說明
Table of Contents
- Requirements to be Met
- Steps to Run Script from Live Linux ISO
- Command Summary
- Items to Take Note
- Must have Linux ISO downloaded (In this case, it is CentOS 7 KDE live ISO.)
- Must have internet access on Linux VM
- The switch is reachable from VM
- Switch Sysadmin role user
- Must not have “system-cli disable” configured
- Boot to the ISO from VMware (or another hypervisor)
Link for CentOS 7 KDE live ISO download:
Created VM settings with mounted ISO:
Boot into the CentOS disk:
- Right click to open Konsole.
- Run yum, install, expect, and unzip.
sudo yum install expect unzip -y
- Save file to Linux system (can transfer directly to host or download for DDL using Firefox).
scp <user>@<hostip>:</filelocation/filename> <filename>
- Unzip the file and run chmod to make the file executable.
unzip cert_upgrade_script-3.zip
chmod 777 cert_upgrade_script/*
- Run file to each switch IP or with host file per readme to confirm vulnerable and applied.
cd cert_upgrade_script
./cert.sh -u admin -p admin -h <IP> -c
./cert.sh -u admin -p admin -h <IP>
./cert.sh -u admin -p admin -h <IP> -c
- After executing the script, check KB article 184027: Dell Networking OS10 Certificate Expiration and Solution. for the next steps.
ALERT: Flap the VLTi or reload switch based upon KB steps for cert to take effect.
Command |
Explanation |
sudo yum install expect unzip -y |
Install needed packages |
cd Desktop |
Move the desktop directory |
scp <user>@<hostip>:</filelocation/filename> <filename> |
Download the script to the Desktop |
unzip cert_upgrade_script-3.zip |
Unzip the script file |
chmod 777 cert_upgrade_script/* |
chmod to allow the .sh and folder to be read/write/execute |
cd cert_upgrade_script |
Change to the cert directory |
./cert.sh -u admin -p admin -h <IP> -c |
check the switch is vulnerable. |
./cert.sh -u admin -p admin -h <IP> |
Run script to change cert |
./cert.sh -u admin -p admin -h <IP> -c |
Check to see if switch was updated |
- The script does version checks for if running at a version earlier than 10.4.3.x.
- If running earlier than this version, it creates the message “running a version less than 10.4.3.x, please upgrade to newer version”
- The script does version checks for if funning at a version later than 10.5.1.0. (in script version v4).
- The system is not vulnerable if other switches in the cluster are also running 10.5.1.0 or later.
- Newer firmware may have affected cert however, it is not in use, and as such, can be ignored or upgraded without concern.
- Ensure to use ‘ (single quotes) if special characters are in username or password on Linux.
- If existing Linux OS, ensure version is 5.45 or later.
受影響的產品
PowerSwitch S3048-ON, PowerSwitch S4048-ON, Dell EMC Networking MX5108n, Dell EMC Networking MX9116n, Dell EMC Networking N3200-ON, PowerSwitch S4048T-ON, PowerSwitch S4112F-ON/S4112T-ON, PowerSwitch S4128F-ON/S4128T-ON
, PowerSwitch S4148F-ON/S4148T-ON/S4148FE-ON, PowerSwitch S4148U-ON, PowerSwitch S4248FB-ON /S4248FBL-ON, PowerSwitch S5148F-ON, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON, PowerSwitch S5296F-ON, PowerSwitch S6010-ON, PowerSwitch S6100-ON, PowerSwitch Z9100-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON
...