https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109125#M7613 <P>Hello Smiley,</P><P>Is there a way to do this via the bootloader prompt?</P> Mon, 01 Sep 2025 13:44:31 GMT bayvilleopener 2025-09-01T13:44:31Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109103#M7606 <P><SPAN>Hello,</SPAN><BR /><BR /><SPAN>I received a used ICX 7150-C12P. I've been trying to use the&nbsp;</SPAN><EM>update_primary</EM><SPAN> command but it returns&nbsp;</SPAN><EM>FIPS:update_primary command is disabled in FIPS/CC mode</EM><SPAN>&nbsp;even after disabling FIPS.</SPAN><BR /><BR /><SPAN>I've fully booted into FastIron, cleared the keys, disabled FIPS, wrote to memory, and </SPAN><EM>reload</EM><SPAN>ed (after rebooting, </SPAN><EM>fips show</EM><SPAN> says that everything is turned off). I still get the same message when trying to </SPAN><EM>update_primary</EM><SPAN>. Does anyone have any experience with FIPS? I would appreciate any guidance. Thanks.</SPAN></P><P><U>REPLICATION</U></P><P>1) Here is everything that I have done in FastIron to disable FIPS:</P><PRE>enable<BR />configure terminal<BR />fips zeroize<BR />crypto key zeroize all<BR />no fips enable<BR />write memory<BR />reload</PRE><P>2) Here is everything I did in the bootloader after that:</P><PRE>setenv ipaddr 192.168.0.34<BR />setenv netmask 255.255.255.0<BR /><SPAN>setenv serverip 192.168.0.24<BR /></SPAN><SPAN>setenv image_name ICX7xxx/SPR08090mc.bin<BR /></SPAN><SPAN>setenv uboot ICX7xxx/mnz10118.bin<BR /></SPAN><SPAN>setenv fipsreset<BR /></SPAN><SPAN>update_uboot&nbsp;<BR /></SPAN><SPAN>saveenv&nbsp;<BR /></SPAN><SPAN>reset</SPAN></PRE><P>3) More bootloader commands after the&nbsp;reset:</P><PRE><SPAN>factory set-default</SPAN><BR /><SPAN>setenv fipsreset</SPAN><BR /><SPAN>update_primary<BR /></SPAN></PRE><P><SPAN>At this point,&nbsp;</SPAN><EM>update_primary</EM> returns&nbsp;<EM>FIPS:update_primary command is disabled in FIPS/CC mode</EM>.</P><P><SPAN>Here is the </SPAN><EM>show version</EM><SPAN> output if it is pertinent:</SPAN></P><DIV class=""><DIV class=""><PRE>ICX7150-C12 Switch&gt;show version Copyright (c) Ruckus Networks, Inc. All rights reserved. UNIT 1: compiled on Oct 3 2023 at 04:49:31 labeled as SPS09010h_cd2 (29360128 bytes) from Primary SPS09010h_cd2.bin (UFI) SW: Version 09.0.10h_cd2T211 Compressed Primary Boot Code size = 786944, Version:10.1.26T225 (mnz10126) Compiled on Tue Nov 29 12:43:26 2022 HW: Stackable ICX7150-C12-POE ========================================================================== UNIT 1: SL 1: ICX7150-C12-2X10GR POE 12-port Management Module Serial #:XXXXXXXXXXX [REDACTED] Software Package: BASE_SOFT_PACKAGE Current License: 2X10GR P-ASIC 0: type B160, rev 11 Chip BCM56160_B0 ========================================================================== UNIT 1: SL 2: ICX7150-2X1GC 2-port 2G Module ========================================================================== UNIT 1: SL 3: ICX7150-2X10GF 2-port 20G Module ========================================================================== 1000 MHz ARM processor ARMv7 88 MHz bus 8 MB boot flash memory 2 GB code flash memory 1 GB DRAM STACKID 1 system uptime is 1 day(s) 41 minute(s) 44 second(s) The system started at 06:05:40 GMT+00 Tue Oct 03 2023 The system : started=cold start</PRE></DIV></DIV> Sun, 31 Aug 2025 18:41:38 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109103#M7606 bayvilleopener 2025-08-31T18:41:38Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109104#M7607 <P>Edited title.</P> Sun, 31 Aug 2025 18:42:14 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109104#M7607 bayvilleopener 2025-08-31T18:42:14Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109112#M7610 <P>Hi&nbsp;<SPAN>&nbsp;Bayvilleopener</SPAN></P><P><SPAN>Thank you for reaching us&nbsp;</SPAN></P><P>Could you confirm whether you've attempted the firmware upgrade using either the <STRONG>TFTP</STRONG> or <STRONG>USB</STRONG> method? Based on the information you've provided, it appears that you have <STRONG>CLI access to the switch.</STRONG></P><P>Thank you&nbsp;</P> Mon, 01 Sep 2025 12:41:40 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109112#M7610 Chandini 2025-09-01T12:41:40Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109117#M7611 <P>Hello Chandini,</P><P>Yes, I have attempted to upgrade using TFTP via the bootloader prompt.</P> Mon, 01 Sep 2025 12:57:37 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109117#M7611 bayvilleopener 2025-09-01T12:57:37Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109123#M7612 <P>Hi Bayvilleopener,<BR /><BR />Could you please try uploading the relevant signature (.sig) file before the image (.bin) file for firmware upgrade and check?</P> Mon, 01 Sep 2025 13:36:12 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109123#M7612 Smiley 2025-09-01T13:36:12Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109125#M7613 <P>Hello Smiley,</P><P>Is there a way to do this via the bootloader prompt?</P> Mon, 01 Sep 2025 13:44:31 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109125#M7613 bayvilleopener 2025-09-01T13:44:31Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109164#M7623 <P>Hi&nbsp;<SPAN>&nbsp;Bayvilleopener</SPAN></P><P><SPAN>Thank you for reaching us&nbsp;</SPAN></P><P>The method you're currently attempting appears to be a software recovery via the bootloader. As an alternative, I recommend trying the recovery using <STRONG>TFTP or USB through the CLI</STRONG>. Please verify if this approach helps resolve the issue.</P><P><STRONG>Below are the links you can refer:</STRONG></P><UL><LI><FONT face="courier new,courier" size="2"><SPAN><A href="https://community.ruckuswireless.com/t5/RUCKUS-Support-for-Lennar-Homes/How-to-upgrade-the-RUCKUS-ICX-7150-C12P-Switch-using-TFTP-Server/m-p/47187" target="_blank">https://community.ruckuswireless.com/t5/RUCKUS-Support-for-Lennar-Homes/How-to-upgrade-the-RUCKUS-ICX-7150-C12P-Switch-using-TFTP-Server/m-p/47187</A></SPAN></FONT></LI><LI><FONT face="courier new,courier" size="2"><SPAN><A href="https://community.ruckuswireless.com/t5/RUCKUS-Support-for-Lennar-Homes/How-to-Upgrade-a-RUCKUS-ICX-7150-C12P-Switch-using-a-USB-flash/m-p/46781" target="_blank">https://community.ruckuswireless.com/t5/RUCKUS-Support-for-Lennar-Homes/How-to-Upgrade-a-RUCKUS-ICX-7150-C12P-Switch-using-a-USB-flash/m-p/46781</A></SPAN></FONT></LI></UL><P><SPAN>Thank you&nbsp;</SPAN></P><P>&nbsp;</P> Tue, 02 Sep 2025 15:50:27 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109164#M7623 Chandini 2025-09-02T15:50:27Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109676#M7642 <P>The following worked, although I had to use the CLI instead of the bootloader. If anyone can't get past the username/password... try running&nbsp;<EM>factory set-default</EM> or&nbsp;<EM>no password</EM> in the bootloader before booting FastIron.</P><P>&nbsp;</P><DIV class=""><DIV class="">Code:</DIV><DIV class=""><PRE>! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! FLASHING A FIPS-CURSED RUCKUS ICX 7150-C12P WITH FASTIRON v08.0.95s UFI IMAGE... ! I used the following commands to downgrade from v09.0.10h to v08.0.95s... ! v08.0.95s is the current recommended software and stability release for the ICX 7150-C12P as of 1 September 2025... ! See [ https://support.ruckuswireless.com/products?view_type=recommended_releases_table ] for more info... ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! Enter global config mode... enable conf t ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! Some people may now need to setup an IP address and netmask, ! but I don't think I had to do this because ! I had already entered some setenv parameters in the bootloader from following ! fohdeesha's guide... ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! Make sure that FIPS is disabled and enable tftp crypto key zeroize no fips enable no tftp disable ! ! ! Begin transfer/flashing of signature and image... copy tftp flash &lt;your-server's-ip&gt; SPR08095sufi.sig fips-ufi-primary-sig copy tftp flash &lt;your-server's-ip&gt; SPR08095sufi.sig fips-ufi-secondary-sig copy tftp flash &lt;your-server's-ip&gt; SPR08095sufi.bin primary copy tftp flash &lt;your-server's-ip&gt; SPR08095sufi.bin secondary ! ! ! Verify that the new version of firmware is now in flash memory before writing and restarting... show flash write memory reload</PRE></DIV></DIV><P><SPAN>After this, make sure that all of the bootloader parameters are set to their original state and then reboot into the new firmware. I was able to successfully downgrade from v09.0.10h to v08.0.95s. Though, it would be nice to be able to copy signatures and images via the bootloader if that were required.</SPAN></P> Wed, 17 Sep 2025 16:31:06 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7150-C12P-bootloader-command-quot-update-primary-quot-does/m-p/109676#M7642 bayvilleopener 2025-09-17T16:31:06Z