Zero touch provisioning on

HPE Comware switches

Contents
Introduction .................................................................................................................................................................................................................................................................................... 2
Environment 1: With HPE IMC....................................................................................................................................................................................................................................... 2
Requirements ......................................................................................................................................................................................................................................................................... 2
Network topology............................................................................................................................................................................................................................................................... 2
Step 1.1: HPE IMC configuration ............................................................................................................................................................................................................................ 3
Step 1.2: Windows 2012R2 DHCP server configuration .................................................................................................................................................................... 6
Step 1.3: HPE IMC configuration............................................................................................................................................................................................................................ 6
Step 1.4: Power up and connect new switches into the OOB network..............................................................................................................................11
Environment 2: without HPE IMC ............................................................................................................................................................................................................................ 13
Requirements .......................................................................................................................................................................................................................................................................13
Network topology.............................................................................................................................................................................................................................................................13
Step 2.1: TFTP server configuration.................................................................................................................................................................................................................14
Step 2.2: DHCP server configuration............................................................................................................................................................................................................... 15
Step 2.3: Connect and power up new switches into the OOB network ............................................................................................................................ 15
For devices without L2 network connectivity to the DHCP server ........................................................................................................................................... 17
Network topology.............................................................................................................................................................................................................................................................17
Additional step: DHCP relay on default gateway configuration ............................................................................................................................................ 17
Additional links ..........................................................................................................................................................................................................................................................................19

Configuration guide
Configuration guide Page 2

Introduction
This configuration guide provides advice on provisioning new HPE Comware switches in your network automatically, fresh out of the box,
without setting up console access into the switch or typing commands manually to configure credentials and enable remote network
management access.

Two environments are described in this guide:

With HPE Intelligent Management Center (IMC)

Without HPE IMC

Note:
HPE FlexFabric 5900 and 5930M switches worked as expected using the steps described in this guide. Other HPE Comware switches should also
function in the same manner.

Environment 1: With HPE IMC

The example configuration described in this section is applicable in environments with HPE IMC already deployed and assumes the new switches
will also be deployed in the same IP subnet as the DHCP server. Refer to the last section of this guide for additional configuration guidance if the
new devices are in a different IP subnet.

Requirements
The following are required:

DHCP server (Windows server 2012 is used in this example)

HPE IMC (7.1 base platform was tested during creation of this document)
MAC addresses of the new switches (using sticker pasted on the switch) would need to be recorded.

Network topology
The topology as shown in figure 1 will be used to describe environment 1:

The new HPE Comware v7 Switches will connect into the existing Out-of-Band (OOB) management network using their management
Ethernet port
L2 network connectivity exists between the new switches and DHCP server/HPE IMC
HPE IMC and DHCP server exist on the same subnet

Existing HPE IMC VM

DC fabric 10.10.10.10/24
L2 network connectivity
VM VM VM
VM VM VM
Hypervisor
M-GE0/0/0
New HPE Existing Windows 2012 VM
Comware OOB (DHCP server)
switches network 10.10.10.106/24

Figure 1. Environment 1 network topology

Configuration guide Page 3

Step 1.1: HPE IMC configuration

Navigate to the HPE IMC > Service > Configuration Center > Auto Deployment Plan and click on the Initial Configuration File Management link as
shown in figure 2.

Figure 2. ADP configuration (Part 1)

Click on Add to create a new initial configuration file as shown in figure 3.

Figure 3. ADP configuration (Part 2)

Create the new Initial Configuration file using the following parameters and click OK to add as shown in figure 4.

File Name: oobm.cfg

Description: OOBM autoconfig startup configuration file

File Content:

sysname ADP_Initial_Config
#
interface M-GigabitEthernet0/0/0
ip address dhcp-alloc
#
telnet server enable
#
stp global enable
#
snmp-agent
snmp-agent community read iMCV5read
snmp-agent community write iMCV5write
snmp-agent sys-info version all
#
line aux 0
user-role network-admin
screen-length 69
Configuration guide Page 4

#
line vty 0 63
authentication-mode scheme
user-role network-admin
user-role network-operator
screen-length 0
#
local-user iMCV5admin class manage
password simple iMCV5admin
service-type telnet
authorization-attribute user-role level-15
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
return

Note:
The snmpv1 read and write community strings, as well as the telnet username and password must match exactly what is shown in the access
parameters in figure 4.

For e.g. if IMC shows iMCV5read, iMCV5read has to be used. If IMC shows iMCread, iMCread has to be used.

These parameters will be used only for the initial discovery and will be overwritten during the deployment of the devices desired configuration.
Configuration guide Page 5

Figure 4. ADP configuration (Part 3)

Verify that the new initial configuration file oobm.cfg was successfully created as shown in figure 5.

Figure 5. ADP configuration (Part 4)

Configuration guide Page 6

Step 1.2: Windows 2012R2 DHCP server configuration

As shown in figure 6, configure your DHCP server with its desired network scope, then add two more options. Option 66 will specify the TFTP
server IP (HPE IMC), while option 67 will specify the initial configuration file the new switches should boot up to, as previously created in step 1.1.

Figure 6. Windows DHCP server configuration

Step 1.3: HPE IMC configuration

On the HPE IMC server, navigate to Service > Configuration Center > Auto Deployment Plan and click Add to create a new auto-deployment plan
with the following parameters as shown in figure 7.

Figure 7. ADP configuration (Part 5)

Configuration guide Page 7

Configure using these values as shown in figure 8, Name: OOBM

Figure 8. ADP configuration (Part 6)

Create the desired configuration file for the final deployment by using Service > Configuration Templates > Add > Manual Add as shown in figure
9. This configuration file may include normal configuration template variables as typically defined in an HPE IMC configuration template (please
see IMC administrators guide for more information).

Figure 9. ADP configuration (Part 7)

Configuration guide Page 8

The following sample configuration template is used (modify as required for your own environment). In this example, we are defining fixed values
for static route/telnet/snmp, but sysname and OOBM IP address can be changed for each individual device.

Sample configuration template:

telnet server enable

sysname ${DEVICE-SYSNAME}
snmp-agent
snmp-agent community write private
snmp-agent community read public
snmp-agent sys-info version all

local-user admin class manage

password simple password
service-type telnet http terminal
authorization-attribute user-role network-operator
authorization-attribute user-role network-admin

user-interface vty 0 15
authentication-mode scheme

fan prefer-direction slot 1 port-to-power

interface M-GigabitEthernet0/0/0
ip address ${MGMT-IP-ADDR} 255.255.255.0

ip route 15.0.0.0 255.0.0.0 10.10.10.254

From the OOBM deployment plan, select the Add Auto Deployment Device icon

as shown in figure 10 below.

Figure 10. ADP configuration (Part 8)

Configuration guide Page 9

In this example, we will set the following values:

MGMT-IP-ADDR: 10.10.10.75 #this is the IP address to be assigned to the OOBM port.

DEVICE-SYSNAME: DC1-5930-1 #this is the device sysname to be assigned

Ensure that the Back Up Configuration File option is set to No as shown in figure 11.

Note:
Also ensure device IP specified is not already managed by IMC for any other device.

Figure 11. ADP configuration (Part 9)

As shown in figure 12, input the Match Criteria: MAC Address field with the MAC address of the target device. This is the MAC address stated on
the sticker pasted on the device.

Input the Target IP address of the device. This is the final IP address that you wish to use for managing the device.
Configuration guide Page 10

Figure 12. ADP configuration (Part 10)

As shown in figure 13, specify the access parameters here to match those of the final state of the device (e.g. SNMP and telnet settings below
have to match 5930.cfg selected above). These settings will be used by HPE IMC to contact and discover the device during the final stages of the
auto-deployment. If these settings do not match, the auto-deployment task will fail.

Figure 13. ADP configuration (Part 11)

Configuration guide Page 11

Step 1.4: Power up and connect new switches into the OOB network
With the previous steps done, connect (only the management Ethernet port) and power up the new switches into the OOB network. The
following console output as shown should be seen with initial zero touch provisioning complete. The IP address assigned to the switch will be
shown.

Loading file flash:/5930-cmw710-system-r2418p06.bin.............................

.....................................Done.
Loading file flash:/5930-cmw710-boot-r2418p06.bin..............Done.

Image file flash:/5930-cmw710-boot-r2418p06.bin is self-decompressing...........

................................................................................
.Done.
System is starting...
Cryptographic algorithms tests passed.

Startup configuration file does not exist.

Started automatic configuration, press CTRL_C or CTRL_D to break.

Automatic configuration attempt: 1.

Not ready for automatic configuration: no interface available.
Waiting for the next...

Automatic configuration attempt: 2.

Interface used: M-GigabitEthernet0/0/0.
Enable DHCP client on M-GigabitEthernet0/0/0.
Obtained an IP address for M-GigabitEthernet0/0/0: 10.10.10.201.
Obtained configuration file name oobm.cfg and TFTP server name 10.10.10.10.
Resolved the TFTP server name to 10.10.10.10.
Successfully downloaded file oobm.cfg.
Executing the configuration file. Please wait...
Automatic configuration successfully completed.
Line aux0 is available.

Press ENTER to get started.

<ADP_Initial_Config>
Configuration guide Page 12

After the initial configuration is provisioned, the devices will be rebooted by IMC.

From the HPE IMC Service > Configuration Center > Auto Deployment Plan interface, select the Auto Deployment Execution Result icon

as shown in Figure 14 below.

Figure 14. ADP verification

Once initial zero touch provisioning is complete and working as expected, the network administrator can proceed to cable up the remaining ports
into the DC fabric and configure any additional configurations via remote access as shown in the example below.

Example of remote access into the switch

<HP>telnet 10.10.10.75
Trying 10.10.10.75 ...
Press CTRL+K to abort
Connected to 10.10.10.75 ...

******************************************************************************
* Copyright (c) 2010-2015 Hewlett-Packard Development Company, L.P. *
* Without the owner's prior written consent, *
* No decompiling or reverse-engineering shall be allowed. *
******************************************************************************

Login: admin
Password:
Configuration guide Page 13

<DC1-5930-1>
<DC1-5930-1>dis int brie | i UP
InLoop0 UP UP(s) --
M-GE0/0/0 UP UP 10.10.10.75
NULL0 UP UP(s) --
REG0 UP -- --

Environment 2: without HPE IMC

The example configuration described in this section is applicable for environments without HPE IMC and assumes the new switches will also be
deployed in the same IP subnet as the DHCP server. Refer the last section of this guide for additional configuration guidance if the new devices
are in a different IP subnet.

Requirements
The following are required:

DHCP server (Windows Server 2012 is used in this example)

TFTP server (3CDaemon application is used in this example and installed on the same Windows Server VM)

There is no requirement to identify MAC addresses of the new switches for this to function as expected.

Network topology
The topology as shown in figure 15 will be used to describe environment 2:

The new HPE Comware switches will connect into the existing OOB management network using their management Ethernet port
L2 network connectivity exists between the new switches and TFTP/DHCP server
TFTP and DHCP server exist on the same subnet

Existing
DC fabric
L2 network connectivity
VM VM VM
VM VM VM
Hypervisor
M-GE0/0/0
New HPE Existing Windows 2012 VM
Comware OOB (DHCP and TFTP
switches network server) 10.10.10.106/24

Figure 15. Environment 2 network topology

Configuration guide Page 14

Step 2.1: TFTP server configuration

A .cfg file will need to be created in the TFTP server directory; this directory will depend on your TFTP server application. Launch Notepad,
Save As select the correct directory, rename the file as desired, and save. The file name is not fixed. In this example, it is saved as 5900.cfg as
shown in figure 16.

Figure 16. cfg file creation

Fill in the .cfg file with your desired switch configuration. Here is the sample configuration used; additional configuration may be added or
changed as desired.

interface M-GigabitEthernet0/0/0
ip address dhcp-alloc
#
telnet server enable
ssh server enable
#
snmp-agent
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
#
line vty 0 15
authentication-mode scheme
#
Configuration guide Page 15

local-user admin class manage

password simple password
service-type telnet ssh
authorization-attribute user-role network-admin
Here is an example for other additional configurations such as VLANs, OSPF etc., which maybe added into the above .cfg file.

vlan 10 to 11
ospf 1
area 0.0.0.0
network 192.168.11.0 0.0.0.255

Step 2.2: DHCP server configuration

As shown in figure 17, configure your DHCP server with its desired network scope, then add two more options. Option 66 will specify the TFTP
server IP (same IP as the DHCP server), while option 67 will specify the configuration file the new switches should boot up to, as previously
created in step 2.1.

Figure 17. DHCP Server option settings

Step 2.3: Connect and power up new switches into the OOB network
With the previous steps done, connect (only the management Ethernet port) and power up the new switches into the OOB network. The
following console output as shown in figure 18 should be seen with initial zero touch provisioning complete. The IP address assigned to the
switch will be shown; the TFTP server console should state the .cfg file was sent as expected.

If console access is not available, the IP addresses assigned in the DHCP server address leases as previously shown in figure 5 can also be used
to identify the IPs and establish remote network management access.
Configuration guide Page 16

Once initial zero touch provisioning is complete and working as expected, the network administrator can proceed to cable up the remaining ports
into the DC fabric and configure device specifics such as unique sysname, static management IP, uplink IPs etc. As IMC is not available to
complete the rest of the desired configuration, CLI via remote network management access will have to be used in this environment.

Note:
This procedure should not disrupt existing switches with saved configuration if they reboot. The existing switches will not initiate the automatic
configuration attempt shown below.

Figure 18. New switch boot up

Configuration guide Page 17

For devices without L2 network connectivity to the DHCP server

This section is applicable for environments where the new switches need to be deployed in a different subnet from the DHCP server. The
procedures from environment 1 and 2 are still applicable; the only additional configuration required is DHCP relay on the default gateway switch.

Network topology
The topology as shown in figure 19 will be used to describe this environment:
The new HPE Comware switches will connect into the existing network using their management Ethernet port
L3 network connectivity exists between the new switches and TFTP/DHCP server

Existing
DC fabric
L3 network connectivity
VM VM VM
VM VM VM
10.1.1.0/24 10.10.10.0/24
Hypervisor
M-GE0/0/0
New HPE Existing OOB network Windows 2012 VM
Comware (switch functioning as (DHCP and TFTP
switches default gateway for new server) 10.10.10.106/24
HPE Comware switches)

Figure 19. L3 network topology

Additional step: DHCP relay on default gateway configuration

As shown below, the following configuration can be added for the default gateway to function as a DHCP relay.

dhcp enable
#
interface Vlan-interface1
ip address 10.1.1.1 255.255.255.0
dhcp select relay
dhcp relay server-address 10.10.10.106

The following display command can be used to verify DHCP relay requests.

[12504]dis dhcp relay statistics

DHCP packets dropped: 0
DHCP packets received from clients: 4
DHCPDISCOVER: 2
DHCPREQUEST: 2
DHCPINFORM: 0
DHCPRELEASE: 0
DHCPDECLINE: 0
Configuration guide Page 18

BOOTPREQUEST: 0
DHCP packets received from servers: 4
DHCPOFFER: 2
DHCPACK: 2
DHCPNAK: 0
BOOTPREPLY: 0
DHCP packets relayed to servers: 4
DHCPDISCOVER: 2
DHCPREQUEST: 2
DHCPINFORM: 0
DHCPRELEASE: 0
DHCPDECLINE: 0
BOOTPREQUEST: 0
DHCP packets relayed to clients: 4
DHCPOFFER: 2
DHCPACK: 2
DHCPNAK: 0
BOOTPREPLY: 0
DHCP packets sent to servers: 0
DHCPDISCOVER: 0
DHCPREQUEST: 0
DHCPINFORM: 0
DHCPRELEASE: 0
DHCPDECLINE: 0
BOOTPREQUEST: 0
DHCP packets sent to clients: 0
DHCPOFFER: 0
DHCPACK: 0
DHCPNAK: 0
BOOTPREPLY: 0

The following will be shown on the switch console to verify DHCP IP assignment and the correct .cfg file.

Loading file flash:/5930-cmw710-system-d2420.bin................................

....................................Done.
Loading file flash:/5930-cmw710-boot-d2420.bin..............Done.

Image file flash:/5930-cmw710-boot-d2420.bin is self-decompressing..............

.......................................................................Done.
System is starting...
Cryptographic algorithms tests passed.
Configuration guide Page 19

Startup configuration file does not exist.

Started automatic configuration, press CTRL_C or CTRL_D to break.

Automatic configuration attempt: 1.

Not ready for automatic configuration: no interface available.
Waiting for the next...

Automatic configuration attempt: 2.

Interface used: M-GigabitEthernet0/0/0.
Enable DHCP client on M-GigabitEthernet0/0/0.
Obtained an IP address for M-GigabitEthernet0/0/0: 10.1.1.60.
Obtained configuration file name 5900.cfg and TFTP server name 10.10.10.106.
Resolved the TFTP server name to 10.10.10.106.
Successfully downloaded file 5900.cfg.
Executing the configuration file. Please wait...
Automatic configuration successfully completed.
Line aux0 is available.

Press ENTER to get started.

Additional links
HPE 5930 Switch Configuration Guide

HPE 5900 Switch Configuration Guide

Learn more at
hpe.com/networking

Sign up for updates

Rate this document

Copyright 20152016 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without
notice. The only warranties for HPE products and services are set forth in the express warranty statements accompanying such products
and services. Nothing herein should be construed as constituting an additional warranty. HPE shall not be liable for technical or editorial
errors or omissions contained herein.

Windows and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or
other countries.

4AA6-1335ENW, February 2016, Rev. 1