User's Manual
Private labeling (preconfigured during the manufacturing process).
Using DHCP Option 67 (see Provisioning from HTTP Server using DHCP Option 67
on page 393).
Manually on-site, using the RS-232 port or Web interface.
When the device is deployed at the customer site, local DHCP server provides the devices
with IP addressing and DNS server information. From the URL provided in the DHCP
response, the device can then contact the HTTP server at the core network and
automatically download its configuration. The URL can be a simple file name or contain the
device's MAC or IP address, e.g.:
http://corp.com/config-<MAC>.ini - which becomes, for example,
http://corp.com/config-00908f030012.ini
http://corp.com/<IP>/config.ini - which becomes, for example,
http://corp.com/192.168.0.7/config.ini
For more information on HTTP-based provisioning, see ''HTTP/S-Based Provisioning using
the Automatic Update Feature'' on page 396.
33.1.5.1 Loading Files Securely by Disabling TFTP
The TFTP protocol is not considered secure and some network operators block it using a
firewall. It is possible to disable TFTP completely, using the ini file parameter
EnableSecureStartup (set to 1). Secure protocols such as HTTPS may be used to fetch the
device configuration instead.
To download the ini file to the device using HTTPS instead of TFTP:
1.
Prepare the device's configuration file on an HTTPS server and obtain a URL to the
file (e.g., https://192.168.100.53/gateways.ini).
2.
Enable DHCP, if necessary.
3.
Enable SSH and connect to it.
4.
In the CLI, use the ini file parameters IniFileURL (for defining the URL of the
configuration file) and EnableSecureStartup (for disabling TFTP), and then restart the
device with the new configuration:
/conf/scp IniFileURL https://192.168.100.53/gateways.ini
/conf/scp EnableSecureStartup 1
/conf/sar bootp
Note:
EnableSecureStartup to 0 using the CLI. Loading a new ini file using BootP/TFTP is
not possible until EnableSecureStartup is disabled.
Version 6.6
Once Secure Startup has been enabled, it can only be disabled by setting
395
33. Automatic Update
MP-11x & MP-124