ZTP support

The switch supports standards-based Zero Touch Provisioning (ZTP) operations as follows:

  • The switch must be running the factory default configuration.

  • The switch can connect to the DHCP server from the OOBM management port.

  • ZTP operations are supported over IPv4 connections only. IPv6 connections are not supported for ZTP operations.

  • You must configure the DHCP server to provide a standards-based ZTP server solution. Options and features that are specific to Network Management Solution (NMS) tools, such as AirWave, are not supported. Supported DHCP options are:

    DHCP option

    Description

    60

    Vendor Class Identifier (VCI)

    66

    IPv4 address of the TFTP server (Specifying a host name instead of an IP address is not supported.)

    43 suboption 144

    Name of the configuration file

    43 suboption 145

    Name of the firmware image file

    67

    Name of the configuration file (Option 43 suboption 144 takes precedence over this option.)

  • The configuration file is a text file that becomes the startup and running configuration on the switch after the ZTP operation is complete. The configuration can be in CLI or in JSON format.

  • When the switch is started using the factory default configuration, the ZTP operation is started automatically and is attempted for a maximum of 10 minutes. There is no CLI command required to start the operation.

The switch supports the following standards:

  • RFC 2131, Dynamic Host Configuration Protocol.

  • RFC 2132, DHCP Options and BOOTP Vendor Extensions. Support is limited to the options listed in the table "Supported DHCP options for ZTP on ArubaOS-CX."

Hewlett Packard Enterprise recommends that you implement ZTP in a secure and private environment. Any public access can compromise the security of the switch, as follows:

  • ZTP is enabled only in the factory default configuration of the switch, DHCP snooping is not enabled. The Rogue DHCP server must be manually managed.

  • The DHCP offer is in plain data without encryption.