Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6623
Views
26
Helpful
21
Replies

Design Recommendation for APIC-EM Network

Go to solution
Claudia de Luna
Spotlight
Spotlight

‎12-08-2016 07:29 AM - edited ‎03-01-2019 04:34 AM

Hi,

We are working on building out a proof of concept for zero touch provisioning and would like to focus on APIC-EM.

We have a temp server that we are using for a single APIC-EM VM.  Its an ESXi 5.5 host. Along with that we have a MS DHCP server configured to provide option 43.  We are running 1.3.1.9 as a standalone server.

Eth0 of the host goes to an external network with services (NTP etc.), Eth1 goes to the private "Provisioning Network".  The APIC-EM VM is similarly configured so that it is accessible for scripting etc on its first interface and has access to the private network on the second interface.

Everything seems to be working as expected except that we can't seem to successfully use the PnP application.  I've tried disabling the "external interface" so that only the private network is available thinking the network interfaces were more 'HA' /NIC Teaming but that did not make any difference.

We've tried a variety of devices which all meet the minimum requirements for hardware and software

2901 ISR (Gen2)

2960S Switch

3650 Switch

We've tried projects as well as just seeing they will be "discovered" without success.

The devices do get an IP address and they start the AutoInstall process and the APIC-EM never recognizes them, pre-provisioined or not.

Here is the log from the 2960S

```

*Mar  1 00:02:26.098: %SYS-5-RESTART: System restarted --

Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2011 by Cisco Systems, Inc.

Compiled Thu 21-Jul-11 02:22 by prod_rel_team

*Mar  1 00:02:27.634: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down

to up

*Mar  1 00:02:29.107: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45.

*Mar  1 00:02:30.444: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to up

*Mar  1 00:02:58.446: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

*Mar  1 00:03:09.215: AUTOINSTALL: Vlan1 is assigned 192.0.2.102 got vend id vend spec. info ret: succeed

*Mar  1 00:03:19.224: AUTOINSTALL: Obtain siaddr 192.0.2.100 (as config server) <--.100 is the DHCP server

%Error opening tftp://192.0.2.100/network-confg (Timed out)

%Error opening tftp://192.0.2.100/cisconet.cfg (Timed out)

%Error opening tftp://192.0.2.100/router-confg (Timed out)

%Error opening tftp://192.0.2.100/ciscortr.cfg (Timed out)

%Error opening tftp://192.0.2.100/network-confg (Timed out)

%Error opening tftp://192.0.2.100/cisconet.cfg (Timed out)

%Error opening tftp://192.0.2.100/router-confg (Timed out)

```

Any suggestions on where to look for issues would be very welcome!

Thanks!

Labels:
Preview file
43 KB
21 Replies 21

Go to solution
aradford
Cisco Employee
Cisco Employee
In response to Claudia de Luna

‎12-08-2016 05:40 PM

Sorry about typo.. i have corrected that now.

a couple more questions:

1) for the 2960S, can you manually create a pnp profile?  does the option 43 get received by the device?

2) 3650#2.  SNMP should not be required until after the PnP process is complete (the controller adds it to the inventory).  Are you using VLAN 1 for management, and what version of code on the 3650.

3) 3650#1.  A rule binds a serial number to an image/config file.  if the deployment fails you need to wait for an error timeout (16mins for config).  Once this occurs you can remove the rule and start again.

Adam

0 Helpful

Go to solution
Claudia de Luna
Spotlight
Spotlight
In response to aradford

‎12-08-2016 05:53 PM

going from bottom to top starting with your 3)

3) Thanks for the details on the timeout.  I think that is consistent with what I saw.

2) I am using Vlan1 - trying to keep it very simple.

Not sure why changing the SNMP to 30sec should have made a difference. Possible I didn't wait long enough....I tried it with the default value and it never came up in APIC-EM. Once I updated that it seemed to come right up.

1) So this one is still not working.  I've upgraded it to 15 code and now the pnp commands are there (no debug) but when I manually configure it just keeps trying the APIC-EM but never gets a response.  It does get an IP from the IOS DHCP server so I'm assuming it gets DHCP option 43 as the other devices seem to be now but I've not done any packet captures.

Switch(config)#

Switch(config)#pnp profile manual-test

Switch(config-pnp-init)#transport http ipv4 192.0.2.2 port 80

Switch(config-pnp-init)#end

Switch#d

Mar 30 01:35:35.988: %SYS-5-CONFIG_I: Configured from console by consolee

% Ambiguous command:  "de"

Switch#debug pnp ?

% Unrecognized command

Switch#debug pnp

              ^

% Invalid input detected at '^' marker.

Switch#show pnp profile

Initiator Profile manual-test: 0 open connections: 0 closing connections

  Encap: pnp

  WSSE header is not required. Configured authorization level is 1

  Max message (RX) is 50 Kbytes

  XEP Faults are sent

  Idle timeout infinite

  Keepalive not configured

  Reconnect time 60 seconds

  Primary transport: http to host 192.0.2.2, port 80, URL onplusops/WORK-REQUEST

  Not connected, next reconnect attempt in 41 seconds

Switch#

Go to solution
aradford
Cisco Employee
Cisco Employee
In response to Claudia de Luna

‎12-08-2016 06:16 PM

I just took a closer look at the 2960s.

that version of code is very old.c2960s-universalk9-mz.122-58.SE2.bin (27-JUL-2011).  There is no way that will work.

PnP release notes require the following min version of code for 2960S 15.2.2E3, 15.2.3E2, 15.2.4E1

There is a c2960s-universalk9-mz.152-2.E5a.bin (Oct 2016) that should work well (and have debugging)!

unfortunately, you have a "bootstrap" issue.  you need to upgrade to 15.2(2)E5a before you can test pnp.

0 Helpful

Go to solution
Claudia de Luna
Spotlight
Spotlight
In response to aradford

‎12-08-2016 06:26 PM

Thank you for that!

So I am checking for support info here:

Supported Platforms for the Cisco Application Policy Infrastructure Controller Enterprise Module, Release 1.3.0.x - Cis…

am I reading this wrong?  I assumed that Base Apps support included PnP?  but maybe not since the other column headings could be included in the "base apps"....

Supported Switches

Minimum Software Version

1

Recommended Software Version

Base Apps

Support

Path Trace

Support

EasyQoS

Support

Path Stats Interface

Path Stats QoS

Catalyst 2960-S Series switches, including stacks

>=12.1

Cisco IOS 15.2(1)E1, 12.2(58)SE2

Yes

Yes

Yes

Yes

No

Understand the bootstrapping issue...NP...this is for a demo so I'll upgrade to your suggested version.

Thx!

Go to solution
aradford
Cisco Employee
Cisco Employee
In response to Claudia de Luna

‎12-08-2016 07:48 PM

Hi Claudia,

the base apps are discovery/topology/path trace.

PnP has it's own set of release notes as the PnP feature requires specific IOS support for the PnP agent.  We can make base apps work on most versions of IOS, PnP is quite specific.

Release Notes for Cisco Network Plug and Play, Release 1.3x - Cisco

0 Helpful

Go to solution
aradford
Cisco Employee
Cisco Employee
In response to Claudia de Luna

‎12-08-2016 07:51 PM

Here is a sample windows DHCP config from a colleague of minepnp-windows.png

0 Helpful

Go to solution
aradford
Cisco Employee
Cisco Employee
In response to Claudia de Luna

‎12-08-2016 02:31 PM

Thanks Claudia :-),

glad it is under control.  Good catch on three common issues. CCP is also a common gotcha.

Let us know if there is anything else we can help with?

Not sure if you have seen my blogs, but sometimes that can also help.  There are quite a few on different pnp deployment models

My Blog Index

Adam

Customers Also Viewed These Support Documents