Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2460
Views
5
Helpful
4
Replies

POAP failure

Kobus Raath
Level 4
Level 4

‎02-11-2015 03:04 AM - edited ‎03-01-2019 07:48 AM

Hi Community

 

I am testing (trying) the POAP functionality in the nexus product range but seem to run into some issues.  I have a N7009, DHCP, TFTP and FTP connected to a management network.  I copied a quite elaborate script from the software download section on the Cisco site.

 

I’ve edited the script to point to the relevant IP addresses I use in my infrastructure.

 

The POAP process starts, gets the relevant IP and script file info from the DHCP server.  The switch successfully contacts and downloads the script from the TFTP server but then fail the MD5 validation of the script.  The same failure accurse even if I place an unmodified script on the TFTP server.

 

 I really would like to get this working as I see great value the feature.

 

regards

 

Kobus

 

 

3 people had this problem
Labels:
0 Helpful
4 Replies 4

franklinb
Level 1
Level 1

‎07-08-2015 07:30 PM

I have the exact same issue with 9000's and I'm sure there's something wrong with the software based on what's in the documentation.

 

The switch seems to check the MD5 hash of the entire file - against what!? With DHCP option 67 you can only download 1 file.

The way I assumed from the doco that it worked is that the switch excluded specific lines from the MD5 calculation - that way you can insert the MD5 checksum that you want it to use without effecting the calculated sum when you modify the file. This does not seem to be the case.

 

I took the original poap.py, modified it, copied it to usb and copied it to another 9000 - went to bash and ran the suggested command:

f=poap_fabric.py ; cat $f | sed '/^#md5sum/d' > $f.md5 ; sed -i "s/^#md5sum=.*/#md5sum=\"$(md5sum $f.md5 | sed 's/ .*//')\"/" $f

... and it seemed to do what I suggested. It created a poap_fabric.py.md5 file though which was not mentioned in the doco, and did not include the original lines. It also modified the original and inserted the md5sum in it as I expected, but this was not the hash that the switch calculated when trying to use it for POAP boot! Instead the hash matched what you would get if you hashed over the entire file.

0 Helpful

Steve Fuller
Level 9
Level 9
In response to franklinb

‎08-14-2015 10:04 AM

Hi,

I know this a little old now, but I also ran into this problem, albeit on Nexus 9000. After a little to and fro with Cisco it seems that the MD5 checksum in the poap.py file needs to have double quotes.

So when I run the sed command as defined in the poap.py on GitHub I get this:

[root@vm1 tftpboot]# f=poap.py ; cat $f | sed '/^#md5sum/d' > $f.md5 ; sed -i "s/^#md5sum=.*/#md5sum=$(md5sum $f.md5 | sed 's/ .*//')/" $f
[root@vm1 tftpboot]# head -2 poap.py
#!/bin/env python
#md5sum=8e0bce12a1245c8a5b40318c668ac6c5

 

And when the switch boots it gives the following error:

[snip]
2015 Aug 13 14:46:23 switch %$ VDC-1 %$ %POAP-2-POAP_SCRIPT_DOWNLOADED: Successfully downloaded POAP script file
2015 Aug 13 14:46:23 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: Script file size 20053, MD5 checksum aefb285f159da5587f2c4959d2579f1a
2015 Aug 13 14:46:23 switch %$ VDC-1 %$ %POAP-2-POAP_SCRIPT_STARTED_MD5_NOT_VALIDATED: POAP script execution started(MD5 not validated)


If I run a slightly different sed command to add double quotes around the checksum:

[root@vm1 tftpboot]# f=poap.py ; cat $f | sed '/^#md5sum/d' > $f.md5 ; sed -i "s/^#md5sum=.*/#md5sum=\"$(md5sum $f.md5 | sed 's/ .*//')\"/" $f
[root@vm1 tftpboot]# head -2 poap.py
#!/bin/env python
#md5sum="8e0bce12a1245c8a5b40318c668ac6c5"

 

Now when the switch boots I see the MD5 checksum now validated:

2015 Aug 14 16:24:37 switch %$ VDC-1 %$ %POAP-2-POAP_SCRIPT_DOWNLOADED: Successfully downloaded POAP script file
2015 Aug 14 16:24:37 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: Script file size 20315, MD5 checksum 8e0bce12a1245c8a5b40318c668ac6c5
2015 Aug 14 16:24:37 switch %$ VDC-1 %$ %POAP-2-POAP_INFO: MD5 checksum received from the script file is 8e0bce12a1245c8a5b40318c668ac6c5
2015 Aug 14 16:24:37 switch %$ VDC-1 %$ %POAP-2-POAP_SCRIPT_STARTED_MD5_VALIDATED: POAP script execution started(MD5 validated)

 

Regards

 

franklinb
Level 1
Level 1
In response to Steve Fuller

‎08-16-2015 09:54 PM

Ah you found that too :)

 

My bad for not reporting back here - I discovered the same thing after doing a diff on two files, one working another not. I could swear that that script is not creating the same results every time. I wonder whether it may be omitting the quotation marks sometimes.

 

I can verify adding the quotes does fix the issue, and that the hash is only then calculated on the remainder of the file minus that whole line.

0 Helpful

Kobus Raath
Level 4
Level 4
In response to franklinb

‎08-16-2015 11:09 PM

Hi chaps

I manage to sort out the md5 check.

The easiest way is to modify your script file as needed and not change the md5 in the dock.  Have the nexus boot and try to load the file.  It will report an error that the file could not be validated and will list the expected md5 that it calculated the value should be.  Copy this from the error log and insert this in your file and try again.  Remember the md5 I found is case sensitive and I had di change all the upper case characters to lower case characters.

This worked to validate the file.  My scripts now fails a bit further along and I am looking into that. 

0 Helpful
Customers Also Viewed These Support Documents