Yes, I used this documentation to set the environment up. However, I would like to use the mgmt interface of the router which is in a separate vrf. Using the option 43 causes the router to try to connect to APIC-EM via the global routing table which does not work in this case. Thats why I would like to know if there is a way to specify the vrf in option 43.

I would like VRF support as well, since both the outside-facing interfaces will be in fvrfs.

It looks like as soon as the router hits the 'vrf forwarding' command on the interface communication fails and the autoconfig is over

vrf def internet

vrf def mpls

int gi 1

vrf fo mpls

ip addr x.x.x.x

ip route vrf mpls 0 0 x.x.x.x

int gi 2

vrf fo internet

ip addr x.x.x.x

ip route vrf internet 0 0 x.x.x.x

you could also do the vrf configuration as a "Self-erasing EEM" script.  This is a workaround for the moment.

==Now add EEM script commands to be executed /triggered after say 4 min ..==

event manager applet POST_PNP
event timer countdown time 240
action 1.0 cli command "enable"
action 1.1 cli command "config t"
action 1.2 cli command "interface GigabitEthernet1"

action 1.3 cli command "vrf fo mpls"

action 1.4 cli command "ip add x.x.x.x"

action 1.5 cli command "ip route vrf mpls 0 0 x.x.x.x"

action 1.7 cli command "exit"

action 1.8 cli command "no event manager applet POST_PNP"

action 1.9 cli command "end"

action 2.0 cli command "exit"

=== end of EEM script commands to set VRF forwarding on interface ==

Thanks. I'll try it. I was hoping I could open one interface with the bootstrap config which sets the tftp source interface but I guess APIC EM doesn't send the bootstrap. What does the bootstrap do?

Sorry Tom. 

I should have been clearer on the bootstrap config.  You would need to put that on the device out of band.  You can use an iPhone PnP app (with console cable) or a USB stick.  It is an initial piece of config that allow the device to talk to APIC.

The EEM script is an alternative way of doing it inband.

Hi,

Can we use only the Loopback interface to contact APIC-EM ?

Hi Adam,

I have a some question.
How different between bootstrap config and template config ?

Thanks.

Kwanchai

Good question.

"Bootstrap" is an alternative to option43/dns discovery.  It is a small amount of config to bring up an interface, give it an IP address and config a route.  You also include the IP address of the controller in this config.  It contains no credentials or other sensitive information.

Templates are deployed by the controller onto the device.  they contain the full configuration for the device.

Adam

Hi Adam aradford

Since it seems that the bootstrap is deployed on a router through a flash drive or phone what is the purpose of storing the bootstrap in a project on the APIC-EM?  The controller doesn't send it to the router and I am not sure there is a built-in way to download or edit the bootstrap once it is stored in the project.

Hi Tom,

that is a good question.  Hopefully i have a good answer for you.

There is a workflow where you can define a rule without a serial number.

An installer can use the smartphone PnP app, and get a list of "serial free" rules in a project.  They can scan the serial number of the device they are installing, and use the PnP app (with a special serial cable) to download the bootstrap config onto the device.  At the same time, the serial number is added to the rule on APIC-EM.

The device can then be provisioned.

Adam

That is indeed a very good answer. Thank you very much!

I have been focused on workflows that require only very minimal skillset at the remote site.

I can see the utility of this however.