Search SD-WAN Orchestrator Docs
Deployment Guides / Deployment Guides (HTML) / USB-Based Zero Touch Provisioning
Home
Compliance
Deployment Guides
Deployment Guides (PDF)
Deployment Guides (HTML)
USB-Based Zero Touch
Provisioning
Integration Guides
Using SD-WAN Orchestrator
Install, Upgrade, Move, and
Restore SD-WAN Orchestrator
System Requirements and
Compatibility
SD-WAN Test Drive
EdgeConnect Operational
Troubleshooting
How To and Technical Videos
FAQs
USB-Based Zero Touch Provisioning
For customer environments that do not support Zero Touch Provisioning (ZTP) via the Cloud Portal
and Orchestrator, gateways can be provisioned using a preconfiguration file loaded onto a USB drive.
Scenarios where this method may be required include:
1 No DHCP for WAN-side interfaces
2 No internet connectivity (MPLS only)
3 Restricted internet access (via proxy only)
In these scenarios, to provide a ZTP experience, you can prepare a USB flash drive containing the
preconfiguration file with the necessary configurations for getting the gateway online and reachable
via the Orchestrator.
USB ZTP Steps
1 Format the USB device to FAT32.
2 Create the spcustom.yml file for the site.
See the example files below.
spcustom.yml
3 Place the file within the root of the USB drive.
spcustom.yml
4 Attach the USB device to one of the USB ports.
5 Power on the gateway.
NOTE: To use USB ZTP, the gateway must be in a “first boot state.” Gateways fresh out-of-
the-box will run in this mode, but existing gateways must be placed into this state before using
USB ZTP. To put an existing device into the first boot state, see
Optional - Force Hardware Gateway into Firstboot Status.
Example 1 - Management 0 (mgmt0) DHCP, WAN0 DHCP (prefer
WAN0 for management traffic)
This file instantiates an EC gateway using DHCP for both mgmt0 and WAN0, but uses
spcustom.yml
wan0 for management traffic.
silverpeak_vxoa_init:
config_vars:
HOSTNAME: <HOSTNAME>
ACCNAME: <ACCOUNT NAME>
ACCKEY: <ACCOUNT KEY>
SYS_TAG: <APPLIANCE TAG>
ILRM: true
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Pre‐Management Tasks
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
pre_mgmtd_tasks:
‐ "configdb:/system/hostname,hostname,_$HOSTNAME$"
‐ "configdb:/cn/tunneld/portal/config/registration/account,string,_$ACCNAME$"
‐ "configdb:/cn/tunneld/portal/config/registration/key,string,_$ACCKEY$"
‐ "configdb:/cn/tunneld/portal/config/registration/site,string,_$SYS_TAG$"
‐ "configdb:/cn/tunneld/system/config/routing_inline,bool,_$ILRM$"
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Set up Management and data plane
# system router commands required on wan/lan interfaces
# only specify if needed for initial management‐plan access is required to contact Orchestrator
# use your environment’s IP addresses for nexthop w.x.y.z
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ "cli:en;conf t;system router rtr1 create interface wan0 wan"
‐ "cli:en;conf t;system router rtr1 dhcp nexthop w.x.y.z"
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Use the ip default‐gateway command to set the default route to the specified next‐hop or interfa
# Use the no form of this command to remove the current default route or all the default routes.
# ip default‐gateway <next‐hop IP address> < interface name> <metric> [<src>]
# set metric for wan0
# metric of 5 will give preference to wan0 assuming mgmt0 is a higher number
# "cli:en;conf t;ip default‐gateway _$WAN0_NEXTHOP$ wan0 5 _$WAN0_IP$"
# example without src
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ "cli:en;conf t;ip default‐gateway _$WAN0_NEXTHOP$ wan0 5"
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# DNS (optional as we have a built‐in policy that automatically sets it to 8.8.8.8)
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ "cli:en;conf t;ip name‐server 8.8.8.8"
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Write to memory and reboot
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ "cli:en;conf t;write memory;reboot noconfirm"
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Example 2 - Management 0 (mgmt0) DHCP, WAN0 DHCP (prefer
mgmt0 for management traffic)
This file instantiates an EC gateway using both mgmt0 and WAN0 with DHCP, preferring
spcustom.yml
mgmt0 for management traffic.
silverpeak_vxoa_init:
config_vars:
HOSTNAME: <HOSTNAME>
ACCNAME: <ACCOUNT NAME>
ACCKEY: <ACCOUNT KEY>
SYS_TAG: <APPLIANCE TAG>
ILRM: true
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Pre‐Management Tasks
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
pre_mgmtd_tasks:
‐ configdb:/system/hostname,hostname,_$HOSTNAME$
‐ configdb:/cn/tunneld/portal/config/registration/account,string,_$ACCNAME$
‐ configdb:/cn/tunneld/portal/config/registration/key,string,_$ACCKEY$
‐ configdb:/cn/tunneld/portal/config/registration/site,string,_$SYS_TAG$
‐ configdb:/cn/tunneld/system/config/routing_inline,bool,_$ILRM$
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Post‐Management Tasks
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
post_mgmtd_tasks:
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Set up management and data plane
# system router commands required on wan/lan interfaces
# only specify for initial management‐plan access when required to contact Orchestrator
# use your lab environment IP addresses in place of w.x.y.z
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf term; interface mgmt0 dhcp
‐ cli:en;conf term; ip default‐gateway w.x.y.z mgmt0
‐ cli:en;conf term; system router rtr1 create interface wan0 wan
‐ cli:en;conf term; system router rtr1 dhcp nexthop w.x.y.z
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# DNS (optional as we have a built‐in policy that automatically sets it to 8.8.8.8)
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t;ip name‐server 8.8.8.8
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# write to the memory and reboot
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t;write memory;reboot noconfirm
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Example 3 - Management 0 (mgmt0) and WAN0 configured with
static IP address (prefer WAN0 for management traffic)
This file instantiates an EC gateway and configures a static IP address on both mgmt0
spcustom.yml
and WAN0, but prefers to use WAN0 for management traffic.
silverpeak_vxoa_init:
config_vars:
HOSTNAME: <HOSTNAME>
ACCNAME: <ACCOUNT NAME>
ACCKEY: <ACCOUNT KEY>
SYS_TAG: <APPLIANCE TAG>
ILRM: true
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Management Plane IPs
# Did not use initially DHCP for mgmt0
# Once obtained, provision statically
# Data Plane IPs
# No DHCP, provisioned statically
# The static IP addresses below are for example, use your lab environment IP addresses.
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
MGMT0_IP: 192.162.111.122
MGMT0_MASK_LENGTH: 24
MGMT0_IP_DEFAULT_GATEWAY: 192.162.111.10
WAN0_IP: 192.168.0.34
WAN0_MASK_LENGTH: 24
WAN0_IP_DEFAULT_GATEWAY: 192.168.0.1
WAN0_NEXTHOP: 192.168.0.1
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Pre‐Management Tasks
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
pre_mgmtd_tasks:
‐ configdb:/system/hostname,hostname,_$HOSTNAME$
‐ configdb:/cn/tunneld/portal/config/registration/account,string,_$ACCNAME$
‐ configdb:/cn/tunneld/portal/config/registration/key,string,_$ACCKEY$
‐ configdb:/cn/tunneld/portal/config/registration/site,string,_$SYS_TAG$
‐ configdb:/cn/tunneld/system/config/routing_inline,bool,_$ILRM$
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Set up management and control plane
# Management plane next hop can NOT be assigned with the interface command.
# system router commands required on wan/lan interfaces
# only specify if needed for initial management‐plane access is required to contact Orchestrator
# security‐mode <security mode for interface>
# 0 Open
# 1 Harden
# 2 Stateful Firewall
# 3 Stateful Firewall with SNAT
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t;system router rtr1 create interface wan0 wan
‐ cli:en;conf t;no system router rtr1 dhcp
‐ cli:en;conf t;system router rtr1 ip _$WAN0_IP$ /_$WAN0_MASK_LENGTH$ nexthop _$WAN0_NEXTHOP$
‐ cli:en;conf t;system router rtr1 ip default‐gateway _$WAN0IP_DEFAULT_GATEWAY$ WAN0
‐ cli:en;conf t;system router rtr1 ip _$WAN0_IP$ security‐mode 3
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Use the ip default‐gateway command to set the default route to the specified next‐hop or interfa
# Use the no form of this command to remove the current default route or all the default routes.
# ip default‐gateway <next‐hop IP address> < interface name> <metric> [<src>]
# set metric for wan0
# metric of 5 will give preference to wan0 assuming mgmt0 is a higher number
# "cli:en;conf t;ip default‐gateway _$WAN0_NEXTHOP$ wan0 5 _$WAN0_IP$"
# example without src
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t;ip default‐gateway _$WAN0_NEXTHOP$ wan0 5
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# DNS (optional as we have a built‐in policy that automatically sets it to 8.8.8.8)
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t; ip name‐server 8.8.8.8
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Write to the memory and reboot
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t;write memory;reboot noconfirm
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Example 4 - Orchestrator as a Proxy Server with a Private IP Address
This files sets Orchestrator as a proxy server with a private IP address. This use case
spcustom.yml
instantiates an EC gateway using Orchestrator as a proxy to connect to the internet to access the
Cloud Portal through WAN0. Management 0 is not connected.
silverpeak_vxoa_init:
config_vars:
HOSTNAME: <HOSTNAME>
ACCNAME: <ACCOUNT NAME>
ACCKEY: <ACCOUNT KEY>
SYS_TAG: <APPLIANCE TAG>
ILRM: true
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Management Plane IPs
# Did not use initially DHCP for mgmt0
# Once obtained, provision statically
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
MGMT0_IP: 10.10.0.20
MGMT0_MASK_LENGTH: 24
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Data Plane IPs
# No DHCP, provisioned statically
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
WAN0_IP: 192.168.0.34
WAN0_MASK_LENGTH: 24
WAN0_IP_DEFAULT_GATEWAY: 192.168.0.1
WAN0_NEXTHOP: 192.168.0.1
LAN0_IP: 192.168.1.25
LAN0_MASK_LENGTH: 24
LAN0_NEXTHOP: 192.168.1.11
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
pre_mgmtd_tasks:
‐ configdb:/system/hostname,hostname,_$HOSTNAME$
‐ configdb:/cn/tunneld/portal/config/registration/account,string,_$ACCNAME$
‐ configdb:/cn/tunneld/portal/config/registration/key,string,_$ACCKEY$
‐ configdb:/cn/tunneld/portal/config/registration/site,string,_$SYS_TAG$
‐ configdb:/cn/tunneld/system/config/routing_inline,bool,_$ILRM$
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Set up Management and data plane Plane using DHCP for WAN0
# Management plane next hop can NOT be assigned with the interface command.
# system router commands required on wan/lan interfaces
# only specify for initial management‐plan access when required to contact Orchestrator
# security‐mode <security mode for interface>
# 0 Open
# 1 Harden
# 2 Stateful Firewall
# 3 Stateful Firewall with SNAT
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
post_mgmtd_tasks:
‐ cli:en;conf t; system router rtr1 create interface wan0 wan
‐ cli:en;conf t; no system router rtr1 dhcp
‐ cli:en;conf t; system router rtr1 ip _$WAN0_IP$ /_$WAN0_MASK_LENGTH$ nexthop _$WAN0_NEXTHOP$
‐ cli:en;conf t; system router rtr1 ip _$WAN0_IP$ security‐mode 1
‐ cli:en;conf t; ip mgmt‐ip _$WAN0_IP$
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Use the cli command to set the IP address to reach cloud portal
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t; internal set modify ‐ /cn/tunneld/portal/config/host value string 10.91.120.174
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Use the cli command to set IP address for the Orchestrator private IP address
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t; internal set modify ‐ /cn/jsond/config/gms/10.91.120.174 value string 10.91.120
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Use CLI commands to bypass the security certificates for portal and Orchestrator
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Setup Orchestrator IP address and not pass the ssl certificates
# These CLI commands were added in 8.3.2.0, 9.0.1.0
# SET:
# conf t> security csrf enable
# conf t> security certificate verify [portal|orchestrator|all]
# UNSET:
# conf t> no security csrf enable
# conf t> no security certificate verify [portal|orchestrator|all]
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en;conf t; no security csrf enable all
‐ cli:en;conf t; no security certificate verify all
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
# Write to the memory and reboot
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐ cli:en; conf t; write memory; reboot noconfirm
# ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Optional - Force Hardware Gateway into Firstboot Status
To test the USB ZTP procedure with a previously configured gateway device, the gateway must run in
a “first boot” state.
1 Log in to the gateway CLI, and then drop to the shell ( ). _spsshell
2 Issue the following commands:
touch /etc/.firstboot
rm -f /var/opt/tms/.ovfe_done cd /tmp/
>customization.log
>custom_task_post.done
>custom_task_pre
3 Access the gateway GUI, and then force a reboot to factory defaults (Maintenance > Reboot /
Shutdown > Reset Factory and Reboot).
Back to top
© Copyright 2024 Hewlett Packard Enterprise Development LP.
To view the end-user software agreement, go to HPE Aruba Networking EULA.
Open Source Code:
This product includes code licensed under certain open source licenses which require source compliance. The corresponding
source for these components is available upon request. This offer is valid to anyone in receipt of this information and shall expire
three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain
such source code, please check if the code is available in the HPE Software Center at https://myenterpriselicense.hpe.com/cwp-
ui/software but, if not, send a written request for specific software version and product for which you want the open source code.
Along with the request, please send a check or money order in the amount of US $10.00 to:
Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America
Cookie Preferences