Zero-touch Onboarding

I'm running cnMaestro Cloud version 1.5.0-r11; my PMP-450 APs and SMs are running v15.0.3. I suppose I don't understand how the Zero-touch configuration is supposed to work--for example:

I take an SM out of the box with no config, and aim it at my sector; the AP sees the session via ICC; but cnMaestro doesn't see it until I drop a config on the SM (via the ICC session on the AP). Does anyone know what basic config has to be on the SM before cnMaestro will onboard it? Sort of defeats the idea of Zero-touch if I have to configure it before it goes into the field...

Obviously the SM won't have a Color, IP, Frequency, VLAN, etc., straight out of the box.

I have Zero-Touch Onboarding enabled--see attachment.

OK, after doing some reading and watching a Zero-touch webinar, I found out that "Zero-touch" means that you need a DHCP server or RADIUS to implement. We statically assign IPs to our SMs and aren't running RADIUS, so I guess this feature won't be available to our installations.

1 Like

RP,

Unfortunately, you are correct that zero touch onboarding of SMs is not possible when SMs need static IP address assignment.

--Rajesh

Will it not zero touch onboard due to the static IP or something else that is being passed with radius or DHCP?  In our deployment it would be nice to have static IP addresses on CPE but still allow them to be onboarded without a separate process.

I haven't seen the webinar.  Is it possible there is a link to that webinar?  I'd like to fully understand how zero touch works both on PMP and in the future for EPMP.

Joe,

Unfortunately we usethe term "zero touch" in many different contexts and it gets confusing. This particular thread is about PMP SMs automatically showing up in the onboarding queue in cnMaestro, when it connects to an AP that is already being managed by cnMaestro.

First case is when the SM is already configured to connect to the AP. When the SM connects, it will get the cnMaestro URL and Cambium ID from the AP. The SM will use this information to connect to cnMaestro, and will show up in the onboarding queue. For this to happen, the SM needs an IP address assigned (statically configured or DHCP), "Network Accessability" must be set to "Public", and it must have a DNS server configured (statically or via DHCP) to allow it to resolve the cnMaestro URL.  

Second case is when the SM is brand new out of the box. In this case, the AP needs ICC enabled. When SM connects to the AP using ICC, it automatically swithes to DHCP mode and sets "Network Accessability" to public. AP can be set to bypass autehntication for ICC case to allow the SM to connect without credentials ("Configuration > Security > Bypass Authentication for ICC SMs" field in AP GUI). In this case, there needs to be a DHCP server on the network to assign an IP address (and DNS server) to the SM. If the DHCP server is in the management VLAN, enable "Configuration > VLAN > Use AP's Management VID for ICC connected SM" to allow the SM to get IP address from the management VLAN. Once the SM gets an IP address and DNS server via DHCP, it will connect to cnMaestro and show up in the onboarding queue. At this point, you can approve the SM and push a configuration to the SM via cnMaestro. This configuration should  have the correct color code, scan list, etc. Also make sure "Network Accessability" is set to "Public" in this configuration. You can also change the SM to use static IP in this configuration if you wish.

We have have customer requests to get the SM to talk to cnMaestro by proxying the traffic through the AP, but this is not possible today. This would make it possible for the SM to be managed vis cnMaestro without requiring an IP address to be configured on the SM.

ePMP SMs currently do not have the ability to learn the cnMaestro information from its AP, so this will not work with ePMP.

3 Likes

This might be too late to be helpful, but I created a python script that will generate templates for each of your SMs. We too use static IPs and don't use RADIUS. You can fill out the .CSV with the SM MAC addresses (I used a barcode scanner) and then complete it with SM Name, IP, etc. It will generate all of your .cfg files which you can host and then serve to individual SMs with a server via DHCP Option 66 when they register using ICC.

You can check it out on github: https://github.com/sprutner/cambium-configurator

1 Like