Just wondering if this is possible or what I should be looking at as I see some options in IC2 but not clear which I’d use. We use a default config for the devices, so a standard LAN IP and DHCP range, admin username/password, web access port, and so on. How would I set it so that if a customer was to factory reset the device, IC2 would just reprovision it? I see under the group there’s device IP settings where you can upload a CSV file, so would that be where I do it, and how do I modify it or change it as the CSV is requesting serial number where I was hoping more to just have the same config apply to all new devices.
There’s really 2 goals I’m trying to achieve so I’d love to know the proper way to do this, if at all:
The first is having it so that IC2 manages all settings, so if we configure a device and send it to a customer, and then for some reason they do a factory reset on it, as soon as it comes back online, it downloads the config from IC2 and is right back up and running the way it was before the factory reset. Same with if the customer just wanted to deploy a new site. One benefit I always see of other SD-WAN providers is the “zero touch” configuration, where the hardware can be shipped to the new location directly, and the customer just plugs it in where it downloads all the config and so on, without us needing to physically have the hardware on hand to configure it before shipping it to the customer.
Have a default initial template used for all new devices, that set username/passwords, web admin port, LAN settings and so on.
I see in IC2 I can download a configuration backup, but not clear on how you restore that, or if it’s possible to set up our template device, download the config, and then somehow upload that to IC2 for all the new devices, or if I have to do that through remote web admin? My goal is really to use IC2 as much as possible to simplify deployment, but if it has to be done through remote web admin that’s fine, just trying to understand what all I can do from IC2.
Oh man - this is a big topic.Not sure there is a ‘proper way’ to do it - as there are loads of approaches, this is what I do.
Have a provisioning group in IC2 for brand new devices. I put them in here as the group is set to:
update to latest firmware
Bulk configuration sets wifi WAN profiles (so the device will connect to IC2 via our wifi SSID when powered up), web admin password, default wifi AP and password (for engineering to use), WAN priorities (generally all enabled as DHCP clients and in P1) and time zone. We also have a default IP set and custom DHCP range, we add a VLAN for web admin management and remove access from untagged LAN. When we used to do a lot of VoIP (we’d set the DHCP option and target address for handset auto-configuring too)
Then I move the device to its end use group (identified by customer or service name). On that group I set:
Device system management any custom admin username and password for web admin or radius auth config.
Device IP Settings (if I need them to be different for this group / service)
Wifi SSIDS and radio settings
SpeedFusion configuration
any custom outbound policies
any custom firewall rules
I don’t worry too much if a customer factory resets the device completely as they tend to call in for support, at which point I download the last config from the config backups and remote web admin in to apply it manually - its a 3 min job.
Bulk configuration. Do the config once on a device, download the config and upload it as a template to the bulk configuration tool in the group.
We generally do that manually using the config backups as we only use the bulk configuration tool in our special ‘provisioning group’, however you could use the bulk configuration tool on your ‘customer / service’ groups if you want.
The answer to both your 1 & 2 questions above is the bulk configurator. If you want more finite control you combine it with group based settings that can be selectively applied using device tags (ie assign a wifi SSID of Public-Wifi and a captive portal to all devices with a tag of ‘Bus-WiFi’).
Thanks so much that’s a huge help, always nice to see how the expert does things! I noticed when doing the group thing, I can’t set firmware settings until a device is in the group. Does that mean that say I add my first HD2 LTE-A unit to the group and set the group policy for that device to be the latest firmware, that even if I remove that device from the group, that any future HD2 LTE-A’s I add will always use the firmware I picked on the first one? I did a quick test and it seems like that, as I set it to 8.0.2 for the firmware, then removed the device from the group, added the bulk config, factory reset the device and added it back to the group and under firmware management it was still showing to use 8.0.2.
This is really helpful though as bulk configurator seems to be what I was looking for. And it sounds like once I provision a device I can always download the config and add it to the bulk configurator if I really want it to be that a customer can factory reset it and it will always come back online.
You can even trigger devices to save the active config as the default configuration using the InControl2 api. If the device gets a factory reset it will restore that configuration.
Yes you can but you need to be careful with that. With great power… its very easy to overwrite the default config with something you weren’t intending to and then you can’t ‘factory reset’ the device to a known good condition anymore.
The only time i recommend it is when you need to set a custom APN on the inserted SIMS to give the device any form of connectivity after a hard reset.
I know this is a little late to respond, but I wanted to comment on how useful this is especially on the mini’s I can set a very basic config with our APN as well as keep the wired WAN enabled in case of a factory reset. Thanks for the example and use case.
Do you need to have an InControl subscription to use it? I have a Surf Soho that is out of warranty and I never activated InControl locally. I lost access to the admin login. I set up InControl from the web site and it recognizes the Serial Number. Device shows offline, though. Any suggestions?
You need an IC2 subscription for the device (either separately or a part of one of the care plans). Without it the unit will show as not connected (as you have observed).
Thanks. Given that, what’s the effect of the “lite” reset - is it just the administrator username and password that are reset? (And if so, what are they reset TO?
And the “full” reset erases all the configuration?
As us attorney-related folks might say: The plain reading is that the password will be “admin” and the connection method for access will be HTTP (not HTTPS, for instance).