Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Greg_Harbers
Participant

Zero touch and 1500 appliances

Hi All,

Has anyone done anything with the zerotouch deployment service and 1500 series appliances, specifically around defined addresses on vlan sub interfaces.

the clish script I am deploying sets ntp servers, dns settings, adminstrators etc all successfully, and creates some vlan sub interfaces. These  parts all work perfectly, however thus far any attempt to set an ip address on the vlan interfaces fails, and the interfaces are always assigned a 192.168.x.x address

eg, zero touch script has this...

add interface LAN1 vlan 100
set interface LAN1.100 state on
set dhcp server interface "LAN1.100" disable
set interface "LAN1.100" ipv4-address "10.100.100.1" subnet-mask "255.255.255.0"
set interface "LAN1.100" description "Trusted_VLAN100"

I end up with this...

set interface "LAN1.100" ipv4-address "192.168.200.1" subnet-mask "255.255.255.0"
add interface "ASSIGNMENT.SEPARATE_NETWORK" vlan "100" ipv4-address "192.168.200.1" mask-length "24"
set interface "LAN1.100" mtu "1500" 802dot1x-authentication "off" 802dot1x-re-authentication-frequency "0" lan-mac-filtering "on"
set dhcp server interface "LAN1.100" dns "auto"
set interface "LAN1.100" exclude-from-dns-proxy "off"
set interface "LAN1.100" lan-access "accept" lan-access-track "log"
set dhcp server interface "LAN1.100" assign-addresses-for-known-hosts-only "off"
set dhcp server interface "LAN1.100" lease-time "4"
set dhcp server interface "LAN1.100" include-ip-pool "192.168.200.1-192.168.200.254"
set interface "LAN1.100" hotspot "off"

 

Once the gateway is built and I run this command from clish

set interface "LAN1.100" ipv4-address "10.100.100.1" subnet-mask "255.255.255.0"

I will get this....

set interface "LAN1.100" ipv4-address "10.100.100.1" subnet-mask "255.255.255.0"
add interface "ASSIGNMENT.SEPARATE_NETWORK" vlan "100" ipv4-address "10.100.100.1" mask-length "24"
set interface "LAN1.100" mtu "1500" 802dot1x-authentication "off" 802dot1x-re-authentication-frequency "0" lan-mac-filtering "on"
set dhcp server interface "LAN1.100" dns "auto"
set interface "LAN1.100" exclude-from-dns-proxy "off"
set interface "LAN1.100" lan-access "accept" lan-access-track "log"
set dhcp server interface "LAN1.100" assign-addresses-for-known-hosts-only "off"
set dhcp server interface "LAN1.100" lease-time "4"
set dhcp server interface "LAN1.100" include-ip-pool "192.168.200.1-192.168.200.254"
set interface "LAN1.100" hotspot "off"

One thing I need to determine is if this problem is just limited to vlan interfaces, or all interfaces, will test that and update when I have know the results

Any assistance would be appreciated

Regards

Greg

 

0 Kudos
3 Replies
alexeyn
Employee
Employee

Hi Greg,

Have you tried to delete LAN1 switch before assigning vlan? (delete switch LAN1_Switch)

Are those commands work for different LAN interface?

 

Thanks,

Alexey

0 Kudos
Greg_Harbers
Participant

Hi Alexei,

This is what I have in the script....

delete interface LAN1_Switch
set interface LAN1 unassigned
set interface LAN1 state on
set dhcp server interface LAN1 disable

add interface LAN1 vlan 100
set interface LAN1.100 state on
add interface LAN1 vlan 101
set interface LAN1.101 state on

set dhcp server interface "LAN1.100" disable
set interface "LAN1.100" ipv4-address "10.100.100.1" subnet-mask "255.255.255.0"
set interface "LAN1.100" description "VLAN100"

set dhcp server interface "LAN1.612" disable
set interface "LAN1.101" ipv4-address "10.100.110.1" subnet-mask "255.255.255.0"
set interface "LAN1.101" description "VLAN101"

Note that the vlan interfaces are being created correctly, it is simply the addressing and descriptions that are not being applied. Once the device has completed the build and I logon via the console, I am able to paste the commands in as above and the addresses and descriptions are applied.

Thanks

Greg

0 Kudos
Maarten_Sjouw
Champion
Champion

A typo in the second VLAN?

set dhcp server interface "LAN1.612" disable
set interface "LAN1.101" ipv4-address "10.100.110.1" subnet-mask "255.255.255.0"
set interface "LAN1.101" description "VLAN101"

Regards, Maarten
0 Kudos