How to upgrade SRX3400/3600 Chassis Cluster Redundancy Module (CRM) firmware

This article shows the way of SRX3400/3600 Chassis Cluster Redundancy Module (CRM) firmware upgrade to address the internal switch interface stuck issue on the CRM.

Before you start the following procedures, please make sure to have a console connection to RE1 port which located in front of Switch Fabric Board (SFB) because currently there is no way to access RE1’s BCM UShell (BMD.0> ) from Routing Engine (RE0).

On the RE0 Console/SSH/Telnet terminal

1. Enable TFTP service

Note that you can ignore “tftp; ## Warning: ‘tftp’ is deprecated” message on the configuration.

2. Make sure the following line is added in the /etc/inetd.conf

Note that this line will be removed if you disable tftp service.

Note that if it shows

, you need to manually change

via vi editor or following commands.

3. Upload or download new firmware image (ushell.bin) from or to /usr/share/pfe/firmware/ directory via FTP

The new firmware is located in the follow location. (MD5 = 26f8a50cf0a0e9aab3ea1c0b4e7b805e)

4. Find the IP address of em0.0 interface which can be used for TFTP server IP address on RE0. It should be either or in Chassis Cluster

On the RE1 console terminal

5. From BCM UShell (BMD.,0>), type “exit” to move UBoot prompt (=>)

6. Configure TFTP Server and Client IP address

Note that the IP address of CRM card (TFTP client) should be in the same subnet of the TFTP server IP address on RE0 (em0.0), then make sure you can reach from TFTP client to TFTP server before moving to next step 7.

If not, you need to reset CRM card by using “reset” (e.g., => reset ) command, then follow step 5 and 6.

7. Load ushell.bin from RE0’s TFTP service using “run tftp_ushell” command

Note that if you see below output, check out whether TFPT service is enabled or TFTP client (CRM) can reach to TFTP server (em0.0 interface of RE0) via ping (see step 6 for more details)

Note that if you see below output (TFTP error: ‘Access violation’), check out the file permission of /usr/share/pfe/firmware/ushell.bin, as least you should have ‘read’ access for other groups. If you do not have right permission, you can either execute “chmod 644 ushell.bin” or “chmod 004 ushell.bin” on the unix shell of RE0 Console/SSH/Telnet terminal.

8. Write the firmware to flash using “run prog_ushell” command”

9. Restart CRM using “reset” command and verify the firmware version on the CRM boot up messages

Note that if you see “MDK1.4 2009-12-21 or older. It is an old firmware, which does not have the fix. The fix is in MDK1.4 2012-04-15 and above version.

10. Disable TFTP service on RE0

Note that you do not need to “kill -HUP <process id of inetd>”. The “tftp dgram udp wait root /usr/libexec/tftpd tftpd -i 1 /usr/share/pfe/” line will be removed and /etc/inetd.conf file will be re-applied once commit is successful.

About the author


Leave a Comment