PowerOn Auto Provisioning (POAP) automates the process of upgrading software images and installing configuration files on Cisco Nexus switches that are being deployed in the network for the first time.
When a Cisco Nexus Series switch with the POAP feature boots and does not find the startup configuration, the switch enters POAP mode, locates a DHCP server, and bootstraps itself with its interface IP address, gateway, and DNS server IP addresses. The switch also obtains the IP address of a TFTP server or the URL of an HTTP server and downloads a configuration script that enables the switch to download and install the appropriate software image and configuration file.
The DHCP information is used only during the POAP process.
If a USB (Universal Serial Device) device that contains the required installation files is not available, POAP requires the following network infrastructure:
A DHCP server to bootstrap the interface IP address, gateway address, and DNS (Domain Name System) server.
A TFTP server that contains the configuration script used to automate the software image installation and configuration process.
One or more servers that contains the desired software images and configuration files.
Figure 1. POAP Network Infrastructure
POAP Configuration Script
The reference script supplied by Cisco supports the following functionality:
Retrieves the switch-specific identifier, for example, the serial number.
Downloads the software image (system and kickstart images) if the files do not already exist on the switch. The software image is installed on the switch and is used at the next reboot.
Schedules the downloaded configuration to be applied at the next switch reboot.
Stores the configuration as the startup configuration.
Cisco has sample configuration scripts that were developed using the Python programming language and Tool Command Language (Tcl). You can customize one of these scripts to meet the requirements of your network environment.
For Cisco Nexus 7000, the Python programming language can make use of 2 APIs that can execute CLI commands. These APIs are described in the following table. The arguments for these APIs are strings of the CLI commands.
Returns the raw output of CLI commands, including the control/special characters.
For CLI commands that support XML, this API puts the command output in a Python dictionary.
This API can be useful to help search the output of show commands.
The POAP process has the following phases:
Within these phases, other process and decision points occur. The following illustration shows a flow diagram of the POAP process.
When you power-up a switch for the first time, it loads the software image that is installed at manufacturing and tries to find a configuration file from which to boot. When a configuration file is not found, POAP mode starts.
During startup, a prompt appears asking if you want to abort POAP and continue with a normal setup. You can choose to exit or continue with POAP.
No user intervention is required for POAP to continue. The prompt that asks if you want to abort POAP remains available until the POAP process is complete.
If you exit POAP mode, you enter the normal interactive setup script. If you continue in POAP mode, all the front-panel interfaces are set up in the default configuration.
DHCP Discovery Phase
The switch sends out DHCP discover messages on the MGMT interface that solicits DHCP offers from the DHCP server or servers. (See the following figure.) The DHCP client on the Cisco Nexus switch uses the switch serial number in the client-identifier option to identify itself to the DHCP server. The DHCP server can use this identifier to send information, such as the IP address and script filename, back to the DHCP client.
POAP requires a minimum DHCP lease period of 3600 seconds (1 hour). POAP checks the DHCP lease period. If the DHCP lease period is set to less than 3600 seconds (1 hour), POAP does not complete the DHCP negotiation.
The DHCP discover message also solicits the following options from the DHCP server.
TFTP server name or TFTP server address—The DHCP server relays the TFTP server name or TFTP server address to the DHCP client. The DHCP client uses this information to contact the TFTP server to obtain the script file.
Bootfile name—The DHCP server relays the bootfile name to the DHCP client. The bootfile name includes the complete path to the bootfile on the TFTP server. The DHCP client uses this information to download the script file.
When multiple DHCP offers that meet the requirement are received, an offer is randomly chosen. The device completes the DHCP negotiation (request and acknowledgment) with the selected DHCP server, and the DHCP server assigns an IP address to the switch. If a failure occurs in any of the subsequent steps in the POAP process, the IP address is released back to the DHCP server.
If no DHCP offers meet the requirements, the switch does not complete the DHCP negotiation (request and acknowledgment) and an IP address is not assigned.
Figure 3. DHCP Discovery Process
Script Execution Phase
After the device bootstraps itself using the information in the DHCP acknowledgement, the script file is downloaded from the TFTP server.
The switch runs the configuration script, which downloads and installs the software image and downloads a switch-specific configuration file.
However, the configuration file is not applied to the switch at this point, because the software image that currently runs on the switch might not support all of the commands in the configuration file. After the switch reboots, it begins running the new software image, if an image was installed. At that point, the configuration is applied to the switch.
If the switch loses connectivity, the script stops, and the switch reloads its original software images and bootup variables.
Post-Installation Reload Phase
The switch restarts and applies (replays) the configuration on the upgraded software image. Afterward, the switch copies the running configuration to the startup configuration.
Guidelines and Limitations for POAP
POAP configuration guidelines and limitations are as follows:
The Cisco Nexus switch software image must support POAP for this feature to function.
POAP does not support provisioning of the switch after it has been configured and is operational. Only auto-provisioning of a switch with no startup configuration is supported.
If you use POAP to bootstrap a Cisco Nexus device that is a part of a vPC (virtual port channel) pair using static port channels on the vPC links, the Cisco Nexus device activates all of its links when POAP starts up. The dually connected device at the end of the vPC links might start sending some or all of its traffic to the port-channel member links that are connected to the Cisco Nexus device, which causes traffic to get lost. To work around this issue, you can configure LACP (Link Aggregation Control Protocol) on the vPC links so that the links do not incorrectly start forwarding traffic to the Cisco Nexus device that is being bootstrapped using POAP.
If you use POAP to bootstrap a Cisco Nexus device that is connected downstream to a Cisco Nexus Series 7000 device through a LACP port channel, the Cisco Nexus 7000 Series device defaults to suspend its member port if it cannot bundle it as a part of a port channel. To work around this issue, configure the Cisco Nexus 7000 Series device to not suspend its member ports using the no lacp suspend-individual command from interface configuration mode.
Important POAP updates are logged in the syslog and are available from the serial console.
Critical POAP errors are logged to the bootflash. The filename format is date-time_poap_PID_[init,1,2].log, where date-time is in the YYYYMMDD_hhmmss format and PID is the process ID.
Script logs are saved in the bootflash directory. The filename format is date-time_poap_PID_script.log, where date-time is in the YYYYMMDD_hhmmss format and PID is the process ID. You can configure the format of the script log file. Script file log formats are specified in the script. The template of the script log file has a default format; however, you can choose a different format for the script execution log file.
The POAP feature does not require a license and is enabled by default. However for the POAP feature to function, appropriate licenses must be installed on the devices in the network before the deployment of the network.
To allow the POAP feature to function temporarily without the installation of the appropriate licenses, you can specify the license grace-period command in the configuration file.
This workaround allows you to install the appropriate licenses at a later time.
Setting Up the Network Environment To Use POAP
Modify the basic configuration script provided by Cisco or create your own script.
(Optional)Put the POAP configuration script and any other desired software image and switch configuration files on a USB device that is accessible to the switch.
Deploy a DHCP server and configure it with the interface, gateway, and TFTP server IP addresses and a bootfile with the path and name of the configuration script file. (This information is provided to the switch when it first boots.)
You do not need to deploy a DHCP server if all software image and switch configuration files are on the USB device.
Deploy a TFTP server to host the configuration script.
Deploy one or more servers to host the software images and configuration files.