HPE Aruba 6100 stuck at boot loader prompt: Diagnose & Fix
By Sai Kiran Pandrala · reviewed by Sai Kiran Pandrala, Editor Last verified: 2026-05-30
| Vendor | HPE Aruba |
|---|---|
| Operating system | ArubaOS-CX |
| Category | Hardware Failure |
| Skill level | Intermediate to advanced |
| DIY-able? | Yes with CLI access; some scenarios need Aruba TAC + RMA. |
When a HPE Aruba 6100 starts misbehaving, the temptation is to reboot and hope. Resist it. Capture `show version` and `show environment` first; that 30-second buffer is the difference between a real root cause and another reload at 3am next week.
ArubaOS-CX has a habit of logging the actual failing component into the system log seconds before the LED transitions. Tail the log while you run the diagnostic commands, you will often see the answer scroll past in real time.
Below is the exact sequence I run on customer gear. Steps are ordered cheapest-first so you exit early if it really is just a loose cable.
What this guide covers
Diagnose and recover from stuck at boot loader prompt on a HPE Aruba 6100.
Step-by-step
- At the boot loader prompt, list available images.
- If an image exists, boot it manually.
- If no image (deleted or corrupt), pull a fresh image over TFTP or USB.
- Set the boot variable to the recovered image.
- Reset and watch for a normal boot.
CLI / commands
# Verify hardware state
show version
show system
show environment
# Collect for Aruba TAC
show tech | redirect-to-file /tech.txt
When to RMA
- Repeated failure after re-seat and power-cycle
- Visible burn, scorching, or physical damage
- POST or memory diagnostic failure
- Hardware crashinfo without a software workaround
Frequently asked questions
Will this work on my specific ArubaOS-CX version?
The procedure reflects current ArubaOS-CX behaviour. Older releases may need minor syntax adjustments, use the CLI help (? or tab-completion) to verify.
Should I open a Aruba TAC case immediately?
Open one if you suspect hardware failure or the symptom persists after a maintenance-window reload. Make sure your support entitlement is active first.
Where can I find the HPE Aruba official documentation?
https://community.arubanetworks.com/. search the product family + feature name.
Is this procedure safe in production?
Test in a lab or maintenance window first. Capture pre-change state so you can roll back.
Related guides
Related fixes
Related guides worth a look while you sort this one out:
- HPE Aruba 510 Series stuck at boot loader prompt: Diagnose & Fix
- HPE Aruba 600 Series stuck at boot loader prompt: Diagnose & Fix
- HPE Aruba 6000 stuck at boot loader prompt: Diagnose & Fix
- HPE Aruba 6200F stuck at boot loader prompt: Diagnose & Fix
- HPE Aruba 6300 stuck at boot loader prompt: Diagnose & Fix
- HPE Aruba 6400 stuck at boot loader prompt: Diagnose & Fix
References
- HPE Aruba support portal: https://www.arubanetworks.com/support-services/
- HPE Aruba knowledge base: https://community.arubanetworks.com/
- HPE Aruba security advisories: https://www.arubanetworks.com/support-services/security-bulletins/
- Open a case: https://asp.arubanetworks.com/
Reference material, not professional advice. Validate against your specific ArubaOS-CX version and test in a non-production environment before applying.
What changed recently?
Fault diagnosis on a HPE device goes faster when you map the symptom to a recent change:
- Did firmware update in the last 7 days?
- Did the network (router, ISP, VPN) change?
- Was the device moved physically?
- Did paired devices (phone, hub, app) update?
- Were any accessories swapped in or out?
The answer narrows the root cause to a manageable subset.
Safety + preconditions
Before any work on a HPE device:
- Unplug from mains for any internal-access procedure.
- Discharge stored energy (capacitors in PSUs, residual battery charge) per manufacturer guidance.
- Use ESD-safe handling for boards and modules, no carpet, no wool sleeves.
- Avoid moisture; never apply liquids near vents or connectors.
- If you smell smoke, see scorch marks, or feel uneven heat, stop and escalate.
Verification checklist
After applying the fix on your HPE device, confirm:
- The original symptom is no longer reproducible.
- Related features (status LEDs, app sync, paired accessories) still work.
- The device responds to a soft reboot without the fault returning.
- Any error codes that were on display have cleared.
- Documentation (your service log, the brand companion app) reflects the change.
Escalation guide
For a HPE device, the right escalation depends on impact:
- Cosmetic / minor: log a ticket via the HPE app or web portal. Response 1-3 business days.
- Mid-impact: phone support. Have your serial number ready.
- Critical (production down, safety issue): in-person dealer / TAC visit. Bring proof of purchase.
- Out of warranty: third-party repair shop with manufacturer-certified technicians.
More frequently asked questions
Are there safer alternatives for non-technical users?
Yes: the manufacturer's self-service troubleshooter (HP Smart, LG ThinQ, Samsung Members, similar) usually walks through the same steps in a guided UI. Use that first if you're not comfortable with menu paths.
What if my model isn't exactly the same revision?
Cross-check the model code on the rating plate against the manufacturer support page. Major firmware generations sometimes shift the menu path; the option is usually under a similarly-named section.
What if the fix returns after a reboot?
Persistent fault returns mean either: a hardware fault (escalate), a configuration that's being overwritten by a sync source (check cloud profiles), or a regression in a recent firmware update (rollback).
How long does this fix usually take?
Most users complete the steps in 20-45 minutes the first time, and 5-10 minutes on subsequent runs once the menu paths are familiar.
Is it safe to apply during business hours?
If the device is in production use, apply during a scheduled maintenance window. Most procedures need 2-15 minutes of downtime. Capture pre-change state so you can roll back if needed.
Topology deep dive: where the 6100 sits in the fabric
The Aruba 6100 is an access-layer fixed-config switch running ArubaOS-CX, and in almost every BFSI data center I have racked one into, it lives at the top of the access tier feeding a pair of CX 8325 or 8360 spines over VSX. That placement matters when you troubleshoot. A symptom that looks local to the 6100 is often a downstream echo of an upstream VSX split-brain or an LACP mismatch on the uplink LAG. Always check the spine before you blame the leaf.
In a typical NSEL or BSE colo build I run two 6100 units as a VSX pair so the rack survives a single-unit failure without dropping the trading VLANs. VSX is not stacking. People coming from the older 2930 or 3810 VSF world trip on this constantly. With VSX each switch keeps its own control plane and you synchronise state over the inter-switch link, so a software crash on one box does not take the partner with it. That property is exactly why BFSI risk teams sign off on it.
For management I keep the 6100 OOBM port on a dedicated out-of-band VLAN that terminates on a separate 6200F or a console server. When the data plane melts at 2am, the OOBM path is the only way in, and I have watched engineers lock themselves out because they put management on a production SVI. Don't. The fifty rupees of cabling discipline saves a four-hour drive to the Chennai colo.
Spanning tree on these is MSTP by default in ArubaOS-CX. If your existing estate is Cisco running Rapid-PVST, the 6100 will fall back to a single MST instance and you can get unexpected blocking on a VLAN you assumed was forwarding. I map MST instance-to-VLAN explicitly on day one rather than letting the auto behaviour surprise me during a GeM-tendered rollout where a re-rack means another change-window approval.
Configuration walkthrough on ArubaOS-CX
ArubaOS-CX is a database-backed NOS, which changes how you think about config. There is a running config and a checkpoint database underneath it. I lean on checkpoints heavily because they are my cheapest rollback. Before any change on a production 6100 I snap one:
# Snapshot the current state as a named checkpoint
checkpoint post-config running-config startup-checkpoint
checkpoint rollback startup-checkpoint # if it all goes wrong
# Confirm what you have before committing
show running-config
show checkpoint
show checkpoint startup-checkpoint diff running-config
That diff command is the one I wish more people used. It shows exactly what your change touched versus the last known-good state, which is gold during a MeitY DPDP audit when you have to prove that a config drift was intentional and approved. I paste the diff straight into the change ticket.
For a fresh 6100 I template the baseline: hostname, OOBM IP, AAA pointing at the BFSI TACACS+ cluster, NTP to the in-house stratum-2 source, syslog to the SIEM collector, and SNMPv3 with auth+priv only. SNMPv2 community strings are a finding waiting to happen in any RBI-aligned audit, so I disable them outright.
configure terminal
hostname AXS-6100-MUM-01
ntp server 10.20.0.5 iburst
logging 10.20.0.20 vrf mgmt
snmpv3 user noc auth sha auth-pass plaintext priv aes priv-pass plaintext
aaa authentication login default group tacacs local
end
write memory
The write memory step is non-negotiable. ArubaOS-CX will happily run a config you never saved, and the next power blip drops you back to startup. I have seen a Bengaluru cloud team lose a half-day of hardening because nobody committed before a PDU swap.
Troubleshooting commands by platform
The 6100 gives you a deep diagnostic surface if you know where to look. These are the commands I actually type, in the order I type them, when a ticket lands.
# Health and environment first - heat and power kill switches in Indian DCs
show system
show environment temperature
show environment fan
show environment power-supply
# Interfaces and the data plane
show interface brief
show interface 1/1/1 extended # per-port counters, CRC, drops
show lldp neighbors # confirm cabling matches the rack diagram
# Control plane and resources
show ip route
show spanning-tree
show vsx status # VSX pair health, ISL state
show resources # TCAM / hardware table utilisation
On a 6100 the show interface 1/1/1 extended output is where dirty fibre and bad SFPs confess. Rising input CRC errors on a single port almost always means a marginal transceiver or a kinked LC patch in the cable tray, not a switch fault. I keep a tray of known-good Aruba-coded SFP-10G-SR modules at every colo precisely so I can swap-to-test instead of guessing.
For deeper faults the diagnostic dump is show tech. Redirect it to a file and pull it off the box for Aruba TAC:
show tech | redirect-to-file /tech-6100.txt
copy /tech-6100.txt tftp://10.20.0.30/ vrf mgmt
show events -d # event log, newest first
show core-dump # crash artefacts if the daemon restarted
When I compare against a Cisco or Juniper estate, the mental mapping helps the team: ArubaOS-CX show interface brief is Cisco show ip interface brief, show events is the syslog equivalent of Cisco show logging, and Junos folks will recognise show tech as the cousin of request support information. Same intent, different keystrokes.
India compliance and deployment notes
Procurement is half the battle here. Most of my 6100 units arrive through a GeM tender or a Redington / Ingram Micro channel order, and the BoQ line item matters: get the Aruba Care Pack (Foundation Care or the 4-hour onsite tier) priced on the same PO. A SmartNet-equivalent renewal on this class of gear runs roughly INR 85,000 to INR 2,00,000 per year per pair depending on the response SLA, and the difference between next-business-day and 4-hour onsite is the difference between a trading desk being down for an afternoon or a morning. BFSI risk teams will ask for the 4-hour tier in writing.
For DPDP and RBI-aligned audits, the 6100 needs three things buttoned down: centralised AAA (TACACS+), tamper-evident logging shipped off-box to the SIEM, and an evidenced patch trail. I keep the firmware bundle, the checksum, and the change ticket together in one Git commit so an auditor can trace exactly which image ran on which date. CERT-In's six-hour incident-reporting window means you cannot afford to be hunting for logs after the fact; the syslog has to already be landing in the collector.
Power and cooling deserve a paragraph because Indian DC realities bite. In a Tier-2 colo with iffy HVAC I have watched a 6100 throttle and then log fan-fault events in May when the ambient crept past 30C. The fix was operational, not technical: get the rack onto the cold aisle properly and stop stacking patch panels above the switch exhaust. show environment temperature is your early-warning radar; alert on it in the NMS.
A hardware fault I chased down
A 6100 at an NSEL-adjacent colo started flapping a whole port group at random. The NOC blamed cabling and re-ran patches twice before I got the ticket. The give-away was in show environment temperature and the event log: the unit was logging intermittent PSU events under load, and the brown-outs were resetting the PoE budget, which knocked the affected ports offline for a few seconds at a time.
show environment power-supply
show events -d | include PSU
show interface brief | include down
It was a failing power supply, not cabling, and not a software bug. We RMA'd the PSU under the Aruba Care Pack 4-hour onsite tier, the replacement landed within the SLA, and the flapping stopped dead. The lesson I drill into juniors: when ports misbehave in a group rather than individually, suspect power and environment before you suspect a transceiver. The 6100 tells you, you just have to read the environment counters instead of staring at the link lights.
Extended FAQs
How do I tell which image bank the 6100 booted from?
Run show images. ArubaOS-CX shows the primary and secondary banks with their versions and which one is active. I check this first after every reload so I am never guessing which code is actually running before I troubleshoot.
Can I stack the 6100 the way I stacked older Aruba switches?
The 6100 uses VSF or VSX depending on model and use case, not the legacy backplane stacking of the 2930 line. For data-center redundancy I always design around VSX so each box keeps an independent control plane. Confirm with show vsx status.
What is the safe way to test a config change without risking the trading VLANs?
Snap a checkpoint, apply the change, and diff it. If anything looks wrong, checkpoint rollback puts you back instantly. I never trust a production change on the 6100 without a named checkpoint sitting behind it.
Does the 6100 support a REST API for automation?
Yes, ArubaOS-CX exposes a documented REST API alongside the CLI, which is why I prefer it over screen-scraping for fleet pushes. Enable it under https-server rest access-mode read-write on the management VRF only, never on a production SVI.
How long should an Aruba TAC RMA take in India?
With the 4-hour onsite Care Pack tier in a metro like Mumbai or Bengaluru, expect the part within the SLA. Next-business-day tiers can stretch to two or three days in Tier-2 towns, which is exactly why BFSI sites pay for the faster tier on critical gear.