Cisco 9500 Stackwise Virtual and DNAC PnP

pwtn · ‎08-08-2022

What is the correct way to onboard a pair of Cisco 9500's intended to become a stackwise virtual pair?

I have been able to onboard them individually with a template that contains the configuraiton for creating the stackwise domain and neighbor peerings with a DAD link. But this will not become active until the switches are reloaded from console manually.

Does Cisco DNAC have any built in feature that can recognise and deploy a stackwise virtual pairing? or is this just something that has to be performed manually so the switches join DNAC as a single unit?

marce1000 · ‎08-08-2022

>...But this will not become active until the switches are reloaded from console manually.

Looks like that is a requirement either way , configured by DNAC or not : https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/16-9/configuration_guide/ha/b_169_ha_9500_cg/configuring_cisco_stackwise_virtual.html#concept_gbh_lxx_31b

>....The dual active and StackWise Virtual link configuration must be performed manually and the device should be rebooted for the configuration changes to take effect.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

x00008037 · ‎12-07-2022

Good Question,

Cisco's documentation is not very clear on this. i also have two 9500 that i want to LAN automate.

Im going to approach it like this
LAN automate the two devices and any other Edge device that connects to them,

Then convert the two devices to SVL manually.

Not sure if this will work as the ISIS config will have been applied

How did you do this task ?

cheers

rasmus.elmholt · ‎12-08-2022

I don't think SVL is supported for Lan Automation or PnP.

In a SDA environment the SVL feature is only needed if you want to create a MLAG to end devices/L2-handoff. Otherwise SVL does not have a usecase in SDA IMHO.

pwtn · ‎12-08-2022

Very good point. I don't have a great deal of expertise in SDA as we aren't currently deploying it. But from what I understand it operates like a layer 2 overlay on top of a layer 3 access model, so SVL isn't stricly needed as the access layer switches are just behaving as routers, and there is no STP to mitigate?

In our particular use case we were mostly interested in the inventory management and PnP capabilities of DNAC. Zero touch provisioning of devices with a templating engine powered by Jinja2 is incredibly useful for devices in any architectural model, be it SDA or tranditional routed distribution/access.

Raju255265 · ‎04-08-2024

There is definitely a real use case for OT deployments where the organization have most number of IE rugged switches (IE3k, IE4k) which normally just support only Fabric EX node role , this has be to connected to fabric via FE only as of today ( this cant be connected to Border) as this is purely L2

in this case , you need to setup a Cat9500 as SVL FE and have dual links to all EX nodes for redundancy.

pwtn · ‎12-08-2022

Hi, apologies for the late response, I guess forum notifications are just as reliable as their FTD software

I have an onboarding template for the 9500's that contains some basic configuration to put some local credentials on, VTY access lists etc. but most importantly, the stackwise config:

stackwise-virtual
domain 1
interface TenGigabitEthernet1/0/{{slink1}}
stackwise-virtual link 1
description Stackwise Link
interface TenGigabitEthernet1/0/{{slink2}}
stackwise-virtual link 1
description Stackwise Link
interface TenGigabitEthernet1/0/{{dadlink}}
stackwise-virtual dual-active-detection
description DAD Link
{% elif stacked == 'No' %}
{% set chassis1 = '1' %}
{% set chassis2 = '1' %}
{% endif %}

Our templates are written in Jinja2 so those variable definitions are available for users to feed in some information about the model and ports that they've used to physically build the stack, although it could just as easily be a static stackwise configuration.

I then have a second template to be used for DayN provisioning, so this is after the you have done the day0 oboarding template with the stack config, and reloaded them to form a stackwise virutal pair. The second template is where we do more specifics like uplink port and routing protocol configuration:

interface TenGigabitEthernet{{chassis1}}/0/{{ulink1}}
description Core-Uplink
no switchport
ip address {{link1ip}} 255.255.255.252
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP
ip hello-interval eigrp 1 1
ip hold-time eigrp 1 3
ip summary-address eigrp 1 {{vlan0}} 255.255.224.0
!
interface TenGigabitEthernet{{chassis2}}/0/{{ulink2}}
description Core-Uplink
no switchport
ip address {{link2ip}} 255.255.255.252
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP
ip hello-interval eigrp 1 1
ip hold-time eigrp 1 3
ip summary-address eigrp 1 {{vlan0}} 255.255.224.0
!
router eigrp 1
distribute-list route-map DENY-DEFAULT out TenGigabitEthernet{{chassis1}}/0/{{ulink1}}
distribute-list route-map DENY-DEFAULT out TenGigabitEthernet{{chassis2}}/0/{{ulink2}}
network {{vlan0}} 0.0.31.255
network 10.80.0.0 0.0.255.255
passive-interface default
no passive-interface TenGigabitEthernet{{chassis1}}/0/{{ulink1}}
no passive-interface TenGigabitEthernet{{chassis1}}/0/{{ulink1}}
eigrp stub connected summary

Again this template has variables that are specific to our deployment, its mostly to make sure the correct port identifiers are used, but they aren't critical to the process and could just as easily be a static configuration.

There is a certain process I have found that will reliably create the stackwise pair using DNAC to onboard and push configuration. it does still require a reload, but if done in the correct order the reload can be done remotely via SSH without ever having to physically connect to the console port:

### Cisco 9500 VSS switch deployment via DNAC

1. cable both switches as inteded for VSS and uplink connectivity.

2. once in DNAC select both switches and click actions>claim

3. assign to site and make sure to use baseconfig-distribution-switch template

4. click next and select both switches. fill out the variables, selecting "yes" to stackwise virtual

5. click next, and then claim.

--- after a few minutes both switches appear under the "provisioned" tab ---

--- there will also be two separate inventory entries for each switch ---

--- to complete the VSS build, reload both switches from console (SSH), and delete the inventory entries from DNAC ---

6. once reloaded a single entry for the VSS will appear in the plug and play menu. Ignore the PnP entry and instead discover the device via the tools/discovery menu

7. once succesffully discovered, the device will appear under Provision/Inventory in the "Unassigned Devices" group. select the device and choose provision device from the actions menu

8. on the advanced configuration tab, select the "Distribution-Switch-Interfaces" template and complete the variables form. click next and Deploy

--- at this point the VSS should be provisionined with all base configuration, VLAN interface and uplink port settings ---
--- if the upstream connectivity has been configured the VSS will be reachable via in band managment and ready to route traffic ---

-- TIDY UP --
9. an entry for the VSS will perpetually appear in the Plug and Play "unclaimed" section. to get rid of this entry, access the VSS via SSH or console and remove the PnP Profile:

(config)#no pnp profile pnp-zero-touch

10. then select the device from the "unclaimed" tab and choose delete from the actions menu

h.lehnigk · ‎10-24-2023

I used one unit for LAN Automation and later I attached the other one to create a StackWise-Virtual stack. At the end I removed the uplink config and cretated a port channel on both ends and added the config to the port channel interfaces in routed mode. Finally you need to remove the dead link under DNAC->TOOLS->Topology.

dontsellmydata · ‎10-27-2023

Does Cisco support onboarding 2 x 9500 Stackwise Virtual switches to DNAC via PnP?

Is what is covered in this thread officially recommended by Cisco? Perhaps someone from Cisco can post here and confirm what the workflow should be for onboarding 9500s to DNAC via PnP when using Stackwise virtual.

Raju255265 · ‎04-08-2024

Can somebody confirm if below flow works for Cat9500 (SVL) to provision as a FE.

1> Manually configure the Stack wise virtual
2> discover the SVL
3> provision to site
4> configure fabric edge role

will DNAC push all config as pushed part of LAN Automation if I follow above procedure ?

afekete73 · ‎06-14-2024

As far as my current experience SVL is not natively supported in DNA-C (or CAT-C). What I have used for Day0 is - Jinja tempalte:

{# Configure SVL and DAD interfaces #}

....

{# Set the SWV priority and reload the device #}
event manager applet POST_PNP
event timer countdown time 30
action 010 cli command "enable"
action 020 cli command "switch renumber 1" pattern "continue"
action 030 cli command "yes"
action 040 cli command "switch priority 15"
action 050 cli command "config t"
action 060 cli command "no event manager applet POST_PNP"
action 070 cli command "end"
action 080 cli command "write"
action 090 cli command "reload in 5" pattern "confirm"
action 100 cli command "yes"

It will reload the device, but you will have to delete the secondary switch from the inventory manually.
(I have used higher reload delay for the secondary switch, so even if the primary needs an OS upgrade, the second will join the SVL later.)