Switch Fails to Initiate PnP HTTP Communication with dna center

charles-michalski · ‎05-09-2025

Current Issue

We are trying to initiate a PnP provisioning to a cat 9300L and apply a base config to be able to initiate ansible automation.

The switch successfully obtains an IP address via DHCP, along with option 43 information (IP of the Catalyst Center, port, protocol). The trunk is active, VLAN 856 is correctly propagated, and it is possible to ping the switch's IP address from a PC on the same network.

==> Despite this, the switch fails to initiate the expected HTTP/HTTPS sequence with the Catalyst Center.

The process is currently blocked at the HTTP GET /pnp/HELLO step → no response from the Catalyst Center.

Tests Performed:

Address 10.xxx.xxx.xxx (Catalyst Center instance 1)
- Not reachable via ping from the router
- No response to PnP request from the switch
- Responds correctly from a workstation browser in the PTG VLAN with HTTP 200 on /pnp/HELLO
Address 10.xxx.yyy.yyy (Catalyst Center instance 2)
- Ping OK from the router
- No HTTP response from a browser (no HTTP 200)
DHCP option 43 modified to use:
- HTTPS (K5)
- Port 443 (J443)
- The switch did not even attempt to establish a connection to the PnP server
Checked logs on the Catalyst Center:
- No logs were found

Preston Chilcote · ‎05-09-2025

What does the "pnp profile" config look like after the device gets it's IP address (pnp agent will configure this as part of the pnp process)? That is the ip or fqdn that the pnp agent will use to reach out to find Catalyst Center. Try pinging that ip or dns name from the switch to see if this is a routing issue or perhaps a certificate issue (did you replace the self-signed cert on your CC appliance?

It might be fastest to open a TAC case for real time troubleshooting.