3C F1000-AK109 needs to be upgraded when testing recently. So I went to the official website of Xinhua to download the upgrade package and upgrade it on the firewall web console. Results In the process of uploading the file, it was prompted that the device space was insufficient and could not be upgraded.
After consulting the data, it is found that the flash of some H3C devices is relatively small, so in many cases it is impossible to directly upgrade through the web, and the device needs to be upgraded under the command line. The official website of H3C not only provides the upgrade package in IPE format (the format of the file to be used for upgrading through the web console), but also provides the upgrade package in BIN format.
Enter the official website of the third official website of Xinhua to download the upgrade package of the corresponding device to the local, and then decompress it. The unzipped file is normally two "bin" files, one is boot and the other is system.
Then connect the computer to the firewall to ensure that both parties can ping each other (it is recommended to use the network cable to connect the device directly). Start an FTP service on your computer and set the directory of the files you just unzipped as the root directory of FTP. And set an account to access this directory. I use the FTPServer provided in the H3C "benchmark artifact" tool (the fancy # Goutou). As long as an FTP service can be set up here, I don't say what FTP software must be used. It should be noted that the system firewall may block the access to the FTP 21 port. We can turn off the system firewall for the time being (for security, remember to turn on the system firewall again after finishing).
After the FTP service is tested to be normal, log in to the command line console of the firewall through the ssh/telnet/Console port.
First, check whether the space on the lower firewall is enough to upload two bin files.
<H3C>dir Directory of flash: 0 drw- - Aug 17 2018 08:34:05 diagfile 1 drw- - Dec 31 2019 14:04:21 dpi 2 -rw- 5382144 Aug 17 2018 08:32:44 f1010fw-cmw710-boot-r9510p06.bin 3 -rw- 94498816 Aug 17 2018 08:33:24 f1010fw-cmw710-system-r9510p06.bin 4 -rw- 735 Aug 17 2018 08:34:28 hostkey 5 -rw- 282 Jan 15 2020 16:10:22 ifindex.dat 6 -rw- 0 Dec 31 2019 14:19:22 lauth.dat 7 drw- - Aug 17 2018 08:34:05 license 8 drw- - Jan 08 2020 10:07:10 logfile 9 drw- - Dec 31 2019 14:19:08 pcap 10 drw- - Aug 17 2018 08:34:27 pki 11 drw- - Aug 17 2018 08:34:05 seclog 12 -rw- 591 Aug 17 2018 08:34:28 serverkey 13 -rw- 60983 Jan 15 2020 16:10:22 startup.mdb 262144 KB total (6488 KB free)
As you can see, the available space of the current device is only more than 6M, which is not enough to store two bin files. When the space of this device is insufficient, you can delete some useless files on the device. For example, there may be a tar package starting with "diagfile" on the device. This is a diagnostic file of the device, and you can safely delete it. If the device has been upgraded before, there will still be an old version of the bin file, and you can also delete it.
After deleting these files, remember to use“ reset recycle-bin ”Command to empty the recycle bin. Otherwise, the space is still occupied. For example, files have been deleted, but the recycle bin has not been emptied. The deleted files still occupy the Flash space on the firewall.
After confirming that there is enough space, use the command to connect to the FTP service opened on the computer.
#Connect ftp <H3C>ftp 192.168.1.2 Press CTRL+C to abort. Connected to 192.168.1.2 (192.168.1.2). 220 Browser Ftp Server. #Log in to ftp User (192.168.1.2:(none)): admin 331 Password required for this user. Password: 230 User Logged In. Remote system type is UNIX. Using binary mode to transfer files. ftp> ftp> #View Directory ftp> dir 227 Entering Passive Mode (192,168,1,2,3,113). 150 Opening data connection for directory list. -rwx------ 1 user group 7642112 Jan 13 03:26 f1010fw-cmw710-boot-E9536P1101.bin -rwx------ 1 user group 152638464 Jan 13 03:27 f1010fw-cmw710-system-E9536P1101.bin 226 Transfer complete. ftp>
Use the "get" command to download the bin files of boot and system from FTP.
ftp> get f1010fw-cmw710-boot-E9536P1101.bin 227 Entering Passive Mode (192,168,1,2,0,161). 150 Opening data connection. .............. 226 Transfer complete. 7642112 bytes received in 3.498 seconds (2.08 Mbytes/s) ftp> ftp> ftp> get f1010fw-cmw710-system-E9536P1101.bin 227 Entering Passive Mode (192,168,1,2,2,79). 150 Opening data connection. ................................................................................................................................................................................................................................................................................................... 226 Transfer complete. 152638464 bytes received in 68.393 seconds (2.13 Mbytes/s) ftp> ftp>
After uploading, use the "dir" command to confirm that the file has been uploaded to the firewall. Finally, specify the next startup file of the firewall. The command here is the default startup file (main) of the specified firewall. In addition to the main, there is also an alternate startup file (back), which will not be detailed here.
<H3C>boot-loader file boot flash:/f1010fw-cmw710-boot-E9536P1101.bin system flash:/f1010fw-cmw710-system-E9536P1101.bin slot 1 main This command will set the main startup software images. Continue? [Y/N]:y Verifying the file flash:/f1010fw-cmw710-boot-E9536P1101.bin on slot 1...Done. Verifying the file flash:/f1010fw-cmw710-system-E9536P1101.bin on slot 1..........Done. The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 1. <H3C>
Finally, reboot the firewall. Select "Y" to allow for the prompt during the period.
I have to say that after the update, the web UI of H3C firewall has really grown a lot
This article is published at: yingfeng Blog >> Solution to prompt insufficient space when upgrading H3C firewall , please indicate the source for reprinting.
