Aruba OS-CX ServiceOS CLI in Halon Switches

By esupport Unpublished


Question - 1. What is the purposes of ServiceOS ?

- To Boot the ProductOS

- To recover after any issue during boot.


Question - 2. What is the Login / Password for ServiceOS ?

There is only one usable login admin / {no password}. All ServiceOS users should use the admin login. 

The only exception to this is, if you login as "reboot", it would cause that management module to reboot without requiring a login. This is useful to power cycle the Switch without power control.


Question - 3. How to set a ProductOS password ?

password command sets the ProductOS admin password available in the serviceOS CLI. It is saved to the switch configuration after the customer boots ProductOS and saves configuration.

It is useful for resetting a forgotten password.


Questions - 4. What commands are available in the ServiceOS or SVOS login and its overview ?

- CLI commands are only available via serial port.

- Tab Completion

Tab button from the keyboard can only complete the filenames, NOT the commands available in SVOS.

This is the opposite of ProductOS.

-CLI help

-'?' command outputs list of the CLI commands available in the SVOS.

Below is the screenshot:-


Question - 5. How to boot Switch from ProductOS to SVOS and vice-versa ?

- From ProductOS to SVOS: Command: boot system serviceos.


- From SVOS to ProductOS: boot '1' for Primary and '2' for Secondary


Question - 6. What is the boot sequence of the Halon Switches ? Explain the boot menu in the serviceOS and ProductOS.

- ServiceOS executes between BIOS and ProductOS.

- Default OS is booted if the user does not enter any value, [Default - Primary]

- Default OS or image could be set in below methods:-

** Via 'boot set-default (primary|secondary)' from ProductOS without rebooting the Switch.

** Via 'boot system (primary | secondary)' and rebooting the Switch.

- ProductOS can automatically reboot into ServiceOS without changing the default image via 'boot system serviceos'

If we issue the command boot, it would take us to the ProductOS login prompt shown in the above image.


Question - 7. How to manage Switch from SVOS CLI ?

SVOS has few management commands. By default the OOBM network port is disabled.

To enable it, "ip dhcp" is the command to get the IP address from the DHCP Server and for manual assignment "ip addr <ip-addrress>/ <netmask>" GATEWAY.

To view the IP address information in the SVOS, "ip show" is command to view current IP address, Subnet and Gateway.

To disable OOBM, the command is "ip disable"


We may also clear the configuration for a specific image on the Switches from SVOS.

To clear the configuration from Primary Image: config-clear primary

To clear the configuration from Secondary Image: config-clear secondary


Question - 8. How to manage filesystem from ServiceOS and its other functionality ?

Serviceos can manage the file system. The filesystem on the management modules is stored in different ways.
- /home/ is volatile and stored in RAM. Any changes in home directory and most other location will not persist after a reboot or booting into ProductOS.
- If the SSD is mounted, /coredump, /nos, /selftest, /logs are non-volatile and stored on SSD. These are mounted by default on SSD.
- The Customers are unlikely to un-mount it.
- All the above directories are mapped to /fs/, but the ServiceOS CLI hides them.
- All the other directories are not intended for Customer use.


Mounting an USB drive to manage files transfer between the Switch and USB:-

- mount usb is the command to mount the USB drive.

- unmount usb is the command to unmount USB drive.

- USB would be available or mounted at /mnt/usb 

- We have "cp" to copy and "mv" to move, commands available to transfer files between USB and the Switch.


Other Functionalities:-

- Zeroization

*Securely erases the SSD and other storage on the Management Modules and Rear Display Card.

*Does not erase storage on Fabric or line-cards.

*It reboots the Management Module to perform zeroization.

*SVOS CLI command is "erase zeroize" and ProductOS CLI command is "erase all zeroize".

*It preserves defaults ProductOS image.


- Format

- It formats the SSD.

- Erases Productos images

- Will reboot the Management Module to perform the format.


Question - 9. What is the difference between a zeroization ad format?

Zeroization performs a secure erase and preserves ProductOS images where format does not. Zeroization also erases information from the RDC module.


Question - 10. When should a customer choose zeroization instead of formatting?

If a filesystem is corrupted, a format command is the recommended way of fixing it since a zeroization erases more than they need. A zeroization is recommended prior to shipping a device to support or before the device is put out of a service.


Question - 11. What are the Linux commands available in SVOS ?

The Linux commands are standard in their operation and any standard Linux documentation would work for a customer. The only exception to this is Input and Output redirection.

Below are the lists of commands and their functions:-

**cat - It outputs the file contents to the screen and is useful for quickly reading a text file.

** cp , mv - Copy or Move a file from one location to another

** du - Calculates the size of the current directory or specified directory, it outputs the size of the current directory under "."

** ls - lists the contents of the current or specified directory

** mkdir - Creates a specified directory

** rmdir - Removes a specified directory

** rm - Removes a specified file

** md5sum - Calculates a MD5 checksum of a specified file. This is useful for verifying that a file was not corrupted during transfer and if file matches the checksum provided by HPE.


ServiceOS also allows access to the Shell using the command: 'sh' and this is intended for Support Use Only.

This is used for following purposes:-

- Get logs that CLI does not give access to, e.g. systemd journal

- Write or delete files in write-protected directories, e.g. logs and coredumps

- Run debug commands as specified by engineering support.

Bash is the only shell available in the ServiceOS.


Question - 12. Explain Updating the Switch firmware in ServiceOS.

The firmware on the Switch is field update capable. We have different methods to download the firmware onto the Switch via SVOS. 


- TFTP method retrieves an image from a TFTP Server via OOBM network port.

- We need to setup a TFTP Server and put image on it.

- SVOS Command: tftp [OPTIONS]  Host <IP-Address-TFTP-Server>

TFTP options are:-

** -g = Get request from the Server

** -r = Specify remote file name

** -l = Specify local file name

Example: tftp -g -r TFTPFolder\FL_10_05_0001.swi -l FL_10_05_0001.swi


2. USB

- USB method consist of mounting the USB drive as soon as it is plugged in to the Switch

**Command: mount usb

- USB drive would be mounted to /mnt/usb and to view the files in the USB drive command would be: ls /mnt/usb

- Hence, we need to copy the file from USB to Home Directory

**Command: cp /mnt/usb/<filename>.swi /home/


- Update Command

After downloading the image, image must be installed on the Switch via update command to the target profile.

Once the image is on the Switch, the update command installs the image.

**Command: update <primary | secondary> <filename>.swi

**Example: update primary FL_10_05_0001.swi


Primary Vs Secondary Image:-

- SVOS supports two profiles or images namely Primary and Secondary

- Allows safe deployment of a new firmware image without erasing the old image.



- Keep the primary as known-good firmware image and config.

- Update the secondary, test, then update the Primary image of the Switch

- Use md5sum to verify the integrity of the image after copying the image and before updating the image


- ISP (In System Programming)

-- ISP automatically updates the firmware of all programmable components as needed

- New ArubaOS-CX images may contain new firmware updates

- It occurs while booting ArubaOS-CX or after inserting a new module

- "allow-unsafe-updates" command allows firmware update on the components without a failsafe or backup image, e.g. BIOS.

- This command is available in SVOS and ProductOS.

- Command Syntax: "allow-unsafe-updates <time in minutes>"

- The maximum time is 120 minutes.

- Example: "allow-unsafe-update 30"

- Setting time to 0 (zero) prevents non-failsafe updates.

- It is always advised to keep the Switch powered while ISP executes, to prevent corruption of non-failsafe components

- Customer is notified during ProductOS boot if there is required unsafe update.


Question - 13. Explain Diagnostics and retrieving logs works in SVOS.

Since there is no output redirection in SVOS CLI. It is recommended to enable console logging via terminal and use screen captures, or copy and pasting.

Diagnostic commands are not available on all platforms and each platform handles these commands differently.


- diag advmemtest command

*It performs an advance memory test on next management module or switch reboot

*It is intended for manufacturing use only. (Only HPE Support can use it)

*It requires a reboot.

* It has a enable and disable parameters [Syntax: diag advmemtest enable | disable ]


- diag fruread command

*It retrieves field replaceable unit information about the chassis.

*On some Switches include information such as MAC address and Serial numbers.


-diag fruwrite command

*It sets field replaceable unit information about the chassis.

*It is intended only for HPE and should not be used by the Customer.


- version command

*It provides the SVOS version information


- identify command

*It reports the component firmware information.


-ping command

*Allows the user to ping network hosts for debug purposes.

*Command acts the same as the standard Linux command.


Logs retrieval via SVOS:-

Retrieving Logs is similar to updating the firmware on the Switch, it is just the reverse process of sending the data out from the Switch. It can be done via same two methods:

1. TFTP method

*Command Syntax: tftp [OPTIONS]  Host <IP-Address-TFTP-Server>

TFTP options are:-

** -p = Put request to the Server

** -r = Specify remote file name

** -l = Specify local file name

Example: tftp -p -r TFTPFolder\SLOGS1 -l /logs/Switch-logs1


2. USB

- USB method consist of mounting the USB drive as soon as it is plugged in to the Switch

**Command: mount usb

- USB drive would be mounted to /mnt/usb and to view the files in the USB drive command would be: ls /mnt/usb

- Hence, we need to copy the file from Switch to USB drive

**Command: cp /logs/log1 /mnt/usb


In the above screenshot, we have first listed the directories available in SVOS using "ls /" command, then we listed the files in the "logs" directory.

Now we are trying to copy "boot.history" file to the USB using the command "cp  /logs/boot.history  /mnt/usb". But we got an error, it is because, we do not have USBs available in ESP Lab environment.



1 comment


Feb 11, 2021 06:15 AM

Help me out with my problem. Had two MM with different Software. Second one boots up with SVOS.  Thx