724-746-5500 | blackbox.com
Page 184
724-746-5500 | blackbox.com
Chapter 11: Deployment Examples CLI
11.7 Loading a Bootstrap Configuration
As explained in Section 10.3, SmartPathOS Configuration File Types, a bootstrap config file is typically a small set of commands to
which a SmartPath AP can revert when the configuration is reset or if the SmartPath AP cannot load its current and backup con-
figs. If you do not define and load a bootstrap config, the SmartPath AP reverts to the default config in these situations, which
can lead to two potential problems:
• If both the current and backup configs fail to load on a SmartPath AP acting as a mesh point in a hard-to-reach location—such
as a ceiling crawlspace—the SmartPath AP would revert to the default config. Because a mesh point needs to join a cluster
before it can access the network and the default config does not contain the cluster settings that the mesh point needs to join
the cluster, an administrator would need to crawl to the device to make a console connection to reconfigure the SmartPath AP.
• If the location of a SmartPath AP is publicly accessible, someone could press the reset button on the front panel of the device to
return the configuration to its default settings, log in using the default login name and password (admin, blackbox), and thereby
gain complete admin access.
NOTE: You can disable the ability of the reset button to reset the configuration by entering this command:
no reset-button reset-config-enable
A bootstrap configuration can help in both of these situations. For the first case, a bootstrap config with the necessary cluster
membership settings can allow the SmartPath AP to connect to the network and thereby become accessible over the network for
further configuring. For the second case, a bootstrap config with a number of obstacles such as a hard-to-guess login name and
password and a disabled access subinterface can make the firmware inaccessible and the device unusable.
SmartPath AP-1 and -2 are in locations that are not completely secure. SmartPath AP-3 is a mesh point in a fairly inaccessible
location. To counter theft of the first two SmartPath APs and to avoid the nuisance of physically accessing the third SmartPath AP,
you define a bootstrap config file that addresses both concerns and load it on the SmartPath APs.
Step 1: Define the bootstrap config on SmartPath AP-1.
1. Make a serial connection to the console port on SmartPath AP-1, log in, and load the default config.
load config default
reboot
You do not want the bootstrap config to contain any of your previously defined settings from the current config. Therefore, you
load the default config, which has only default settings. When you begin with the default config and enter the commands that
define the bootstrap config, the bootstrap config will have just those commands and the default config settings.
2. Confirm the reboot command, and then, when you are asked if you want to use the Black Box Initial Configuration Wizard,
enter no.
3. Log in using the default user name admin and password blackbox.
4. Define admin login parameters for the bootstrap config that are difficult to guess.
admin root-admin Cwb12o11siNIm8vhD2hs password 8wDamKC1Lo53Ku71
You use the maximum number of alphanumeric characters for the login name (20 characters) and password (32 characters). By
mixing uppercase and lowercase letters with numbers in strings that do not spell words or phrases, you make the login much
harder to guess.
5. Leave the various interfaces in their default up or down states.