Configuring Plug and Play
Prime Infrastructure helps automate the deployment of new devices on the network by obtaining and applying the necessary software image and configuration on a new network device. Using features such as Cisco Network Services (CNS) call-home, APIC-EM (Application Policy Infrastructure Controller) call-home and Cisco IOS auto-install (which uses DHCP and TFTP), Prime Infrastructure reduces the time a new device takes to join the network and become functional.
The Plug and Play feature of Prime Infrastructure uses the templates defined in Configuration > Features and Technologies that you can reuse and apply to new devices. You can streamline new device deployment by creating bootstrap templates, which define the necessary initial configurations to enable the device to communicate with Prime Infrastructure. You can specify (and predeploy) software images and configurations that will be added to the devices in the future. See Using Templates to Configure Devices to know more on template creation.
Related Topics
Prerequisites for Delivering Plug and Play Profiles
Based on the method that you select to deliver the Plug and Play profile to new devices, you must make sure that you have completed the necessary prerequisites.
- Configure DHCP with the appropriate settings in the network as described in Sample DHCP Server Settings.
- You must have an existing network connection (distribution/core) available in the branch or campus to where the new device is connecting.
- The branch must have direct connectivity to the Prime Infrastructure server, or you must use the Plug and Play external server to connect to Prime Infrastructure.
- Ensure TFTP is enabled on the Prime Infrastructure server by choosing Administration > Settings > System Settings > Server, then clicking Enable under TFTP. TFTP is enabled by default. This is an optional requirement for APIC-EM mode.
Plug and Play Workflow
Prime Infrastructure allows you to perform an initial provisioning of a software image and configuration on a new device. To automate the deployment of a new device on your network, follow this workflow:
1.
Specify which of the following servers Prime Infrastructure uses for Plug and Play. If you don not specify the server, CNS gateway will be enabled by default.
–
CNS gateway—You use the CNS gateway that is bundled with Prime Infrastructure by default, or use an external CNS gateway.
–
APIC-EM—You can specify that Prime Infrastructure uses APIC-EM for Plug and Play. See Integrating APIC-EM with Prime Infrastructure for information about setting up APIC-EM.
2.
Create a Plug and Play profile for your devices.The profiles are categorized as Routers, Switches, Wireless AP and Nexus Profiles. See Plug and Play Profiles.
3.
Power on the device.
4.
Apply a bootstrap configuration to the device. The bootstrap configuration is a minimal configuration that is required for devices to establish a connection to the Prime Infrastructure gateway (CNS or APIC-EM). See Bootstrap Configuration.
In the case of Wireless AP profiles, the Primary, Secondary and Tertiary WLC details are required. See Creating Plug and Play Profiles for Wireless AP.
Note
In the case of Nexus devices, the Plug and Play workflow differs as these devices do not support bootstrap configuration. See Creating Plug and Play Profiles for Nexus Devices for more details.
After you apply the initial configuration:
1.
The device communicates with the Prime Infrastructure server.
2.
Based on the Device Plug and Play ID / serial number, Prime Infrastructure verifies if this matches with the device ID in any of the Plug and Play preprovisioning definitions.
3.
If there is a match, Prime Infrastructure applies the software image and the configuration specified in the matched Plug and Play profile on the device.
If there is no match for the device ID, Prime Infrastructure matches the device type with any of the existing type-based Plug and Play preprovisioning definitions.
4.
The device is added to its inventory and is managed by Prime Infrastructure.
5.
Once the device is added and managed in the inventory, Prime Infrastructure applies the post Plug and Play configurations, if specified in the Plug and Play profile, on the device.
After the bootstrap configuration is applied to the device, the installer connects the device to a WAN at the remote site. The device connects to the Plug and Play gateway using its serial number, and downloads the full configuration and (optional) Cisco IOS image (see Figure 27-1).
Figure 27-1 Plug and Play Branch Deployment
Related Topics
Viewing Plug and Play Dashboard
Choose Configuration > Plug and Play > Dashboard and select the Home tab to view the dashboard of the Plug and Play application.
1 |
Click About to know about Plug and Play feature. See Configuring Plug and Play. |
2 |
Click Monitoring to view the details of devices in a map view. See Integrating Map View. |
3 |
Click Errors / Progress / Success to navigate to Device Status page. The details will be filtered and displayed accordingly. |
4 |
Click to navigate to Device Status page to monitor the devices and its status. |
5 |
Click to navigate to Bootstrap page to create bootstrap templates for profiles. |
6 |
Click to navigate to Administration > Servers > APIC-EM Controller page. |
7 |
Click to navigate to Plug and Play Profiles page to create profile for a device type. |
8 |
Click to navigate to Profile Activation page to activate by providing values specific to device/type. |
9 |
Click to navigate to Device Status page. |
10 |
Click to navigate to Map View page to view the devices and their site locations. |
11 |
Click to navigate to Plug and Play Profiles page. |
12 |
Click to navigate to Administration > Dashboard > Jobs Dashboard page to view the job status. |
Related Topics
APIC-EM and Plug and Play
Prime Infrastructure supports APIC-EM GA Release 1.0.0.x. You can specify to have Prime Infrastructure use the APIC-EM for Plug and Play. You must preconfigure a profile which determines what is deployed on the devices (configurations, images, etc.).When the device calls home, based on the device’s serial number, the profile is matched and the device is provisioned with the same pre-configured image and configuration from Prime Infrastructure using APIC-EM’s Plug and Play.
With APIC-EM Plug and Play integration, devices can be provisioned with http/https. If applicable, when the profile is created, you can also choose to install PKI (Public Key Infrastructure) and SUDI (Secure Unique Device Identifier) certificates on the device to use PKI and SUDI based authentication.
Note
Prime Infrastructure supports only APIC-EM for Wireless AP profiles.
Related Topics
Integrating APIC-EM with Prime Infrastructure
Prime Infrastructure communicates with APIC-EM via HTTPs and REST API’s exposed by APIC-EM.
Note
Prime Infrastructure requires a dedicated APIC-EM server. Hence you must not integrate the APIC-EM server with more than one Prime Infrastructure server to prevent data corruption and out of sync condition.
To integrate APIC-EM controller to Prime Infrastructure, follow these steps:
Step 1
Choose Configuration > Plug and Play > Dashboard.
Step 2
In the Home tab, click on Server to view the Administration > Servers > APIC-EM Controller page.
Step 3
Click Add.
Step 4
Enter the APIC-EM controller IPv4 address.
Step 5
Enter the HTTPS port number to connect with APIC-EM.
Step 6
Enter your user name.
Step 7
Enter your password and confirm it.
The polling interval is not editable. The APIC-EM controller is polled periodically (every 5 minutes) to check the status of its connection / integration with Prime Infrastructure.
After the APIC-EM controller is added to Prime Infrastructure, you can view the reachability status of the APIC controller in same page. You can select a specific APIC-EM controller to view the history of the connection polling status. Make sure the APIC-EM connection is successful before using the service.
To navigate to Configuration > Plug and Play > Dashboard, click the link Please Click here to create Plug and Play Profiles.
The global option in Administration > Servers > APIC-EM Controller > Global PnP/ZTD Settings is automatically set to APIC-EM when you add a valid APIC-EM controller into Prime Infrastructure.
Related Topics
Plug and Play Profiles
Choose Configuration > Plug and Play > Dashboard and in the Home tab, click PnP Profiles.The detailed summary of the list of plug and play profiles are displayed.
Prime Infrastructure helps you create a Plug and Play Profile that allows any newly connected device to “call home” to the Prime Infrastructure server so that the device can be discovered, added to the inventory, and configured. This profile, also known as a Bootstrap Profile, places credentials on the device, eliminating the need to “console” into every device to setup before the device can be managed by Prime Infrastructure.
You can create any of the following Plug and Play profiles under the specific folders:
Depending on the type, you can create Plug and Play profiles that contain:
- Software images only.
- Configurations only.
- Both software images and configurations.
- PKI certificates and SUDI certificates (For APIC-EM only.)
- Primary and Secondary Controllers, AP and Flexconnect groups (For Wireless AP only.)
The profile can include additional post Plug and Play configurations (optional), that can be applied on the device only after the device is managed by Prime Infrastructure.
Note
You cannot create a profile under the root Plug and Play Profiles folder. Depending on the profile-type, you can create profiles only under the specific folders - Nexus Profiles, Switch Profiles, Router Profiles and Wireless AP Profiles.
Note
PnP scale supports any number of devices distributed across profiles, but a profile can support maximum of 100 devices per profile instance. If you want to increase this scale, create additional profile and add devices to the new profile.
Related Topics
Creating Plug and Play Profiles for Routers and Switches
A Plug and Play profile must have at least one of the following:
Step 1
Choose Configuration > Plug and Play > Dashboard and in the Home tab, click PnP Profiles.
Step 2
Select the required profile (Router Profiles or Switch Profiles) from the left navigation pane, then click Add to view the details in Profile Summary tab.
Step 3
Provide the required information in the Profile Basic section.
- If you select Router or Switch from the Device Type drop-down list, then you will be required to select the required credential profile from the Credential Profile drop-down list to associate the credentials common to the device. See Using Credential Profiles.
Step 4
(Optional) If you selected APIC-EM for Plug and Play, in the Profile Detail section, check the Enable PKI check box to provision devices with PKI certificates. PKI certificates are installed on the device after the Image provision and configuration are complete. See Cisco Open Plug-n-Play Agent Configuration Guide, Cisco IOS XE Release 3E for more information.
This option is available for users who have selected APIC-EM as the Plug and Play server. You cannot select this option if you selected CNS as the Plug and Play server.
If the Enable PKI check box is unchecked, the device is not provisioned with PKI certificates.
Note
Enable PKI check box will be disabled for Switch Profiles.
Step 5
(Optional) If you selected APIC-EM for Plug and Play, in the Profile Detail section, check the Enable SUDI check box to provision devices with SUDI certificates. By enabling this option, you can specify that the APIC-EM controller must validate the SUDI certificate to authenticate the device.
Step 6
From the Bootstrap Template drop-down list, select the bootstrap templates. You can also create a customized bootstrap template which will be saved in PnP Bootstrap Templates (User Defined). See Bootstrap Configuration.
Step 7
(Optional) From the Software Image drop-down list, select the required software images. This step is required only if you want to provision the device with images. See Importing Software Images for Plug and Play Profiles.
The Image Location text box is disabled if you selected APIC-EM for Plug and Play.
Step 8
(Optional) From the Configuration Template drop-down list, select a previously created configuration template.
Step 9
(Optional) From the Post PnP Configuration Template drop-down list, select the required configuration template. This configuration is applied on the device once it is managed by Prime Infrastructure.
Step 10
Click Save as New Plug and Play Profile.
Step 11
The profile is created and the details in Profile Summary tab is displayed. You can edit the details and click Save to save the details in the same profile and click Save as New to create a new profile.
Step 12
Click Profile Instances tab.
Step 13
Click Add to add details for the devices for which you want to pre-provision the Plug and Play Profile. See Adding Device Profiles into Router and Switches Plug and Play Profiles.
Related Topics
Importing Software Images for Plug and Play Profiles
You can import a software image to include it as part of a Plug and Play profile.
Step 1
Choose Inventory > Device Management > Software Images.
Step 2
Click Import, then specify the source from which the software image is to be imported.
Step 3
Specify the collection options and when to import the image file. You can run the job immediately or schedule it to run at a later time.
The image import job will run only once.
Step 4
Click Submit.
Step 5
To view the details of image management job, choose Administration > Dashboards > Job Dashboard.
Creating Plug and Play Profiles for Wireless AP
You can create a plug and play profile for a wireless AP to provision thousands of devices at a time.
Step 1
Choose Configuration > Plug and Play > Dashboard and in the Home tab, click PnP Profiles.
Step 2
Select Wireless AP Profiles from the left navigation pane and click Add to view the details in the Profile Summary tab.
Step 3
Provide the required information in the Profile Basic section.
In the Device Type field, Autonomous AP is auto-populated and is non-editable. It is mandatory to provide the PID value for Wireless AP profiles.
Step 4
Provide the required information in the Profile Detail section.
Step 5
Click Save as New Plug and Play Profile.
Step 6
The profile is created and the details in Profile Summary tab is displayed. You can edit the details and click Save to save the details in the same profile and click Save as New to create a new profile.
Step 7
Click Profile Instances tab.
Step 8
Click Add to add details for the devices for which you want to pre-provision the Plug and Play Profile. See Adding Device Profiles into Wireless AP Plug and Play Profiles.
Related Topics
Prerequisites for Connecting a Nexus Device in the Network
The following prerequisites should be met before connecting the Nexus device to the network:
- A DHCP server to bootstrap the interface IP address, gateway address, script server (Cisco Prime Infrastructure 3.1)and script file (Plug and Play). See Configuring DHCP Server.
- A TFTP or HTTP server containing the configuration script used to automate the software image installation and configuration process. See Configuring HTTP Server.
- Cisco Prime Infrastructure 3.1 server with created Plug and Play Nexus profile containing the software images and configuration files. See Creating Plug and Play Profiles for Nexus Devices.
Configuring DHCP Server
The Nexus device sends out DHCP discover messages on all of the active interfaces (including the management interface) soliciting DHCP offers from the DHCP server or servers. The DHCP client on the Nexus device uses the device serial number or its MAC address in the client-identifier option to identify itself to the DHCP server. The DHCP server uses this identifier to send information, such as the IP address and script file name, back to the DHCP client.
The DHCP discover message also mandates the following options:
- Option 66 (TFTP server name) or Option 150 (TFTP server address)—The DHCP server relays the TFTP server name or TFTP server address to the DHCP client. The DHCP client uses this information to contact the TFTP server to obtain the script file.
- IP address
- Default Gateway
- Option 67 (Bootfile name)—The DHCP server relays the bootfile name to the DHCP client. The bootfile name includes the complete path to the bootfile on the TFTP server which is used by the DHCP client to download the script file.
Related Topics
Configuring HTTP Server
Choose Administration > Settings > System Settings > General and select Server from the left navigation menu.
In the HTTP Forward section, select Enable to enable the device to contact the Plug and Play Gateway for downloading initial configuration and image. The default port is 80 but you can still change the port configuration on the device.
Note
Restart Prime Infrastructure for the changes to reflect.
Related Topics
Creating Plug and Play Profiles for Nexus Devices
To create a Plug and Play profile for Nexus devices, follow these steps:
Step 1
Choose Configuration > Plug and Play > Dashboard and in the Home tab, click PnP Profiles.
Step 2
Select Nexus Profiles from the left navigation pane and click Add to view the details in the Profile Summary tab.
Step 3
Provide the required information in the Profile Basic section.
Select the required credential profile from the Credential Profile drop-down list to associate the credentials common to the device. See Using Credential Profiles.
Step 4
From the System Image and Kick Start Image drop-down lists, select the required software images. See Importing Software Images for Plug and Play Profiles.
Note
While downloading from Cisco.com, ensure that both system and kick start images have the same image version.
Step 5
From the Configuration Template drop-down list, select either the system-defined Nexus POAP Configuration Template or a previously created configuration template and make additional changes.
Step 6
Click Save as New Plug and Play Profile.
Step 7
The profile is created and the details in Profile Summary tab is displayed. You can edit the details and click Save to save the details in the same profile and click Save as New to create a new profile.
Step 8
Click Profile Instances tab.
Step 9
Click Add to add details for the devices for which you want to pre-provision the Plug and Play Profile. See Adding Device Profiles into Nexus Plug and Play Profiles.
Related Topics
Activating Device Profiles
You can pre-provision a device on any defined profile, and activate by providing values specific to device/type. To add devices in bulk, see Importing Device Profiles into Plug and Play Profiles.
You can perform either one of the following:
Alternatively, you can choose Configuration > Plug and Play > Dashboard, in the Home tab, click PnP Profiles to create a new Plug and Play profile. After creating the required Plug and Play profile, click Add in the Profile Instances tab to add device profiles.
Related Topics
Creating New Plug and Play Profiles and Adding Device Profiles
Step 1
Choose Configuration > Plug and Play > Dashboard and in the Home tab, click Profile Activation.
Step 2
In the Select PnP Profile page, select Add device by creating new Profile.
Step 3
Select the type of profile you want to create from the Profile Type drop-down list.
Step 4
Enter the required information in the Profile Basic and Profile Detail sections. See Plug and Play Profiles for information on profile creation.
Step 5
Click the arrow icon in the right to navigate to the Plug and Play Profile page to add device profiles to the created plug and play profile.
Related Topics
Adding Device Profiles to an Existing Plug and Play Profile
Step 1
Choose Configuration > Plug and Play > Dashboard and in the Home tab, click Profile Activation.
Step 2
In the Select PnP Profile page, select Add device to an existing profile.
Step 3
Select the required profile from the Select Profile drop-down list, for which you need to add device profiles. See Plug and Play Profiles for information on profile creation.
Step 4
The details of the profile you selected gets auto-populated and are non-editable.
Step 5
Click the arrow icon in the right to navigate to the Plug and Play Profile page to add device profiles to the created plug and play profile.
Related Topics
Adding Device Profiles into Router and Switches Plug and Play Profiles
To add a device profile to the required Plug and Play profile, follow these steps:
Step 1
In the Plug and Play Device Provisioning Profile page, provide the required information.
- Select the site location to which the device will be mapped from the Location drop-down list. This detail will be displayed in the Map View.
Note
Before you add a device to a specific location, create a location group in Inventory > Device Management > Network Devices or Inventory > Group Management > Network Device Groups. See Using Location Groups.
Step 2
Click the arrow icon in the right to navigate to the Bootstrap Selection page.
Step 3
In the Bootstrap Selection page, the bootstrap template you selected in the profile creation phase will get auto-populated. You can edit the values as required.
- Plug and Play Gateway Location—By default, the Prime Infrastructure server acts as the Plug and Play gateway server. You can modify the server by providing the external Plug and Play gateway IP address.
Click CLI to view the CLI summary of the bootstrap configured.
Step 4
Click the arrow icon in the right to navigate to the next pages.
Note
If you had selected Software Image and Configuration Template in the profile creation phase, the Software Image, Configuration and Post PnP Configuration tabs will be displayed in the Profile Activation page.
Step 5
(Optional) In the Software Image page, provide the required information.
Step 6
(Optional) In the Configuration page, the configuration template you selected in the profile creation phase will be auto-populated. Provide the required information and navigate to the next page.
Click CLI to view the CLI summary.
Step 7
(Optional) In the Post PnP Configuration page, the configuration template you selected in the profile creation phase will be auto-populated. Provide the required information and navigate to the next page.
Click CLI to view the CLI summary.
Step 8
In the Management Credentials page, provide the required information. These device parameters ill be applied on the devices on provisioning.
Note
If the device type is a router or switch, then in the Management Credentials page, the credential profile you selected in the profile creation phase will be auto-populated and the values cannot be edited.
Step 9
In the Profile Activation Summary page, the device details with their configurations is displayed.
Step 10
Click Finish to provision the device profile.
On successful provisioning, the device profile will be displayed in the Profile Instances page of the specific profile. Alternatively, the provisioning status of the device can be viewed at the Device Status page.
After the device is provisioned successfully, the device is added to the Prime Infrastructure inventory so that the device can be managed. The device is added to the Prime Infrastructure inventory based on the management parameters provided in the Plug and Play Profile. After the device is added successfully to the inventory, additional post Plug and Play configurations (if applicable) are applied on the device.
If there is a mismatch in credentials, the device is added to the inventory, but it will not have “Managed” status.
Related Topics
Importing Device Profiles into Plug and Play Profiles
You can perform import and export operations on device profiles in bulk. Instead of adding devices and specifying their attributes one at a time, you can import a CSV file that includes all the devices and their attributes. By performing bulk import, you can update the existing profiles and add new profiles. To update more than one device profile at a time, you can perform bulk export.
Step 1
Choose Configuration > Plug and Play > Dashboard and in the Home tab, click PnP Profiles.
Step 2
Select the required Plug and Play profile from the left navigation menu. The details in Profile Summary tab is displayed.
Step 3
Click Profile Instances tab.
Step 4
Select the device profiles check-boxes you need to edit and click Export.
The CSV file with the device properties will be exported. You can add devices or edit the properties of the existing devices in the spreadsheet. Do not change the attribute names while editing the spreadsheet.
Note
If you want to export a blank CSV file, click Export without selecting any device profiles. A blank csv file will be exported even if there are no device profiles in the Profile Instances page.
Step 5
Click Import and choose the CSV file in which you entered the device details. Click Upload.
The CSV file is uploaded and a link to Administration > Dashboard > Jobs Dashboard is displayed.
Step 6
In the Jobs Dashboard page, click Import from the left navigation menu to view the job status of the bulk imported file.
Related Topics
Deployment Based on Device Type
If you are using a CNS gateway only for Plug and Play, to deploy a Plug and Play profile based on the device type, you do not have to associate the device ID with the deployment profile. Device type-based deployment is useful primarily for switches that use the same set of images and configurations. Matching profiles are identified by the device type (PID) of the incoming device that is specified in the profile during the design phase.
During device type-based deployment:
1.
The device type is matched hierarchically; Prime Infrastructure searches for a profile with the same device type as that of the incoming device. If the profile does not match the device type, Prime Infrastructure searches for a profile that is defined for a higher level of the device type in the hierarchy.
For example:
–
If the ‘switch_profile’ in Prime Infrastructure is defined for ‘Switches and Hubs’ and the incoming device is of type Switches and Hubs > Catalyst 2928 Series Switches > Catalyst 2928-24TC-C switch, and
–
If there is no profile defined specifically for this switch (Catalyst 2928-24TC-C or Catalyst 2928 Series Switches), then the ‘switch_profile’ is considered for deployment.
2.
If Prime Infrastructure has multiple matching deployment profiles for a given device type, then Prime Infrastructure chooses the deployment profile that is created or has been recently updated.
Adding Device Profiles into Wireless AP Plug and Play Profiles
Prime Infrastructure supports only APIC-EM for Wireless AP profiles. You must preconfigure a plug and play profile which determines the primary, secondary and tertiary WLC details that is required to be provisioned on the devices. See Creating Plug and Play Profiles for Wireless AP.
When the AP (Access Point) is connected to a network, the AP contacts the DHCP of the network to know the APIC-EM details. The AP then contacts the APIC-EM and based on the device’s serial number and PID, the profile is matched. AP contacts WLC which then pushes the image and configurations to the device.
To add a device profile to the required Plug and Play profile, follow these steps:
Step 1
In the Plug and Play Device Provisioning Profile page, provide the required information.
- Select the site location to which the device will be mapped from the Location drop-down list. This detail will be displayed in the Map View.
Note
Before you add a device to a specific location, create a location group in Inventory > Device Management > Network Devices or Inventory > Group Management > Network Device Groups. See Using Location Groups.
Step 2
In the Profile Activation Summary page, the device details with their configurations is displayed.
Step 3
Click Finish to provision the device profile.
On successful provisioning, the device profile will be displayed in the Profile Instances page of the specific profile. Alternatively, the provisioning status of the device can be viewed at the Device Status page.
Related Topics
Adding Device Profiles into Nexus Plug and Play Profiles
Before you begin, there is a set of prerequisites to be met. See Prerequisites for Connecting a Nexus Device in the Network.
When a Nexus device is connected to the network, it follows the below workflow:
1.
Locates the configured DHCP server and establishes communication to get the IP Address, gateway, script server (Cisco Prime Infrastructure 3.1) and the script file (Nexus Plug and Play profile).
2.
The device then communicates with the Cisco Prime Infrastructure and downloads the created Plug and Play profile for Nexus device. See Creating Plug and Play Profiles for Nexus Devices.
3.
The device then obtains the IP address of a TFTP server or URL of an HTTP server from which it downloads the image and the necessary configuration files.
To add a device profile to the required Plug and Play profile, follow these steps:
Step 1
In the Plug and Play Device Provisioning Profile page, provide the required information.
- Select the site location to which the device will be mapped from the Location drop-down list. This detail will be displayed in the Map View.
Note
Before you add a device to a specific location, create a location group in Inventory > Device Management > Network Devices or Inventory > Group Management > Network Device Groups. See Using Location Groups.
Step 2
Click the arrow icon in the right to navigate to the Image Selection page.
The selected system and kick start images are auto-populated and cannot be edited.
Step 3
Click the arrow icon in the right to navigate to the Configuration page.
The configuration template you selected in the profile creation phase will be auto-populated. You should provide the Management Interface IP Address, Management Route IP Address and the other required information. This management IP address is configured to enable Cisco Prime Infrastructure to reach the Nexus device.
Click CLI to view the CLI summary.
Step 4
Click the arrow icon in the right to navigate to the Management Credentials page.
For Nexus devices, it is mandatory to specify the Management IP Address so that the device can be managed. Provide the other required information and navigate to the next page. These device parameters will be applied on the devices on provisioning.
Step 5
In the Profile Activation Summary page, the device details with their configurations is displayed.
Step 6
Click Finish to provision the device profile.
On successful provisioning, the device profile will be displayed in the Profile Instances page of the specific profile. Alternatively, the provisioning status of the device can be viewed at the Device Status page. The device is added to the Prime Infrastructure inventory so that the device can be managed.
Related Topics
Supported Devices and Software Images for Plug and Play
Table 27-1 lists the devices and corresponding software images supported for CNS gateway.
Table 27-1 Supported Devices and Image Versions for CNS Gateway
Supported Devices for Plug and Play
|
Minimum Software Image Version Supported
|
|
Catalyst 2960, 2960S |
Cisco IOS Release 12.2(55)SE and later |
Cisco IOS Release 12.2(55)SE5 and later |
Catalyst 2960C |
Cisco IOS Release 12.2.55(EX) and later |
Cisco IOS Release 12.2.55(EX3) and later |
Catalyst 2960-SF |
Cisco IOS Release 15.0(2)SE and later |
Cisco IOS Release 15.0(2)SE and later |
Catalyst 3560V2, 3750v2, 3560-X, 3750-X |
Cisco IOS Release 12.2(55)SE and later |
Cisco IOS Release 12.2(55)SE and later |
Catalyst 3560C |
Cisco IOS Release 12.2.55(EX) and later |
Cisco IOS Release 12.2.55(EX) and later |
Catalyst 4503, 4506, 4507, and 4510 switches and 4000 Series supervisor cards supported: Sup 6E, Sup 6LE |
Cisco IOS Release 151-2.SG and later |
Cisco IOS Release 151-2.SG and later |
Catalyst 4503, 4506, 4507, and 4510 switches and 4000 Series supervisor cards supported: Sup 7E, Sup 7LE (IOS XE) |
Cisco IOS XE Release 03.04.00.SG and later |
Cisco IOS XE Release 03.04.00.SG and later |
Catalyst 3650, 3850 switches (IOS XE) |
Cisco IOS XE Release 03.02.02.SE and later |
Cisco IOS XE Release 03.02.02.SE and later |
Cisco 5760 Wireless LAN Controllers (IOS XE) |
Cisco IOS XE Release 03.02.02.SE and later |
Cisco IOS XE Release 03.02.02.SE and later |
Refer Release Notes for Cisco Network Plug and Play to know the devices and the corresponding software images supported for APIC-EM.
For more Details on all the supported devices and the corresponding sysObjectIDs, see Cisco Prime Infrastructure 3.0 Supported Devices.
Related Topics
Prerequisites for Deploying Bootstrap Configuration into a Device
To deploy bootstrap configuration into a device in a Prime Infrastructure Server:
- Enable Cipher in Admin mode of the server by entering the following command.
ncs run pnp-ciphers enable
- Click Enable in the HTTP Forward section of the Administration > Settings > System Settings > Server Settings page.
- If you are going to use email to deliver either the bootstrap configuration or the PIN, you must have previously configured the mail server settings under Administration > Settings > System Settings > Mail Server Configuration.
- Ensure TFTP is enabled on the Prime Infrastructure server by choosing Administration > Settings > System Settings > Server, then clicking Enable under TFTP. TFTP is enabled by default.
Bootstrap Configuration
A bootstrap configuration is a minimal configuration that is required for devices to establish a connection to the Prime Infrastructure gateway (CNS or APIC-EM). Prime Infrastructure provides a standard bootstrap configuration that you can use.
If you are using the DHCP option, you do not need to create a bootstrap configuration. See Using DHCP to Export Bootstrap Configurations.
To create a user-defined bootstrap template, follow these steps:
Step 1
Choose Configuration > Plug and Play > Dashboard and in the Home tab, click Bootstrap.
By default, an APIC Bootstrap and Plug and Play Bootstrap template will be displayed. These templates cannot be deleted.
Step 2
Select the specific Bootstrap check-box and click Clone to clone a similar template. This new template will be displayed as APIC Bootstrap_1, APIC Bootstrap_1_1, and so on or Plug and Play Bootstrap_1, Plug and Play Bootstrap_1_1 and so on, depending on the bootstrap you cloned.
Note
You can rename the cloned template. Once renamed, you cannot change the template name again.
Step 3
Click Save.
Step 4
Click the pointer beside the Bootstrap template to view or edit the details.
Step 5
Click Update to save the changes. Click CLI to view the CLI summary.
Step 6
To delete any bootstrap template, select the specific bootstrap template check-box and click Delete.
These templates that you create will be saved in PnP Bootstrap Templates (User Defined).
You can choose this newly created bootstrap template when adding a profile instance by selecting the specific bootstrap template from PnP Bootstrap Templates (User Defined). The details will automatically be displayed and will be editable.
You can also use the Configuration > Templates > Features & Technologies > CLI Templates > System Templates-CLI > Plug And Play Bootstrap to create a customized bootstrap template.
The bootstrap configurations that Prime Infrastructure provides have the following content:
ip host OVA-VM-176 10.104.118.176
cns trusted-server all-agents OVA-VM-176
cns trusted-server all-agents 10.104.118.176
cns id Hardware-Serial event
cns id Hardware-Serial image
cns event OVA-VM-176 encrypt keepalive 120 2 reconnect-time 300
cns image server https://OVA-VM-176:443/cns/HttpMsgDispatcher status https://OVA-VM-176:443/cns/HttpMsgDispatcher
cns config partial OVA-VM-176 encrypt 443
cns config initial OVA-VM-176 encrypt 443
In the following example, pi-hateast-151 is the Prime Infrastructure server hostname.
crypto pki trustpoint pi-hateast-151
crypto pki certificate chain pi-hateast-151
30820399 30820281 A0030201 0202044C AAA6BE30 0D06092A 864886F7 0D010105
0500307D 310B3009 06035504 06130255 53310B30 09060355 04081302 43413111
300F0603 55040713 0853616E 204A6F73 65311630 14060355 040A130D 43697363
6F205379 7374656D 73311D30 1B060355 040B1314 574E4255 20286175 746F6765
6E657261 74656429 31173015 06035504 03130E70 692D6861 74656173 742D3135
31301E17 0D313430 38303530 36313432 355A170D 31363038 30343036 31343235
5A307D31 0B300906 03550406 13025553 310B3009 06035504 08130243 41311130
0F060355 04071308 53616E20 4A6F7365 31163014 06035504 0A130D43 6973636F
20537973 74656D73 311D301B 06035504 0B131457 4E425520 28617574 6F67656E
65726174 65642931 17301506 03550403 130E7069 2D686174 65617374 2D313531
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00877EEC 985CFD97 92BAE4C4 E611B089 E4453714 844F2DEC C944F907 D53BB92A
016CA25C 007F2EF5 51CAA930 8EADF3BA 165D3A25 004FCFE3 2D0A9A92 B8165508
C4642DFA F1A0DFEE F8F1C958 7CBE7ED7 6D74195A F1E7133A 5A7EFF36 0AF8ADC1
8A829515 D91EF557 CE9F4915 B4C04FD0 F461C211 FB70A375 AA7204DC 4C025FED
72896754 53FB1F7A 9F30CC0D A0443D50 9DDB7A90 3544F345 0CAB8FDB A8009718
F8D49347 741493AD 746B3DC3 0E41D2FF 72B51816 7968D924 1F42536A 1C7B29F2
C569E111 3D126FBF 4B23F2A5 96AA446E BA9F5A94 68F1F7A3 E8C4994F BCF4B2FB
ED5589BF D222DD29 2EACFE48 DDA45116 EA2C42BA 9E37B6DA 05E7582E 1521512A
B1020301 0001A321 301F301D 0603551D 0E041604 14C05AA1 1AF06B2A D5AA67BD
226B487B 0518343B 5B300D06 092A8648 86F70D01 01050500 03820101 00741493
7B6360D5 34F7ED04 2078A847 788ACDFF A143162B 1736AB2C A8E3EA2B 1CE54E9E
AEFBE562 21D8F70E 3AD9EF0E ED782A7D 362D4D1A 9275C791 96F19584 C873DAF1
16108A59 186FD2E1 BD00F61C 2C57D6A0 0DE5E42B B76210BE EAB8C9F2 2C476091
B5F0B661 E8C8277F 5F673547 0404C863 0BE127B2 9E3FDE18 139F9BAD F5EC945A
30715BDF B72565F0 D25DBA40 216091F0 98BDB241 993662F9 248C1423 8F5417B2
69672F32 6212D37F 008A4B86 CDF280E9 2C89F1CF 9E63311D 2B349C07 43D8D02D
F9770607 9F14DF51 896BF1EF 8B2A3EC5 3B1E564E 4E079B4A CC684745 11372D92
377407E8 194EF897 5B62B38B 16B6F1EF F080A3E4 512508B8 4322C2DD 86
ip host pi-hateast-151 10.104.119.151
cns trusted-server all-agents pi-hateast-151
cns trusted-server all-agents 10.104.119.151
cns id hardware-serial event
cns id hardware-serial image
cns event pi-hateast-151 encrypt keepalive 120 2 reconnect-time 60
cns image server https://pi-hateast-151/cns/HttpMsgDispatcher status https://pi-hateast-151/cns/HttpMsgDispatcher
cns config partial pi-hateast-151 encrypt 443
cns config initial pi-hateast-151 encrypt 443
transport http ipv4 <APIC-EM server IP>
crypto ca trustpoint <APIC-EM Server IP>.cisco.com
crypto ca authenticate <APIC-EM Server IP>.cisco.com
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
transport https ipv4 <APIC-EM Server IP> port 443
After you create a deployment profile and export it, you can download this certificate directly from Prime Infrastructure. If executing the bootstrap in a device, only the last two commands are required because the APIC-EM server will install certificates directly on the device.
Related Topics
Methods of Installing Bootstrap Configurations
A bootstrap configuration is a minimal configuration that is required for devices to establish a connection to the Prime Infrastructure gateway (CNS or APIC-EM). The bootstrap configuration can be installed on the devices using any of the bootstrap delivery methods that Prime Infrastructure supports:
–
For CNS gateway—DHCP option 150
–
For APIC-EM—DHCP option 43. You can configure option 43 on the APIC-EM server IP under DHCP Configuration. When a device gets its IP address from DHCP, it will get the bootstrap configuration also.
- Mobile application—You can use the Cisco Network Plug and Play mobile application.
Related Topics
Exporting the Bootstrap Configuration
You can export a bootstrap configuration and then manually apply the bootstrap on the device. After the bootstrap configuration is applied, the Plug and Play deployment is initiated and the administrator can view the configuration status on Prime Infrastructure.
Step 1
Choose Configuration > Plug and Play > Dashboard and in the Home tab, click PnP Profiles.
Step 2
From the Plug and Play Profiles page, select a profile from the list.
Step 3
Click Profile Instances.
Step 4
C lick Export Bootstrap > Download Bootstrap, then click OK.
Step 5
After the bootstrap configuration is downloaded and applied, the Plug and Play deployment is initiated.
Related Topics
Exporting the Bootstrap Configuration Using TFTP
If you are using a CNS gateway only for Plug and Play, you can use the TFTP protocol to deliver the bootstrap configuration to the Prime Infrastructure TFTP server. You can specify the file name that should be created on the TFTP server; this file is used by the auto-install enabled devices to get the IP address and other Prime Infrastructure details through the DHCP. In the DHCP server, the TFTP server must be configured as the Prime Infrastructure TFTP server. For more information, please see Cisco Open Plug-n-Play Agent Configuration Guide, Cisco IOS XE Release 3E.
Step 1
Choose Configuration > Plug and Play > Dashboard and in the Home tab, click PnP Profiles.
Step 2
From the Plug and Play Profiles page, select a profile from the list.
Step 3
Click Profile Instances.
Step 4
Click Export Bootstrap > TFTP.
Step 5
After the bootstrap configuration is downloaded and applied, the Plug and Play deployment is initiated.
Related Topics
Emailing the Bootstrap Configuration
You can email the bootstrap configuration and then manually apply the bootstrap on the device. After the bootstrap configuration is applied, the automated deployment is initiated. The administrator can view the configuration status on Prime Infrastructure.
Note
Before you can email the bootstrap configuration, you must set the email settings under Administration > Settings > System Settings > Mail and Notification > Mail Server Configuration.
To email the bootstrap configuration to the operator:
Step 1
Choose Configuration > Plug and Play > Dashboard and in the Home tab, click PnP Profiles.
Step 2
From the Plug and Play Profiles page, select a profile from the list.
Step 3
Click Profile Instances.
Step 4
Click Export Bootstrap > Email Bootstrap.
Step 5
Enter the email address to which the bootstrap configuration is be sent, then click OK.
Step 6
After the bootstrap configuration is downloaded and applied, the Plug and Play deployment is initiated.
Related Topics
Emailing the PIN for the Bootstrap Configuration
Prime Infrastructure generates a random Personal Identification Number (PIN) per device. This PIN can be used to identify the device and the Plug and Play profile (bootstrap configuration) associated with it. After the pre-provisioning tasks are complete, the administrator must use the Email PIN option (available in the pre-provisioning task of the Prime Infrastructure) to email the unique PIN to the deployment engineer. During installation, the deployment engineer uses this PIN to download the bootstrap configuration from the server.
To deliver the PIN for the bootstrap configuration:
Step 1
Choose Configuration > Plug and Play > Dashboard and in the Home tab, click PnP Profiles.
Step 2
From the Plug and Play Profiles page, select a profile from the list.
Step 3
Click Profile Instances tab.
Step 4
Click CNS Email PIN.
Step 5
Enter the email address to which the PIN should be sent and click OK.
Step 6
Use one of the following methods to apply the bootstrap configuration:
- If you are applying the bootstrap configuration using the deployment application, the Prime Infrastructure Plug and Play deployment application communicates to the Prime Infrastructure and applies the bootstrap configuration on the device.
- If you are manually applying the bootstrap configuration using the PIN:
–
Use the PIN to download the bootstrap configuration from the Prime Infrastructure Plug and Play gateway: https://<pnp-gateway-server>/cns/PnpBootstrap.html. You can also register the ISR’s serial number during this process.
–
Apply the bootstrap configuration on the device manually, using a console or USB flash.
For detailed information about Plug and Play deployment, see the Cisco Plug and Play Application User Guide.
Step 7
After the bootstrap configuration is applied, the Plug and Play deployment is initiated.
Related Topics
Using DHCP to Export Bootstrap Configurations
To use the DHCP option to export a bootstrap configuration, you must have the following configuration on your devices:
- For CNS gateway—DHCP option 150
ip dhcp pool <DHCP pool name>
network <subnet> <subnet mask>
default-router <default gateway>
option 150 ip <prime_infrastucture_server_IP>”
- For APIC-EM—DHCP option 43
ip dhcp pool <DHCP pool name>
network <subnet> <subnet mask>
default-router <default gateway>
option 43 ascii "5A1D;B2;K4;I<APIC-EM_server_IP>;J80"
Sample DHCP Server Settings
If you select the DHCP-based method to deliver the Plug and Play Profile, you must configure the DHCP server to redirect the switch to the TFTP server by entering the commands described in Table 27-2 .
This method is not supported for HTTPS with the Encrypt CNS commands. It is supported with the HTTP CNS commands.
The DHCP-based method follows these steps:
1. The new switch contacts the DHCP server. You must configure the DHCP server to redirect the switch to the TFTP server. See Table 27-2 for more information.
2. The DCHP server points the switch to the new TFTP server where the Plug and Play bootstrap profile resides.
3. The switch loads the bootstrap configuration file, boots up, and then contacts the Plug and Play Gateway.
Table 27-2 DHCP Server Settings
|
|
ip dhcp pool PNP |
Creates a DHCP pool named PNP. |
network 10.106.190.0 255.255.255.224 |
Defines the network 10.106.190.0 and subnet mask 255.255.255.224. DHCP uses this pool of IP addresses to assign an IP address to the new device. |
default-router 10.106.190.17 |
Configures the default route 10.106.190.17 on the new device. |
option 150 ip 10.77.240.224 |
Specifies that the TFTP server IP address 10.77.240.224 is the Prime Infrastructure server IP address. |
Note Cisco does not support these non-Cisco DHCP products. However if you are using other DHCP servers please note the following:
- Both the CNS-based Cisco Plug and Play Agent and the APIC-EM based Cisco Open Plug-N-Play Agent use a VPN-ID option (Option 221) of "Mgmt-intf" in their DHCP packets. An enterprise level DHCP server will not be able to process these packets without properly handling that VPN-ID.
- Both the CNS-based Cisco Plug and Play Agent and the APIC-EM based Cisco Open Plug-N-Play Agent expect the TFTP server address to be returned as a string. Enterprise level DHCP servers return Option 150 as an IP address, and Option 66 as a string.
- Both the CNS-based Cisco Plug and Play Agent and the APIC-EM based Cisco Open Plug-N-Play Agent expect a default route (Option 33). Enterprise level DHCP servers return Option 33 as a default route, not just the address of the router as provided by Option 3.
Related Topics
Verifying Device Status
Choose Configuration > Plug and Play > Dashboard and in the Home tab, click Status Information.
The device details (Serial ID, hostname, IP address, type, profile name, location), current and post Plug and Play statuses, and the graphical representation of the provisioning status are displayed in a List view.
Click Map in the upper right corner to view the device details and their statuses in map view. See Integrating Map View.
You can choose Administration > Dashboards > Job Dashboard > User Jobs > Post PnP Status to view the status of post Plug and Play configuration job on a device.
Integrating Map View
You can view the details in a map view in any of the following ways:
- Choose Configuration > Plug and Play > Dashboard and click Monitoring tab.
- Choose Configuration > Plug and Play > Dashboard and click Home tab. Click Status Information and click Map from the upper right corner of the Device Status page.
- Choose Configuration > Plug and Play > Dashboard and click Home tab. Click Locations.
1 |
Click to view the map in full screen. |
2 |
You can perform zooming operations using mouse or keyboard. With keyboard, click the + or - signs to zoom in or zoom out. With mouse, use the mouse scroll wheel to zoom in or zoom out or double-click to zoom in. |
3 |
Click to view the provisioning status of the device in detail. |
4 |
Click to view the sites that do not have geographical coordinates specified. |
5 |
Click to view the devices that are not mapped to any location. Drag and drop the devices to a location in the map. The device automatically gets mapped to that location group. |
6 |
Toggle the button to enable edit mode. Once enabled, you can drag and drop the unmapped devices to a location in the map. Before you map a device to a location, create location groups. See Using Location Groups. |
7 |
Select a location from the list. |
8 |
Click to view the cluster details. A cluster represents two or more locations in a geographical area. Hover the mouse over the site to view the number of devices mapped to it. Click the number hyperlink to view the device details. |
9 |
Click List to view the Device Status page. |
Related Topics
Deleting Plug and Play Profiles
If you are using APIC-EM for Plug and Play, you might need to delete a plug and play profile that is incorrect or outdated.
Step 1
Execute the following command from the router CLI to remove the Plug and Play profile from the router:
no pnp profile
plug_and_play_profile_name
Step 2
Delete the provisioning profile by choosing Configuration > Plug and Play > Dashboard and click PnP Profiles. Select a Plug and Play profile, click Profile Instances, then delete the required provisioning profile.
Step 3
Choose Configuration > Plug and Play > Dashboard and click PnP Profiles. Select the Plug and Play profile you want to delete, then click Delete.
Related Topics