01-15-2020 07:10 AM
Hello,
Is PnP with day 0 template same as LAN automation or is this different? I am familiar with LAN automation using seed device. But how do you configure a new layer-2 access switch(not part of SDA fabric) using PnP with day 0 template?
Solved! Go to Solution.
01-16-2020 07:57 AM
PNP & LAN automation are similar but they are completely different in terms of what they accomplish in DNA center. LAN automation is the feature that automates Fabric underlay configuration via ISIS so that the network device is staged to be added an existing fabric. PNP is the feature that simply allows us to essentially do zero-touch provisioning in order to discover, manage, and configure brand new network devices with settings specified in DNA network settings and with configurations specified in Day-0 onboarding templates.
One of the differences between LAN automation & PNP is that we do not use a seed device when performing PNP. In PNP, there are several available discovery methods:
The first thing that needs to happen is for the device to get in contact with the controller. There are four mechanisms you can use to make this work:
If using the option 43 discovery method which is commonly seen, the syntax for the option 43 value would be as followed:
-- The option 43 string has the following components, delimited by semicolons
5A1N;—Specifies the DHCP suboption for Plug and Play, active operation, version 1, no debug information. It is not necessary to change this part of the string.
B2;—IP address type:
B1 = hostname
B2 = IPv4 (default)
Ixxx.xxx.xxx.xxx;—IP address or hostname of the APIC-EM controller (following a capital letter i). In this example, the IP address is 172.19.45.222.
Jxxxx—Port number to use to connect to the APIC-EM controller. In this example, the port number is 80. The default is port 80 for HTTP and port 443 for HTTPS.
K4;—Transport protocol to be used between the Cisco Plug and Play IOS Agent and the server:
K4 = HTTP (default)
K5 = HTTPS
TtrustpoolBundleURL;—Optional parameter that specifies the external URL of the trustpool bundle if it is to be retrieved from a different location than the default, which is the APIC-EM controller, which gets the bundle from the Cisco InfoSec cloud (http://www.cisco.com/security/pki/). For example, to download the bundle from a TFTP server at 10.30.30.10, you would specify the parameter like this: Ttftp://10.30.30.10/ios.p7b
If you are using trustpool security and you do not specify the T parameter, the device retrieves the trustpool bundle from the APIC-EM controller.
Zxxx.xxx.xxx.xxx;—IP address of the NTP server. This parameter is mandatory when using trustpool security to ensure that all devices are synchronized.
** For Example:
5A1N;B2;K4;I172.19.45.222;J80
The following is a great document which goes over PNP on DNA center:
01-16-2020 07:57 AM
PNP & LAN automation are similar but they are completely different in terms of what they accomplish in DNA center. LAN automation is the feature that automates Fabric underlay configuration via ISIS so that the network device is staged to be added an existing fabric. PNP is the feature that simply allows us to essentially do zero-touch provisioning in order to discover, manage, and configure brand new network devices with settings specified in DNA network settings and with configurations specified in Day-0 onboarding templates.
One of the differences between LAN automation & PNP is that we do not use a seed device when performing PNP. In PNP, there are several available discovery methods:
The first thing that needs to happen is for the device to get in contact with the controller. There are four mechanisms you can use to make this work:
If using the option 43 discovery method which is commonly seen, the syntax for the option 43 value would be as followed:
-- The option 43 string has the following components, delimited by semicolons
5A1N;—Specifies the DHCP suboption for Plug and Play, active operation, version 1, no debug information. It is not necessary to change this part of the string.
B2;—IP address type:
B1 = hostname
B2 = IPv4 (default)
Ixxx.xxx.xxx.xxx;—IP address or hostname of the APIC-EM controller (following a capital letter i). In this example, the IP address is 172.19.45.222.
Jxxxx—Port number to use to connect to the APIC-EM controller. In this example, the port number is 80. The default is port 80 for HTTP and port 443 for HTTPS.
K4;—Transport protocol to be used between the Cisco Plug and Play IOS Agent and the server:
K4 = HTTP (default)
K5 = HTTPS
TtrustpoolBundleURL;—Optional parameter that specifies the external URL of the trustpool bundle if it is to be retrieved from a different location than the default, which is the APIC-EM controller, which gets the bundle from the Cisco InfoSec cloud (http://www.cisco.com/security/pki/). For example, to download the bundle from a TFTP server at 10.30.30.10, you would specify the parameter like this: Ttftp://10.30.30.10/ios.p7b
If you are using trustpool security and you do not specify the T parameter, the device retrieves the trustpool bundle from the APIC-EM controller.
Zxxx.xxx.xxx.xxx;—IP address of the NTP server. This parameter is mandatory when using trustpool security to ensure that all devices are synchronized.
** For Example:
5A1N;B2;K4;I172.19.45.222;J80
The following is a great document which goes over PNP on DNA center:
01-21-2020 07:11 AM
Thank you for the detailed explanation. Appreciate it!
02-25-2020 04:07 AM
Hi,
Thank you for this explanatation.
I will use dna to automate configuration ( with PNP not part of underlay network) and benifit also from other option ( Assurance, inventary, golden image,....).
My question is :
1- Are there any limitation ( nombre of hop) to do automation with PNP ?
thanks.
02-25-2020 08:37 AM
03-10-2020 12:59 AM
04-08-2020 04:48 PM
Hello,
I had installed DNAC following Cisco Guide, and i 'm facing a big problem with connectivity from my network to the DNAC Enterprise port. Cisco guide installation for DNA 2nd generation says that the Default Gateway and static routes are required respectively for Enterprise port ( Default-gateway) and Management Interface.
My configuration seams like this :
Enterprise port ( Enp94S0F0) : IP 192.168.128.240/24
D.Gateway : 192.168.128.254 ( My SVI)
DNS : Blank
Management Port (eno1) : 10.3.0.240/24
D.Gateway Blank
DNS :192.168.10.10, 192.168.10,20
Static routes : 10.0.0.0/255.0.0.0/10.3.0.254
192.168.0.0/255.255.0.0./10.3.0.25
Ping with IP adresses sources from 192.168.0.0/16 or 10.0.0.0/8 Subnets to Entrperise port : Does't work
Ping from Gateway ( 192.168.128.254) to enterprise port : Ok, ping Work
Ping from IP addresses sourced frome 172.16.0.0/12 to Enterprise Port : OK, it replay
I REALISAD that the issue is with Static and Gateway configuration ( statics routes take precedence), for that:
1 - How will be the right and correct configuration for my Ent and Management ports
2 - Is there any way to correct this issue
Thank u in advance
04-09-2020 11:45 AM
Where are the hosts you are pinging from? Off the Enterprise port or management port? If they are off the enterprise port, then you will need to adjust your static routing on the management interface so that those networks are not included. You can edit those routes with "sudo maglev-config update" from the maglev shell.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: