This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Ruckus Wireless
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ICX 7150-C12P: bootloader command "update_primary" does not work due to FIPS

Go to solution
bayvilleopener
New Contributor II

‎08-31-2025 11:32 AM - edited ‎08-31-2025 11:41 AM

Hello,

I received a used ICX 7150-C12P. I've been trying to use the update_primary command but it returns FIPS:update_primary command is disabled in FIPS/CC mode even after disabling FIPS.

I've fully booted into FastIron, cleared the keys, disabled FIPS, wrote to memory, and reloaded (after rebooting, fips show says that everything is turned off). I still get the same message when trying to update_primary. Does anyone have any experience with FIPS? I would appreciate any guidance. Thanks.

REPLICATION

1) Here is everything that I have done in FastIron to disable FIPS:

enable
configure terminal
fips zeroize
crypto key zeroize all
no fips enable
write memory
reload

2) Here is everything I did in the bootloader after that:

setenv ipaddr 192.168.0.34
setenv netmask 255.255.255.0
setenv serverip 192.168.0.24
setenv image_name ICX7xxx/SPR08090mc.bin
setenv uboot ICX7xxx/mnz10118.bin
setenv fipsreset
update_uboot 
saveenv 
reset

3) More bootloader commands after the reset:

factory set-default
setenv fipsreset
update_primary

At this point, update_primary returns FIPS:update_primary command is disabled in FIPS/CC mode.

Here is the show version output if it is pertinent:

ICX7150-C12 Switch>show version
  Copyright (c) Ruckus Networks, Inc. All rights reserved.
    UNIT 1: compiled on Oct  3 2023 at 04:49:31 labeled as SPS09010h_cd2
      (29360128 bytes) from Primary SPS09010h_cd2.bin (UFI)
        SW: Version 09.0.10h_cd2T211
      Compressed Primary Boot Code size = 786944, Version:10.1.26T225 (mnz10126)
       Compiled on Tue Nov 29 12:43:26 2022

  HW: Stackable ICX7150-C12-POE
==========================================================================
UNIT 1: SL 1: ICX7150-C12-2X10GR POE 12-port Management Module
      Serial  #:XXXXXXXXXXX [REDACTED]
      Software Package: BASE_SOFT_PACKAGE  
      Current License: 2X10GR
      P-ASIC  0: type B160, rev 11  Chip BCM56160_B0
==========================================================================
UNIT 1: SL 2: ICX7150-2X1GC 2-port 2G Module
==========================================================================
UNIT 1: SL 3: ICX7150-2X10GF 2-port 20G Module
==========================================================================
1000 MHz ARM processor ARMv7 88 MHz bus
    8 MB boot flash memory
    2 GB code flash memory
    1 GB DRAM
STACKID 1  system uptime is 1 day(s) 41 minute(s) 44 second(s)
The system started at 06:05:40 GMT+00 Tue Oct 03 2023
                                                                 
The system : started=cold start
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
bayvilleopener
New Contributor II

‎09-17-2025 09:31 AM

The following worked, although I had to use the CLI instead of the bootloader. If anyone can't get past the username/password... try running factory set-default or no password in the bootloader before booting FastIron.

 

Code:
! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! 
! FLASHING A FIPS-CURSED RUCKUS ICX 7150-C12P WITH FASTIRON v08.0.95s UFI IMAGE...
! I used the following commands to downgrade from v09.0.10h to v08.0.95s...
! v08.0.95s is the current recommended software and stability release for the ICX 7150-C12P as of 1 September 2025...
! See [ https://support.ruckuswireless.com/products?view_type=recommended_releases_table ] for more info...
! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! 

! ! ! Enter global config mode...
enable
conf t

! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
! Some people may now need to setup an IP address and netmask,
! but I don't think I had to do this because
! I had already entered some setenv parameters in the bootloader from following 
! fohdeesha's guide...
! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !

! ! ! Make sure that FIPS is disabled and enable tftp
crypto key zeroize
no fips enable
no tftp disable

! ! ! Begin transfer/flashing of signature and image...
copy tftp flash <your-server's-ip> SPR08095sufi.sig fips-ufi-primary-sig
copy tftp flash <your-server's-ip> SPR08095sufi.sig fips-ufi-secondary-sig
copy tftp flash <your-server's-ip> SPR08095sufi.bin primary
copy tftp flash <your-server's-ip> SPR08095sufi.bin secondary

! ! ! Verify that the new version of firmware is now in flash memory before writing and restarting...
show flash
write memory
reload

After this, make sure that all of the bootloader parameters are set to their original state and then reboot into the new firmware. I was able to successfully downgrade from v09.0.10h to v08.0.95s. Though, it would be nice to be able to copy signatures and images via the bootloader if that were required.

View solution in original post

7 REPLIES 7

Go to solution
bayvilleopener
New Contributor II

‎08-31-2025 11:42 AM

Edited title.

0 Kudos

Go to solution
Chandini
RUCKUS Team Member

‎09-01-2025 05:41 AM

Hi  Bayvilleopener

Thank you for reaching us 

Could you confirm whether you've attempted the firmware upgrade using either the TFTP or USB method? Based on the information you've provided, it appears that you have CLI access to the switch.

Thank you 

0 Kudos

Go to solution
bayvilleopener
New Contributor II
In response to Chandini

‎09-01-2025 05:57 AM

Hello Chandini,

Yes, I have attempted to upgrade using TFTP via the bootloader prompt.

0 Kudos

Go to solution
Smiley
RUCKUS Team Member

‎09-01-2025 06:36 AM

Hi Bayvilleopener,

Could you please try uploading the relevant signature (.sig) file before the image (.bin) file for firmware upgrade and check?

0 Kudos
Copyright © 2025 Khoros, LLC