I am thinking about embracing quite a big project - use APIC-Em to reconfigure our 1200+ 2K and 3K switches. As far as i can see it should be possible to do so using the uploaded konfigs linked to the Serial numbers. But I would like to go a step further:
I would like to get APIC-EM to update the IOS and the configurations of the remote sites having in mind that every site has it's own group of vlans AND management ip adresses.
My idea was that APIC-EM would deliver the correct configuration to the different types of switches (10/24 or 48 ports) - all the interfaces must be configured with the same configuration with exeception of the uplink interface and with the correct set of vlans - one set of 10 vlans for every location.
I know that this is a big project bug could anyone point me in the correct direction - what would be the most correct way to do so?
Thanks in advance for all the help you may give me.
I've built a solution for this that I've used to deploy our switches for Cisco Live US. I have recently added APIC-EM PnP support to it. Essentially, the tool uses the Embedded Event Manager, a backend web server, and Cisco auto-install to learn about the device and generate a specific config for it. Then, it pushes the device info to APIC-EM, which uses PnP to bootstrap the device.
The tools is written in PHP primarily. All my code is online at [marcuscom] Index of /switch-ztp/trunk . Look at the www/functions.php module for the APIC-EM functions. These will be called by the www/swreg/swreg.php module. I have a longer description of the process at Automating Cisco Live 2014 In San Francisco | EEM Scripting | Cisco Support Community | 5941 | 12218591 .
Is it the most "correct" way? Not sure there is one correct way. However, it has worked well for me. I've recently taken the time to generalize the code a bit to make it more suitable for other bootstrapping use cases.
Thank you very much for your answer. The only issue is that EEM and 2K switches is not an option and unfortunately 70% of our switches are 2K.
On one of our sites I have got a similar solution to work by using Smart Install and Auto Smart ports. As far as I can get from APIC-EM PnP documentation it is a sort of SMI 2.0.
But I think you got something there. I ll look deeper on your solution.
Thanks once more for your help.
PS: Is it ok to get back to you after having looked through your configs?
Current code for the 2Ks does support full EEM (I think it's 15.2(4)E). But I know you need to upgrade them first. This was why a pure PnP solution didn't work for us at CiscoLive.
Sure, feel free to get back in touch.
I am counting on using ISE to do the "host/device interface show" - so I "only" have to get APIC-EM to configure all ports as 802.1x ports except for the uplink port which I want to force as trunk and as ip dhcp snooping trusted.
About the software upgrade maybe I will either use PnP SMI proxy or LMS to configure the software on the switches (seen that PnP is available on 15.2.2 only).
I'll surely get back in touch.
So that I get things straight:
- PnP solution can only upgrade a switch with software 15.2.2 so I must find a different method of performing the requested update (maybe SMI proxy? or some other management tool (LMs or PI)) for the switches running 15.0.2?
- The APIC-EM is deployed on a Ubuntu server - is it possible to use the same Linux server to konfigure a MySQL DB and the TFTP server?
Yes, you will need an SMI proxy or use LMS/PI to do the initial upgrade. APIC-EM can work with an SMI proxy.
I wouldn't touch the underlying Linux, honestly. You don't want to risk breaking either the current app or any future upgrade. This is where virtualization is nice. Spin up another VM next to APIC-EM to handle the other bits.