Re: Difference between Onboarding Templates and Day-N Templates

BlueyVIII · ‎06-01-2023

Hi,

I'm fairly new to DNA Centre and struggling to understand the difference between Onboarding Templates and Day-N Templates when creating a network profile.

I've read the documentation but it's still not clear to me. Could someone please let me know the difference, ideally with a use case example. My network mainly comprises of Switches that I'm hoping to automate Plug-n-Play deployment and ongoing configuration for consistency and compliance. I'm not running any SDA at the moment.

Thanks in advance

M02@rt37 · ‎06-01-2023

Hello @BlueyVIII,

Onboarding Templates in DNA Center are used for automating the initial provisioning and onboarding process of network devices. They are primarily used with the PnP feature to streamline the deployment of new devices in the network. Onboarding Templates define the configuration settings that should be applied to a device during the onboarding process.

Example: you have a set of new switches that you want to deploy in your network. With an Onboarding Template, you can define the initial configuration settings, such as interface configurations, VLAN assignments, and basic security settings, that should be applied to these switches during the onboarding process. When you connect the new switches to the network, DNA Center will automatically detect them using PnP and apply the defined configuration settings from the Onboarding Template, ensuring consistent and standardized configurations across your network.

Day-N Templates in DNA Center are used for ongoing configuration management and consistency across your network devices. They are designed to simplify the process of making configuration changes, pushing firmware updates, or deploying network-wide policy changes to multiple devices at once. Day-N Templates capture a specific configuration state or change that you want to apply to one or more devices.

Example: you want to deploy a new ACL on a group of switches in your network to enforce a security policy. With a Day-N Template, you can define the ACL configuration and apply it to the targeted switches. DNA Center will take care of pushing the configuration to the devices, ensuring consistent application of the ACL across the network. If you need to update the ACL in the future, you can make changes to the Day-N Template, and DNA Center will push those changes to the devices accordingly.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

BlueyVIII · ‎06-01-2023

Thanks for that M02@rt37 - Easily the best explanation I've heard.

So ideally, as much standard config as possible should be applied via the Day-0 template, then subsequent changes pushed via the Day-N config??

Quick question, if I make a change to a Day-N template, is the change pushed automatically to all devices that the profile applies to, or is it necessary to go into the inventory and provision the device(s) again??

Thanks again

M02@rt37 · ‎06-01-2023

You're welcome @BlueyVIII.

When you make a change to a Day-N template in DNA Center, the change is not automatically pushed to all devices associated with the profile. You need to manually deploy the updated template to the devices you want to apply the changes to.

When you click on the "Deploy" button to initiate the deployment process, DNA Center will then push the updated configuration from the Day-N template to the selected devices. This way, you have control over when and where the changes are applied, allowing you to ensure consistency and avoid unintended disruptions.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Preston Chilcote · ‎06-01-2023

The recommended best practice is to put as little as possible into the Onboarding configuration. Usually just enough to convert the necessary DHCP address used during PnP process to the desired static management ip. Once PnP is done, you would then provision day-N template immediately to push the production config and for all subsequent config changes.

Some tips for writing onboarding templates is documented here: https://community.cisco.com/t5/networking-knowledge-base/updating-management-ip-address-of-a-switch-during-the-pnp/ta-p/4820793

alieson · ‎10-20-2023

Hello Preston,

Can you elaborate more about why do we need the below change :

Usually just enough to convert the necessary DHCP address used during PnP process to the desired static management ip

Thanks in advance

Preston Chilcote · ‎10-20-2023

@alieson It's not a strict requirement, but in practice most networks don't want to use a dynamically allocated address as a management address. A known, static IP is usually preferred.