12-29-2015 06:40 AM - edited 03-01-2019 04:26 AM
Is there a way to specify a remote server or switch for a new device to download the software image from instead of it always being downloaded from the APIC? This would be similar to Remote Staging in LMS 4.2.
As an example, a 3650/3850 IOS-XE image is almost 300MB. A branch site may have several dozen switches that would need to be provisioned and downloading the same image over the WAN seems inefficient, especially for smaller circuit sizes like a T1 or NxT1.
It would be great to either be able to leverage the ISR at the site as a repository, or even leverage the first 3650 to be upgraded to serve the image to the rest of the switches.
Thanks,
Tom
Solved! Go to Solution.
12-29-2015 07:33 AM
Yes! This is called the remote TFTP server for config and images when you create a PnP project. You'll see a checkbox for it. Check the box, then fill in the remote details. I have used this for a bootstrap app of my own, and it works quite well. This can be any remote TFTP server. However, no pre-validation is done to make sure the config and image files exist there.
For your branches, you can create specific projects for them that use the desired remote "stage."
12-29-2015 07:33 AM
Yes! This is called the remote TFTP server for config and images when you create a PnP project. You'll see a checkbox for it. Check the box, then fill in the remote details. I have used this for a bootstrap app of my own, and it works quite well. This can be any remote TFTP server. However, no pre-validation is done to make sure the config and image files exist there.
For your branches, you can create specific projects for them that use the desired remote "stage."
12-29-2015 06:07 PM
Thanks Joseph, that is great. I don't suppose there is a way to use HTTPS or SCP instead of TFTP so the config files aren't transmitted in clear text? As I understand it the config files when sent from the APIC-EM itself are sent via HTTPS.
Thanks again,
Tom
12-31-2015 09:42 AM
The only remote option is using TFTP. The impact may be mitigated in branch offices since the transmission won't have to cross "untrusted" networks. But being able to specify other protocols and credentials would be a nice enhancement.
12-31-2015 10:08 AM
Joseph, thanks again!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide