Working in an environment where you have few staff resources, especially at remote sites, deploying workgroup switches can be a bit of a pain. Or maybe you just want to make sure all new switches have the latest IOS image you are using and a basic standard configuration. The Cisco Smart Install process can be useful so you can send out an unopened new switch, have your remote arms-and-legs rack it up and magically, the switch comes on line with a current image and a standard configuration. Another useful thing is that Smart Install has a neat backup facility which is on by default.
The true zero-touch install requires that the “client” switch be at least version 12.2(52)SE, although there are methods whereby switches with older software can be bootstrapped. For more information on that, see the Cisco documentation.
Below is a diagram of the setup I am going to use. Where I worked, this was the typical building network block; a C3750-class distribution switch and C2960 workgroup switches. Cisco calls the switch that provides the information (image names, configurations, etc) the “director”. The director can host the TFTP server locally, although if you have a mixed client-switch environment, this can become cumbersome; I prefer a centrally-located TFTP server. However, I have used the director switch as the DHCP server for the management VLAN, as it seems a logical place to do it, although you could futz around with your central DHCP server to do the job, too.
I am going to prep this as if I was going to be using a couple of different model workgroup switches. The configuration is slightly more involved, but it lets you prepare for the future without having to back out a single model config.
So first, prepare your TFTP server.
You will need two files:
- The .tar image file
- A configuration file you want to upload to the new client switch
By naming your files appropriately, keeping switch models separate, you can create custom base configs for different types – 8-port, 24-port, PoE, and so on. In this case, I am using a C2960PD-8TT-L, so I am calling the configuration file “2960_8_baseconfig.txt” for the 8-port switch. No need for configuring 24 ports, plus it only has one Gigabit port. You can make a standardized template configuration for each switch type, model or even stack member; put in passwords, TACACS+, whatever as you need it.
OK, so we have our TFTP server ready.
Now we start configuring the distribution switch. The Smart Install uses the vstack commands, but first some basic housekeeping. Put an IP address on VLAN1 SVI, as we will use the switch as the DHCP server for the client switches:
Switch(config-if)#ip address 10.0.0.1 255.255.255.0
Next, whack in a hostname. Here I am being original, as this is the distribution switch for fictional Building A:
If needed, exclude the usual areas for the VLAN from DHCP as per your usual rules. Although, as you will see, this is the only “regular” DHCP command you will see.
bldg-a-dist(config)#ip dhcp excluded-address 10.0.0.50 10.0.0.254
My TFTP server is directly attached, so my final configuration will have a local VLAN and SVI, but that is not necessary. Just place it where you need it, and make sure the switch can reach it. Set up your VTP as required.
Set your trunking correctly so the new switch can come up. Whatever happened to dynamic desireable by default?
bldg-a-dist(config-if)# switchport mode dynamic desirable
Now, on to the good bits.
First, we need to tell the switch it will be doing DHCP. It does this in the vstack space. This is not your usual DHCP. Of course, you can use an external DHCP server, but this is a convenient spot.
bldg-a-dist(config-if)#vstack dhcp-localserver SMARTPOOL
bldg-a-dist(config-vstack-dhcp)# address-pool 10.0.0.0 255.255.255.0
bldg-a-dist(config-vstack-dhcp)# file-server 10.0.2.10
bldg-a-dist(config-vstack-dhcp)# default-router 10.0.0.1
Next, a little cosmetic stuff for the client switch. This prepends a hostname prefix to the second half of the client switch MAC address. It takes the string you give it and appends a hyphen.
bldg-a-dist(config)#vstack hostname-prefix bldg-a
Right. Now to reference those files. For this, we use the vstack groups. The IOS has a list of built-in switch models and sub-types you can use that are automatically detected. You can set up a group for each of them, each with their own software image and standard configuration.
bldg-a-dist(config)#vstack group built-in ?
2918 2918 product family
2960 2960 product family
2960c 2960c product family
2960cg 2960cg product family
2960g 2960g product family
2960s 2960s product family
2975 2975 product family
3560 3560 product family
3560cg 3560cg product family
3560e 3560e product family
3560g 3560g product family
3560x 3560x product family
3750 3750 product family
3750e 3750e product family
3750g 3750g product family
3750x 3750x product family
nme-es NME-ES product family
sm-d-es2 SM-D-ES2 product family
sm-d-es3 SM-D-ES3 product family
sm-d-es3g SM-D-ES3G product family
sm-es2 SM-ES2 product family
sm-es3 SM-ES3 product family
sm-es3g SM-ES3G product family
I am using a 2960, so we go one further:
bldg-a-dist(config)#vstack group built-in 2960 ?
24 2960 24 port switch. Lanbase image
24-8poe 2960 24 port 8 POE switch. Lanbase image
24-8poe-lanlite 2960 24 port 8 POE switch. Lanlite image
24-lanlite 2960 24 port switch. Lanlite image
24poe 2960 24 port POE switch. Lanbase image
24poe-lanlite 2960 24 port POE switch. Lanlite image
48 2960 48 port switch. Lanbase image
48-lanlite 2960 48 port switch. Lanlite image
48poe 2960 48 port POE switch. Lanbase image
48poe-lanlite 2960 48 port POE switch. Lanlite image
8 2960 8 port switch. Lanbase image
8-lanlite 2960 8 port switch. Lanlite image
8-pd 2960 8 port power device switch
And I am using the 8-pd:
bldg-a-dist(config)#vstack group built-in 2960 8-pd
Now, reference the image and config:
bldg-a-dist(config-vstack-group) image tftp://10.0.2.10/c2960-lanbasek9-tar.122-58.SE2.tar
bldg-a-dist(config-vstack-group) config tftp://10.0.2.10/base_2960_8_cfg.txt
Almost there. Finally, tell the switch it is the Smart Install Director by referencing an IP on the switch and enable it using the “vstack basic” command.
bldg-a-dist(config)#vstack director 10.0.0.1
Created backup file-server directory flash:/vstack
For now, I’m going to turn the backup off.
bldg-a-dist(config)#no vstack backup
*Mar 1 01:12:42.831: %SMI-6-SWITCH_ADD: New Device detected by Director with mac address: 0026.cac7.6080
*Mar 1 01:12:42.831: %SMI-5-DIRECTOR: Director is enabled
OK, so we should be good to go.
On the director:
bldg-a-dist#sho run | sec vstack
vstack group built-in 2960 8-pd
vstack hostname-prefix bldg-a
vstack dhcp-localserver SMARTPOOL
address-pool 10.0.0.0 255.255.255.0
vstack director 10.0.0.1
no vstack backup
Connect an unconfigured switch with software later than 12.2(52)SE, and away we go. Either out of the box, or delete the config.text and vlan.dat. One quirk with Smart Install is that it will do the software “upgrade” even if the installed version is the same.
To see the upgrade process, I made a video. Be warned, it is long and boring, although I edited out some of the most boring bits. It is my first attempt at screencasting, so be kind.
The backup process is quite simple. It is turned on by default, and the default location for storing files is on the flash:/vstack/ directory on the director. However, you can point the backup location at a TFTP server or whatever you like. As long as the Smart Install/vstack relationship is maintained, then whenever a “wr mem” is performed on the client switch, a backup will occur.
Only two generations of the backup are maintained and this seems non-configurable, but a quick script on your server could archive things away in a triggered fashion.
bldg-a-dist(config)#vstack backup file-server tftp://10.0.2.10/
There you have it. Cisco Smart Install is a useful tool for helping with workgroup switch deployment. Take a fresh switch out of the box, rack it up, and the software will be upgraded to your standard, a base template configuration installed, and, if you like, a rudimentary backup performed for workgroup switch configurations. There are some other nice features, too. You can actually use Smart Install to schedule new image upgrades with a few commands on the director, and you can upgrade switches that are running older than 12.2(52)SE with a bit more effort. Or, once a switch is installed, it no longer needs to have the relationship with the director if you don’t want it to, so you can use this simply as a deployment aid. Even if you don’t want to do it live in the network, you could use it on the bench for new switches to be upgraded and have a fresh standard config before going on the shelf.
With a little bit of effort up front, your remote workgroup switch deployment can be made a little easier, and you will know that every new switch has a consistent image and configuration.