- Notes, cautions, and warnings
- About this guide
- Installing SmartFabric OS10
- Preparing for an upgrade
- Upgrade sequence for SmartFabric OS10 platforms
- Dell SmartFabric OS10 certificate expiration and recommended action
- Supported upgrade paths—Full Switch mode deployments
- Supported upgrade paths—SFS mode deployments
- Supported upgrade paths—Dell PowerEdge MX deployments
- Platform-specific prerequisites
- Prerequisites for solution deployments
- Startup configuration during upgrade or downgrade
- Upgrading OS10 software
- Downgrading OS10 software
- Installation, Upgrade, and Downgrade commands
- Upgrade or downgrade OS10 image on secure boot-enabled nodes
- Update ONIE and ONIE firmware
- Upgrade PCIe firmware from DIAG OS
- Upgrade PCIe firmware from OS10 hshell
- Minimum ONIE Firmware Updater version requirement for OS10 platforms
- Links to ONIE Firmware Updater and DIAG OS Release Notes
- Link to Dell Technologies Innodisk 3IE3 Solid State Drive ONIE Firmware Updater Release Notes
- Frequently asked questions
Dell SmartFabric OS10 Installation, Upgrade, and Downgrade Guide
Postupgrade certificate configurations
Switches running OS10 Release 10.5.0.7P3 and previous supported releases, that have VLT or SmartFabric Services enabled, use secure channels to communicate with each other. To establish secure channels, OS10 uses X.509v3 certificates. If you have installed custom certificates (self-signed or CA certificates), you must reinstall the custom certificates after upgrade.
NOTE: This procedure is applicable only if you have installed custom certificates, and are running OS10 release 10.4.3.0 or later. If you are running OS10 releases between 10.4.1.4 and 10.4.2.x, upgrade to a later release. This procedure is not applicable if you are upgrading to one of the following releases:
- 10.4.3.7
- 10.5.0.9
- 10.5.1.9
- 10.5.2.6 and later releases
Configuration notes
- From 10.5.1.0 release onwards, there is no need for X.509v3 certificate in a VLT domain if both the VLT peers are running OS10 software version 10.5.1.0 or later. However, you still need the certificates during VLT upgrade from 10.4.3.x releases to 10.5.1.0 or later. The upgraded VLT device has to communicate with the other VLT peer in a domain until the other device is also upgraded to 10.5.1.0 or later.
- If untrusted devices access management or data ports on an OS10 switch in your deployment, Dell Technologies recommends that you replace the default X.509v3 certificate-key pair used for cluster applications. See the Dell SmartFabric OS10 Security Best Practices Guide for information about generating and installing certificates on OS10 switches.
After you upgrade OS10 to a new release, the certificate is present in the system. To reinstall the certificate, remove and readd the cluster security profile using the following commands:
- Remove the cluster security profile.
OS10(config)# no cluster security-profile
- Add the cluster security profile again for the certificates to be reinstalled.
OS10(config)# cluster security-profile profile-name
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\