The other day, my current 24 port managed switch died, so I finally purchased a 24 port PoE capable switch. After having configured the new switch, I brought out two Netgear PoE switches and decided to put them into production. Upon booting them up, I needed to upgrade the firmware from its current 220.127.116.11 to its latest version, 18.104.22.168. Assuming this could all be done simply via the web interface, I was a little stumped when I realized the only way to upgrade was using a TFTP server. I therefore set out to figure how this works, and below follows the instructions on upgrading a Netgear switch using TFTP, Ubuntu and VirtualBox.
Logging in to the Netgear switch
Connect the Netgear switch to the network, if the switch does not automatically receive an IP, then the default IP is 192.168.0.239. The default password is password.
After logging in you are met with some basic information regarding the switch, such as the MAC address, IP settings and the firmware version. In this case the firmware version is 22.214.171.124 and it needs to be upgraded to 126.96.36.199.
To upgrade the firmware, navigate to the Maintenance tab and then select Firmware upgrade. Click on the Enter Loader Mode on the top right corner of the webpage. This will reboot the switch and show the firmware upgrade page.
Configuring up the TFTP Server
Before we can install the new firmware, we need to set up the server running the TFTP server. For this I spun up a existing clone of Ubuntu 18.04 server that I have laying around for these purposes. I’m not going to go into detail about how to install Ubuntu 18.04 on VirtualBox, you can check out the question on https://askubuntu.com/questions/142549/how-to-install-ubuntu-on-virtualbox. Once installed, set the networking adapter to bridged. That will allow the VM to communicate with the Netgear switch.
After booting up the VM, log in and issue the following commands:
sudo apt install -y tftpd-hpa tftp-hpa
This will install the tftp server and client onto the server. The tftp-hpa package is optional, however, it can be used to test the tftp server and make sure things are working before attempting to upgrade the Netgear switch.
Once the packages have been installed, check the status of the tftp server using the command :
sudo systemctl status tftpd-hpa.service
Make sure that the service is running and then edit the TFTP configuration file, which is located at /etc/default/tftpd.hpa
#/etc/default/tftpd-hpa TFTP_USERNAME="tftp" TFTP_DIRECTORY="/var/lib/tftpboot" TFTP_ADDRESS=":69" TFTP_OPTIONS="--secure"
Edit the file with sudo vim /etc/default/tftpd-hpa and change the username to nobody. You can use any text editor, such as nano or vi, I just prefer vim. It should now read :
#/etc/default/tftpd-hpa TFTP_USERNAME="nobody" TFTP_DIRECTORY="/var/lib/tftpboot" TFTP_ADDRESS=":69" TFTP_OPTIONS="--secure"
Save the file and restart the service with
sudo systemctl restart tftpd-hpa.service
Check the status of the service, sudo systemctl status tftpd-hpa.service and make sure that it is active and running as it was above.
Verifying the TFTP Service
Before upgrading the Netgear switch, let’s test that we can retrieve the file from the TFTP service. Lets generate a text file, place it in the directory and then use the tftp client to fetch the file. If you did not install the client, you can proceed to the next step.
Place the text file in the TFTP directory
echo "hello" | sudo tee /var/lib/tftpboot/hello.txt
Note that the /var/lib/tftpboot directory must be the same directory that was specified in the tftpd-hpa file in the previous section. If you changed that directory, remember to modify the commands so they point to the directory you changed it to.
and verify that it prints hello.
Now, lets connect to the tftp service and retrieve the file.
This will fetch the file hello.txt and put it in the current directory, then close the connection using quit.
If you get a permission denied when retrieving hello.txt, verify that;
1. You are in a directory where you have read/write permissions, such as your home directory,
2. that the /var/lib/tftpboot directory’s permission is set to nobody:nogroup.
You can change the permission with
sudo chown nobody:nogroup -R /var/lib/tftpboot
-R ensures that the files inside the directory gets the same owner/group as well. I would not suggest that you do this for any other purpose than upgrading the Netgear router. This would not be a good idea if the server is facing the Internet without any form of firewall in between to stop incoming requests to that port.
connect to the TFTP service again and issue the commands above. The hello.txt file should now be in your current directory.
Preparing the TFTP service
Place the firmware in the tftp directory. The latest firmware for my switch is 188.8.131.52 and can be found at : http://www.downloads.netgear.com/files/GDC/GS105PE/GS105PE_V184.108.40.206.zip. We can retrieve the file using wget http://www.downloads.netgear.com/files/GDC/GS105PE/GS105PE_V220.127.116.11.zip, which will save the file in the current directory. Unzip the file with unzip GS105PE_V18.104.22.168.zip and then copy the file, cp GS105PE_V22.214.171.124.bin /var/lib/tftpboot/fm1603.bin to the tftp directory. The above command copies the file and changes the filename to something a little easier to read. If you ran into permission issues above, change the permission on the directory with chown nobody:nogroup /var/lib/tftpboot/fm1603.bin.
Check to see if the file is retrievable by doing the steps in Verifying the TFTP Service but instead of the text file, use the firmware file above.
Before starting the next process, run ifconfig and take a note of the IP address of the Virtual Machine. For the sake of this example, assume the ip is 192.168.0.30
Upgrading the Netgear switch
Open the web browser and if it hasn’t booted in to the boot loader page, follow the first step and wait for the switch to boot into the boot loader page.
In the TFTP Server IP Address, enter the IP from the Virtual Machine, in this example, 192.168.0.30. In the Image File Name, enter fm1603.bin. Then press apply in the top right corner. The firmware upgrade should now start. (I found that it would sometimes say it couldn’t find the file, which was down to an error in the spelling of the filename.)
The page should now flash Firmware upgrade is processing.
After the upgrade has completed, the switch will reboot into normal operating mode.
Log in to the switch and verify that the firmware has been successfully upgraded to 126.96.36.199
When the next firmware is available, you can spin up the Virtual Machine and then proceed to upgrade using the same steps.
Hope you found the article, upgrading a netgear switch using TFTP, Ubuntu and VirtualBox useful. Any comments, please use the comment section below, or drop me an email. Be sure to add your email to the form below to be alert when new articles become available.