Showing results for 
Search instead for 
Did you mean: 
Cisco Employee

PnP with day 0 template



Is PnP with day 0 template same as LAN automation or is this different? I am familiar with LAN automation using seed device. But how do you configure a new layer-2 access switch(not part of SDA fabric) using PnP with day 0 template?


Accepted Solutions
Cisco Employee

PNP & LAN automation are similar but they are completely different in terms of what they accomplish in DNA center. LAN automation is the feature that automates Fabric underlay configuration via ISIS so that the network device is staged to be added an existing fabric. PNP is the feature that simply allows us to essentially do zero-touch provisioning in order to discover, manage, and configure brand new network devices with settings specified in DNA network settings and with configurations specified in Day-0 onboarding templates.


One of the differences between LAN automation & PNP is that we do not use a seed device when performing PNP. In PNP, there are several available discovery methods:

Discovering the Controller

The first thing that needs to happen is for the device to get in contact with the controller. There are four mechanisms you can use to make this work:

  • DHCP server, using option 43 which is set to the IP Address of the controller.
  • DHCP server, using a DNS domain name. The device will do a dns lookup of pnpserver.<your domain>
  • Cloud redirection, which is currently in controlled availability.
  • USB key. This can be used for routers and remote devices, where some initial configuration of the WAN connection is required (e.g. MPLS configuration).

If using the option 43 discovery method which is commonly seen, the syntax for the option 43 value would be as followed:


-- The option 43 string has the following components, delimited by semicolons

  • 5A1N;—Specifies the DHCP suboption for Plug and Play, active operation, version 1, no debug information. It is not necessary to change this part of the string.

  • B2;—IP address type:

    • B1 = hostname

    • B2 = IPv4 (default)

  •;—IP address or hostname of the APIC-EM controller (following a capital letter i). In this example, the IP address is

  • Jxxxx—Port number to use to connect to the APIC-EM controller. In this example, the port number is 80. The default is port 80 for HTTP and port 443 for HTTPS.

  • K4;—Transport protocol to be used between the Cisco Plug and Play IOS Agent and the server:

    • K4 = HTTP (default)

    • K5 = HTTPS

  • TtrustpoolBundleURL;—Optional parameter that specifies the external URL of the trustpool bundle if it is to be retrieved from a different location than the default, which is the APIC-EM controller, which gets the bundle from the Cisco InfoSec cloud ( For example, to download the bundle from a TFTP server at, you would specify the parameter like this: Ttftp://

    If you are using trustpool security and you do not specify the T parameter, the device retrieves the trustpool bundle from the APIC-EM controller.

  •;—IP address of the NTP server. This parameter is mandatory when using trustpool security to ensure that all devices are synchronized.

** For Example: 



The following is a great document which goes over PNP on DNA center:


View solution in original post

Cisco Employee