NetApp (Broadcom) BES-53248 Cluster Switch Notes: How to Setup

The setup of the Broadcom BES-53248 as a NetApp ONTAP Cluster Switch, is very similar to the setup of the NetApp CN1610 cluster switch (which always was a Broadcom switch, just re-badged NetApp). So this post is quite similar to 2017's: NetApp CN1610 Cluster Switch Notes: How to Setup.

BES-53248 and License Options

The default license (or no license), allows by default 16 * 10/25 GbE ports and 2 * 40/100 ports (for the ISL). This blog post will assume we're just following the default setup. The RCF/ports configuration needs to be modified if you have licenses to apply.

Image: BES-53248 Cluster Switch

BES Software

Alas, it's no longer possible to obtain the switch software (called EFOS) from NetApp's website, you get directed to:

You'll need to register for an account. If you don't have an account you need to email:

What you can do from the NetApp website is download the RCF file, SHM_Broadcom_BES_53248, and review the switch compatibility matrix for your version of ONTAP:

1) Initial Cluster Switch Setup Script

Note: Full instructions are available at under Configuring a new Broadcom-supported BES-53248 cluster switch.

Connect a laptop to the switch’s console (RJ45) port (115200 baud). Out-of-the-factory, the default BES-53248 login is admin with no password, and you will be prompted to change it to a secure password on first login.

username = admin
password = {blank}

Note: NetApp123#! will work as a secure password.

You will initially be in the user USER command mode: >
From > , copy and paste the below script, with the highlighted entries updated accordingly:

hostname SWITCH_NAME
serviceport protocol none
network protocol none
show serviceport
show network

Note: Type ‘en’ or ‘enable’ to get from the USER command mode - > - to the EXEC mode - #

2) Cluster Switch OS and RCF File

To check EFOS and RCF, run the below commands - the RCF version is listed in running-config.
Note: Brand new switches might be running the correct EFOS version, but are unlikely to have had the RCF applied.

(BES_SW1) # show version
(BES_SW1) # show running-config

Upgrading EFOS and/or the RCF requires a TFTP/FTP/SFTP server (sometimes if the upload fails one, you have better luck trying a different one.)
Note: In the below, you only need to run 'copy active backup' if the active is different to the backup.

show version
show bootvar
copy active backup
show bootvar

copy tftp://{YOUR_TFTP_SERVER}/EFOS. active
show bootvar

copy tftp://{YOUR_TFTP_SERVER}/BES-53248_RCF_v1.6-Cluster-HA.txt nvram:script BES-53248_RCF_v1.6-Cluster-HA.scr
script list
script apply BES-53248_RCF_v1.6-Cluster-HA.scr
show port all | exclude Detach
show running-config
write memory


show version

3) Configuring DNS, NTP, and SSH

Configure DNS, NTP and SSH using the commands below with the highlighted entries updated accordingly (from the # prompt):

ip domain name {YOUR_DOMAIN}
ip name server {DNS_IP_1} {DNS_IP_2}

sntp client mode unicast
sntp server {NTP SERVER 1 IP}
sntp server {NTP SERVER 2 IP}
clock timezone 0 zone UK

show ip ssh
crypto key generate rsa
crypto key generate dsa
crypto key generate ecdsa 521
ip ssh server enable
show ip ssh

4) Passwords

To change the current logged in user’s password:

(BES_SW1) > password

If you want to set an enable password:

(BES_SW1) # enable password PASSWORD

IMPORTANT) Saving Changes!

To save changes so that they are persistent to reboots:

(BES_SW1) # write memory


2021.09.23: Security recommendation to disable the BMC on BES-53248 switches:

#Disable access to the BMC


(switch1) > enable

(switch1) #

(switch1) # linuxsh

# ipmitool raw 0x32 0x6a 0x20 0x0 0x0 0x0 0x0 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x0 0xff 0xff 0xff 0xff 0x16 0x0 0x0 0x0 0xe0 0x1 0x0 0x0 0xff 0x0

Optionally set bogus IP address to disable it from being active on the network:

(switch1) # ipmitool lan set 1 ipsrc static

(switch1) # ipmitool lan set 1 ipaddr

(switch1) # ipmitool lan set 1 netmask

(switch1) # ipmitool lan set 1 defgw ipaddr

(switch1) # ipmitool mc reset cold


Disable Password Lockout:

(switch1) (Config)# passwords lock-out 0


  1. Another excellent article. Thank you Cosonok.

    1. Hi Unknown. Many thanks for the comment. Cheers, VC

  2. Hello. Quick question. When you download the software you are left with a zip file. Do I rename this to .stk or unzip and use the stk inside?
    EFOS Firmware
    Inside this zip file - FastPath-EFOS-esw-qcp_td3-qcp_td3_x86_64-LX44R-CNTRF-BD6IOQHr3v4m4b4_signed.stk

    1. Hello Bessler, apologies for the slow reply. I'm sure you have your answer already. I can't remember but 99% sure you unzip to reveal the stk file inside the zip and use the stk file. You can rename the horribly long named stk file to a simpler name. Cheers, VC


Post a Comment