Example for Configuring Automatic Deployment Through DHCP

Networking Requirements

On the network shown in Figure 1, two devices (RouterA and RouterB) with base configuration are newly added and connected to RouterC. RouterC functions as the egress gateway of RouterA and RouterB. Routes are available for RouterC, the DHCP server, and the file server to communicate with each other.

The customer requires that RouterA and RouterB automatically load system software and configuration files after they are powered on to reduce labor costs and device deployment time.
Figure 1 Configuring automatic deployment through DHCP

Interfaces 1 and 2 in this example represent GE 0/1/1 and GE 0/1/2, respectively.


Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure an FTP server as the file server to save the intermediate file, system software, and configuration files.

    File transfer through FTP is prone to security risks, and therefore the SFTP file transfer mode is recommended.

  2. Edit the Python, INI, or CFG intermediate file to enable the routers to obtain their system software packages and configuration files according to the intermediate file.

  3. Configure the DHCP server and relay agent to enable RouterA and RouterB to obtain DHCP information.

  4. Power on RouterA and RouterB to start the ZTP process.

Procedure

  1. Configure the file server. (The following example uses a PC as the file server. If another type of device is used as the file server, configure the server according to the corresponding operation guide.)

    1. Configure the file server (PC) as an FTP server. Run an FTP server program (for example, WFTPD32) on the PC. See Figure 2. Choose Security > Users/rights. In the displayed dialog box, click New User. Set the user name to ftpuser and password to Pwd123. Enter the FTP working directory in the Home Directory text box. In this example, the working directory is D:\ztp. Click Done to close the dialog box.

      Figure 2 Configuring the file server

    2. Configure an IP address and gateway address for the file server. Ensure that the file server and gateway of RouterA and RouterB have reachable routes to each other.

    After configuring the file server, save the system software and configuration files to be loaded to the working directory D:\ztp.

  2. Edit the intermediate file.

    Edit the intermediate file according to Editing an Intermediate File. A CFG intermediate file is used as an example. The file is named ztp_script.cfg. See Intermediate File in the CFG Format for the file content.

    After editing the intermediate file, save the file to the working directory D:\ztp on the file server.

  3. Configure the DHCP server.

    # Configure the IP address pool from which the DHCP server assigns IP addresses to clients. Configure Option fields according to the instructions in Table 1. For configuration details, see the corresponding product documentation and DHCP server configuration section in this document.

    Table 1 Option fields to be configured on the DHCP server

    Option

    Description

    Value

    1

    Subnet mask of an IP address

    255.255.225.0

    3

    Egress gateway of a DHCP client

    10.1.1.1

    67

    File server address and intermediate file name

    ftp://ftpuser:Pwd123@10.1.3.2/ztp_script.cfg

    # Configure an IP address and gateway address for the DHCP server. Ensure that the DHCP server and gateway of RouterA and RouterB have reachable routes to each other.

  4. Configure the DHCP relay agent.

    # On RouterC, configure the DHCP relay function and set the IP address of the interface connected to RouterA and RouterB to 10.1.1.1. Configure 10.1.1.1 as the default gateway address of RouterA and RouterB.

    <HUAWEI> system-view
[~HUAWEI] sysname RouterC
[*HUAWEI] commit
[~RouterC] interface GigabitEthernet 0/1/1
[~RouterC-GigabitEthernet0/1/1] ip address 10.2.2.1 255.255.255.0
[*RouterC-GigabitEthernet0/1/1] undo shutdown
[*RouterC-GigabitEthernet0/1/1] commit
[~RouterC-GigabitEthernet0/1/1] quit
[~RouterC] interface GigabitEthernet 0/1/2
[~RouterC-GigabitEthernet0/1/2] ip address 10.1.1.1 255.255.255.0
[*RouterC-GigabitEthernet0/1/2] dhcp select relay
[*RouterC-GigabitEthernet0/1/2] ip relay address 10.1.2.2
[*RouterC-GigabitEthernet0/1/2] undo shutdown
[*RouterC-GigabitEthernet0/1/2] commit
[~RouterC-GigabitEthernet0/1/2] quit

  5. Power on RouterA and RouterB to start the ZTP process.
  6. Verify the configuration.

    # Log in to the device and run the display startup command to check whether the system software and configuration file are as expected. The example uses the command output on RouterA.
    <RouterA> display startup
MainBoard:
  Configured startup system software:        cfcard:/V800R021C00SPC100B140_0424_new.cc
  Startup system software:                   cfcard:/V800R021C00SPC100B140_0424_new.cc
  Next startup system software:              cfcard:/V800R021C00SPC100B140_0424_new.cc
  Startup saved-configuration file:          cfcard:/vrpcfg.cfg
  Next startup saved-configuration file:     cfcard:/vrpcfg.cfg
  Startup paf file:                          default
  Next startup paf file:                     default
  Startup patch package:                     cfcard:/NetEngine 8000 FV800R021C00SPC100.PAT
  Next startup patch package:                cfcard:/NetEngine 8000 FV800R021C00SPC100.PAT

Configuration Files

ztp_script.cfg file

The SHA256 checksum in the following file is only an example.

ZTP supports CFG intermediate files that store device and version file information.


A CFG intermediate file must be suffixed with .cfg. The file content format is as follows:


 
The SHA256 checksum in the following file is only an example.




#sha256sum="fffcd63f5e31f0891a0349686969969c1ee429dedeaf7726ed304f2d08ce1bc7"fileserver=ftp://username:password@hostname/path;mac=00e0-fc12-3456;esn=2102351931P0C3000154;devicetype=DEFAULT;system-version=V800R021C00SPC100;system-software=V800R021C00SPC100.cc;system-config=test.cfg;system-pat=V800R021C00SPC100SPH001.PAT;



Table 2 Fields in a CFG file
Field



Mandatory



Description






#sha256sum



Yes



SHA256 checksum of the file.


 NOTE: 
The SHA256 checksum is calculated based on the content following #sha256sum=. In practice, you need to delete the first line in the file, move the following part one line above, calculate the SHA256 checksum, and write #sha256sum= plus the generated SHA256 checksum at the beginning of the file.


The SHA256 algorithm can be used to verify the integrity of files. This algorithm has high security.


You can use either of the following methods to generate an SHA256 checksum for a script file:


  1. Use the SHA256 calculation tool, such as HashMyFiles.
  2. Run the certutil -hashfile filename SHA256 command provided by the Windows operating system.







fileserver



Yes



Address of the server from which version files are obtained. Files can be obtained in TFTP, FTP, or SFTP mode. The format is as follows:
  • tftp://hostname/path
    

  • ftp://[username[:password]@]hostname/path
    

  • sftp://[username[:password]@]hostname[:port]/path
    





username, password, and port are optional. The path parameter specifies the directory where version files are saved on the file server. hostname identifies a server. The value can be an IPv4 address, domain name, or an IPv6 address. The value of port ranges from 0 to 65535. If the specified value is out of the range, the default value 22 is used. A port number can be configured only when hostname of an SFTP server is set to an IPv4 address.





esn



No



ESN of a device. If this field is set to DEFAULT, the ESN of the device is not checked. If this field is set to another value, the device needs to check whether the value is the same as its ESN.


The default value is DEFAULT. If this field does not exist or is empty, the default value is used.


 NOTE: 
  • You can obtain the ESN of the device from the nameplate on the device package.
  • The ESN is case-insensitive.
  • You are advised to use the ESN of a device to specify the configuration information of the device, but not to use DEFAULT to perform batch configuration.







mac



No



MAC address of a device, in the XXXX-XXXX-XXXX format, in which X is a hexadecimal number. If this field is set to DEFAULT, the device MAC address is not checked. If this field is set to another value, the device needs to check whether the value is the same as its MAC address.


The device ESN check takes place ahead of the MAC address check.


The default value is DEFAULT. If this field does not exist or is empty, the default value is used.


 NOTE: 
  • You can obtain the MAC address of the device from the nameplate on the device package.
  • The MAC address is case-insensitive.
  • You need to fill in the intermediate file in strict accordance with the MAC address format displayed on the device. For example, if the MAC address displayed on the device is 00e0-fc12-3456, the MAC address 00e0fc123456 is incorrect because "-" is also verified.
  • You are advised to use the MAC address of a device to specify the configuration of the device, but not to use DEFAULT to perform batch configuration.







devicetype



No



Device type. If this field is set to DEFAULT, the device type is not checked. If this field is set to another value, the device needs to check whether the value is the same as its device type.


The default value is DEFAULT. If this field does not exist or is empty, the default value is used.


 NOTE: 
  • For details about the device type, see "Chassis" in Hardware Description.
  • If the value of this field is different from the actual device type, the ZTP process is performed again.







system-version



No



System version number, which is specific to the C version, for example V800R021C00SPC100.





system-software



No



System software file name, suffixed with .cc.





system-config



Yes



Configuration file name, suffixed with .cfg, .zip, or .dat.


 NOTE: 
Do not use the default configuration file name vrpcfg.zip as the configuration file name.







system-pat



No



Patch file name, suffixed with .pat.










 
  • The device matches configuration lines in the .cfg file in sequence.
  • If the devicetype field does not match the criteria, the device considers the configuration in this line invalid and moves on to the next line.
  • If the devicetype field does not need to be checked (the field value is set to DEFAULT) or the devicetype field matches the criteria, the device moves on to check the esn or mac field. If either the esn or mac field matches the criteria, the device considers the configuration in this line valid. Otherwise, the device considers the configuration in this line invalid. If the values of both the esn and mac fields are both DEFAULT, the configuration in this line is also valid.
  • If the intermediate file contains the version number, the system software name must be included and the version number of the system software must be the same as the version number in the intermediate file.

vrpcfg.cfg file

The interface IP address and static route configurations in the file are used as an example. You can modify them as required.

#
sysname HUAWEI
#
ip vpn-instance __LOCAL_OAM_VPN__
 ipv4-family
#
interface Ethernet0/0/0
 undo shutdown
 ip binding vpn-instance __LOCAL_OAM_VPN__
 ip address 192.168.130.10 255.255.255.0
#
ip route-static vpn-instance __LOCAL_OAM_VPN__ 0.0.0.0 0.0.0.0 192.168.130.20
#

RouterC configuration file

#
sysname RouterC
#
interface GigabitEthernet0/1/1
 undo shutdown
 ip address 10.2.2.1 255.255.255.0
#
interface GigabitEthernet0/1/2
 undo shutdown
 ip address 10.1.1.1 255.255.255.0
 dhcp select relay
 ip relay address 10.1.2.2
#
return
Parent Topic: Configuration Examples for ZTP
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.