Configure and Troubleshoot ZTP on Catalyst 9000 Series Switches
Available Languages
Contents
Introduction
This document describes configuration and provision of Zero Touch Provisioning (ZTP) on Cisco Catalyst 9000 Series Switches.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Dynamic Host Configuration Protocol (DHCP) server configuration on the switch
- Basics of Python code
- Basics of HTTP/TFTP service
License requirements
- Network Advantage or Network Essentials License must be active.
Supported Platforms
- Catalyst 9300 series switches running 16.5.1a version
- Catalyst 9500 series switches running 16.5.1a version
- Catalyst 9400 series switches running 16.6.2 version
Note: This feature is not supported in C9600.
Components Used
The information in this document is based on these software and hardware versions:
- Cisco Catalyst 9300 switch on Cisco IOSĀ® XE 17.6.4
- Cisco Catalyst 3850 switch acts as a DHCP server with option 67 configuration
- The end host installed with HTTP service contains a Python file.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Background Information
Zero Touch Provisioning (ZTP) is used to provision network devices accurately within minutes and without any manual intervention.
Network Diagram
Zero Touch Provisioning Basic Setup and Steps
ZTP Operation (Detailed Steps)
ZTP automates the configuration of Catalyst 9000 series switches with no start-up configuration when it is introduced to the existing network. This happens without any manual intervention. Detailed steps are explained here:
Step 1. Connect the New Switch
Connect a new switch to the existing infrastructure and power on the device. The switch boots up with no start-up configuration.
Step 2. ZTP Initiation
The ZTP process is initiated by the switch automatically.
Step 3. DHCP Request
The switch sends out DHCP discover message.
Step 4. DHCP Response
DHCP server responds with an offer that includes option 67, which has HTTP server IP and URL.
Step 5. HTTP URL
The switch receives the offer and gets an IP address for its own communication. It also receives the IP address of the HTTP server and the complete URL to download the ZTP.py file.
Step 6. Download
The switch reaches to HTTP server and downloads the ZTP.py file.
Step 7. Guestshell
The switch activates the guestshell automatically.
Step 8. Configurations Deployment
Switch executes the Python file and configurations are applied automatically.
Step 9. Success
The switch destroys the guestshell and script execution is a success message is displayed.
Configuration
Setting up HTTP Service
Step 1. Install HTTP Service in End Host (Example Linux)
sudo apt update sudo apt install apache2
Step 2. Create Python File ztp_http.py
If any permission issue arises, use chmod 777 in order to give complete permission to the file.
Python file contains the code made of these tasks:
1. Show commands.
2. Loopback configuration.
3. Verification of configuration.
Python Code
#Importing cli module
import cli
print "\n\n Running show version \n\n"
cli.executep('show version')
print "\n\n Configure a Loopback Interface \n\n"
cli.configurep(["interface loop 25", "ip address 192.168.0.25 255.255.255.255", "end"])
print "\n\n Running show ip interface brief \n\n"
cli.executep('show ip int brief | i up')
print "\n\n ZTP is success \n\n"
Location of python file.
This file must be stored under /var/www/html in Linux machine.
vm: /var/www/html$ ls -l ztp_http.py
-rwxrwxrwx 1 root root 346 Apr 04 14:14 ztp_http.pyStep 3. Verify HTTP Service and Listening Port
Use the service command to verify if the HTTP service is started and running now.
vm: /var/www/html$ sudo service apache2 status
Active: active (running)
Verify with which port the HTTP service is listening to right now.
vm: /var/www/html$ sudo netstat -anp | grep apache
tcp6 0 :::80 :::* LISTEN 1998/apache2 <<<< Listens at 80
Step 4. Browser Verification of Port Number
Verify if the file is downloadable via web browser.
1. Open any browser within the same machine (for example, Linux).
2. Enter this URL into the search bar: localhost:80/ztp_http.py
3. File downloads automatically.
Setting up DHCP Service
Step 1. Provisioning Interface Configuration (New Device)
The new switch is expected to be connected to G1/0/1.
enable
configure terminal
interface g1/0/1
description New_9300_switch
switchport
switchport mode access
switchport access vlan 1
Step 2. Configuration of HTTP Server Connected Interface
HTTP server (Linux) is directly connected to 3850 switch (for example, interface G1/0/2).
enable
configure terminal
interface g1/0/2
description Linux_is_connected_here
switchport
switchport mode access
switchport access vlan 1
Step 3. DHCP Scope Configuration
Example of DHCP pool configuration with option 67.
enable
configure terminal
ip dhcp pool ZTP_Pool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
option 67 ascii http://10.0.0.2:80/ztp_http.py
end
Verification
There is currently no verification procedure available for this configuration.
Working Console Logs
No startup-config, starting autoinstall/pnp/ztp...
Autoinstall will terminate if any input is detected on console
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: <<<< Do not provide any input during this time.
Autoinstall trying DHCPv6 on Vlan1
Autoinstall trying DHCPv4 on Vlan1
Acquired IPv4 address 10.0.0.10 on Interface Vlan1
Received following DHCPv4 options:
bootfile : http://10.0.0.2:80/ztp_http.py
stop Autoip process
OK to enter CLI now...
pnp-discovery can be monitored without entering enable mode
Entering enable mode will stop pnp-discovery
Attempting bootfile http://10.0.0.2:80/ztp_http.py
Loading http://10.0.0.2:80/ztp_http.py
Loading http://10.0.0.2:80/ztp_http.py day0guestshell activated successfully
Current state is: ACTIVATED
day0guestshell started successfully
Current state is: RUNNING
Guestshell enabled successfully
Running show version <<<< show command executed
Cisco IOS XE Software, Version 17.06.04
Cisco IOS Software [Bengaluru], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.6.4, RELEASE SOFTWARE (fc1)
<snipped>
Model Number : C9300L-48T-4X
System Serial Number : FOC2531LGM8
CLEI Code Number :
Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 53 C9300L-48T-4X 17.06.04 CAT9K_IOSXE BUNDLE
Configure a Loopback interface <<<< configuration
Line 1 SUCCESS: interface loop 25
Line 2 SUCCESS: ip address 192.168.0.25 255.255.255.255
Line 3 SUCCESS: end
Running show ip int brief <<<< Config Verification
Vlan1 10.0.0.10 YES DHCP up up
Vlan4094 192.168.2.1 YES manual up down
GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet1/0/2 unassigned YES unset up up
GigabitEthernet1/0/3 unassigned YES unset up up
Ap1/0/1 unassigned YES unset up up
Loopback25 192.168.0.25 YES other up up
ZTP is success
Guestshell destroyed successfully
Script execution success! <<<< Success
Troubleshoot
This section provides information you can use to troubleshoot your configuration.
Common Issues
1. Another DHCP Server's Presence in the Network
No startup-config, starting autoinstall/pnp/ztp...
Autoinstall will terminate if any input is detected on console
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
Autoinstall trying DHCPv6 on Vlan1
Autoinstall trying DHCPv4 on Vlan1
Acquired IPv4 address 192.168.45.117 on Interface Vlan1 <<<< Gets Different IP from another DHCP server.
Received following DHCPv4 options:
hostname : Switch
stop Autoip process
OK to enter CLI now...
pnp-discovery can be monitored without entering enable mode
Entering enable mode will stop pnp-discovery
Guestshell destroyed successfully
stop Autoip process
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: no
2. Python Code Error
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
Autoinstall trying DHCPv6 on Vlan1
Autoinstall trying DHCPv4 on Vlan1
Acquired IPv4 address 10.106.37.69 on Interface Vlan1
Received following DHCPv4 options:
bootfile : http://10.106.37.59:80/ztp_http.py
stop Autoip process
OK to enter CLI now...
pnp-discovery can be monitored without entering enable mode
Entering enable mode will stop pnp-discovery
Attempting bootfile http://10.106.37.59:80/ztp_http.py
Loading http://10.106.37.59:80/ztp_http.py
Loading http://10.106.37.59:80/ztp_http.py day0guestshell activated successfully
Current state is: ACTIVATED
day0guestshell started successfully
Current state is: RUNNING
Guestshell enabled successfully
File "/bootflash/guest-share/downloaded_script.py", line 1
print "\n\n Running show version \n\n"
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("\n\n Running show version \n\n")? <<<< Code Error
Guestshell destroyed successfully
Script execution success!
3. HTTP Service Port Number
HTTP service is listening on different ports, such as 8080, but the DHCP configuration for option 67 is pointing to 80.
enable
configure terminal
ip dhcp excluded-address 10.0.0.2
ip dhcp pool ZTP_Pool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
option 67 ascii http://10.0.0.2:80/ztp_http.py <<<< Change to 8080
4. Duplicate IP Address
Verify the DHCP scope and exclude the IP address which is assigned to the HTTP server.
enable
configure terminal
ip dhcp excluded-address 10.0.0.2 <<<< Exclude HTTP server address.
ip dhcp pool ZTP_Pool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
option 67 ascii http://10.0.0.2:80/ztp_http.py
5. Verify HTTP Service, Stop, and Restart
vm: /var/www/html$ sudo service apache2 stop
vm: /var/www/html$ sudo service apache2 start
vm: /var/www/html$ sudo service apache2 status
Packet Detail Samples
HTTP exchange summary:
10.0.0.10 10.0.0.2 HTTP 183 GET /http_ztp.py HTTP/1.1 <<<< HTTPGETrequest
10.0.0.2 10.0.0.10 HTTP 245 HTTP/1.1 200 OK (text/x-python) <<<< Response
HTTP response in detail:
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
Content-Type: text/x-python\r\n
Content-Length: 20\r\n
Date: Tue, 04 Apr 2023 12:24:02 GMT\r\n
Connection: keep-alive\r\n
Keep-Alive: timeout=5\r\n
\r\n
[HTTP response 1/2]
[Time since request: 0.204568243 seconds]
[Request in frame: 21]
[Next request in frame: 25]
[Next response in frame: 26]
[Request URI: http://10.0.0.2:80/http_ztp.py] >>>> URL
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
2.0 |
26-Sep-2024 |
Updated Title, Introduction, Alt Text, Style Requirements, Machine Translation and Formatting. |
1.0 |
25-Jul-2023 |
Initial Release |
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)