NX-OS POAP Explained & Setup process

PowerOn Auto Provisioning (POAP) automates the process of upgrading software images and installing configuration files on devices that are being deployed in the network for the first time.

When a device with the POAP feature boots and does not find the startup configuration, the device enters POAP mode, sends a DHCP request, and bootstraps itself with its interface IP address, gateway, and DNS server IP addresses. The device also obtains the IP address of a TFTP/SCP server or the URL of an HTTP server and downloads a configuration script that enables the switch to download and install the appropriate software image and configuration file.

The POAP process starts by assigning a temporary IP address to the switch via the DHCP protocol. Additional DHCP scope options are also provided to facilitate the configuration script download.

Option 66 or Option 150: References the Script Server. IEEE Option 66 allows a single IP address or Server name. Cisco’s Option 150 allows provision of a list of IP addresses for accessing the TFTP-Server
Option 67: References the Configuration Script or Bootfile Name.

The Open NX-OS switch, acting as a DHCP client, will use this information to contact the TFTP server to obtain the configuration script file.

The configuration script (for example, poap.py) will be executed. The logic of the configuration script will download the software image, switch configuration, agent information, and any other additional requirements from the network. POAP provides multiple mechanisms to flexibly identify switches, based on their serial number or system MAC address or their location in the network, as determined by its directly connected neighbors. The downloaded image and configuration are ‘scheduled’ to be applied after a reboot.

Below is a flowchart representing the POAP process:

To maintain system security and make POAP more secure, configure the following:
- Enable DHCP snooping.
- Set firewall rules to block unintended or malicious DHCP servers.
POAP is supported on both MGMT ports and in-band ports.

Setting Up the Network Environment to Use POAP

Procedure

Step 1	Modify the configuration script provided as necessary.
Step 2	Deploy a DHCP server and configure it with the interface, gateway, and TFTP server IP addresses and a bootfile with the path and name of the configuration script file. (This information is provided to the switch when it first boots.)
Step 3	Deploy a TFTP server to host the configuration script.
Step 4	Deploy one or more servers to host the software images and configuration files.

Configuring a Switch Using POAP

Before you begin

Make sure that the network environment is set up to use POAP.

Procedure

Step 1	Install the switch in the network.
Step 2	Power on the switch.If no configuration file is found, the switch boots in POAP mode and displays a prompt that asks if you want to abort POAP and continue with a normal setup.No entry is required to continue to boot in POAP mode.
Step 3	(Optional) If you want to exit POAP mode and enter the normal interactive setup script, enter y (yes).The switch boots, and the POAP process begins.

Configuration examples:

Zed networks: https://zed-network.fr/?p=527

Geeksops: https://geeksops.com/?p=8

Fatal errors: https://www.fatalerrors.org/a/0NV91jE.html

github.com/CiscoSE/Cisco-POAP

www.ansible.com/provisioning-cisco-nexus-9000-switches-using-poap-and-ansible

Youtube (implementing POAP) : www.youtube.com/watch?v=3FCWJbGv7w0

Reference:

https://developer.cisco.com/docs/nx-os/#!poap/poap-poweron-auto-provisioning
https://developer.cisco.com/docs/nx-os/#!poap-process
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/fundamentals/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Fundamentals_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Fundamentals_Configuration_Guide_7x_chapter_0100.html#task_BA281BA1AC824679AF2ED5531468DEEE