How to do a Zero Touch Provisioning (ZTP) in MAS.
07-04-2014 02:37 AM
• Activate is a cloud-based service enabling customers to more efficiently deploy and maintain their Aruba devices across a distributed enterprise.
•Customers subscribing to Aruba Activate can categorize and set specific provisioning parameters to enable their devices to self-configure upon boot, Enabling reduced time-to-deploy across a large number of locations
• Asset tracking and device categorization within the customer organization
•Automated software update notifications and simplified upgrades
•AMP helps in managing the Config across multiple group of devices.
Feature Notes :
§First of all MAS should have IP connectivity to Activate server, meaning it should obtain it’s own dynamically configured IP address (DHCP) & should be reachable to Activate (ensure proper routes, DNS etc…)
§Also, the MAS configuration (to be downloaded later) is created “off-line” on AirWave. And “First” MAS device has to be manually previsioned on the AMP per ‘AMP Group’ with “Golden-Config”. All subsequent new devices under that group get provisioned automatically
§Image pre-requisites: MAS 7.3 FCS , & AMP 7.7.6 releases.
Network Topology :
Configuration Steps :
Customer should have an account with Activate.
When customer “X” buys a MAS device, Aruba manufacturing department populates the Serial-Number & MAC-address of that device to their internal inventory tool.
That data is in turn populated on to Activate server (https://activate.arubanetworks.com/) . i.e, Now we have mapping of all the devices bought by customer ‘X’, customer ‘Y’, etc…
Initially all the devices appear in ‘default’ folder, Then based on your plan, one create new folders & move them to different folders for easy management
In Short, there is no action required on behalf of customer to add devices to Activate, they are automatically added by Aruba.
1. MAS posts it's MAC, serial number, part number to device.arubanetworks.com using HTTPS (443)
2. It also post all subordinate devices (if it is a stack, primary posts this mentioning it's member- devices)
3. And current FW version
4. Aruba Activate authenticates MAS device via device TPM certificate.
5. Aruba Activate should determine if the MAC, serial number are:
- In shipped status
- Assigned to a customer
- Customer has enabled service
- Customer has setup a rule
6. If device meets all above criteria then send back provisioning information:
- AMP IP
- AMP group
- Shared secret
Note: Use Provisioning-Rule-Type "MAS to Airwave“ to configure AMP-IP, shared-secret, AMP-group/folder details on Activate.
7. Aruba Activate updates the device records
- Last seen : Time stamp. It can be used for debugging incase any issues.
- FW version : Including the subordinate MAS devices (stack-members)
- Source IP : Helpful in determining location
8. MAS in-turn contacts AMP with above details again using HTTPS POST to obtain the config. If it is contacting for the first time, device gets “Registered” on the AMP. Then AMP pushes config.
Note: Before that AMP to be pre-provisioned with “golden-config” for that group which all subsequent devices would download automatically.
By default, the Mobility Access Switch contacts the Activate server upon initial bootup.
Also, periodically every seven days to see if there is a new image version to which that switch can upgrade.
If a new version is available, Activate prompts you to download and upgrade to the new image.
The download process is not triggered automatically and requires admin intervention.
To disable the activate firmware services, issue the command
(MAS) (config) #activate-service-firmware
(MAS) (activate-service-firmware) #no enable