How to RESTORE quickly XOS with Netsight Inventory Manager

  • 0
  • 1
  • Problem
  • Updated 3 years ago
  • Solved
Hi Guys,

Every backup have sense if restore work.
Now restore manually is working fine, but in the inventory manager consolle we have the restore wizard that could help, but ....

Suppose we have a network environment with a non default password or radius auth for access the switches, and we have a switch that have some problem but still reachable via their ip, and we want to replace it with another one.

So manually we:

take a new switch,
update the firmware,
install modules (ssh example) if need it,
winscp to the netsight to download the config (zipped even if called .cfg)
unpack the zip file on a local tftp
downalod the conf on the update switch
reboot and we are ready to install them.

there is a way to simplify this method?
If I use the restore wizard for the configuration, we need that the new switch have the same ip address of the faulted switch (sometimes is not possible) and respond with the same credential, (again in my example is not possible)

To solve I suppose, than adding at the restore wizard the capability to select the temporary ip address and the credential, where to restore the original configuration ...

Or if you have another IDEA or WAY to done quickly a restore please share it.

Best Regards
Photo of Roberto F.

Roberto F.

  • 690 Points 500 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb

If your new switch has EXOS v15.7.1 you can take advantage of Zero-Touch Provisioning Option 125.

When a switch with v15.7 boots up in factory default it will request an IP address using DHCP. This will be done alternatively through the mgmt port and any connected port in the default vlan.

You should program your DHCP server to send back Option 125 with the address of the NetSight server.

Option 125 should contain the following:
0x00 0x00 0x15 0xf8 0x06 0x01 0x04 and then the IP address of the server.

So if your server has an IP address of, dof example, the string returned by Option 125 should be:

0x00 0x00 0x15 0xf8 0x06 0x01 0x04 0xac 0x10 0x38 0x22

When the switch starts and receives an IP address and Option 125 it will send a SNMP trap to the NetSight server. The NetSight server will show this newly discovered switch in OneView -> Devices -> Discoverd

Then you can right-click on it and select Load Configuration

This will open a window that will let you upgrade its firmware and download a configuration
Photo of Roberto F.

Roberto F.

  • 690 Points 500 badge 2x thumb
This is the way I'm looking for.

But I cannot find the menu Load Configuration ... (I suppose beacuse I don't have any 15.7.1.x switches)
Can I set up a discovery method different from "Zero-Touch Provisioning"? (suppose we are working with else x150, x250 or x450 that does not support 15.7), something like a scheduled discovery on a particolar subnet?

This tutorial is great for future purpose, but unapplicable on a customer that have switch different from x440 or xXX-G2 .

Best regards
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb

The previous incarnation of Zero-Touch Provisioning was called Auto-Provision. This feature is available since EXOS v12.5 so it is present in your switches. But it is not enabled by default.

To enable it, reset the switch to factory default with
unconfigure switch all
then enable auto-provision with
enable auto-provision
This command will take effect the next time the switch reboots, and you'll know that it is active because when you log in the following message will be displayed:
Note:  This switch has Auto-Provision enabled to obtain configuration remotely. Commands should be limited to:
    show auto-provision
    show log
Any changes to this configuration will be discarded at the next reboot if auto provisioning sends a ".cfg" file.

(auto-provision) lab10.sw1.1 #
When  in this mode the switch will alternately try to obtain an IP address using DHCP from the default vlan and then from the mgmt vlan. When it gets an IP address, it will also expect to receive additional information through DHCP Option 43.

This process will continue indefinitelly until one of these things happens:
  • The switch receives a DHCP with a valid Option 43
  • You disable auto-provision
DHCP is a Vendor-Specific Option code and each vendor is free to decide the information contained in it. Extreme networks uses Option 43 to send the following information to the switch:
  • Code 100: TFTP Server IP Address
  • Code 101: Config file name (either .cfg or .xsf)
  • Code 102: SNMP Trap Server IP Address
When the switch receives this option, it will contact the TFTP server indicated in it and will try to download the configuration file indicated. Once the file is downloaded, the switch will reboot to activate the newly loaded configuration.

Now, let's see how to program Option 43 in a Windows DHCP Server.

Since Option 43 is "vendor-dependent", there is a mechanism to select the correct information to send to a device.

When a device that wants to receive Option 43 information sends a DHCP request, it includes a piece of information called Vendor Class Identifier (Option 60).

Extreme switches will use their System-Type as VCI. The one in the example (Summit-PC) corresponds to the Virtual Switch (EXOS-VM) I usually use in my labs.

To know the System-Type of a given switch, execute
show switch
and there you'll find it.

The DHCP server will look for Option 43 information specific to that VCI and send it with the IP address offer. if it doesn't find a matching VCI, it will send nothing.

In the Windows DHCP Server, you need to define a vendor class for each type of switch (VCI) that you will service.

Open the DHCP Manager. Select your server and right-click on it. Select Define Vendor Classes from the pop-up menu.

Press Add...

Enter the name of this Vendor Class (I give it the same name as the VCI), enter an optional description, and enter the VCI that you expect to receive from this device (Summit-PC). Press OK.

The new Vendor Class should appear in the list. Press Close.

Select your server and right-click on it once more. Select Set Predefined Options... from the pop-up menu.

In the pop-up window select your newly created Vendor Class.

Press Add...

Define an Option type with a name of tftp-server-address, a  data type of ip address and a code of 100. Press OK.

Type the IP address of your TFTP server in the Value field.

Add a second option with a name of config-file-name, a  data type of string and a code of 101. Press OK.

Type the name of the config file that you want to download to this type of switch. Press OK to end the process.

You can enable these options globally for all DHCP scopes, or you can enable it for scopes individually. If you don't enable them, they won't be sent...

To enable an option globally, right-click in Server Options and select Configure Options.

In the pop-up window select Advanced.

Select the desired Vendor Class and check each of the options that you want to enable (100 and 101). Press OK.

The Server Options window will now show these options. Note that these options correspond to Vendor Class Summit-PC.

We will need to repeat this procedure for each VCI we want to use. Here's an example where I have added a Vendor Class for X460-48p. In this case, the virtual machine and the X460-48p will receive different configuration files. the DHCP server will decide which is the correct value to send based on the VCI it receives..

If you want to enable these options individually for each scope, the procedure is exactly the same, but you have to perform it on the Scope Options of the individual scope.

If an option was enabled globally and you re-enable it locally, you can change the option value. So, if the global TFTP server address for all X460-48p points to a server in the central office, you can reprogram the value for the scope of a remote office so it uses a local TFTP server instead of the global one.

Hope this is what you're looking for...
Photo of Roberto F.

Roberto F.

  • 690 Points 500 badge 2x thumb

Great, but in this case I need to restore the configuration file on the tftpserver of the netsight appliance, this means to connect via ssh, find the right config file, unzip it and copy the file on the root of the tftp.
In the firts solution, we have the discovered device that is ready to receive the configuration via a right click....

So my question are:
Is possible to popolate the discevered list on the netsight device with some other method?
I suggest something like a scheduled discover (like autodiscover of prtg or other monitoring software )
this could bring some advantage to the platform:

1. Ability to solve my problem ;) also for third part device (or old extremeware switches)
2. Ability to facilitate the provision of new switch installed with or without our control (maybe the customer want to add the device by iself on the network and may don't remeber to add them to the managment platform, so we are sure to have a complete device inventory. )

Yout think is possible to add this feature in the next release?
Or in some ways is already possible?

Best regards
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb

While I simpathyse with your situation, and I also wish that it could be done, I don't think this is possible.

Regarding adding Option 125 to older versions, ZTP is quite different from Auto-Provisioning, and includes support for a new MIB. The trap being sent to the NetSight controller is a specific trap used by Enterasys switches, and it was added to EXOS v15.7.

Older versions of EXOS get bug fixes, but not new features.

As for discovering... Where would you look for new devices? All + + networks? How frequently would you scan? ¿Would you use snmp v1, v2, v3? ¿Wich creentials would you use? Huuuuge address space to go looking for new devices. Lots of options. Lots of traffic generated to find something that may not even be there...

That's why a "ring home" feature makes sense. But there's no "ring home" standard, as far as I know, so it would not be possible to have a method that could be applied to third-party devices.

As you see, a really nice idea but difficult to implement...
Photo of Roberto F.

Roberto F.

  • 690 Points 500 badge 2x thumb
Hi Daniel,

thanks for you patience,
I'm try to answer about the discover,

Where would you look for new devices?
Ususally we have one (or more) managment networks, wuould be fine to schedule a discover for this specific network(s) (maybe a differente schedule of each net)

How frequently would you scan?
Its depend, cound be once a day if I'm looking for new switches installed by the customer or a schedule more frequently if I need to keep a provisioning to replace a switch, or a features that let me "run now", but this is near a manually dicover ...

Would you use snmp v1, v2, v3? Wich creentials would you use?
Once again its dipend bye the schedule objective, could be the default credential snmp public/private (normally all device have is enabled) or the standard credential for a specific customer or both...

I know that could be difficult to implement, but I'm hope could be a Fateure Request?

Last question,
what happen when I Launch a discovery from the consolle, and after when I click Add device in the discovered list, are perhaps invoked scripts that I can customize and configure it on the crontab?

Photo of Stephen Williams

Stephen Williams, Employee

  • 8,582 Points 5k badge 2x thumb

These are great How to Guides!  So great I made a copy of them in our GTAC Knowledge so everyone can use them.  Just wanted you to know. :)

Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb