Automatic Setup using ZTP
ZTPZero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention.makes the deployment ofmanaged deviceplug-n-play. Themanaged device现在,从网络中学习所有必需的信息,并自动学习规定。
和ZTPZero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention., amanaged deviceautomatically gets its local and global configuration and license limits from a centralmanaged device. A manage device with factory default settings gather the required information from the network and then provision itself automatically.
Zero Touch Provisioning
这main elements forZTPZero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention.are:
自动发现Mobility Master.
Configuration download from theMobility Master.
配置模式
这following modes are supported:
In this mode,managed deviceprovisions completely automatically. Themanaged device获取本地IP地址和路由信息DHCP动态主机配置协议。一个网络协议使服务器能够从为给定网络配置的定义数字范围自动将IP地址分配给启用IP的设备。and gets theMobility Masterinformation and regulatory domain from one of the supported servers. Then, it downloads the entire configuration from theMobility Master.
In this mode,managed device获取其本地IP地址和路由信息DHCP动态主机配置协议。一个网络协议使服务器能够从为给定网络配置的定义数字范围自动将IP地址分配给启用IP的设备。server. However, user is required to provideMobility Master信息和监管域。然后,它从Mobility Master.
In this mode,managed device从用户输入中获取所有基本的配置信息。但是,即使在此模式下,controller可以从Mobility Masterif themanaged devicerole is specified as amanaged device.
In the default state,controllerstarts in complete auto mode. While thecontrolleris trying to provision automatically, user are also provided an option to override the auto-mode at any time and select the desired mode. If there is "NO"ZTPZero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention.provisioning in activate, then quick setup will wait for the user to provide inputs. For auto provisioning, last physical interface port of a7000系列controller应将其连接为上行链路VLAN虚拟局域网。在计算机网络, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.4094并充当DHCP动态主机配置协议。一个网络协议使服务器能够从为给定网络配置的定义数字范围自动将IP地址分配给启用IP的设备。client. |
Automatically Provisioning aManaged Device
An auto provisioningmanaged deviceacts as aDHCP动态主机配置协议。一个网络协议使服务器能够从为给定网络配置的定义数字范围自动将IP地址分配给启用IP的设备。client to get its local IP address, routing information, andMobility Masterinformation and regulatory domain from aDHCP动态主机配置协议。一个网络协议使服务器能够从为给定网络配置的定义数字范围自动将IP地址分配给启用IP的设备。server or Activate server. A factory-defaultmanaged deviceboots in auto provisioning mode. To interrupt the auto provisioning process, enter the string mini-setup or full-setup at the initial setup dialog prompt shown below:
Auto-provisioning is in progress. Choose one of the following options to override or
debug...
'enable-debug' : Enable auto-provisioning debug logs
“ disable-debug':禁用自动提供的调试日志
'mini-setup' : Stop auto-provisioning and start mini setup dialog for smart-branch role
“ FullSetup”:停止自动提供并开始为任何角色开始完整的设置对话框
Enter Option (partial string is acceptable):_
If themanaged device无法完成ZTPZero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention.通过激活进行配置,然后初始设置过程等待用户提供输入
Activate
这managed deviceinteracts with the activate server to getMobility Master信息。这managed deviceestablisheshttpsHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection.connection with the activate server and posts provision requests to it. The activate server authenticates themanaged deviceand provides theMobility Masterinformation and country code to themanaged device.
Activate Interface— Themanaged deviceand theMobility Master与激活服务器接收有限公司mation about each other. Once all the information is available in the activate server, the relationship between aMobility Masterand all themanaged device由其管理自动提供。
这managed device与激活服务器进行交互以了解其角色,Mobility Masterinformation, and their regulatory domain. TheMobility Mastersends its own information and notmanaged device信息。激活REUSE现有的APFormation字段managed deviceinteractions. To achieve this, the following two steps are performed:
1.Mobility Master从激活服务器检索白名单DB。涉及以下步骤以获取白名单DB:
一个。Mobility Mastersends initial post with ‘keep-alive’ connection type with the following information:
键入作为规定更新,模式为managed device,会话ID,包括<序列号>,
b.激活以以下信息响应:
Type as provision update, activate assigned session id, status, and connection as keep alive.
c.Mobility Masterthen sends a secondPOSTPower On Self Test. An HTTP request method that requests data from a specified resource.with ‘close’ connection type with the following information:
键入规定更新,从激活中接收的会话ID,包括<序列号>,
d.Activate then responds with the following information:
类型为“配置更新”,在第一个响应中激活分配的相同会话ID,状态为成功或失败,模式为Master,列表managed deviceswith the whitelist db that contains <MAC媒体访问控制。MAC地址是分配给网络通信网络接口的唯一标识符。address>,
2.Managed device联系激活并检索供应规则
这following steps are involved to retrieve the provision rule:
一个。Navigate to the device list and select a device that you want to designate asMobility Master.
b.Edit the selected device and set its mode to Master.
c.Go to setup and create a folder with themanaged device_to_Master rule.
d.用以下信息填充规则:
Select master device.
Specify IP address of the master.
指定国家代码managed devicethat will be in this folder.
Specify configuration group formanaged devicethat will be in this folder.
A folder can contain only one type ofmanaged devicethat have the same country code and map to the same configuration group. Different folders need to be created for each such group, if the country code or mapping to the configuration changes. |
e.同样,导航到设备列表,然后选择您打算指定为managed device.
f.编辑所选设备并将其名称设置为所需的主机名。如果未设置该名称,它将被自动化。
G。Move the selectedmanaged deviceto the folder created in step c.
使用ZTP with DHCP to Provision aManaged Device
When a factory-defaultcontroller靴子,它启动了自动提供的过程。以下各节描述了供应工作流程以及准备网络的过程ZTPZero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention.usingDHCP动态主机配置协议。一个网络协议使服务器能够从为给定网络配置的定义数字范围自动将IP地址分配给启用IP的设备。for amanaged device.
这managed device可以从DHCP动态主机配置协议。一个网络协议使服务器能够从为给定网络配置的定义数字范围自动将IP地址分配给启用IP的设备。服务器而不是激活。使用DHCP动态主机配置协议。一个网络协议使服务器能够从为给定网络配置的定义数字范围自动将IP地址分配给启用IP的设备。帮助ZTPZero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention.controllersget master information when the users are unable to use Activate. Option 43 ofDHCP动态主机配置协议。一个网络协议使服务器能够从为给定网络配置的定义数字范围自动将IP地址分配给启用IP的设备。可用于将主信息广播到managed devices.
此功能支持以下拓扑:
VMM带VPNC
嗯,带VPNC
HMM without VPNC
VPNC必须是硬件controllerand not a virtual machine. |
此功能还支持L2和L3Mobility Master冗余方案,托管设备可以获取主要Mobility Masterand standbyMobility Master(L2或L3待机主)信息。
In VPNC scenarios, themanaged devicescan get primaryMobility Masterinformation, standbyMobility Master, Primary VPNC and standby VPNC information.
选项43包含以下信息,以帮助提供managed device:
Master IP
VPNC IP
主要主人MAC媒体访问控制。MAC地址是分配给网络通信网络接口的唯一标识符。
Redundant MasterMAC媒体访问控制。MAC地址是分配给网络通信网络接口的唯一标识符。
主要VPNCMAC媒体访问控制。MAC地址是分配给网络通信网络接口的唯一标识符。
Redundant VPNCMAC媒体访问控制。MAC地址是分配给网络通信网络接口的唯一标识符。
国家代码
选项43包含以下信息:
masterip, country-code, master-mac1 (No L2 redundant Master)
masterip, country-code, master-mac1, master-mac2 (L2 Redundant Master)
masterip, country-code, vpnc ip, vpnc-mac1 (No L2 Redundant VPNC)
Masterip,Country-Code,VPNC IP,VPNC-MAC1,VPNC-MAC2(L2冗余VPNC)
使用SDWAN 1.7图像将9004设备转换为控制器
Perform the following steps to convert the9004device with an SDWAN image to acontroller:
1.确保9004device is added in the correct Activate folder. For example, the folder should have the规则和设备序列号应类似于CNHHKLB02B。
2.重置9004设备到工厂图像和9004设备加载8.6.0.0图像。
In this example,ArubaOS8.5.0.3 image is used. |
阿鲁巴网络
Arubaos版本8.5.0.0.0-1.0.7.1(Build 72342 / Label#72342)
由P4Build@pr-hpn-Build05于2019-09-20在15:32:42 UTC构建(GCC版本4.9.4)
(c) Copyright 2019 Hewlett Packard Enterprise Development LP.
[02:47:16]:Starting device manager [ OK ]
<<<<<欢迎来到Aruba Networks -Aruba A9004 -US >>>>>
[02:47:18]:Probing for real-time clock [ OK ]
[02:47:18]:取消压缩核心图像文件[确定]
[02:47:36]:提取corefs [OK]
[02:47:36]:等待存储设备... [确定]
Performing partition fast test... [ DONE ]
Checking for file system... [ OK ]
[02:47:37]:Mounting flash [ OK ]
[02:47:37]:Mounting disk1 [ OK ]
[02:47:37]:安装磁盘[确定]
[02:47:37]:Initializing 256MB as swap on zRam0 [ OK ]
[02:47:39]:Turning swap ON on zRAM0 [ OK ]
[02:47:39]:Installing ancillary FS [ OK ]
对辅助分区0 [确定]执行完整性检查
从/flashmv运行启动脚本:无法重命名`/flash/config/fpapps':否此类文件或目录
mv: unable to rename `/flash/config/policymgr': No such file or directory
MV:无法重命名`/flash/config/hcm':没有此类文件或目录
mv: unable to rename `/flash/config/sos.elf': No such file or directory
[ OK ]
[02:47:43]:QAT driver initialization [ OK ]
[02:47:59]:Reboot Cause: User reboot (Intent:cause: 86:50)
[02:47:59]:启动Syslog Service [OK]
[02:47:59]:删除数据库[确定]
[02:47:59]:Restoring the database [ OK ]
[02:47:59]:Starting random number generation service [ OK ]
[02:47:59]:Intel RDRAND is supported [ OK ]
[02:47:59]:启动HW随机数生成服务[OK]
[02:47:59]:Generating SSH keys [ OK ]
[02:47:59]:SPI NOR flash mounted successfully [ OK ]
[02:48:00]:初始化TPM和证书[确定]
[02:48:00]:Checking for configuration upgrade [ OK ]
[02:48:00]:安装崩溃内核[OK]
[02:48:01]:rcS Done(45 sec)
[02:48:01]:Starting OS services [ OK ]
n^?e
enable-debug
开始ZTP
开始ZTPauto provision
Starting auto provisioning
Registered for NTP Sync
Initiated DHCP, awaiting DHCP response
接收到DHCP响应,我的IP = 192.168.82.1,master = none,mask = 255.255.255.0,gw = 192.168.82.254,dns = 10.44.17.241,country Code = none,物理端口= 3
Oct 28 02:49:28 LOG: Received DHCP response, My IP = 192.168.82.1, Master = none, Mask = 255.255.255.0, GW = 192.168.82.254, DNS = 10.44.17.241, Country code = none
DNS server name 10.44.17.241 assigned to info structure..
10月28日02:49:28日志:DNS服务器名称10.44.17.241分配给信息结构。
Master info not received, trying activate
Oct 28 02:49:28 LOG: Master info not received, trying activate
Oct 28 02:49:28 LOG: Starting Activate communication
10月28日02:49:28日志:激活服务器URL用于自动提供https://device.arubanetworks.com/provision
Oct 28 02:49:28 LOG: Sending provisioning parameters request to Activate
Oct 28 02:49:28 LOG: Posting message to Activate
OCT 28 02:49:28日志:执行curl命令/usr/sbin/curl https://device.arubanetworks.com/provision -cacert/tmp/act_cert_cert_bundle.pem -x/var/log/oslog/activate/trace1.txt -h“连接:keep-alive” -h“ x-type:provision-update” -h“ content-length:0” -h“ -h” x-mode:controller''-h“ x-current-version:8.5.0.0.0.7.1.1_72342“ -h” x-ap-info:cnhhklb02b,20:4c:4c:03:40:40:0b:0b:0b:78,aruba9004-us-us-us-us-us“ -d /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /log/oslog/activate/act_resp
Oct 28 02:49:28 LOG: Provisioning parameters request sent to Activate
curl: (6) Could not resolve host: device.arubanetworks.com
Oct 28 02:49:28 LOG: Activate handler invoked for client 7230
Oct 28 02:49:28 ERR: Activate client failed with status 1536
10月28日02:49:28错误:终止因故障而引起的激活连接
10月28日02:49:28日志:停止激活通信
Oct 28 02:49:28 LOG: Destroying Activate context
Oct 28 02:49:28 LOG: Calling response handler
未从激活中收到的配置参数,将在30秒后重试
Oct 28 02:49:28 ERR: Activate failed, will retry after 30 seconds
10月28日02:49:28日志:AcitVate重试计数为1。在DHCP重置之前重新恢复:9
Oct 28 02:49:58 LOG: Retrying Activate device.arubanetworks.com
10月28日02:49:58日志:开始激活通信
Oct 28 02:49:58 LOG: Activate server URL being used for auto-provisioning https://device.arubanetworks.com/provision
Oct 28 02:49:58 LOG: Sending provisioning parameters request to Activate
Oct 28 02:49:58 LOG: Posting message to Activate
10月28日02:49:58日志:执行curl命令/usr/sbin/curl https://device.arubanetworks.com/provision -cacert/tmp/act_cert_cert_bundle.pem -x/var/log/oslog/activate/trace1.txt -h“连接:keep-alive” -h“ x-type:provision-update” -h“ content-length:0” -h“ -h” x-mode:controller''-h“ x-current-version:8.5.0.0.0.7.1.1_72342“ -h” x-ap-info:cnhhklb02b,20:4c:4c:03:40:40:0b:0b:0b:78,aruba9004-us-us-us-us-us“ -d /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /var /log/oslog/activate/act_resp
Oct 28 02:49:58 LOG: Provisioning parameters request sent to Activate
Oct 28 02:49:58 LOG: Activate handler invoked for client 7461
10月28日02:49:58日志:解析激活响应
10月28日02:49:58日志:收到挑战,发送挑战回应
10月28日02:49:58日志:处理挑战和编码
Oct 28 02:49:58 LOG: Adding challenge hash
10月28日02:49:58日志:添加消息主体
Oct 28 02:49:58 LOG: Posting message to Activate
Oct 28 02:49:58 LOG: Executing CURL Command /usr/sbin/curl https://device.arubanetworks.com/provision --cacert /tmp/act_cert_bundle.pem --trace-ascii /var/log/oslog/activate/trace2.txt -H "Connection: close" -H "X-Type: provision-update" -H "Content-Length: 2630" -H "X-Mode: CONTROLLER" -H "X-Current-Version: 8.5.0.0-1.0.7.1_72342" -H "X-Session-Id: 0f29ab6a-43d0-444d-8cdc-b26763a39945" -H "X-Challenge-Hash: SHA-1" -H "X-Oem-Tag: Aruba" -H "X-Ap-Info: CNHHKLB02B, 20:4c:03:40:0b:78, Aruba9004-US" --data-binary @/var/log/oslog/activate/act_body -D /var/log/oslog/activate/act_resp -o /var/log/oslog/activate/act_rbody
Oct 28 02:49:58 LOG: Challenge response sent to Activate
百分比收到%XFERD平均速度时间时间当前
DLOAD上传总左速度
100 2720 100 90 100 2630 468 13697 --:--:-- --:--:-- --:--:-- 14240
Oct 28 02:49:58 LOG: Activate handler invoked for client 7467
10月28日02:49:58日志:解析激活响应
10月28日02:49:58日志:强制性升级信息可用[8.5.0.3_72498],运行版本[8.5.5.0.0.0.0.7.7.1_72342]
Oct 28 02:49:58 LOG: Attempting mandatory upgrade firmware with http://activate-frm5-cf.arubathena.com/fwfiles/ArubaOS_90xx_8.5.0.3_72498...
................................................................................................... oct 28 02:50:18日志:
Checking if the file was downloaded successfully and try to update flash...
Image is signed;
Image is signed;
Image upgrade done sucessfully!
3.Ensure to have the required configurations in theMobility Master, where the device terminates. After the9004devices comes up with required image, verify that the device is in UP and UPDATE SUCCESSFUL state.
(master_ctrl_40_0b_78)#show loyinfo
Switchrole:MD
Masterip:10.8.248.150
Certificate Type: Factory Certificates
Master MAC: 20:4c:03:13:a0:e4
(MASTER_CTRL_40_0B_78) #show image version
---------------------------------------------------
分区:0:0(/mnt/disk1)**默认启动**
Software Version : ArubaOS 8.5.0.3 (Digitally Signed SHA1/SHA256 - Production Build)
Build number : 72498
Label : 72498
Built on : Tue Oct 1 08:00:09 UTC 2019
---------------------------------------------------
分区:0:1(/mnt/disk2)
Software Version : ArubaOS 8.5.0.3 (Digitally Signed SHA1/SHA256 - Production Build)
Build number : 72498
Label : 72498
Built on : Tue Oct 1 08:00:09 UTC 2019
(MASTER_CTRL_40_0B_78) #show switches
All Switches
--------------
IP Address IPv6 Address Name Location Type Model Version Status Configuration State Config Sync Time (sec) Config ID
------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------
3.4.5.6无Master_ctrl_40_0b_78 buildues1.floor1 MD Aruba9004 8.5.0.3_72498 UP UP UP UP UPDITS成功6 10
总开关:1
