Background
I have written a number of blogs on Network Plug and Play (PnP) on APIC-EM and wanted to provide an update of the new improved PnP in Cisco DNA Center.
This new series covers the changes and enhancements made to PnP on Cisco DNA Center 1.2. The PnP application was not officially exposed in Cisco DNA Center 1.1.x. The main changes in 1.2 include:
- Flexible workflow to onboard devices (vs rigid two step process in the past).
- Support for stacking and stack renumbering as part of a workflow.
- Reuse of Cisco DNA Center image repository (Part of software image management SWIM) vs standalone APIC-EM image repository.
- Reuse of the Cisco DNA Center template engine vs standalone APIC-EM template library.
- New API – /api/v1/onboarding.
This initial blog post will cover the UI and workflow changes, and the next blog post will cover the API changes.
Key Components
A PnP solution has three main components (and one optional one):
- An agent, which resides in the IOS software, that looks for a “Controller” when the device is first booted up.
- A PnP Server, which is a service running on Cisco DNA Center
- The PnP protocol, that allows the agent and the Controller to communicate.
- (optional) A cloud redirect server, for devices that cannot use DHCP or DNS to discover Cisco DNA Center.
Discovering the Controller
The first thing that needs to happen is for the device to get in contact with the controller. There are four mechanisms you can use to make this work:
- DHCP server, using option 43 which is set to the IP Address of the controller.
- DHCP server, using a DNS domain name. The device will do a dns lookup of pnpserver.<your domain>
- Cloud redirection, which is currently in controlled availability.
- USB key. This can be used for routers and remote devices, where some initial configuration of the WAN connection is required (e.g. MPLS configuration).
Getting Started – PnP App
At present PnP is not integrated into the provisioning workflow, this will be done in the future. There is a standalone PnP app in the tools section.
Getting Started – Creating a Workflow
Open the app and the first big change is the definition of a workflow. In this example, we define a simple workflow that uses a configuration template to provision a new switch. There is also a default workflow. Select workflows and “Add workflow” which shows a default workflow which can be edited. Delete the image task (which will upgrade the IOS on the device) and then select a template for the configuration file as shown in the subsequent step.
For simplicity, we assume the template has already been created. There will be another blog series on templates.
NOTE: It is still possible to upload a discrete configuration file per device (not template). Templates have projects, so a template needs to be created first. The simple workflow leaves a single step, which will deploy the template called “base config”.
Adding a Device
Unlike APIC-EM, there is no concept of project exposed.
There is still an unclaimed or pre-provisioned PnP flow. The difference is that everything is now “claimed”. To pre-provision a device, add it to PnP, then “Add + claim” it.
When claiming the device, the values for the template variables need to be defined. In this case the “base config” template requires a single variable called “hostname”. This variable is set to “pnp-test1”.
This results in a PnP device rule created on DNA Center. The rule was created by the user, the state is planned (which means the device has not initiated communication yet), and there has been no contact. It also specifies the workflow for onboarding “simpleTemplate”.
Once these steps are completed, the device is powered on. It contacts DNA Center and the onboarding process begins.
The process has completed, the device will be moved to provisioned and added to the inventory.
Although the devices is added to the inventory, under the device provisioning page is appears as “Not Provisioned”. This is in reference to the Day-N provisioning which includes the site-settings, templates and policy provisioning. This workflow will be further integrated in future.
What Next?
There was still a bit of human activity in provisioning this device. I needed to create the initial template file, add the device, claim the device and provide values for template variables. Oh, and I needed to plug the device in and power it on. All except the last step I could automate. Imagine you had 1600 switches you wanted to pre-provision with a template! The next blog post will show how the REST API can automate this process.
In the meantime, if you would like to learn more about this, you could visit Cisco DevNet. DevNet has further explanations about this. Also, we have a Github repository where you can get examples related to PnP.
Thanks for reading!
Useful information here – appreciate the realistic depiction of the steps involved and outlining them. Just getting oriented to Cisco NDA and it's good to know what to expect in adding new devices.
Now I have homework for next weekend; thanks for the article!
Thanks Adam for the informative blog post. Glad to see some of the APIC-EM applications making their way into DNA Center in a better and improved format. Looking forward to the second part of this series.
Thanks Adam,
Another great bit of information for anyone that's a network engineer and thinking, "Maybe I should learn more about automation "!!!
Great article.
Quick suggestion, for new customers, instead of comparing with EPIC-EM ("Unlike APIC-EM, there is no concept of project exposed.") it is better to explain the functionality in terms of why, what and how!
Just my 2c,
Thank you
Hopefully the template engine is as powerfull as with Prime Infrastructure (velocity language).
Yes, this is same engine as PI. There is no concept of "global variables" but there are some other interesting parts i will document in the upcoming template blog
Hi all,
I have a problem with this manual!
I did everything as described in the manual, i can see in the DNA-C the last contact from the switch(07/31/2018 06:36:08 UTC).
But the DNA-C does not install any config or IOS.
I only get a Connection Error (07/31/2018 06:58:06 UTC
Connecting Timed Out Info).
Does anyone have a tip for me?
Hi Tom, what device are you trying to PnP and what version of IOS code are you using?
Amad, can you explain where the SimpleTemplate came from? Is this some automation in the backend? Where do we define this template? I am little confused here.
Specifically here:
This results in a PnP device rule created on DNA Center. The rule was created by the user, the state is planned (which means the device has not initiated communication yet), and there has been no contact. It also specifies the workflow for onboarding “simpleTemplate”.
SimpleTemplate is something i created with Template editor. A blog is coming on template editor
Adam,
I followed the process and the switch download the configuration from the template. However, it doesn't show in the device inventory. I had to connect the switch management port for that. When I connected the non-management port, it doesn't even talk to the the DNA server. What am I missing here?
Thank you
Bhupendra
you can use either the management port or the front panel ports. If you use DHCP and you move to a static IP, make sure you also add a static route to the configuration. If the device is not added to inventory, make sure you have configured the correct ssh/SNMP credentials in the configuration file
I have a question on the PNP connect using the cloud. This was introduced at Cisco Live but since it was new, i was not provided further details on it.
In my environment, we are actively using network PNP to push down configs to routers and switches (as long as they are on Denali IOS code or above).
I'm planning on moving on to the next step to test which is PNP cloud connect. From my understanding, and please correct me if i'm wrong, is there a solution where if a switch purchase is made, model # and serial #'s can be sent to PNP connect and as the switches are turned up they can be redirected to my organization' DNA-C where i can claim and assign configs?
Just a note, I was able to have my question answered by attending another training today. I will require a smart account setup and have it requested to add smart account when i order Network PNP eligible products.
yes, smart account is the critical thing.
correct. PnPConnect is supported today. If you log into software.cisco.com you should see a PnPConnect is the box in the middle.