NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
M5300 stack firmware upgrade
Hello,
My firm currently utilizes Netgear M5300-28G_POE+ switches in a stacked group of 10 devices. We are currently at firmware level 10.0.0.44, and I've been tasked to:
a) Update to latest firmware {11.0.0.31}
b) Add the company certificate (to avoid the initial https error message) (Is it better to use the company wildcard certificate or the switches selfsigned certificate?)
c) Switch access from http, to https
Couple questions I have regarding the firmware upgrade are:
1) Is the best way to do this to upgrade one switch at a time? If I reboot the initial switch (management switch) will I reboot the entire stack?
2) Should I add the firmware to all switches before rebooting any switches, then reboot all switches at the same time? This way all the switches will come up simultaneously.
3) Please share your thoughts and let me know if there is a document that details out how best to do this.
Thank you
Hi again,
The process you are describing should be the correct process. I suggest reading the release notes instead, when it comes to firmware upgrades. The release notes explain the process from start to finish.
https://kb.netgear.com/000038811/M5300-Firmware-Version-11-0-0-31You simply update the stack and reboot. This should update all members in the stack. But yes, it requires a full reboot of the whole stack.
There is an important note here. When going from version 10.x to 11.x firmwares we changed the management VLAN. On 10.x the management VLAN IP address was on the CPU (network parms), but in 11.x firmwares the management VLAN IP address is now on the VLAN itself. This means you might have management VLAN IP address issues after the upgrade. It is easy to fix via CLI/console though. Let me assume VLAN 1 is your management VLAN, then after firmware upgrade you run these commands from CLI:
(M4300-28G-PoE+) >en
(M4300-28G-PoE+) #configure
(M4300-28G-PoE+) (Config)#interface vlan 1
(M4300-28G-PoE+) (Interface vlan 1)#ip address 192.168.1.254 255.255.255.0
(M4300-28G-PoE+) (Interface vlan 1)#endOf course, substitute IP address and subnetmask to your needs.
If something happens during the upgrade, the stack members don't upgrade properly, etc. then do let me know. It is important to schedule downtime in case there are some things to sort out. Also, I suggest doing it sometime in the week days (Mon-Fri) as pro support is available then. Again, just in case! And remember to backup the config first.
But generally speaking, follow the release note instructions closely and you should be just fine!
Cheers
6 Replies
Hi MKBKC
I am glad to hear that you are taking the correct precautions when upgrading firmware. It should be a straight forward process, but you are right to check with us first. The upgrade procedure is explained here, in the release notes. It also describes how to upgrade a stack.
https://kb.netgear.com/000038811/M5300-Firmware-Version-11-0-0-31The firmware itself can downloaded here:
https://www.netgear.com/support/product/M5300-28G-POE-plus%20(GSM7228PSv1h2).aspx#Firmware Version 11.0.0.31I would suggest that you backup your config before the upgrade - just in case!
As for the certificate question. I don't, personally, see much benefit adding the company certificate to the switch. It is worth it? Using the self-signed certificate is not more or less secure than your company certificate. Your browser gives you a warning as the certificate is self-signed and indeed, if you see this on the Internet then don't continue, but as you trust the device (it's just the switch) I would be fine with just using the self-signed certificate that the switch has and trust that in my browser.
Lastly, here is all the documentation about the switch you have. It might come in handy if needed.
https://www.netgear.com/support/product/M5300-28G-POE-plus%20(GSM7228PSv1h2).aspx#docs
CheersGood Morning ,
Thank you for your thoughtful response.
- I actually agree with you regarding the certificate, no worries here, this is a management request.
- I am not 100% clear regarding upgrading stack members when the manager switch is upgraded. Page 470 of the Software administration manual seems to suggest that after upgrading the manager switch, stack members are automatically upgraded: “Once the firmware is successfully loaded on the supervisor, it automatically propagates to the other members in the chassis.” http://www.downloads.netgear.com/files/GDC/M5300/M5300-M6100-M7100_SWA_v11_30Oct2015.pdf
Does this mean when the manager switch is rebooted, the entire stack will also reboot and upgrade? I need to fully understand this as it will certainly affect production.
Thank you,
Hi again,
The process you are describing should be the correct process. I suggest reading the release notes instead, when it comes to firmware upgrades. The release notes explain the process from start to finish.
https://kb.netgear.com/000038811/M5300-Firmware-Version-11-0-0-31You simply update the stack and reboot. This should update all members in the stack. But yes, it requires a full reboot of the whole stack.
There is an important note here. When going from version 10.x to 11.x firmwares we changed the management VLAN. On 10.x the management VLAN IP address was on the CPU (network parms), but in 11.x firmwares the management VLAN IP address is now on the VLAN itself. This means you might have management VLAN IP address issues after the upgrade. It is easy to fix via CLI/console though. Let me assume VLAN 1 is your management VLAN, then after firmware upgrade you run these commands from CLI:
(M4300-28G-PoE+) >en
(M4300-28G-PoE+) #configure
(M4300-28G-PoE+) (Config)#interface vlan 1
(M4300-28G-PoE+) (Interface vlan 1)#ip address 192.168.1.254 255.255.255.0
(M4300-28G-PoE+) (Interface vlan 1)#endOf course, substitute IP address and subnetmask to your needs.
If something happens during the upgrade, the stack members don't upgrade properly, etc. then do let me know. It is important to schedule downtime in case there are some things to sort out. Also, I suggest doing it sometime in the week days (Mon-Fri) as pro support is available then. Again, just in case! And remember to backup the config first.
But generally speaking, follow the release note instructions closely and you should be just fine!
Cheers
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
