Using Zero Touch Provisioning


Note


The Cisco ASR 920 Series Router (ASR-920-20SZ-M, ASR-920-24SZ-IM, ASR-920-24SZ-M, and ASR-920-24TZ-M)do not have a ZTP or Reset button.



Note


Routers running ZTP must be able to connect to a DHCP server and TFTP server, download the configuration template, and begin operation, all at the press of a button.

Prerequisites for Using ZTP

  • The Cisco ASR 920 Series Router must be running Cisco IOS-XE Release 3.13.0S or later.

  • The interface connected to the TFTP server must be turned green.

  • DHCP server should be configured to ensure reachability to the TFTP server.

  • Ports that are licensed through port licensing are disabled during the ZTP process. It is highly recommended that you connect to free ports that do not need a license to be enabled. For information on port licensing, see Licensing 1G and 10G Ports on the Cisco ASR 920 Series Router .

Caution


Do not change the ROMMON configuration register to 0x0.


Restrictions for Using ZTP

  • ZTP is not supported on the LAN Management port—Gig0 on the router. ZTP is supported only on the Ethernet interfaces such as 1—Gige, 10—Gige ports, and so on.

  • ZTP is not initialized if the ZTP button is pressed for more than eight seconds. In this case, the router goes through a normal reload process.

  • ZTP is also not initialized when the router is already reloading or if the router is in ROMMON prompt.

  • When the ZTP process is initialized all previous logs in the buffer are cleared.

  • DHCP declines addresses when loading DHCP configuration through TFTP. It is strongly recommended to have only the CNS configuration present on the configuration file to avoid tampering with the ZTP BDI.

  • ZTP is not initialized if bootflash has files named as 'router-confg'.

  • Disabling gratuitous ARP is not supported.

Information About Using ZTP

Figure 1. Sample ZTP Topology

On the Cisco ASR 920 Series Routers, ZTP is triggered under any of the following conditions:

  • A router without a start up configuration is powered on

  • ZTP button is pressed (applicable on Cisco ASR 920 Series Router variants where the ZTP button is present on the front panel) or,

  • The write erase and reload commands are executed (applicable on Cisco ASR 920 Series Router variants where the ZTP button is not present on the front panel)


Note


The Cisco ASR 920 Series Routers (ASR-920-12CZ-A, ASR-920-12CZ-D, ASR-920-4SZ-A, ASR-920-4SZ-D, ASR-920-10SZ-PD, ASR-920-8S4Z-PD, ASR-920-12SZ-D and ASR-920-12SZ-A) have a ZTP button on the front panel.

The Cisco ASR 920 Series Routers (ASR-920-20SZ-M, ASR-920-24SZ-IM, ASR-920-24SZ-M, and ASR-920-24TZ-M) do not have a ZTP or Reset button.


Router# write erase
System configuration has been modified. Save? [yes/no]: no
Router# reload

Note


If you type yes at the prompt, the system configuration is saved in the nvRAM and the ZTP process terminates.

After the ZTP process initializes, the following sequence is initiated:

  1. The router detects the management VLAN and waits for any of the following data packets.

    • Broadcast (Gratuitous ARP)

    • ISIS hello packets

    • OSPF hello packets

    • IPv6 router advertisement packets

    • VRRP


    Note


    The operations center can initiate any of the above packets over the network to establish a connection to the DHCP server.
  2. When the first packet on any VLAN is detected, the router initiates a DHCP session to a DHCP server over that VLAN.

  3. After a DHCP session is established, the router must establish a connection with the TFTP server through DHCP option 43 or DHCP option 150.

  4. When connectivity to the TFTP server is established, the bootup process starts.

When the ZTP process initiates, the Cisco ASR 920 Series Router creates an Ethernet flow point (EFP) and associates a bridge domain interface (BDI) on the detected management VLAN.

The router creates the following configuration to establish a connection with the DHCP server and the TFTP server. The BDI created for this purpose has description ZTP_BDI configured under the BDI interface.


Caution


Do not delete ZTP_BDI . Deleting this configuration results in loss of connectivity to the router and the ZTP process terminates.



Note


Effective Cisco IOS-XE Release 3.14.0S, to stop the ZTP process when the ZTP button is accidentally pressed, use the ztp disable command in global configuration mode. However, if you long press the ZTP button, (more than 8 sec) ZTP is still initialized reload even though ZTP is disabled through the ztp disable command.

Example ZTP Configuration

Let us assume that GigabitEthernet0/0/1 is connected to the DHCP server and is used to connect to the TFTP server. VLAN ID 1000 is used as the management VLAN.


Router# show running-config int gi0/0/1
Building configuration...
Current configuration : 216 bytes
!
interface GigabitEthernet0/0/1
 no ip address
 media-type auto-select
 no negotiation auto
 service instance 12 ethernet
  encapsulation dot1q 1000
  rewrite ingress tag pop 1 symmetric
  bridge-domain 12
 !
end 
!
interface BDI12
description ZTP_BDI
 ip address dhcp
end

Downloading the Initial Configuration

After the VLAN discovery process is complete, the configuration download process begins. The following sequence of events is initiated.

  1. The router sends DHCP discover requests on each Ethernet interface. The serial number of the router is used as a client identifier.

  2. The DHCP server allocates and sends an IP address, TFTP address (if configured with option 150) and default router address to the router.

  3. If the TFTP option (150) is present, the router requests a bootstrap configuration that can be stored in any of the following files: PID-<mac-address> , network-confg, router-confg, ciscortr.cfg, or cisconet.cfg.


    Note


    Ensure to use hyphenated hexadecimal notation of MAC address (DOM-78-72-5D-00-A5-80) to name the files.



Note


A router running ZTP downloads the configuration from DHCP server. Sometimes, the ZTP DHCP config may already exist as part of network config file. We recommend that you remove the ZTP configuration in the network-confg download file to avoid the router moving into a hung state.
ip dhcp pool <pool-number>
network <ip-address> <wildcard-mask>
option 150 ip <ip-address> 
 default-router <router-address> 
 dns-server <dns-server-address>

DHCP Server

The following is a sample configuration to set up a Cisco router as a DHCP server:


ip dhcp excluded-address 30.30.1.6
ip dhcp excluded-address 30.30.1.20 30.30.1.255
!
ip dhcp pool mwrdhcp
network 30.30.1.0 255.255.255.0
option 150 ip 30.30.1.6
default-router 30.30.1.6

This configuration creates a DHCP pool of 30.30.1.x addresses with 30.30.1.0 as the subnet start. The IP address of the DHCP server is 30.30.1.6. Option 150 specifies the TFTP server address. In this case, the DHCP and TFTP server are the same.

The DHCP pool can allocate from 30.30.1.1 to 30.30.1.19 with the exception of 30.30.1.6, which is the DHCP server itself.

TFTP Server

The TFTP server stores the bootstrap configuration file.

The following is a sample configuration (network– confg file):


hostname test-router
!
{ asrrouter-specifc configuration content}
!
end

ZTP LED Behavior

On Cisco ASR 920 Series Routers (ASR-920-12CZ-A, ASR-920-12CZ-D, ASR-920-4SZ-A, ASR-920-4SZ-D, ASR-920-10SZ-PD, ASR-920-8S4Z-PD ASR-920-12SZ-D and ASR-920-12SZ-A):

Process

PWR LED

STAT LED

Press ZTP button

Green

Blinking Amber

Loading image

Blinking Green/Red

OFF

Image loaded

Green

Green

ZTP process running

Green

Blinking Amber

ZTP process success and config-file download completes

Green

Green

ZTP process failure or terminated

Green

Red

On Cisco ASR 920 Series Routers (ASR-920-20SZ-M, ASR-920-24SZ-IM, ASR-920-24SZ-M, and ASR-920-24TZ-M), using the write erase and reload commands:

Process

PWR LED

STAT LED

Loading image

Blinking Green/Red

OFF

Image loaded

Green

Green

ZTP process running

Green

Blinking Amber

Verifying the ZTP Configuration

To verify if the ZTP configuration is successful, use the following command:

  • show running-config