Cisco Smart Install
This is my first post in a new series called “Config Bytes”.
My objective is simple. Take a technology that I’m working on with a customer and post the data points.
Overview:
A global company asked me if there was an easy way to provision switches for rapid deployment. They are somewhat limited on networking personal and this would save the team some time if they could automate the staging of switches before deployment . The basic requirements were a standardized image depending on the platform and initial config for access switches. I had two viable solutions to match these requirements 1) Prime Infrastructure Plug & Play 2) Smart Install
Smart Install:
Update: 04.23.2018
Due to a recent PSIRT regarding Smart Install Protocol Misuse, it’s recommended to following this security best practices guide when deploying Smart Install.
Since the launch of the 3850/3650 access layer switches, we had slides that mentioned all the value add features of the Catalyst line. One of those bullet points was smart install and I remember this for the 3750x as well. At the end of 2014, we put out an updated configuration guide for smart install. I used this as a basis for design and configuration. http://goo.gl/mtYrha
You can read up on all the details, but let me summarize a few key points.
- Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment (ZTD) for new switches. You can ship a switch to a location, place it in the network and power it on with no configuration required on the device.
- Two roles for the switch infrastructure “clients” & “director”
- Director can be an multilayer switch or router
- Clients connect to director and pull down image and config without any intervention (ZTD)
- If a client switch was already deployed, you must “wr erase” and reload without a startup-config for smart install to work. Out of the box, no intervention required.
- If using an L3 switch for director the smart install “vstack” VLAN must be up or the director can fallback to a client role. Just make sure the VLAN has at lease one access port up/up if using that SVI for the director.
- TFTP and DHCP services are required, however they can co-reside on the director. This is how I configured it in the example inline.
- Make sure your director device has plenty of flash memory to store the images and configs. If you have many different PIDs, your going to need more flash. I found that 2GB on the 3650/4500x was suffice for my customer.
- Be patient while the image is loaded to the client. This process takes time (sometimes up to an hour).
- I found that using the .tar format for the images worked the best. I’m not even sure if the .bin format is supported.
- If you want to verify the supported clients on the director use this command “show stack group built-in ?”
Table A-1 Supported Switches |
||
| Switch | Can be Director? | Can be Client? |
| Catalyst 6500 Supervisor Engine 2T-10GE | Yes | No |
| Catalyst 4500 Supervisor Engine, 6E, 6LE, 7E, 7LE | Yes | No |
| Catalyst 3850 | Yes | Yes |
| Catalyst 3750-X | Yes | Yes |
| Catalyst 3750-E | Yes | Yes |
| Catalyst 3750 | Yes | Yes |
| Catalyst 3650 | Yes | Yes |
| Catalyst 3560-X | Yes | Yes |
| Catalyst 3560-E | Yes | Yes |
| Catalyst 3560-C | No | Yes |
| Catalyst 3560 | Yes | Yes |
| Catalyst 2960-S | No | Yes |
| Catalyst 2960-SF | No | Yes |
| Catalyst 2960-C | No | Yes |
| Catalyst 2960-P | No | Yes |
| Catalyst 2960 | No | Yes |
| Catalyst 2975 | No | Yes |
| IE 2000 | Yes | Yes |
| IE 3000 | Yes | Yes |
| IE 3010 | Yes | Yes |
| SM-ES2 SKUs | No | Yes |
| SM-ES3 SKUs | No | Yes |
| NME-16ES-1G-P | No | Yes |
| SM-X-ES3 SKUs | Yes | Yes |
Table A-2 Supported Routers |
||
| Router | Can be Director? | Can be Client? |
| Cisco 3900 Series Integrated Services Routers G2 | Yes | No |
| Cisco 2900 Series Integrated Services Routers G2 | Yes | No |
| Cisco 1900 Series Integrated Services Routers G2 | Yes | No |
| Cisco 3800 Series Integrated Services Routers | Yes | No |
| Cisco 2800 Series Integrated Services Routers | Yes | No |
| Cisco 1800 Series Integrated Services Routers | Yes | No |
Table A-3 Minimum Software Releases for Directors and Clients |
|
| Directors | Minimum Software Release |
| Catalyst 6500 Supervisor Engine 2T-10GE | Cisco IOS Release 15.1(1)SY |
| Catalyst 4500 Supervisor Engine 7E and 7LE | Cisco IOS Release XE 3.4SG |
| Catalyst 4500 Supervisor Engine 6K and 6LE | Cisco IOS Release 15.1(2)SG |
| Catalyst 3850 | Cisco IOS Release 3.2(0)SE |
| Catalyst 3650 | Cisco IOS Release 3.3(0)SE |
| Cisco 3900, 2900, and 1900 Series Integrated Services Routers G2 | Cisco IOS Release 15.1(3)T |
| Cisco 3800, 2800, and 1800 Series Integrated Services Routers | Cisco IOS Release 15.1(3)T |
| Catalyst 3750-E, 3750, 3560-E, and 3560 Switches | Cisco IOS Release 12.2(55)SE |
| Catalyst 3750-X and 3560-X Switches | Cisco IOS Release 12.2(55)SE |
| SM-X-ES3 SKUs | Cisco IOS Release 15.0(2)EJ |
Table A-4 Minimum Software Releases for Clients |
|
| Smart-Install Capable Clients1 | Minimum Software Release |
| Catalyst 3750-E, 3750, 3560-E, and 3560 Switches | Cisco IOS Release 12.2(52)SE |
| Catalyst 3750-X and 3560-X Switches | Cisco IOS Release 12.2(53)SE2 |
| Catalyst 3560-C Compact Switches | Cisco IOS Release 12.2(55)EX |
| Catalyst 2960 and 2975 Switches | Cisco IOS Release 12.2(52)SE |
| Catalyst 2960-S Switches | Cisco IOS Release 12.2(53)SE1 |
| Catalyst 2960-C Compact Switches | Cisco IOS Release 12.2(55)EX1 |
| Catalyst 2960-SF | Cisco IOS Release 15.0(2)SE |
| Catalyst 2960- P | Cisco IOS Release 15.2(2)SE |
| IE 2000 | Cisco IOS Release 15.2(2)SE |
| IE 3000 | Cisco IOS Release 15.2(2)SE |
| IE 3010 | Cisco IOS Release 15.2(2)SE |
| SM-ES3 SKUs, NME-16ES-1G-P | Cisco IOS Release 12.2(52)SE |
| SM-ES2 SKUs | Cisco IOS Release 12.2(53)SE1 |
| SM-X-ES3 SKUs | Cisco IOS Release 15.0(2)EJ |
Configuration Example:
n3tArk_3850#sh run | s vstack
description SmartInstall_vstack_lan
description smart_install_vstack_mgmt
vstack group custom 2960c product-id
image flash:c2960c405-universalk9-tar.152-3.E.tar
config flash:smartinstall_config_2960c.txt
match WS-C2960C-12PC-L
vstack dhcp-localserver smart_install
address-pool 192.168.200.0 255.255.255.0
file-server 192.168.200.1
default-router 192.168.200.1
vstack director 192.168.200.1
vstack basic
n3tArk_3850#sh run int vlan 1
interface Vlan1
description smart_install_vstack_mgmt
ip address 192.168.200.1 255.255.255.0
n3tArk_3850#sh run | s tftp
ip tftp source-interface Vlan777
tftp-server client_cfg.txt
tftp-server flash:smartinstall_config_2960c.txt
tftp-server flash:c2960c405-universalk9-tar.152-3.E.tar
tftp-server flash:2960c-imagelist.txt
n3tArk_3850#sh vstack status
SmartInstall: ENABLED
n3tArk_3850#sh vstack download-status
SmartInstall: ENABLED
That’s pretty much it! Here is a link to a YouTube video I created to show how easy this is to get up and running. https://www.youtube.com/watch?v=sOGMhTOt7Vs
Hope this was helpful. Please let feedback/comments in the section if I missed any key points or you want me to elaborate more on something specific.
shaun