ZTP support

The switch supports standards-based Zero Touch Provisioning (ZTP) operations as follows:

  • The switch must be running the factory default configuration.

  • The switch can connect to the DHCP server from the OOBM management port.

    The switch can connect to the DHCP server from either the OOBM management port, or a data port on the default VLAN.

  • ZTP operations are supported over IPv4 connections only. IPv6 connections are not supported for ZTP operations.

  • You must configure the DHCP server to provide a standards-based ZTP server solution. Options and features that are specific to Network Management Solution (NMS) tools, such as AirWave, are not supported.

    • Aruba Central on-premise can manage AOS-CX switches on supported models through DHCP ZTP using two approaches:

      • On the DHCP server, configure DHCP option-60 as "ArubaInstantAP" 90 and provide the value in option-43 in the format <group-details>, <aruba-central-on-prem-ip-or-fqdn>, <shared-secret>.

      • On the DHCP server, configure DHCP option-60 as HPE vendor VCI and provide the value in option-43 in the tag-length-value (TLV) format with sub-option code of 146 as the Aruba Central on-premise FQDN or IPv4 address.

    • Supported DHCP options are:

    DHCP option

    Description

    43

    Vendor Specific Information

    43 suboption 144

    Name of the configuration file

    43 suboption 145

    Name of the firmware image file

    43 suboption 146

    Aruba Central FQDN or IPv4 address

    43 suboption 148

    HTTP Proxy FQDN or IPv4 address

    60

    Vendor Class Identifier (VCI)

    66

    IPv4 address of the TFTP server (Specifying a host name instead of an IP address is not supported.)

    67

    Name of the configuration file (Option 43 suboption 144 takes precedence over this option.)

  • The configuration file is a text file or JSON file that becomes the startup and running configuration on the switch after the ZTP operation is complete. The configuration can be in CLI or in JSON format.

  • When the switch is started using the factory default configuration, the ZTP operation is started automatically and is active until any running configuration of the switch is modified. There is no CLI command required to start the operation.

The switch supports the following standards:

  • RFC 2131, Dynamic Host Configuration Protocol.

  • RFC 2132, DHCP Options and BOOTP Vendor Extensions. Support is limited to the options listed in the table "Supported DHCP options for ZTP on AOS-CX."

Hewlett Packard Enterprise recommends that you implement ZTP in a secure and private environment. Any public access can compromise the security of the switch, as follows:

  • ZTP is enabled only in the factory default configuration of the switch, DHCP snooping is not enabled. The Rogue DHCP server must be manually managed.

  • The DHCP offer is in plain data without encryption.