在Catalyst 9000系列交換機上配置ZTP並排除故障
目錄
簡介
本檔案介紹Cisco Catalyst 9000系列交換器上的零接觸布建(ZTP)的設定和布建。
必要條件
需求
思科建議您瞭解以下主題:
- 交換機上的動態主機配置協定(DHCP)伺服器配置
- Python代碼基礎知識
- HTTP/TFTP服務基礎知識
許可證要求
- Network Advantage或Network Essentials許可證必須處於活動狀態。
支援的平台
- 執行16.5.1a版的Catalyst 9300系列交換器
- 執行16.5.1a版的Catalyst 9500系列交換器
- 執行16.6.2版的Catalyst 9400系列交換器
注意:C9600不支援此功能。
採用元件
本文中的資訊係根據以下軟體和硬體版本:
- Cisco IOS® XE 17.6.4上的Cisco Catalyst 9300交換機
- Cisco Catalyst 3850交換機充當帶有選項67配置的DHCP伺服器
- 安裝有HTTP服務的終端主機包含Python檔案。
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
背景資訊
Zero Touch Provisioning (ZTP)用於在幾分鐘內準確調配網路裝置,無需任何手動干預。
網路圖表
Zero Touch調配基本設定和步驟
ZTP作業(詳細步驟)
ZTP將Catalyst 9000系列交換機的配置引入現有網路時,無需啟動配置,即可自動進行配置。這不需要任何手動干預。詳細步驟說明如下:
步驟 1.連線新交換機
將新交換機連線到現有基礎設施並打開裝置。交換機啟動時沒有啟動配置。
步驟 2.ZTP啟動
交換機自動啟動ZTP進程。
步驟 3.DHCP請求
交換機發出DHCP發現消息。
步驟 4.DHCP回應
DHCP伺服器以包含選項67的選項作出響應,該選項具有HTTP伺服器IP和URL。
步驟 5.HTTP URL
交換機接收該優惠並獲得用於其自身通訊的IP地址。它還會接收HTTP伺服器的IP地址和下載ZTP.py檔案的完整URL。
步驟 6.下載
交換機訪問HTTP伺服器並下載該ZTP.py檔案。
步驟 7.Guestshell
交換機自動啟用guestshell。
步驟 8.配置部署
交換機執行Python檔案,並且自動應用配置。
步驟 9.成功
交換機銷毀guestshell並顯示script execution is a success消息。
組態
設定HTTP服務
步驟 1.在終端主機中安裝HTTP服務(例如Linux)
sudo apt update sudo apt install apache2
步驟 2.建立Python檔案ztp_http.py
如果出現任何許可權問題,請使用chmod 777授予檔案完全許可權。
Python檔案包含由這些任務組成的代碼:
1. 顯示命令。
2. 環回配置。
3. 驗證配置。
Python代碼
#Importing cli module
import cli
print "\n\n Running show version \n\n"
cli.executep('show version')
print "\n\n Configure a Loopback Interface \n\n"
cli.configurep(["interface loop 25", "ip address 192.168.0.25 255.255.255.255", "end"])
print "\n\n Running show ip interface brief \n\n"
cli.executep('show ip int brief | i up')
print "\n\n ZTP is success \n\n"
Python檔案的位置。
此檔案必須儲存在Linux電腦的/var/www/html下。
vm: /var/www/html$ ls -l ztp_http.py
-rwxrwxrwx 1 root root 346 Apr 04 14:14 ztp_http.py
步驟 3.驗證HTTP服務和偵聽埠
使用service命令驗證HTTP服務是否立即啟動並運行。
vm: /var/www/html$ sudo service apache2 status
Active: active (running)
確認HTTP服務目前監聽的連線埠。
vm: /var/www/html$ sudo netstat -anp | grep apache
tcp6 0 :::80 :::* LISTEN 1998/apache2 <<<< Listens at 80
步驟 4.連線埠號碼的瀏覽器驗證
驗證是否可透過Web瀏覽器下載檔案。
1. 開啟相同機器內的任何瀏覽器(例如Linux)。
2. 在搜尋列中輸入此URL: localhost:80/ztp_http.py
3. 自動下載檔案。
設定DHCP服務
步驟 1.調配介面配置(新裝置)
新交換機應連線到G1/0/1。
enable
configure terminal
interface g1/0/1
description New_9300_switch
switchport
switchport mode access
switchport access vlan 1
步驟 2.HTTP伺服器連線介面的配置
HTTP伺服器(Linux)直接連線到3850交換機(例如,介面G1/0/2)。
enable
configure terminal
interface g1/0/2
description Linux_is_connected_here
switchport
switchport mode access
switchport access vlan 1
步驟 3.DHCP作用域配置
使用選項67配置DHCP池的示例。
enable
configure terminal
ip dhcp pool ZTP_Pool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
option 67 ascii http://10.0.0.2:80/ztp_http.py
end
驗證
目前沒有適用於此組態的驗證程序。
使用中的主控台日誌
No startup-config, starting autoinstall/pnp/ztp...
Autoinstall will terminate if any input is detected on console
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: <<<< Do not provide any input during this time.
Autoinstall trying DHCPv6 on Vlan1
Autoinstall trying DHCPv4 on Vlan1
Acquired IPv4 address 10.0.0.10 on Interface Vlan1
Received following DHCPv4 options:
bootfile : http://10.0.0.2:80/ztp_http.py
stop Autoip process
OK to enter CLI now...
pnp-discovery can be monitored without entering enable mode
Entering enable mode will stop pnp-discovery
Attempting bootfile http://10.0.0.2:80/ztp_http.py
Loading http://10.0.0.2:80/ztp_http.py
Loading http://10.0.0.2:80/ztp_http.py day0guestshell activated successfully
Current state is: ACTIVATED
day0guestshell started successfully
Current state is: RUNNING
Guestshell enabled successfully
Running show version <<<< show command executed
Cisco IOS XE Software, Version 17.06.04
Cisco IOS Software [Bengaluru], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.6.4, RELEASE SOFTWARE (fc1)
<snipped>
Model Number : C9300L-48T-4X
System Serial Number : FOC2531LGM8
CLEI Code Number :
Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 53 C9300L-48T-4X 17.06.04 CAT9K_IOSXE BUNDLE
Configure a Loopback interface <<<< configuration
Line 1 SUCCESS: interface loop 25
Line 2 SUCCESS: ip address 192.168.0.25 255.255.255.255
Line 3 SUCCESS: end
Running show ip int brief <<<< Config Verification
Vlan1 10.0.0.10 YES DHCP up up
Vlan4094 192.168.2.1 YES manual up down
GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet1/0/2 unassigned YES unset up up
GigabitEthernet1/0/3 unassigned YES unset up up
Ap1/0/1 unassigned YES unset up up
Loopback25 192.168.0.25 YES other up up
ZTP is success
Guestshell destroyed successfully
Script execution success! <<<< Success
疑難排解
本節提供的資訊可用於對組態進行疑難排解。
常見問題
1. 網路中存在其他DHCP伺服器
No startup-config, starting autoinstall/pnp/ztp...
Autoinstall will terminate if any input is detected on console
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
Autoinstall trying DHCPv6 on Vlan1
Autoinstall trying DHCPv4 on Vlan1
Acquired IPv4 address 192.168.45.117 on Interface Vlan1 <<<< Gets Different IP from another DHCP server.
Received following DHCPv4 options:
hostname : Switch
stop Autoip process
OK to enter CLI now...
pnp-discovery can be monitored without entering enable mode
Entering enable mode will stop pnp-discovery
Guestshell destroyed successfully
stop Autoip process
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: no
2. Python代碼錯誤
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
Autoinstall trying DHCPv6 on Vlan1
Autoinstall trying DHCPv4 on Vlan1
Acquired IPv4 address 10.106.37.69 on Interface Vlan1
Received following DHCPv4 options:
bootfile : http://10.106.37.59:80/ztp_http.py
stop Autoip process
OK to enter CLI now...
pnp-discovery can be monitored without entering enable mode
Entering enable mode will stop pnp-discovery
Attempting bootfile http://10.106.37.59:80/ztp_http.py
Loading http://10.106.37.59:80/ztp_http.py
Loading http://10.106.37.59:80/ztp_http.py day0guestshell activated successfully
Current state is: ACTIVATED
day0guestshell started successfully
Current state is: RUNNING
Guestshell enabled successfully
File "/bootflash/guest-share/downloaded_script.py", line 1
print "\n\n Running show version \n\n"
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("\n\n Running show version \n\n")? <<<< Code Error
Guestshell destroyed successfully
Script execution success!
3. HTTP服務連線埠號碼
HTTP服務正在監聽不同的埠(例如8080),但選項67的DHCP配置指向80。
enable
configure terminal
ip dhcp excluded-address 10.0.0.2
ip dhcp pool ZTP_Pool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
option 67 ascii http://10.0.0.2:80/ztp_http.py <<<< Change to 8080
4. 重複的IP地址
驗證DHCP作用域並排除分配給HTTP伺服器的IP地址。
enable
configure terminal
ip dhcp excluded-address 10.0.0.2 <<<< Exclude HTTP server address.
ip dhcp pool ZTP_Pool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
option 67 ascii http://10.0.0.2:80/ztp_http.py
5. 驗證HTTP服務,停止並重新啟動
vm: /var/www/html$ sudo service apache2 stop
vm: /var/www/html$ sudo service apache2 start
vm: /var/www/html$ sudo service apache2 status
資料包詳細示例
HTTP交換摘要:
10.0.0.10 10.0.0.2 HTTP 183 GET /http_ztp.py HTTP/1.1 <<<< HTTPGETrequest
10.0.0.2 10.0.0.10 HTTP 245 HTTP/1.1 200 OK (text/x-python) <<<< Response
HTTP響應詳細資訊:
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
Content-Type: text/x-python\r\n
Content-Length: 20\r\n
Date: Tue, 04 Apr 2023 12:24:02 GMT\r\n
Connection: keep-alive\r\n
Keep-Alive: timeout=5\r\n
\r\n
[HTTP response 1/2]
[Time since request: 0.204568243 seconds]
[Request in frame: 21]
[Next request in frame: 25]
[Next response in frame: 26]
[Request URI: http://10.0.0.2:80/http_ztp.py] >>>> URL
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
2.0 |
26-Sep-2024 |
已更新標題、簡介、替代文字、樣式需求、機器翻譯與格式設定。 |
1.0 |
25-Jul-2023 |
初始版本 |
意見