Menu

Automation of switch configuration

Configuring access switches in an enterprise may involve deploying a bunch of identical settings to a load of devices, this kind of work is time consuming and not to say BORING AS HELL!
In case you are working with Cisco or Juniper as the vendor of the devices there is a way of deploying the configuration automatically by using a DHCP+TFTP server.
The process is very simple, at their default configuration a switch will try to receive an IP via DHCP at this moment we can use DHCP in order to point it to the tftp server with a predefined configuration file, after getting this file the device will load it automatically

I'll start with Cisco being the simplest, in case you have a Cisco router and a Cisco switch you can use the router as both the DHCP and the TFTP server, to do so:

P2P interface facing the switch, all we need here is an IP
Interface GigabitEthernet x/y
Ip address x.x.x.1 255.255.255.0
DCHP scope
ip dhcp pool <SCOPE NAME>
   network x.x.x.0 255.255.255.0
   bootfile network-confg
   option 150 ip x.x.x.1 
Enable TFTP server function of the router (don’t forget to put the file in the local flash of the Router)
tftp-server flash: network-confg
In case there is no Router, the Router doesn't support the TFTP-Server function or you just have a dedicated servers you want to use
All you need is to use all you need is to is to configure the pool with option 150 pointing to the TFTP server and put a config file on the TFTP root folder.
Note that Cisco will first load a file with one of the following names:  network-confg\  router-confg\ ciscortr.cfg \ cisconet.cfg
I suggest including "no service config" in the base configuration file, otherwise as the configuration is loaded the device will try to load a new file with its' new host-name every time it renews the DHCP lease.

 Now let's move to another vendor – Juniper, in this case it's a bit more complicated as we need a couple more DHCP options.
In Juniper's case the process is very similar, with the difference that the switch includes a software upgrade as part of the process so we need more free space on the tftp server, for this example I used Red Hat Linux for both the DHCP and the TFTP, here is the configuration the DHCP side, first of all DHCPD has to be ISC 4 and above.

Edit /etc/dhcp/dhcpd.conf

Under "# Define Custom Options"

Configure new option group, in my case named Juniper
option space JUNIPER; #option;
configure all the suboptions to be "text" type
option JUNIPER.config-file-name code 1 = text; 
option JUNIPER.image-file-type code 2 = text; 
option JUNIPER.transfer-mode code 3 = text; 
option JUNIPER.image-file-name code 00= text; 
option JUNIPER.alt-image-file-name code 4= text;
add options 43 and 150 to the group
option JUNIPER -encapsulation code 43 = encapsulate JUNIPER; 
option option-150 code 150 = ip-address;
*Note the type of option 150 is IP.

After we configured the group we can use it in the scope itself, in the same file add the scope configuration 
subnet x.x.x.0 netmask 255.255.255.0  
option routers                  <Default Gateway IP>; 
option host-name                "default";
host-name option will change the hostname of the switch, note that the switch will only load the configuration file with the name of its hostname.
option subnet-mask              255.255.255.0;
option domain-search    "networklabs.info";
option domain-name-servers      <DNS SERVER IP>; 
option ntp-servers              <NTP SERVER IP>; 
option option-150               <TFTP SERVER IP>; 
option tftp-server-name         "<TFTP SERVER IP/HOSTNAME>";
option JUNIPER.image-file-name "/<NEW JUNOS VERSION FOR THE SWITCH TO LOAD>"; 
option JUNIPER.config-file-name "/<CONFIG FILE, MUST BE HOST-NAME.config>";
Image type is the Vendor requirement.
option JUNIPER.image-file-type "symlink";
The transfer more can be http/ftp/tftp/sftp but must be defined.
option JUNIPER.transfer-mode "tftp"; 
option JUNIPER.alt-image-file-name "/<NEW JUNOS VERSION FOR THE SWITCH TO LOAD ON THE ALTERNATE SLICE, RECOMMENDED TO BE IDENTICAL>"
Define the range of IP's for the DHCP server.
range x.x.x.100  x.x.x.150; 
}

In FTP transfer mode request will be made via anonymous user.

Big thanks to Omer Shtivi for the resources and help with implementation.

Hope this post was helpful, If it was please consider a donation
BTC Address: 1CnyMpjd1RntRDxSus2hu2aDMyzL4Kj29N

0 Comments:

Post a Comment