cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
923
Views
20
Helpful
7
Replies
japarmar
Cisco Employee

PnP with day 0 template

Hello,

 

Is PnP with day 0 template same as LAN automation or is this different? I am familiar with LAN automation using seed device. But how do you configure a new layer-2 access switch(not part of SDA fabric) using PnP with day 0 template?

1 ACCEPTED SOLUTION

Accepted Solutions
danirowe
Cisco Employee

PNP & LAN automation are similar but they are completely different in terms of what they accomplish in DNA center. LAN automation is the feature that automates Fabric underlay configuration via ISIS so that the network device is staged to be added an existing fabric. PNP is the feature that simply allows us to essentially do zero-touch provisioning in order to discover, manage, and configure brand new network devices with settings specified in DNA network settings and with configurations specified in Day-0 onboarding templates.

 

One of the differences between LAN automation & PNP is that we do not use a seed device when performing PNP. In PNP, there are several available discovery methods:

Discovering the Controller

The first thing that needs to happen is for the device to get in contact with the controller. There are four mechanisms you can use to make this work:

  • DHCP server, using option 43 which is set to the IP Address of the controller.
  • DHCP server, using a DNS domain name. The device will do a dns lookup of pnpserver.<your domain>
  • Cloud redirection, which is currently in controlled availability.
  • USB key. This can be used for routers and remote devices, where some initial configuration of the WAN connection is required (e.g. MPLS configuration).

If using the option 43 discovery method which is commonly seen, the syntax for the option 43 value would be as followed:

 

-- The option 43 string has the following components, delimited by semicolons

  • 5A1N;—Specifies the DHCP suboption for Plug and Play, active operation, version 1, no debug information. It is not necessary to change this part of the string.

  • B2;—IP address type:

    • B1 = hostname

    • B2 = IPv4 (default)

  • Ixxx.xxx.xxx.xxx;—IP address or hostname of the APIC-EM controller (following a capital letter i). In this example, the IP address is 172.19.45.222.

  • Jxxxx—Port number to use to connect to the APIC-EM controller. In this example, the port number is 80. The default is port 80 for HTTP and port 443 for HTTPS.

  • K4;—Transport protocol to be used between the Cisco Plug and Play IOS Agent and the server:

    • K4 = HTTP (default)

    • K5 = HTTPS

  • TtrustpoolBundleURL;—Optional parameter that specifies the external URL of the trustpool bundle if it is to be retrieved from a different location than the default, which is the APIC-EM controller, which gets the bundle from the Cisco InfoSec cloud (http://www.cisco.com/security/pki/). For example, to download the bundle from a TFTP server at 10.30.30.10, you would specify the parameter like this: Ttftp://10.30.30.10/ios.p7b

    If you are using trustpool security and you do not specify the T parameter, the device retrieves the trustpool bundle from the APIC-EM controller.

  • Zxxx.xxx.xxx.xxx;—IP address of the NTP server. This parameter is mandatory when using trustpool security to ensure that all devices are synchronized.

** For Example: 

5A1N;B2;K4;I172.19.45.222;J80

 

The following is a great document which goes over PNP on DNA center:

-- https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Plug-and-Play/solution/guidexml/b_pnp-solution-guide.html

View solution in original post

7 REPLIES 7
danirowe
Cisco Employee

PNP & LAN automation are similar but they are completely different in terms of what they accomplish in DNA center. LAN automation is the feature that automates Fabric underlay configuration via ISIS so that the network device is staged to be added an existing fabric. PNP is the feature that simply allows us to essentially do zero-touch provisioning in order to discover, manage, and configure brand new network devices with settings specified in DNA network settings and with configurations specified in Day-0 onboarding templates.

 

One of the differences between LAN automation & PNP is that we do not use a seed device when performing PNP. In PNP, there are several available discovery methods:

Discovering the Controller

The first thing that needs to happen is for the device to get in contact with the controller. There are four mechanisms you can use to make this work:

  • DHCP server, using option 43 which is set to the IP Address of the controller.
  • DHCP server, using a DNS domain name. The device will do a dns lookup of pnpserver.<your domain>
  • Cloud redirection, which is currently in controlled availability.
  • USB key. This can be used for routers and remote devices, where some initial configuration of the WAN connection is required (e.g. MPLS configuration).

If using the option 43 discovery method which is commonly seen, the syntax for the option 43 value would be as followed:

 

-- The option 43 string has the following components, delimited by semicolons

  • 5A1N;—Specifies the DHCP suboption for Plug and Play, active operation, version 1, no debug information. It is not necessary to change this part of the string.

  • B2;—IP address type:

    • B1 = hostname

    • B2 = IPv4 (default)

  • Ixxx.xxx.xxx.xxx;—IP address or hostname of the APIC-EM controller (following a capital letter i). In this example, the IP address is 172.19.45.222.

  • Jxxxx—Port number to use to connect to the APIC-EM controller. In this example, the port number is 80. The default is port 80 for HTTP and port 443 for HTTPS.

  • K4;—Transport protocol to be used between the Cisco Plug and Play IOS Agent and the server:

    • K4 = HTTP (default)

    • K5 = HTTPS

  • TtrustpoolBundleURL;—Optional parameter that specifies the external URL of the trustpool bundle if it is to be retrieved from a different location than the default, which is the APIC-EM controller, which gets the bundle from the Cisco InfoSec cloud (http://www.cisco.com/security/pki/). For example, to download the bundle from a TFTP server at 10.30.30.10, you would specify the parameter like this: Ttftp://10.30.30.10/ios.p7b

    If you are using trustpool security and you do not specify the T parameter, the device retrieves the trustpool bundle from the APIC-EM controller.

  • Zxxx.xxx.xxx.xxx;—IP address of the NTP server. This parameter is mandatory when using trustpool security to ensure that all devices are synchronized.

** For Example: 

5A1N;B2;K4;I172.19.45.222;J80

 

The following is a great document which goes over PNP on DNA center:

-- https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Plug-and-Play/solution/guidexml/b_pnp-solution-guide.html

View solution in original post

Thank you for the detailed explanation. Appreciate it!

Hi, 

Thank you for this explanatation. 

 

I will use dna  to automate configuration ( with PNP not part of underlay network) and benifit also from other option ( Assurance, inventary, golden image,....). 

 

My question is : 

 

1- Are there any limitation  ( nombre of hop) to do automation with PNP ? 

 

thanks.

Assuming you've taken care of setting up one of the methods to have PnP client learn about the controller, and there is 2 way communication, then I would expect PnP to work. There should be no limitation for number of hops. If your network does not allow vlan 1, which is used by default, then the upstream switch can be configured with "pnp startup-vlan " to communicate the correct vlan to the PnP client.

Hello Preston Chilcote.
Thank you very much.

Hello, 

 

I had installed DNAC following Cisco Guide, and i 'm facing a big problem with connectivity from my network to the DNAC Enterprise port. Cisco guide installation for DNA 2nd generation says that the Default Gateway and static routes are required respectively for Enterprise port ( Default-gateway) and Management Interface. 

 

My configuration seams like this : 

 

Enterprise port ( Enp94S0F0) :  IP  192.168.128.240/24 

 

                                               D.Gateway : 192.168.128.254  ( My SVI) 

 

                                                DNS : Blank 

 

Management Port  (eno1) : 10.3.0.240/24

                                        D.Gateway Blank 

                       

                                        DNS :192.168.10.10, 192.168.10,20

 

                                       Static routes :  10.0.0.0/255.0.0.0/10.3.0.254

                                                              192.168.0.0/255.255.0.0./10.3.0.25

 

Ping with IP adresses sources from 192.168.0.0/16 or 10.0.0.0/8 Subnets to Entrperise port : Does't work 

Ping from Gateway ( 192.168.128.254) to enterprise port : Ok, ping Work 

Ping from IP addresses sourced frome 172.16.0.0/12 to Enterprise Port : OK, it replay

 

I REALISAD that the issue is with Static and Gateway configuration ( statics routes take precedence), for that: 

 

1  - How will be the right and correct configuration for my Ent and Management ports 

 

2 - Is there any way to correct this issue 

 

Thank u in advance

 

Where are the hosts you are pinging from?  Off the Enterprise port or management port?  If they are off the enterprise port, then you will need to adjust your static routing on the management interface so that those networks are not included.  You can edit those routes with "sudo maglev-config update" from the maglev shell.