Cisco Smart Install – Install, Sync and Backup Workgroup Switches

Working in an environment where you have few staff resources, especially at remote sites, deploying workgroup switches can be a bit of a pain.  Or maybe you just want to make sure all new switches have the latest IOS image you are using and a basic standard configuration.  The Cisco Smart Install process can be useful so you can send out an unopened new switch, have your remote arms-and-legs rack it up and magically, the switch comes on line with a current image and a standard configuration.  Another useful thing is that Smart Install has a neat backup facility which is on by default.

The true zero-touch install requires that the “client” switch be at least version 12.2(52)SE, although there are methods whereby switches with older software can be bootstrapped.  For more information on that, see the Cisco documentation.

Below is a diagram of the setup I am going to use.  Where I worked, this was the typical building network block; a C3750-class distribution switch and C2960 workgroup switches.  Cisco calls the switch that provides the information (image names, configurations, etc) the “director”.  The director can host the TFTP server locally, although if you have a mixed client-switch environment, this can become cumbersome; I prefer a centrally-located TFTP server.  However, I have used the director switch as the DHCP server for the management VLAN, as it seems a logical place to do it, although you could futz around with your central DHCP server to do the job, too.

I am going to prep this as if I was going to be using a couple of different model workgroup switches.  The configuration is slightly more involved, but it lets you prepare for the future without having to back out a single model config.

So first, prepare your TFTP server.

You will need two files:

• The .tar image file
• A configuration file you want to upload to the new client switch

By naming your files appropriately, keeping switch models separate, you can create custom base configs for different types – 8-port, 24-port, PoE, and so on.  In this case, I am using a C2960PD-8TT-L, so I am calling the configuration file “2960_8_baseconfig.txt” for the 8-port switch.  No need for configuring 24 ports, plus it only has one Gigabit port.  You can make a standardized template configuration for each switch type, model or even stack member; put in passwords, TACACS+, whatever as you need it.

OK, so we have our TFTP server ready.

Now we start configuring the distribution switch.  The Smart Install uses the vstack commands, but first some basic housekeeping.  Put an IP address on VLAN1 SVI, as we will use the switch as the DHCP server for the client switches:

Switch(config-if)#ip address 10.0.0.1 255.255.255.0

Switch(config-if)#no shut

Next, whack in a hostname.  Here I am being original, as this is the distribution switch for fictional Building A:

Switch(config)#hostname bldg-a-dist

If needed, exclude the usual areas for the VLAN from DHCP as per your usual rules.  Although, as you will see, this is the only “regular” DHCP command you will see.

bldg-a-dist(config)#ip dhcp excluded-address 10.0.0.50 10.0.0.254

My TFTP server is directly attached, so my final configuration will have a local VLAN and SVI, but that is not necessary.  Just place it where you need it, and make sure the switch can reach it.  Set up your VTP as required.

Set your trunking correctly so the new switch can come up.  Whatever happened to dynamic desireable by default?

bldg-a-dist(config)#interface FastEthernet0/2

bldg-a-dist(config-if)# switchport mode dynamic desirable

Now, on to the good bits.

First, we need to tell the switch it will be doing DHCP.  It does this in the vstack space.  This is not your usual DHCP.  Of course, you can use an external DHCP server, but this is a convenient spot.

bldg-a-dist(config-if)#vstack dhcp-localserver SMARTPOOL

bldg-a-dist(config-vstack-dhcp)# address-pool 10.0.0.0 255.255.255.0

bldg-a-dist(config-vstack-dhcp)# file-server 10.0.2.10

bldg-a-dist(config-vstack-dhcp)# default-router 10.0.0.1

Next, a little cosmetic stuff for the client switch.  This prepends a hostname prefix to the second half of the client switch MAC address.  It takes the string you give it and appends a hyphen.

bldg-a-dist(config)#vstack hostname-prefix bldg-a

Right.  Now to reference those files.  For this, we use the vstack groups.  The IOS has a list of built-in switch models and sub-types you can use that are automatically detected. You can set up a group for each of them, each with their own software image and standard configuration.

bldg-a-dist(config)#vstack group built-in ?

2918       2918 product family

2960       2960 product family

2960c      2960c product family

2960cg     2960cg product family

2960g      2960g product family

2960s      2960s product family

2975       2975 product family

3560       3560 product family

3560cg     3560cg product family

3560e      3560e product family

3560g      3560g product family

3560x      3560x product family

3750       3750 product family

3750e      3750e product family

3750g      3750g product family

3750x      3750x product family

nme-es     NME-ES product family

sm-d-es2   SM-D-ES2 product family

sm-d-es3   SM-D-ES3 product family

sm-d-es3g  SM-D-ES3G product family

sm-es2     SM-ES2 product family

sm-es3     SM-ES3 product family

sm-es3g    SM-ES3G product family

I am using a 2960, so we go one further:

bldg-a-dist(config)#vstack group built-in 2960 ?

24               2960 24 port switch. Lanbase image

24-8poe          2960 24 port 8 POE switch. Lanbase image

24-8poe-lanlite  2960 24 port 8 POE switch. Lanlite image

24-lanlite       2960 24 port switch. Lanlite image

24poe            2960 24 port POE switch. Lanbase image

24poe-lanlite    2960 24 port POE switch. Lanlite image

48               2960 48 port switch. Lanbase image

48-lanlite       2960 48 port switch. Lanlite image

48poe            2960 48 port POE switch. Lanbase image

48poe-lanlite    2960 48 port POE switch. Lanlite image

8                2960 8 port switch. Lanbase image

8-lanlite        2960 8 port switch. Lanlite image

8-pd             2960 8 port power device switch

And I am using the 8-pd:

bldg-a-dist(config)#vstack group built-in 2960 8-pd

Now, reference the image and config:

bldg-a-dist(config-vstack-group) image tftp://10.0.2.10/c2960-lanbasek9-tar.122-58.SE2.tar

bldg-a-dist(config-vstack-group) config tftp://10.0.2.10/base_2960_8_cfg.txt

Almost there.  Finally, tell the switch it is the Smart Install Director by referencing an IP on the switch and enable it using the “vstack basic” command.

bldg-a-dist(config)#vstack director 10.0.0.1

bldg-a-dist(config)#vstack basic

Created backup file-server directory flash:/vstack

For now, I’m going to turn the backup off.

bldg-a-dist(config)#no vstack backup

bldg-a-dist(config)#

*Mar  1 01:12:42.831: %SMI-6-SWITCH_ADD: New Device detected by Director with mac address: 0026.cac7.6080

*Mar  1 01:12:42.831: %SMI-5-DIRECTOR: Director is enabled

OK, so we should be good to go.

On the director:

bldg-a-dist#sho run | sec vstack

vstack group built-in 2960 8-pd

image tftp://10.0.2.10/c2960-lanbasek9-tar.122-58.SE2.tar

config tftp://10.0.2.10/base_2960_8_cfg.txt

vstack hostname-prefix bldg-a

vstack dhcp-localserver SMARTPOOL

address-pool 10.0.0.0 255.255.255.0

file-server 10.0.2.10

default-router 10.0.0.1

vstack director 10.0.0.1

vstack basic

no vstack backup

Connect an unconfigured switch with software later than 12.2(52)SE, and away we go.  Either out of the box, or delete the config.text and vlan.dat.  One quirk with Smart Install is that it will do the software “upgrade” even if the installed version is the same.

To see the upgrade process, I made a video.  Be warned, it is long and boring, although I edited out some of the most boring bits.  It is my first attempt at screencasting, so be kind.

The backup process is quite simple.  It is turned on by default, and the default location for storing files is on the flash:/vstack/ directory on the director.  However, you can point the backup location at a TFTP server or whatever you like.  As long as the Smart Install/vstack relationship is maintained, then whenever a “wr mem” is performed on the client switch, a backup will occur.

Only two generations of the backup are maintained and this seems non-configurable, but a quick script on your server could archive things away in a triggered fashion.

bldg-a-dist(config)#vstack backup

bldg-a-dist(config)#vstack backup file-server tftp://10.0.2.10/

There you have it.  Cisco Smart Install is a useful tool for helping with workgroup switch deployment.  Take a fresh switch out of the box, rack it up, and the software will be upgraded to your standard, a base template configuration installed, and, if you like, a rudimentary backup performed for workgroup switch configurations.  There are some other nice features, too.  You can actually use Smart Install to schedule new image upgrades with a few commands on the director, and you can upgrade switches that are running older than 12.2(52)SE with a bit more effort.  Or, once a switch is installed, it no longer needs to have the relationship with the director if you don’t want it to, so you can use this simply as a deployment aid.  Even if you don’t want to do it live in the network, you could use it on the bench for new switches to be upgraded and have a fresh standard config before going on the shelf.

With a little bit of effort up front, your remote workgroup switch deployment can be made a little easier, and you will know that every new switch has a consistent image and configuration.