Hey Seb,

Yes it does appear in the unclaimed section you are correct!

I thought I had pre-provisioned the device by 'Adding + Claiming' the device in the 'Add Device' section under the 'Network Plug and Play' app.

I added the device serial number here, but I have a small confession - the Product ID (C9410R) wasn't listed so I used something very similar.

Is this a show stopper?

hmmm...well if it appears in the unclaimed list there is something wrong with your pre-provisioning information.

It could be the incorrect platform you have chosen. According to: 

https://www.cisco.com/c/dam/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-2/supported/devices/DNAC12-Supported-Devices-List.xlsx

....the C9410R is supported, so should be listed.

Are you able to deploy the device if you follow the subsequent steps after claiming it?

cheers,

Seb.

Hello,

I am unable to deploy the device by claiming it and get this error:

The onboarding status is 'Not Contacted':

I tried to re-add the device to the workflow under the C9410R designation but I still cannot find it listed:

I'm not sure if I've missed a step in the workflow, or if its the missing Product ID that is having an impact.

What do you think?

Your C9410R may no longer be in a factory default state which is what many be causing that error. Try this set of commands fro the APIC-EM deployment guide (the same PnP agent is used) on your switch:

config terminal
no pnp profile pnp-zero-touch
no crypto pki certificate pool
config-register 0x2102  (for non-default ROMMON only)
end
delete /force vlan.dat  (for Switch platforms only)
delete /force nvram:*.cer
delete /force stby-nvram:*.cer  (for HA system only)
write erase  (answer no when asked to save)
reload

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Plug-and-Play/solution/guidexml/b_pnp-solution-guide.html#con_115686

cheers,

Seb.

Thank you Seb,

The process seemed to get a bit further after issuing the command sequence you described.

Unfortunately now, it seems to error around a certificate issue:

Seems to be a certificate issue?

Thank you

Stephen

I tried switching the DHCP 43 option to K5 to use 443 and Trustpool in case that was the issue.

The PnP connection and Trustpool seems to work ok on the switch, but then it just loop round as if waiting to do something like this:

Feb  8 15:19:19.564: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified.  Issue "write memory" to save new IOS PKI configuration
Feb  8 15:19:19.623: %PNP-6-HTTP_CONNECTING: PnP Discovery trying to connect to PnP server https://52.203.231.173:443/pnp/HELLO
Feb  8 15:19:19.623:  port is 443
Feb  8 15:19:20.135: %PNP-6-HTTP_CONNECTED: PnP Discovery connected to PnP server https://52.203.231.173:443/pnp/HELLO
Feb  8 15:19:21.139:  port is 443
Feb  8 15:19:21.861:  port is 443
Loading http://172.16.0.2/ca/trustpool !!!!
Feb  8 15:20:40.162:  port is 80
Feb  8 15:20:40.384: %PKI-6-TRUSTPOOL_DOWNLOAD_SUCCESS: Trustpool Download is successful
Feb  8 15:20:40.385:  port is 80
Feb  8 15:20:41.394: %PNP-6-HTTP_CONNECTING: PnP Discovery trying to connect to PnP server https://172.16.0.2:443/pnp/HELLO
Feb  8 15:20:41.394:  port is 443
Feb  8 15:20:51.402:  port is 443
Loading http://172.16.0.2/ca/trustpool !!!!
Feb  8 15:22:28.450:  port is 80
Feb  8 15:22:28.670: %PKI-6-TRUSTPOOL_DOWNLOAD_SUCCESS: Trustpool Download is successful
Feb  8 15:22:28.671:  port is 80
Feb  8 15:22:29.690:  port is 443
Feb  8 15:22:39.699:  port is 443
Loading http://172.16.0.2/ca/trustpool !!!!
Feb  8 15:24:16.750:  port is 80
Feb  8 15:24:16.969: %PKI-6-TRUSTPOOL_DOWNLOAD_SUCCESS: Trustpool Download is successful
Feb  8 15:24:16.970:  port is 80
Feb  8 15:24:17.958:  port is 443
Feb  8 15:24:27.967:  port is 443
Loading http://172.16.0.2/ca/trustpool !!!!
Feb  8 15:26:04.997:  port is 80
Feb  8 15:26:05.238: %PKI-6-TRUSTPOOL_DOWNLOAD_SUCCESS: Trustpool Download is successful
Feb  8 15:26:05.238:  port is 80
Feb  8 15:26:06.244:  port is 443
Feb  8 15:26:16.252:  port is 443
Loading http://172.16.0.2/ca/trustpool !!!!
Feb  8 15:27:53.304:  port is 80
Feb  8 15:27:53.531: %PKI-6-TRUSTPOOL_DOWNLOAD_SUCCESS: Trustpool Download is successful
Feb  8 15:27:53.532:  port is 80
Feb  8 15:27:54.614:  port is 443
Feb  8 15:28:04.623:  port is 443

and so on......

Has anyone seen anything like this before?

Thanks

It was be something particular to your switch, and I don't have one to play with.

Let's ask someone who is bound to know the answer. @aradford any ideas?

Maybe try posting to https://community.cisco.com/t5/cisco-digital-network/bd-p/5528j-disc-dev-net-dna

cheers,

Seb.

Hi, i just saw this as you mentioned me.

The PID is not really required in 1.2.6.  You can actually create your own if you need.

looking at the logs, it seems that the switch has not discovered your controller correctly with Option43.

I see the first line which is connecting to the CCO pnp server https://52.203.231.173:443/pnp/HELLO

If you are using option 43, it should discover your controller directly and connect.

a couple of things:

- what is the version of code on the 9400?

- are you using a real certificate on the DNAC vs self signed (i suspect self signed)?

- what is the current status of the device in the DNAC pnp app?  I assume you are using the pnp-app, not the unclaimed workflow in provisioning?

Adam

As a 

Hello Adam,

- The IOS is 16.6.4.a on the C4910R

- Using a self-signed cert in DNA, correct.

- Current status is 'planned' and 'Not Contacted'.  And also correct - using the PnP App and not the unclaimed workflow in provisioning.

Basically, I leeched your blog post 'See How to Use the Plug and Play Template Editor in Cisco DNA Center – Part 3' and followed that the best I could!

Greatly appreciate your help

Stephen

I should have also shown our DHCP configuration on our ASA:

5A1N;B2;K5;I172.16.0.2;J443

Hi Adam,

Yes, we were able to change to HTTP 80 (5A1D;B2;K4;I172.16.0.2;J80), cleaned the switch down, and tried again with the following console output:

*Feb 13 16:06:01.771:  port is 80
*Feb 13 16:06:01.802:  port is 80
*Feb 13 16:06:07.775: %PNP-6-PROFILE_CONFIG: PnP Discovery profile pnp-zero-touch configured
*Feb 13 16:06:08.390: %SSH-5-ENABLED: SSH 1.99 has been enabled
*Feb 13 16:06:08.415: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified.  Issue "write memory" to save new IOS PKI configuration
%Error opening tftp://255.255.255.255/Switch.csltd.network-confg (Timed out)
*Feb 13 16:06:11.749: AUTOINSTALL: Tftp script execution not successful for Gi0/0.
*Feb 13 16:06:30.981: %PNP-6-PNP_DISCOVERY_DONE: PnP Discovery done successfully
*Feb 13 16:08:01.801:  port is 80
*Feb 13 16:08:01.820:  port is 80
*Feb 13 16:10:01.820:  port is 80
*Feb 13 16:10:01.836:  port is 80
*Feb 13 16:12:01.836:  port is 80
*Feb 13 16:12:01.853:  port is 80
*Feb 13 16:14:01.853:  port is 80
*Feb 13 16:14:01.868:  port is 80
*Feb 13 16:16:01.869:  port is 80
*Feb 13 16:16:01.886:  port is 80
*Feb 13 16:18:01.886:  port is 80
*Feb 13 16:18:01.901:  port is 80
*Feb 13 16:20:01.900:  port is 80
*Feb 13 16:20:01.917:  port is 80
*Feb 13 16:22:01.918:  port is 80

and so on...

Beginning to think I must have made some configuration error.