Zero touch provisioning on HPE Comware - Hewlett
advertisement
Zero touch provisioning on
HPE Comware switches
Contents
Introduction .................................................................................................................................................................................................................................................................................... 2
Environment 1: With HPE IMC....................................................................................................................................................................................................................................... 2
Requirements ......................................................................................................................................................................................................................................................................... 2
Network topology............................................................................................................................................................................................................................................................... 2
Step 1.1: HPE IMC configuration ............................................................................................................................................................................................................................ 3
Step 1.2: Windows 2012R2 DHCP server configuration .................................................................................................................................................................... 6
Step 1.3: HPE IMC configuration............................................................................................................................................................................................................................ 6
Step 1.4: Power up and connect new switches into the OOB network..............................................................................................................................11
Environment 2: without HPE IMC ............................................................................................................................................................................................................................ 13
Requirements .......................................................................................................................................................................................................................................................................13
Network topology.............................................................................................................................................................................................................................................................13
Step 2.1: TFTP server configuration.................................................................................................................................................................................................................14
Step 2.2: DHCP server configuration............................................................................................................................................................................................................... 15
Step 2.3: Connect and power up new switches into the OOB network ............................................................................................................................ 15
For devices without L2 network connectivity to the DHCP server ........................................................................................................................................... 17
Network topology.............................................................................................................................................................................................................................................................17
Additional step: DHCP relay on default gateway configuration ............................................................................................................................................ 17
Additional links ..........................................................................................................................................................................................................................................................................19
Configuration guide
Configuration guide
Page 2
Introduction
This configuration guide provides advice on provisioning new HPE Comware switches in your network automatically, fresh out of the box,
without setting up console access into the switch or typing commands manually to configure credentials and enable remote network
management access.
Two environments are described in this guide:
• With HPE Intelligent Management Center (IMC)
• Without HPE IMC
Note:
HPE FlexFabric 5900 and 5930M switches worked as expected using the steps described in this guide. Other HPE Comware switches should also
function in the same manner.
Environment 1: With HPE IMC
The example configuration described in this section is applicable in environments with HPE IMC already deployed and assumes the new switches
will also be deployed in the same IP subnet as the DHCP server. Refer to the last section of this guide for additional configuration guidance if the
new devices are in a different IP subnet.
Requirements
The following are required:
• DHCP server (Windows® server 2012 is used in this example)
• HPE IMC (7.1 base platform was tested during creation of this document)
• MAC addresses of the new switches (using sticker pasted on the switch) would need to be recorded.
Network topology
The topology as shown in figure 1 will be used to describe environment 1:
• The new HPE Comware v7 Switches will connect into the existing Out-of-Band (OOB) management network using their management
Ethernet port
• L2 network connectivity exists between the new switches and DHCP server/HPE IMC
• HPE IMC and DHCP server exist on the same subnet
Existing
DC fabric
HPE IMC VM –
10.10.10.10/24
L2 network connectivity
M-GE0/0/0
New HPE
Comware
switches
Figure 1. Environment 1 network topology
Existing
OOB
network
VM VM VM
VM VM VM
Hypervisor
Windows 2012 VM
(DHCP server) –
10.10.10.106/24
Configuration guide
Page 3
Step 1.1: HPE IMC configuration
Navigate to the HPE IMC > Service > Configuration Center > Auto Deployment Plan and click on the Initial Configuration File Management link as
shown in figure 2.
Figure 2. ADP configuration (Part 1)
Click on “Add” to create a new initial configuration file as shown in figure 3.
Figure 3. ADP configuration (Part 2)
Create the new Initial Configuration file using the following parameters and click OK to add as shown in figure 4.
File Name: oobm.cfg
Description: OOBM autoconfig startup configuration file
File Content:
sysname ADP_Initial_Config
#
interface M-GigabitEthernet0/0/0
ip address dhcp-alloc
#
telnet server enable
#
stp global enable
#
snmp-agent
snmp-agent community read iMCV5read
snmp-agent community write iMCV5write
snmp-agent sys-info version all
#
line aux 0
user-role network-admin
screen-length 69
Configuration guide
Page 4
#
line vty 0 63
authentication-mode scheme
user-role network-admin
user-role network-operator
screen-length 0
#
local-user iMCV5admin class manage
password simple iMCV5admin
service-type telnet
authorization-attribute user-role level-15
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
return
Note:
The snmpv1 read and write community strings, as well as the telnet username and password must match exactly what is shown in the access
parameters in figure 4.
For e.g. if IMC shows iMCV5read, iMCV5read has to be used. If IMC shows iMCread, iMCread has to be used.
These parameters will be used only for the initial discovery and will be overwritten during the deployment of the devices’ desired configuration.
Configuration guide
Figure 4. ADP configuration (Part 3)
Verify that the new initial configuration file “oobm.cfg” was successfully created as shown in figure 5.
Figure 5. ADP configuration (Part 4)
Page 5
Configuration guide
Page 6
Step 1.2: Windows 2012R2 DHCP server configuration
As shown in figure 6, configure your DHCP server with its desired network scope, then add two more options. Option 66 will specify the TFTP
server IP (HPE IMC), while option 67 will specify the initial configuration file the new switches should boot up to, as previously created in step 1.1.
Figure 6. Windows DHCP server configuration
Step 1.3: HPE IMC configuration
On the HPE IMC server, navigate to Service > Configuration Center > Auto Deployment Plan and click Add to create a new auto-deployment plan
with the following parameters as shown in figure 7.
Figure 7. ADP configuration (Part 5)
Configuration guide
Page 7
Configure using these values as shown in figure 8, “Name: OOBM”
Figure 8. ADP configuration (Part 6)
Create the desired configuration file for the final deployment by using Service > Configuration Templates > Add > Manual Add as shown in figure
9. This configuration file may include normal configuration template variables as typically defined in an HPE IMC configuration template (please
see IMC administrator’s guide for more information).
Figure 9. ADP configuration (Part 7)
Configuration guide
Page 8
The following sample configuration template is used (modify as required for your own environment). In this example, we are defining fixed values
for static route/telnet/snmp, but sysname and OOBM IP address can be changed for each individual device.
Sample configuration template:
telnet server enable
sysname ${DEVICE-SYSNAME}
snmp-agent
snmp-agent community write private
snmp-agent community read public
snmp-agent sys-info version all
local-user admin class manage
password simple password
service-type telnet http terminal
authorization-attribute user-role network-operator
authorization-attribute user-role network-admin
user-interface vty 0 15
authentication-mode scheme
fan prefer-direction slot 1 port-to-power
interface M-GigabitEthernet0/0/0
ip address ${MGMT-IP-ADDR} 255.255.255.0
ip route 15.0.0.0 255.0.0.0 10.10.10.254
From the OOBM deployment plan, select the Add Auto Deployment Device icon
as shown in figure 10 below.
Figure 10. ADP configuration (Part 8)
Configuration guide
Page 9
In this example, we will set the following values:
MGMT-IP-ADDR: 10.10.10.75
#this is the IP address to be assigned to the OOBM port.
DEVICE-SYSNAME: DC1-5930-1
#this is the device sysname to be assigned
Ensure that the Back Up Configuration File option is set to No as shown in figure 11.
Note:
Also ensure device IP specified is not already managed by IMC for any other device.
Figure 11. ADP configuration (Part 9)
As shown in figure 12, input the Match Criteria: MAC Address field with the MAC address of the target device. This is the MAC address stated on
the sticker pasted on the device.
Input the Target IP address of the device. This is the final IP address that you wish to use for managing the device.
Configuration guide
Page 10
Figure 12. ADP configuration (Part 10)
As shown in figure 13, specify the access parameters here to match those of the final state of the device (e.g. SNMP and telnet settings below
have to match 5930.cfg selected above). These settings will be used by HPE IMC to contact and discover the device during the final stages of the
auto-deployment. If these settings do not match, the auto-deployment task will fail.
Figure 13. ADP configuration (Part 11)
Configuration guide
Page 11
Step 1.4: Power up and connect new switches into the OOB network
With the previous steps done, connect (only the management Ethernet port) and power up the new switches into the OOB network. The
following console output as shown should be seen with initial zero touch provisioning complete. The IP address assigned to the switch will be
shown.
Loading file flash:/5930-cmw710-system-r2418p06.bin.............................
.....................................Done.
Loading file flash:/5930-cmw710-boot-r2418p06.bin..............Done.
Image file flash:/5930-cmw710-boot-r2418p06.bin is self-decompressing...........
................................................................................
.Done.
System is starting...
Cryptographic algorithms tests passed.
Startup configuration file does not exist.
Started automatic configuration, press CTRL_C or CTRL_D to break.
Automatic configuration attempt: 1.
Not ready for automatic configuration: no interface available.
Waiting for the next...
Automatic configuration attempt: 2.
Interface used: M-GigabitEthernet0/0/0.
Enable DHCP client on M-GigabitEthernet0/0/0.
Obtained an IP address for M-GigabitEthernet0/0/0: 10.10.10.201.
Obtained configuration file name oobm.cfg and TFTP server name 10.10.10.10.
Resolved the TFTP server name to 10.10.10.10.
Successfully downloaded file oobm.cfg.
Executing the configuration file. Please wait...
Automatic configuration successfully completed.
Line aux0 is available.
Press ENTER to get started.
<ADP_Initial_Config>
Configuration guide
Page 12
After the initial configuration is provisioned, the devices will be rebooted by IMC.
From the HPE IMC Service > Configuration Center > Auto Deployment Plan interface, select the Auto Deployment Execution Result icon
as shown in Figure 14 below.
Figure 14. ADP verification
Once initial zero touch provisioning is complete and working as expected, the network administrator can proceed to cable up the remaining ports
into the DC fabric and configure any additional configurations via remote access as shown in the example below.
Example of remote access into the switch
<HP>telnet 10.10.10.75
Trying 10.10.10.75 ...
Press CTRL+K to abort
Connected to 10.10.10.75 ...
******************************************************************************
* Copyright (c) 2010-2015 Hewlett-Packard Development Company, L.P.
*
* Without the owner's prior written consent,
*
* No decompiling or reverse-engineering shall be allowed.
*
******************************************************************************
Login: admin
Password:
Configuration guide
Page 13
<DC1-5930-1>
<DC1-5930-1>dis int brie | i UP
InLoop0
UP
UP(s)
--
M-GE0/0/0
UP
UP
10.10.10.75
NULL0
UP
UP(s)
--
REG0
UP
--
--
Environment 2: without HPE IMC
The example configuration described in this section is applicable for environments without HPE IMC and assumes the new switches will also be
deployed in the same IP subnet as the DHCP server. Refer the last section of this guide for additional configuration guidance if the new devices
are in a different IP subnet.
Requirements
The following are required:
• DHCP server (Windows Server® 2012 is used in this example)
• TFTP server (3CDaemon application is used in this example and installed on the same Windows Server VM)
There is no requirement to identify MAC addresses of the new switches for this to function as expected.
Network topology
The topology as shown in figure 15 will be used to describe environment 2:
• The new HPE Comware switches will connect into the existing OOB management network using their management Ethernet port
• L2 network connectivity exists between the new switches and TFTP/DHCP server
• TFTP and DHCP server exist on the same subnet
Existing
DC fabric
L2 network connectivity
M-GE0/0/0
New HPE
Comware
switches
Figure 15. Environment 2 network topology
Existing
OOB
network
VM VM VM
VM VM VM
Hypervisor
Windows 2012 VM
(DHCP and TFTP
server) – 10.10.10.106/24
Configuration guide
Page 14
Step 2.1: TFTP server configuration
A .cfg file will need to be created in the TFTP server directory; this directory will depend on your TFTP server application. Launch “Notepad”,
“Save As” select the correct directory, rename the file as desired, and save. The file name is not fixed. In this example, it is saved as 5900.cfg as
shown in figure 16.
Figure 16. cfg file creation
Fill in the .cfg file with your desired switch configuration. Here is the sample configuration used; additional configuration may be added or
changed as desired.
interface M-GigabitEthernet0/0/0
ip address dhcp-alloc
#
telnet server enable
ssh server enable
#
snmp-agent
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
#
line vty 0 15
authentication-mode scheme
#
Configuration guide
Page 15
local-user admin class manage
password simple password
service-type telnet ssh
authorization-attribute user-role network-admin
Here is an example for other additional configurations such as VLANs, OSPF etc., which maybe added into the above .cfg file.
vlan 10 to 11
ospf 1
area 0.0.0.0
network 192.168.11.0 0.0.0.255
Step 2.2: DHCP server configuration
As shown in figure 17, configure your DHCP server with its desired network scope, then add two more options. Option 66 will specify the TFTP
server IP (same IP as the DHCP server), while option 67 will specify the configuration file the new switches should boot up to, as previously
created in step 2.1.
Figure 17. DHCP Server option settings
Step 2.3: Connect and power up new switches into the OOB network
With the previous steps done, connect (only the management Ethernet port) and power up the new switches into the OOB network. The
following console output as shown in figure 18 should be seen with initial zero touch provisioning complete. The IP address assigned to the
switch will be shown; the TFTP server console should state the .cfg file was sent as expected.
If console access is not available, the IP addresses assigned in the DHCP server address leases as previously shown in figure 5 can also be used
to identify the IPs and establish remote network management access.
Configuration guide
Page 16
Once initial zero touch provisioning is complete and working as expected, the network administrator can proceed to cable up the remaining ports
into the DC fabric and configure device specifics such as unique “sysname”, static management IP, uplink IPs etc. As IMC is not available to
complete the rest of the desired configuration, CLI via remote network management access will have to be used in this environment.
Note:
This procedure should not disrupt existing switches with saved configuration if they reboot. The existing switches will not initiate the automatic
configuration attempt shown below.
Figure 18. New switch boot up
Configuration guide
Page 17
For devices without L2 network connectivity to the DHCP server
This section is applicable for environments where the new switches need to be deployed in a different subnet from the DHCP server. The
procedures from environment 1 and 2 are still applicable; the only additional configuration required is DHCP relay on the default gateway switch.
Network topology
The topology as shown in figure 19 will be used to describe this environment:
• The new HPE Comware switches will connect into the existing network using their management Ethernet port
• L3 network connectivity exists between the new switches and TFTP/DHCP server
Existing
DC fabric
L3 network connectivity
10.1.1.0/24
10.10.10.0/24
M-GE0/0/0
New HPE
Comware
switches
Existing OOB network
(switch functioning as
default gateway for new
HPE Comware switches)
VM VM VM
VM VM VM
Hypervisor
Windows 2012 VM
(DHCP and TFTP
server) – 10.10.10.106/24
Figure 19. L3 network topology
Additional step: DHCP relay on default gateway configuration
As shown below, the following configuration can be added for the default gateway to function as a DHCP relay.
dhcp enable
#
interface Vlan-interface1
ip address 10.1.1.1 255.255.255.0
dhcp select relay
dhcp relay server-address 10.10.10.106
The following display command can be used to verify DHCP relay requests.
[12504]dis dhcp relay statistics
DHCP packets dropped:
0
DHCP packets received from clients:
4
DHCPDISCOVER:
2
DHCPREQUEST:
2
DHCPINFORM:
0
DHCPRELEASE:
0
DHCPDECLINE:
0
Configuration guide
BOOTPREQUEST:
DHCP packets received from servers:
Page 18
0
4
DHCPOFFER:
2
DHCPACK:
2
DHCPNAK:
0
BOOTPREPLY:
0
DHCP packets relayed to servers:
4
DHCPDISCOVER:
2
DHCPREQUEST:
2
DHCPINFORM:
0
DHCPRELEASE:
0
DHCPDECLINE:
0
BOOTPREQUEST:
0
DHCP packets relayed to clients:
4
DHCPOFFER:
2
DHCPACK:
2
DHCPNAK:
0
BOOTPREPLY:
0
DHCP packets sent to servers:
0
DHCPDISCOVER:
0
DHCPREQUEST:
0
DHCPINFORM:
0
DHCPRELEASE:
0
DHCPDECLINE:
0
BOOTPREQUEST:
0
DHCP packets sent to clients:
0
DHCPOFFER:
0
DHCPACK:
0
DHCPNAK:
0
BOOTPREPLY:
0
The following will be shown on the switch console to verify DHCP IP assignment and the correct .cfg file.
Loading file flash:/5930-cmw710-system-d2420.bin................................
....................................Done.
Loading file flash:/5930-cmw710-boot-d2420.bin..............Done.
Image file flash:/5930-cmw710-boot-d2420.bin is self-decompressing..............
.......................................................................Done.
System is starting...
Cryptographic algorithms tests passed.
Configuration guide
Page 19
Startup configuration file does not exist.
Started automatic configuration, press CTRL_C or CTRL_D to break.
Automatic configuration attempt: 1.
Not ready for automatic configuration: no interface available.
Waiting for the next...
Automatic configuration attempt: 2.
Interface used: M-GigabitEthernet0/0/0.
Enable DHCP client on M-GigabitEthernet0/0/0.
Obtained an IP address for M-GigabitEthernet0/0/0: 10.1.1.60.
Obtained configuration file name 5900.cfg and TFTP server name 10.10.10.106.
Resolved the TFTP server name to 10.10.10.106.
Successfully downloaded file 5900.cfg.
Executing the configuration file. Please wait...
Automatic configuration successfully completed.
Line aux0 is available.
Press ENTER to get started.
Additional links
HPE 5930 Switch Configuration Guide
HPE 5900 Switch Configuration Guide
Learn more at
hpe.com/networking
Sign up for updates
Rate this document
© Copyright 2015–2016 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without
notice. The only warranties for HPE products and services are set forth in the express warranty statements accompanying such products
and services. Nothing herein should be construed as constituting an additional warranty. HPE shall not be liable for technical or editorial
errors or omissions contained herein.
Windows and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or
other countries.
4AA6-1335ENW, February 2016, Rev. 1
