Cisco Nexus Auto Provisioning using POAP

Goal :

  • Faster deployment in Nexus Switch

Requirement

  • DHCP Server ( isc-dhcp-server ) 
  • TFTP / SCP Server
  • Cisco Nexus 9000v ( GNS3)
  • Python Script

Below the topology in Development Environment 

Both devices will automatically push configuration based on serial Number.  The following mapping configuration in Nexus 9000v

IP SNSwitch NameScript NameScript Name
172.19.254.319GPNP3P68ODLEAF1R1poap_nexus_sn.pyconf.9GPNP3P68OD
172.19.254.3291990H4TOLVLEAF2R1poap_nexus2_sn.pyconf.91990H4TOLV

Install isc-dhcp-server

root@dhcp-server-prov:~$ apt-get installisc-dhcp-server -y

Edit isc-dhcp-server configuration in file  /etc/dhcp/dhcpd.conf. In the option dhcp-client-identifier you need to add « \000 » before the serial number.

default-lease-time 3600;
max-lease-time 7200;
authoritative;
subnet 172.19.254.0 netmask 255.255.255.0 {
range 172.19.254.11 172.19.254.200;
host n9k1 {
option dhcp-client-identifier “\0009GPNP3P68OD”;
fixed-address 172.19.254.31;
option routers 172.19.254.1;
option bootfile-name “poap_nexus_sn.py”;
option tftp-server-name “172.19.254.3”;
}
host n9k2 {
option dhcp-client-identifier “\00091990H4TOLV”;
fixed-address 172.19.254.32;
option routers 172.19.254.1;
option bootfile-name “poap_nexus2_sn.py”;
option tftp-server-name “172.19.254.3”;
}

Install tftpd-hpa

root@tftp:~# apt-get install tftpd-hpa -y

Edit tftpd-hpa configuration in file /etc/default/tftpd-hpa

TFTP_USERNAME=”tftp”TFTP_DIRECTORY=”/home/rohmat/tftp-server”TFTP_ADDRESS=”0.0.0.0:69″TFTP_OPTIONS=”–secure”

in directory /home/rohmat/tftp-server, download script on github https://github.com/rohmattriindra/poapn9kv.git

rohmat@tftp:~/tftp-server$ git clone https://github.com/rohmattriindra/poapn9kv.git
rohmat@tftp:~/tftp-server$ mkdir n9k

rohmat@tftp:~/tftp-server/popapn9kv$ mv * ../n9k
rohmat@tftp:~/tftp-server$ md5sum poap_nexus_sn.py71c542b1504265f2751f39ace85dcd3f poap_nexus_sn.py
rohmat@tftp:~/tftp-server$ md5sum poap_nexus2_sn.pyc180867155428f301a6f9a26622ad066 poap_nexus2_sn.py

After generate an md5 of the poap_nexus_sn.py & poap_nexus2_sn.py, the following line will replace the second line with md5, if the md5 is not validated the POAP process will fail and restat

rohmat@tftp:~/tftp-server/n9k$ f=poap_nexus_sn.py ; cat$f | sed’/^#md5sum/d’> $f.md5 ; sed-i “s/^#md5sum=.*/#md5sum=\”$(md5sum $f.md5 | sed ‘s/ .*//’)\”/”$f
rohmat@tftp:~/tftp-server/n9k$ f=poap_nexus2_sn.py ; cat$f | sed’/^#md5sum/d’> $f.md5 ; sed-i “s/^#md5sum=.*/#md5sum=\”$(md5sum $f.md5 | sed ‘s/ .*//’)\”/”$f

Put image nxos.7.0.3.I7.3.bin & configuration file conf.XXXX , also need to generate an md5 for the image

rohmat@tftp:~/tftp-server/n9k$ md5sum conf.91990H4TOLV > conf.91990H4TOLV.md5
rohmat@tftp:~/tftp-server/n9k$ md5sum conf.9GPNP3P68OD > conf.9GPNP3P68OD.md5
rohmat@tftp:~/tftp-server$ md5sum nxos.7.0.3.I7.3.bin > nxos.7.0.3.I7.3.bin.md5

Demo auto provisioning LEAF1R1

n9k1-1.jpg

n9k1-2.jpg

Demo auto provisioning LEAF2R1

n9k2-1.jpg

n9k2-2.jpg

Leave a Reply

Your email address will not be published. Required fields are marked *