When a device that supports ZTP boots up, and does not find the startup configuration (during fresh install on Day Zero), the device enters the ZTP mode. The device locates a DHCP server, bootstraps itself with its interface IP address, gateway, and Domain Name System (DNS) server IP address, and enables Guest Shell. The device then obtains the IP address or URL of a TFTP server, and downloads the configuration file for the device.

Note	If ZTP fails, the device falls back to AutoInstall to load configuration files. For more information about loading configuration files see Using AutoInstall and Setup.

In Cisco IOS XE 3.10.1E, the ZTP feature is implemented on Cisco Catalyst 4500-E Sup 8-E, SUP9-E, Cisco Catalyst 4500X, and Cisco Catalyst 3560CX.

In ZTP, a DHCP server must be running on the same network as the new device that is being provisioned. ZTP is supported on both the management ports and the in-band ports.

When the new device is switched on, it retrieves the IP address information of the TFTP server in which the configuration resides.

The DHCP server responds to DHCP discovery events with the following option:

• Option 150—(Optional) Contains a list of IP addresses that point to the TFTP server on the management network that hosts the configuration file for the new device.

After receiving these DHCP option, the device connects to the TFTP server, and downloads the configuration. At this point, the device, does not have any route to reach the TFTP server. Therefore, it uses the default route provided by the DHCP server.

The following is a sample DHCP server configuration when connected via the management port on a device:

Device> enable
Device# configure terminal
Device(config)# ip dhcp excluded-address 10.1.1.1
Device(config)# ip dhcp excluded-address vrf Mgmt-vrf 10.1.1.1 10.1.1.10
Device(config)# ip dhcp pool pnp_device_pool
Device(config-dhcp)# vrf Mgmt-vrf
Device(config-dhcp)# network 10.1.1.0 255.255.255.0
Device(config-dhcp)# default-router 10.1.1.1 
Device(config-dhcp)# option 150 ip 203.0.113.254 
Device(config-dhcp)# option 67 ascii switch.cfg
Device(config-dhcp)# end

• option 67 ascii switch.cfg points to the configuration file that needs to be used by the new device.

Once the DHCP server is running, boot a management-network connected device, and the rest of the configuration is automatic.

The following sample Zero-Touch Provisioning boot log displays that Guest Shell is successfully enabled, the Python script is downloaded to the Guest Shell, and the Guest Shell executes the downloaded Python script and configures the device for Day Zero.

% failed to initialize nvram 
! <This message indicates that the startup configuration 
is absent on the device. This is the first indication that the Day Zero work flow is 
going to start.>

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco ISR4451-X/K9 (2RU) processor with 7941237K/6147K bytes of memory.
Processor board ID FJC1950D091
4 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
16777216K bytes of physical memory.
7341807K bytes of flash memory at bootflash:.
0K bytes of WebUI ODM Files at webui:.

%INIT: waited 0 seconds for NVRAM to be available



         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: % 
!!<DO NOT TOUCH. This is Zero-Touch Provisioning>>
Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
The process for the command is not responding or is otherwise unavailable
Guestshell enabled successfully


 *** Sample ZTP Day0 Python Script *** 


 *** Configuring a Loopback Interface *** 


Line 1 SUCCESS: interface loop 100
Line 2 SUCCESS: ip address 10.10.10.10 255.255.255.255
Line 3 SUCCESS: end


 *** Executing show ip interface brief  *** 


Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0/0   unassigned      YES unset  down                  down    
GigabitEthernet0/0/1   unassigned      YES unset  down                  down    
GigabitEthernet0/0/2   unassigned      YES unset  down                  down    
GigabitEthernet0/0/3   192.168.1.246   YES DHCP   up                    up      
GigabitEthernet0       192.168.1.246   YES DHCP   up                    up      
Loopback100            10.10.10.10     YES TFTP   up                    up      


 *** ZTP Day0 Python Script Execution Complete *** 




Press RETURN to get started!

The Day Zero provisioning is complete, and the IOS prompt is accessible.