Post ZTP console enable secret requirements - how to disable

Bhazlett · ‎10-05-2023

Whenever installing/replacing a switch and we ZTP this switch successfully, the switch will ask if you would like to enter the initial configuration dialog. After answering "no", I am being dropped into a dialog to set the enable secret password. I do not believe this is the initial configuration dialog because it has a few steps prior to setting the enable password. This issue is puzzling because this seems to be specific only to the console, if you SSH into the switch after ZTPing it, the device functions just as you'd expect. Our current work around is to either go through this dialog and not save the configuration or just reboot the switch and it will function as expected once its booted. I included a pic of what appears on the console after answering successfully ZTPing the switch and answering no the initial config question. I have only experienced this on the 9200L models so far.

lni1 · ‎01-02-2024

Indeed this is very annoying behaviour, but is seems that Cisco implemented this new "feature" in IOS 17.7 and later, so we don't have any choice I'm afraid :

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-7/release_notes/ol-17-7-9300.html#concept_dcb_fd2_3mb
>> Mandatory enable secret password in the initial configuration

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-7/configuration_guide/sec/b_177_sec_9300_cg/controlling_switch_access_with_passwords_and_privilege_levels.html
>> Additional Password Security