Poap Automation for NXOS

Technical Announcement

Zero Touch Provisioning with POAP

NX-OS USB AutoBoot & DHCP-Based ZTP — Implementation & Test Plan

Date

March 23, 2026

Author

Network Architecture Team

Classification

Technical Announcement

Version

v1.0

---

1. Overview

This document outlines the implementation plan for Zero Touch Provisioning (ZTP) on Cisco Nexus switches, leveraging the POAP (PowerOn Auto Provisioning) engine built into NX-OS.

With ZTP, new devices only need to be cabled and powered on to automatically receive the correct NX-OS image and startup configuration. This eliminates the need to dispatch network engineers to remote sites and enables large-scale, consistent deployments.

This project covers two provisioning approaches:

1. USB AutoBoot — Offline provisioning via USB drive
2. DHCP-Based ZTP — Network-based automatic provisioning via DHCP server

2. Approach Comparison

The table below summarizes the key differences between USB AutoBoot and DHCP-based ZTP.

Category	Option 1: USB AutoBoot	Option 2: DHCP-Based ZTP
Trigger	USB drive inserted + power on	Boot with empty startup-config
Infrastructure	USB drive (FAT32)	DHCP server + file server (TFTP/HTTP)
Config Delivery	poap.cfg / NX-OS image on USB	DHCP Option 67 → POAP script
Use Case	Small-scale, offline, PoC	Large-scale DC fabric, remote sites
Automation Level	Manual (USB prep) + semi-auto (boot)	Fully automated (cable and power only)
Image Upgrade	Image file placed on USB	Downloaded from file server

3. Option 1 — USB AutoBoot

3.1 Overview

USB AutoBoot allows provisioning by inserting a FAT32-formatted USB drive containing the NX-OS image and configuration file into the switch before powering on. The switch automatically detects the USB, installs the image, and applies the configuration. Since it requires no network infrastructure, this method is ideal for offline environments, isolated labs, and small-scale PoC deployments.

3.2 Requirements

Item	Details
USB Format	FAT32 (required)
NX-OS Image	Copy nxos.10.x.x.bin to USB root directory
Config File	Place poap.cfg or startup-config at USB root
Boot Flow	Power ON → USB detected → Image install → Config applied → Operational
Note	Only one NX-OS image file should be on the USB (multiple files cause ambiguity)

3.3 USB Directory Structure

USB:/
├── nxos.10.3.4a.bin
└── poap.cfg

4. Option 2 — DHCP-Based Zero Touch Provisioning

4.1 Overview

DHCP-based ZTP is triggered when a Nexus switch boots with an empty startup-config. The switch sends a DHCP request on its management interface, receives an IP address along with the boot file path (DHCP Option 67), downloads the POAP script from the designated file server, and executes it to install the NX-OS image and apply the appropriate configuration.

4.2 Provisioning Flow

Power ON  →  DHCP Request  →  Receive IP + Boot File Path  →  Download POAP Script  →  Install NX-OS Image  →  Apply S/N-Based Config  →  Operational

4.3 Infrastructure Requirements

Item	Details
DHCP Server	ISC DHCP / Windows DHCP — Option 66, 67 support required
File Server	TFTP or HTTP server (hosts POAP script, NX-OS image, configs)
DHCP Option 66	Specifies TFTP server address
DHCP Option 67	Boot file path (e.g., poap_script.py)
Config Mapping	Serial number-based — configs/{SERIAL_NUMBER}.cfg
Boot Flow	Power ON → DHCP request → Boot file download → Image install → Config applied

4.4 File Server Directory Structure

/tftpboot/
├── poap_script.py
├── images/
│   └── nxos.10.3.4a.bin
└── configs/
    ├── {SERIAL_NUMBER}.cfg  ← per-device config
    └── default.cfg           ← fallback

4.5 DHCP Server Configuration Example (ISC DHCP)

subnet 10.1.1.0 netmask 255.255.255.0 {
    range 10.1.1.100 10.1.1.200;
    option routers 10.1.1.1;
    option domain-name-servers 10.1.1.10;

    # ZTP boot file
    option bootfile-name "tftp://10.1.1.50/poap_script.py";

    # Alternative: HTTP
    # option bootfile-name "http://10.1.1.50/poap_script.py";
}

4.6 POAP Script Example (Python)

#!/usr/bin/env python
"""
NX-OS POAP Script — Core Logic
"""
import poap

# 1. Download and install system image
poap.log("Downloading system image...")
poap.download("tftp", "10.1.1.50",
              "/images/nxos.10.3.4a.bin",
              "/bootflash/nxos.10.3.4a.bin")

poap.set_boot_image("/bootflash/nxos.10.3.4a.bin")

# 2. Map config by serial number
serial = poap.get_serial_number()
config_file = "configs/{}.cfg".format(serial)

poap.log("Downloading config for SN: {}".format(serial))
poap.download("tftp", "10.1.1.50",
              config_file,
              "/bootflash/poap_applied.cfg")

# 3. Apply configuration
poap.apply_config("/bootflash/poap_applied.cfg")

5. Test Plan

The following test cases will be executed sequentially. Results will be documented for each item.

#	Test Item	Description	Expected Result
1	USB AutoBoot Basic	Place NX-OS image + poap.cfg on FAT32 USB and boot	Image installed + config applied
2	USB Image Upgrade	Place a different NX-OS version on USB and boot	Auto-upgrade then config applied
3	DHCP ZTP Basic	write erase → reload, deliver POAP script via DHCP	Script executes, image + config auto-applied
4	S/N Config Mapping	Prepare per-serial config files, verify POAP auto-mapping	Per-device config correctly applied
5	NX-OS Image Auto-Deploy	Host new image on file server, download via POAP script	Image upgrade completed automatically
6	Fallback Behavior	Verify default.cfg is applied when S/N-specific config is missing	Fallback to default.cfg
7	DHCP Failure Handling	Verify switch behavior when DHCP server is unreachable	POAP retries → timeout → manual mode
8	Multi-Switch Provisioning	Boot 2+ switches simultaneously, verify DHCP/TFTP concurrency	All devices provisioned successfully

6. Project Timeline

Phase	Description	Timeline
Phase 1: Infrastructure	Build and configure DHCP server, TFTP/HTTP file server	Week 1
Phase 2: USB AutoBoot	Validate USB-based image installation and config application	Week 2
Phase 3: DHCP ZTP	Develop POAP script and test DHCP integration	Week 2–3
Phase 4: Integration Test	Multi-device simultaneous provisioning and failure scenario testing	Week 3–4
Phase 5: Final Report	Compile test results and produce operational deployment guide	Week 4

7. Expected Benefits

Key Outcomes

• Reduced Deployment Time — Eliminates per-device manual configuration, maximizing efficiency at scale
• Elimination of Human Error — Standardized scripts ensure consistent configurations across all devices
• Remote Site Enablement — No engineer dispatch required; on-site staff only need to cable and power on
• NDFC Integration Path — Future integration with Nexus Dashboard Fabric Controller for automated VXLAN EVPN fabric provisioning

---

Test results and the operational deployment guide will be shared upon project completion. For any questions, please contact the Network Architecture Team.