cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
669
Views
0
Helpful
2
Replies
Highlighted
Beginner

Feature request Plug&Play Prime APIC-EM to be really zero touch.

Sometimes I wonder if people actually use the Plug the plug and play feature on prime using APIC-EM as a proxy service for PnP.

There is not really "zero touch" when preconfigure the devices. 

I have one project installing 3000+ switches. There is a missing link under the workflow for pre configuring switches. It is easly just skipped by Cisco during their demos, ciscolive sessions and lab on the dcloud. 

Can someone help me with this issue?:

Every switch have their uniqe attributes like hostname, psw, ip addresses, subnets etc. You can easly get these in a nice flow of templates and import attribues as a csv file. Here is my problem: You need to know what serial number is associated with to witch host. 

You have a bunch of switches and you have a bunch of serial numbers from the order from Cisco but you do not where the serial number goes yet to witch location.

For that you must get the serial number before it is shipped from logistics to the place where the switch is installed. They can pin code scann it on excel/csv file, then email the file to you as an administrator. They also must mark the box what hostname it has. Then you have to add it into the profile and push out before the installation occours. 

Cisco have really nice Plug and play app. It is hardly ever used. The app have a real nice feature to add the serial number to a preconfigured host/device. You can either just scann serial number or type it on the mobile phone.  So the installer can do all the work for you and you do not need to be availible at all times. No need to get serials to location/device assosciation from the logistics when devices ae shipped and before the installation occours. 

Here is the problem: You can not push any profile instances from Prime to APIC-EM without a serial number.

So you can not use the the PnP App for registrating serial number to device/host.  Must it be mandatory when you have the PnP App?

Am I alone with this issue?

PnP APIC-EM as a standalone is useless using this method because the config file is just a txt file. Then you manually have to edit the file with each attributes. 

Another thing that really bothers me is that Post-PnP composite do not work. That means you have to compile lots of config into one. Any feature changes you do have to reflect in the PnP config.

Why is that so hard? Cisco used 2 years to add composite template to PnP and then you just stop there? Do it with Post-PnP as well. 

Regards

Rune Jon

2 REPLIES 2
Highlighted

You have a bunch of switches and you have a bunch of serial numbers from the order from Cisco but you do not where the serial number goes yet to witch location.

For that you must get the serial number before it is shipped from logistics to the place where the switch is installed. They can pin code scann it on excel/csv file, then email the file to you as an administrator. They also must mark the box what hostname it has. Then you have to add it into the profile and push out before the installation occours. 

You do not need to know what the serial number is beforehand.  You can provision configurations/templates into APIC-EM and "Claim" the devices after the connect to the PnP service via either the pnp-agent method using DHCP/DNS or via the iPhone/Android App method. 

PnP APIC-EM as a standalone is useless using this method because the config file is just a txt file. Then you manually have to edit the file with each attributes. 

I personally use this feature all of the time and here is what I can say about this.  

  1. You can use something like python with Jinja templates to create the text files and then use the API to upload them (this is what i do)
  2. APIC-EM as of 1.3 allow you to create templates using the Apache VTL just like you would do in prime.   blog post about this

Every switch have their uniqe attributes like hostname, psw, ip addresses, subnets etc. You can easly get these in a nice flow of templates and import attribues as a csv file. Here is my problem: You need to know what serial number is associated with to witch host. 

This can easily be accomplished easily by using the built-in templating using Apache VTL.  Again check out the blog post

So you can not use the the PnP App for registrating serial number to device/host.  Must it be mandatory when you have the PnP App?

You most definitely can use the app for this purpose.  There are two apps and I am wondering if you are using the correct one.  One is Network Plug and play by Cisco and the other is Cisco Plug and Play by Cisco.  Yes, it is confusing, but maybe these links will help. 

this one 

Not this one

If you have any more specific questions or want to experienced based advise on deploying hundreds of switches/routers/APs using this method please let me know.  

Highlighted

1. The process means unclaimed devices need have an administrator to be availible to associtate the unclaimed devices to configs during installation period to get the device up and running. Means it is not pre provisioned and to get a site up and running you need to be availbile at all times during installation. Patching is easy for installer  using Dot1x/MAB/SGT/ISE. So I really try to do this with minimum efffort. Every minute I use on a device you can multiply with 3000.

2. I saw the blogpost later. It is probably the best workaround. But using all the 25-30 templates from prime putting in to a general file with programming and a csv file for unique attribues is more work than than have a in box solution that Cisco says the a profile instance do not need a manadatory serial number. The serial number can be added later via PnP App. This is the easy best solution because of the changes and tuning in the config templates in prime will also be in sync with the PnP config.

3. Yes it can be confusing.I was using the correct network PnP app. And for not exposing the apic-em to internett I use anyconnect on the mobile, restrict to only reach that apic-em from VPN ASA FW.. And the use the PnP app (Even if it use https). The installer or the logistic worker use its AD credidentials on both and will be in a installer AD group.

4. For a year ago I tried using PnP for APs in flex connect. I used the correct documented attribute in the json file, but PnP process failed. Tried later with 1.2 with local mode later, 100 APs and it worked like a charm. Do you have success with PnP flex connect mode now? And here I also see a good use of a feature in the PnP app. The installer have a radio map drawing where the hostname of AP is. The installer use the PnP app to scann serial/mac address to associate with the hostname right before he/she install the AP. Installed, documented, up and running within 5 min, done.   No more excel files and intervention, less work shipping out APs to sites. Serial number does not matter.

Anyway the Post-PnP do not kick in after a successfull deployment.

The front vrfs, AAA TACACS, EEM APPlets,  the cleanup config do not deploy.

Any one with the same experience?

Thanks for comments. I will request features to BU.

Content for Community-Ad