I've been testing Auto Config on these switches, using 7.2.2.1 on my test bed. The Auto Config process itself is working fine, using DHCP option 150, and placing a config file with the serial number as the name in the root folder of the TFTP server. The switch pulls down the config file fine and applies it.
Where I'm having issues is being able to SSH into a switch after running auto-config. Any values in the config file that are hashed, such as local user passwords, radius shared secrets, etc wouldn't be known for a switch that is brand new out of the box since they appear to be unique to each switch, so I wouldn't be able to place these hashed values in the config file on the TFTP server. Obviously putting these items in plain text in the config file isn't necessarily very secure, though I tried that too and it didn't work.
I removed anything from aaa authentication mgmt to do away with any problems with the RADIUS shared secrets, and I'm looking down the path of just logging in using a local-user account.
I'm trying to figure out how to go about taking a switch out of the box, plug it in, let it pull down its config, and then be able to SSH into the switch, without any hand touching. It would be ok if I was able to SSH into the switch and run a few commands after the fact to lock it down, but the simple act of remoting into the switch is what's stopping me.
Thanks!
