Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
1
Replies

ISR 4000 (IOS-XE) ZTP and license

kjdhghsghsfg
Level 1
Level 1

‎01-04-2023 04:46 AM

Hi!

Apologies if this has already been discussed. I was unable to find information.

Platform: ISR4k series routers. I have been testing IOS-XE 17.5.1a and 17.6.3a.

The router day0 configuration has ipsec enabled and needs the ISR_4400_Security license. The license has been installed on the box with SLR/SLUP. It's working.

Problem: when testing ZTP I have used the command "factory-reset keep-licensing-info" to erase config and start ZTP on reload. Contrary to the documentation this command seems to delete the "license boot level" config. The licenses are intact however.

This leads into situation where configuration applied by ZTP does not work because the router rejects e.g. all "crypto ike" and "crypto ipsec" commands. In order to make them work one needs to perform:
conf t
license boot level securityk9
wri mem
reload

But if I insert the above commands into ZTP python script the ZTP is not activated on next reload and actual router config is not installed.

Here's again what happens:
factory-reset keep-licensing-info
(router reloads)
ZTP starts and downloads python script which downloads config
copy tftp://TFTP.SERVER.IP/day0-router-config nvram:startup-config
Copy finishes and ZTP script reloads the router
Router boots with day0 config and rejects all crypto lines. Result: the config does not work at all.

Labels:
0 Helpful
1 Reply 1

Georg Pauwen
VIP
VIP

‎01-04-2023 08:10 AM

Hello,

post the Python script you are using.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card