01-24-2019 05:37 AM
I have DNAC running 1.2.6 code, and a brand new C9410R switch that I want to provision using PnP and then push a simple template to.
I have finally got PnP to work (C9410R gets an IP address via option 43 from the DHCP server and the logs show a 'PnP Successful' message).
However the template doesn't push. I have followed the useful blog by Adam Radford on the subject, and created the workflow etc.
Are there any other decent sources of information on the PnP process and using the DNAC Template Manager to push a simple template in a Day 0 or Day 1 provisioning scenario?
Thank you.
01-24-2019 08:27 AM
Hi there,
Are you pre-provisioning the device? If not is the device showing up as an unclaimed device?
cheers,
Seb.
01-24-2019 08:43 AM
Hey Seb,
Yes it does appear in the unclaimed section you are correct!
I thought I had pre-provisioned the device by 'Adding + Claiming' the device in the 'Add Device' section under the 'Network Plug and Play' app.
I added the device serial number here, but I have a small confession - the Product ID (C9410R) wasn't listed so I used something very similar.
Is this a show stopper?
01-24-2019 12:11 PM
hmmm...well if it appears in the unclaimed list there is something wrong with your pre-provisioning information.
It could be the incorrect platform you have chosen. According to:
....the C9410R is supported, so should be listed.
Are you able to deploy the device if you follow the subsequent steps after claiming it?
cheers,
Seb.
01-25-2019 02:44 AM
Hello,
I am unable to deploy the device by claiming it and get this error:
The onboarding status is 'Not Contacted':
I tried to re-add the device to the workflow under the C9410R designation but I still cannot find it listed:
I'm not sure if I've missed a step in the workflow, or if its the missing Product ID that is having an impact.
What do you think?
01-27-2019 11:35 PM
Your C9410R may no longer be in a factory default state which is what many be causing that error. Try this set of commands fro the APIC-EM deployment guide (the same PnP agent is used) on your switch:
config terminal no pnp profile pnp-zero-touch no crypto pki certificate pool config-register 0x2102 (for non-default ROMMON only) end delete /force vlan.dat (for Switch platforms only) delete /force nvram:*.cer delete /force stby-nvram:*.cer (for HA system only) write erase (answer no when asked to save) reload
cheers,
Seb.
01-30-2019 08:35 AM
Thank you Seb,
The process seemed to get a bit further after issuing the command sequence you described.
Unfortunately now, it seems to error around a certificate issue:
Seems to be a certificate issue?
Thank you
Stephen
02-11-2019 01:51 AM
I tried switching the DHCP 43 option to K5 to use 443 and Trustpool in case that was the issue.
The PnP connection and Trustpool seems to work ok on the switch, but then it just loop round as if waiting to do something like this:
Feb 8 15:19:19.564: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified. Issue "write memory" to save new IOS PKI configuration
Feb 8 15:19:19.623: %PNP-6-HTTP_CONNECTING: PnP Discovery trying to connect to PnP server https://52.203.231.173:443/pnp/HELLO
Feb 8 15:19:19.623: port is 443
Feb 8 15:19:20.135: %PNP-6-HTTP_CONNECTED: PnP Discovery connected to PnP server https://52.203.231.173:443/pnp/HELLO
Feb 8 15:19:21.139: port is 443
Feb 8 15:19:21.861: port is 443
Loading http://172.16.0.2/ca/trustpool !!!!
Feb 8 15:20:40.162: port is 80
Feb 8 15:20:40.384: %PKI-6-TRUSTPOOL_DOWNLOAD_SUCCESS: Trustpool Download is successful
Feb 8 15:20:40.385: port is 80
Feb 8 15:20:41.394: %PNP-6-HTTP_CONNECTING: PnP Discovery trying to connect to PnP server https://172.16.0.2:443/pnp/HELLO
Feb 8 15:20:41.394: port is 443
Feb 8 15:20:51.402: port is 443
Loading http://172.16.0.2/ca/trustpool !!!!
Feb 8 15:22:28.450: port is 80
Feb 8 15:22:28.670: %PKI-6-TRUSTPOOL_DOWNLOAD_SUCCESS: Trustpool Download is successful
Feb 8 15:22:28.671: port is 80
Feb 8 15:22:29.690: port is 443
Feb 8 15:22:39.699: port is 443
Loading http://172.16.0.2/ca/trustpool !!!!
Feb 8 15:24:16.750: port is 80
Feb 8 15:24:16.969: %PKI-6-TRUSTPOOL_DOWNLOAD_SUCCESS: Trustpool Download is successful
Feb 8 15:24:16.970: port is 80
Feb 8 15:24:17.958: port is 443
Feb 8 15:24:27.967: port is 443
Loading http://172.16.0.2/ca/trustpool !!!!
Feb 8 15:26:04.997: port is 80
Feb 8 15:26:05.238: %PKI-6-TRUSTPOOL_DOWNLOAD_SUCCESS: Trustpool Download is successful
Feb 8 15:26:05.238: port is 80
Feb 8 15:26:06.244: port is 443
Feb 8 15:26:16.252: port is 443
Loading http://172.16.0.2/ca/trustpool !!!!
Feb 8 15:27:53.304: port is 80
Feb 8 15:27:53.531: %PKI-6-TRUSTPOOL_DOWNLOAD_SUCCESS: Trustpool Download is successful
Feb 8 15:27:53.532: port is 80
Feb 8 15:27:54.614: port is 443
Feb 8 15:28:04.623: port is 443
and so on......
Has anyone seen anything like this before?
Thanks
02-11-2019 02:31 AM
It was be something particular to your switch, and I don't have one to play with.
Let's ask someone who is bound to know the answer. @aradford any ideas?
Maybe try posting to https://community.cisco.com/t5/cisco-digital-network/bd-p/5528j-disc-dev-net-dna
cheers,
Seb.
02-11-2019 10:12 AM
Hi, i just saw this as you mentioned me.
The PID is not really required in 1.2.6. You can actually create your own if you need.
looking at the logs, it seems that the switch has not discovered your controller correctly with Option43.
I see the first line which is connecting to the CCO pnp server https://52.203.231.173:443/pnp/HELLO
If you are using option 43, it should discover your controller directly and connect.
a couple of things:
- what is the version of code on the 9400?
- are you using a real certificate on the DNAC vs self signed (i suspect self signed)?
- what is the current status of the device in the DNAC pnp app? I assume you are using the pnp-app, not the unclaimed workflow in provisioning?
Adam
As a
02-12-2019 12:29 AM
Hello Adam,
- The IOS is 16.6.4.a on the C4910R
- Using a self-signed cert in DNA, correct.
- Current status is 'planned' and 'Not Contacted'. And also correct - using the PnP App and not the unclaimed workflow in provisioning.
Basically, I leeched your blog post 'See How to Use the Plug and Play Template Editor in Cisco DNA Center – Part 3' and followed that the best I could!
Greatly appreciate your help
Stephen
02-12-2019 02:04 AM
I should have also shown our DHCP configuration on our ASA:
5A1N;B2;K5;I172.16.0.2;J443
02-12-2019 10:23 AM
02-13-2019 09:35 AM
Hi Adam,
Yes, we were able to change to HTTP 80 (5A1D;B2;K4;I172.16.0.2;J80), cleaned the switch down, and tried again with the following console output:
*Feb 13 16:06:01.771: port is 80
*Feb 13 16:06:01.802: port is 80
*Feb 13 16:06:07.775: %PNP-6-PROFILE_CONFIG: PnP Discovery profile pnp-zero-touch configured
*Feb 13 16:06:08.390: %SSH-5-ENABLED: SSH 1.99 has been enabled
*Feb 13 16:06:08.415: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified. Issue "write memory" to save new IOS PKI configuration
%Error opening tftp://255.255.255.255/Switch.csltd.network-confg (Timed out)
*Feb 13 16:06:11.749: AUTOINSTALL: Tftp script execution not successful for Gi0/0.
*Feb 13 16:06:30.981: %PNP-6-PNP_DISCOVERY_DONE: PnP Discovery done successfully
*Feb 13 16:08:01.801: port is 80
*Feb 13 16:08:01.820: port is 80
*Feb 13 16:10:01.820: port is 80
*Feb 13 16:10:01.836: port is 80
*Feb 13 16:12:01.836: port is 80
*Feb 13 16:12:01.853: port is 80
*Feb 13 16:14:01.853: port is 80
*Feb 13 16:14:01.868: port is 80
*Feb 13 16:16:01.869: port is 80
*Feb 13 16:16:01.886: port is 80
*Feb 13 16:18:01.886: port is 80
*Feb 13 16:18:01.901: port is 80
*Feb 13 16:20:01.900: port is 80
*Feb 13 16:20:01.917: port is 80
*Feb 13 16:22:01.918: port is 80
and so on...
Beginning to think I must have made some configuration error.
02-13-2019 09:50 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide