This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
My firm currently utilizes Netgear M5300-28G_POE+ switches in a stacked group of 10 devices. We are currently at firmware level 10.0.0.44, and I've been tasked to:
a) Update to latest firmware {11.0.0.31}
b) Add the company certificate (to avoid the initial https error message) (Is it better to use the company wildcard certificate or the switches selfsigned certificate?)
c) Switch access from http, to https
Couple questions I have regarding the firmware upgrade are:
1) Is the best way to do this to upgrade one switch at a time? If I reboot the initial switch (management switch) will I reboot the entire stack?
2) Should I add the firmware to all switches before rebooting any switches, then reboot all switches at the same time? This way all the switches will come up simultaneously.
3) Please share your thoughts and let me know if there is a document that details out how best to do this.
The process you are describing should be the correct process. I suggest reading the release notes instead, when it comes to firmware upgrades. The release notes explain the process from start to finish. https://kb.netgear.com/000038811/M5300-Firmware-Version-11-0-0-31
You simply update the stack and reboot. This should update all members in the stack. But yes, it requires a full reboot of the whole stack.
There is an important note here. When going from version 10.x to 11.x firmwares we changed the management VLAN. On 10.x the management VLAN IP address was on the CPU (network parms), but in 11.x firmwares the management VLAN IP address is now on the VLAN itself. This means you might have management VLAN IP address issues after the upgrade. It is easy to fix via CLI/console though. Let me assume VLAN 1 is your management VLAN, then after firmware upgrade you run these commands from CLI:
Of course, substitute IP address and subnetmask to your needs.
If something happens during the upgrade, the stack members don't upgrade properly, etc. then do let me know. It is important to schedule downtime in case there are some things to sort out. Also, I suggest doing it sometime in the week days (Mon-Fri) as pro support is available then. Again, just in case! And remember to backup the config first.
But generally speaking, follow the release note instructions closely and you should be just fine!
I am glad to hear that you are taking the correct precautions when upgrading firmware. It should be a straight forward process, but you are right to check with us first. The upgrade procedure is explained here, in the release notes. It also describes how to upgrade a stack. https://kb.netgear.com/000038811/M5300-Firmware-Version-11-0-0-31
I would suggest that you backup your config before the upgrade - just in case!
As for the certificate question. I don't, personally, see much benefit adding the company certificate to the switch. It is worth it? Using the self-signed certificate is not more or less secure than your company certificate. Your browser gives you a warning as the certificate is self-signed and indeed, if you see this on the Internet then don't continue, but as you trust the device (it's just the switch) I would be fine with just using the self-signed certificate that the switch has and trust that in my browser.
I actually agree with you regarding the certificate, no worries here, this is a management request.
I am not 100% clear regarding upgrading stack members when the manager switch is upgraded. Page 470 of the Software administration manual seems to suggest that after upgrading the manager switch, stack members are automatically upgraded: “Once the firmware is successfully loaded on the supervisor, it automatically propagates to the other members in the chassis.” http://www.downloads.netgear.com/files/GDC/M5300/M5300-M6100-M7100_SWA_v11_30Oct2015.pdf
Does this mean when the manager switch is rebooted, the entire stack will also reboot and upgrade? I need to fully understand this as it will certainly affect production.
The process you are describing should be the correct process. I suggest reading the release notes instead, when it comes to firmware upgrades. The release notes explain the process from start to finish. https://kb.netgear.com/000038811/M5300-Firmware-Version-11-0-0-31
You simply update the stack and reboot. This should update all members in the stack. But yes, it requires a full reboot of the whole stack.
There is an important note here. When going from version 10.x to 11.x firmwares we changed the management VLAN. On 10.x the management VLAN IP address was on the CPU (network parms), but in 11.x firmwares the management VLAN IP address is now on the VLAN itself. This means you might have management VLAN IP address issues after the upgrade. It is easy to fix via CLI/console though. Let me assume VLAN 1 is your management VLAN, then after firmware upgrade you run these commands from CLI:
Of course, substitute IP address and subnetmask to your needs.
If something happens during the upgrade, the stack members don't upgrade properly, etc. then do let me know. It is important to schedule downtime in case there are some things to sort out. Also, I suggest doing it sometime in the week days (Mon-Fri) as pro support is available then. Again, just in case! And remember to backup the config first.
But generally speaking, follow the release note instructions closely and you should be just fine!
Thank you, and really appreciate the VLAN management headsup. I can not create a change request listing everything that needs to happen, and request a maintenance window from management.
I'm posting again today this time regarding a NETGEAR GS724TP, currently at firmware version 00.01.02
I'd like to get it to the latest firmware version, which is v5.2.0.11. There are no special features (other than the IP address of the unit!) installed, No VLANS or anything of that nature.
Can I jump directly to v5.2.0.11 (I know, in my dreams, right!) from v00.01.02?
Can you provide the correct upgrade path, and I figure from reading several posts, one or more of the firmware updates will wipe the existing configuration.
The release notes will alwayswarm you if there is problem in updating, coming from a certain version. From what I can see, you need to go to firmware V3.0.6.1 first, then V5.0.0.15 and lastly V5.2.0.11.
