Cisco Network Plug-n-Play Support


Note

Starting from 3.10.1 release, NFVIS is integrated with PnP 1.8.


The Cisco Network Plug and Play (Cisco Network PnP) solution provides a simple, secure, unified, and integrated offering for enterprise network customers to ease new branch or campus device rollouts, or for provisioning updates to an existing network. The solution provides a unified approach to provision enterprise networks comprising Cisco routers, switches, and wireless devices with a near zero touch deployment experience. This solution uses Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) to centrally manage remote device deployments.

Currently, you can use the Cisco Network Plug and Play client to:

  • Auto discover the server

  • Provide device information to the server

  • Bulk provisioning of user credentials

Bulk Provisioning of User Credentials

You can change the default user name and password of the devices using the Cisco Network PnP client. The Cisco Network PnP server sends the configuration file to Cisco Network PnP clients residing on multiple devices in the network, and the new configuration is automatically applied to all the devices.


Note

For bulk provisioning of user credentials, ensure that you have the necessary configuration file uploaded to the Cisco APIC-EM. The following are the supported configuration formats:


Sample Format 1


<config xmlns="http://tail-f.com/ns/config/1.0">
  <rbac xmlns="http://www.cisco.com/nfv/rbac">
    <authentication>
      <users>
        <user>
          <name>admin</name>
          <password>Cisco123#</password>
          <role>administrators</role>
        </user>
        <user>
          <name>test1</name>
          <password>Test1239#</password>
          <role>administrators</role>
        </user>
        <user>
          <name>test2</name>
          <password>Test2985#</password>
          <role>operators</role>
        </user>
      </users>
    </authentication>
  </rbac>
</config>

Sample Format 2

If you use format 2, the system will internally convert this format into format 1.


<aaa xmlns="http://tail-f.com/ns/aaa/1.1">
    <authentication>
      <users>
        <user>
          <name>admin</name>
          <password>User123#</password>
         </user>
      </users>
    </authentication>
</aaa>

For more details on the Cisco Network PnP solution and how to upload a configuration file, see the Configuration Guide for Cisco Network Plug and Play on Cisco APIC-EM.

PnP Discovery Methods

When a device is powered on for the first time, the Cisco Network PnP agent discovery process, which is embedded in the device, wakes up in the absence of the startup configuration file, and discovers the IP address of the Cisco Network PnP server located in the Cisco APIC-EM. The Cisco Network PnP agent uses the following discovery methods:

  • Static IP address—The IP address of the Cisco Network PnP server is specified using the set pnp static ip-address command.

  • DHCP with option 43—The Cisco PnP agent automatically discovers the IP address of the Cisco Network PnP server specified in the DHCP option 43 string. For more details on how to configure DHCP for APIC-EM controller auto-discovery, see the Solution Guide for Cisco Network Plug and Play

  • Domain Name System (DNS) lookup—If DHCP discovery fails to get the IP address of the APIC-EM controller, for example, because option 43 is not configured, the Cisco Plug and Play Agent falls back on a DNS lookup method. Based on the network domain name returned by the DHCP server, it constructs a fully qualified domain name (FQDN) for the APIC-EM controller, using the preset hostname "pnpserver". For more details on how to configure DNS for APIC-EM controller auto-discovery, see the Solution Guide for Cisco Network Plug and Play.


    Note

    DNS lookup method is not supported in 3.10.1 release.


  • Cloud Redirection—This method uses the Cisco Cloud Device Redirect tool available in the Cisco Software Central.The Cisco Plug and Play Agent falls back on the Cloud Redirection method if DNS lookup is not successful.

Configuring PnP Discovery Methods

To enable static mode for PnP discovery using IPv4:


configure terminal
pnp automatic dhcp disable
pnp automatic dns disable
pnp automatic cco disable
pnp static ip-address 192.0.2.8 port 80
commit

To enable static mode for PnP discovery using IPv6:


configure terminal
pnp automatic dhcp-ipv6 disable
pnp automatic dns-ipv6 disable
pnp automatic cco-ipv6 disable
pnp static ipv6-address 192.0.2.8 port 80
commit


Note

Either IPv4 or IPv6 can be enabled at a time.


To enable static mode for PnP discovery using FQDN:


configure terminal
pnp static ip-address apic-em-fqdn.cisco.com port 80 transport http
commit


Note

In FQDN support for PnP, domain names can be specified as an input. FQDN that is configured with IPv6 on a DNS server is not supported.


To enable automatic mode for PnP discovery using IPv4:


Note

By default, the automatic discovery mode for DHCP, DNS, and CCO is enabled. You can enable or disable the options as required. For example, you can enable all options or keep one enabled, and the rest disabled.



configure terminal
pnp automatic dhcp enable
pnp automatic dns enable
pnp automatic cco enable
pnp automatic timeout 100
commit

To enable automatic mode for PnP discovery using IPv6:


configure terminal
pnp automatic dhcp-ipv6 enable
pnp automatic dns-ipv6 enable
pnp automatic cco-ipv6 enable
pnp automatic timeout 30
commit

Note

You cannot disable both static and automatic PnP discovery modes at the same time. You must restart PnP action every time you make changes to the PnP discovery configuration. You can do this using the pnp action command restart.


Verifying the PnP Status

Use the show pnp command in privileged EXEC mode to verify the configuration of PnP discovery methods. The following sample output shows that the static discovery mode is enabled, and the automatic discovery mode is disabled.

nfvis# show pnp
pnp status response "PnP Agent is running\n"
pnp status ip-address 192.0.2.8
pnp status port 80
pnp status transport ""
pnp status created_by user
pnp status dhcp_opt43 0
pnp status dns_discovery 0
pnp status cco_discovery 0
pnp status timeout 100
nfvis# 

FQDN
nfvis# show pnp
pnp status response "PnP Agent is running\nserver-connection\n    status: Success\n    time: 19:59:38 Feb 27\nbackoff\n    status: Success\n    time: 19:59:38 Feb 27\n"
pnp status ip-address apic-em-fqdn.cisco.com
pnp status ipv6-address ""
pnp status port 443
pnp status transport https
pnp status cafile /etc/pnp/certs/trustpoint/pnplabel
pnp status created_by user
pnp status dhcp_opt43 0
pnp status dns_discovery 0
pnp status cco_discovery 0
pnp status dhcp-ipv6 0
pnp status dns-ipv6 0
pnp status cco-ipv6 0
pnp status timeout 0
nfvis#

The following sample output shows that the static discovery mode is disabled, and the automatic discovery mode is enabled for DHCP, DNS, and CCO:


DHCP:
nfvis# show pnp
pnp status response "PnP Agent is running\ncli-exec\n    status: Success\n    time: 18:30:57 Apr 21\nserver-connection\n    status: Success\n    time: 15:40:41 Apr 22\ncertificate-install\n    status: Success\n    time: 18:31:03 Apr 21\ndevice-auth\n    status: Success\n    time: 18:31:08 Apr 21\nbackoff\n    status: Success\n    time: 15:40:41 Apr 22\n"
pnp status ip-address 192.0.2.8
pnp status port 443
pnp status transport https
pnp status cafile /etc/pnp/certs/trustpoint/pnplabel
pnp status created_by dhcp_discovery
pnp status dhcp_opt43 0
pnp status dns_discovery 0
pnp status cco_discovery 0
pnp status timeout 60

DNS:
nfvis# show pnp
pnp status response "PnP Agent is running\ncli-exec\n    status: Success\n    time: 17:18:42 Apr 22\nserver-connection\n    status: Success\n    time: 17:20:00 Apr 22\ncertificate-install\n    status: Success\n    time: 17:18:47 Apr 22\ndevice-auth\n    status: Success\n    time: 17:18:53 Apr 22\nbackoff\n    status: Success\n    time: 17:20:00 Apr 22\n"
pnp status ip-address 192.0.2.8
pnp status port 443
pnp status transport https
pnp status cafile /etc/pnp/certs/trustpoint/pnplabel
pnp status created_by dns_discovery
pnp status dhcp_opt43 0
pnp status dns_discovery 0
pnp status cco_discovery 0
pnp status timeout 60

CCO:
nfvis# show pnp
pnp status response "PnP Agent is running\ncli-exec\n    status: Success\n    time: 17:18:42 Apr 22\nserver-connection\n    status: Success\n    time: 17:20:00 Apr 22\ncertificate-install\n    status: Success\n    time: 17:18:47 Apr 22\ndevice-auth\n    status: Success\n    time: 17:18:53 Apr 22\nbackoff\n    status: Success\n    time: 17:20:00 Apr 22\n"
pnp status ip-address 192.0.2.8
pnp status port 443
pnp status transport https
pnp status cafile /etc/pnp/certs/trustpoint/pnplabel
pnp status created_by cco_discovery
pnp status dhcp_opt43 0
pnp status dns_discovery 0
pnp status cco_discovery 0
pnp status timeout 60

PnP Server APIs and Commands

PnP Server APIs

PnP Server Commands

  • /api/config/pnp

  • /api/config/pnp?deep

  • pnp static ip-address

  • pnp automatic

  • show pnp

PnP Action

You can start, stop, and restart any PnP action using the PnP action command or API.

PnP Action API and Command

PnP Action API

PnP Action Command

  • /api/operations/pnp/action

  • pnp action command