簡介
本檔案介紹在Cisco Catalyst 9k系列交換器上設定和布建零接觸布建(ZTP)。
必要條件
需求
思科建議您瞭解以下主題:
- 交換機上的動態主機配置協定(DHCP)伺服器配置
- 基本Python代碼
- HTTP/TFTP服務基礎知識
支援的平台
- 執行16.5.1a版的Catalyst 9300系列交換器
- 執行16.5.1a版的Catalyst 9500系列交換器
- 執行16.6.2版的Catalyst 9400系列交換器
採用元件
本文中的資訊係根據以下軟體和硬體版本:
- Cisco IOS® XE 17.6.4上的Cisco Catalyst 9300交換機
- Cisco Catalyst 3850交換機用選項67配置充當DHCP伺服器
- 安裝有HTTP服務的終端主機包含一個Python檔案。
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
背景資訊
零接觸調配(ZTP)用於在幾分鐘內準確調配網路裝置,無需任何手動干預。
網路圖表
零接觸調配基本設定和步驟
ZTP操作(詳細步驟)
當將Catalyst 9000系列交換機引入現有網路時,ZTP會自動進行配置,而無需啟動配置。無需任何手動干預。詳細步驟解釋如下:
步驟 1.連線新交換機
將新交換機連線到現有基礎設施並開啟裝置電源。交換器啟動時沒有啟動組態。
步驟 2.ZTP啟動
交換機自動啟動ZTP進程。
步驟 3.DHCP請求
交換機發出DHCP發現消息。
步驟 4.DHCP回應
DHCP伺服器使用包含選項67的選項進行響應,該選項具有HTTP伺服器IP和URL。
步驟 5.HTTP URL
交換機接收該服務並為自己的通訊獲取IP地址。它還會接收HTTP伺服器的IP地址和ZTP Python檔案的完整URL。
步驟 6.下載
交換器連線至HTTP伺服器並下載 ZTP.py
檔案。
步驟 7.GuestShell
交換機自動啟用guest shell。
步驟 8.配置部署
交換機執行Python檔案,並且自動應用配置。
步驟 9.成功
交換機會破壞guestshell並 script execution is a success
系統會顯示該消息。
設定
設定HTTP服務
步驟 1.在終端主機中安裝HTTP服務(示例Linux)
sudo apt update
sudo apt install apache2
步驟 2.建立Python檔案ztp_http.py
如果出現任何許可權問題,請使用 chmod 777
以便授予檔案完全許可權。
Python檔案具有以下任務:
1. Show命令驗證。
2.環回配置。
3.配置驗證。
#Importing cli module
import cli
print "\n\n Running show version \n\n"
cli.executep('show version')
print "\n\n Configure a Loopback Interface \n\n"
cli.configurep(["interface loop 25", "ip address 192.168.0.25 255.255.255.255", "end"])
print "\n\n Running show ip interface brief \n\n"
cli.executep('show ip int brief | i up')
print "\n\n ZTP is success \n\n"
此檔案必須儲存在 /var/www/html
在Linux機器中。
vm: /var/www/html$ -ls -l ztp_http.py
-rwxrwxrwx 1 root root 346 Apr 04 14:14 ztp_http.py
步驟 3.驗證HTTP服務和偵聽埠
使用service命令驗證HTTP服務是否已啟動並立即運行。
vm: /var/www/html$ sudo service apache2 status
Active: active (running)
驗證HTTP服務當前偵聽的埠。
vm: /var/www/html$ sudo netstat -anp | grep apache
tcp6 0 :::80 :::* LISTEN 1998/apache2 <<<< Listens at 80
步驟 4.連線埠的瀏覽器驗證
使用任何Web瀏覽器驗證檔案是否可下載。
1.開啟同一台電腦(本例中為Linux)內的任何瀏覽器。
2.在搜尋欄中輸入此內容 localhost:80/ztp_http.py
3.自動下載檔案。
設定DHCP服務
步驟 1.調配介面配置(新裝置)
新交換機應連線到G1/0/1。
enable
configure terminal
interface g1/0/1
description New_9300_switch
switchport
switchport mode access
switchport access vlan 1
步驟 2.HTTP伺服器連線的介面配置
HTTP伺服器(Linux)直接連線到3850交換機,例如介面G1/0/2。
enable
configure terminal
interface g1/0/2
description Linux_is_connected_here
switchport
switchport mode access
switchport access vlan 1
步驟 3.DHCP作用域配置
使用選項67配置DHCP池的示例。
enable
configure terminal
ip dhcp pool ZTP_Pool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
option 67 ascii http://10.0.0.2:80/ztp_http.py
end
驗證
目前沒有適用於此組態的驗證程序。
工作輸出
No startup-config, starting autoinstall/pnp/ztp...
Autoinstall will terminate if any input is detected on console
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: <<<<<<<< Do not provide any input during this time.
Autoinstall trying DHCPv6 on Vlan1
Autoinstall trying DHCPv4 on Vlan1
Acquired IPv4 address 10.0.0.10 on Interface Vlan1
Received following DHCPv4 options:
bootfile : http://10.0.0.2:80/ztp_http.py
stop Autoip process
OK to enter CLI now...
pnp-discovery can be monitored without entering enable mode
Entering enable mode will stop pnp-discovery
Attempting bootfile http://10.0.0.2:80/ztp_http.py
Loading http://10.0.0.2:80/ztp_http.py
Loading http://10.0.0.2:80/ztp_http.py day0guestshell activated successfully
Current state is: ACTIVATED
day0guestshell started successfully
Current state is: RUNNING
Guestshell enabled successfully
Running show version <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< show command executed
Cisco IOS XE Software, Version 17.06.04
Cisco IOS Software [Bengaluru], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.6.4, RELEASE SOFTWARE (fc1)
<snipped>
Model Number : C9300L-48T-4X
System Serial Number : FOC2531LGM8
CLEI Code Number :
Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 53 C9300L-48T-4X 17.06.04 CAT9K_IOSXE BUNDLE
Configure a Loopback interface <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< configuration
Line 1 SUCCESS: interface loop 25
Line 2 SUCCESS: ip address 192.168.0.25 255.255.255.255
Line 3 SUCCESS: end
Running show ip int brief <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Config Verification
Vlan1 10.0.0.10 YES DHCP up up
Vlan4094 192.168.2.1 YES manual up down
GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet1/0/2 unassigned YES unset up up
GigabitEthernet1/0/3 unassigned YES unset up up
Ap1/0/1 unassigned YES unset up up
Loopback25 192.168.0.25 YES other up up
ZTP is success
Guestshell destroyed successfully
Script execution success! <<<<<<<<<<<<<<<<<<< Success message
疑難排解
本節提供的資訊可用於對組態進行疑難排解。
常見問題
1.網路中存在的其他DHCP伺服器
No startup-config, starting autoinstall/pnp/ztp...
Autoinstall will terminate if any input is detected on console
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
Autoinstall trying DHCPv6 on Vlan1
Autoinstall trying DHCPv4 on Vlan1
Acquired IPv4 address 192.168.45.117 on Interface Vlan1 <<<<<<<<<< Gets different ip from another DHCP server.
Received following DHCPv4 options:
hostname : Switch
stop Autoip process
OK to enter CLI now...
pnp-discovery can be monitored without entering enable mode
Entering enable mode will stop pnp-discovery
Guestshell destroyed successfully
stop Autoip process
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: no
2. Python檔案錯誤
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
Autoinstall trying DHCPv6 on Vlan1
Autoinstall trying DHCPv4 on Vlan1
Acquired IPv4 address 10.106.37.69 on Interface Vlan1
Received following DHCPv4 options:
bootfile : http://10.106.37.59:80/ztp_http.py
stop Autoip process
OK to enter CLI now...
pnp-discovery can be monitored without entering enable mode
Entering enable mode will stop pnp-discovery
Attempting bootfile http://10.106.37.59:80/ztp_http.py
Loading http://10.106.37.59:80/ztp_http.py
Loading http://10.106.37.59:80/ztp_http.py day0guestshell activated successfully
Current state is: ACTIVATED
day0guestshell started successfully
Current state is: RUNNING
Guestshell enabled successfully
File "/bootflash/guest-share/downloaded_script.py", line 1
print "\n\n Running show version \n\n"
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("\n\n Running show version \n\n")? <<<<<< Error
Guestshell destroyed successfully
Script execution success!
3. HTTP服務埠號
HTTP服務正在偵聽不同的埠(例如8080),但選項67的DHCP配置指向80。
enable
configure terminal
ip dhcp excluded-address 10.0.0.2
ip dhcp pool ZTP_Pool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
option 67 ascii http://10.0.0.2:80/ztp_http.py <<<<<<<<<<<<< Change to 8080
4.重複的IP地址
檢驗DHCP作用域並排除分配給HTTP伺服器的IP地址。
enable
configure terminal
ip dhcp excluded-address 10.0.0.2 <<<<<<<<<<<<<<<< Exclude HTTP server address.
ip dhcp pool ZTP_Pool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
option 67 ascii http://10.0.0.2:80/ztp_http.py
5.驗證HTTP服務、停止和重新啟動
vm: /var/www/html$ sudo service apache2 stop
vm: /var/www/html$ sudo service apache2 start
vm: /var/www/html$ sudo service apache2 status
封包捕獲
HTTP交換摘要:
10.0.0.10 10.0.0.2 HTTP 183 GET /http_ztp.py HTTP/1.1 <<<<<< HTTPGETrequest
10.0.0.2 10.0.0.10 HTTP 245 HTTP/1.1 200 OK (text/x-python) <<<<<< Response
HTTP響應詳細資訊:
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
Content-Type: text/x-python\r\n
Content-Length: 20\r\n
Date: Tue, 04 Apr 2023 12:24:02 GMT\r\n
Connection: keep-alive\r\n
Keep-Alive: timeout=5\r\n
\r\n
[HTTP response 1/2]
[Time since request: 0.204568243 seconds]
[Request in frame: 21]
[Next request in frame: 25]
[Next response in frame: 26]
[Request URI: http://10.0.0.2:80/http_ztp.py] >>>>>>> URL