Controller Based WLANs

 View Only
last person joined: one year ago 

APs, Controllers, VIA
Back to Library

Zero Touch Provisioning for a Branch office controller 

Mar 07, 2016 04:26 PM

Requirement:

Zero Touch Provisioning for a Branch office controller:

Lack of onsite IT support is a big challenge in deployments of remote sites, ZTP makes the deployment of Branch office controllers plug & play. Factory state branch office controllers will be able to learn all the required info from the network and provision itself automatically in the Auto provisioning mode

 

 

 

 

 



Solution:

Provisioning Modes:


Currently you can configure controller using setup dialog box. 
We are adding two more auto provisioning modes for supporting ZTP feature for BoCs. 
Connect last copper port of Controller to as uplink for controller which has vlan 4094 configured with dhcp client

 

Below are auto Provisioning Modes:

  • DHCP
  • Activate

DHCP:

  1. Controller will get its local IP address and routing information from DHCP
  2. Controller will get Master information and Country code from DHCP Server
  3. Controller will add “ArubaMC” as vendor class identifier (VCI - option 60) in its DHCP requests
  4. DHCP server has to be  configured with Master information corresponding to that identifier
  5. DHCP server sends that information as vendor-specific information (VSI - option 43) in its responses to the controller.

Activate:

  1.  This method requires interactions with activate server to get Master information.
  2.  BoC establishes HTTPS connection with the activate server (device.arubanetworks.com) and posts provision request to it. 
  3.  Activate server authenticates the controller and on successful authentication provides Master information and Country Code to the BoC.
  4.  To override completely auto provisioning – semi-auto and manual modes can be used. Semi-auto mode is available only for BoCs while manual mode is available for any controller roles.

 


ZTP Semi-auto Mode

  • While controller tries to provision automatically in the background, following message will be displayed to the user –
  • Auto-provisioning is in progress. To override…
  • Enter Switch Role (master|local|standalone|remote-node):
  • If user specifies the role as “remote-node”, user will be asked the following question -
  • Do you want complete setup dialog? (yes/no):
  • If user answers “no”, it will be prompted to provide the master IP address –
  • Enter Master Controller IP address:
  • If the controller is restricted to a particular country, controller will use that. Otherwise it will prompt the user for country code –Enter Country code:
  • After this, the setup dialog will terminate and user will be asked no more questions. Controller will retrieve rest of the configurations from the provided master
  • If user answers “yes” for complete setup dialog, or if the user specifies the role as local, master, or standalone, it will be presented the complete setup dialog as today.

 

 

 



Configuration:

Smart config:

 

 

 

Smart config

  • Configuration to BoC will be pushed from Master Controller to BoC
  • This configuration will be done through Smart configuration
  • For basic BoC operation you need to configure below through Smart Config

 

  1. Model Type
  2. Vlan
  3. Interface vlan 
  4. IP address for vlan
  5. Controller IP
  6. DHCP pool
  7. mgmt-user
  8. Adding mac address of BoC to whitelist

 

Smart Config has following tabs to configure:

  • Profile Management
  • System
  • Networking
  • Routing
  • VPN
  • WAN
  • Summary
  • Whitelist

 

 



Verification

ZTP-Debugging

 

 1) DHCP Auto Provisioning:

 

  • You can log into BoC using serial console with username “remotenodesupport” password “mac address of BoC”
  • Make sure controller got an ip address on vlan 4094 from dhcp server
  • Make sure controller got default-router from DHCP Server
  • Make sure BoC is able to send traffic out to master
  • Make sure Wired uplink has state as shown below

 

(7030) #show uplink

Uplink Manager: Enabled

Uplink Management Table
-----------------------
Id  Uplink Type  Properties  Priority  State      Status      Reachability
--  -----------  ----------  --------  -----      ------      ------------
1   Wired        vlan 4094   200       Connected  * Active *  Reachable

 

  • You can do the packet capture on DHCP Server to make sure DHCP requests coming from BoC
  • Make sure BoC Sends Option 60 from packet capture
  • Make sure DHCP offer sends Master ip in option 43 from packet capture
  •  

Commands to see Status of BoC on Master:

#Show crypto isakmp sa
#Show crypto ipsec sa
#Show switches
#Show switches remote-node

For debugging IPSec issues use debugging levels below:

#Logging level debugging security
#Logging level debugging security process crypto subcat ike
#Show log security all

 

 

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.