Zero Touch Provisioning (Auto Configuration)

Zero Touch Provisioning (ZTP) enables switches "just out of the box" to automatically gain a management IP address and configuration without serial cables and manual configuration. ZTP provides:

Note

Note

ZTP works on both tagged and untagged VLANs.
Note

Note

ZTP+ supports stacking mode, but ZTP does not.

IPv4 Link-Local Address

Link-Local addressing (subnet 169.254.x.x) allows a host device to automatically and predictably derive a non-routable IP address for IP communication over Ethernet links.

By configuring the Ethernet management port "just out of the box" with an IP address, a user can connect a laptop directly to the management Ethernet port. If the laptop is not configured with a fixed IP address, it tries to get an IP address from a DHCP server. If it cannot, it assigns its own Link-Local address putting the switch and the laptop on the same subnet. The laptop can then use Telnet or a web browser to access the switch removing the need for the serial cable.

Note

Note

The ExtremeSwitching 5320 (all models) do not have dedicated management ports. You can use front panel ports for management connectivity for these switches.

The IPv4 address format is used to make it simple for a user to determine the switch‘s IP address. The formula is to use the lower 2 bytes of the MAC address as the last two numbers in the Link-Local IPv4 address.

Web browsers accept a hexadecimal value as an IPv4 address. (Microsoft IE displays the URL with the number dot notation 169.254.233.239.)

The web URL is http://0xa9fee9ee or just 0xa9fee9ee

The user documentation directs the customer to access the web browser by typing 0xa9fe followed by the last two number/letter groups in the MAC address found on the switch label. No hexadecimal translation is required.

With this information, you can connect the Ethernet port directly from a laptop to this switch using the temporary Link-Local address. You can communicate via web or Telnet to perform the initial switch configuration, if needed, and no longer needs a serial cable to configure a switch.

DHCP Parameters

If a DHCP server is available, ZTP tries to contact it alternating between the default VLAN and the management Ethernet port. The DHCP server can provide:

If an IP address is provided by a DHCP server on the management port, it replaces the Link-Local management IPv4 address.

If a TFTP server IP address is provided along with the name of a config file, ZTP downloads the config file to the switch. The switch reboots to activate the config file.

For .xos image files, ZTP executes the download image command to update the switch software. The switch does not reboot after the download image command completes.

Option 43

Option 43 processing does not require an NMS. If a switch receives option43 as part of the DHCP response, it uses the TFTP protocol to transfer files from the specified TFTP server IP address.

Option43 parameters may contain:
  • TFTP Server to Contact
  • Config file to be loaded or script to be run (.xsf or .py)
  • Policy files (.pol)
  • Switch Engine image file to be downloaded (.xos)
  • Switch Engine XMOD file to be downloaded (.xmod)
  • SNMP trap receiver address for Extreme MIB traps

Multiple file names may be specified in option43. The file names can be either relative path names or a full URL with the IP address of the TFTP server. If relative path names are specified, the TFTP IP address is also required.

File name examples assuming a TFTP server is present with the IP address 10.10.10.1:

Once all of the files specified in option43 have been transferred to the switch, the switch reboots.

Following is a sample Linux DHCP configuration:

option space EXTREME;
option EXTREME.tftp-server-ip code 100 = ip-address;
option EXTREME.config-file-name code 101 = text;
option EXTREME.snmp-trap-ip code 102 = ip-address;
class "Edge-without-POE" {
match if (option vendor-class-identifier = "XSummit");
vendor-option-space EXTREME;
option EXTREME.tftp-server-ip 10.120.89.80;
option EXTREME.config-file-name "XSummit_edge.cfg";
option EXTREME.snmp-trap-ip 10.120.91.89;
}
class "Edge-SummitX-POE" {
match if (option vendor-class-identifier = "XSummit");
vendor-option-space EXTREME;
option EXTREME.tftp-server-ip 10.120.89.80;
option EXTREME.config-file-name "xSummit_edge.xsf";
option EXTREME.snmp-trap-ip 10.120.91.89;
}
subnet 10.127.8.0  netmask 255.255.255.0 {
option routers                  10.127.8.254;
option domain-name-servers      10.127.8.1;
option subnet-mask              255.255.255.0;
pool {
deny dynamic bootp clients;
range 10.127.8.170 10.127.8.190;
allow members of "Edge-without-POE";
allow members of "Edge-SummitX-POE";
}
}

Options 66 and 67

Option 66 and option 67 provide TFTP server and bootpfilename for cases when option 43 is not available for ZTP.

Options 66 and 67 are received as DHCP options in a DHCP response by Switch Engine.
  • Option 66 is used to identify the TFTP server with details of TFTP server IP address.
  • Option 67 provides the bootpfilename details, which are downloaded to Switch Engine from the TFTP server IP address, and Switch Engine is rebooted after the download is successful. The bootpfilename can be of any image type (.xos or .xmod) or configuration file (.xsf or .py).
If option 43 is not present, then Switch Engine looks for the TFTP server IP address and bootp file name in options 66 and 67 to load the configurations or update the new image. If option 43, and options 66 and 67 are present, option 43 has higher precedence.

Image Update

Using ZTP, you can setup a DHCP/TFTP server and connect switches directly to it, possibly via a Layer 2 switch. Switches can then update themselves with a generally available software image before being installed into a live network. The following figure shows one possible method of upgrading switches by connecting them to a Layer 2 switch. This approach upgrades the switches before being deployed into a network.

Click to expand in new window
ZTP DHCP/TFTP Server Setup

Identifying an Auto Provision Enabled Switch

A switch enabled with auto provision can be identified by the following:
  • A warning message for the console and each Telnet session is displayed as follows:
    Note:  This switch has Auto-Provision enabled to obtain configuration remotely. Commands should be limited to:
    show auto-provision
    show log
    Any changes to this configuration will be discarded at the next reboot if auto provisioning sends a ".cfg" file.
  • The shell prompt displays: (auto-provision) SummitX #
  • The status appears in the show auto-provision command.