Solved: SDA Border node on DNAC via PnP if the upstream device is a router

paragw · ‎08-07-2023

how to onboard SDA Border node (seed switch) on DNAC via PnP if the upstream device is ASR1001.

I had a question and if there is a cisco documentation or video on how the flow works for it. It is a simple question.

If I have a router, ASR1001 to which I need to connect 9500 switch which I am going to use as the border node(seed device) for my fabric deployment at a remote site.

And If I don't want to manually put the startup config of Lo0 etc. on that border node to get it on DNAC as the first seed device to build the fabric further.

then, can I use zero touch deployment (PnP) to get that 1st border node on DNAC.

If so, how does the entire workflow work and what config is required on the upstream router, as my upstream is not a switch.

And, how will the blank 9500 border node switch talk to dnac via that upstream ASR1001 router, to get onboarded and sit in unclaimed state. From where I can push that day 0 startup config template which I was going to put manually via console and then start making it as border node role device in the fabric and further things.

jedolphi · ‎08-08-2023

Hi Parag, in your scenario the router is already configured, it's not participating in PNP, it's just forwarding packets, and possibly hosting a DHCP server. There's no requirement to use a specific router interface in this situation, use whatever router interface you prefer. Please read this communities discussion for some more detail: https://community.cisco.com/t5/controllers/pnp-startup-vlan-problem/td-p/3554790

"I get what you are saying. so, If I create a sub-interface of VLAN 1 on the physical interface on the fusion router, give it an IP address, that IP address will be temp management subnet gateway in DHCP server which will give the PnP device a temp IP to connect to DNAC via Option 43 and then get the Day 0 config ? IS this right and is this how it will work ?"

You are correct. You don't have to use VL1 sub-interface on router as per the discussion I linked, you can use any sub-interface and set it to native VLAN. Testing it once or twice in the lab should make it crystal clear.

View solution in original post

Flavio Miranda · ‎08-08-2023

Hi @paragw

The prrocess is simple actually. In a porject I worked some time ago, we also used ASR1001. The process is not 100% automatic as at some point you need to change the uplink from GigabitEthernet0/0 to another interface

But we basically setup a dhcp server on the router and connected the switch to the router onGigabitEthernet0/0 . The pnp process happens and switch was onboarded on the DNAC. After that, the uplink should be changed to the interface you defined to be the uplink on the switch and the dhcp server was removed from the router.

paragw · ‎08-08-2023

Hi Flavio,

Thanks for your response. so, do we have to use G0/0 management interface or can uplink connect any interface from the PnP device to fusion router and as @PabMar pablo is saying that create a Vlan 1 sub-interface on fusion router and that should do that job.

thanks.

PabMar · ‎08-08-2023

Hi, process is pretty much the same as with an upstream switch.

I have a video of PnP of the Border Nodes. I used a switch upstream with SVI and trunks.
On your ASR you can use sub-interfaces.

How the Blank border talks back to DNAC? Initially by the IP address it gets via DHCP. Subsequently you will need to push a template with the final config that will allow it to keep connectivity upstream.

Hope that helps.

Regards.

paragw · ‎08-08-2023

Hi Pablo,

Thanks for your response. I am ok with all the workflows and template creation on DNAC side. What I am confused was the uplink config on ASR router and how the PnP will work through ASR router to my border node which is a 9500.

I get what you are saying. so, If I create a sub-interface of VLAN 1 on the physical interface on the fusion router, give it an IP address, that IP address will be temp management subnet gateway in DHCP server which will give the PnP device a temp IP to connect to DNAC via Option 43 and then get the Day 0 config ? IS this right and is this how it will work ?

but as @Flavio Miranda is mentioning above, do we have to use Gi0/0 of the 9500 or 9300 Border switch? or I can just connect up 2 fiber uplinks or 1 fiber uplink which I want to use as uplink to Fusion Router and continue from there, once onboarding is done.

Thanks.

jedolphi · ‎08-08-2023

Hi Parag, in your scenario the router is already configured, it's not participating in PNP, it's just forwarding packets, and possibly hosting a DHCP server. There's no requirement to use a specific router interface in this situation, use whatever router interface you prefer. Please read this communities discussion for some more detail: https://community.cisco.com/t5/controllers/pnp-startup-vlan-problem/td-p/3554790

"I get what you are saying. so, If I create a sub-interface of VLAN 1 on the physical interface on the fusion router, give it an IP address, that IP address will be temp management subnet gateway in DHCP server which will give the PnP device a temp IP to connect to DNAC via Option 43 and then get the Day 0 config ? IS this right and is this how it will work ?"

You are correct. You don't have to use VL1 sub-interface on router as per the discussion I linked, you can use any sub-interface and set it to native VLAN. Testing it once or twice in the lab should make it crystal clear.

paragw · ‎08-08-2023

Thanks heaps @jedolphi . I think this was the missing piece for me, Will test. Thank you.