Date created: 06/30/22 10:42:19. Last modified: 06/30/22 10:42:25

IOS-XR ZTP - DHCPd

This is an example dhcpd config which shows how to return two URLs, one for insecure ZTP and one for secure ZTP:

option domain-name "lab";
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;

##log(info,concat("*** dhcp-parameter-request-list:",binary-to-ascii(10,8,",",option dhcp-parameter-request-list),"***"));

option space cisco-vendor-id-vendor-class code width 1 length width 1;
option vendor-class.cisco-vendor-id-vendor-class code 9 = {string};
option OPTION_V4_SZTP_REDIRECT code 143 = text;

class "ncs540-secure" {
        match if binary-to-ascii(10,8,",",option dhcp-parameter-request-list) ~= ",143" and
                 ( ( substring(option vendor-class.cisco-vendor-id-vendor-class,19,99)="N540-ACC-SYS") or
                 ( substring(option vendor-class.cisco-vendor-id-vendor-class,19,99)="N540X-ACC-SYS") );
        log(info,concat(option dhcp-client-identifier, " requests secure ZTP"));
}

class "ncs540" {
        match if not (binary-to-ascii(10,8,",",option dhcp-parameter-request-list) ~= ",143") and
                 ( ( substring(option vendor-class.cisco-vendor-id-vendor-class,19,99)="N540-ACC-SYS") or
                 ( substring(option vendor-class.cisco-vendor-id-vendor-class,19,99)="N540X-ACC-SYS") );
        log(info,concat(option dhcp-client-identifier, " requests insecure ZTP"));
}

shared-network ZTP {
        subnet 10.0.0.0 netmask 255.255.255.0 {
                option domain-name "bllab.isp.sky.com";
                pool {
                        allow members of "ncs540";
                        range 10.0.0.10 10.0.0.19;
                        if exists user-class {
                                option bootfile-name = concat( "http://labserver.net:8080/get_config?dhcp_remote_id=", option agent.remote-id);
                        }
                        option routers 100.0.0.1;
                }
                pool {
                        allow members of "ncs540-secure";
                        range 10.0.0.20 10.0.0.29;
                        option OPTION_V4_SZTP_REDIRECT "https://labserver.net:8443";
                        option routers 100.0.0.1;
                }
        }
}