Network Management

I have Aruba CX 6100 12 ports switch to test before big deployment in near future and I was trying to use ADP and ZTP, but looks IMC ADP don't work as expected and it's full of bugs.

Hello,

I've done a fair bit of testing with iMC ADP and AOS-CX, and have run it successfully with various models, though I haven't specifically tested 6100. ADP was working fine for me on E0706P11.

First off, you should use the DHCP Suboption 145 with VCI to point the switch at the location and name of the software image you want to run on the AOS-CX switches. Using that option is highly recommended over the option to push the software from IMC, as it is much faster and doesn't rely on a sequence of scripts to run in IMC. For guidance on how to configure that option, please consult the "Zero-Touch Provisioning for ArubaOS- Switch" guide in the section "ZERO TOUCH PROVISIONING WITH DHCP AND TFTP".

Second, you said that your test was failing with "invalid configuration file". That typically means your configuration file is not compatible with the switch that is receiving it. Are you sure it is compatible? Have you tried to manually copy the configuration files onto the switch from IMC via the switch CLI?

For AOS-CX, it's important to note that Telnet is not supported, so SSH must be configured in the initial config, as well as for Login Type under "Configure Device Information" in IMC ADP when adding the device.

Hope that helps.

------------------------------
Justin Guse
------------------------------

Original Message:
Sent: Dec 07, 2022 09:32 AM
From: Mike Alani
Subject: HPE iMC ADP, for Aruba CX 6100

I have Aruba CX 6100 12 ports switch to test before big deployment in near future and I was trying to use ADP and ZTP, but looks IMC ADP don't work as expected and it's full of bugs.

I used E706P11 and then used E708 version with 10.06 and 10.10 SW version, now here is what I was trying to accomplish on E708.

Boot the new switch, get new software update as I used commands like DHCPV4 snooping and get the last configuration after the initial config that has snmp and ssh password,

Test 1 copied the SW image 10.10 in the server/tmp folder, configured DHCP options, then when the SW boots, then switch started downloading the image via TFTP (slow copying performance tried adding blocksize to DHCP options, it worked for image but never copied the config file as always failed with invalid configuration file) successfully then switch rebooted then it started to download the image again but no reboot this time?!, then config file downloaded but switch never tried to connect to the IMC and ADP keep waiting.

Test 2: removed the image from the DHCP options, switch booted, got the initial configuration and started to connect to IMC, then config file sent to the switch but it fail in switch and ADP rebooted the SW thought the config applied, and that because the config not compatible with switch version ( I don't need to update DW omg manually as I think that what ZTP for!)

Test 3: tried again by sending compatible configuration and chose software upgrade in ADP, then script fail, after checking logs looks the script don't sent slot variable to the ICC script calling, so I just added slot = /os/primary/ in the initial.tlc file this made the process continue but it stuck, however the switch actually got the new image but never reboot

Test 4, removed the software upgrade configuration from ADP and used CLI script, and use in the script copy TFTP://x.x.x.x;blocksize=16384/6100.swi primary, script failed with ssh connection closed, checked logs again showing it fail to receive response from the switch while I checked plink and plink76 both got me the continue (y/n)? Prompt. Then I have tried to add the command auto-confirm in CLI script that made the image transfer but it fail again with SSH connection closed and never set the image as primary. I'm out of ideas as I don't know how to make it working

I need the switch to get new image before applying the configuration as my configuration has new commands not available in 10.06, 10.07.

Please can someone help me

Thank you for the reply, I did make sure SSH is the way to communicate and also provided the credentials, also I set the DHCP options 43 with 145, show ZTP info showing the switch getting the right info

for invalid configuration that's only happen when I set the DHCP options for TFTP server with 192.168.1.1;blocksize=16384 to speed up the transfer, as I'm using the TFTP communication via IPsec tunnels and speed was 150KBps adding blocksize increase transfer of the binary img file but never success for config file, so I did removed the blocksize parameter to make it success. Problem is switch download the img, then reboot to use the new img, ZTP started again download the img again (don't know why is that) but with no reboot this time then download the config file successfully but after that it never communicate to IMC again and iMC ADP keep waiting.

I will repeat this process today and I will share some logs and PCAP too 

Original Message:
Sent: Dec 08, 2022 08:53 AM
From: Justin Guse
Subject: HPE iMC ADP, for Aruba CX 6100

Hello,

I've done a fair bit of testing with iMC ADP and AOS-CX, and have run it successfully with various models, though I haven't specifically tested 6100. ADP was working fine for me on E0706P11.

First off, you should use the DHCP Suboption 145 with VCI to point the switch at the location and name of the software image you want to run on the AOS-CX switches. Using that option is highly recommended over the option to push the software from IMC, as it is much faster and doesn't rely on a sequence of scripts to run in IMC. For guidance on how to configure that option, please consult the "Zero-Touch Provisioning for ArubaOS- Switch" guide in the section "ZERO TOUCH PROVISIONING WITH DHCP AND TFTP".

Second, you said that your test was failing with "invalid configuration file". That typically means your configuration file is not compatible with the switch that is receiving it. Are you sure it is compatible? Have you tried to manually copy the configuration files onto the switch from IMC via the switch CLI?

For AOS-CX, it's important to note that Telnet is not supported, so SSH must be configured in the initial config, as well as for Login Type under "Configure Device Information" in IMC ADP when adding the device.

Hope that helps.

------------------------------
Justin Guse

Original Message:
Sent: Dec 07, 2022 09:32 AM
From: Mike Alani
Subject: HPE iMC ADP, for Aruba CX 6100

I have Aruba CX 6100 12 ports switch to test before big deployment in near future and I was trying to use ADP and ZTP, but looks IMC ADP don't work as expected and it's full of bugs.

I used E706P11 and then used E708 version with 10.06 and 10.10 SW version, now here is what I was trying to accomplish on E708.

Boot the new switch, get new software update as I used commands like DHCPV4 snooping and get the last configuration after the initial config that has snmp and ssh password,

Test 1 copied the SW image 10.10 in the server/tmp folder, configured DHCP options, then when the SW boots, then switch started downloading the image via TFTP (slow copying performance tried adding blocksize to DHCP options, it worked for image but never copied the config file as always failed with invalid configuration file) successfully then switch rebooted then it started to download the image again but no reboot this time?!, then config file downloaded but switch never tried to connect to the IMC and ADP keep waiting.

Test 2: removed the image from the DHCP options, switch booted, got the initial configuration and started to connect to IMC, then config file sent to the switch but it fail in switch and ADP rebooted the SW thought the config applied, and that because the config not compatible with switch version ( I don't need to update DW omg manually as I think that what ZTP for!)

Test 3: tried again by sending compatible configuration and chose software upgrade in ADP, then script fail, after checking logs looks the script don't sent slot variable to the ICC script calling, so I just added slot = /os/primary/ in the initial.tlc file this made the process continue but it stuck, however the switch actually got the new image but never reboot

Test 4, removed the software upgrade configuration from ADP and used CLI script, and use in the script copy TFTP://x.x.x.x;blocksize=16384/6100.swi primary, script failed with ssh connection closed, checked logs again showing it fail to receive response from the switch while I checked plink and plink76 both got me the continue (y/n)? Prompt. Then I have tried to add the command auto-confirm in CLI script that made the image transfer but it fail again with SSH connection closed and never set the image as primary. I'm out of ideas as I don't know how to make it working

I need the switch to get new image before applying the configuration as my configuration has new commands not available in 10.06, 10.07.

Please can someone help me

Hello,

Thanks for the further details. Did the device reboot after downloading the configuration file from TFTP? IMC learns the IP of the device when the device requests the initial config file, and then starts polling it (via SNMP GET for the hostname if I recall correctly) until it comes back online and responds. A packet capture on the IMC side would indeed help to figure out why this isn't working as expected, as well as checking the device logs in case it didn't reboot.

You might also try deleting and re-creating the initial configuration file in IMC if it was created some time ago, or from an older IMC version. There's a known issue where sometimes it doesn't work to detect the device after reboot in such cases.

Side note, make sure you are only specifying the Match Criteria: MAC Address in IMC, along with Target IP (the final IP address) of the device, and leaving the Match Criteria: Current IP Address blank (that is only for one-touch provisioning).

------------------------------
Justin Guse
------------------------------

Original Message:
Sent: Dec 08, 2022 09:51 AM
From: Mike Alani
Subject: HPE iMC ADP, for Aruba CX 6100

Thank you for the reply, I did make sure SSH is the way to communicate and also provided the credentials, also I set the DHCP options 43 with 145, show ZTP info showing the switch getting the right info

for invalid configuration that's only happen when I set the DHCP options for TFTP server with 192.168.1.1;blocksize=16384 to speed up the transfer, as I'm using the TFTP communication via IPsec tunnels and speed was 150KBps adding blocksize increase transfer of the binary img file but never success for config file, so I did removed the blocksize parameter to make it success. Problem is switch download the img, then reboot to use the new img, ZTP started again download the img again (don't know why is that) but with no reboot this time then download the config file successfully but after that it never communicate to IMC again and iMC ADP keep waiting.

I will repeat this process today and I will share some logs and PCAP too

Original Message:
Sent: Dec 08, 2022 08:53 AM
From: Justin Guse
Subject: HPE iMC ADP, for Aruba CX 6100

Hello,

I've done a fair bit of testing with iMC ADP and AOS-CX, and have run it successfully with various models, though I haven't specifically tested 6100. ADP was working fine for me on E0706P11.

First off, you should use the DHCP Suboption 145 with VCI to point the switch at the location and name of the software image you want to run on the AOS-CX switches. Using that option is highly recommended over the option to push the software from IMC, as it is much faster and doesn't rely on a sequence of scripts to run in IMC. For guidance on how to configure that option, please consult the "Zero-Touch Provisioning for ArubaOS- Switch" guide in the section "ZERO TOUCH PROVISIONING WITH DHCP AND TFTP".

Second, you said that your test was failing with "invalid configuration file". That typically means your configuration file is not compatible with the switch that is receiving it. Are you sure it is compatible? Have you tried to manually copy the configuration files onto the switch from IMC via the switch CLI?

For AOS-CX, it's important to note that Telnet is not supported, so SSH must be configured in the initial config, as well as for Login Type under "Configure Device Information" in IMC ADP when adding the device.

Hope that helps.

------------------------------
Justin Guse

Original Message:
Sent: Dec 07, 2022 09:32 AM
From: Mike Alani
Subject: HPE iMC ADP, for Aruba CX 6100

I have Aruba CX 6100 12 ports switch to test before big deployment in near future and I was trying to use ADP and ZTP, but looks IMC ADP don't work as expected and it's full of bugs.

I used E706P11 and then used E708 version with 10.06 and 10.10 SW version, now here is what I was trying to accomplish on E708.

Boot the new switch, get new software update as I used commands like DHCPV4 snooping and get the last configuration after the initial config that has snmp and ssh password,

Test 1 copied the SW image 10.10 in the server/tmp folder, configured DHCP options, then when the SW boots, then switch started downloading the image via TFTP (slow copying performance tried adding blocksize to DHCP options, it worked for image but never copied the config file as always failed with invalid configuration file) successfully then switch rebooted then it started to download the image again but no reboot this time?!, then config file downloaded but switch never tried to connect to the IMC and ADP keep waiting.

Test 2: removed the image from the DHCP options, switch booted, got the initial configuration and started to connect to IMC, then config file sent to the switch but it fail in switch and ADP rebooted the SW thought the config applied, and that because the config not compatible with switch version ( I don't need to update DW omg manually as I think that what ZTP for!)

Test 3: tried again by sending compatible configuration and chose software upgrade in ADP, then script fail, after checking logs looks the script don't sent slot variable to the ICC script calling, so I just added slot = /os/primary/ in the initial.tlc file this made the process continue but it stuck, however the switch actually got the new image but never reboot

Test 4, removed the software upgrade configuration from ADP and used CLI script, and use in the script copy TFTP://x.x.x.x;blocksize=16384/6100.swi primary, script failed with ssh connection closed, checked logs again showing it fail to receive response from the switch while I checked plink and plink76 both got me the continue (y/n)? Prompt. Then I have tried to add the command auto-confirm in CLI script that made the image transfer but it fail again with SSH connection closed and never set the image as primary. I'm out of ideas as I don't know how to make it working

I need the switch to get new image before applying the configuration as my configuration has new commands not available in 10.06, 10.07.

Please can someone help me

Did the device reboot after downloading the configuration file from TFTP? No

I have made sure DHCP options and IMC ADP configuration are both correct

Switch version 10.07 (current new switch FW)  trying to upgrade to 10.10

1st attempt
1- Turn on the switch
2- Switch start downloading  SWI firewall (speed is 600Kbps via IPsec)
3- Switch failed  after downloading like %99 of the file with TFTP unreachable (while it is)

6100(config)# show ztp information
TFTP Server                     : 172.25.2.8
Image File                      : 6100.swi
Configuration File              : ztp.cfg
Status                          : In-progress - Image download and verification
Aruba Central Location          : NA
Force-Provision                 : Enabled
HTTP Proxy Location             : NA
6100(config)#
6100(config)#
6100(config)# show ztp information
TFTP Server                     : 172.25.2.8
Image File                      : 6100.swi
Configuration File              : ztp.cfg
Status                          : Failed - TFTP server unreachable
Aruba Central Location          : NA
Force-Provision                 : Enabled
HTTP Proxy Location             : NA

2nd attempt 
1- Turn off the IMC TFTP server and use the TFTPD64 server.
2- Set TFTPD46 setting "Use anticipation window" to 4096, transfer speed changed to 2.5Mbps
3- Turn on the switch
4- Switch start downloading the SWI file 
5- Switch reboot after downloading the SWI file  (config file didn't download yet)
6- Switch start downloading the SWI image again
7- Switch download config file
8- The switch never connects to IMC

My guess is because not using the iMC TFTP server, is there a way to speed up the transfer from the server side? such as Use anticipation window"



Original Message:
Sent: Dec 08, 2022 10:50 AM
From: Justin Guse
Subject: HPE iMC ADP, for Aruba CX 6100

Hello,

Thanks for the further details. Did the device reboot after downloading the configuration file from TFTP? IMC learns the IP of the device when the device requests the initial config file, and then starts polling it (via SNMP GET for the hostname if I recall correctly) until it comes back online and responds. A packet capture on the IMC side would indeed help to figure out why this isn't working as expected, as well as checking the device logs in case it didn't reboot.

You might also try deleting and re-creating the initial configuration file in IMC if it was created some time ago, or from an older IMC version. There's a known issue where sometimes it doesn't work to detect the device after reboot in such cases.

Side note, make sure you are only specifying the Match Criteria: MAC Address in IMC, along with Target IP (the final IP address) of the device, and leaving the Match Criteria: Current IP Address blank (that is only for one-touch provisioning).

------------------------------
Justin Guse

Original Message:
Sent: Dec 08, 2022 09:51 AM
From: Mike Alani
Subject: HPE iMC ADP, for Aruba CX 6100

Thank you for the reply, I did make sure SSH is the way to communicate and also provided the credentials, also I set the DHCP options 43 with 145, show ZTP info showing the switch getting the right info

for invalid configuration that's only happen when I set the DHCP options for TFTP server with 192.168.1.1;blocksize=16384 to speed up the transfer, as I'm using the TFTP communication via IPsec tunnels and speed was 150KBps adding blocksize increase transfer of the binary img file but never success for config file, so I did removed the blocksize parameter to make it success. Problem is switch download the img, then reboot to use the new img, ZTP started again download the img again (don't know why is that) but with no reboot this time then download the config file successfully but after that it never communicate to IMC again and iMC ADP keep waiting.

I will repeat this process today and I will share some logs and PCAP too

Original Message:
Sent: Dec 08, 2022 08:53 AM
From: Justin Guse
Subject: HPE iMC ADP, for Aruba CX 6100

Hello,

I've done a fair bit of testing with iMC ADP and AOS-CX, and have run it successfully with various models, though I haven't specifically tested 6100. ADP was working fine for me on E0706P11.

First off, you should use the DHCP Suboption 145 with VCI to point the switch at the location and name of the software image you want to run on the AOS-CX switches. Using that option is highly recommended over the option to push the software from IMC, as it is much faster and doesn't rely on a sequence of scripts to run in IMC. For guidance on how to configure that option, please consult the "Zero-Touch Provisioning for ArubaOS- Switch" guide in the section "ZERO TOUCH PROVISIONING WITH DHCP AND TFTP".

Second, you said that your test was failing with "invalid configuration file". That typically means your configuration file is not compatible with the switch that is receiving it. Are you sure it is compatible? Have you tried to manually copy the configuration files onto the switch from IMC via the switch CLI?

For AOS-CX, it's important to note that Telnet is not supported, so SSH must be configured in the initial config, as well as for Login Type under "Configure Device Information" in IMC ADP when adding the device.

Hope that helps.

------------------------------
Justin Guse

Original Message:
Sent: Dec 07, 2022 09:32 AM
From: Mike Alani
Subject: HPE iMC ADP, for Aruba CX 6100

I have Aruba CX 6100 12 ports switch to test before big deployment in near future and I was trying to use ADP and ZTP, but looks IMC ADP don't work as expected and it's full of bugs.

I used E706P11 and then used E708 version with 10.06 and 10.10 SW version, now here is what I was trying to accomplish on E708.

Boot the new switch, get new software update as I used commands like DHCPV4 snooping and get the last configuration after the initial config that has snmp and ssh password,

Test 1 copied the SW image 10.10 in the server/tmp folder, configured DHCP options, then when the SW boots, then switch started downloading the image via TFTP (slow copying performance tried adding blocksize to DHCP options, it worked for image but never copied the config file as always failed with invalid configuration file) successfully then switch rebooted then it started to download the image again but no reboot this time?!, then config file downloaded but switch never tried to connect to the IMC and ADP keep waiting.

Test 2: removed the image from the DHCP options, switch booted, got the initial configuration and started to connect to IMC, then config file sent to the switch but it fail in switch and ADP rebooted the SW thought the config applied, and that because the config not compatible with switch version ( I don't need to update DW omg manually as I think that what ZTP for!)

Test 3: tried again by sending compatible configuration and chose software upgrade in ADP, then script fail, after checking logs looks the script don't sent slot variable to the ICC script calling, so I just added slot = /os/primary/ in the initial.tlc file this made the process continue but it stuck, however the switch actually got the new image but never reboot

Test 4, removed the software upgrade configuration from ADP and used CLI script, and use in the script copy TFTP://x.x.x.x;blocksize=16384/6100.swi primary, script failed with ssh connection closed, checked logs again showing it fail to receive response from the switch while I checked plink and plink76 both got me the continue (y/n)? Prompt. Then I have tried to add the command auto-confirm in CLI script that made the image transfer but it fail again with SSH connection closed and never set the image as primary. I'm out of ideas as I don't know how to make it working

I need the switch to get new image before applying the configuration as my configuration has new commands not available in 10.06, 10.07.

Please can someone help me