Cisco Smart Install

Unanswered Question
Dec 30th, 2009

Hi,

I was wondering if anyone has deployed smart install in a production environment ?

I am thinking about using this feature to help automate the installation and management of new switch installations into our networks, both locally and remotely at other sites within our administrative control.

Are there any major issues / caveats I should be aware of ? I have looked at Cisco IOS configuration engine in the past but was put off by the linux / solaris requirements, and smart install looks like an "easier" way to provide automation at the access layer for new installations with zero touch.

Thanks, Chris.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
ericn8484_2 Wed, 12/30/2009 - 05:19

Cisco Smart Install looks like it is designed for small environments, even so I dont really see a place for it. The most difficult part of an automated deployment is environments that utilize a lot of VLAN's and making sure the switches are configured for the correct VLANs.

It would be a great way to ensure all of your switches are using the same version of IOS though. But I am not really a fan of the idea of the switches using dynamic IP's for management purposes.

cbeswick Wed, 12/30/2009 - 06:10

Could you not simply overwite the dynically assigned IP with a static IP within the configuration that is downloaded ? I only want to use this process to get the switch on the network, upgraded (or downgraded) to the common version with a baseline config to provide remote access. Once this is done any specific switch vlan and port configs can then be done remotely.

I think for this purpose irrelevent of the size of the network, this could be a great time saver. Of course there are the logistics of having the director switch snooping the correct vlan to kick the process off, but this can easily be circumvented by using "out of band" links to a centralised director switch for each switch block if you dont want to have a common vlan traversing your backbone.

ericn8484_2 Wed, 12/30/2009 - 06:46

True, I didn't think of it in that capacity. Start off with configuring the switch to have VLAN one setup for DHCP, create a local username/pw or set up TACACS authentication, enable Telnet/SSH for remote administration, and upgrading the IOS to the version you want.

With those basic tasks complete, you could build the configuration you desire then remote into the switch, perform a TFTP and replace the startup configuration with the one that you built and reboot the switch. Meanwhile you can configure the peering switch's interface to match your trunking configuration standards. Once the switch is back up and running, it will be trunked properly, with the correct VLANs and you don't need someone local consoling into the switch.

Sounds like you have an environment where you ship hardware directly to your remote sites? We have everything shipped here where I configure them before they are sent it out to its appropriate location. However our environment is small with around 100 edge switches that we manage and only add a half dozen or so each year.

cbeswick Wed, 12/30/2009 - 06:56

True, I didn't think of it in that capacity. Start off with configuring the switch to have VLAN one setup for DHCP, create a local username/pw or set up TACACS authentication, enable Telnet/SSH for remote administration, and upgrading the IOS to the version you want.

I was also thinking of getting a complete config already stored on the TFTP server for download. This would include everything from IP address and hostname, to snmp, syslog and common global port parameters such as port security, speed, duplex etc. Once done, the only thing that would need to be changed are the Vlans on the switch, the individual port vlan memberships and the trunk port configuration (which would already be setup with a native vlan in the base config that has been downloaded.)

Sounds like you have an environment where you ship hardware directly to your remote sites.

I am thinking of using this for that purpose, but also with a view to using this locally to save time on new switch deployments. Admittedly a switch should only take 5-10 mins to configure anyhow, but this way I can ensure that every switch gets an identical config, and it will save a little bit of time for my network support team.

ericn8484_2 Wed, 12/30/2009 - 07:04

We had the same issue here when I started working on the network, no two switches were configured the same, nor ran the same IOS. I now have config template that I run on every new switch and IOS that I load up to the switch. I have it in a rich text format with the items that need to be updated in bold which includes hostname, VLAN's, and IP information. However now I know every switch in the environment is configured the same so they "should" all behave the same=)

Leo Laohoo Wed, 12/30/2009 - 14:56

Tried to use the Smart Install in the production environment and pulled it out.

Smart Install works only on switches that run 12.2(52) and later:  2960, 2975, 3560/3560E, 3750/3750E.  Smart Install is very good when you have an isolated network to pump IOS and basic/template config to switch ... and that's about it.

We tried putting the config in the production network and everything started to become a western-country-song:  PC stopped working (no IP address), phones stopped working, WLAN stopped working.

ericn8484_2 Mon, 01/04/2010 - 04:47

Thanks for the follow-up, while the results were not good, it is nice to know how it went in a production environment.

iceteanolemon Thu, 10/28/2010 - 21:21

I just stumbledd upon this post and wanted to chime in. I have just ocmpleted rolling out a production network using the smart install technology. I have been researching it for a while and although there are some limitations that erk me, the tool is actually promising. The network I used this on is comprised of two 4507 cores and 8 hub closets ranging from 1 3750g-48poe to 4 3750g-48-poe switches all stacked.

My method of using the smart install was to first manually configure the director in the data center and have that up and running and connected to the core switch. Then I deploy the switches new in the box straight to the closets. Now the technician stacks them and plugs them into the fiber that leads back to the computer room. When the switch boots up it connects to the director and all the zero touch handles it. Sounds simple but there are details to look at.

Trunk ports in the core need to have dtp allowed you cannot have switchport nonegotiate...

On the director you need to specify a filter to trigger on a stack of 2 asx well as a stack of 3 or four all these need their own filter.

At this time I cannot give unique configs to each hub closet if they have the same amount of switches. I did place a feature request to allow you to bind the filter groups by connection and stack. That would allow us to have each IDF no matter what be able to have unique configurations. And If they release a code version for core switches that has smart install I will be happy. That would enable you to have a self sustaining network that every componant would be replaceable and configurations and image automated.

Also since we have to settle on a template config to all switches I had to really balance the vlan to port configs so there was a usable port map to every switch. We have to go back afterwards and add static management addresses and fine tune a few ports here and there.

Now the config was a pain, I had to refine this over and over and test this tool many times to get it right. With asic tests during boot and the boot time wait each test is boring waiting for the switch to either succeed or fail.

All in all we benefited greatly by using this technology. I also was able to leave a vlan1 port for the onsite tech to re provision switches when they need to. Now when we have a failure or whatever we can drop ship straight to the location and they can do the provisioning. Saves me money and heartache and with the automation a failure is back up and running faster than ever.

I am definitely waiting to get my hands on code for our 4507 or NX7K's that has smart install feature included. The 3750 is a good platform to have it on but in my opinion we need to get this going on a 4507 to see more benefit.

Actions

This Discussion