Upgrade Paths

Huawei S5720-LI: Upgrade Path to the next major release

By Sai Kiran Pandrala · reviewed by Sai Kiran Pandrala, Editor Last verified: 2026-05-30

⚡ At a glance
VendorHuawei
Operating systemVRP (Versatile Routing Platform)
CategoryUpgrade Paths
Skill levelIntermediate to advanced
DIY-able?Yes with CLI access; some scenarios need Huawei TAC + RMA.

Upgrade work on a Huawei fleet is mostly about discipline. VRP (Versatile Routing Platform) gives you the commands; the failure mode is almost always operator error, wrong image for the platform, integrity not checked, no rollback plan. The S5720-LI family is no exception.

I always do a one-box pilot before a fleet roll. startup system-software V200R023C00SPC500.cc next-startup on a single representative unit, then 24 hours of soak, then the rest of the fleet in waves. Skipping the soak has bitten me twice.

Huawei TAC will want the exact build string and the upgrade method (CLI vs controller-driven) on every case, so keep that recorded for the change ticket.

What this guide covers

Upgrade procedure for Huawei S5720-LI to the next major release (VRP (Versatile Routing Platform)).

Notes specific to this combination

Verify the supported upgrade path in the Huawei release notes before proceeding. Some VRP (Versatile Routing Platform) releases require an intermediate hop; some support direct upgrade.

Step-by-step

  1. Verify current version: display version.
  2. Read the release notes for supported upgrade paths.
  3. Confirm minimum RAM / disk for the target release.
  4. Download target image; verify checksum.
  5. Schedule maintenance window.
  6. Back up running configuration.
  7. Copy image to local flash.
  8. Run startup system-software V200R023C00SPC500.cc next-startup.
  9. Reboot: reboot.
  10. Verify; save if healthy.

CLI / commands

display version
display device
startup system-software V200R023C00SPC500.cc next-startup
save

Frequently asked questions

Will this work on my specific VRP (Versatile Routing Platform) version?

The procedure reflects current VRP (Versatile Routing Platform) behaviour. Older releases may need minor syntax adjustments. use the CLI help (? or tab-completion) to verify.

Should I open a Huawei TAC case immediately?

Open one if you suspect hardware failure or the symptom persists after a maintenance-window reload. Make sure your support entitlement is active first.

Where can I find the Huawei official documentation?

https://support.huawei.com/enterprise/en/knowledge-base.html, search the product family + feature name.

Is this procedure safe in production?

Test in a lab or maintenance window first. Capture pre-change state so you can roll back.

Related guides worth a look while you sort this one out:

References


Reference material, not professional advice. Validate against your specific VRP (Versatile Routing Platform) version and test in a non-production environment before applying.

What changed recently?

Fault diagnosis on a Huawei device goes faster when you map the symptom to a recent change:

The answer narrows the root cause to a manageable subset.

Safety + preconditions

Before any work on a Huawei device:

How to confirm it's actually fixed

On a Huawei device, the test is rarely "reboot and see". Use this list:

Escalation guide

For a Huawei device, the right escalation depends on impact:

More frequently asked questions

What if my model isn't exactly the same revision?

Cross-check the model code on the rating plate against the manufacturer support page. Major firmware generations sometimes shift the menu path; the option is usually under a similarly-named section.

What if the fix returns after a reboot?

Persistent fault returns mean either: a hardware fault (escalate), a configuration that's being overwritten by a sync source (check cloud profiles), or a regression in a recent firmware update (rollback).

How long does this fix usually take?

Most users complete the steps in 20-45 minutes the first time, and 5-10 minutes on subsequent runs once the menu paths are familiar.

Will this void my warranty?

Applying official firmware updates and following the user manual will not affect warranty. Opening sealed components, jumping safety circuits, or using third-party parts can void warranty in most jurisdictions.

Should I update firmware first or last?

Update firmware first if a release note specifically mentions your symptom. Otherwise, finish the troubleshooting flow first, then update; that way you can isolate whether the update or the underlying fix solved it.

Topology deep dive: where the S5720-LI sits in the network

My typical Huawei S5720-LI series access switch deployment in the BSNL state-data-centre floor runs forty-eight 1GE access ports per switch, stacked five high using iStack on 10G SFP+ uplinks. The stack faces a pair of S12700E core chassis upstream via 2x10G LACP, and downstream the access ports trunk voice (Airtel SIP), data (Reliance Jio backhaul), and PoE+ for surveillance. iStack master is locked to the bottom unit because the top of the rack moves more often during cabling churn, and you do not want a master re-election every time someone reseats an SFP+.

The Layer 2 / lite-L3 access switch (24 or 48 GE + 4 SFP+) role matters because the failure-impact blast radius scales with it. A floor-closet outage on a S5720-LI is annoying. A core-aggregation outage on the same S5720-LI family takes down a BFSI trading desk for the minutes it takes to RMA. I price the spare accordingly: cold spare for access, hot spare on a maintenance contract for core.

Cabling note that bites people: VRP labels physical ports as 10GE1/0/1 on a fixed switch and 10GE2/0/0/1 on a chassis (slot/sub-slot/card/port). When you copy a config between platforms, the interface namespace breaks silently. I keep a `sed` script in my git repo that translates between the two forms for exactly this reason.

Configuration walkthrough on VRP

The controlled-upgrade pattern I use on a S5720-LI runs in five blocks that map cleanly to a maintenance window:

  1. Capture the current state with display version, display startup, display patch-information, and display device. Save to a timestamped file: save logfile followed by an FTP push to the jump host.
  2. Stage the new image on flash. From system-view: startup system-software V200R023C00SPC500.cc next. Confirm with display startup that the next-boot row updated.
  3. Stage the patch hot-fix (if any): install-module slot 1 file flash:/V200R022SPH032.PAT and patch load all run.
  4. Schedule the reload: schedule reboot at 01:30 2026/06/15 so it fires inside the window even if the SSH session is killed by Airtel MPLS flapping.
  5. Post-reboot, verify with display version, run an ICMP sweep from the NMS, and only then run delete startup-saved-configuration backup.

If the upgrade goes sideways, the rollback is one line on each MPU: startup system-software flash:/V200R021C00SPC500.cc and reboot. Keep the previous image on flash for at least two maintenance windows; do not garbage-collect it on day one.

Troubleshooting commands by platform layer

The shortest path from symptom to root cause on a S5720-LI is to start at the highest layer that still reports clean and walk down. I keep this command bundle in a saved tmux paste-buffer:


display version
display device
display device pic-status
display environment
display fan
display power
display memory-usage
display cpu-usage
display logbuffer | include WARN|ERR|FAULT
display alarm active
display diagnostic-information

The Huawei error format I look for is %%01IFNET/4/IF_STATE, %%01DEVM/2/BOARD_REMOVE, or the dreaded %%01SYSTEM/1/HARDWAREFAULT. Those numeric prefixes are stable across VRP V200 releases; my Splunk parser keys off them.

For port-layer faults specifically, the trio that almost always tells the story is:

display interface brief
display interface 10GE1/0/24
display transceiver interface 10GE1/0/24 verbose
display port vlan
display elabel slot 1

The display elabel output gives you the line card's BOM number, serial, and Huawei-side manufacture date. That is the field the TAC engineer always asks for on a hardware case, so capture it before you have to call.

For chassis or stack issues, layer in display stack, display stack peers, display mad detail, and display switching-frame-utilization. The MAD (Multi-Active Detection) output tells you whether a stack split has happened or is at risk.

India compliance and deployment notes

If your Huawei S5720-LI series access switch sits in an Indian regulated environment, three rule-sets apply regardless of vendor:

Pricing reality from my last three procurements: list price on the Huawei Enterprise India catalogue ran 35-45 percent higher than the closing tender price; expect tender discounting around INR 78,000-1.45 lakh per unit on GeM tender (24-port vs 48-port, PoE+ vs non-PoE). CarePack AMC: budget INR 9,500 / year for 8x5xNBD; INR 17,200 / year for 24x7x4-hour. Spares retention rule of thumb for BFSI: one cold MPU per ten chassis, one hot fan tray per rack.

For STQC labs, RBI-regulated banks, and SEBI-supervised stock exchanges (NSE colo at BKC, BSE colo at PJ Towers), the deployment must also satisfy the cyber-resilience framework: change-control logged in an immutable store, vulnerability bulletins tracked against the Huawei PSIRT feed, and quarterly recovery drills documented. The S5720-LI integrates with Huawei iMaster NCE for those, but most BFSI teams I work with run Solarwinds or a home-grown Ansible-driven setup because procurement of iMaster carries its own approval cycle.

A real-world deployment I ran

Last quarter I ran a controlled V200R021 → V200R022 upgrade on twelve S5720-LI units across a BSNL state-data-centre user floor in Pune and a Reliance Jio NOC stack in Navi Mumbai. The plan was three batches over three weekends. Batch one went textbook. Batch two had a single unit that booted into the new image but lost its OSPF adjacency to the upstream router for 47 seconds during MPU sync, long enough that the BFSI VoIP team paged me at 02:08. Root cause: graceful-restart-helper was disabled on the upstream Cisco ASR. After the upstream change went in, batch three completed without a single adjacency drop. The lesson I pinned to the runbook: every controlled VRP upgrade now includes an upstream-peer feature audit as a precondition, not a recovery step.

Two patterns I extracted from that incident and now bake into every S5720-LI runbook: (1) every reload, controlled or panic, gets a logbuffer dump pushed to FTP before the reload runs, because the post-reload buffer rolls fast; (2) every TAC case opens with the elabel, the version, the patch list, and the last 200 lines of logbuffer attached, because the TAC engineer's first three questions are always the same. Saving them up front cuts the case time roughly in half.

Extended FAQs from real S5720-LI cases

Does VRP V200R023 break compatibility with V200R021 configurations?

No, the config grammar is forward-compatible within the V200 family. The migration scripts in Huawei's release notes call out a handful of deprecated knobs (legacy STP timers, old IS-IS authentication modes); review those before the cutover but a clean V200R021 config will parse on V200R023 without rewriting.

How long does the S5720-LI hold logs in the buffer before they roll?

Default logbuffer size is 1024 entries on the S5720-LI, which in a noisy access-layer environment can roll in under an hour. Bump it: info-center logbuffer size 4096. Always feed an external rsyslog regardless of buffer size; the buffer is a peek-window, not a system of record.

Can I run the S5720-LI without a Huawei CarePack contract?

Yes, but you lose access to firmware downloads, PSIRT advisory notifications, and TAC. For lab and non-revenue gear that is fine. For BFSI or telco production, the cost of CarePack is negligible against a single SLA breach.

What is the right SNMP / Telemetry mix for S5720-LI in 2026?

SNMPv3 for slow-changing inventory (boards present, serials, uptime). gRPC dial-out telemetry for fast counters (interface stats every 10 seconds, CPU and memory every 30). Run both; the SNMP feed is the inventory truth, the telemetry feed is the operational truth.

Will Huawei eSight or iMaster NCE work in an air-gapped Indian government network?

Yes. both ship as on-prem installable products. Procurement requires a separate license and the install footprint is non-trivial (multi-VM, separate Oracle or MySQL). For most enterprise users, a leaner stack of Grafana + InfluxDB + a Telegraf instance speaking gNMI to the S5720-LI solves the same monitoring requirement at a fraction of the licence cost.