Articles in this section

See more

3850 PnP using DHCP option43

Avatar
DevNet Support
Updated
Follow

Got a 3850 and want to download its config from APIC-EM with no intervention of the switch i.e power the switch on and it automatically connects to the APIC-EM and installs its confg.

Got a 3850 with new software ----  cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5

Cleared the config using the following commands below. as per the following link

 ==============Website screen output========================

configure terminal

crypto key zeroize

  no crypto pki certificate pool

no pnp profile pnp-zero-touch

end

delete nvram:*.cer

delete stby-nvram:*.cer (if the device has stack members)

write erase

reload

====================End of output======================

Want to simulate zero intervention. The second line appears after a while and will then just keep looping to no avail.

 ==============3850 screen output========================

Would you like to enter the initial configuration dialog? [yes/no]:

Loading http://devicehelper.cisco.com/ca/trustpool !

%Error opening tftp://255.255.255.255/network-confg (Timed out)

%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)

%Error opening tftp://255.255.255.255/router-confg (Timed out)

%Error opening tftp://255.255.255.255/ciscortr.cfg (Timed out)

%Error opening tftp://255.255.255.255/network-confg (Timed out)

%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)

%Error opening tftp://255.255.255.255/router-confg (Timed out)

%Error opening tftp://255.255.255.255/ciscortr.cfg (Timed out)

%Error opening tftp://255.255.255.255/network-confg (Timed out)

%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)

Loading http://devicehelper.cisco.com/ca/trustpool !

%Error opening tftp://255.255.255.255/router-confg (Timed out)

%Error opening tftp://255.255.255.255/ciscortr.cfg (Timed out)

====================End of output======================

 So the reason why it is trying to get to http://devicehelper.cisco.com/ca/trustpool is because when checked the config which at this point is at factory default, the following appears.

 ====================3850 screen output=================

pnp profile pnp_cco_profile

transport https host devicehelper.cisco.com port 443

====================End of output======================

If PnP profile is changed and the url is replaced with the IP of APIC-EM it connects and gets its config fine.

so the question is ....  How is the 3850 at factory default with no intervention ever going to connect to the APIC-EM if the factory default profile is making it go to the devicehelper.cisco.com URL. It is possible to point internal DNS for that url to APIC-EM but then what is the point of having option 43 with the APIC-EM IP in it.

Also here is the config for the dhcp server

 =========DHCP server output============

ip dhcp pool pnp_device_pool

   network 10.1.1.0 255.255.255.0

   default-router 10.1.1.1

   dns-server 192.168.64.14

   option 43 ascii "5A1N;B2;K4;I192.168.64.18;J80"

   option 60 ascii "ciscopnp"

============End===================

 How to check ALL the DHCP values the 3850 has received from the DHCP server.

 have done a debug DHCP on the 3850 and all the above values are received just fine.

You're using HTTP and tcp/80 in your DHCP config.  But when you got it work, you used HTTPS and tcp/443 (which is what you want).  Try:

 5A1N;B2;K5;I192.168.64.18;J443

 

PnP is designed so a default router/switch out of box can contact PnP server without any user input on device side.  There is a test command "test pnp discovery process".  But this is only for debugging purpose.

Your DHCP server setup has both DNS and Option 43 configs.  When your 3850 booted, there will be two discovery methods competing with each other.  In your case, DNS was able to resolve devicehelper.cisco.com first before Option 43. Try to remove " dns-server 192.168.64.14" from DHCP server and restart your test with factory default again.

 

Op43 gets precedence over CCO discovery. From your output seems like the APIC EM at 192.168.64.18 did not respond to the device, hence, the device moved on to CCO. Can you do "sh pnp trace" and it will show you why was op43 not successful.

Have managed to get this working with the following string in option 43 with no DNS

 "5A;B2;K4;I192.168.64.18;J80"

  •  Is the '1N' missing on purpose or is it just a typo. facing some similiar issues.

  • And does the pnp discovery even go through if there is some configuration present on a switch.All the devices in network are reachable and 'managed' but was expecting them to be also in the unplanned section . Got option 43 configured/ with HTTP on my DHCP server and  could see in wire shark that all requests/ack are present.

    PnP discovery will not initiate if there is existing configuration on your switch. 

     1N missing is a typo.  For more detail, check solution guide: Solution Guide for Cisco Network Plug and Play - Cisco

     First section of option 43 string:

    â 5A1N;—Specifies the DHCP suboption for Plug and Play, active operation, version 1, no debug information. It is not necessary to change this part of the string.

     

Comments

0 comments

Please sign in to leave a comment.