cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1082
Views
0
Helpful
2
Replies

APIC-EM Hub/Spoke

usrana
Cisco Employee
Cisco Employee

Hi Experts,

I'm new to APIC-EM and would like clear up few confusing point that I'm not able to understand from the documentation.

After deploying the APIC-EM in ESXi, I access the controller from management IP, then I install CSR1000v in ESXi which is going to be my MC.

then I connect brand new 4331 to my LAN which is going to be my HUB router, what do I need to configure on the HUB router before I can configure the HUB site in APIC-EM? OR is it plug and play?

Can someone explain how can I complete following tasks.

1. configure PKI on CSR1000v and also make this as MC.

2. configure HUB router with zero touch deployment? or would I need to configure LAN and WAN interfaces and then define hub site in APIC-EM?

3. How can I configure branch router (zero touch deployment).

your guidance and help is highly appreciated.

UR

2 Replies 2

Geevarghese Cheria
Cisco Employee
Cisco Employee

Hi Usman,

Did you had any chance to refer the following document - Deploying and Configuring IWAN on APIC-EM.

After specifying the settings on Configure Hub Site and Settings and Apply Network Wide Settings, only you can select “Set up Branch Sites” to provision the branch sites.

   For PnP - The network is used to deploy Cisco 4000 Series Integrated Services Routers (ISRs) in new sites. When the controller scanner discovers a new router, it creates a Network Information Database (NIDB) entry for it and then automatically configures it. This capability eliminates manual intervention, saving you time and helping prevent errors. All you need to do is connect the cable and power up the device.

Thanks and Regards,

Geevarghese

aradford
Cisco Employee
Cisco Employee

Hi Usman,

quick answers to your questions:

1) PKI is configured automatically.  APIC-EM has a PKI Certificate server built-in.  You select the MC as a check box on the topology for the HUB site.

2) You do not configure the HUB router with PnP.  It is assumed you have two HUB routers deployed.  They only need to have connectivity to the WAN services.  APIC-EM is responsible for all of the IWAN Config on the HUB routers:  DMVPN, PfR, QoS, AVC etc.

3) The spoke routers are deployed using PnP.  The spoke will contact APIC-EM and then you indicate which interface is LAN and WAN services and the controller deploys the full configuration to the spoke.  There are a variety of different mechanisms the spoke can use to discover the APIC-EM, all of which are documented in the PnP solution guide Solution Guide for Cisco Network Plug and Play - Cisco (DNS, DHCP, iPhone, USB, and soon a cloud service)