- Information About Zero-Touch Provisioning
- Sample Zero-Touch Provisioning Configurations
- Sample DHCP Server Configuration on a Management Port Using TFTP Copy
- Sample DHCP Server Configuration on a Management Port Using HTTP Copy
- Sample DHCP Server Configuration on an In-Band Port Using TFTP Copy
- Sample DHCP Server Configuration on an In-Band Port Using HTTP Copy
- Sample DHCP Server Configuration on a Linux Ubuntu Device
- Sample Python Provisioning Script
- Zero-Touch Provisioning Boot Log
- Feature Information for Zero-Touch Provisioning
Zero-Touch Provisioning
To address network provisioning challenges, Cisco introduces a zero-touch provisioning model. This module describes the Zero-Touch Provisioning feature.
 Note | The Zero-Touch Provisioning feature is enabled automatically; no configuration is required. |
- Information About Zero-Touch Provisioning
- Sample Zero-Touch Provisioning Configurations
- Feature Information for Zero-Touch Provisioning
Information About Zero-Touch Provisioning
Zero-Touch Provisioning Overview
Zero-Touch Provisioning provides open bootstrap interfaces to automate network device provisioning in heterogeneous network environments.
When a device that supports Zero-Touch Provisioning boots up, and does not find the startup configuration (during initial installation), the device enters the Zero-Touch Provisioning mode. The device searches for a Dynamic Host Control Protocol (DHCP) server, bootstraps itself with its interface IP address, gateway, and Domain Name System (DNS) server IP address, and enables Guest Shell. The device then obtains the IP address or URL of an HTTP/TFTP server, and downloads the Python script from an HTTP/TFTP server to configure the device.
Guest Shell provides the environment for the Python script to run. Guest Shell executes the downloaded Python script and applies an initial configuration to the device.
After initial provisioning is complete, Guest Shell remains enabled. For more information, see the Guest Shell chapter.
Note | In case Zero-Touch Provisioning fails, the device falls back to AutoInstall to load configuration files. For more information, see Using AutoInstall and Setup. |
DHCP Server Configuration for Zero-Touch Provisioning
In Zero-Touch Provisioning, a DHCP server must be running on the same network as the new device that is being provisioned. Zero-Touch Provisioning is supported on both management ports and in-band ports.
When the new device is switched on, it retrieves the IP address information of the HTTP/TFTP server where the Python script resides, and the folder path of the Python script from the DHCP server. For more information on Python Scripts, see the Python API and Python CLI Module chapters.
The DHCP server responds to DHCP discovery events with the following options:
-
Option 150—(Optional) Contains a list of IP addresses that points to the HTTP/TFTP server on the management network that hosts the Python scripts to be run.
-
Option 67—Contains the Python script file path on the HTTP/TFTP server.
After receiving these DHCP options, the device connects to the HTTP/TFTP server, and downloads the Python script. The device, at this point does not have any route to reach the HTTP/TFTP server, so it uses the default route provided by the DHCP server.
Sample Zero-Touch Provisioning Configurations
Sample DHCP Server Configuration on a Management Port Using TFTP Copy
The following is a sample DHCP server configuration using TFTP copy, when connected via the management port on a device:
Device> enable Device# configure terminal Device(config)# ip dhcp excluded-address 10.1.1.1 Device(config)# ip dhcp excluded-address vrf Mgmt-vrf 10.1.1.1 10.1.1.10 Device(config)# ip dhcp pool pnp_device_pool Device(config-dhcp)# vrf Mgmt-vrf Device(config-dhcp)# network 10.1.1.0 255.255.255.0 Device(config-dhcp)# default-router 10.1.1.1 Device(config-dhcp)# option 150 ip 203.0.113.254 Device(config-dhcp)# option 67 ascii /sample_python_dir/python_script.py Device(config-dhcp)# exit Device(config)# interface gigabitethernet 1/0/2 Device(config-if)# no ip dhcp client request tftp-server-address Device(config-if)# end
Sample DHCP Server Configuration on a Management Port Using HTTP Copy
The following is a sample DHCP server configuration using HTTP copy, when connected via the management port on a device:
Device> enable Device# configure terminal Device(config)# ip dhcp pool pnp_device_pool Device(config-dhcp)# vrf Mgmt-vrf Device(config-dhcp)# network 10.1.1.0 255.255.255.0 Device(config-dhcp)# default-router 10.1.1.1 Device(config-dhcp)# option 67 ascii http://198.51.100.1:8000/sample_python_2.py Device(config-dhcp)# end
Sample DHCP Server Configuration on an In-Band Port Using TFTP Copy
Device> enable Device# configure terminal Device(config)# ip dhcp excluded-address 10.1.1.1 Device(config)# ip dhcp pool pnp_device_pool Device(config-dhcp)# network 10.1.1.0 255.255.255.0 Device(config-dhcp)# default-router 10.1.1.1 Device(config-dhcp)# option 150 ip 203.0.113.254 Device(config-dhcp)# option 67 ascii /sample_python_dir/python_script.py Device(config-dhcp)# exit Device(config)# interface gigabitethernet 1/0/2 Device(config-if)# no ip dhcp client request tftp-server-address Device(config-if)# end
Sample DHCP Server Configuration on an In-Band Port Using HTTP Copy
Device> enable Device# configure terminal Device(config)# ip dhcp excluded-address 10.1.1.1 Device(config)# ip dhcp pool pnp_device_pool Device(config-dhcp)# network 10.1.1.0 255.255.255.0 Device(config-dhcp)# default-router 10.1.1.1 Device(config-dhcp)# option 67 ascii http://192.0.2.1:8000/sample_python_2.py Device(config-dhcp)# end
Sample DHCP Server Configuration on a Linux Ubuntu Device
The following sample DHCP server configuration displays that the server is either connected to the management port or in-band port on a device, and a Python script is copied from a TFTP server.
root@ubuntu-server:/etc/dhcp# more dhcpd.conf
subnet 10.1.1.0 netmask 255.255.255.0 {
range 10.1.1.2 10.1.1.255;
host 3850 {
fixed-address 10.1.1.246 ;
hardware ethernet CC:D8:C1:85:6F:00;
option bootfile-name !<opt 67> " /python_dir/python_script.py";
option tftp-server-name !<opt 150> "203.0.113.254";
}
}
Day0_with_mgmt_port_http
-------------------------
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.2 192.168.1.255;
host C2-3850 {
fixed-address 192.168.1.246 ;
hardware ethernet CC:D8:C1:85:6F:00;
option bootfile-name "http://192.168.1.46/sample_python_2.py";
}
}
Once the DHCP server is running, boot a management-network connected device, and the rest of the configuration is automatic.
Sample Python Provisioning Script
print "\n\n *** Sample ZTP Day0 Python Script *** \n\n" # Importing cli module import cli print "\n\n *** Executing show platform *** \n\n" cli_command = "show platform" cli.executep(cli_command) print "\n\n *** Executing show version *** \n\n" cli_command = "show version" cli.executep(cli_command) print "\n\n *** Configuring a Loopback Interface *** \n\n" cli.configurep(["interface loop 100", "ip address 10.10.10.10 255.255.255.255", "end"]) print "\n\n *** Executing show ip interface brief *** \n\n" cli_command = "sh ip int brief" cli.executep(cli_command) print "\n\n *** ZTP Day0 Python Script Execution Complete *** \n\n"
Zero-Touch Provisioning Boot Log
The following sample Zero-Touch Provisioning boot log displays that Guest Shell is successfully enabled, the Python script is downloaded to the Guest Shell, and the Guest Shell executes the downloaded Python script and configures the device for Day Zero.
% failed to initialize nvram
! <This message indicates that the startup configuration
is absent on the device. This is the first indication that the Day Zero work flow is
going to start.>
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco ISR4451-X/K9 (2RU) processor with 7941237K/6147K bytes of memory.
Processor board ID FJC1950D091
4 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
16777216K bytes of physical memory.
7341807K bytes of flash memory at bootflash:.
0K bytes of WebUI ODM Files at webui:.
%INIT: waited 0 seconds for NVRAM to be available
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: %
!!<DO NOT TOUCH. This is Zero-Touch Provisioning>>
Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
Guestshell enabled successfully
*** Sample ZTP Day0 Python Script ***
*** Configuring a Loopback Interface ***
Line 1 SUCCESS: interface loop 100
Line 2 SUCCESS: ip address 10.10.10.10 255.255.255.255
Line 3 SUCCESS: end
*** Executing show ip interface brief ***
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 unassigned YES unset down down
GigabitEthernet0/0/1 unassigned YES unset down down
GigabitEthernet0/0/2 unassigned YES unset down down
GigabitEthernet0/0/3 192.168.1.246 YES DHCP up up
GigabitEthernet0 192.168.1.246 YES DHCP up up
Loopback100 10.10.10.10 YES TFTP up up
*** ZTP Day0 Python Script Execution Complete ***
Press RETURN to get started!
The Day Zero provisioning is complete, and the IOS prompt is accessible.
Feature Information for Zero-Touch Provisioning
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feedback