Warren Kumari <[email protected]> wrote: > Another very common case is for an ISP (think Verizon, or Telus) to > deliver a circuit to a customer - they have a contractor which > delivers the fiber, and then roll a truck to have someone physically > plug in a PE / CPE router and install the initial config. Again, they > don't really want to hand the config to the user, and also cannot use > the current autoboot solutions for the same reason - the customer > could just plug their own device / laptop into the newly installed > circuit, autoboot and grab the config / join the IGP / whatever.
I have dealt with this situation.
We used unencrypted TFTP to configure the CPE device over the fiber.
The approach that we took was to have the untagged "VLAN" provide basic DHCP
and the TFTP configuration did only one thing: enable SSH access with a known
password (hashed). (Because the device didn't support RSA keys)
Our installer would genereally be on the "electrician" side of things: able
to drill holes and pull cables, and they often *had* to do exactly that.
When the lights went green, someone from HQ would login and finish
configuration.
So, even if you do have someone to physically plug things in, and they work
for you, they might just not have the skills required.
> goop in a TPM, etc) - in some cases all they will need to do is
> publish the public key, indexed by the serial number (a number of
> vendors have said that this will be trivial). The document is
That's interesting and positive to learn.
Did these vendors say how they will do this?
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
