在Catalyst 9000系列交換器上設定ZTP並疑難排解

簡介

本檔案介紹Cisco Catalyst 9000系列交換器上的零接觸布建(ZTP)的設定和布建。 

必要條件

需求 

思科建議您瞭解以下主題：

• 交換機上的動態主機配置協定(DHCP)伺服器配置
• Python代碼基礎知識 
• HTTP/TFTP服務基礎知識

許可證要求

• Network Advantage或Network Essentials許可證必須處於活動狀態。

支援的平台

• 執行16.5.1a版的Catalyst 9300系列交換器
• 執行16.5.1a版的Catalyst 9500系列交換器
• 執行16.6.2版的Catalyst 9400系列交換器

附註：C9600不支援此功能。

採用元件

本文中的資訊係根據以下軟體和硬體版本：

• Cisco IOS® XE 17.6.4上的Cisco Catalyst 9300交換機
• Cisco Catalyst 3850交換機用選項67配置充當DHCP伺服器
• 安裝有HTTP服務的終端主機包含一個Python檔案。

本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除（預設）的組態來啟動。如果您的網路運作中，請確保您瞭解任何指令可能造成的影響。

背景資訊

零接觸調配(ZTP)用於在幾分鐘內準確調配網路裝置，無需任何手動干預。

網路圖表

零接觸調配基本設定和步驟

ZTP操作（詳細步驟）

當將Catalyst 9000系列交換機引入現有網路時，ZTP會自動進行配置，而無需啟動配置。無需任何手動干預。詳細步驟在此解釋。

步驟1.連線新交換機

將新交換機連線到現有基礎設施並開啟裝置電源。交換器啟動時沒有啟動組態。

步驟2. ZTP啟動

交換機自動啟動ZTP進程。

步驟3. DHCP請求

交換機發出DHCP發現消息。

步驟4. DHCP響應

DHCP伺服器使用包含選項67的選項進行響應，該選項具有HTTP伺服器IP和URL。

步驟5. HTTP URL

交換機接收該服務並為自己的通訊獲取IP地址。它還會接收HTTP伺服器的IP地址和下載ZTP.py檔案的完整URL。

步驟6.下載

交換器連線到HTTP伺服器並下載檔ZTP.py案。

步驟7.外殼

交換機自動啟用guest shell。

步驟8.配置部署

交換機執行Python檔案，並且自動應用配置。

步驟9.成功

交換機將破壞guestshell並script execution is a success顯示消息。

組態

設定HTTP服務

步驟1.在終端主機中安裝HTTP服務（示例Linux）

sudo apt update
sudo apt install apache2

步驟2.建立Python檔案ztp_http.py

如果出現任何許可權問題chmod 777，請使用授予檔案完全許可權。

Python檔案包含由以下任務組成的代碼：

1. Show命令。

2.環回配置。

3.驗證配置。

Python代碼：

#Importing cli module
import cli

print "\n\n Running show version \n\n"
cli.executep('show version')

print "\n\n Configure a Loopback Interface \n\n"
cli.configurep(["interface loop 25", "ip address 192.168.0.25 255.255.255.255", "end"])

print "\n\n Running show ip interface brief \n\n"
cli.executep('show ip int brief | i up')

print "\n\n ZTP is success \n\n"

Python檔案的位置。

vm: /var/www/html$ ls -l ztp_http.py
-rwxrwxrwx 1 root root 346 Apr 04 14:14 ztp_http.py

在Linux電腦上，此檔案必須儲存在/var/www/html下。

步驟3.檢驗HTTP服務和偵聽埠

使用service命令驗證HTTP服務是否已啟動並立即運行。

vm: /var/www/html$ sudo service apache2 status
Active: active (running)

驗證HTTP服務當前偵聽的埠。

vm: /var/www/html$ sudo netstat -anp | grep apache
tcp6 0 :::80 :::* LISTEN 1998/apache2               <<<< Listens at 80

步驟4.埠號的瀏覽器驗證

驗證是否可通過Web瀏覽器下載檔案。

1.開啟同一台電腦（例如Linux）內的任何瀏覽器。

2.在搜尋欄中輸入此URL:  localhost:80/ztp_http.py

3.自動下載檔案。

設定DHCP服務

步驟1.調配介面配置（新裝置）

新交換機應連線到G1/0/1。

enable
configure terminal
interface g1/0/1
description New_9300_switch
switchport
switchport mode access
switchport access vlan 1

步驟2.配置HTTP伺服器連線的介面

HTTP伺服器(Linux)直接連線到3850交換機（例如介面G1/0/2）。

enable
configure terminal
interface g1/0/2
description Linux_is_connected_here
switchport
switchport mode access
switchport access vlan 1

步驟3.配置DHCP作用域

使用選項67配置DHCP池的示例。

enable
configure terminal
ip dhcp pool ZTP_Pool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
option 67 ascii http://10.0.0.2:80/ztp_http.py
end

驗證

目前沒有適用於此組態的驗證程序。

工作控制檯日誌

No startup-config, starting autoinstall/pnp/ztp...
Autoinstall will terminate if any input is detected on console

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]:   <<<< Do not provide any input during this time.
Autoinstall trying DHCPv6 on Vlan1
Autoinstall trying DHCPv4 on Vlan1
Acquired IPv4 address 10.0.0.10 on Interface Vlan1
Received following DHCPv4 options:
bootfile : http://10.0.0.2:80/ztp_http.py
stop Autoip process
OK to enter CLI now...
pnp-discovery can be monitored without entering enable mode
Entering enable mode will stop pnp-discovery
Attempting bootfile http://10.0.0.2:80/ztp_http.py

Loading http://10.0.0.2:80/ztp_http.py
Loading http://10.0.0.2:80/ztp_http.py day0guestshell activated successfully
Current state is: ACTIVATED
day0guestshell started successfully
Current state is: RUNNING
Guestshell enabled successfully


Running show version                           <<<< show command executed


Cisco IOS XE Software, Version 17.06.04
Cisco IOS Software [Bengaluru], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.6.4, RELEASE SOFTWARE (fc1)

<snipped>

Model Number : C9300L-48T-4X
System Serial Number : FOC2531LGM8
CLEI Code Number :
Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 53 C9300L-48T-4X 17.06.04 CAT9K_IOSXE BUNDLE

Configure a Loopback interface                              <<<< configuration

Line 1 SUCCESS: interface loop 25
Line 2 SUCCESS: ip address 192.168.0.25 255.255.255.255
Line 3 SUCCESS: end




Running show ip int brief                                    <<<< Config Verification


Vlan1 10.0.0.10 YES DHCP up up
Vlan4094 192.168.2.1 YES manual up down
GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet1/0/2 unassigned YES unset up up
GigabitEthernet1/0/3 unassigned YES unset up up
Ap1/0/1 unassigned YES unset up up
Loopback25 192.168.0.25 YES other up up




ZTP is success




Guestshell destroyed successfully
Script execution success!                                   <<<< Success

疑難排解

本節提供的資訊可用於對組態進行疑難排解。

常見問題

網路上存在另一個DHCP伺服器

No startup-config, starting autoinstall/pnp/ztp...
Autoinstall will terminate if any input is detected on console
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
Autoinstall trying DHCPv6 on Vlan1
Autoinstall trying DHCPv4 on Vlan1
Acquired IPv4 address 192.168.45.117 on Interface Vlan1           <<<< Gets Different IP from another DHCP server.
Received following DHCPv4 options:
hostname : Switch

stop Autoip process
OK to enter CLI now...
pnp-discovery can be monitored without entering enable mode
Entering enable mode will stop pnp-discovery
Guestshell destroyed successfully

stop Autoip process
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: no

Python代碼錯誤

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]:
Autoinstall trying DHCPv6 on Vlan1

Autoinstall trying DHCPv4 on Vlan1

Acquired IPv4 address 10.106.37.69 on Interface Vlan1
Received following DHCPv4 options:
bootfile : http://10.106.37.59:80/ztp_http.py

stop Autoip process
OK to enter CLI now...

pnp-discovery can be monitored without entering enable mode

Entering enable mode will stop pnp-discovery

Attempting bootfile http://10.106.37.59:80/ztp_http.py

Loading http://10.106.37.59:80/ztp_http.py
Loading http://10.106.37.59:80/ztp_http.py day0guestshell activated successfully
Current state is: ACTIVATED
day0guestshell started successfully
Current state is: RUNNING
Guestshell enabled successfully
File "/bootflash/guest-share/downloaded_script.py", line 1
print "\n\n Running show version \n\n"
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("\n\n Running show version \n\n")?      <<<< Code Error

Guestshell destroyed successfully
Script execution success!

HTTP服務埠號

HTTP服務正在偵聽不同的埠（例如8080），但選項67的DHCP配置指向80。

enable
configure terminal
ip dhcp excluded-address 10.0.0.2
ip dhcp pool ZTP_Pool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
option 67 ascii http://10.0.0.2:80/ztp_http.py             <<<< Change to 8080

重複的IP地址

檢驗DHCP作用域並排除分配給HTTP伺服器的IP地址。

enable
configure terminal
ip dhcp excluded-address 10.0.0.2                          <<<< Exclude HTTP server address.
ip dhcp pool ZTP_Pool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
option 67 ascii http://10.0.0.2:80/ztp_http.py

驗證HTTP服務、停止和重新啟動

vm: /var/www/html$ sudo service apache2 stop
vm: /var/www/html$ sudo service apache2 start
vm: /var/www/html$ sudo service apache2 status

資料包詳細資訊示例

HTTP交換摘要：

10.0.0.10    10.0.0.2    HTTP  183  GET /http_ztp.py HTTP/1.1           <<<< HTTPGETrequest
10.0.0.2     10.0.0.10   HTTP  245  HTTP/1.1 200 OK (text/x-python)     <<<< Response

HTTP響應詳細資訊：

Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
Content-Type: text/x-python\r\n
Content-Length: 20\r\n 
Date: Tue, 04 Apr 2023 12:24:02 GMT\r\n
Connection: keep-alive\r\n
Keep-Alive: timeout=5\r\n
\r\n
[HTTP response 1/2]
[Time since request: 0.204568243 seconds]
[Request in frame: 21]
[Next request in frame: 25]
[Next response in frame: 26]
[Request URI: http://10.0.0.2:80/http_ztp.py]                 >>>> URL