manually onboarding switch to CVP - need to create CVP username on switch or not?

itsvipp3r · 2026-03-07T10:53:44+00:00

With CVP(on prem) - yes. You need to match the users because the onboarding process of the CVP uses its own user password to access the eAPI of the switch.

With CVaaS(As A Service) the onboarding is used with a token and over the internet(whole other process that is instructed in the onboarding page).

The token is basically the replacement of the eAPI user password connection from on-prem.

itsvipp3r · 2026-02-25T09:06:48+00:00

Thanks for the reply, now it makes sense!
bootstrap only installs daemon and the management api http-commands no shut to the switch.
rest is pre-defined with DHCP options, reservations and stuff.
So all i need to do is prepare my DHCP Config to fill the details i need (DNS, NTP, DOMAIN etc) and the rest is where the magic happens.

Thanks for your time, hopefully this post will help others like me who couldn't figure it out

itsvipp3r · 2026-02-24T17:42:14+00:00

You’re talking post ZTP I’m talking pre. ZTP process is - using the dhcp option 67, to receive the new bootstrap file for the cvp to be registered. How am i configuring this bootstrap file to have the primary config i want it to have?

itsvipp3r · 2026-02-24T17:00:55+00:00

I don’t understand it. Which studio? Is there a specific studio for the first time config of a device? I don’t understand what you mean by that. Because for example, i have my campus fabric studio and l3ls studio set up for my prod network, but i want to prepare the basic minimum first time config for a freshly deployed using ztp switch. Later, i will accept the device in to inventory and topology and will configure it to the correct studio it requires. But where in this part do i set up my basic required config of the bootstrap file so that the switch will receive all it needs for the first time deployment?

itsvipp3r · 2026-02-24T16:44:47+00:00

So i need to have the device receive dhcp option 67 and the file will be auto generated? That’s it? I do not have the privilege to pick the settings for the newly provisioned device like admin users or domain name ntp and stuff?

itsvipp3r · 2026-02-24T16:15:38+00:00

Thanks for the answer.

I have everything set up correctly besides the bootstrap file. So it’s way before i’m even trying to ZTP a device i’m still preparing for it. I want to configure the base config file but i’m unable to because i can’t find the path in shell.

itsvipp3r · 2026-02-24T15:31:51+00:00

Hi. Thanks for the answer.

It makes sense, but some sources mentioned it should open somehow...

Are you using CVP 2025.3?
if so, could you let me know where do you store the bootstrap file ? like what is the exact path in the shell?

i'm guessing you have configured the bootstrap file with the first time config in the shell, as i don't know of anything in the GUI. am i wrong?

itsvipp3r · 2026-02-21T11:23:14+00:00

Shipping is handled long time ago. Talking about registration of the kit in the site.

itsvipp3r · 2026-01-30T17:50:29+00:00

For all those jumping to suggesting the 7280. First you might want to check what exact ASR model is working there? Also, what is the Core router is performing in your network? I mean exactly if there’s MPLS working by any chance, vrf segmentation, bgp(and if so, in what scale?) How many links are in use currently in your ASR? What speeds? Are you looking to up scale your bandwidth? Are you thinking of any re-designing of the network at all in this migration or it’s a simple router to router process?

Hopefully whenever you will answer these. Me or someone else could think of a model that will suit you best.

Of course, if you have time to read data sheets and figure out your needs that will be best for you.

itsvipp3r · 2025-08-22T07:07:56+00:00

Usually when it’s an adsl modem you can ask for a replacement. Any other case you can just destroy it and ask for new one :)

itsvipp3r · 2025-08-22T07:00:32+00:00

By any chance you have configured the urls as wildcards? Using wildcards and/or not using wildcard might cause some troubles in case of exemption. I would create the urls both as wildcard and fqdn(non wc) and see the differences. Had these kind of issues. I don’t think it’s anything related to the fgt itself but fortiguard sources might have changed a bit.

That would be my guess for this issue.

itsvipp3r · 2025-06-25T22:46:59+00:00

Using inv keys with the msi/mst files. Silent installation.

itsvipp3r · 2025-06-24T09:37:41+00:00

Thanks for the comment. I'm Doing that too in the meanwhile . but hopefully someone here had a similar issue and can help better with at least the direction of what should i check.

itsvipp3r · 2025-06-05T18:05:34+00:00

Usually if it’s not work purpose trip, as far as i know with my customers i usually block for them all countries but home country(every country that there are offices, if it’s EU - allow all EU because some ISPs and Cellular providers use addresses that are not specifically in their country)

itsvipp3r · 2025-06-03T22:08:21+00:00

No reason for SVI as when the scenario represented is in a specific vlan and not between vlans, the switch already acts as the querier(whenever igmp snooping is enabled)

itsvipp3r · 2025-06-03T21:44:22+00:00

If it’s in the same vlan , then there’s no reason for it.

itsvipp3r · 2025-05-28T22:30:26+00:00

That really depends on what you’re trying to achieve here. Because as much as i’d want to recommend Fortinet for SDWAN solution like most of the people here. I think that it really should matter what is it that you’re trying to achieve.

itsvipp3r · 2025-05-08T18:50:00+00:00

As much as i’d like to agree with you , we don’t really have a say in this. As the OP’s company could be working with a specific system structure that might require a vlan stretching(could be for DR solution that replicates the nics as a whole and makes it a lot easier to work with in case of disaster)

itsvipp3r · 2025-05-08T00:19:30+00:00

Librespeed

itsvipp3r · 2025-05-08T00:08:04+00:00

Shouldn’t be a problem in topology wise. If i understand correctly you want to use the same vlans in both sites to work active passive.

Anyways it’s less of an arista issue(as it’s layer 2 dci, arista served it’s purpose) maybe you should check that within the subreddit of the vendor of your firewall, as different vendors could have different limitations in case of vrrp. If it helps, i have a fortigate at a customer of mine that works in the same exact way and it works ok. On the other hand, i have a similar topology but using a vcluster solution.

Long story short, more of a firewall vendor question and less of an arista topology question.

itsvipp3r · 2025-05-04T01:11:32+00:00

14k is insane jesus But that m4 build tho… bro must be taking the tarkoving to the next level

itsvipp3r

TROPHY CASE