Cisco Catalyst 8000v ZTP License

Intro

I recently worked on some Cisco Catalyst 8000v routers running in Autonomous mode (not SD-WAN mode) and found that you have to activate a licensing level to enabled VPN features as they are not activated out of the box. Activating a licensing is simple enough, it's only a single command, but it does require a reboot of the device to enable the license 😭. As part of my labs, I deploy configurations to devices using ZTP, and I wanted to enable this license during the Zero Touch Provisioning (ZTP) boot process to avoid a reboot. Information on wheter this is possible or not is pretty slim pickings. With the help of legendary Joel Sprague, I was able to find the solution. If you need this in your life, read on.

Software Versions

The following software version were used in this post:

Cisco IOS-XE - 17.15.1a

Activate License

To activate a license you run the following command in global config mode:

config

! config terminal
! license boot level <level> addon <dna_addon>
license boot level network-premier addon dna-premier

Important

In production, ensure you have a valid license entitlement and are activating the correct licensing level.

I ZEETEEPEE Feely

Now for the fun part. It's 2026 and we configure networks via automation, not via hunting and pecking like a savage. So how can we apply the license duirng the ZTP process? The answer is comically simple. Just add the above line to the ZTP config that is appled on boot and voila! You have the desired license without the need for an additional reboot.

In my use case, I am applying config via a cdrom iso attachment on KVM. I expect the same method will work via any other method a ZTP config is accepted.

Below is a sample ZTP config that I apply to a cat8kv in my lab environment.

cmd

!
hostname dev01
ip domain name sherpa.lab.local
ip name-server 172.31.0.1
crypto key generate rsa modulus 2048
ip ssh version 2
!
aaa new-model
aaa authentication login default local
aaa authorization exec default local
!
username sherpa privilege 15 secret Everest1953!
!
ip ssh pubkey-chain
  username sherpa
   key-hash ssh-rsa E150F9B0829A1A4704FF6013DEA314D1
!
ip scp server enable
!
license boot level network-premier addon dna-premier
!
archive
 log config
  logging enable
  logging size 1000
  notify syslog contenttype plaintext
 path flash:/archived-config
 maximum 14
 write-memory
 time-period 1440
!
interface GigabitEthernet1
 ip address dhcp
 negotiation auto
 no shutdown
 exit
!
line con 0
 logging synchronous
 stopbits 1
 exit
!
line vty 0 4
 logging synchronous
 transport input ssh
 exit
!
exit

Outro

If you made it this far, I hope this post help you save some cycles.

✌️ Peace out nerds. Stay weird! ✌️

Links

https://www.cisco.com/c/en/us/td/docs/routers/C8000V/Configuration/c8000v-installation-configuration-guide/day0-bootstrap-configuration.html

https://www.cisco.com/c/en/us/products/collateral/routers/catalyst-8000v-edge-software/nb-06-cat8000v-edge-sw-og-cte-en.html#CiscoDNAsubscriptionapplicabilitymatrixforCatalyst8000Vplatforms

On This Page