I have written a number of blogs on Network Plug and Play (PnP) on APIC-EM and wanted to provide an update of the new improved PnP in DNA Center.
This new series covers the changes and enhancements made to PnP on DNA Center 1.2. The PnP application was not officially exposed in DNA Center 1.1.x The main changes in 1.2 include:
Flexible workflow to onboard devices (vs rigid two step process in the past).
Support for stacking and stack renumbering as part of a workflow
Reuse of DNA Center image repository (Part of software image management SWIM) vs standalone APIC-EM image repository.
Reuse of the DNA Center template engine vs standalone APIC-EM template library.
New API - /api/v1/onboarding
This initial blog will cover the UI and workflow changes, and in the next blog I will cover the API changes.
A PnP solution has three main components (and one optional one):
An agent, which resides in the IOS software, that looks for a “Controller” when the device is first booted up.
A PnP Server, which is an service running on DNA Center
The PnP protocol, that allows the agent and the Controller to communicate.
(optional) A cloud redirect server, for devices that cannot use DHCP or DNS to discover DNA Center.
Discovering the Controller
The first thing that needs to happen is for the device to get in contact with the controller. There are four mechanisms you can use to make this work:
DHCP server, using option 43 which is set to the IP Address of the controller
DHCP server, using a DNS domain name. The device will do a dns lookup of pnphelper.<your domain>
Cloud redirection, which is currently in controlled availability
USB key. This can be used for routers and remote devices, where some initial configuration of the WAN connection is required (e.g. MPLS configuration).
Getting Started – PnP App
At present PnP is not integrated into the provisioning workflow, this will be done in the future. There is a standalone PnP app in the tools section.
Getting Started – Creating a workflow
Open the app and the first big change is the definition of a workflow. In this example, we define a simple workflow that uses a configuration template to provision a new switch. There is also a default workflow. Select workflows and “Add workflow” the default workflow can be edited. Delete the image task (which will upgrade the IOS on the device) and then select a template for the configuration file.
For simplicity we assume the template has already been created. There will be another blog series on templates. NOTE: It is still possible to upload a discrete configuration file per device (not template). Templates have projects, so a template needs to be created first. The simple workflow leaves a single step, which will deploy the template called “base config”.
Adding a Device
Unlike APIC-EM, there is no concept of project exposed.
There is still an unclaimed or pre-provisioned PnP flow. The difference is that everything is now “claimed”. To pre-provision a device, add it to PnP, then “Add + claim” it.
When claiming the device, the values for the template variables need to be defined. In this case the “base config” template requires a single variable called “hostname”. This variable is set to “pnp-test1”.
This results in a PnP device rule created on DNA Center. The rule was created by the user, the state is planned (which means the device has not initiated communication yet), and there has been no contact. It also specifies the workflow for onboarding “simpleTemplate”.
Once these steps are completed, the device is powered on. It contacts DNA Center and the onboarding process begins.
The process has completed, the device will be moved to provisioned and added to the inventory.
Although the devices is added to the inventory, under the device provisioning page is appears as “Not Provisioned”. This is in reference to the Day-N provisioning which includes the site-settings, templates and policy provisioning. This workflow will be further integrated in future.
There was still a bit of human activity in provisioning this device. I needed to create the initial template file, add the device, claim the device and provide values for template variables. Oh, and I needed to plug the device in and power it on. All except the last step I could automate. Imagine you had 1600 switches you wanted to pre-provision with a template! The next blog will show how the REST API can automate this process.
In the meantime, if you would like to learn more about this, you could visit Cisco Devnet. DevNet has further explanations about this. Also, we have a Github repository where you can get examples related to PnP.
We have a Cisco CSR 1000V appliance in AWS that only has SSH key authentication enabled (we disabled logins using username / password). How can we use SSH keys with ncclient in python? I didn't see this in the documentation. from ncclient import mana...
We have a Cisco DNA appliance deployed for management purposes only. We have successfully added all the Cisco devices to DNA for management but we also have a few HP switches that we want to monitor using Cisco DNA. Using the SDK tool has anyone succ...
I am trying to work on a test case where i need to store the value of "--testbed" arg and used that to construct the path to be used in one os the functioncurrently the script works when we use below commandpyats run job <filename.py> --testbe...
I am having trouble configuring the command "soft-reconfiguration inbound always"under the vrf neighbor:
router bgp 100address-family ipv4 unicast!address-family vpnv4 unicast!neighbor-group GROUP_A!neighbor-group BGP_NEIGHBOR_GROUP!!vrf ...
I have a Catalyst 4500 L3 Switch running IOS XE version 03.11.02.E. According to Cisco it should support netconf.Configuring netconf-yang by running "netconf-yang" in the terminal in config mode seems to have no effect. The command however, run...