iMaster NCE-Campus – ZTP and Device Discovery

Samuel Heinrich

Purpose

This note describes the technical variants by which devices discover iMaster NCE-Campus and start the bootstrap / ZTP process.

Focus:

  • DHCP Option 148
  • DHCP Option 17
  • Registration Query Center
  • PnP VLAN
  • Email-based deployment
  • USB-based deployment
  • Cloud site deployment
  • Fit AP / WAC special case

Not included:

  • QR code as a guest / portal topic

1. Overview of the Variants

Variant Transport / discovery Typical use case Core element
DHCP Option-based ZTP DHCPv4 / DHCPv6 standard ZTP for new devices Option 148 or Option 17
Registration Query Center-based ZTP DHCP + HTTP/2 to Huawei registry service devices find the home controller through Huawei backend register.naas.huawei.com:10020
PnP VLAN-based onboarding PnP VLAN + DHCP downstream switches / APs behind an already online core automatic PnP VLAN assignment
Email-based deployment URL in deployment mail CPE / branch-related deployments encrypted deployment URL
USB-based deployment local medium offline / hands-on deployment USB as bootstrap medium
Cloud site deployment cloud-adjacent bootstrap path cloud-site scenarios ESN not necessarily required in advance
Fit AP / WAC special path PnP VLAN + Option 148 + Option 43 Fit AP / standalone WAC scenario tradition-fit, CAPWAP

2. Discovery Logic

Technically, there are three main classes:

Class Description
Direct controller-discovery path device gets the controller address directly through DHCP
Indirect controller-discovery path device queries a Huawei registration service and receives the controller address there
Alternative deployment path device is bootstrapped through email, USB, or cloud-site-specific logic

3. DHCP Option-based ZTP

3.1 DHCP Option 148 for DHCPv4

Option 148 is the classic DHCPv4-based discovery mechanism for the controller.

Format:

Parameter Value
agilemode `
`
agilemanage-mode <ip|domain>
agilemanage-domain <controller-ip-or-domain>
agilemanage-port `
`

Local / on-prem example:

Parameter Value
agilemode agile-cloud
agilemanage-mode ip
agilemanage-domain 80.158.50.5
agilemanage-port 10020

Generic example from the documentation:

Parameter Value
agilemode agile-cloud
agilemanage-mode ip
agilemanage-domain 192.168.1.1
agilemanage-port 10020

Field meaning:

Field Meaning
agilemode management / operating mode
agilemanage-mode type of agilemanage-domain, either ip or domain
agilemanage-domain southbound IP or southbound domain of the controller
agilemanage-port southbound port of the controller

Important values for agilemode:

Value Meaning
agile-cloud standard mode for cloud-managed devices
tradition traditional mode, switchable through external Option 148 configuration
tradition-fit special mode for APs in WAC / Fit AP scenarios

3.2 DHCP Option 17 for DHCPv6

When DHCPv6 is used, Option 17 is used instead of Option 148.

Technical points:

  • Option 17 is vendor-specific
  • vendor-id = 2011 for Huawei
  • the sub-option carries the same logical string as Option 148

Format:

Parameter Value
agilemode `
`
agilemanage-mode `
`
agilemanage-domain <domain-or-ip>
agilemanage-port `
`

Technical classification:

  • Option 148 = DHCPv4
  • Option 17 = DHCPv6

3.3 Device behavior after successful option-based discovery

When the device receives Option 148 or the equivalent Option 17 information:

  • it starts the DHCP-option-based ZTP process
  • it receives the management IP, default gateway, controller address, and port
  • it enables NETCONF
  • it enables proactive NETCONF registration
  • it creates the SSH user huawei
  • it creates management VLAN 1
  • it establishes the connection to the controller

3.4 V600 caveat

For V600 switches, the documentation states:

  • the controller address in Option 148 must be configured as an IP
  • not as a domain

Technically:

agilemanage-mode=ip

not:

agilemanage-mode=domain

4. Registration Query Center-based ZTP

If the device does not receive usable Option 148 information, it can enter the Registration Query Center path.

Flow:

  1. Device boots without a usable configuration.
  2. Device gets basic network parameters through DHCP.
  3. Device connects to the Huawei Registration Query Center.
  4. Device sends ESN or MAC.
  5. Registration Query Center returns the home-controller address.
  6. Device enables NETCONF and proactively registers to the controller.

Technical details:

  • pre-known registry address for NETCONF-capable switches:
    • register.naas.huawei.com
    • port 10020
  • communication uses HTTP/2

Prerequisites:

  • controller must be connected to the Registration Query Center
  • Synchronize to registration center must be enabled
  • device must be imported into the controller

Operational meaning:

  • useful if DHCP does not directly provide the controller
  • reduces the need to maintain controller information on each local DHCP server

5. PnP VLAN-based Onboarding

PnP VLAN is not its own controller resolver, but a bootstrap transport mechanism for downstream devices.

Principle:

  • an already online core / upstream switch receives PnP VLAN information from the controller
  • downstream devices use these PnP VLANs to obtain a management IP and controller information through DHCP

Huawei distinguishes:

  • wired PnP VLAN
  • wireless PnP VLAN

Technical effect:

  • switches use the wired PnP VLAN to request their management IP
  • interfaces toward APs can be moved to the wireless PnP VLAN

Operational meaning:

  • important for campus rollouts with multi-tier access / core topology
  • especially relevant when new access switches or APs must come online behind already managed devices

6. Fit AP / WAC Special Case

In Fit AP / standalone WAC scenarios, the generic Option-148 path alone is often not sufficient.

Relevant building blocks:

  • PnP VLAN
  • Option 148
  • Option 43

Typical constellation:

  • Option 148 delivers management / controller-related information
  • Option 43 delivers WAC / CAPWAP-related AP information

Example for Option 148 on the WAC:

Parameter Value
agilemode agile-cloud
agilemanage-mode ip/domain
agilemanage-domain X.X.X.X
agilemanage-port 10020

Examples for Fit-AP-specific mode:

Parameter Value
agilemode tradition-fit
agilemanage-mode ip/domain
agilemanage-domain X.X.X.X
agilemanage-port 10020

or:

Parameter Value
ap-agilemode tradition-fit
agilemanage-mode ip/domain
agilemanage-domain X.X.X.X
agilemanage-port 10020

Important rule:

  • ap-agilemode takes precedence over agilemode

7. Email-based Deployment

Email-based deployment is an alternative bootstrap path, mainly for CPE / branch-oriented deployments.

Flow:

  1. Administrator sets network parameters.
  2. Controller generates and sends a deployment email.
  3. The email contains a URL with encrypted deployment configuration.
  4. The deployment engineer connects locally to the CPE.
  5. Deployment is started through the link.

Technically relevant:

  • not classic DHCP discovery
  • URL-based bootstrap mechanism
  • in this scenario, the ESN does not necessarily have to be preset

8. USB-based Deployment

USB-based deployment is explicitly listed in the reviewed sources as a separate deployment path.

Technical classification:

  • local bootstrap medium instead of network-based discovery
  • useful for offline / hands-on scenarios
  • also a scenario where ESN does not necessarily have to be preset

Note:

  • the available sources explicitly mention the scenario, but not with the same level of detail as Option 148 or email-based deployment

9. Cloud Site Deployment

Cloud site deployment is also listed as a separate deployment scenario.

Technical classification:

  • cloud-adjacent bootstrap path
  • ESN does not necessarily need to be preset in advance
  • the exact technical flow is less detailed in the reviewed sources than for DHCP Option 148 or Registration Query Center

10. Additional Bootstrap Options: Startup Service Option 43 / 17

In addition to Controller address (148), there is another bootstrap mechanism in DHCP settings:

  • Startup service IPv4 Address (43)
  • Startup service IPv6 Address (17)

Format:

Parameter Value
bootstrap-domain xxx
bootstrap-trust xxx
bootstrap-voucher xxx
bootstrap-backup-domain xxx

Technical fields:

Field Meaning
bootstrap-domain domain or IP of the controller
bootstrap-trust whether the voucher signature is verified
bootstrap-voucher for example DOMAIN_IP or ESN
bootstrap-backup-domain backup domain or backup IP

This option should be kept separate from the classic Controller address (148) path.

11. Which variant for local iMaster, which for public cloud?

Scenario Typical discovery method Technical recommendation
Local / on-prem controller Option 148 with southbound IP agilemanage-mode=ip
V600 switch Option 148 with IP IP only, no domain
Public-cloud-adjacent path depending on device / release context: Option 148, registry, or bootstrap service validate per device / release
No direct DHCP controller string available Registration Query Center resolve device via ESN / MAC

Important operational point:

  • not every documentation statement applies equally to every device type and release
  • especially domain vs ip must be evaluated by device family and software version

12. LLDP – Role in Bootstrap, but Not a Primary Discovery Mechanism

LLDP is important in the reviewed sources for:

  • topology
  • neighbor discovery
  • AP / terminal identification
  • PnP-VLAN-adjacent operating logic

But:

  • LLDP is not documented in the reviewed ZTP sources as the primary mechanism by which a factory-default device resolves the controller

13. Troubleshooting

If a device cannot find the controller, check:

  • does the DHCP reply actually contain Option 148 or Option 17?
  • is agilemanage-domain correct?
  • is agilemanage-port correct, typically 10020?
  • for V600, is agilemanage-mode=ip really configured?
  • is Layer-3 reachability to the southbound IP present?
  • is the device imported into the controller?
  • for registry-based ZTP, is Synchronize to registration center enabled?
  • for PnP-VLAN scenarios, is the PnP VLAN correctly delivered on the upstream device?

Relevant device diagnostics:

display controller register-fail-record
display controller offline-record

14. Key Takeaways

  • Option 148 is the main direct DHCPv4 discovery mechanism.
  • Option 17 is the DHCPv6 counterpart.
  • Registration Query Center is the main indirect discovery path.
  • PnP VLAN is a bootstrap transport mechanism for downstream devices.
  • Email-based, USB-based, and Cloud site deployment are alternative deployment paths.
  • LLDP is important for topology and adjacency, but not the primary controller-discovery mechanism.

Sources

  • 001_Docs/IMasterNCE/resources/en-us_topic_0000001608453374.html
  • 001_Docs/IMasterNCE/resources/en-us_topic_0000001608133688.html
  • 001_Docs/IMasterNCE/resources/en-us_topic_0000001292513322.html
  • 001_Docs/IMasterNCE/resources/en-us_topic_0159771071.html
  • 001_Docs/IMasterNCE/resources/en-us_concept_0000001126360780.html
  • 001_Docs/IMasterNCE/resources/en-us_concept_0000001172280649.html
  • 001_Docs/IMasterNCE/resources/en-us_topic_0159899035.html
  • 001_Docs/IMasterNCE/resources/en-us_topic_0298429166.html
  • 001_Docs/IMasterNCE/resources/en-us_topic_0160578956.html
  • 001_Docs/IMasterNCE/resources/en-us_topic_0210596508.html
  • 001_Docs/IMasterNCE/resources/en-us_topic_0000001545650277.html
  • 001_Docs/IMasterNCE/resources/en-us_topic_0160051667.html
Samuel Heinrich
Senior Network Engineer at Selution AG (Switzerland)
Arbeitet in Raum Basel (Switzerland) als Senior Network Engineer mit über 15 Jahren Erfahrung im Bereich Netzwerk

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre, wie deine Kommentardaten verarbeitet werden.