Using PowerOn Auto Provisioning
This chapter contains the following sections:
About PowerOn Auto
Provisioning (POAP) automates the process of
upgrading software images and installing configuration files on
devices that are being deployed in the network for the first time.
When a device with the
POAP feature boots and does not find the startup configuration, the device
enters POAP mode, locates a DHCP server, and bootstraps itself with its
interface IP address, gateway, and DNS server IP addresses. The device also
obtains the IP address of a TFTP server or the URL of an HTTP server and
downloads a configuration script that enables the switch to download and
install the appropriate software image and configuration file.
The DHCP information
is used only during the POAP process.
POAP requires the
following network infrastructure:
Figure 1. POAP Network
A DHCP server to
bootstrap the interface IP address, gateway address, and Domain Name System
A TFTP server
that contains the configuration script used to automate the software image
installation and configuration process.
One or more
servers that contains the desired software images and configuration files.
The reference script
supplied by Cisco supports the following functionality:
switch-specific identifier, for example, the serial number.
Downloads the nx-os
software image if the files do not already exist on the switch. The nx-os image
is installed on the switch and is used at the next reboot.
downloaded configuration to be applied at the next switch reboot.
configuration as the startup configuration.
Cisco has sample
configuration scripts that were developed using the Python programming language
and Tool Command Language (Tcl). You can customize one of these scripts to meet
the requirements of your network environment. You can access the Python script
to perform POAP on the Cisco Nexus 9000 Series switch at this link:
The Python programming
language uses two APIs that can execute CLI commands. These APIs are described
in the following table. The arguments for these APIs are strings of the CLI
raw output of CLI commands, including the control/special characters.
commands that support XML, this API puts the command output in a Python
This API can
be useful to help search the output of
The POAP process has
the following phases:
Within these phases,
other process and decision points occur. The following illustration shows a
flow diagram of the POAP process.
Figure 2. POAP
When you powerup the
device for the first time, it loads the software image that is installed at
manufacturing and tries to find a configuration file from which to boot. When a
configuration file is not found, POAP mode starts.
During startup, a prompt
appears asking if you want to abort POAP and continue with a normal setup. You
can choose to exit or continue with POAP.
No user intervention
is required for POAP to continue. The prompt that asks if you want to abort
POAP remains available until the POAP process is complete.
If you exit POAP mode,
you enter the normal interactive setup script. If you continue in POAP mode,
all the front-panel interfaces are set up in the default configuration.
The switch sends out
DHCP discover messages on the front-panel interfaces or the MGMT interface that
solicit DHCP offers from the DHCP server or servers. (See the following
figure.) The DHCP client on the Cisco Nexus switch uses the switch serial
number in the client-identifier option to identify itself to the DHCP server.
The DHCP server can use this identifier to send information, such as the IP
address and script filename, back to the DHCP client.
POAP requires a minimum
DHCP lease period of 3600 seconds (1 hour). POAP checks the DHCP lease period.
If the DHCP lease period is set to less than 3600 seconds (1 hour), POAP does
not complete the DHCP negotiation.
The DHCP discover
message also solicits the following options from the DHCP server:
TFTP server name or
TFTP server address—The DHCP server relays the TFTP server name or TFTP server
address to the DHCP client. The DHCP client uses this information to contact
the TFTP server to obtain the script file.
DHCP server relays the bootfile name to the DHCP client. The bootfile name
includes the complete path to the bootfile on the TFTP server. The DHCP client
uses this information to download the script file.
When multiple DHCP
offers that meet the requirement are received, an offer is randomly chosen. The
device completes the DHCP negotiation (request and acknowledgment) with the
selected DHCP server, and the DHCP server assigns an IP address to the switch.
If a failure occurs in any of the subsequent steps in the POAP process, the IP
address is released back to the DHCP server.
If no DHCP offers meet
the requirements, the switch does not complete the DHCP negotiation (request
and acknowledgment) and an IP address is not assigned.
Figure 3. DHCP Discovery
Script Execution Phase
After the device bootstraps itself using the information in the DHCP acknowledgement, the script file is downloaded from the TFTP server.
The switch runs the configuration script, which downloads and
installs the software image and downloads a switch-specific
However, the configuration file is not applied to the switch at
this point, because the software image that currently runs on the
switch might not support all of the commands in the configuration
file. After the switch reboots, it begins running the new software
image, if an image was installed. At that point, the configuration is
applied to the switch.
If the switch loses connectivity, the script stops, and
the switch reloads its original software images and bootup
Post-Installation Reload Phase
The switch restarts and applies (replays) the configuration on the upgraded software image. Afterward, the switch copies the running configuration to the startup configuration.
Limitations for POAP
guidelines and limitations are as follows:
The switch software
image must support POAP for this feature to function.
POAP does not
support provisioning of the switch after it has been configured and is
operational. Only auto-provisioning of a switch with no startup configuration
If you use POAP to
bootstrap a Cisco Nexus device that is a part of a virtual port channel (vPC)
pair using static port channels on the vPC links, the Cisco Nexus device
activates all of its links when POAP starts up. The dually connected device at
the end of the vPC links might start sending some or all of its traffic to the
port-channel member links that are connected to the Cisco Nexus device, which
causes traffic to get lost.
To work around this
issue, you can configure Link Aggregation Control Protocol (LACP) on the vPC
links so that the links do not incorrectly start forwarding traffic to the
Cisco Nexus device that is being bootstrapped using POAP.
If you use POAP to
bootstrap a Cisco Nexus device that is connected downstream to a Cisco Nexus
9000 Series switch through a LACP port channel, the Cisco Nexus 9000 Series
switch defaults to suspend its member port if it cannot bundle it as a part of
a port channel. To work around this issue, configure the Cisco Nexus 9000
Series switch to not suspend its member ports by using the
suspend-individual command from interface configuration mode.
updates are logged in the syslog and are available from the serial console.
errors are logged to the bootflash. The filename format is
date-time is in the YYYYMMDD_hhmmss format and
PID is the process ID.
Script logs are
saved in the bootflash directory. The filename format is
date-time is in the YYYYMMDD_hhmmss format and
PID is the process ID.
You can configure
the format of the script log file. Script file log formats are specified in the
script. The template of the script log file has a default format; however, you
can choose a different format for the script execution log file.
The POAP feature
does not require a license and is enabled by default. However for the POAP
feature to function, appropriate licenses must be installed on the devices in
the network before the deployment of the network.
Setting Up the Network
Environment to Use POAP
|| Modify the basic
configuration script provided by Cisco or create your own script.
|| Deploy a DHCP
server and configure it with the interface, gateway, and TFTP server IP
addresses and a bootfile with the path and name of the configuration script
file. (This information is provided to the switch when it first boots.)
|| Deploy a TFTP
server to host the configuration script.
|| Deploy one or
more servers to host the software images and configuration files.
Configuring a Switch
Before You Begin
Make sure that the
network environment is set up to use POAP.
|| Install the
switch in the network.
||Power on the
configuration file is found, the switch boots in POAP mode and displays a
prompt that asks if you want to abort POAP and continue with a normal setup.
No entry is
required to continue to boot in POAP mode.
||(Optional) If you
want to exit POAP mode and enter the normal interactive setup script, enter
The switch boots,
and the POAP process begins.
What to Do Next
Verifying the Device Configuration
To verify the configuration after bootstrapping the device using POAP, use one of the following commands:
Displays the running configuration.
Displays the startup configuration.