Wired Intelligent Edge

Hi,

We are trying to get zero touch provisioning to work for our 2930F switches. We don't want to use airwave or activate/central.

Everything works fine and the switch get the correct configuration but I can't get the switch to download a new image firmware.

I can't find any documentation how to configure image upgrade.

This is my isc-dhcp configuration (read somewhere that Cisco switches ueses option 125 for image upgrade, doesn't work...):

 

option configfile code 67 = text;
option tftpserver code 66 = text;

option imagefile code 125 = text;

 

subnet 10.202.0.0 netmask 255.255.255.0 {
    range 10.202.0.10 10.202.0.200;
    option routers 10.202.0.1;
    option subnet-mask 255.255.255.0;

    host accesswitch {
        hardware ethernet e0:07:1b:34:0c:a0;
        fixed-address 10.202.0.5;
        option tftpserver "172.18.20.51";
        option configfile "CN68FP53DN.cfg";
        option imagefile YA_16_04_0011.swi;

    }

}

 

 

In my TFTP server I can't see any requests for the image file.

 

Thanks!

Zero touch provisioning only works with Airwave or Central.

http://h22208.www2.hpe.com/eginfolib/networking/docs/switches/K-KA-KB/16-01/5200-0137_MCG/content/ch11s07.html

 

 

---

@cjoseph wrote:

Zero touch provisioning only works with Airwave or Central.

http://h22208.www2.hpe.com/eginfolib/networking/docs/switches/K-KA-KB/16-01/5200-0137_MCG/content/ch11s07.html

 

 

---

Well it is working with ZTP-configuration with only DHCP and TFTP server.

Why would you have this command in place if it's only working with airwave?

NS-0001# show dhcp client image-file-update

Downloading Image File from TFTP server is enabled

 

Log also shows the following:

 

I 01/01/90 00:02:30 00092 dhcp: ST1-CMDR: Enabling Auto Image Config Download via DHCP and turning off auto-tftp if enabled

Are you saying that DHCP/TFTP is viable only for configuration of device but if I want to upgrade, I need to use airwave?

 

Thanks!

Let's take a step back.

 

Do you want to upgrade your firmware and distribute configuration via TFTP?

 

Zero-Touch is the brand name for a specific process that requires Airwave or Central.

---

@cjoseph wrote:

Let's take a step back.

 

Do you want to upgrade your firmware and distribute configuration via TFTP?

 

Zero-Touch is the brand name for a specific process that requires Airwave or Central.

---

Hi,

Yes I want to upgrade firmware and distribute configuration using only DHCP options and TFTP.

Sorry if I confused you with the ZTP acronym.

Good morning, I was just taking a look at this thread and noticed that you stated that you are using a 2930F but for some reason it looks as if you are tying to load incorrect firmware “YA_16_04_0011.swi”.

Can you try it with the “WC_16_04_0011.swi” and see if you still get the same results? depending on the switch model number, even though the “16_xx_xxxx.swi” looks the same, each model will start with a different identifier “ya, wc, wb, kB, k, etc”.

Thanks
Benny

---

@beggers wrote:
Good morning, I was just taking a look at this thread and noticed that you stated that you are using a 2930F but for some reason it looks as if you are tying to load incorrect firmware “YA_16_04_0011.swi”.

Can you try it with the “WC_16_04_0011.swi” and see if you still get the same results? depending on the switch model number, even though the “16_xx_xxxx.swi” looks the same, each model will start with a different identifier “ya, wc, wb, kB, k, etc”.

Thanks
Benny

---

Hi,

Actually I was doing this with a 2530 for LAB, sorry for the confusion. In production we use 2930F.

Hello, found the solution. The DHCP sub-option 145 needs to be encapsulated inside DHCP option 43. Sub-option 144 can also be used to specify configuration file.

Here is the DHCP configuration file:

 

option space NEW_OP;
    option NEW_OP.image-file-name code 145 = text;
    option NEW_OP-encapsulation code 43 = encapsulate NEW_OP;

 

subnet 10.202.0.0 netmask 255.255.255.0 {
range 10.202.0.10 10.202.0.200;
option routers 10.202.0.1;
option subnet-mask 255.255.255.0;
option tftpserver "172.18.20.51";

subclass "vendor-class" "HP J9774A 2530-8G-PoEP Switch                            dslforum.org" {
      option vendor-class-identifier "HP J9774A 2530-8G-PoEP Switchdslforum.org";
    option NEW_OP.image-file-name "YA_16_04_0011.swi";

 

 

Thank You for sharing this.
Added some more for the DHCP Option on some of the CX switches. 

### Begin Config for ISC DHCP Server dhcpd.conf #####


#############################
# Aruba CX ZTP provisions #
# #
#############################
# https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-7852/Content/Chp_ZTP/ztp-sup-aos-cx-10.htm
##############################
option space ArubaCX;
option ArubaCX.config-file-name code 144 = text;
option ArubaCX.image-file-name code 145 = text;
option ArubaCX.CentralOnPrem-FQDN code 146 = text;
option ArubaCX-encapsulation code 43 = encapsulate ArubaCX;

#Class to Match Option 60
​class "Vendor-Class" {
match option vendor-class-identifier;
}

​subnet 10.202.0.0 netmask 255.255.255.0 {
range 10.202.0.10 10.202.0.200;
option routers 10.202.0.1;
option subnet-mask 255.255.255.0;

#######################
#SubClass Definiions
#######################

##################
# To Get Vendor Class for Switch CLI command on switch:
# show dhcp client vendor-class-identifier
#################

# Aruba CX Lab OVA
subclass "Vendor-Class" "Aruba ABC123 ArubaOS" {
vendor-option-space ArubaCX;
option ArubaCX.config-file-name "CXLab.cfg";
option ArubaCX.image-file-name "filename.swi";
option tftp-server-name "172.18.20.51";
}
# Aruba 6200F 48 Port
subclass "Vendor-Class" "Aruba JL728A 6200F" {
vendor-option-space ArubaCX;
option ArubaCX.config-file-name "6200F-24Port.cfg";
option ArubaCX.image-file-name "ArubaOS-CX_6200_10_09_0002.swi";
option tftp-server-name "172.18.20.51";
}
# Aruba 6200F 24 Port
subclass "Vendor-Class" "Aruba JL725A 6200F" {
vendor-option-space ArubaCX;
option ArubaCX.config-file-name "6200F-48Port.cfg";
option ArubaCX.image-file-name "ArubaOS-CX_6200_10_09_0002.swi";
option tftp-server-name "172.18.20.51";
}
# Aruba 6300 48 Port
subclass "Vendor-Class" "Aruba JL659A 6300" {
vendor-option-space ArubaCX;
option ArubaCX.config-file-name "6300-48Port.cfg";
option ArubaCX.image-file-name "ArubaOS-CX_6300_10_09_0002.swi";
option tftp-server-name "172.18.20.51";
}
}


### End Config for ISC DHCP Server dhcpd.conf #####

Original Message:
Sent: Jan 26, 2018 03:34 AM
From: Oscar Bengtsson
Subject: Zero Touch Provisioning, image problems

Hello, found the solution. The DHCP sub-option 145 needs to be encapsulated inside DHCP option 43. Sub-option 144 can also be used to specify configuration file.

Here is the DHCP configuration file:

 

option space NEW_OP;
    option NEW_OP.image-file-name code 145 = text;
    option NEW_OP-encapsulation code 43 = encapsulate NEW_OP;

 

subnet 10.202.0.0 netmask 255.255.255.0 {
range 10.202.0.10 10.202.0.200;
option routers 10.202.0.1;
option subnet-mask 255.255.255.0;
option tftpserver "172.18.20.51";

subclass "vendor-class" "HP J9774A 2530-8G-PoEP Switch                            dslforum.org" {
      option vendor-class-identifier "HP J9774A 2530-8G-PoEP Switchdslforum.org";
    option NEW_OP.image-file-name "YA_16_04_0011.swi";

 

 

Vielen Dank für deine Lösung, funktioniert bestens.

Wäre es möglich, einer bestimmten MAC-Adresse ein bestimmtes Konfigurationsfile zuzuweisen?

Ich würde neue Switches gerne automatisiert mit einem neuen Firmware-Image versehen und eine Konfigurationsdatei passend für den Switch installieren.

Original Message:
Sent: Jan 05, 2022 11:03 PM
From: mholden
Subject: Zero Touch Provisioning, image problems

Thank You for sharing this.
Added some more for the DHCP Option on some of the CX switches. 

### Begin Config for ISC DHCP Server dhcpd.conf #####


#############################
# Aruba CX ZTP provisions #
# #
#############################
# https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-7852/Content/Chp_ZTP/ztp-sup-aos-cx-10.htm
##############################
option space ArubaCX;
option ArubaCX.config-file-name code 144 = text;
option ArubaCX.image-file-name code 145 = text;
option ArubaCX.CentralOnPrem-FQDN code 146 = text;
option ArubaCX-encapsulation code 43 = encapsulate ArubaCX;

#Class to Match Option 60
​class "Vendor-Class" {
match option vendor-class-identifier;
}

​subnet 10.202.0.0 netmask 255.255.255.0 {
range 10.202.0.10 10.202.0.200;
option routers 10.202.0.1;
option subnet-mask 255.255.255.0;

#######################
#SubClass Definiions
#######################

##################
# To Get Vendor Class for Switch CLI command on switch:
# show dhcp client vendor-class-identifier
#################

# Aruba CX Lab OVA
subclass "Vendor-Class" "Aruba ABC123 ArubaOS" {
vendor-option-space ArubaCX;
option ArubaCX.config-file-name "CXLab.cfg";
option ArubaCX.image-file-name "filename.swi";
option tftp-server-name "172.18.20.51";
}
# Aruba 6200F 48 Port
subclass "Vendor-Class" "Aruba JL728A 6200F" {
vendor-option-space ArubaCX;
option ArubaCX.config-file-name "6200F-24Port.cfg";
option ArubaCX.image-file-name "ArubaOS-CX_6200_10_09_0002.swi";
option tftp-server-name "172.18.20.51";
}
# Aruba 6200F 24 Port
subclass "Vendor-Class" "Aruba JL725A 6200F" {
vendor-option-space ArubaCX;
option ArubaCX.config-file-name "6200F-48Port.cfg";
option ArubaCX.image-file-name "ArubaOS-CX_6200_10_09_0002.swi";
option tftp-server-name "172.18.20.51";
}
# Aruba 6300 48 Port
subclass "Vendor-Class" "Aruba JL659A 6300" {
vendor-option-space ArubaCX;
option ArubaCX.config-file-name "6300-48Port.cfg";
option ArubaCX.image-file-name "ArubaOS-CX_6300_10_09_0002.swi";
option tftp-server-name "172.18.20.51";
}
}


### End Config for ISC DHCP Server dhcpd.conf #####

Original Message:
Sent: Jan 26, 2018 03:34 AM
From: Oscar Bengtsson
Subject: Zero Touch Provisioning, image problems

Hello, found the solution. The DHCP sub-option 145 needs to be encapsulated inside DHCP option 43. Sub-option 144 can also be used to specify configuration file.

Here is the DHCP configuration file:

 

option space NEW_OP;
    option NEW_OP.image-file-name code 145 = text;
    option NEW_OP-encapsulation code 43 = encapsulate NEW_OP;

 

subnet 10.202.0.0 netmask 255.255.255.0 {
range 10.202.0.10 10.202.0.200;
option routers 10.202.0.1;
option subnet-mask 255.255.255.0;
option tftpserver "172.18.20.51";

subclass "vendor-class" "HP J9774A 2530-8G-PoEP Switch                            dslforum.org" {
      option vendor-class-identifier "HP J9774A 2530-8G-PoEP Switchdslforum.org";
    option NEW_OP.image-file-name "YA_16_04_0011.swi";