SmartInstall provides a suite of capabilities that help deploy new Cisco® Catalyst® switches and manage them effectively at very low operating costs. SmartInstall has true zero-touch switch installation to lower operational costs. SmartInstall helps with initial switch deployment, switch configuration management, and switch replacement. This document will explain the practical benefits of deploying SmartInstall, configurable options for deployment based on different network scenarios, best practices, and customization options.
The intended audience is networking professionals who want to deploy and manage Cisco LAN switches easily and save operational expenses. As an example, SmartInstall configuration will be created for an imaginary Cisco customer, called SmartCustomer Corporation, based on its network infrastructure. This scenario will help readers understand SmartInstall configuration and also how to use its customization capabilities.
SmartCustomer Corporation is an imaginary Cisco customer that has multiple retail sites that require a network refresh. SmartCustomer chose to use SmartInstall because this company needed a way to reduce costs of network equipment installation at its retail sites. SmartCustomer wanted to take advantage of the automated installation of networking devices, which SmartInstall provides in each retail location. With SmartInstall, SmartCustomer was able to reduce the time it took to install networking equipment and reduce the number of errors that occurred during installation. SmartCustomer ships networking devices directly to the retail location and eliminates central staging.
In each retail location, SmartCustomer has a Cisco Integrated Services Router (ISR) for WAN connectivity, three Cisco Catalyst 2960S Switches, and up to six Cisco compact switches (Cisco Catalyst 2960C) to extend wired connectivity outside of the wiring closet. The number of compact switches varies depending on the size of the retail location. The ISR and Cisco Catalyst 2960S are deployed in a small wiring closet onsite. The compact switches are deployed outside the wiring closet to provide extra Ethernet ports to end devices. The compact switches connect to the C2960S in the wiring closet.
SmartCustomer decided to use SmartInstall for pushing the Cisco IOS® Software configuration and Cisco IOS Software images to the C2960S and C2960C switches in each retail site using zero touch. The ISR in each site acts as the SmartInstall director. After the ISR in each retail site is operational, SmartCustomer rack mounts the Cisco Catalyst 2960S Switches, supplies power, and connects the Ethernet cables. SmartInstall does the rest. With SmartInstall, SmartCustomer does not need to configure each individual switch.
SmartCustomer decided to use an external Trivial File Transfer Protocol (TFTP) server as it has different models of the client switch (2960S, 2960C) in the network. SmartCustomer is taking advantage of the DHCP Server capabilities of the ISR to act as DHCP Server for Smart Install.
Figure 1 shows the topology for SmartCustomer.
Figure 1. SmartCustomer Topology
SmartInstall and Cisco Unified Access
The Cisco Unified Access Architecture (Figure 2) includes Cisco Smart Operations for reduced total cost of ownership (TCO), network resiliency for high availability, Cisco TrustSec® technology for comprehensive network security, and Cisco Application Visibility and Control (AVC).
Figure 2. Cisco Unified Access Architecture - One Network
SmartInstall is one component in the Cisco Smart Operations solution. Smart Operations is a comprehensive set of capabilities that can simplify and improve LAN switch deployment and reduce TCO. Smart Operations help organizations deliver operational excellence and scale services on the network.
SmartInstall can enable plug-and-play configuration and image management for zero-touch deployment on new and existing Cisco Catalyst LAN switches and zero-touch replacement of existing switches that need to be replaced in a return materials authorization (RMA) scenario.
Benefits of SmartInstall
• Ease of deployment: Configuring SmartInstall is a one-time task. After the configuration on the director device is complete, switches can be added to the network in zero-touch fashion. The time taken to add a switch to the network reduces significantly as SmartInstall automates the process, thereby eliminating delays that might occur because of manual switch deployment.
• Elimination of central staging prior to deployment.
• Reduced potential for human error in the installation process.
• New switch installation does not require highly technical personnel to perform the deployment.
• Easy maintenance: SmartInstall not only helps with initial switch deployment but also helps with switch configuration management. It conducts configuration backup when a switch changes its configuration. SmartInstall also has mechanisms in place for subsequent Cisco IOS Software and configuration upgrades on groups of switches, using a single command line interface (CLI). Another advantage of using SmartInstall is its customization capability, which allows switches to get unique configurations.
• Switch replacement assistance: In the future, should the switch go faulty, SmartInstall can enable an easy replacement, zero-touch switch here as well. With SmartInstall, the network administrator can ship the replacement switch to the intended location and ask someone - even a nontechnical person - to replace the switch. After the new switch is installed, the SmartInstall-enabled network automatically completes the new switch integration into the existing network.
• Cost savings: SmartInstall is capable of reducing operation expenses by reducing the amount of time and expertise taken to install new switches and replace nonoperational switches. A detailed cost-saving analysis is included in the next section.
Cost Savings with SmartInstall
Table 1 shows cost savings with SmartInstall as compared to the central staging mode of operation.
Table 1. SmartInstall Cost Savings
To Install and Maintain a Single Switch per Year
Cost per Device (U.S.$)
Cost per Device (U.S.$)
Switch Installation (image, configuration)
Manual load per switch image and configuration
Zero-touch, plug and play
Switch Upgrade or Replacement: (assumes one upgrade per year)
Manually load the new image and configuration
Automatic: SmartInstall Director is the single management point to instruct image and configuration upgrades. The zero-touch capability of SmartInstall automatically provides the same image and configuration of the replaced switch
Zero-touch system is backed up automatically any time there is a configuration change
Total per switch
Total per switch
Total Savings per Switch per Year
U.S.$150 or 2.3 hours
Total Savings for a 100-Switch Network
U.S.$15,000 or 230 hours
Components of SmartInstall
SmartInstall works in a client-server mode. It is made up of the following components:
• Director: A switch or router in the network that helps the installation of other switches. The switch/router plays the role of the director.
• Client: Switch in the network which gets the image and configuration from the director. When client switches boot with no configuration file (as they would when initially taken out of the box), they execute an auto-install process. It is the auto-install process on the clients that allows SmartInstall to work. Auto-install only executes when the configuration file is absent. The client is represented in the figure below by the access switch.
• Groups: Classification of client switches based on switch model and other parameters for better management. All clients in the same group receive the same Cisco IOS Software image and configuration file. A group is a set of clients for which the same action will be taken.
• External TFTP server (optional): Helps with storing image files for multiple client switch models and their respective configuration files. The director can serve as the TFTP server. In most cases using an external TFTP server is recommended. See Table 3 below for more information on choosing an internal or external TFTP server. The use of a TFTP server is not optional. The TFTP server must either operate on the Director, or an external appliance.
• Dynamic Host Configuration Protocol (DHCP) server: DHCP services are required for the clients. The director can serve as the DHCP server. The DHCP server can optionally be an external device.
Figure 3 offers an illustration of the SmartInstall components described above.
SmartInstall is suited for deployment and management of campus and branch topologies for new and existing switches in the network. In the following sections, this document describes the typical topologies for campus and branch scenarios.
When SmartInstall is enabled in the network, it works as follows:
1. A new client switch is powered on and connected to the existing network. The client switch does not need any configuration to work with SmartInstall. The client will work correctly out of the box with no configuration.
2. Director discovers the new client switch through the Cisco Discovery Protocol.
3. The client switch has no configuration (zero configuration), hence VLAN 1 is enabled by default. The client requests an IP address for interface VLAN 1 using DHCP.
4. The DHCP server (based on the director switch or externally) provides the client switch with the IP address for interface VLAN 1. During this process, the director detects the IP address of the client switch and adds it to its SmartInstall database.
a. The DHCP response to the client contains DHCP options, which give the client information about the TFTP server, configuration file location, and Cisco IOS Software image location.
5. SmartInstall is initiated and the following files are then downloaded (total time for download and reboot is approximately 15 to 20 minutes):
• Client learns director IP address or downloads client_cfg.txt1
SmartInstall supports the Cisco IOS Software-based DHCP server on the director, on other Cisco switches and routers, and third-party DHCP servers based on Windows and Linux. In the case of any external DHCP server, DHCP snooping must be enabled on the director, and the director must be between the DHCP server and the client switch. This is required as the director snoops the DHCP offer packet and inserts its options in the DHCP offer packet.
Warning: When the client switches boot up, the client switch console is usable. Do not enter anything on the client switch console, as this might terminate the SmartInstall operation. If you do interrupt the SmartInstall process on the client, you will need to revert the client to its manufacturing default settings. Erase all files on the flash: file system except the Cisco IOS Software image. Then issue a "write erase" command to remove any configuration that might be present in the NVRAM and reload the switch without saving any configuration.
Securing SmartInstall with the Join Window
SmartInstall provides a feature called Join Window, which allows the user to configure a window of time during which SmartInstall can accept new client switches and provide them with the configuration and Cisco IOS Software image files. The Join Window is the equivalent of a maintenance window for network operations. Only during the maintenance window is the network allowed to be modified. (The software configuration guide for SmartInstall has details on the Join Window: http://www.cisco.com/en/US/docs/switches/lan/smart_install/configuration/guide/concepts.html.)
Any switch that joins the network outside the Join Window will not get the SmartInstall configured image and configuration files. This helps make sure that SmartInstall is active only during a certain window of time and not always open. The Join Window should be configured such that it matches the time when network maintenance is performed.
Choosing the Correct TFTP Server
The TFTP server serves the following purposes:
• Serve configuration files for client switches
• Serve Cisco IOS Software image files for client switches
• Store client configuration backup files
• Store Cisco IOS Software imagelist files
The TFTP server can be external on a central server or internal (on the director switch flash). The decision depends on the topology of the campus. Tables 3 and 4 can be used as reference to decide what type of TFTP server is best suited for a deployment scenario.
Table 3. Using a Director Flash-Based TFTP Server
Client image file, configuration file, and backup configuration versions stored locally on the director flash, avoiding the need for an external device.
Limited storage space because of flash size restrictions (in the case of the Cisco Catalyst 3000 Series as the director).
Avoids the use of an external TFTP server; saves money.
Across a slow WAN link (for example, from the router in a branch) the file downloads can be slow.
• Not scalable.
• No backup of the director flash contents like client backup configuration files, which can be lost in case of a director switch failure.
When using a stack of Cisco Catalyst 3750 Switches as the director switch and TFTP server, each stack member must have a copy of the client Cisco IOS Software image and the configuration file.
• All client switches are of the same model
• A Cisco ISR behaves as the director
• Small topology with less than 10 client switches
• Client switches power up one at a time, not simultaneously
• WAN or network connectivity bandwidth is limited
Table 4. Using an External TFTP Server
Lots of storage space for images, configuration, and backup configuration files for multiple client switch groups.
Requires an external TFTP device; extra infrastructure.
Saves space on the director switch flash.
Extra configuration for file permissions in the case of a Linux TFTP server.
Scalable in large deployments with multiple Cisco IOS Software images and configuration files for different models of client switches; useful in a multiple director environment as well.
Might lead to variable download speeds across the WAN, depending on the router WAN uplink speed.
• Many client groups are defined, requiring multiple Cisco IOS Software images to be maintained for smart install.
• Multiple directors are configured. Take advantage of a single TFTP server shared by all directors.
• There is a need for central management of all image and configuration files for multiple campus or branch locations.
• Network plans are in place to expand with more devices and hence create a need for more storage space.
• More than 10 clients or multiple clients are booting simultaneously.
In most deployment scenarios an external TFTP server will work best. The primary reason is performance. TFTP file downloads are slower when the Networking Device is serving TFTP files as opposed to a Linux or MS Windows based TFTP server. For External TFTP servers, Linux and MS Windows are the most popular. Linux-based servers natively support TFTP capability. For Windows systems, a TFTP program can be downloaded and installed.
SmartInstall in the Campus
Figure 4 outlines a typical campus topology with SmartInstall included.
Figure 4. Typical Campus Topology
In a campus-type topology, the Cisco Catalyst 4500 or 6500 Series Switch can play the role of the director switch. Sometimes in campus deployments there is a Layer 2 aggregation layer between the first Layer 3 hop and the network access devices. The Layer 2 aggregation switches can also be SmartInstall clients. SmartInstall can work with clients directly connected to the director or indirectly connected, as seen in Figure 4.
SmartInstall is designed to work with .tar Cisco IOS Software images for the client switches, and hence it is mandatory to use a .tar Cisco IOS Software image.
After a switch is upgraded using SmartInstall, the director automatically enables configuration backup on the client switch to track the switch configuration changes made by the network administrator. Configuration files are stored on the director switch flash by default but can be changed to store on an external TFTP server as well.
SmartInstall in the Branch
Figure 5 outlines a typical branch topology with SmartInstall included.
Figure 5. Typical Branch Topology
Typical branch-type deployments have switches in the closet that provide connectivity to the various end devices in the branch and a Cisco ISR that provides connectivity to the WAN. In such a scenario, it is useful to use the SmartInstall director capability of the ISR.
The director router could use its flash to store client switch Cisco IOS Software images and configuration files, or use an external TFTP server for the same. Tables 3 and 4 explain the advantages and disadvantages of choosing one over the other.
SmartInstall in a Topology with the Same Switch Model
Figure 6 shows a simple SmartInstall deployment with a single model of client switches. In such cases, it is useful to use the default setting for the Cisco IOS Software image and configuration file, which is the easiest to configure. The configured Cisco IOS Software image and configuration setting applies to all client switches.
Figure 6. Topology with Same Model of Client Switches
Director-based flash is the best choice for TFTP server in such cases if the flash has at least 20 MB of free space. Ensure the TAR file and configuration file of all the client groups does not exceed the available flash file system space on the Director. An external TFTP Server (eg: Laptop or PC) is recommended when the Director Flash file system space is limited.
When the director switch detects new client switches or switches with zero configuration, it provides the image and configuration as defined in the default group settings.
SmartInstall can also upgrade Cisco IOS Software for existing client switches, which have configuration on them using the on-demand upgrade capability present in SmartInstall.
SmartInstall in a Topology with Different Switch Models
The concept of "groups" in SmartInstall helps network administrators to successfully push images and configurations to each of the switch models. A group is a built-in feature, which helps identify one switch model from the other. There are two types of groups: built-in and custom.
The built-in groups are for the switches which are currently supported by Cisco. These include all the Cisco Catalyst 3560V2, 3560-G, 3560-C, 3560E, 3560-X, 3750V2, 3750-G, 3750-E, 3750-X, 2960, 2960-G, 2960S, 2960SF, 2960-C, and 2360 switches. Each built-in group has two parameters that the user must configure: image and configuration file for switches that belong to the group.
Figure 7 outlines a SmartInstall branch topology using groups.
Figure 7. SmartInstall Topology Using Groups
Custom groups provide the flexibility to add uniqueness to switches, which fit into the same built-in group. A custom group has three input parameters: image, configuration, and match. While image and configuration represent the image and configuration file for the switches that qualify for that group, the match criterion tells the director the basis on which a given switch is different than the other switches that belong to the same model.
Smart Install Directors support the ability to manage clients that do not have built-in groups, For this Custom groups are used. For example, the Cisco Catalyst 2960-C compact switches, built-in group support is not present in Cisco IOS Software Release 12.2.55SE, hence it is supported as a custom group. (Built-in group support for Cisco Catalyst 2960-C Series and Cisco Catalyst 3560-C Series Switches was added in Cisco IOS Software Release 12.2.58SE.) To support compact switches as clients in Director running an IOS version that does not have compact switch as clients built-in, use the Product ID type of custom group.
Custom groups are of four types:
• Product ID: The match criterion here is the product ID of the switch. This custom group is useful when introducing a new switch model in the network that is currently not supported under the built-in groups. Hence, product ID-based groups provide future-proofing.
– Example: Add the Cisco Catalyst 3560-C and the 2960-C compact switches to an existing SmartInstall network with the director running Cisco IOS Software Release 12.2.55SE. In this software release, the 3560-C and 2960-C switches are not a part of the existing built-in group list. Hence, creating a custom product ID-based group is the best choice.
• MAC address based: The match criterion here is the MAC address of the switch. The user can configure multiple MAC addresses within one MAC address-based custom group. A typical use case for this scenario is when the user wants only certain switches of the same model in the network to have a different configuration as compared to the other switches.
– Example: In a university campus type of deployment, if switches in the dormitories need a different configuration than the switches in the engineering building, and if all these switches belong to the same model, then the user gets to choose some switches and configure a MAC address-based custom group for them.
• Connectivity based: The match criteria here are the interface number and the IP address of the intermediate switch between the director and the client. The client switch should be directly connected to this intermediate switch. This group helps the director identify client switches based on their location and treat the switch with a different configuration if appropriate.
– Example: If the user wants switches to have a location-specific configuration, a connectivity-based group is useful.
• Stack based: The match criterion here is that the client switches must be stacked. All the Cisco Catalyst3750, 3750-E, 3750-X, and 2960S and 2960SF Series Switches are supported. This group supports the same hardware and mixed hardware stacks (Cisco Catalyst 3750-G, 3750-E, 3750-X Switches, and so on). In the match criteria for this group, the user can configure all the switch models and their respective stack member numbers as match criteria.
– Example: A stack of Cisco Catalyst 3750-X 24-port, 3750-X with 48-port Power over Ethernet (PoE), 3750-X 24-port PoE can qualify as one stack-based custom group.
Configuration Backup and Switch Replacement
Configuration backup for the client switches is enabled by default when SmartInstall is configured on the director. This creates a backup of the existing running configuration of every client switch and saves it in a repository. This repository is by default on the director switch flash under a subdirectory called vstack. Every time a user changes the configuration on any of the client switches and enters write memory on the client switch console, the director switch creates a backup of the new configuration to record the most recent configuration.
Users also have the provision to configure the backup on an external TFTP server.
Directory of flash:/vstack/
3 -rwx 2155 Oct 13 2010 14:06:41 +00:00 2960s-081f.f388.8a00.REV2
4 -rwx 6192 Jan 4 2011 14:07:06 +00:00 2960s-0026.527c.ba00.REV2
As shown in the preceding output, the subdirectory has configuration files for the client switches. Every file name follows the naming convention of "hostname-Base Ethernet MAC Address-REV1or REV2" (most recent version).
If the client-to-director connection is lost after issuing the write memory command, the backup process fails. In such a case, the client switch tries to reestablish the connection so that the client file is backed up on the director. If the user entered the write memory command more than once, the files associated with the last write memory command event are backed up on the director. If the client reloads or fails before receiving feedback that the backup was successful, any changes made to the client startup do not take effect until the user reloads the client.
When a client switch fails because of any reason, a notification is sent to the director switch about the client down event associated to the Ethernet interface where the client was connected to the network. At this time, the network administrator replaces the faulty switch with a new client switch of the same model. This new switch must connect to the network using the Ethernet interfaces as the client switch it is replacing.
When this switch is powered on with zero configuration, the director gets a client up event for the port on which the client is connected. It identifies the new switch as a replacement for the previous switch. The director then pushes the last known good configuration to the client switch along with the Cisco IOS Software image configured for that client group.
The zero-touch switch replacement enables the administrator to have someone with minimal technical expertise replace the faulty switch. This reduces cost, effort, and time taken to replace the switch.
Text Files Created by SmartInstall
Imagelist for a group: In the case of built-in groups and custom groups, when the user defines the group, the director switch creates a text file with the Cisco IOS Software image name in it and transfers it to the TFTP server. This file is called the "imagelist" for that group. When the client switch is added to the network, after getting the IP address on VLAN 1, the director identifies the group to which the particular client switch belongs.
It then directs the client to download the imagelist from the TFTP server. The downloaded imagelist tells the client switch exactly which Cisco IOS Software file to download from the TFTP server. After this, the client downloads the image. The TFTP server must have an imagelist for every group (built-in or custom) that is created on the director.
An imagelist for a built-in group of Cisco Catalyst 2960 Switches, 48-port with LAN-lite license level looks like:
An imagelist for a custom group of Cisco Catalyst 2960 Switches with the name 2960-custom looks like:
Client_cfg.txt: This file is created when a user enables SmartInstall on a director switch or router. It is stored on the director flash. When a client switch running a Cisco IOS Software image prior to 12.2.52SE is added to the network, it downloads client_cfg.txt to establish communication with the director.
A switch that has a Cisco IOS Software release of 12.2.52SE or later gets the director switch IP address in the DHCP options and therefore does not need the client_cfg.txt file. Deleting this file will abort SmartInstall for client switches that have a Cisco IOS Software image release older than 12.2.52SE. Therefore, do not delete the client_cfg.txt file. The contents of this file are as follows:
enable password cisco
do telnet 10.0.0.33 18843
In this case, 10.0.0.33 is the IP address of the director switch. The username and password is used only during the initial connection with the director switch. After connectivity is established, the director can provide a more secure password to access the client switch using the client configuration file.
SmartCustomer's Director Switch Configuration
Referring back to our company scenario at the beginning of this document, the following is the SmartInstall-related configuration for SmartCustomer's retail deployment. SmartCustomer has defined built-in groups for its Cisco Catalyst 2960-S and a product ID-based custom group for its Cisco Catalyst 2960-C compact switches. The TFTP server is external, and the DHCP server is based on the director switch. The SmartInstall-specific section of running configuration for SmartCustomer's director switch is as follows:
1Client switches running Cisco IOS Software Release 12.2.52SE or later learn about the director IP address through the DHCP options. Client switches running Cisco IOS Software Release versions that are older than 12.2.52SE learn about the director by downloading the client_cfg.txt.Client_cfg.txt is explained later in this document.
2The Imagelist contains the name of the Cisco IOS Software image for a switch group. This file is created by the director and is stored on the configured TFTP server. The client switch downloads this file to learn about the Cisco IOS Software image file that it needs to download. Imagelist is explained in detail in the "Text Files Created by SmartInstall" section.