DHCP Zero Touch

The Cisco Dynamic Host Control Protocol (DHCP) Zero Touch feature enables a device to retrieve configuration files from the remote DHCP server during initial deployment with no end-user intervention.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About DHCP Zero Touch

DHCP Zero Touch Overview

The DHCP Zero Touch feature enables a device to retrieve configuration files from the remote Dynamic Host Configuration Protocol (DHCP) server during the initial device deployment without end-user intervention. You need a bootstrap configuration to communicate between the device and the remote server. The bootstrap configuration provides specific information about a device. This bootstrap configuration can be pre-installed on the device or can be retrieved from the DHCP server. The DHCP Zero Touch feature introduces another method of retrieving bootstrap configuration information: using the DHCP Option 43 message. To accommodate situations where devices cannot have a pre-installed bootstrap configuration, a deployment model that uses DHCP Option 43 messages is used. Cisco recommends using DHCP Option 43 messages based on RFC 2132. You can use the DHCP Option 43 message to provide vendor-specific information in the form of ASCII codes to the DHCP server.

The DHCP Option 43 message supplies the necessary information that is normally provided in the bootstrap configuration to the DHCP client. When the DHCP client issues a DHCP IP address request to the DHCP server, the DHCP server sends out the IP address and a DHCP Option 43 message, if the DHCP Option 43 message is preconfigured on the DHCP server. Within this DHCP Option 43 message, predefined parameterized commands are provided to the DHCP client. A timer for three minutes is set. After the timeout, if the file download is successful, the process is complete. If the file download fails, check the generated DHCP Option 43 message and correct any problems. Power cycle the device to retry the DHCP Option 43 message process.

Initiating DHCP Option 43 Messages with Cisco Networking Services

At device system initiation time, there are two ways to initiate the DHCP IP address request to enable the DHCP Option 43 message to be sent to the device:

  1. If the device is enabled with startup configuration, zero touch deployment can be enabled by using the ip address dhcp and the cns dhcp configuration commands.
  2. If the device is not enabled with startup configuration, the Autoinstall feature automatically initializes the ip address dhcp configuration command, which enables the zero touch deployment. For more information about the Autoinstall feature, see the “Overview—Basic Configuration of a Cisco Networking Device” module in the Configuration Fundamentals Configuration Guide.

Cisco Networking Services Parameterized Commands

The values configured using the cns config initial, cns config partial, cns config id, cns event, cns exec, and cns trusted-server all-agents commands are used as parameters to construct the DHCP Option 43 message to enable zero touch deployment (ZTD). The DHCP Option 43 message provides these pre-defined parameterized commands to the DHCP client, which enables the client to decode and read the messages sent by the DHCP server.

Constructing a DHCP Option 43 Message

The DHCP Option 43 message is presented in the type/value (TV) format. The DHCP Option 43 is used by clients and servers to exchange vendor-specific information. When you use the vendor-specific option (Option 43), you must specify the data using hexadecimal ASCII values. For more information on the option command refer to Cisco IOS IP Addressing Services Command Reference.


Note


The maximum DHCP Option 43 size is 2500 bytes.


Following are the parameters used by the Cisco Networking Services to construct the DHCP Option 43 message to enable zero :

<DHCP-typecode><feature-opcode><version><debug-option>;<arglist>
Table 1 Parameters of DHCP Option 43 Message

Parameter

Description

DHCP-typecode

Specifies the DHCP suboption type. The DHCP suboption type for Cisco Networking Services is 3.

feature-opcode

There are two types of feature op-codes—Active (A) and Passive (P). The feature op-codes for Cisco Networking Service are A and P templates.

Active Template

This code connects to the CE and sends a request for a configuration. If the CE is not reached, the device tries to download a configuration from the CE until the configuration is downloaded.

Passive Template

This code connects to the event gateway and then waits for the configuration.

version

Indicates the version of template to be used by Cisco Networking Service.

debug-option

Indicates if debug messages have to be generated during the processing of the DHCP Option 43 messages. Debug OFF is recommended for normal processing and debug ON can be used for debugging the processing of DHCP Option 43 message. The following are the two debug options:

  • D—debug option is ON
  • N—debug option is OFF

;

Delimiter used to separate the parameters.

arglist

List of named arguments for the command, separated by semi-colon. To use the default value for an argument, you need not specify values for that parameter. Include a parameter and its value only when its default value does not serve the need.

Letter codes are used to identify the arguments. Name and value pairs can be listed in any order and are delimited by a semi-colon.

The following table lists the arguments for configuring the Cisco Networking Service ID and the initiator profile parameters used for configuring the Cisco Networking Service Active Template configuration agent.

Table 2 Argument Lists for Cisco Networking Service Active Template (Cisco Networking Service Indicators)

Parameter

Letter Code

Values

Parameter to CLI Mapping: Sample Letter Code

Parameter to CLI Mapping: Sample CLI Mapping

cns ID

A

(Optional) Indicates the Cisco Networking Service ID. The default is hostname.

1—Indicates a custom string to be used.

2—Indicates the MAC-address of the interface used.

3—Indicates the hardware serial number to be used.

4—Indicates Unified Display Interface (UDI).

A1881-ap
A4
Device(config)# cns id string 881-ap 
event

Device(config)# cns id string 881-ap

CE Address

B

(Required) Specifies the IPv4/IPv6 address/hostname. If using hostname, set the DNS-server option for DHCP.

B10.10.10.1
Device(config)# cns config initial 
10.10.10.1

CE config server port

C

(Optional) Specifies the numeric string values between 0 and 65535. The default value is 80.

C11025
Device(config)# cns config initial 
ce-address 11025

Source interface

D

(Optional) Indicates the source interface name.

DF0/1
Device(config)# cns config initial 
ce-address source fastethernet 0/1

Status Destination

E

(Optional) Indicates the destination status. The default value is syslog.

1-<URL>-http, should be followed by the URL. The default value is None.

F/cns/config.asp
Device(config)# cns config initial 
ce-address page /cns/config.asp

Config no-persist

I

(Optional) Specifies the configuration conditions to NVRAM:

1-no-persist: Do not write configuration to NVRAM

1-persist: Write configuration to NVRAM

Default—persist.

I1
Device(config)# cns config initial 
no-persist

The following table lists the arguments for configuring the Cisco Networking Service ID and the initiator profile parameters used for configuring the Cisco Networking Service Passive Template configuration agent.

Table 3 Argument Lists for Cisco Networking Service Passive Template (Cisco Networking Service Indicators)

Parameter

Letter Code

Values

Parameter to CLI Mapping: Sample Letter Code

Parameter to CLI Mapping: Sample CLI Mapping

cns ID

A

(Optional) Indicates the Cisco Networking Service ID. The default is hostname.

1—Indicates a custom string to be used.

2—Indicates the MAC-address of the interface used.

3—Indicates the hardware serial number to be used.

4—Indicates Unified Display Interface (UDI).

A1881-ap
A4
Device(config)# cns id string 881-ap event

Device(config)# cns id string 881-ap

CE Address

B

(Required) Specifies the IPv4/IPv6 address/hostname. If using hostname, set the DNS-server option for DHCP.

B10.10.10.1
Device(config)# cns config initial 
10.10.10.1

CE config server port

C

(Optional) Specifies the numeric string values between 0 and 65535. The default value is 80.

C11025
Device(config)# cns config initial 
ce-address 11025

Source interface

D

(Optional) Indicates the source interface name.

DF0/1
Device(config)# cns config initial 
ce-address source fastethernet 0/1

CE event gateway port

G

(Optional) Specifies CE event gateway port numeric string values between 0 and 65535. The default value is 11011.

G11025
Device(config)# cns event ce-address 
11025

How to Configure DHCP Zero Touch

Enabling Cisco Networking Service to Receive DHCP Option 43 Messages

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    cns dhcp

    4.    exit


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Device> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Device# configure terminal
     

    Enters global configuration mode.

     
    Step 3 cns dhcp


    Example:
    Device(config)# cns dhcp
     

    Enables Cisco Networking Service with permission to process the incoming DHCP Option 43 message.

     
    Step 4 exit


    Example:
    Device# exit
     

    Exits global configuration mode.

     

    Configuration Examples for DHCP Zero Touch

    Example: Using DHCP Option 43 to Retrieve the Initial Configuration File

    Example 1

    In this example, in response to a DHCP IP address request sent by the DHCP client, the DHCP server sends an Option 43 message such as 3P2N;B10.10.10.1 to the DHCP client. The DHCP client forwards the Option 43 message to the Cisco Networking Service. The Cisco Networking Service verifies if the Option 43 message is allowed to process. Option 43 messages are allowed to process by the Cisco Networking Service if the cns dhcp command is enabled on the Cisco Networking Service.

    The ASCII data shown in this Option 43 message consists of types and values as shown in the following table.

    Table 4 Types and Values for Sample Option 43 Command

    Type

    Value

    3

    P2N;B10.10.10.1

    This message is decoded into tokens using the above arguments list. The parameters mapped for the 3P2N;B10.10.10.1 message using the arguments list are as follows:

    P—Active template code

    2—Version number of the Active template

    N—Debug option which is OFF

    ;—Delimiter before the arglist

    B10.10.10.1—CE address parameter name value pair

    The Cisco Networking Service constructs the following commands and sends to the remote management server to request the initial configuration file. A timer is set for five minutes.

    Device(config)# cns event 10.10.10.1
    Device(config)# cns config partial 10.10.10.1 inventory
    Device(config)# cns exec
    Device(config)# cns trusted-server all-agents 10.10.10.1
    

    The initial configuration file that is downloaded is checked. If the file download is successful, the process is complete.

    Example 2

    In this example, in response to a DHCP IP address request sent by the DHCP client, the DHCP server sends an Option 43 message such as:

    3P1N;A1881-ap;B10.10.10.1;J11024
    to the DHCP client. The DHCP client forwards the Option 43 message to the Cisco Networking Service. The Cisco Networking Service verifies if the Option 43 message is allowed to process. Option 43 messages are allowed to process by the Cisco Networking Service if the cns dhcp command is enabled on the Cisco Networking Service.

    The ASCII data shown in this Option 43 message consists of types and values shown in the following table.

    Table 5 Types and Values for Sample Option 43 Command

    Type

    Value

    3

    P1N;A1881-ap;B10.10.10.1;J11024

    This message is decoded into tokens using the above arguments list. The parameters mapped for the 3P1N;A1881-ap;B10.10.10.1;C11024 message using the arguments list are as follows:

    P—Active template code

    1—Version number of the Active template

    N—Debug option which is OFF

    ;—Delimiter before the arglist

    881-ap—Active template string values

    B10.10.10.1—CE address parameter name value pair

    J11024—Config server port value

    Additional References

    Related Documents

    Related Topic

    Document Title

    Cisco IOS commands

    Cisco IOS Master Commands List, All Releases

    WSMA commands

    Cisco IOS Web Services Management Agent Command Reference

    IP access lists

    Security Configuration Guide: Access Control Lists in the Securing the Data Plan Configuration Guide Library

    IP access lists commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples

    Cisco IOS Security Command Reference

    Public Key Infrastructure

    Public Key Infrastructure Configuration Guide in the Secure Connectivity Configuration Guide Library

    Secure Shell and Secure Shell Version 2

    Secure Shell Configuration Guide in the Securing User Services Configuration Guide Library

    Security commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples

    Cisco IOS Security Command Reference

    WSMA schema files in XSD format

    ftp:/​/​ftp.cisco.com/​pub/​wsma/​schema/​

    RFCs

    RFC

    Title

    RFC 2132

    DHCP Options and BOOTP Vendor Extensions

    RFC 2246

    The TLS Protocol Version 1.0

    RFC 4251

    The Secure Shell (SSH) Protocol Architecture

    RFC 4252

    The Secure Shell (SSH) Authentication Protocol

    Technical Assistance

    Description

    Link

    The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

    http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

    Feature Information for DHCP Zero Touch

    The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

    Table 6 Feature Information for DHCP Zero Touch

    Feature Name

    Releases

    Feature Information

    DHCP Zero Touch

    15.1(1)T

    The DHCP Zero Touch feature allows you to configure the attributes of a device at initial deployment from a DHCP server. DHCP option 43 allows hands-free zero touch deployments.

    The following commands were introduced or modified: wsma dhcp, cns dhcp.