Secure zero-touch provisioning of network devices in an offline deployment

What is claimed is: 1. A method of network device provisioning without Internet access, the method comprising: entering a pre-shared key (PSK) in a dynamic host configuration protocol (DHCP) message; obtaining the PSK from a set of DHCP message options by an onboarding network device requesting to join a private network; presenting the PSK, by the onboarding network device, to a network management system (NMS) of the private network; joining the private network pursuant to validating the PSK by the NMS upon validation of the onboarding network device based upon generated hash values corresponding to unique IDs of network devices authorized to join the private network, and updating an inventory list of the NMS to include the onboarding network device in the inventory list upon the presented PSK matching an NMS-trusted PSK pursuant to a comparison of the presented PSK against a trusted PSK list including the NMS-trusted PSK. 2. The method of claim 1 , further comprising comparing, by the NMS, a unique ID of the onboarding network device to a hash file of unique IDs of each network device in the private network to validate the unique ID of the onboarding network device. 3. The method of claim 2 , wherein the unique IDs of the network devices are media access control (MAC) addresses. 4. The method of claim 2 , wherein the hash file contains the hash values corresponding to the unique IDs of each of the network devices in the private network and is generated by a manufacturer of network devices and provided to the private network. 5. The method of claim 1 , wherein the PSK is entered into a vendor-specific field of the DHCP message options. 6. The method of claim 1 , wherein the onboarding network device is an Aruba Networks corporation network device. 7. The method of claim 1 , wherein NMS parameters are added to vendor-specific options of the DHCP message. 8. A non-transitory computer-readable medium (CRM) having computer instructions for network device provisioning without Internet access encoded thereon that when executed on a processor cause the processor to: compare a pre-shared key (PSK) presented by network devices attempting to join a private computer network against a trusted PSK list, the PSK being presented in a dynamic host configuration protocol (DHCP) message, the PSK having been entered in the DHCP message, and having been retrieved from a set of DHCP message options by an onboarding network device requesting to join the private computer network; generate hash values corresponding to unique IDs of network devices authorized to join the private computer network; provide the hash values to a network management system (NMS) of the private computer network; compare a unique ID of the onboarding network device against the hash values; and validate the onboarding network device to join the private computer network. 9. The non-transitory CRM of claim 8 , wherein the PSK is stored on a DHCP server. 10. The non-transitory CRM of claim 9 , wherein the PSK is retrieved from the DHCP server by the onboarding network device attempting to join the private network. 11. The non-transitory CRM of claim 8 , wherein the unique IDs of the network devices authorized to join the private network are media access control (MAC) addresses. 12. The non-transitory CRM of claim 8 , wherein the hash values are generated by a manufacturer of network devices and transmitted to the NMS to be stored on a non-transitory data medium. 13. The non-transitory CRM of claim 8 , wherein validating the onboarding network device using the hash values constitutes a first stage of validating the onboarding network device. 14. The non-transitory CRM of claim 10 , wherein the validation of the onboarding network device based on the PSK constitutes a second stage of validation of the onboarding network device. 15. A computer-implemented system for provisioning an onboarding network device without using Internet, the system, including a processor and memory coupled with the processor, comprising: a private computer network; a dynamic host configuration protocol (DHCP) server having a pre-shared key (PSK) stored thereon, the DHCP server being coupled with the private computer network; and a network management system (NMS) coupled with the private computer network, the NMS comparing the PSK stored on the DHCP server with a PSK, having been entered in a DHCP message, and obtained by the onboarding network device from a set of DHCP message options requesting to join the private computer network, and presented to the NMS in a DHCP connection request message, and comparing a unique ID of the onboarding network device to generated hash values corresponding to unique IDs of network devices authorized to join the private computer network to validate the onboarding network device. 16. The computer-implemented system of claim 15 , further comprising a non-transitory computer-readable medium having a hash file encoded thereon accessible to the NMS. 17. The computer-implemented system of claim 16 , wherein the hash file includes the generated hash values of unique IDs of authorized network devices of the private computer network. 18. The computer-implemented system of claim 17 , wherein the onboarding network device includes information about where to find the PSK in the DHCP message. 19. The computer-implemented system of claim 18 , wherein the PSK is stored in a vendor-specific option 43 of the DHCP message. 20. The computer-implemented system of claim 19 , wherein a parameter of the NMS is stored in the vendor-specific option 43 of the DHCP message, in addition to the PSK.