Zero Touch Provisioning (ZTP) enables switches "just out of the box" to automatically gain a management IP address and configuration without serial cables and manual configuration. ZTP provides:
Note
ZTP works on both tagged and untagged VLANs.Note
ZTP+ supports stacking mode, but ZTP does not.Link-Local addressing (subnet 169.254.x.x) allows a host device to automatically and predictably derive a non-routable IP address for IP communication over Ethernet links.
By configuring the Ethernet management port "just out of the box" with an IP address, a user can connect a laptop directly to the management Ethernet port. If the laptop is not configured with a fixed IP address, it tries to get an IP address from a DHCP server. If it cannot, it assigns its own Link-Local address putting the switch and the laptop on the same subnet. The laptop can then use Telnet or a web browser to access the switch removing the need for the serial cable.
Note
Most ExtremeSwitching 5320 models do not have dedicated management ports. You can use front panel ports for management connectivity for these switches. Models 5320-24T-4X-XT and 5320- 24T-24S-4XE-XT have dedicated management ports.The IPv4 address format is used to make it simple for a user to determine the switch‘s IP address. The formula is to use the lower 2 bytes of the MAC address as the last two numbers in the Link-Local IPv4 address.
Web browsers accept a hexadecimal value as an IPv4 address. (Microsoft IE displays the URL with the number dot notation 169.254.233.239.)
The web URL is http://0xa9fee9ee or just 0xa9fee9ee
The user documentation directs the customer to access the web browser by typing 0xa9fe followed by the last two number/letter groups in the MAC address found on the switch label. No hexadecimal translation is required.
With this information, you can connect the Ethernet port directly from a laptop to this switch using the temporary Link-Local address. You can communicate via web or Telnet to perform the initial switch configuration, if needed, and no longer needs a serial cable to configure a switch.
If a DHCP server is available, ZTP tries to contact it alternating between the default VLAN and the management Ethernet port. The DHCP server can provide:
If an IP address is provided by a DHCP server on the management port, it replaces the Link-Local management IPv4 address.
If a TFTP server IP address is provided along with the name of a config file, ZTP downloads the config file to the switch. The switch reboots to activate the config file.
For .xos image files, ZTP executes the download image command to update the switch software. The switch does not reboot after the download image command completes.
To discover Extreme Cloud, DNS queries must be carried over the tagged VLAN. Under ZTP, the discovery of the tagged VLAN DHCP service must be automatic. During ZTP initialization, an active agent is started and carries out the following tasks:
Option 43 processing does not require an NMS. If a switch receives option43 as part of the DHCP response, it uses the TFTP protocol to transfer files from the specified TFTP server IP address.
Multiple file names may be specified in option43. The file names can be either relative path names or a full URL with the IP address of the TFTP server. If relative path names are specified, the TFTP IP address is also required.
File name examples assuming a TFTP server is present with the IP address 10.10.10.1:
Once all of the files specified in option43 have been transferred to the switch, the switch reboots.
Following is a sample Linux DHCP configuration:
option space EXTREME; option EXTREME.tftp-server-ip code 100 = ip-address; option EXTREME.config-file-name code 101 = text; option EXTREME.snmp-trap-ip code 102 = ip-address; class "Edge-without-POE" { match if (option vendor-class-identifier = "XSummit"); vendor-option-space EXTREME; option EXTREME.tftp-server-ip 10.120.89.80; option EXTREME.config-file-name "XSummit_edge.cfg"; option EXTREME.snmp-trap-ip 10.120.91.89; } class "Edge-SummitX-POE" { match if (option vendor-class-identifier = "XSummit"); vendor-option-space EXTREME; option EXTREME.tftp-server-ip 10.120.89.80; option EXTREME.config-file-name "xSummit_edge.xsf"; option EXTREME.snmp-trap-ip 10.120.91.89; } subnet 10.127.8.0 netmask 255.255.255.0 { option routers 10.127.8.254; option domain-name-servers 10.127.8.1; option subnet-mask 255.255.255.0; pool { deny dynamic bootp clients; range 10.127.8.170 10.127.8.190; allow members of "Edge-without-POE"; allow members of "Edge-SummitX-POE"; } }
Option 66 and option 67 provide TFTP server and bootpfilename for cases when option 43 is not available for ZTP.
Note: This switch has Auto-Provision enabled to obtain configuration remotely. Commands should be limited to: show auto-provision show log Any changes to this configuration will be discarded at the next reboot if auto provisioning sends a ".cfg" file.
Version 32.5 modifies a Zero Touch Processing – Dynamic Host Configuration Protocol (ZTPDHCP) script to enable auto-bind on Spanning Tree Protocol Domain (STPD) "s0" for auto-provisioned Virtual Local Area Networks (VLAN). This allows the newly created VLAN(s) to participate in “s0” along with the default VLAN.
The ZTPDHCP script enables auto-bind by calling the following CLI command for every VLAN it creates:
enable stpd s0 auto-bind [ {vlan} vid
If during ZTP the path to a DHCP server uses a tagged port, then the ZTPDHCP script auto-provisions a corresponding VLAN and adds the tagged port. This removes the port from STP Domain "s0", which may result in a network loop. Enabling auto-bind for the auto-provisioned VLAN on STPD "s0" provides loop protection.
The log file generated by the ZTPDHCP script logs the event whenever auto-bind is enabled on STPD “s0” for a newly created VLAN.