440 likes | 560 Views
N Krishnamoorthy – ESTG Technical Marketing. Smart Install – Tutorial and Deployment. Agenda. Chapter 1 : SmartInstall Introduction Chapter 2: SmartInstall – Very Simple Deployment Chapter 3: SmartInstall - Medium Complexity Chapter 4: SmartInstall - Fully Loaded
E N D
N Krishnamoorthy – ESTG Technical Marketing Smart Install – Tutorial and Deployment
Agenda • Chapter 1 : SmartInstall Introduction • Chapter 2: SmartInstall – Very Simple Deployment • Chapter 3: SmartInstall - Medium Complexity • Chapter 4: SmartInstall - Fully Loaded • Chapter 5: SmartInstall – Best Practices
Chapter 1 : SmartInstall Introduction • In this chapter, you will learn: • Why to use SmartInstall ? • What is SmartInstall ? • SmartInstall in the network • SmartInstall Groups • Supported Hardware Platforms
SmartInstall – What is it? • Centralized management for image and config • Client – Server model • Plug and Play of new switches • Auto-Detect of new switches • Zero-touch deployment and switch replacement • Post upgrade • Scheduled config and image upgrade in future • Config backup • Based on the existing Auto-Install feature
Smart Install In the Network • Director - Configures client providing switch plug and play • Client - Gets the image and config from the Director • Groups - Classification of client switches based on switch model and other parameters for better management. • Client Switches discovered via CDP & LLDP Central TFTP, DHCPServer Director Switch Client Switches 3750X Clients Group 2 Clients Group 1 2960
SmartInstall Groups Yes Does the client match any custom group? • Client can belong to either Custom, Built-in or Default groups. The logic for this selection is: • 1st the Director tries to find a custom-group match for the client switch • If match found, client switch gets corresponding image and config • If not, then the Director tries to find a built-in group match • If no built-in group match found, default image and config file is provided to the client • Best Practice – Use default setting when network has only 1 switch model Client gets the image and config for that custom group No Does the client match any built-in group? Yes Client gets the image and config for that Built-in group No Client gets the image and config files from the default settings
Supported Hardware Platforms • Director Switches: • 3750, 3750v2, 3750E, 3560, 3560v2, 3560E - Software version : 12.2.(53)SE & above • 3750X, 3560X - Software version : 12.2.(53)SE & above • Recommended version for switches : 12.2.(55)because of enhancements • Director Routers: • G1: 1841, 2801, 2811, 2821, 2851, 3825, 3845 • G2: 1921, 1941, 2901, 2911, 2921, 2951, 3925, 3945, 3925E, 3945E • Minimum Software version : 15.1.(3)T • Client Switches • 3k – 3750, 3750E, 3750X, 3560, 3560E, 3560X • 2k – 2960, 2960S, 2975, 2960G. • Special Cases: 3560v2, 3750v2, Industrial Ethernet series switches (custom groups) • Client Switches must support archive download-sw command
Agenda • Chapter 1 : SmartInstall Introduction • Chapter 2: SmartInstall – Very Simple Deployment • Chapter 3: SmartInstall - Medium Complexity • Chapter 4: SmartInstall - Fully Loaded • Chapter 5: SmartInstall – Best Practices
Chapter 2: Smart Install – Very Simple Deployment • In this chapter, you will learn to: • Enable SmartInstall on the Director • Setup DHCP for client switches • Setup default config and image for clients • Configure Hostname-prefix
Deployment Highlights and Topology • Director acts as the TFTP and DHCP server • All client switches belong to one model (WS-C2960-48TT-S) • Using vlan 1 as the management vlan Catalyst 3750E Catalyst 2960 Chapter 1 : Smart Install Topology
Default Settings for Client Image and Config • Recommended when network has same model switches • Requires minimum number of configuration steps • Simple to deploy and manage Before You Start • Ensure that the Director Switch is running either IP base/IP services/Universal IOS images • Copy the tar image file for 2960 lanbase client switch and its config file to Director flash
Configuration Steps • Enable SmartInstall on the Director • Director# configure terminal • Director(config)# vstack director 10.0.0.33 • Director(config)# vstack basic • 2) Configure the DHCP scope for SmartInstall Client switches: • Director(config)# vstackdhcp-localserverpool1 • Director(config-vstack-dhcp)# address-pool 10.0.1.0 255.255.0.0 • Director(config-vstack-dhcp)# default-router 10.0.0.33 • Director(config-vstack-dhcp)# file-server 10.0.0.33 • Director(config-vstack-dhcp)# exit • Director(config)# ipdhcp remember • Director(config)# end • 3) Configure the default image and config : • Director# configure terminal • Director(config)# vstack image flash:c2960-lanbase-tar.122-53SE.tar • Director(config)# vstack config flash:2960lanbase_config.txt • Director(config)# end • 4) Hostname prefix: Helps assign a common hostname + last 3 bytes of MAC • Director(config)# vstack hostname-prefix Client_Switch • Director(config)# exit • Do “wrer” on client switch and reload/ Brand new switch
What happens in the background ? • Director creates client_cfg.txt and stores it on the flash • Director configures itself to be the TFTP server • Director discovers clients through CDP • Clients get IP on vlan 1 from the DHCP pool on the Director • Clients download starts ( takes 5 – 8 minutes) • Client downloads client_cfg.txt • Client downloads image file • Client reboots with new image • Client downloads config file • P.S : When the client switch is downloading the image and config file, you may not see any console messages. DO NOT press any key at this time as this will terminate the SmartInstall operation
Use cases for this Scenario • All clients are same model, use same software version, feature sets, configs • Director with layer 3 capability Value Addition • Simple configuration – Quick and Easy setup • Round the clock automatic image and config provisioning for new client switches
Chapter 3: SmartInstall – Using Built-in Groups • In this chapter, you will learn to: • Configure built-in groups • Configure external TFTP server • How to make ether channels work on clients • Move the management vlan away from vlan 1
Highlights and Topology for this Chapter TFTP server • In this chapter: • Client switches belong to multiple models • TFTP Server is external to the Director • Config files will change the client switches’ management VLAN • Etherchannels used as links to the Director • Before you begin: • Copy image tar files for all client swicth platforms to the TFTP Server Director Ether channel link Built-in Switch Group – 2 ( 3750e series) Built-in Switch Group – 1 (3560e series) Built-in Switch Group – 3 ( 2960)
Built-in Groups • Switches belonging to the same model = 1 Built-in group • “3750E 48 port” and “3750E 48-poe” are 2 groups • Image and config settings are specific to a group Etherchannels • Increased bandwidth between Director and client switches • Etherchannel mode – “Desirable” on Director • Etherchannel mode – “Desirable”, “Auto” or “On”on the client • Requires vlan 1 to be native on Director
Configuration Steps • Repeat steps 1 and 2 from Chapter-2 – to enable SmartInstall • Create another DHCP pool for vlan 10 ( for device management on client) • 3) Configure Ether channel on ports connected to clientsswitches • Director# configure terminal • Director(config)# interface Port-channel1 • Director(config-if)# switchport trunk encapsulation dot1q • Director(config-if)# switchport mode trunk • Director(config)# interface range GigabitEthernet1/0/3 - 4 • Director(config-if-range)# switchport trunk encapsulation dot1q • Director(config-if-range)# switchport mode trunk • Director(config-if-range)# channel-group 1 mode desirable • 4) Configure Built-in groups for client switches • Director(config)# vstack group built-in 3560e 24 • Director(config-vstack-group)#image tftp://10.0.0.10/c3560e-universal-tar.122-52.SE.tar • Director(config-vstack-group)#config tftp://10.0.0.10/3560e-24-built-in-config.txt • Director(config)# exit • Director(config)# vstack group built-in 2960 24 • Director(config-vstack-group)# image tftp://10.0.0.10/c2960-lanlite-tar.122-52.SE.tar • Director(config-vstack-group)# config tftp://10.0.0.10/2960-24-built-in-config.txt • Director(config)# end • Note that the image and config files are on an external TFTP server
Recommended Configuration Settings for Client Switch config.text (Snippet) Notice the ether channel config and new management VLAN. VLAN1 is still native. interface Port-channel1 switchport mode trunk ! interface FastEthernet0/1 switchport mode trunk channel-group 1 mode desirable ! interface FastEthernet0/2 switchport mode trunk channel-group 1 mode desirable ! interface FastEthernet0/3 switchport mode access switchport access vlan 10 - - - interface Vlan10 ip address dhcp ip helper-address 10.30.0.3 Uplinks to the Director, on an ether-channel link New Management Vlan 10 DHCP from Director
What happens in the background? • Director creates Imagelists.txt for each built-in group, places them in TFTP server • Clients get IP on vlan 1 using DHCP pool from the Director • Client download starts: ( 5 – 8 minutes) • Client first downloads the client_cfg.txt file • Client downloads the image file chosen by the Director after built-in group match • Clients download the config files • Clients reboot with new image and config and get IP from vlan 10 ( new management vlan)
Use cases for this scenario • Enterprises – Campus/Branch with mixed switch model deployment : • Different platform switches • Multiple links between switches - redundancy • Centralized Management for image and config files • Dedicated external server for software image and config file storage Best Practices • Migrate to new management vlan on client switches • Image – tar file only • TFTP server – create subdirectory with full read-write access ( Refer Chpt 4)
Chapter 4: SmartInstall – Fully Loaded • In this chapter, you will learn how to: • Configure custom client groups • Schedule an upgrade – Join Window • Configuration backup • Zero Touch Switch Replacement • On-demand upgrades External TFTP server for client- switch images and config Director Switch (3750E) Client Switches Custom Switch Group – 1 ( PID based) Built-in Switch Group – 1 (3560 series) Before you Begin Custom Switch Group – 2 (connectivity based) Copy client switch images in tar format to the TFTP server
Custom Groups • Identify client switches that need different images and configs from the built-in group • Enhances deployment flexibility • Group Types : • PID based • Connectivity based • MAC based • Stack based • Two switches of the same model – custom and built-in – possible
PID Based Custom Groups Director Switch • Identifies clients based on their PID (model) • Example of a PID: WS-C3560E-48TD-S • When to use this type? • Future proofing, models that don’t have built-in groups • Different images for different PIDs of same switch • Config : • Director(config)#vstack group custom cust2product-id • Director(config-vstack-group)#image tftp://10.0.0.10/Imagelists/c3560e-universal-tar.122-53.SE.tar • Director(config-vstack-group)#config tftp://10.0.0.10/Imagelists/3560e-config.txt • Director(config-vstack-group)#match WS-C3560E-48TD-S Client 1: PID: WS-C3560E-48PD-E Client 3: PID: WS-C3560E-12D-E Client 2: PID: WS-C3560E-48PD-S
Connectivity Based Custom Groups Director Switch IP: 10.30.0.3 • Based on uplink host IP and physical interface • When to use this type of custom group? • Only location of the Client switch is known • Multi-hop networks • Different software versions on switches of the same family Gig 1/0/10 Switch: IP 10.30.10.51 Gig 1/0/5 Client 2 Uplink Connectivity Config: Director(config)#vstack group custom 2960-custom connectivity Director(config-vstack-group)#image tftp://10.0.0.10/Imagelists/c2960-lanlite-tar.122-52.SE.tar Director(config-vstack-group)#config tftp://10.0.0.10/Imagelists/2960-config-SI.txt Director(config-vstack-group)#match host 10.30.10.51 interface GigabitEthernet1/0/5 Client 1
MAC Address Based Custom Group • Director matches for client switch MAC address • Takes the highest priority in the client group matching algorithm • MAC address can be obtained as follows: • “shvstack status“ on the Director Switch • “sh ver” on the client switch – Base Ethernet MAC address • Label on/back of the switch • When to use this type of connectivity? • Dynamic client-director connectivity • Switch family and software version diversity in the network • Configuration • Director# configure terminal • Director(config)# vstack director 10.30.0.3 • Director(config)# vstack basic • Director(config)# vstack group custom textgroup3mac • Director(config-vstack-group)# match mac0023.34ca.c180 • Director(config-vstack-group)# match mac001a.a1b4.ee00 • Director(config-vstack-group)# image tftp://101.122.33.10/c3750-ipbase-tar.122-52.SE.tar • Director(config-vstack-group)# config tftp://101.122.33.10/3750-24-ipbase_config.txt • Director(config-vstack-group)# exit Director Switch IP: 10.30.0.3 Link Redundancy MAC Address based group Client 1
Stack Based Custom Groups Director Switch IP: 10.30.0.3 • Designed for clients in Stackwise/Stackwise+/Flexstack deployment • Match criteria – Member number, switch model, port/poe for each switch member • Supports stack members of the same series only • Ex: Stack of 3750 switches or 3750e series or 3750x series; but not a combination of 3650, 3750E and 3750X • Configuration: • Director(config)# vstack group custom testgroup stack • Director(config-vstack-group)# image tftp://10.0.0.10/c3750-ipbase-tar.122-52.SE.tar • Director(config-vstack-group)# config tftp://10.0.0.10/3750stack_config.txt • Director(config-vstack-group)# match 1 3750 48poe • Director(config-vstack-group)# match 2 3750 24 • Director(config-vstack-group)# match 3 3750 24 • Director(config-vstack-group)# exit • Director(config)# end Stack of 4 3750 switches member number in the stack
All Groups Working Together External TFTP server for client- switch images and config Director Switch Wiring Closet Infrastructure Switches Datacenter Switches Built-in Switch Group (3750X series) Custom Switch Group ( MAC address based based) Stack based custom group Switch connected to IP phones Switch connected to APs and IP Cameras Custom Group – (connectivity based) Custom Switch Group ( PID based )
Join Window • Join Window • Schedule a time-window for zero-touch image and config upgrades • Clients cannot download image/config outside the window • Security – prevents unexpected switches from getting image and config files • Config Director(config)#vstack join-window start [date]hh:mm [interval] [end date] [recurring]}
Configuration Back-up • Saves client switch’s config on Director/TFTP Server • Centralized repository of most current client switch configs • Enabled by default when SmartInstall is enabled • When/How is config backup useful? • Helps maintain config files for all client switches and track config changes • Makes switch replacement quick and easy • Automated round the clock network config management • Configuration • Director(config)#vstack backup file-server tftp://10.0.0.10/Imagelists/configs IN this case, config file is stored on TFTP server, overrides flash:vstack • Every time a client does “ wr “ a copy gets created on the backup server for the switch client_ID • By default, config files are stored on the Director at flash:vstack unless configured otherwise
Zero Touch Switch Replacement • Config Backup is configured • Client Switch goes bad • Director gets an update that client switch has changed to inactive state. • Network personnel replaces the bad switch with a new switch of the exact same model and on the same switch port • New client switch downloads image and most recent config • Client switch reboots and is ready for use Catalyst 3750E Catalyst 2960 Switch failure
On-Demand Upgrades • Admin can upgrade client switch images and configs whenever needed • Could be selective upgrade or for the whole network • Single Switch Upgrade • Director# vstack download-image tftp://10.0.0.10/c2960-lanlite-tar.122-52.SE.tar 1.1.1.30 mypassword reload in 06:30 • Director# vstack download-config tftp://101.122.33.20/2960LANlite_config.txt 1.1.1.30 my password reload in 06:30 • Built-in Group Upgrade • Director# vstack download-image built-in 3560e 24 mypassword override reload in 6:30 • Director# vstack download-config built-in 3560e 24 mypassword reload in 06:30
Complete Management Solution • Config Protection - Constant client switch config backup • Customization – Custom Groups • Easy Switch Identification – Hostname Prefix • Secured Upgrade Window – Join Window • On Demand Upgrade • Use Case – Campus topology with different switch models, same model – different software images, different configs, auto config back up
Agenda • Chapter 1 : SmartInstall Introduction • Chapter 2: SmartInstall – Very Simple Deployment • Chapter 3: SmartInstall - Medium Complexity • Chapter 4: SmartInstall - Fully Loaded • Chapter 5: SmartInstall – Best Practices & Troubleshooting
Chapter 5: SmartInstall – Best Practices & Troubleshooting • Importance of Vlan 1 • SmartInstall operates on vlan 1 • It is the default native vlan - helps etherchannel • Enabled by default on client switches with zero config • Clients devices send DHCP request on vlan 1 by default
Files Created during SmartInstall Operation • Client_cfg.txt • Enabling Smart Install creates a client_cfg.txt file. • Stored in the Director Switch flash • Client Switch downloads this file & establishes Client-Director link. • DO NOT delete this file from the Director flash • client_cfg.txt contains: • ! • version 12.2 • ! • enable password cisco • ! • username cisco • ! • do telnet 10.0.0.33 18843 • ! • end • !
Files created during SmartInstall Operation Continued.. Imagelists • Imagelist is created by the Director switch for every defined group • It contains the name of the tar image file for that client group • Built-in group names as created by the Director: • “2960-48-lanlite-imagelist.txt” Built-in group for C2960 with 48 ports, running lanlite image • “2960-custom-imagelist.txt” Imagelist name for custom group named “2960-custom” • Contents of an Imagelist: • Imagelists/c3750e-universal-tar.122-53.SE.tar • The image tar file is placed inside a subfolder in the TFTP Server
TFTP Server Settings • Director Switch Flash Based TFTP Server: • External TFTP Server:
Troubleshooting SmartInstall • When Imagelist transfer to TFTP fails, check for: • Write permission on external TFTP server • Available space on TFTP server • Switch – TFTP server connectivity • Pre-existing imagelist with the same name – image upgrade scenario
Troubleshooting SmartInstall contd.. • When SmartInstall image and config upgrade fails, check the Client Switch for: • Insufficient flash size on client • Small flash with multiple images, config, crashinfo files • No space available for new image download • Solution – Admin has to manually delete unnecessary files • Client switch console – is someone actively working on the client switch CLI? • Connectivity – does client switch have IP address on vlan 1? • Correct built-in group choice • Custom group match criteria • Correct image, config file • Supported hardware when using built-in group
TFTP Server settings on Linux ( backup slide ) • Create TFTP subfolder • $ sudomkdir /tftpboot/Imagelists$ sudochmod -R 777 /tftpboot/Imagelists/$ sudochown -R nobody /tftpboot/Imagelists/ • Create /etc/xinetd.d/tftp and add this entry--service tftp{protocol = udpsocket_type = dgramwait = yesuser = rootserver = /usr/sbin/in.tftpdserver_args = -s -c /tftpboot <<<<<<<< should have a -c disable = no}-- • Restart the server using - restartxinetd