Licensing Requirements and Limitations for EasyDeploy
Involved Network Elements
- DHCP server
- File server
- Commander and client
Licensing Requirements
EasyDeploy is a basic feature of a switch and is not under license control.
Feature Support in V200R019C10
All models of S600-E series switches support EasyDeploy.
The S600–E can only function as a client.
Feature Limitations
- EasyDeploy cannot be applied on an IPv6 or VPN network.
- EasyDeploy is mutually exclusive with SVF and web initial login mode.
- In the zero touch device deployment or faulty device replacement scenarios, if you log in to a device to be configured through its console interface, the device stops the EasyDeploy process and starts to operate.
- Management interfaces Ethernet0/0/0 or MEth0/0/1 do not support EasyDeploy. Only the service interfaces in the default VLAN support EasyDeploy. Using a service interface for device deployment has the risk of triple-plane isolation. You are advised to deploy devices on a secure network.
- In the zero touch device deployment scenario, you can decide whether to specify the configuration file based on actual requirements. If the configuration file is not specified and the upgrade system software is specified, you also need to specify the upgrade version number.
- The option fields or intermediate file method only applies to zero touch device deployment. The Commander method applies to both deployment and maintenance scenarios and therefore is recommended.
- There is no limitation on the network location of the Commander as long as there are reachable routes between the Commander and clients that obtain IP addresses.
- EasyDeploy allows a stack system to act as a client. In this case, the client MAC address is the system MAC address of the stack system, and the client ESN is the ESN of the stack master switch.
- When the EasyDeploy topology collection function is enabled, the Commander that initiates topology collection will receive a large number of protocol packets if the Network Topology Discovery Protocol (NTDP) needs to collect the topology of more than 200 devices. If the rate of NTDP packets exceeds the default committed access rate (CAR), NTDP packets will be dropped. To prevent packet loss from affecting topology collection, you can run the car (attack defense policy view) command to increase the central processor CAR (CPCAR) of NTDP packets.
Datagram Transport Layer Security (DTLS) encryption
On a configured switch, EasyDeploy supports DTLS encryption. By default, DTLS encryption is enabled. In the zero touch device deployment scenario, a switch can be normally deployed regardless of whether DTLS encryption is enabled.
If an active/standby switchover occurs on the Commander or between clients when DTLS encryption is enabled, the clients need to go online again. If DTLS encryption is disabled, an active/standby switchover does not affect online management of clients.
If a client in a version earlier than V200R010C00 needs to be managed by the Commander in V200R010C00 or a later version and DTLS encryption is enabled on the Commander, you must upgrade the system software of the client to V200R010C00 or a later version. Otherwise, the client cannot join the existing network.
If a client in V200R010C00 or a later version needs to be managed by the Commander in a version earlier than V200R010C00, you need to run the easy-operation dtls disable command on the client to disable DTLS encryption.
Specifications
Table 3-2 lists the product models that support the EasyDeploy and specifications of this feature.
Table 3-2 EasyDeploy specificationsEasyDeploy Implementation
Role
Product Model
Version
Maximum Number of Managed Clients
Description
Through the Commander
Commander
S12700
V200R005C00 and later
255
- If the clients are modular switches, EasyDeploy can only be applied to the batch upgrade and batch configuration scenarios.
- If the clients are fixed switches, EasyDeploy applies to the batch upgrade, batch configuration, zero touch device deployment, and faulty device replacement scenarios.
S12700E
V200R019C00 and later
255
S7700
V200R003C00 and later
255
S9700
V200R003C00 to V200R013C00
255
S5700-HI
V200R003C00 to V200R005C00
128
S5710-HI
V200R003C00 to V200R005C00
128
S6700-EI
V200R003C00 to V200R005C00
128
S5700-EI
V200R003C00 to V200R005C00
64
S5710-EI
V200R003C00 to V200R005C00
64
S5720-HI
V200R006C00 to V200R019C10
128
S5720-EI
V200R007C00 to V200R019C10
128
S5730-HI
V200R012C00 to V200R019C10
128
S5731-H
V200R013C02 and later
128
S5731-S
V200R019C00 and later
128
S5731S-S
V200R019C00 and later
128
S5731S-H
V200R019C00 and later
128
S5732-H
V200R019C00 and later
128
S6720-EI
V200R008C00 and later
128
S6720S-EI
V200R009C00 and later
128
S6720-HI
V200R012C00 to V200R019C10
128
S6730-H
V200R013C02 and later
128
S6730S-H
V200R019C10 and later
128
S6730-S
V200R019C00 and later
128
S6730S-S
V200R019C00 and later
128
S6735-S
V200R021C00SPC600 and later
128
Client
- All fixed switch models except S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GF, S1720GFR-P, S1720GWR-E, S1720X-E, S1730S-H, and S1730S-S
- All modular switch models
V200R003C00 and later
-
Through option fields or an intermediate file
All the devices to be configured can be fixed switches.
Table 3-3 lists the types of files that can be loaded through EasyDeploy in various scenarios.
Table 3-3 File types supported by EasyDeployUsage Scenario
File Type
Zero touch device deployment
System software, patch file, web page file, configuration file, and user-defined file
Faulty device replacement
System software, patch file, web page file, configuration file (automatically backed up), and user-defined file
Batch upgrade
System software, patch file, web page file, configuration file, license file (supported when the clients are modular switches), and user-defined file
Batch configuration
Command script
Each device can download a maximum of three user-defined files, including batch file and login headline file. Devices cannot download user-defined files when zero touch device deployment is implemented using option fields or an intermediate file.