Zero Touch Provisioning (Auto Configuration)

Zero Touch Provisioning (ZTP) enables switches "just out of the box" to automatically gain a management IP address and configuration without serial cables and manual configuration. ZTP provides:

Note

Note

ZTP works on both tagged and untagged VLANs.
Note

Note

ZTP+ supports stacking mode, but ZTP does not.

IPv4 Link-Local Address

Link-Local addressing (subnet 169.254.x.x) allows a host device to automatically and predictably derive a non-routable IP address for IP communication over Ethernet links.

By configuring the Ethernet management port "just out of the box" with an IP address, a user can connect a laptop directly to the management Ethernet port. If the laptop is not configured with a fixed IP address, it tries to get an IP address from a DHCP server. If it cannot, it assigns its own Link-Local address putting the switch and the laptop on the same subnet. The laptop can then use Telnet or a web browser to access the switch removing the need for the serial cable.

Note

Note

Most ExtremeSwitching 5320 models do not have dedicated management ports. You can use front panel ports for management connectivity for these switches. Models 5320-24T-4X-XT and 5320- 24T-24S-4XE-XT have dedicated management ports.

The IPv4 address format is used to make it simple for a user to determine the switch‘s IP address. The formula is to use the lower 2 bytes of the MAC address as the last two numbers in the Link-Local IPv4 address.

Web browsers accept a hexadecimal value as an IPv4 address. (Microsoft IE displays the URL with the number dot notation 169.254.233.239.)

The web URL is http://0xa9fee9ee or just 0xa9fee9ee

The user documentation directs the customer to access the web browser by typing 0xa9fe followed by the last two number/letter groups in the MAC address found on the switch label. No hexadecimal translation is required.

With this information, you can connect the Ethernet port directly from a laptop to this switch using the temporary Link-Local address. You can communicate via web or Telnet to perform the initial switch configuration, if needed, and no longer needs a serial cable to configure a switch.

DHCP Parameters

If a DHCP server is available, ZTP tries to contact it alternating between the default VLAN and the management Ethernet port. The DHCP server can provide:

If an IP address is provided by a DHCP server on the management port, it replaces the Link-Local management IPv4 address.

If a TFTP server IP address is provided along with the name of a config file, ZTP downloads the config file to the switch. The switch reboots to activate the config file.

For .xos image files, ZTP executes the download image command to update the switch software. The switch does not reboot after the download image command completes.

DHCP Discovery Over Tagged VLANs

To discover Extreme Cloud, DNS queries must be carried over the tagged VLAN. Under ZTP, the discovery of the tagged VLAN DHCP service must be automatic. During ZTP initialization, an active agent is started and carries out the following tasks:

  1. Sends DHCP discover requests on all VLAN tags 1-4095.
  2. Listens for any DHCP offer responses and records the VLAN and port.
  3. For each VLAN that received a DHCP offer then:
    • Creates the VLAN in the operating system.
    • Adds the tagged port to the VLAN.
    • Attempts to resolve the following DNS names: extremecontrol and devices.extremenetworks.com.
  4. If either of the previous domain names cannot be resolved, the VLAN is deleted. If one DHCP or DNS server is found, the Cloud Connector (ZTP+) application is started.

Option 43

Option 43 processing does not require an NMS. If a switch receives option43 as part of the DHCP response, it uses the TFTP protocol to transfer files from the specified TFTP server IP address.

Option43 parameters may contain:
  • TFTP Server to Contact
  • Config file to be loaded or script to be run (.xsf or .py)
  • Policy files (.pol)
  • Switch Engine image file to be downloaded (.xos)
  • Switch Engine XMOD file to be downloaded (.xmod)
  • SNMP trap receiver address for Extreme MIB traps

Multiple file names may be specified in option43. The file names can be either relative path names or a full URL with the IP address of the TFTP server. If relative path names are specified, the TFTP IP address is also required.

File name examples assuming a TFTP server is present with the IP address 10.10.10.1:

Once all of the files specified in option43 have been transferred to the switch, the switch reboots.

Following is a sample Linux DHCP configuration:

option space EXTREME;
option EXTREME.tftp-server-ip code 100 = ip-address;
option EXTREME.config-file-name code 101 = text;
option EXTREME.snmp-trap-ip code 102 = ip-address;
class "Edge-without-POE" {
match if (option vendor-class-identifier = "XSummit");
vendor-option-space EXTREME;
option EXTREME.tftp-server-ip 10.120.89.80;
option EXTREME.config-file-name "XSummit_edge.cfg";
option EXTREME.snmp-trap-ip 10.120.91.89;
}
class "Edge-SummitX-POE" {
match if (option vendor-class-identifier = "XSummit");
vendor-option-space EXTREME;
option EXTREME.tftp-server-ip 10.120.89.80;
option EXTREME.config-file-name "xSummit_edge.xsf";
option EXTREME.snmp-trap-ip 10.120.91.89;
}
subnet 10.127.8.0  netmask 255.255.255.0 {
option routers                  10.127.8.254;
option domain-name-servers      10.127.8.1;
option subnet-mask              255.255.255.0;
pool {
deny dynamic bootp clients;
range 10.127.8.170 10.127.8.190;
allow members of "Edge-without-POE";
allow members of "Edge-SummitX-POE";
}
}

Options 66 and 67

Option 66 and option 67 provide TFTP server and bootpfilename for cases when option 43 is not available for ZTP.

Options 66 and 67 are received as DHCP options in a DHCP response by Switch Engine.
  • Option 66 is used to identify the TFTP server with details of TFTP server IP address.
  • Option 67 provides the bootpfilename details, which are downloaded to Switch Engine from the TFTP server IP address, and Switch Engine is rebooted after the download is successful. The bootpfilename can be of any image type (.xos or .xmod) or configuration file (.xsf or .py).
If option 43 is not present, then Switch Engine looks for the TFTP server IP address and bootp file name in options 66 and 67 to load the configurations or update the new image. If option 43, and options 66 and 67 are present, option 43 has higher precedence.

Identifying an Auto Provision Enabled Switch

A switch enabled with auto provision can be identified by the following:
  • A warning message for the console and each Telnet session is displayed as follows:
    Note:  This switch has Auto-Provision enabled to obtain configuration remotely. Commands should be limited to:
    show auto-provision
    show log
    Any changes to this configuration will be discarded at the next reboot if auto provisioning sends a ".cfg" file.
  • The shell prompt displays: (auto-provision) SummitX #
  • The status appears in the show auto-provision command.

Auto-bind on Spanning Tree Protocol Domain for Auto-provisioned VLANs

Version 32.5 modifies a Zero Touch Processing – Dynamic Host Configuration Protocol (ZTPDHCP) script to enable auto-bind on Spanning Tree Protocol Domain (STPD) "s0" for auto-provisioned Virtual Local Area Networks (VLAN). This allows the newly created VLAN(s) to participate in “s0” along with the default VLAN.

The ZTPDHCP script enables auto-bind by calling the following CLI command for every VLAN it creates:

enable stpd s0 auto-bind [ {vlan} vid

If during ZTP the path to a DHCP server uses a tagged port, then the ZTPDHCP script auto-provisions a corresponding VLAN and adds the tagged port. This removes the port from STP Domain "s0", which may result in a network loop. Enabling auto-bind for the auto-provisioned VLAN on STPD "s0" provides loop protection.

The log file generated by the ZTPDHCP script logs the event whenever auto-bind is enabled on STPD “s0” for a newly created VLAN.