smart install – tutorial and deployment
DESCRIPTION
N Krishnamoorthy – ESTG Technical Marketing. Smart Install – Tutorial and Deployment. Agenda. Chapter 1 : SmartInstall Introduction Chapter 2: SmartInstall – Very Simple Deployment Chapter 3: SmartInstall - Medium Complexity Chapter 4: SmartInstall - Fully Loaded - PowerPoint PPT PresentationTRANSCRIPT
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
N Krishnamoorthy – ESTG Technical Marketing
Smart Install – Tutorial and Deployment
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2
Agenda
Chapter 1 : SmartInstall Introduction
Chapter 2: SmartInstall – Very Simple Deployment
Chapter 3: SmartInstall - Medium Complexity
Chapter 4: SmartInstall - Fully Loaded
Chapter 5: SmartInstall – Best Practices
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3
Chapter 1 : SmartInstall Introduction
In this chapter, you will learn:
Why to use SmartInstall ?
What is SmartInstall ?
SmartInstall in the network
SmartInstall Groups
Supported Hardware Platforms
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4
Why to use SmartInstall?
Easy Deployment
• Minimal and one-time configuration
• Zero touch • Switch replacement
made simple• Less time to add a
switch in the network
Easy Maintenance
• Single Point of Control
• Minimal user-intervention
• Customization• Scheduled image
and config upgrade• Round the clock
config backup
Cost Saving
• Built-in software solution
• Minimal technical expertise required
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5
SmartInstall – What is it? Centralized management for image and config
Client – Server model
Plug and Play of new switches Auto-Detect of new switches
Zero-touch deployment and switch replacement
Post upgrade
Scheduled config and image upgrade in future Config backup
Based on the existing Auto-Install feature
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6
Smart Install In the Network
Client Switches
Director Switch
Director - Configures client providing switch plug and play Client - Gets the image and config from the Director Groups - Classification of client switches based on switch model
and other parameters for better management. Client Switches discovered via CDP & LLDP
Central TFTP, DHCP Server
Clients Group 1 Clients Group 2
3750X
2960
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7
SmartInstall GroupsClient can belong to either Custom, Built-in or Default groups. The logic for this selection is:
1st the Director tries to find a custom-group match for the client switch
If match found, client switch gets corresponding image and config
If not, then the Director tries to find a built-in group match
If no built-in group match found, default image and config file is provided to the client
Best Practice – Use default setting when network has only 1 switch model
Client gets the image and config for that custom group
Client gets the image and config for that Built-in group
Does the client match any built-in group?
Does the client match any custom group?
Yes
No
Yes
No
Client gets the image and config files from the default settings
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8
Supported Hardware PlatformsDirector Switches: 3750, 3750v2, 3750E, 3560, 3560v2, 3560E - Software version : 12.2.(53)SE & above 3750X, 3560X - Software version : 12.2.(53)SE & above Recommended version for switches : 12.2.(55) because of enhancements
Director Routers:
G1: 1841, 2801, 2811, 2821, 2851, 3825, 3845 G2: 1921, 1941, 2901, 2911, 2921, 2951, 3925, 3945, 3925E, 3945E Minimum Software version : 15.1.(3)T
Client Switches
3k – 3750, 3750E, 3750X, 3560, 3560E, 3560X
2k – 2960, 2960S, 2975, 2960G.
Special Cases: 3560v2, 3750v2, Industrial Ethernet series switches (custom groups) Client Switches must support archive download-sw command
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9
Agenda
Chapter 1 : SmartInstall Introduction
Chapter 2: SmartInstall – Very Simple Deployment
Chapter 3: SmartInstall - Medium Complexity
Chapter 4: SmartInstall - Fully Loaded
Chapter 5: SmartInstall – Best Practices
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10
Chapter 2: Smart Install – Very Simple Deployment
In this chapter, you will learn to:
Enable SmartInstall on the Director
Setup DHCP for client switches
Setup default config and image for clients
Configure Hostname-prefix
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11
Director acts as the TFTP and DHCP server
All client switches belong to one model (WS-C2960-48TT-S)
Using vlan 1 as the management vlan
Chapter 1 : Smart Install Topology
Catalyst 3750E
Catalyst 2960
Deployment Highlights and Topology
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12
Default Settings for Client Image and Config
Ensure that the Director Switch is running either IP base/IP services/Universal IOS images
Copy the tar image file for 2960 lanbase client switch and its config file to Director flash
Before You Start
Recommended when network has same model switches
Requires minimum number of configuration steps
Simple to deploy and manage
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13
Configuration Steps1) Enable SmartInstall on the Director
Director# configure terminal Director(config)# vstack director 10.0.0.33Director(config)# vstack basic
2) Configure the DHCP scope for SmartInstall Client switches:
Director(config)# vstack dhcp-localserver pool1 Director(config-vstack-dhcp)# address-pool 10.0.1.0 255.255.0.0 Director(config-vstack-dhcp)# default-router 10.0.0.33 Director(config-vstack-dhcp)# file-server 10.0.0.33 Director(config-vstack-dhcp)# exit Director(config)# ip dhcp remember Director(config)# end
3) Configure the default image and config :
Director# configure terminal Director(config)# vstack image flash:c2960-lanbase-tar.122-53SE.tar Director(config)# vstack config flash:2960lanbase_config.txt Director(config)# end
4) Hostname prefix: Helps assign a common hostname + last 3 bytes of MACDirector(config)# vstack hostname-prefix Client_Switch Director(config)# exit
Do “wr er” on client switch and reload/ Brand new switch
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14
What happens in the background ?1. Director creates client_cfg.txt and stores it on the flash
2. Director configures itself to be the TFTP server
3. Director discovers clients through CDP
4. Clients get IP on vlan 1 from the DHCP pool on the Director
5. Clients download starts ( takes 5 – 8 minutes)
1. Client downloads client_cfg.txt2. Client downloads image file3. Client reboots with new image4. Client downloads config file
P.S : When the client switch is downloading the image and config file, you may not see any console messages. DO NOT press any key at this time as this will terminate the SmartInstall operation
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15
Use cases for this Scenario
All clients are same model, use same software version, feature sets, configs
Director with layer 3 capability
Value Addition
Simple configuration – Quick and Easy setup
Round the clock automatic image and config provisioning for new client switches
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16
Chapter 3: SmartInstall – Using Built-in Groups
In this chapter, you will learn to:
Configure built-in groups
Configure external TFTP server
How to make ether channels work on clients Move the management vlan away from vlan 1
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 17
In this chapter:
Client switches belong to multiple models
TFTP Server is external to the Director
Config files will change the client switches’ management VLAN
Etherchannels used as links to the Director
Before you begin: Copy image tar files for all client swicth platforms to the TFTP Server
Built-in Switch Group – 2 ( 3750e series)Built-in Switch Group –
1 (3560e series)
Built-in Switch Group – 3 ( 2960)
Director
TFTP server
Ether channel link
Highlights and Topology for this Chapter
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18
Built-in Groups Switches belonging to the same model = 1 Built-in group
“3750E 48 port” and “3750E 48-poe” are 2 groups
Image and config settings are specific to a group
Etherchannels Increased bandwidth between Director and client switches
Etherchannel mode – “Desirable” on Director
Etherchannel mode – “Desirable”, “Auto” or “On”on the client
Requires vlan 1 to be native on Director
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 19
Configuration Steps1) Repeat steps 1 and 2 from Chapter-2 – to enable SmartInstall
2) Create another DHCP pool for vlan 10 ( for device management on client)
3) Configure Ether channel on ports connected to clients switches
Director# configure terminal Director(config)# interface Port-channel1
Director(config-if)# switchport trunk encapsulation dot1q Director(config-if)# switchport mode trunk
Director(config)# interface range GigabitEthernet1/0/3 - 4 Director(config-if-range)# switchport trunk encapsulation dot1q Director(config-if-range)# switchport mode trunk Director(config-if-range)# channel-group 1 mode desirable 4) Configure Built-in groups for client switches
Director(config)# vstack group built-in 3560e 24 Director(config-vstack-group)#image tftp://10.0.0.10/c3560e-universal-tar.122-52.SE.tar Director(config-vstack-group)#config tftp://10.0.0.10/3560e-24-built-in-config.txt Director(config)# exit Director(config)# vstack group built-in 2960 24 Director(config-vstack-group)# image tftp://10.0.0.10/c2960-lanlite-tar.122-52.SE.tar Director(config-vstack-group)# config tftp://10.0.0.10/2960-24-built-in-config.txt Director(config)# end
Note that the image and config files are on an external TFTP server
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20
Recommended Configuration Settings for Client Switch config.text (Snippet)
Notice the ether channel config and new management VLAN. VLAN1 is still native.
interface Port-channel1 switchport mode trunk!interface FastEthernet0/1 switchport mode trunk channel-group 1 mode desirable!interface FastEthernet0/2 switchport mode trunk channel-group 1 mode desirable!interface FastEthernet0/3 switchport mode access switchport access vlan 10---interface Vlan10 ip address dhcp ip helper-address 10.30.0.3
New Management Vlan 10
DHCP from Director
Uplinks to the Director, on an ether-channel link
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 21
What happens in the background?
1) Director creates Imagelists.txt for each built-in group, places them in TFTP server
2) Clients get IP on vlan 1 using DHCP pool from the Director
3) Client download starts: ( 5 – 8 minutes)1) Client first downloads the client_cfg.txt file2) Client downloads the image file chosen by the Director after built-in group
match3) Clients download the config files
4) Clients reboot with new image and config and get IP from vlan 10 ( new management vlan)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22
Use cases for this scenario Enterprises – Campus/Branch with mixed switch model deployment :
• Different platform switches
• Multiple links between switches - redundancy
• Centralized Management for image and config files
• Dedicated external server for software image and config file storage
Best Practices
• Migrate to new management vlan on client switches • Image – tar file only
• TFTP server – create subdirectory with full read-write access ( Refer Chpt 4)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 23
Chapter 4: SmartInstall – Fully LoadedIn this chapter, you will learn how to:
Configure custom client groups
Schedule an upgrade – Join Window
Configuration backup
Zero Touch Switch Replacement
On-demand upgrades
Custom Switch Group – 2 (connectivity based)
Director Switch (3750E)
Client Switches
Custom Switch Group – 1 ( PID based)
Built-in Switch Group – 1 (3560 series)
External TFTP server for client- switch images and config
Copy client switch images in tar format to the TFTP server
Before you Begin
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 24
Custom Groups Identify client switches that need different images and configs from the built-in
group
Enhances deployment flexibility
Group Types : PID based Connectivity based MAC based Stack based
Two switches of the same model – custom and built-in – possible
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 25
PID Based Custom Groups
Identifies clients based on their PID (model) Example of a PID: WS-C3560E-48TD-S
When to use this type?
Future proofing, models that don’t have built-in groups
Different images for different PIDs of same switch
Config :
Director(config)#vstack group custom cust2 product-id Director(config-vstack-group)#image
tftp://10.0.0.10/Imagelists/c3560e-universal-tar.122-53.SE.tar Director(config-vstack-group)#config
tftp://10.0.0.10/Imagelists/3560e-config.txt Director(config-vstack-group)#match WS-C3560E-48TD-S
Client 3:PID: WS-C3560E-12D-E
Director Switch
Client 1:PID: WS-C3560E-48PD-E
Client 2:PID: WS-C3560E-48PD-S
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 26
Connectivity Based Custom Groups
Based on uplink host IP and physical interface
When to use this type of custom group?
Only location of the Client switch is known Multi-hop networks Different software versions on switches of the same
family
Config: Director(config)#vstack group custom 2960-custom connectivity
Director(config-vstack-group)#image tftp://10.0.0.10/Imagelists/c2960-lanlite-tar.122-52.SE.tar
Director(config-vstack-group)#config tftp://10.0.0.10/Imagelists/2960-config-SI.txt
Director(config-vstack-group)#match host 10.30.10.51 interface GigabitEthernet1/0/5
Switch:IP 10.30.10.51
Client 2
Gig 1/0/10
Director SwitchIP: 10.30.0.3
Uplink Connectivity
Gig 1/0/5
Client 1
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 27
MAC Address Based Custom Group Director matches for client switch MAC address
Takes the highest priority in the client group matching algorithm
MAC address can be obtained as follows: “sh vstack status“ on the Director Switch “sh ver” on the client switch – Base Ethernet MAC address Label on/back of the switch
When to use this type of connectivity? Dynamic client-director connectivity Switch family and software version diversity in the network
ConfigurationDirector# configure terminalDirector(config)# vstack director 10.30.0.3Director(config)# vstack basicDirector(config)# vstack group custom textgroup3 macDirector(config-vstack-group)# match mac 0023.34ca.c180Director(config-vstack-group)# match mac 001a.a1b4.ee00Director(config-vstack-group)# image tftp://101.122.33.10/c3750-ipbase-tar.122-52.SE.tarDirector(config-vstack-group)# config tftp://101.122.33.10/3750-24-ipbase_config.txtDirector(config-vstack-group)# exit
Director SwitchIP: 10.30.0.3
MAC Address based groupClient 1
Link Redundancy
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 28
Stack Based Custom Groups Designed for clients in Stackwise/Stackwise+/Flexstack deployment
Match criteria – Member number, switch model, port/poe for each switch member
Supports stack members of the same series only Ex: Stack of 3750 switches or 3750e series or 3750x series; but not a combination of 3650, 3750E and 3750X
Configuration:
Director(config)# vstack group custom testgroup stack Director(config-vstack-group)# image tftp://10.0.0.10/c3750-ipbase-tar.122-52.SE.tar Director(config-vstack-group)# config tftp://10.0.0.10/3750stack_config.txt Director(config-vstack-group)# match 1 3750 48poe Director(config-vstack-group)# match 2 3750 24Director(config-vstack-group)# match 3 3750 24Director(config-vstack-group)# exit Director(config)# end
Director SwitchIP: 10.30.0.3
member number in the stack
Stack of 4 3750 switches
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 29
All Groups Working Together
Switch connected to IP phones
Custom Group – (connectivity based)
Datacenter Switches
Custom Switch Group ( MAC address based based)
Built-in Switch Group (3750X series)
External TFTP server for client- switch images and config
Infrastructure Switches
Switch connected to APs and IP Cameras
Director Switch
Custom SwitchGroup ( PID based )
Stack based custom group
Wiring Closet
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 30
Join Window Join Window
Schedule a time-window for zero-touch image and config upgrades
Clients cannot download image/config outside the window
Security – prevents unexpected switches from getting image and config files
ConfigDirector(config)#vstack join-window start [date] hh:mm [interval] [end date] [recurring]}
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 31
Configuration Back-up Saves client switch’s config on Director/TFTP Server
Centralized repository of most current client switch configs
Enabled by default when SmartInstall is enabled
When/How is config backup useful?
Helps maintain config files for all client switches and track config changes
Makes switch replacement quick and easy
Automated round the clock network config management
Configuration
Director(config)#vstack backup file-server tftp://10.0.0.10/Imagelists/configs IN this case, config file is stored on TFTP server, overrides flash:vstack
Every time a client does “ wr “ a copy gets created on the backup server for the switch client_ID
By default, config files are stored on the Director at flash:vstack unless configured otherwise
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 32
Zero Touch Switch Replacement Config Backup is configured
Client Switch goes bad
Director gets an update that client switch has changed to inactive state.
Network personnel replaces the bad switch with a new switch of the exact same model and on the same switch port
New client switch downloads image and most recent config
Client switch reboots and is ready for use
Catalyst 3750E
Catalyst 2960
Switch failure
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 33
On-Demand Upgrades
Admin can upgrade client switch images and configs whenever needed
Could be selective upgrade or for the whole network
Single Switch Upgrade
Director# vstack download-image tftp://10.0.0.10/c2960-lanlite-tar.122-52.SE.tar 1.1.1.30 mypassword reload in 06:30 Director# vstack download-config tftp://101.122.33.20/2960LANlite_config.txt 1.1.1.30 my password reload in 06:30
Built-in Group Upgrade
Director# vstack download-image built-in 3560e 24 mypassword override reload in 6:30Director# vstack download-config built-in 3560e 24 mypassword reload in 06:30
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 34
Complete Management Solution Config Protection - Constant client switch config backup
Customization – Custom Groups
Easy Switch Identification – Hostname Prefix
Secured Upgrade Window – Join Window
On Demand Upgrade
Use Case – Campus topology with different switch models, same model – different software images, different configs, auto config back up
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 35
Agenda
Chapter 1 : SmartInstall Introduction
Chapter 2: SmartInstall – Very Simple Deployment
Chapter 3: SmartInstall - Medium Complexity
Chapter 4: SmartInstall - Fully Loaded
Chapter 5: SmartInstall – Best Practices & Troubleshooting
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 36
Chapter 5: SmartInstall – Best Practices & Troubleshooting
Importance of Vlan 1 SmartInstall operates on vlan 1
It is the default native vlan - helps etherchannel
Enabled by default on client switches with zero config
Clients devices send DHCP request on vlan 1 by default
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 37
Files Created during SmartInstall Operation
Client_cfg.txt
Enabling Smart Install creates a client_cfg.txt file.
Stored in the Director Switch flash
Client Switch downloads this file & establishes Client-Director link.
DO NOT delete this file from the Director flash
client_cfg.txt contains:!version 12.2!enable password cisco! username cisco!do telnet 10.0.0.33 18843!end!
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 38
Files created during SmartInstall Operation Continued..
Imagelists
Imagelist is created by the Director switch for every defined group
It contains the name of the tar image file for that client group
Built-in group names as created by the Director: “2960-48-lanlite-imagelist.txt” Built-in group for C2960 with
48 ports, running lanlite image “2960-custom-imagelist.txt” Imagelist name for custom
group named “2960-custom”
Contents of an Imagelist:
Imagelists/c3750e-universal-tar.122-53.SE.tar The image tar file is placed inside a subfolder in the TFTP Server
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 39
TFTP Server SettingsDirector Switch Flash Based TFTP Server:
External TFTP Server:
Pros ConsClient image file, config file and back-up config versions on the Director flash
Limited storage space due to flash size restriction
Avoids the use of external TFTP server
Uses extra system resources when client switches read the flash for image/config
Recommended when: All client switches are of the same model
Pros ConsLots of storage space for images, config and backup config files for multiple client switch groups
Requires an external TFTP device – extra infrastructure
Saves space on the director flash
Extra config for file permissions in case of a Linux TFTP Server
Recommended when:1) Many client groups are defined2) Multiple Directors are configured
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 40
Troubleshooting SmartInstall
When Imagelist transfer to TFTP fails, check for:
Write permission on external TFTP server
Available space on TFTP server
Switch – TFTP server connectivity
Pre-existing imagelist with the same name – image upgrade scenario
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 41
When SmartInstall image and config upgrade fails, check the Client Switch for:
Insufficient flash size on client Small flash with multiple images, config, crashinfo
files No space available for new image download Solution – Admin has to manually delete
unnecessary files
Client switch console – is someone actively working on the client switch CLI?
Connectivity – does client switch have IP address on vlan 1?
Correct built-in group choice
Custom group match criteria
Correct image, config file
Supported hardware when using built-in group
Troubleshooting SmartInstall contd..
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 42
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 43
TFTP Server settings on Linux ( backup slide )
Create TFTP subfolder
$ sudo mkdir /tftpboot/Imagelists$ sudo chmod -R 777 /tftpboot/Imagelists/$ sudo chown -R nobody /tftpboot/Imagelists/
Create /etc/xinetd.d/tftp and add this entry--service tftp{protocol = udpsocket_type = dgramwait = yesuser = rootserver = /usr/sbin/in.tftpdserver_args = -s -c /tftpboot <<<<<<<< should have a -c disable = no}-- Restart the server using - restart xinetd
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 44
Q & A