02-07-2018 05:12 AM - edited 03-01-2019 04:42 AM
Hi,
We got new devices for testing and now I'm trying to test provisioning. Officially this model is not supported, at least when you are adding new device you can't choose product id (C1117-4PM) from the list in APIC-EM.
The problem is :
Due to advanced configuration of routers (distinct VRF for management) there is configuration:
pnp profile pnp-zero-touch
backup transport https host 10.10.10.10 port 443 vrf for_management
So after device got all configuration it looses it connection with main transport but after sometime it should be able to connect to backup with source vrf. I have tested this config with ISR4321 and it works.
But with C1117-4PM seems that it doesn't try to connect to backup transport.
Here is output of show pnp profile:
PnP Profiles: Active:1, Created:1, Deleted:0, Hidden:0
Name CBType Node Primary-Path Primary-Trans Backup-Trans
pnp-zero-touch DNS visible pnp/WORK-REQUEST HTTPS HTTPS
Initiator Profile pnp-zero-touch: 1 open connections: 0 closing connections
Encap: pnp
WSSE header is not required. Configured authorization level is 1
SID:[-], LastSID:[-], ChangedCount:0, SIDAuthOnly:No, MustValidate:No, MustRenew:No
Work-Request Tracking: Validation Yes, Total 17, SID=[-], Violation 0, PSR 0, PSB 0
Pending-WR: X/M/R=6/0/6, UDI=[PID:C1117-4PM,VID:V01,SN:FGL212991CZ], SID=[-], Correlator=[CiscoPnP-1.0-14-229-7F800A5060-12]
Last-WR: X/M/R=2/1/0, UDI=[PID:C1117-4PM,VID:V01,SN:FGL212991CZ], SID=[-], Correlator=[CiscoPnP-1.0-13-229-7F7E7D5DB8-11]
PnP Request Tracking: Current:[config-upgrade], Last:[cli-config], First:[device-info]
Total:10, OK:9, Failed:1, LastFailed:[config-upgrade]
PnP Response Tracking: Retry-Allowed 0, Total 0
Last-PR: X/M/R=0/0/0, UDI=[PID:C1117-4PM,VID:V01,SN:FGL212991CZ], SID=[-], Correlator=[CiscoPnP-1.0-13-229-7F7E7D5DB8-11]
PnP Backoff Time Tracking: Default 60, Current 60, Last 60, First:60, OK:2, Failed:0
Countdown: Security Unlock: S=3/F=0/T=3068, Service Lock: S=2/F=0/T=0, Service Req Wait: S=0/F=0/T=18, Prxoy Req Wait S=120/F=0/T=0, Service Resp Ack: S=25/F=0/T=0
Max message (RX) is 50 Kbytes
XEP Faults are sent
Idle timeout infinite
Keepalive not configured
Primary Transport:https to Host:pnpserver.mydomain.com, IP:?.?.?.?, Port:443, Src-Intf:-, VRF:-, URL pnp/WORK-REQUEST
Backup Transport:https to Host:10.10.10.10, IP:IPv4, Port:443, Src-Intf:-, VRF:ad-1003, URL pnp/WORK-REQUEST
backup excluded time 0 seconds, backup hold time infinite
Connected to the primary transport via https
Remote connection via HTTP client. URL https://pnpserver.mydomain.com:443/pnp/WORK-REQUEST, post
Established at 13:44:02.917 CET Wed Feb 7 2018
Tx 32301 bytes (43 msg), Tx 24 errors,
Last message sent at 13:55:00.998 CET Wed Feb 7 2018
Rx 6403 bytes (19 msg), 0 empty msg
Last message received at 13:46:50.742 CET Wed Feb 7 2018
As you can see it is is connected to primary and do not try to connect with backup transport.
Maybe someone has an idea how to fix it ?
IOS version Version 16.6.2
APIC-EM Version 1.5.0.1368.
02-08-2018 05:57 AM
Found a workaround not sure is it ok.
Just added another pnp profile to config:
pnp profile pnp-zero-touch_2
transport https host 10.10.10.10 port 443 vrf VRF_NAME
After 60 sec router is trying to complete provisioning process through different profile.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide