USB-Based Zero Touch Provisioning
For customer environments that do not support Zero Touch Provisioning (ZTP) via the Cloud Portal and Orchestrator, gateways can be provisioned using a preconfiguration file loaded onto a USB drive.
Scenarios where this method may be required include:
-
No DHCP for WAN-side interfaces
-
No internet connectivity (MPLS only)
-
Restricted internet access (via proxy only)
In these scenarios, to provide a ZTP experience, you can prepare a USB flash drive containing the preconfiguration file with the necessary configurations for getting the gateway online and reachable via the Orchestrator.
USB ZTP Steps
-
Format the USB device to FAT32.
-
Create the
spcustom.yml
file for the site.See the example
spcustom.yml
files below. -
Place the
spcustom.yml
file within the root of the USB drive. -
Attach the USB device to one of the USB ports.
-
Power on the gateway.
NOTE: To use USB ZTP, the gateway must be in a “first boot state.” Gateways fresh out-of-the-box will run in this mode, but existing gateways must be placed into this state before using USB ZTP. To put an existing device into the first boot state, see Optional - Force Hardware Gateway into Firstboot Status.
Example 1 - Management 0 (mgmt0) DHCP, WAN0 DHCP (prefer WAN0 for management traffic)
This spcustom.yml
file instantiates an EC gateway using DHCP for both mgmt0 and WAN0, but uses wan0 for management traffic.
silverpeak_vxoa_init:
config_vars:
HOSTNAME: <HOSTNAME>
ACCNAME: <ACCOUNT NAME>
ACCKEY: <ACCOUNT KEY>
SYS_TAG: <APPLIANCE TAG>
ILRM: true
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Pre‐Management Tasks
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
pre_mgmtd_tasks:
‐ "configdb:/system/hostname,hostname,_$HOSTNAME$"
‐ "configdb:/cn/tunneld/portal/config/registration/account,string,_$ACCNAME$"
‐ "configdb:/cn/tunneld/portal/config/registration/key,string,_$ACCKEY$"
‐ "configdb:/cn/tunneld/portal/config/registration/site,string,_$SYS_TAG$"
‐ "configdb:/cn/tunneld/system/config/routing_inline,bool,_$ILRM$"
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Set up Management and data plane
# system router commands required on wan/lan interfaces
# only specify if needed for initial management‐plan access is required to contact Orchestrator
# use your environment’s IP addresses for nexthop w.x.y.z
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ "cli:en;conf t;system router rtr1 create interface wan0 wan"
‐ "cli:en;conf t;system router rtr1 dhcp nexthop w.x.y.z"
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Use the ip default‐gateway command to set the default route to the specified next‐hop or interface.
# Use the no form of this command to remove the current default route or all the default routes.
# ip default‐gateway <next‐hop IP address> < interface name> <metric> [<src>]
# set metric for wan0
# metric of 5 will give preference to wan0 assuming mgmt0 is a higher number
# "cli:en;conf t;ip default‐gateway _$WAN0_NEXTHOP$ wan0 5 _$WAN0_IP$"
# example without src
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ "cli:en;conf t;ip default‐gateway _$WAN0_NEXTHOP$ wan0 5"
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# DNS (optional as we have a built‐in policy that automatically sets it to 8.8.8.8)
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ "cli:en;conf t;ip name‐server 8.8.8.8"
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Write to memory and reboot
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ "cli:en;conf t;write memory;reboot noconfirm"
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Example 2 - Management 0 (mgmt0) DHCP, WAN0 DHCP (prefer mgmt0 for management traffic)
This spcustom.yml
file instantiates an EC gateway using both mgmt0 and WAN0 with DHCP, preferring mgmt0 for management traffic.
silverpeak_vxoa_init:
config_vars:
HOSTNAME: <HOSTNAME>
ACCNAME: <ACCOUNT NAME>
ACCKEY: <ACCOUNT KEY>
SYS_TAG: <APPLIANCE TAG>
ILRM: true
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Pre‐Management Tasks
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
pre_mgmtd_tasks:
‐ configdb:/system/hostname,hostname,_$HOSTNAME$
‐ configdb:/cn/tunneld/portal/config/registration/account,string,_$ACCNAME$
‐ configdb:/cn/tunneld/portal/config/registration/key,string,_$ACCKEY$
‐ configdb:/cn/tunneld/portal/config/registration/site,string,_$SYS_TAG$
‐ configdb:/cn/tunneld/system/config/routing_inline,bool,_$ILRM$
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Post‐Management Tasks
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
post_mgmtd_tasks:
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Set up management and data plane
# system router commands required on wan/lan interfaces
# only specify for initial management‐plan access when required to contact Orchestrator
# use your lab environment IP addresses in place of w.x.y.z
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf term; interface mgmt0 dhcp
‐ cli:en;conf term; ip default‐gateway w.x.y.z mgmt0
‐ cli:en;conf term; system router rtr1 create interface wan0 wan
‐ cli:en;conf term; system router rtr1 dhcp nexthop w.x.y.z
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# DNS (optional as we have a built‐in policy that automatically sets it to 8.8.8.8)
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t;ip name‐server 8.8.8.8
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# write to the memory and reboot
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t;write memory;reboot noconfirm
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Example 3 - Management 0 (mgmt0) and WAN0 configured with static IP address (prefer WAN0 for management traffic)
This spcustom.yml
file instantiates an EC gateway and configures a static IP address on both mgmt0 and WAN0, but prefers to use WAN0 for management traffic.
silverpeak_vxoa_init:
config_vars:
HOSTNAME: <HOSTNAME>
ACCNAME: <ACCOUNT NAME>
ACCKEY: <ACCOUNT KEY>
SYS_TAG: <APPLIANCE TAG>
ILRM: true
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Management Plane IPs
# Did not use initially DHCP for mgmt0
# Once obtained, provision statically
# Data Plane IPs
# No DHCP, provisioned statically
# The static IP addresses below are for example, use your lab environment IP addresses.
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
MGMT0_IP: 192.162.111.122
MGMT0_MASK_LENGTH: 24
MGMT0_IP_DEFAULT_GATEWAY: 192.162.111.10
WAN0_IP: 192.168.0.34
WAN0_MASK_LENGTH: 24
WAN0_IP_DEFAULT_GATEWAY: 192.168.0.1
WAN0_NEXTHOP: 192.168.0.1
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Pre‐Management Tasks
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
pre_mgmtd_tasks:
‐ configdb:/system/hostname,hostname,_$HOSTNAME$
‐ configdb:/cn/tunneld/portal/config/registration/account,string,_$ACCNAME$
‐ configdb:/cn/tunneld/portal/config/registration/key,string,_$ACCKEY$
‐ configdb:/cn/tunneld/portal/config/registration/site,string,_$SYS_TAG$
‐ configdb:/cn/tunneld/system/config/routing_inline,bool,_$ILRM$
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Set up management and control plane
# Management plane next hop can NOT be assigned with the interface command.
# system router commands required on wan/lan interfaces
# only specify if needed for initial management‐plane access is required to contact Orchestrator
# security‐mode <security mode for interface>
# 0 Open
# 1 Harden
# 2 Stateful Firewall
# 3 Stateful Firewall with SNAT
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t;system router rtr1 create interface wan0 wan
‐ cli:en;conf t;no system router rtr1 dhcp
‐ cli:en;conf t;system router rtr1 ip _$WAN0_IP$ /_$WAN0_MASK_LENGTH$ nexthop _$WAN0_NEXTHOP$
‐ cli:en;conf t;system router rtr1 ip default‐gateway _$WAN0IP_DEFAULT_GATEWAY$ WAN0
‐ cli:en;conf t;system router rtr1 ip _$WAN0_IP$ security‐mode 3
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Use the ip default‐gateway command to set the default route to the specified next‐hop or interface.
# Use the no form of this command to remove the current default route or all the default routes.
# ip default‐gateway <next‐hop IP address> < interface name> <metric> [<src>]
# set metric for wan0
# metric of 5 will give preference to wan0 assuming mgmt0 is a higher number
# "cli:en;conf t;ip default‐gateway _$WAN0_NEXTHOP$ wan0 5 _$WAN0_IP$"
# example without src
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t;ip default‐gateway _$WAN0_NEXTHOP$ wan0 5
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# DNS (optional as we have a built‐in policy that automatically sets it to 8.8.8.8)
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t; ip name‐server 8.8.8.8
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Write to the memory and reboot
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t;write memory;reboot noconfirm
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Example 4 - Orchestrator as a Proxy Server with a Private IP Address
This spcustom.yml
files sets Orchestrator as a proxy server with a private IP address. This use case instantiates an EC gateway using Orchestrator as a proxy to connect to the internet to access the Cloud Portal through WAN0. Management 0 is not connected.
silverpeak_vxoa_init:
config_vars:
HOSTNAME: <HOSTNAME>
ACCNAME: <ACCOUNT NAME>
ACCKEY: <ACCOUNT KEY>
SYS_TAG: <APPLIANCE TAG>
ILRM: true
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Management Plane IPs
# Did not use initially DHCP for mgmt0
# Once obtained, provision statically
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
MGMT0_IP: 10.10.0.20
MGMT0_MASK_LENGTH: 24
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Data Plane IPs
# No DHCP, provisioned statically
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
WAN0_IP: 192.168.0.34
WAN0_MASK_LENGTH: 24
WAN0_IP_DEFAULT_GATEWAY: 192.168.0.1
WAN0_NEXTHOP: 192.168.0.1
LAN0_IP: 192.168.1.25
LAN0_MASK_LENGTH: 24
LAN0_NEXTHOP: 192.168.1.11
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
pre_mgmtd_tasks:
‐ configdb:/system/hostname,hostname,_$HOSTNAME$
‐ configdb:/cn/tunneld/portal/config/registration/account,string,_$ACCNAME$
‐ configdb:/cn/tunneld/portal/config/registration/key,string,_$ACCKEY$
‐ configdb:/cn/tunneld/portal/config/registration/site,string,_$SYS_TAG$
‐ configdb:/cn/tunneld/system/config/routing_inline,bool,_$ILRM$
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Set up Management and data plane Plane using DHCP for WAN0
# Management plane next hop can NOT be assigned with the interface command.
# system router commands required on wan/lan interfaces
# only specify for initial management‐plan access when required to contact Orchestrator
# security‐mode <security mode for interface>
# 0 Open
# 1 Harden
# 2 Stateful Firewall
# 3 Stateful Firewall with SNAT
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
post_mgmtd_tasks:
‐ cli:en;conf t; system router rtr1 create interface wan0 wan
‐ cli:en;conf t; no system router rtr1 dhcp
‐ cli:en;conf t; system router rtr1 ip _$WAN0_IP$ /_$WAN0_MASK_LENGTH$ nexthop _$WAN0_NEXTHOP$
‐ cli:en;conf t; system router rtr1 ip _$WAN0_IP$ security‐mode 1
‐ cli:en;conf t; ip mgmt‐ip _$WAN0_IP$
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Use the cli command to set the IP address to reach cloud portal
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t; internal set modify ‐ /cn/tunneld/portal/config/host value string 10.91.120.174
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Use the cli command to set IP address for the Orchestrator private IP address
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t; internal set modify ‐ /cn/jsond/config/gms/10.91.120.174 value string 10.91.120.174
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Use CLI commands to bypass the security certificates for portal and Orchestrator
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Setup Orchestrator IP address and not pass the ssl certificates
# These CLI commands were added in 8.3.2.0, 9.0.1.0
# SET:
# conf t> security csrf enable
# conf t> security certificate verify [portal|orchestrator|all]
# UNSET:
# conf t> no security csrf enable
# conf t> no security certificate verify [portal|orchestrator|all]
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t; no security csrf enable all
‐ cli:en;conf t; no security certificate verify all
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Write to the memory and reboot
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en; conf t; write memory; reboot noconfirm
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Optional - Force Hardware Gateway into Firstboot Status
To test the USB ZTP procedure with a previously configured gateway device, the gateway must run in a “first boot” state.
-
Log in to the gateway CLI, and then drop to the shell (
_spsshell
). - Issue the following commands:
touch /etc/.firstboot rm -f /var/opt/tms/.ovfe_done cd /tmp/ >customization.log >custom_task_post.done >custom_task_pre
- Access the gateway GUI, and then force a reboot to factory defaults (Maintenance > Reboot / Shutdown > Reset Factory and Reboot).