Finally it was no problem at all. The firmware was already downloaded to nearly all switches (old firmware in secondary image, new firmware in primary). I just had to reboot with other image and it was updated.
Oh, i said “nearly”. And thats the interesting thing. To update the firmware on the already updated switches I downloaded the images via TFTP from my client. Not very secure, but this was not the problem in this case. The problem was that the switch couldn’t access my client with TFTP. Now, how to get the firmware image on it?
SFTP/SCP is the solution.
Configure the switch to allow file transfer via SSH (in my case it already was):
ip ssh ip ssh filetransfer
Then conenct via SFTP to the switch. First I tried to connect via WinSCP (SFTP/SCP Client for Windows) from my client, renamed the image file to “primary” and copied it in
os/ folder to replace the primary image with it. I couldn’t transfer the file because WinSCP tries to create a temporary <filename>.part in order to rename it when the transfer is completed – the problem: The switch doesn’t allow file creation.
No Problem, uploaded the image to a linux system and tried from there:
scp /path/to/image firstname.lastname@example.org:/os/primary
And it worked!
The switch checked the image and then, simply reboot the switch:
system boot flash primary
Now waitin’ for the switch to be booted with the firmware – That’s all the magic…