Had set up Cisco Prime and APIC-EM, and plan to use PnP to deploy a number of new switches, primary 2960X-series, as well as access points. Integrated APIC-EM into Cisco Prime, and have created an PNP profile in Prime which and deployed it as a project to APIC-EM. For testing purposes both the APIC-EM, Cisco Prime and switch used for testing is placed in the same subnet.
By the logs on the switch, it seems like it successfully connect to the APIC-EM server, but then it looks like it tries to download config from the DHCP-server.
Of the switch output you see the following:
Apr 20 11:18:59.826: AUTOINSTALL: Obtain siaddr 192.168.1.20 (as config server)
Where 192.168.1.20 is the DHCP-server, not APIC-EM. Why do the switch try to use this address as "config server"? Where is this address obtained from?
So I first tried to use PNP with the DHCP option 43, but thought that I might give DNS a try instead, but it seems like the ouput is the same.
The config below is with DNS-entry with "pnpserver.domain.local", no DHCP option 43.
From the logs it still tries to locate APIC-EM.
What configuration (with options) you're passing to the switch from DHCP server?
For clear test I'd suggest:
- temporary forget about prime - apic-em intergation
- define local dhcp server with option 43 on your L3
- wipe switch and try again
In the below logs, 192.168.1.20 is the DHCP server, 192.168.1.40 is the APIC-EM server.
It seems to me, that the switch manages to read the DCHP option 43, and get the correct IP. However it still tries to use the DHCP server as config server.
The DHCP option looks like this, Microsoft DHCP Server:
Output from switch console:
Press RETURN to get started!
*Mar 1 00:00:27.661: Read env variable - LICENSE_BOOT_LEVEL =
*Jan 2 00:00:00.150: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c2960x_lanbase Next reboot level = lanbase and License = lanbase
Apr 24 09:11:57.114: in Switch 0. Cannot read pid from Flexstack module
Apr 24 09:11:57.212: %HPAA:hpaa_port_bitmap_init:254:n_ports = 52, sizeof (**hpaa_port_bitmap.bitlist_array) = 16
Apr 24 09:12:40.973: %STACKMGR-4-SWITCH_ADDED: Switch 1 has been ADDED to the stack
Apr 24 09:12:42.399: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
Apr 24 09:12:42.399: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down
Apr 24 09:12:44.251: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
Apr 24 09:13:06.897: %STACKMGR-5-SWITCH_READY: Switch 1 is READY
Apr 24 09:13:06.897: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 1 has changed to state DOWN
Apr 24 09:13:06.897: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state DOWN
Apr 24 09:13:07.366: %STACKMGR-5-MASTER_READY: Master Switch 1 is READY
Apr 24 09:13:07.415: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45.
Apr 24 09:13:07.418: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(2)E6, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Fri 16-Dec-16 21:27 by prod_rel_team
Apr 24 09:13:09.354: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down
Apr 24 09:13:10.358: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down
Apr 24 09:13:12.346: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to up
Apr 24 09:13:13.349: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up
Apr 24 09:13:40.354: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
Apr 24 09:13:44.838: %PNPA-DHCP Op-43 Msg: Process state = READY
Apr 24 09:13:44.838: %PNPA-DHCP Op-43 Msg: OK to process message
Apr 24 09:13:44.838: XML-UPDOWN: PNPA_DHCP_OP43 XML Interface(102) UP. PID=141
Apr 24 09:13:44.838: %PNPA-DHCP Op-43 Msg: _pdoon.1.ntf.don=141
Apr 24 09:13:44.852: %PNPA-DHCP Op-43 Msg: _pdoop.1.org=[A1D;B2;K4;I192.168.1.40;J80]
Apr 24 09:13:44.852: %PNPA-DHCP Op-43 Msg: _pdgfa.1.inp=[B2;K4;I192.168.1.40;J80]
Apr 24 09:13:44.852: %PNPA-DHCP Op-43 Msg: _pdgfa.1.B2.s12=[ ipv4 ]
Apr 24 09:13:44.852: %PNPA-DHCP Op-43 Msg: _pdgfa.1.K4.htp=[ transport http ]
Apr 24 09:13:44.852: %PNPA-DHCP Op-43 Msg: _pdgfa.1.Ix.srv.ip.rm=[ 192.168.1.40 ]
Apr 24 09:13:44.852: %PNPA-DHCP Op-43 Msg: _pdgfa.1.Jx.srv.rt.rm=[ port 80 ]
Apr 24 09:13:44.852: %PNPA-DHCP Op-43 Msg: _pdoop.1.ztp=[pnp-zero-touch] host=[] ipad=[192.168.1.40] port=80
Apr 24 09:13:44.852: %PNPA-DHCP Op-43 Msg: _pors.done=1
Apr 24 09:13:44.852: %PNPA-DHCP Op-43 Msg: _pdokp.1.now=PNPA_DHCP_OP43 pid=141
Apr 24 09:13:44.852: XML-UPDOWN: PNPA_DHCP_OP43 XML Interface(102) SHUTDOWN(101). PID=141 got vend id vend spec. info ret: succeed
Apr 24 09:14:00.811: AUTOINSTALL: Obtain siaddr 192.168.1.20 (as config server)
Apr 24 09:14:10.818: %PNP-6-HTTP_CONNECTING: PnP Discovery trying to connect to PnP server http://192.168.1.40:80/pnp/HELLO
Apr 24 09:14:11.825: %PNP-6-HTTP_CONNECTED: PnP Discovery connected to PnP server http://192.168.1.40:80/pnp/HELLO
Apr 24 09:14:12.839: %PNP-6-PROFILE_CONFIG: PnP Discovery profile pnp-zero-touch configured
Apr 24 09:14:38.353: %SYS-6-CLOCKUPDATE: System clock has been updated from 09:14:37 UTC Mon Apr 24 2017 to 09:14:38 UTC Mon Apr 24 2017, configured from console by console.
%Error opening tftp://192.168.1.20/network-confg (Timed out)[OK]
Apr 24 09:14:46.482: %PKI-6-CONFIGAUTOSAVE: Running configuration saved to NVRAM
%Error opening tftp://192.168.1.20/cisconet.cfg (Timed out)
%Error opening tftp://192.168.1.20/router-confg (Timed out)
%Error opening tftp://192.168.1.20/ciscortr.cfg (Timed out)
Ok, looks like dns is working.
A couple of things:
1) Are you also setting option 150 in the dhcp scope (you should not)?
2) Can you show the rule that PI created for the device in APIC-EM? Look in the PnP app on APIC under projects. Did you specify SUDI or certificates?
3) as Misha suggested a good way to troubleshoot in the beginning would be to just use APIC-EM initially, once you understand the process, include PI.
I first tried with DHCP option 43, with the same result as what posted above. I now have removed DHCP option 43, and tried to use DNS instead to see if that helped.
From what I see in the logs, it looks like there is some connection to the PnP server, but that it uses DHCP-server as config server even before that connection takes place:
Apr 20 11:18:59.826: AUTOINSTALL: Obtain siaddr 192.168.1.20 (as config server)
Apr 20 11:19:15.859: %PNP-6-HTTP_CONNECTING: PnP Discovery trying to connect to PnP server http://pnpserver.domain.local/pnp/HELLO
Apr 20 11:19:15.880: %PNP-6-HTTP_CONNECTED: PnP Discovery connected to PnP server http://pnpserver.domain.local/pnp/HELLO
Apr 20 11:19:16.893: %PNP-6-PROFILE_CONFIG: PnP Discovery profile pnp-zero-touch configured
Try again with removing DNS entry, and use DHCP option 43 and post the results.
- Have not used DHCP option 150 in the DHCP scope. Should I?
- Have not specified and certificates or SUDI. As I understand this is not necessary? It will be used only for in house switches, no deployment for remote branches or so.
No need for the certificates. wanted to simplify things.
You should not have option 150 in scope. Was trying to see where the tftp server was coming from. Likely picking it up from a broadcast. It should not matter either.
What is the host with ip address 192.168.1.20. Would it be possible to test without PI, just to eliminate another part.
192.168.1.20 is the DHCP server. In real life the DHCP server is placed on another subnet, I've just edited the IP addresses before uploading the logs.
I will try to deploy without PI, and just create a new project in APIC-EM.
So I created a new project in APIC-EM, added a new switch with a simple template setting hostname and some username and passwords, I still get the same results.
Also with no projects configured, when I turn on a switch, it get's the same. (When the switch is not predefined in APIC-EM).
A question, the pnp profile is added with the correct IP to the APIC-EM server. When the switch reboots, wouldn't it try to connect to this PNP profile? Or is the profile used for something else?
Is there any commands available to debug how the switch recieves the "config server" address.
Update:
Also upgraded firmware of one of the switches to 15.2.2 E6, with no improvements.
show pnp trace on the switch will show where the pnp process is up to.
show pnp history will show all of the events that have occured.
Installed APIC-EM in another enviroment, and at first I experienced the same problems.
Then I changed the DHCP option 43 from:
"5A1D;B2;K4;I<ipAddress>;J80"
to
"5A1N;B2;K4;I<ipAddress>;J80"
which seemd to do the trick. I will keep you updated when I get back to the enviroment where I first experienced the error.
That is interesting... the "D" option turns on debugging.
Comments
0 comments
Please sign in to leave a comment.