Hi Klaus
With release 8.2 we have introduced the first step of zero-touch-onboarding. With 8.3 we will be introducing the second step. Step 1 is a per device functionality, while 8.3 will be expanding it to be a network wide onboarding solution.
8.2 puts all ports by default into a private VLAN, with 8.3 this PVLAN is extended to be a network wide ETREE. The idea is that the ETREE is terminated at one switch that provides access to the network management segment (DHCP, DNS, XMC, XIQ, Radius...). In addition, in 8.3 all ports will be up by default. This means, that you can power up a device and then it will:
- enable its ports
- make all ports member of the onboarding PVLAN/ISID 4048
- make all ports auto-sense
- auto-sense ports will detect whether they are connected to another fabric node, FA device, or regular device and then automatically bring up the ports accordingly. This means zero-touch-fabric will establish your fabric without any manual intervention. The only thing is that there needs to be a nick-name-server enabled somewhere in the fabric and access to the management segment provided.
- non network devices will end up in the onboarding pvlan/ETREE and thus won’t be able to communicate with each other, but only with the onboarding / management segment.
The reason for the PVLAN/ETREE is to ensure we don’t just create an onboarding flooding domain that includes all ports of the network, but a securely segmented onboarding segment where devices can only "see” the management segment and nothing else.
For details and a demo of this, please go to my Extreme vConnect session under the ITWarrior topic.
I hope this helps.
Roger
