cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4137
Views
5
Helpful
2
Replies

Trouble with dnac Plug and Play/claiming a device

Hassaan
Level 1
Level 1

Hi all,

 

I've reached a point where i need some help with this as i've been trying to figure this out for some time now and starting to get frustrating.

DNA-C is all new to me and i've learned a lot about it over the past few months but now i want to start using it for our production network. I have a batch of new 9000 series switches i want to deploy across a couple of our sites and i want to utilise PnP zero touch provisioning to streamline the process. From my understanding this can be done by simply plugging in a factory default switch and without touching it in anyway it will be automatically onboarded by DNAC centre. The only config is to configure the trunk link between the seed and the PnP switch and DTP is supposed to do the rest.

This is how i've set it up so far:

- I have a core L3 switch which was manually configured running OSPF - this is the seed device

- i've configured a DHCP pool in DNAC - i think i understand what this does but have a bit of doubt as from my research i'm supposed to also create a scope on a seperate dhcp server with option 43 configured to point at the DNAC IP address - can someone clarify why I would need 2 dhcp pools, i.e. one on dnac and another on a dhcp server?

- despite this i managed to make some progress in that i managed to get a PnP device to get an IP from the DNAC IP pool, but after adding a helper address on the management vlan SVI on the seed it was then also issued an IP from the dhcp server.

- however i couldn't manage that device because apparently i need to have level 15 privileges to do this - which kind of beats the purpose to make it zero touch - but i manually configured credentials anyway on the PnP device and it was then fully discovered by dnac with the IP from the dhcp pool.

- This is the point where i get seriously stuck - if i try to claim the device with the template it doesn't let me, giving an error saying there is an active underlay discovery process already running. If i stop the underlay process it then does get rid of the error message and does appear to claim the device but does not proceed to onboard it. instead it just sits there saying "not contacted".

- i tried tried resetting the PnP switch back to factory default and rebooted it and it does pick up an IP address successfully again but still doesn't get any further and just says "not contacted" and in "planned" state.

I'm at a loss as to what else i can try. How do I get it to move to onboard and then provisioned state?

 

any advice would be appreciated

2 Replies 2

Mike.Cifelli
VIP Alumni
VIP Alumni

- i've configured a DHCP pool in DNAC - i think i understand what this does but have a bit of doubt as from my research i'm supposed to also create a scope on a seperate dhcp server with option 43 configured to point at the DNAC IP address - can someone clarify why I would need 2 dhcp pools, i.e. one on dnac and another on a dhcp server?

I am not sure I am following.  When you state you configured a dhcp pool in dnac do you mean that you have created global and reserved ip pools? From my experience in testing PnP you need to have option43 configured on your DHCP server that hands out the leases otherwise the process will have issues.  Here is an overview of option43:

5A1N - specifies plug and play

B2 - ipv4

I10.x.x.x - specifies ip to connect to dnac

J80 - specifies what port to use

Add the option 43 config to your dhcp server scope for the intended pool you wish to use.  AFAIK there are 5 options for PnP for a client to connect to the controller:

DHCP server, using option 43 (set the IP Address of the controller).

DHCP server, using a DNS domain name (DNS lookup of pnphelper).

Cisco Plug and Play Connect (cloud-based device discovery).

USB key (bootstrap config file).

Cisco Installer App (For iPhone/Android).

Take a peek here for additional assistance: Network Device Onboarding for Cisco DNA Center Deployment Guide

HTH!

Hi Mike,

yes that's right i created a global and reserved IP pool under "Design". This pool can't be the same as the pool configured on the separate DHCP server, where option 43 is, because when i configure the seed device parameters it tells me there is an overlap on the management SVI. Therefore I'm having to utilise 2 IP ranges to avoid this issue. So I was wondering why I would need 2 separate IP pools to "manage" my devices.

 

Thanks for the link, I followed it to the letter and managed to make some progress. I was following a different guide on cisco documentation that didn't specify certain details.

 

So now I have managed to get a device auto initialized and moved to unclaimed state, i tested provisioning it with a basic onboarding template script and it worked. It was a very bumpy ride though as i started to encounter different issues.

e.g. on another device it tries to initialise the device but on the console cli I get an error saying "the rollback configlet from the last pass is listed below" and attempts to rollback some previous config, despite me erasing the startup config, vlan.dat, flash, certs etc. and reloading the switch. Then in Plug and Play in DNAC it does pick up the new device but puts it into error state. Not sure what's going on there.

Also, onboarding a stacked switch seems to be equally messy and doesn't initialise PnP unless i remove the stack members and just do the process on the master only.

 

 

 

Review Cisco Networking for a $25 gift card