Browsed by
Tag: automation

The Network. Intuitive.

The Network. Intuitive.

A New Network for a New Era

Well, the cat is finally out the bag…

I’ve been biting my lips for the last several months working on campus designs with customers. That’s because internally at Cisco, all the buzz was around bringing SDN and most importantly intent driven networking to the campus in a BIG way. This is very much akin to how Cisco transformed the data center with ACI. In fact, I’ve heard verbatim from customers “why doesn’t Cisco have an ACI like solution for the campus?”.

Like a said earlier, I had to bite my lip each time I heard this comment unless we went through the mutual NDA process and even then we provided only a brief glimpse at what was coming.

I’d like to focus on ACI fabric automation and deployment when I draw a comparison to what I envision software defined access (SD-Access/SDA) will be.

In an ACI data center, I simply cable my spine/leaf switches and plug in my APIC controllers to the leaf.  I then go through a 5 minute setup process to define my credentials, TEP pool, infrastructure VLAN ID, and a couple other simple prompts on the APIC controller.

At this point, my ACI fabric is ready to go and all I need to do is register my leaf switches to the fabric , give them a name and ID and I’m off to the object/policy creation steps. Once my policy model and objects are set, it really becomes rinse and repeat. The key with this intent based networking is agility and automation at scale.

I didn’t have to give each leaf a management IP, specify VLANs, credentials, access methods, trunk ports, setup routing protocols, etc… While that’s how I’ve been doing things for over two decades, recently my eyes were open to what happens to that traditional/static model at scale. Quite frankly, it falls apart unless you got some awesome scripting folks automating box-by-box configs with tools like ansible/jinja/python.

In addition, native/embedded security is critical to detect and mitigate threats in the campus network. Detecting threats in encrypted traffic is a pretty amazing “nerd knob”.

In closing, I see a bright future for the campus network.  A future where the campus wired/wireless/WAN have embedded security functionality, deep contextual information (abstract subnet/vlan ID) of attached devices, is intent driven to allow automation at scale, and intuitive enough to deliver actionable and predictive insights.

If you’re going to Cisco Live next week, expect some major deep dive sessions on Cat9K, DNA, and more.


#WeAreCisco #Innovation

#CiscoDNA #NetworkIntuitive

Links & References

Cisco Smart Install

Cisco Smart Install

This is my first post in a new series called “Config Bytes”.

My objective is simple. Take a technology that I’m working on with a customer and post the data points.


A global company asked me if there was an easy way to provision switches for rapid deployment. They are somewhat limited on networking personal and this would save the team some time if they could automate the staging of switches before deployment . The basic requirements were a standardized image depending on the platform and initial config for access switches. I had two viable solutions to match these requirements 1) Prime Infrastructure Plug & Play 2) Smart Install

2015-03-24 10.56.32 am

Smart Install:

Since the launch of the 3850/3650 access layer switches, we had slides that mentioned all the value add features of the Catalyst line. One of those bullet points was smart install and I remember this for the 3750x as well. At the end of 2014, we put out an updated configuration guide for smart install. I used this as a basis for design and configuration.

You can read up on all the details, but let me summarize a few key points.

  • Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment (ZTD) for new switches. You can ship a switch to a location, place it in the network and power it on with no configuration required on the device.
  • Two roles for the switch infrastructure “clients” & “director”
  • Director can be an multilayer switch or router
  • Clients connect to director and pull down image and config without any intervention (ZTD)
  • If a client switch was already deployed, you must “wr erase” and reload without a startup-config for smart install to work. Out of the box, no intervention required.
  • If using an L3 switch for director the smart install “vstack” VLAN must be up or the director can fallback to a client role. Just make sure the VLAN has at lease one access port up/up if using that SVI for the director.
  • TFTP and DHCP services are required, however they can co-reside on the director. This is how I configured it in the example inline.
  • Make sure your director device has plenty of flash memory to store the images and configs. If you have many different PIDs, your going to need more flash. I found that 2GB on the 3650/4500x was suffice for my customer.
  • Be patient while the image is loaded to the client. This process takes time (sometimes up to an hour).
  • I found that using the .tar format for the images worked the best. I’m not even sure if the .bin format is supported.
  • If you want to verify the supported clients on the director use this command “show stack group built-in ?”

Table A-1 Supported Switches

Switch  Can be Director?  Can be Client? 
Catalyst 6500 Supervisor Engine 2T-10GE Yes No
Catalyst 4500 Supervisor Engine, 6E, 6LE, 7E, 7LE Yes No
Catalyst 3850 Yes Yes
Catalyst 3750-X Yes Yes
Catalyst 3750-E Yes Yes
Catalyst 3750 Yes Yes
Catalyst 3650 Yes Yes
Catalyst 3560-X Yes Yes
Catalyst 3560-E Yes Yes
Catalyst 3560-C No Yes
Catalyst 3560 Yes Yes
Catalyst 2960-S No Yes
Catalyst 2960-SF No Yes
Catalyst 2960-C No Yes
Catalyst 2960-P No Yes
Catalyst 2960 No Yes
Catalyst 2975 No Yes
IE 2000 Yes Yes
IE 3000 Yes Yes
IE 3010 Yes Yes
SM-ES2 SKUs No Yes
SM-ES3 SKUs No Yes
NME-16ES-1G-P No Yes
SM-X-ES3 SKUs Yes Yes

Table A-2 Supported Routers 

Router  Can be Director?  Can be Client? 
Cisco 3900 Series Integrated Services Routers G2 Yes No
Cisco 2900 Series Integrated Services Routers G2 Yes No
Cisco 1900 Series Integrated Services Routers G2 Yes No
Cisco 3800 Series Integrated Services Routers Yes No
Cisco 2800 Series Integrated Services Routers Yes No
Cisco 1800 Series Integrated Services Routers Yes No

Table A-3 Minimum Software Releases for Directors and Clients

Directors  Minimum Software Release 
Catalyst 6500 Supervisor Engine 2T-10GE Cisco IOS Release 15.1(1)SY
Catalyst 4500 Supervisor Engine 7E and 7LE Cisco IOS Release XE 3.4SG
Catalyst 4500 Supervisor Engine 6K and 6LE Cisco IOS Release 15.1(2)SG
Catalyst 3850 Cisco IOS Release 3.2(0)SE
Catalyst 3650 Cisco IOS Release 3.3(0)SE
Cisco 3900, 2900, and 1900 Series Integrated Services Routers G2 Cisco IOS Release 15.1(3)T
Cisco 3800, 2800, and 1800 Series Integrated Services Routers Cisco IOS Release 15.1(3)T
Catalyst 3750-E, 3750, 3560-E, and 3560 Switches Cisco IOS Release 12.2(55)SE
Catalyst 3750-X and 3560-X Switches Cisco IOS Release 12.2(55)SE
SM-X-ES3 SKUs Cisco IOS Release 15.0(2)EJ

Table A-4 Minimum Software Releases for Clients

Smart-Install Capable Clients1 Minimum Software Release 
Catalyst 3750-E, 3750, 3560-E, and 3560 Switches Cisco IOS Release 12.2(52)SE
Catalyst 3750-X and 3560-X Switches Cisco IOS Release 12.2(53)SE2
Catalyst 3560-C Compact Switches Cisco IOS Release 12.2(55)EX
Catalyst 2960 and 2975 Switches Cisco IOS Release 12.2(52)SE
Catalyst 2960-S Switches Cisco IOS Release 12.2(53)SE1
Catalyst 2960-C Compact Switches Cisco IOS Release 12.2(55)EX1
Catalyst 2960-SF Cisco IOS Release 15.0(2)SE
Catalyst 2960- P Cisco IOS Release 15.2(2)SE
IE 2000 Cisco IOS Release 15.2(2)SE
IE 3000 Cisco IOS Release 15.2(2)SE
IE 3010 Cisco IOS Release 15.2(2)SE
SM-ES3 SKUs, NME-16ES-1G-P Cisco IOS Release 12.2(52)SE
SM-ES2 SKUs Cisco IOS Release 12.2(53)SE1
SM-X-ES3 SKUs Cisco IOS Release 15.0(2)EJ

2015-03-24 10.58.00 am

Configuration Example:

n3tArk_3850#sh run | s vstack

description SmartInstall_vstack_lan
description smart_install_vstack_mgmt
vstack group custom 2960c product-id
image flash:c2960c405-universalk9-tar.152-3.E.tar
config flash:smartinstall_config_2960c.txt
match WS-C2960C-12PC-L
vstack dhcp-localserver smart_install
vstack director
vstack basic

n3tArk_3850#sh run int vlan 1

interface Vlan1
description smart_install_vstack_mgmt
ip address

n3tArk_3850#sh run | s tftp

ip tftp source-interface Vlan777
tftp-server client_cfg.txt
tftp-server flash:smartinstall_config_2960c.txt
tftp-server flash:c2960c405-universalk9-tar.152-3.E.tar
tftp-server flash:2960c-imagelist.txt

n3tArk_3850#sh vstack status
SmartInstall: ENABLED

2015-03-24 10.43.20 am

n3tArk_3850#sh vstack download-status
SmartInstall: ENABLED

2015-03-24 10.44.18 am


That’s pretty much it! Here is a link to a YouTube video I created to show how easy this is to get up and running.

Hope this was helpful. Please let feedback/comments in the section if I missed any key points or you want me to elaborate more on something specific.