Zero-Touch Provisioning Overview

Traditionally, the deployment of controllers was a multiple step process where the master controller information and local configurations were first pre-provisioned. After the managed device connected to the network, it established a secure tunnel to the master and downloaded the global configuration. ZTP Zero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention. automates deployment of managed devices plug-n-play. The managed device now learns the required information from the network and provisions itself automatically. ArubaOS allows a managed device to automatically get its local and global configuration and license limits from Mobility Master.

This section includes the following topics:

 

For more information about the procedures to prepare your network for ZTP Zero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention., see Using ZTP to Provision a Managed Device.

Why use ZTP?

ZTP Zero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention. offers the following advantages over a standard managed device configuration:

Simple deployment

Reduced operational cost

Limits to provisioning errors

A managed device configured using ZTP Zero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention. automatically discovers the Mobility Master, downloads its local configuration from that Mobility Master, and is provisioned with its device role, and country code.

 

The local configuration is the configuration that is specific to a managed device. That is, not the global configuration shared by a network of managed devices. This includes, but is not limited to, IP addresses and VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN..

Once the managed device is provisioned, it is ready to obtain its global configuration in either of two ways:

The administrator enters the global configuration via the WebUI or CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. of the Mobility Master.

The managed device retrieves its global configuration from the Mobility Master.

Device-specific configurations that are common across multiple devices can be modified from a central location using the bulk edit feature. Users can apply common device configurations to a group of devices without having to update each device individually. Bulk edit supports, but is not limited to, the following configurations:

Time zone

Daylight savings time setting

VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.

Managed device IP addresses

DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  pools

Managed Device Provisioning Modes

The administrator has the choice of provisioning modes that select how the managed device is supplied with its own IP address, role, country code, and configuration settings.

Once the managed device learns the IP address of the primary Mobility Master, the managed device contacts that Mobility Master and retrieves its configuration from its assigned configuration node.

 

Before you deploy a managed device, use you must create a configuration for that device at a configuration node on Mobility Master. Mobility Master pushes this configuration to the managed device when the device becomes active on the network.

ArubaOS supports the following provisioning modes for managed devices:

auto: In this mode, the managed device:

obtains its IP address from DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. 

obtains its role, country code, and the IP addresses of the Mobility Master and any defined secondary Mobility Master from a provisioning rule in Activate

retrieves its configuration from a configuration node on Mobility Master

mini-setup: In this mode, the managed device:

has its role set to local (local) when mini-setup is initiated

obtains its IP address from DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. 

is configured through the console with its country code and the IP address of the primary Mobility Master and (optionally) the secondary Mobility Master IP

retrieves its local configuration group from the primary Mobility Master

full-setup: In this mode, the managed device:

is configured with its role set to local (local) through the console

is configured to obtain its IP address through manual configuration of a static IP, DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. , or PPPoE Point-to-Point Protocol over Ethernet. PPPoE is a method of connecting to the Internet, typically used with DSL services, where the client connects to the DSL modem.

is configured through the console with its country code and the IP address of the primary Mobility Master and (optionally) the secondary Mobility Master IP

retrieves its configuration from a configuration node on the primary Mobility Master

Managed Device Address Pools

Each managed device needs a pool of addresses it can dynamically assign to APs or users on each of its VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., and a separate IP address that managed device uses to create a GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel to Mobility Master. Mobility Master can assign IP these addresses to managed devices using dynamic address pools. These pools allow network administrators to create a generic configuration that provisions managed device interfaces with individual settings that are unique across branch offices. If managed devices are also serving as DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  servers for other devices at that location, smaller DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  pools for those individual branches can be dynamically carved out from a larger DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  pool.

ArubaOS 8.0.0.0 supports three different types of address pools that can be applied to a hierarchy node

NAT Pools: A NAT Network Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. pool is used to assign IP addresses to a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface on a managed device . The range of addresses in this pool is available for use for any DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. -enabled managed device when it is added to that specific node in the configuration hierarchy. When you add a managed device, a group of IP addresses is removed from the NAT Network Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. pool on that hierarchy node and is and leased to the device. The IP addresses in a NAT Network Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. pool are dynamic (leased) rather than static (permanently assigned), so addresses no longer in use are automatically returned to the pool for reallocation.

Tunnel pools: A tunnel pool defines a range of IP addresses that can be used by the managed devices to create a GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel to the Mobility Master. When you add a managed device controller, an  IP address is removed from the tunnel pool on that hierarchy node and is and leased to that device. Addresses no longer in use are automatically returned to the pool for reallocation.

VLAN pools: A VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. pool allocates a block of IP addresses for each managed device. The managed device acts as a DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. proxy server and dynamically assigns IP addresses from its allocated pool to each AP or client on the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.. A VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. pool allocates multiple addresses to each managed device VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., unlike the tunnel pool, which assigns a single tunnel IP address to each managed device.

Zero-Touch Provisioning Workflows

The managed device obtains its IP address through DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  by sending a DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  discover on the default uplink port. The default uplink port is configured as an access port in VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. 4094.

Next it will attempt to retrieve the provisioning parameters from Activate. If the managed device is unsuccessful in retrieving the provisioning parameters from Activate, it will retry in 30 seconds. The managed device keeps trying to retrieve the provisioning parameters from Activate every 30 seconds until it is successful or the administrator interrupts Auto-Provisioning by initiating mini-setup or full-setup.

To interrupt the auto provisioning process, enter the string mini-setup or full-setup at the initial setup dialog prompt shown below.

Auto-provisioning is in progress. Choose one of the following options to override or debug...

'enable-debug' : Enable auto-provisioning debug logs

'disable-debug': Disable auto-provisioning debug logs

'mini-setup' : Stop auto-provisioning and start mini setup dialog for smart-local role

'full-setup' : Stop auto-provisioning and start full setup dialog for any role

Enter Option (partial string is acceptable):_

ZTP Support Matrix

The following table provides information about the ZTP Zero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention. support for the platforms.

Table 1: ZTP Support for Platforms

ArubaOS Version

7005

7008

7010

7030

7024

7205

7210

7220

7240

7280

9004

9012

ArubaOS 8.2.2.6

0/0/3

0/0/7

0/0/15

0/0/7

0/0/23

0/0/0

0/0/1

0/0/5

0/0/5

N/A

N/A

N/A

ArubaOS 8.3.0.9

0/0/3

0/0/7

0/0/15

0/0/7

0/0/23

0/0/3

0/0/1

0/0/1

0/0/1

N/A

N/A

N/A

ArubaOS 8.4.0.4

All ports except 0/0/1

All ports except 0/0/1

All ports except 0/0/1

All ports except 0/0/1

All ports except 0/0/1

0/0/3

All ports except 0/0/1

All ports except 0/0/1

All ports except 0/0/1

N/A

N/A

N/A

ArubaOS 8.5.0.2

0/0/3

0/0/7

All ports except 0/0/1

All ports except 0/0/1

All ports except 0/0/1

0/0/3

All ports except 0/0/1

All ports except 0/0/1

All ports except 0/0/1

N/A

0/0/0

N/A

ArubaOS 8.6.0.0

All ports except 0/0/1

All ports except 0/0/1

All ports except 0/0/1

All ports except 0/0/1

All ports except 0/0/1

0/0/3

All ports except 0/0/1

All ports except 0/0/1

All ports except 0/0/1

N/A

0/0/0

0/0/0