Using PowerOn Auto Provisioning
This chapter describes how to deploy and use PowerOn Auto Provisioning (POAP)
This chapter contains the following sections:
Information About PowerOn Auto Provisioning
PowerOn Auto Provisioning (POAP) automates the process of
upgrading software images and installing configuration files on
Cisco Nexus switches that are being deployed in the network for the first time.
When a Cisco Nexus switch with the POAP feature boots and does not
find the startup configuration, the switch enters POAP mode, locates a DHCP server and bootstraps itself with its interface IP address, gateway, and DNS server IP addresses. It also obtains the IP address of a TFTP
server or the URL of an HTTP server and downloads a configuration script that is run on the
switch to download and install the appropriate software image and
The DHCP information is used only during the POAP.
POAP requires the following network infrastructure:
Figure 1. POAP Network Infrastructure
- A DHCP server to bootstrap the interface IP address, gateway address, and DNS server
- A TFTP or HTTP server containing the configuration script used to automate the software image installation and configuration process
- One or more servers containing the desired software images and configuration files
POAP Configuration Script
The reference script supplied by Cisco supports the following functionality:
- Retrieves the switch-specific identifier, for example, the serial number.
- Downloads the software image (system and kickstart images) if the files do not already exist on the switch. The software image is installed on the switch and is used at the next reboot.
- Schedules the downloaded configuration to be applied at the next switch reboot.
- Stores the configuration as the startup-configuration.
We provide sample configuration scripts that were developed using the Python programming language and Tool Command Language (Tcl). You can customize one of these scripts to meet the requirements of your network environment. For information about customizing this script using Python, see the Python Scripting and API Configuration Guide at this URL: http://www.cisco.com/en/US/products/ps11541/products_programming_reference_guides_list.html.
The POAP process has four phases:
- Power up
- DHCP discovery
- Script execution
- Post-installation reload
Within these phases, other process and decision points occur. The following illustration shows a flow diagram of the POAP process.
When you power-up a switch for the first time, it loads the
software image installed at manufacturing and tries to find a configuration file from which to
boot. When no configuration file is found, POAP mode starts.
During startup, a prompt appears asking if you want to abort
POAP and continue with normal setup. You can choose to exit or
continue with POAP.
No user intervention is required for POAP to continue. The prompt that asks if you want to abort POAP remains available until the POAP process is complete.
If you exit POAP mode, you enter the normal
interactive setup script. If you continue in POAP mode, all the front-panel
interfaces are set up in Layer 3 mode, which ensures that the device does not participate in any Layer 2 forwarding.
DHCP Discovery Phase
The switch sends out DHCP discover messages on all of the active interfaces (including the mgmt interface) soliciting DHCP offers from the DHCP
server or servers. The DCHP client on the Cisco Nexus switch uses the
switch serial number in the client-identifier option to identify
itself to the DHCP server. The DHCP server can use this identifier
to send information, such as the IP address and script file name,
back to the DHCP client.
The DHCP discover message also solicits the
following options from the DHCP server.
- TFTP server name or TFTP server address—The DHCP server relays the TFTP server name or TFTP server address to the DHCP client. The DHCP client uses this information to contact the TFTP server to obtain the script file.
- Bootfile name—The DHCP server relays the bootfile name to the DHCP client. The bootfile name includes the complete path to the bootfile on the TFTP server. The DHCP client uses this information to download the script file.
When multiple DHCP offers that meet the requirement are received, an offer is randomly chosen. The device completes the DHCP negotiation (request and acknowledgment) with the selected DHCP server, and the DHCP server assigns an IP address to the switch. If there is a failure in any of the subsequent steps in the POAP process, the IP address is released back to the DHCP server.
If no DHCP offers meet the requirements, the switch does not complete the DHCP negotiation (request and acknowledgment) and an IP address is not assigned.
Figure 3. DHCP Discovery Phase
Script Execution Phase
Once the device has bootstrapped itself using the information in the DHCP acknowledgement, the script file is downloaded from the TFTP server or the HTTP server.
The switch runs the configuration script, which downloads and
installs the software image and downloads a switch-specific
However, the configuration file is not applied to the switch at
this point, because the software image currently running on the
switch might not support all of the commands in the configuration
file. After the switch reboots, it begins running the new software
image, if one was installed. At that point, the configuration is
applied to the switch.
If the switch loses connectivity, the script stops, and
the switch reloads its original software images and bootup
Post-Installation Reload Phase
The switch restarts and applies (replays) the configuration on the upgraded software image. Afterward, the switch copies the running configuration to the startup configuration.
Guidelines and Limitations for POAP
Cisco Nexus switch software image must support POAP for this feature to
- POAP does not support provisioning of the switch
after it has been configured and is operational. Only auto-provisioning of a switch with no startup configuration is
- If a LACP Layer 3 port-channel is configured on an uplink device connected to the Cisco Nexus device that is being bootstrapped using POAP, the port-channel is not active because all the member links are in a suspended state. Therefore, the Cisco Nexus device that is being bootstrapped using POAP cannot reach the DHCP server or any other infrastructure device needed for POAP. To work around this issue, configure a static L3 port-channel on the uplink device connected to the Cisco Nexus device that is being bootstrapped using POAP.
- If you use POAP to bootstrap a Cisco
Nexus device that is a part of a vPC pair using static
port-channels on the VPC links, the Cisco Nexus device activates
all of its links upon POAP startup. The dually connected device at
the end of the VPC links might start sending some or all of its
traffic to the port-channel member links connected to the Cisco
Nexus device, and the traffic would be lost.
To work around this issue, you can
configure LACP on the vPC links so that the links do not
incorrectly start forwarding traffic to the Cisco Nexus device that
is being bootstrapped using POAP.
- If you use POAP to bootstrap a Cisco Nexus device that is connected downstream to a Cisco Nexus Series
7000 device through a LACP port-channel, the Cisco Nexus 7000
Series device defaults to suspend its member port if it cannot bundle
it as a part of a port-channel. To work around this issue,
configure the Cisco Nexus 7000 Series device to not suspend its
member ports using the no lacp suspend-individual command from
interface configuration mode.
Important POAP updates
are logged in the syslog and are available from the serial
Critical POAP errors are
logged to the bootflash. The filename format is date-time_poap_PID_[init,1,2].log, where date-time is in the YYYYMMDD_hhmmss format and PID is the process ID.
- Script logs are saved in the bootflash directory. The filename format is date-time_poap_PID_script.log, where date-time is in the YYYYMMDD_hhmmss format and PID is the process ID.
Setting Up the
Network Environment To Use POAP
|| Modify the
basic configuration script provided by Cisco or create your own script.
information, see the
Scripting and API Configuration Guide.
||Every time you
make a change to the configuration script, ensure that you recalculate the MD5
checksum by running
# f=poap_fabric.py ; cat $f |
sed '/^#md5sum/d' > $f.md5 ; sed -i "s/^#md5sum=.*/#md5sum=\"$(md5sum $f.md5
| sed 's/ .*//')\"/" $f using a bash shell. For more information,
||(Optional)Put the POAP
configuration script and any other desired software image and switch
configuration files on a USB device accessible to the switch.
|| Deploy a DHCP
server and configure it with the interface, gateway, and TFTP server IP
addresses and a bootfile with the path and name of the configuration script
file. (This information is provided to the switch when it first boots.)
You do not need
to deploy a DHCP server if all software image and switch configuration files
are on the USB device.
|| Deploy a TFTP
or HTTP server to host the configuration script.
|| Deploy one or
more servers to host the software images and configuration files.
Configuring a Switch Using POAP
Install the switch in the network.|
||Power on the switch. |
If no configuration file is found, the switch boots in POAP mode
and displays a prompt asking if you want to abort POAP and continue
with normal setup.
||No entry is required to continue to boot in POAP mode. If you want to exit POAP mode and enter the normal interactive setup script, enter y (yes). |
The switch boots, and the POAP process begins. For information, see the POAP Process section.
What to Do Next
Verify the configuration.
Verifying the Device Configuration
Use one of the following commands to verify the configuration after bootstrapping the device using POAP:
Displays the running configuration.
Displays the startup configuration.
For detailed information about the fields in the output from these
commands, see the
Cisco Nexus 3000 Series NX-OS Command Reference.