The Cisco ASR 920 Series Router (ASR-920-12CZ-A, ASR-920-12CZ-D, ASR-920-4SZ-A, ASR-920-4SZ-D, and ASR-920-10SZ-PD) provides
you the option of having the router auto configure. Field technicians need only mount the router, connect to the power and
attach cables in easily-accessible ports, then press the ZTP button on the front panel, to reset the router and initiate zero
touch provisioning. This feature helps operators to reduce total cost of ownership (TCO) by simplifying the network deployment.
The Cisco ASR 920 Series Router (ASR-920-24SZ-IM, ASR-920-24SZ-M, and ASR-920-24TZ-M) do not have a ZTP or Reset button.
Routers running ZTP must be able to connect to a DHCP server and Cisco Configuration Engine (CCE), download the configuration
template, and begin operation, all at the press of a button.
Prerequisites for Using ZTP
The Cisco ASR 920 Series Router must be running Cisco IOS-XE Release 3.13.0S or later.
The interface connected to the CCE must be turned green.
DHCP server should be configured to ensure reachability to the CCE and the TFTP server.
Ports that are licensed through port licensing are disabled during the ZTP process. It is highly recommended that you connect
to free ports that do not need a license to be enabled. For information on port licensing, see Licensing 1G and 10G Ports on the Cisco ASR 920 Series Router
Do not change the ROMMON configuration register to 0x0.
Restrictions for Using ZTP
ZTP is not supported on the LAN Management port—Gig0 on the router. ZTP is supported only on the Ethernet interfaces such
as 1—Gige, 10—Gige ports, and so on.
ZTP is not initialized if the ZTP button is pressed for more than eight seconds. In this case, the router goes through a
normal reload process.
ZTP is also not initialized when the router is already reloading or if the router is in ROMMON prompt.
When the ZTP process is initialized all previous logs in the buffer are cleared.
DHCP declines addresses when loading DHCP configuration through TFTP. It is strongly recommended to have only the CNS configuration
present on the configuration file to avoid tampering with the ZTP BDI.
ZTP is not initialized if bootflash has files named as 'router-confg'.
On the Cisco ASR 920
Series Routers, ZTP is triggered under any of the following conditions:
A router without a start up configuration is powered on
ZTP button is pressed (applicable on Cisco ASR 920 Series Router variants where the ZTP button is present on the front panel)
The write erase and reload commands are executed (applicable on Cisco ASR 920 Series Router variants where the ZTP button is not present on the front panel)
The Cisco ASR 920
Series Routers (ASR-920-12CZ-A, ASR-920-12CZ-D, ASR-920-4SZ-A, ASR-920-4SZ-D,
and ASR-920-10SZ-PD) have a ZTP button on the front panel.
The Cisco ASR 920
Series Routers (ASR-920-24SZ-IM, ASR-920-24SZ-M, and ASR-920-24TZ-M) do
not have a ZTP
or Reset button.
Router# write erase
System configuration has been modified. Save? [yes/no]: no
If you type
yes at the
prompt, the system configuration is saved in the nvRAM and the ZTP process
After the ZTP process
initializes, the following sequence is initiated:
The router detects the management VLAN and waits for any of the following data packets.
Broadcast (Gratuitous ARP)
ISIS hello packets
OSPF hello packets
IPv6 router advertisement packets
The operations center can initiate any of the above packets over the network to establish a connection to the DHCP server.
When the first packet on any VLAN is detected, the router initiates a DHCP session to a DHCP server over that VLAN.
After a DHCP session is established, the router must establish a connection with the TFTP server through DHCP option 43 or
DHCP option 150.
When connectivity to the TFTP server is established, the bootup process starts.
When the ZTP process
initiates, the Cisco ASR 920 Series Router creates an Ethernet flow point (EFP)
and associates a bridge domain interface (BDI) on the detected management VLAN.
The router creates the following configuration to establish a connection with the DHCP server and the TFTP server. The BDI
created for this purpose has description ZTP_BDI configured under the BDI interface.
Do not delete
Deleting this configuration results in loss of connectivity to the router and
the ZTP process terminates.
Effective Cisco IOS-XE Release 3.14.0S, to stop the ZTP process when the ZTP button is accidentally pressed, use the ztp disable command in global configuration mode. However, if you long press the ZTP button, (more than 8 sec) ZTP is still initialized
reload even though ZTP is disabled through the ztp disable command.
Example ZTP Configuration
Let us assume that GigabitEthernet0/0/1 is connected to the DHCP server and is used to connect to the CCE. VLAN ID 1000 is
used as the management VLAN.
Router# show running-config int gi0/0/1
Current configuration : 216 bytes
no ip address
no negotiation auto
service instance 12 ethernet
encapsulation dot1q 1000
rewrite ingress tag pop 1 symmetric
ip address dhcp
Downloading the Initial Configuration
After the VLAN discovery process is completed, the configuration download process begins. The following sequence of events
The Cisco ASR 920 Series Router sends DHCP discover requests on each Ethernet interface.
The DHCP server allocates and sends an IP address, TFTP address (if configured with option 150) or CE address (if configured
with option 43), and default router address to the Cisco ASR 920 Series Router.
If the TFTP option (150) is present, the Cisco ASR 920 Series Router requests a bootstrap configuration that can be stored
in any of the following files: network-confg, router-confg, ciscortr.cfg, or cisconet.cfg.
The bootstrap configuration (including CE IP address and port) is sent from the TFTP server to the Cisco ASR 920 Series Router.
An HTTP request is sent from the Cisco ASR 920 Series Router to the CE server.
After verification of the router’s details, the CE downloads the configuration.
The following is a sample configuration to set up a Cisco router as a DHCP server:
ip dhcp excluded-address 22.214.171.124
ip dhcp excluded-address 126.96.36.199 188.8.131.52
ip dhcp pool mwrdhcp
network 184.108.40.206 255.255.255.0
option 150 ip 220.127.116.11
This configuration creates a DHCP pool of 30.30.1.x
addresses with 18.104.22.168 as the subnet start. The IP address of the DHCP server is 22.214.171.124. Option 150 specifies the TFTP
server address. In this case, the DHCP and TFTP server are the same.
The DHCP pool can allocate from 126.96.36.199 to 188.8.131.52 with the exception of 184.108.40.206, which is the DHCP server itself.
The TFTP server stores the bootstrap configuration file.
The following is a sample configuration (network– confg file):
220.127.116.11 is the IP address of the CE server and 80 is the port number of the configure service.
Cisco Configuration Engine Server
The CCE server application is installed on a Linux system. In the above example, the Cisco ASR 920 Series Router recognizes
the CNS configuration and retrieves the complete configuration from the CCE server. For more information, see
You need a username and password to download the CCE application. Contact
Once the application is installed and the IP addresses are set, the CCE server can be accessed on providing a username and
Ensure that the CNS ID is the hardware-serial number and that it matches with the CCE server.
ZTP LED Behavior
On Cisco ASR 920 Series Routers (ASR-920-12CZ-A, ASR-920-12CZ-D, ASR-920-4SZ-A, ASR-920-4SZ-D, and ASR-920-10SZ-PD):
Press ZTP button
ZTP process running
On Cisco ASR 920 Series Routers (ASR-920-24SZ-IM, ASR-920-24SZ-M, and ASR-920-24TZ-M), using the write erase and reload commands:
ZTP process running
Verifying the CNS Configuration
Use the following commands to verify the CNS configuration: