Considerations for devices with lag, Security, Downgrade considerations – Brocade FastIron Ethernet Switch Software Upgrade Guide User Manual
Page 12
•
ICX 6430 devices can hold two Layer 2 images.
•
All FastIron devices except ICX 6430 can hold two Layer 2 or Layer 3 images.
Security
•
SSHv2 RSA host key format is different between FastIron 07.x.xx, and 08.0.xx software versions.
•
When you upgrade from FastIron 07.x.xx, 08.0.00 to 08.0.xx software version, if RSA key is
present in FastIron 07.x.xx or 08.0.00 software version, same size will be regenerated in FastIron
08.0.xx software version. Old SSHv2 host key is retained unless they are cleared by the crypto
key zeroize command.
•
SSH host keys created with DSA method is interoperable between FastIron 07.x.xx, 08.0.00 and
08.0.xx software versions.
•
RADIUS Server key default encryption type is 2 (simple_encryption_base64) in FastIron 08.0.xx
release instead of 1 (simple_encryption) as compared to the earlier releases. If you do not follow
the upgrade procedure, the RADIUS server key configuration will be removed during downgrade.
Downgrade considerations
•
Any new command in FastIron 08.0.xx will be discarded during downgrade.
•
The startup configuration as well as the run time changes in FastIron 08.0.xx configuration will be
lost during downgrade.
•
If software-based licensing is in effect on the device, and if the software is downgraded to a
version earlier than 07.1.00, software-based licensing will not be supported.
•
SSHv2 RSA host key format is different between FastIron 07.x.xx, 08.0.00, and 08.0.xx software
versions.
•
On an FSX device with the SX Series 0-Port Third Generation XL management module, a hitless
downgrade from FastIron 08.0.10 to 08.0.00a or 08.0.01 is not supported.
•
When you downgrade the FastIron software from version 08.0.xx to 08.0.00 or 07.x.xx, consider
the following scenarios:
‐
When SSHv2 RSA host key in FastIron 08.0.00a and above is retained from FastIron
07.x.xx or 08.0.00 software version, booting up with FastIron 07.x.xx or 08.0.00 software
versions reads the old format SSHv2 RSA host keys and enables the SSHv2 RSA server
on the switch.
‐
When SSHv2 RSA host key is created in FastIron 08.0.00a and above, booting up with
FastIron 07.x.xx or 08.0.00 software versions does not read the new-format SSHv2 RSA
host keys and SSHv2 server is not enabled on the switch.
Considerations for devices with LAG
•
If you are upgrading to FastIron 08.0.xx and have either LAGs or LACP configured, the previous
configuration will be automatically updated to form a new equivalent LAG. To accomplish this, the
old trunk and link-aggregation commands are maintained during startup configuration parsing,
but disabled during normal configurations. The following are the major differences in LAG
configuration in FastIron 08.0.xx compared to earlier releases:
‐
A LAG is not created until a LAG is deployed using the deploy command.
‐
LACP is not started until a dynamic LAG is deployed.
‐
The number of LAG ports is 1 to 8. For FSX 3rd generation modules, the range is 1 to
12.
‐
A LAG is created even if a static or dynamic LAG has only one port.
•
If link aggregation is configured on your device and you are upgrading to FastIron 08.0.xx
configuration, the link aggregation configuration should have the key configured to identify the
LAG. If the key is not configured, when you upgrade to FastIron 08.0.xx, all the link aggregation
Considerations for devices with LAG
10
FastIron Ethernet Switch Software Upgrade Guide
53-1003089-02