cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12058
Views
17
Helpful
15
Replies

PNP DHCP option 43

AB24
Level 1
Level 1

Hi,

I would like to use the G0 mgmt interface of a ISR4000 series router to do PNP. Is there a way to define the vrf that pnp should use via option 43? I can set the vrf for PNP http server to Mgmt-intf on the cli. It would be great if this could be done via DHCP option 43 as well.

Thanks

1 Accepted Solution

Accepted Solutions

aradford
Cisco Employee
Cisco Employee

That is something we are working on.  In the meantime you can use a "bootstrap config" as a workaround.

where 10.10.10.10 should be replaced by the IP address of your controller.

bootstrap.config

---------------------

interface GigabitEthernet0/0

vrf forwarding Mgmt-vrf

ip address dhcp

negotiation auto

no shutdown

!

ip http client source-interface GigabitEthernet0/0

!

pnp profile VRF-PROFILE

transport https ipv4 10.10.10.10 port 443 source GigabitEthernet0/0

!

end

View solution in original post

15 Replies 15

Geevarghese Cheria
Cisco Employee
Cisco Employee

Hi,

Did you had chance to tryout the  steps mentioned in the Solution Guide for Cisco Network Plug and Play - Cisco

for configuring DHCP for APIC-EM Controller Auto-Discovery

Thanks and Regards,

Geevarghese

Yes, I used this documentation to set the environment up. However, I would like to use the mgmt interface of the router which is in a separate vrf. Using the option 43 causes the router to try to connect to APIC-EM via the global routing table which does not work in this case. Thats why I would like to know if there is a way to specify the vrf in option 43.

aradford
Cisco Employee
Cisco Employee

That is something we are working on.  In the meantime you can use a "bootstrap config" as a workaround.

where 10.10.10.10 should be replaced by the IP address of your controller.

bootstrap.config

---------------------

interface GigabitEthernet0/0

vrf forwarding Mgmt-vrf

ip address dhcp

negotiation auto

no shutdown

!

ip http client source-interface GigabitEthernet0/0

!

pnp profile VRF-PROFILE

transport https ipv4 10.10.10.10 port 443 source GigabitEthernet0/0

!

end

I would like VRF support as well, since both the outside-facing interfaces will be in fvrfs.

It looks like as soon as the router hits the 'vrf forwarding' command on the interface communication fails and the autoconfig is over

vrf def internet

vrf def mpls

int gi 1

vrf fo mpls

ip addr x.x.x.x

ip route vrf mpls 0 0 x.x.x.x

int gi 2

vrf fo internet

ip addr x.x.x.x

ip route vrf internet 0 0 x.x.x.x

you could also do the vrf configuration as a "Self-erasing EEM" script.  This is a workaround for the moment.

==Now add EEM script commands to be executed /triggered after say 4 min ..==

event manager applet POST_PNP
event timer countdown time 240
action 1.0 cli command "enable"
action 1.1 cli command "config t"
action 1.2 cli command "interface GigabitEthernet1"

action 1.3 cli command "vrf fo mpls"

action 1.4 cli command "ip add x.x.x.x"

action 1.5 cli command "ip route vrf mpls 0 0 x.x.x.x"

action 1.7 cli command "exit"

action 1.8 cli command "no event manager applet POST_PNP"

action 1.9 cli command "end"

action 2.0 cli command "exit"

=== end of EEM script commands to set VRF forwarding on interface ==

Thanks. I'll try it. I was hoping I could open one interface with the bootstrap config which sets the tftp source interface but I guess APIC EM doesn't send the bootstrap. What does the bootstrap do?

Sorry Tom. 

I should have been clearer on the bootstrap config.  You would need to put that on the device out of band.  You can use an iPhone PnP app (with console cable) or a USB stick.  It is an initial piece of config that allow the device to talk to APIC.

The EEM script is an alternative way of doing it inband.

Hi,

Can we use only the Loopback interface to contact APIC-EM ?

Hi Adam,

I have a some question.
How different between bootstrap config and template config ?

Thanks.

Kwanchai

Good question.

"Bootstrap" is an alternative to option43/dns discovery.  It is a small amount of config to bring up an interface, give it an IP address and config a route.  You also include the IP address of the controller in this config.  It contains no credentials or other sensitive information.

Templates are deployed by the controller onto the device.  they contain the full configuration for the device.

Adam

Hi Adam aradford

Since it seems that the bootstrap is deployed on a router through a flash drive or phone what is the purpose of storing the bootstrap in a project on the APIC-EM?  The controller doesn't send it to the router and I am not sure there is a built-in way to download or edit the bootstrap once it is stored in the project.

Hi Tom,

that is a good question.  Hopefully i have a good answer for you.

There is a workflow where you can define a rule without a serial number.

An installer can use the smartphone PnP app, and get a list of "serial free" rules in a project.  They can scan the serial number of the device they are installing, and use the PnP app (with a special serial cable) to download the bootstrap config onto the device.  At the same time, the serial number is added to the rule on APIC-EM.

The device can then be provisioned.

Adam

That is indeed a very good answer. Thank you very much!

I have been focused on workflows that require only very minimal skillset at the remote site.

I can see the utility of this however.

aradford
Cisco Employee
Cisco Employee

Hi Sebastien,

Are you asking if you can specify a bootstrap config (similar to above) and use a loopback as a source address?

If so, you can specify any address (corrected) interface as the source for the pnp profile.

Adam