Migrating PnP API from APIC-EM to Cisco DNA Center

I have had a number of questions about the best way to migrate from APIC-EM to DNA Center for Plug and Play (PnP) provisioning of devices.  The PnP API was very popular in APIC-EM and both the PnP functionality as well as API have been enhanced in DNA Center. While the older workflow style API still exist in DNAC, they are relatively complex and have no UI component.

Transition approaches

I used to have two answers to the “how do I migrate” question. One approach was to transition (just use the workflow API), and the other was to transform (move to the new “site base” API).

If you had static configuration files for devices (e.g. some other tool to generate them) you would typically choose the first option.  If you were more interested in templates with variables, you would choose the second.

There is now a hybrid option, using the new site-claim API, with a “fixed” configuration template.

PnP API

First a look at the PnP API and how they work.  There are two steps, 1) Add a device and 2) Claim a device.

Step one adds the device to the PnP device table.  This can happen in two ways, unplanned (where the device discovers DNA Center), or pre-planned (where the device is inserted into DNA Center).  This step is unchanged from APIC-EM and uses the /import API endpoint.  All that is required is the model of the device and the serial number.

Once the device is part of the PnP table, it can then be claimed.   In the past, the workflow based API used the /claim API endpoint.  The newer /site-claim API endpoint is now recommended.   This requires a device (from step1) and a site.  There are optional attributes for image upgrade and configuration template.

These steps are seen in the UI.  The first device (“pre-planned”) has been added to DNA Center, but not claimed. The second device was added and claimed to a site.  The source of both devices was “User” which indicates they were pre-planned as opposed to “Network” which indicates an un-planned device.

Using the Scripts

These scripts are available on github. The readme has instructions on installing them. The scripts use the dnacentersdk I described in this post.

The first step is to upload the configuration files as templates.  These should be stored in the “Onboarding Configuration” folder.

$ ./00load_config_files.py --dir work_files/configs

Processing:switch1.cfg: adding NEW:Commiting e156e9e6-653d-4016-85bd-f142ba0659f8

Processing:switch3.cfg: adding NEW:Commiting 9ae1a187-422d-41b9-a363-aafa8724a5b2

Second step is to edit a CSV file contain the devices to be uploaded, and the configuration file. This file deliberately contains some errors (missing config file and missing image) as examples.

$ cat work_files/devices.csv 

name,serial,pid,siteName,template,image

adam123,12345678902,c9300,Global/AUS/SYD5,switch1.cfg,cat3k_caa-universalk9.16.09.05.SPA.bin

adam124,12345678902,c9300,Global/AUS/SYD5,switch2.cfg,cat3k_caa-universalk9.16.09.05.SPA.bin

adam_bad_image,12345678902,c9300,Global/AUS/SYD5,switch2.cfg,cat3k_caa-universalk9.16.09.10.SPA.bin

Third step is to use the script to upload the devices into DNA Center. The missing configuration and missing image are flagged.

$ ./10_add_and_claim.py --file work_files/devices.csv 

Device:12345678902 name:adam123 siteName:Global/AUS/SYD5 Status:PLANNED

##ERROR adam124,12345678902: Cannot find template:switch2.cfg

##ERROR adam_bad_image,12345678902: Cannot find image:cat3k_caa-universalk9.16.09.10.SPA.bin

adam_bad_image,12345678902,c9300,Global/AUS/SYD5,switch2.cfg,cat3k_caa-universalk9.16.09.10.SPA.bin

This will be reflected in the PnP page in DNA Center.

Under the Covers

Using the SDK abstracts the API.  For those that want to understand the payloads in more detail, here is a deeper dive into the payloads.

Templates

The following API call will get the projectId for the “Onboarding Configuration” folder.

GET dna/intent/api/v1/template-programmer/project?name=Onboarding%20Configuration

The result will provide the UUID of the project. It also provides a list of the templates, so could be used to find the template.   A different call is required to get the template body, as templates are versioned.  The “id” below is  the master template “id”

[

    {

        "name": "Onboarding Configuration",

        "id": "bfbb6134-8b1a-4629-9f5a-435a13dba75a",

        "templates": [

            {

                "name": "switch1.cfg",

                "composite": false,

                "id": "e156e9e6-653d-4016-85bd-f142ba0659f8"

            },

A better way to get the template is to call the template API with a projectId as a query parameter. It is not possible to lookup a template by name, the only option is to iterate through the list of results.

GET dna/intent/api/v1/template-programmer/template?projectId=bfbb6134-8b1a-4629-9f5a-435a13dba75a

Templates have versions. There is the master template Id, as well as an Id for each version. The example below only has one version “id”: “bd7cfeb9-3722-41ee-bf2d-a16a8ea6f23a”

{

        "name": "switch1.cfg",

        "projectName": "Onboarding Configuration",

        "projectId": "bfbb6134-8b1a-4629-9f5a-435a13dba75a",

        "templateId": "e156e9e6-653d-4016-85bd-f142ba0659f8",

        "versionsInfo": [ 

            {

                "id": "bd7cfeb9-3722-41ee-bf2d-a16a8ea6f23a", 

                "author": "admin",

                "version": "1",

                "versionTime": 1590451734078

            }

        ],

        "composite": false

    }

To get the body of the template (to compare SHA hash), use the template API call, for the specific version.

GET dna/intent/api/v1/template-programmer/template/bd7cfeb9-3722-41ee-bf2d-a16a8ea6f23a

Will return the body. Templates apply to a productFamily and softwareType. These will be used when creating or updating templates.

{

    "name": "switch1.cfg",

    "tags": [],

    "author": "admin",

    "deviceTypes": [

        {

            "productFamily": "Switches and Hubs"

        }

    ],

    "softwareType": "IOS-XE",

    "softwareVariant": "XE",

    "templateContent": "hostname switch1\nint g2/0/1\ndescr nice  one\n",

    "templateParams": [],

    "rollbackTemplateParams": [],

    "composite": false,

    "containingTemplates": [],

    "id": "bd7cfeb9-3722-41ee-bf2d-a16a8ea6f23a",

    "createTime": 1590451731775,

    "lastUpdateTime": 1590451731775,

    "parentTemplateId": "e156e9e6-653d-4016-85bd-f142ba0659f8"

}

To add a new template, there are two steps. The template has to be created, then committed. The second step is the same as updating an existing template, which creates a new version. Notice the deviceTypes and softwareType are required.

POST dna/intent/api/v1/template-programmer/project/bfbb6134-8b1a-4629-9f5a-435a13dba75a/template

{

     "deviceTypes": [{"productFamily": "Switches and Hubs"}],

     "name": "switch4.cfg",

     "softwareType": "IOS-XE",

     "templateContent": "hostname switch4\nint g2/0/1\ndescr nice  four\n"

}

This will return a task, which needs to be polled.

{

       "response": {

                 "taskId": "f616ef87-5174-4215-b5c3-71f50197fe72",

                 "url": "/api/v1/task/f616ef87-5174-4215-b5c3-71f50197fe72"

        },

        "version": "1.0"

}

Polling the task

GET dna/intent/api/v1/task/f616ef87-5174-4215-b5c3-71f50197fe72

The status is successful and the templateId is “57371b95-917b-42bd-b700-0d42ba3cdcc2”

{

  "version": "1.0", 

  "response": {

    "username": "admin", 

    "rootId": "f616ef87-5174-4215-b5c3-71f50197fe72", 

    "serviceType": "NCTP", 

    "id": "f616ef87-5174-4215-b5c3-71f50197fe72", 

    "version": 1590468626572, 

    "startTime": 1590468626572, 

    "progress": "Successfully created template with name switch4.cfg", 

    "instanceTenantId": "5d817bf369136f00c74cb23b", 

    "endTime": 1590468626670, 

    "data": "57371b95-917b-42bd-b700-0d42ba3cdcc2", 

    "isError": false

  }

}

The final step is to commit the change to the template.

POST dna/intent/api/v1/template-programmer/template/version

{

  "templateId": "57371b95-917b-42bd-b700-0d42ba3cdcc2"

}

To update an existing template, it is a PUT rather than POST. Again, the deviceTypes and softwareType are required.

PUT dna/intent/api/v1/template-programmer/template

{

 "deviceTypes": [ { "productFamily": "Switches and Hubs" } ],

 "id": "57371b95-917b-42bd-b700-0d42ba3cdcc2",

 "name": "switch4.cfg",

 "softwareType": "IOS-XE",

 "templateContent": "hostname switch4\nint g2/0/1\ndescr nice four **\n"

}

Again, a task is returned, which needs to be polled.

{

  "version": "1.0", 

  "response": {

    "username": "admin", 

    "rootId": "52689b1e-e9b8-4a60-8ae9-a574bb6b451c", 

    "serviceType": "NCTP", 

    "id": "52689b1e-e9b8-4a60-8ae9-a574bb6b451c", 

    "version": 1590470080172, 

    "startTime": 1590470080172, 

    "progress": "Successfully updated template with name switch4.cfg", 

    "instanceTenantId": "5d817bf369136f00c74cb23b", 

    "endTime": 1590470080675, 

    "data": "57371b95-917b-42bd-b700-0d42ba3cdcc2", 

    "isError": false

  }

}

The final step is to commit the change, as when first creating the template.  The UI will show two versions of this template.

Site

To find the siteId, a simple lookup is used, with the name as a query parameter.  This is the fully qualified name of the site.

GET dna/intent/api/v1/site?name=Global/AUS/SYD5

This will return the siteId.

{

  "response" : [ {

    "parentId" : "ace74caf-6d83-425f-b0b6-05faccb29c06",

    "systemGroup" : false,

    "additionalInfo" : [ {

      "nameSpace" : "Location",

      "attributes" : {

        "country" : "Australia",

        "address" : "177 Pacific Highway, North Sydney New South Wales 2060, Australia",

        "latitude" : "-33.837053",

        "addressInheritedFrom" : "d7941b24-72a7-4daf-a433-0cdfc80569bb",

        "type" : "building",

        "longitude" : "151.206266"

      }

    }, {

      "nameSpace" : "ETA",

      "attributes" : {

        "member.etaCapable.direct" : "2",

        "member.etaReady.direct" : "0",

        "member.etaNotReady.direct" : "2",

        "member.etaReadyNotEnabled.direct" : "0",

        "member.etaEnabled.direct" : "0"

      }

    } ],

    "groupTypeList" : [ "SITE" ],

    "name" : "SYD5",

    "instanceTenantId" : "5d817bf369136f00c74cb23b",

    "id" : "d7941b24-72a7-4daf-a433-0cdfc80569bb",

    "siteHierarchy" : "80e81504-0deb-4bfd-8c0c-ea96bb958805/ace74caf-6d83-425f-b0b6-05faccb29c06/d7941b24-72a7-4daf-a433-0cdfc80569bb",

    "siteNameHierarchy" : "Global/AUS/SYD5"

  } ]

}

Image

To find the imageid, for upgrading software, search for the image by imageName. NOTE, on some platforms this is different to name.

GET dna/intent/api/v1/image/importation?imageName=cat3k_caa-universalk9.16.09.05.SPA.bin

Returns the imageUuid, and a lot of other information about the image, including model numbers etc.

{

    "response": [

        {

            "imageUuid": "04d69fe0-d826-42e9-82c0-45363a2b6fc7",

            "name": "cat3k_caa-universalk9.16.09.05.SPA.bin",

            "family": "CAT3K_CAA",

            "version": "16.9.5",

            "md5Checksum": "559bda2a74c0a2a52b3aebd7341ff96b",

            "shaCheckSum": "a01d8ab7121e50dc688b9a2a03bca187aab5272516c0df3cb7e261f16a1c8ac355880939fd0c24cc9a79e854985af786c430d9b704925e17808353d70bf923f4",

            "createdTime": "2020-05-26 04:20:42.904",

            "imageType": "SYSTEM_SW",

            "fileSize": "450283034 bytes",

            "imageName": "cat3k_caa-universalk9.16.09.05.SPA.bin",

            "applicationType": "",

            "feature": "",

            "fileServiceId": "94eccf65-a1dd-47ca-b7c4-f5dd1a8cdeb7",

            "isTaggedGolden": false,

            "imageSeries": [

                "Switches and Hubs/Cisco Catalyst 3850 Series Ethernet Stackable Switch",

                "Switches and Hubs/Cisco Catalyst 3650 Series Switches"

            ],

            

Add Device

To add the device, supply a serialNumber, and pid. The name is optional. The aaa parameters are not used prior to DNAC 1.3.3.7. They are used to solve an issue with “aaa command authorization”.

POST dna/intent/api/v1/onboarding/pnp-device/import

[

  {

    "deviceInfo": {

      "serialNumber": "12345678902", 

      "aaaCredentials": {

        "username": "", 

        "password": ""

      }, 

      "userSudiSerialNos": [], 

      "hostname": "adam123", 

      "pid": "c9300", 

      "sudiRequired": false, 

      "stack": false

    }

  }

]

The response contains the deviceId, other attributes have been removed for brevity. At this point the device appears in PnP, but is unclaimed.

{

                 "successList": [

                     {

                         "version": 2,

                         "deviceInfo": {

                             "serialNumber": "12345678902",

                             "name": "12345678902",

                             "pid": "c9300",

                             "lastSyncTime": 0,

                             "addedOn": 1590471982430,

                             "lastUpdateOn": 1590471982430,

                             "firstContact": 0,

                             "lastContact": 0,

                             "state": "Unclaimed",

                         "tenantId": "5d817bf369136f00c74cb23b",

                         "id": "5eccad2e29da7c0008613b69"

                     }

Site-Claim

To claim the device to a site, use the siteId, imageId, templateId(configId) from earlier steps. Notice the master templateId is used, rather than a specific version. The master gets the latest version of the template by default. The type should be “Default”. If you are using a stack, then the type would be “StackSwitch”. Wireless Access points will set the type field to “AccessPoint”.

POST dna/intent/api/v1/onboarding/pnp-device/site-claim

{

  "configInfo": {

    "configId": "e156e9e6-653d-4016-85bd-f142ba0659f8", 

    "configParameters": []

  }, 

  "type": "Default", 

  "siteId": "d7941b24-72a7-4daf-a433-0cdfc80569bb", 

   "deviceId": "5eccad2e29da7c0008613b69", 

  "imageInfo": {

    "skip": false, 

    "imageId": "04d69fe0-d826-42e9-82c0-45363a2b6fc7"

  }

}

The response shows success, and this is reflected in the PnP UI.

{

      "response": "Device Claimed",

      "version": "1.0"

}

More on Stacks

One major innovation in DNAC PnP is support for stack renumbering. Prior to this, it was recommended that stack members be powered on two minutes apart, from top to bottom. This was to ensure a deterministic interface numbering. Stack renumbering is a much better solution to this problem. One of two stack cabling methods can be used, and the serial number of the top-of-stack switch is required.

There are two implications for API calls for the pre-planned workflow. The first is for the add device call. The stack parameter needs to be set to True.

POST dna/intent/api/v1/onboarding/pnp-device/import

[

  {

    "deviceInfo": {

      "serialNumber": "12345678902", 

      "aaaCredentials": {

        "username": "", 

        "password": ""

      }, 

      "userSudiSerialNos": [], 

      "hostname": "adam123", 

      "pid": "c9300", 

      "sudiRequired": false, 

      "stack": true 

    }

  }

]

The second is the site-claim. The type needs to be changed to “StackSwitch” and two extra attributes are required.

Note: The topOfStackSerialNumber has to be the same as the serial number used to add the device. In other words, add the device with the serial number you intend to use for the top of stack. It does not matter which switch in the stack initiates contact, as the stack will provide all serial numbers to DNAC.

POST dna/intent/api/v1/onboarding/pnp-device/site-claim

{

  "configInfo": {

    "configId": "e156e9e6-653d-4016-85bd-f142ba0659f8", 

    "configParameters": []

  }, 

  "type": "StackSwitch",

  "topOfStackSerialNumber":"12345678902",

  "cablingScheme":"1A", 

 

  "siteId": "d7941b24-72a7-4daf-a433-0cdfc80569bb", 

  "deviceId": "5eccad2e29da7c0008613b69", 

  "imageInfo": {

    "skip": false, 

    "imageId": "04d69fe0-d826-42e9-82c0-45363a2b6fc7"

  }

}

Continue reading

Zero to One Device Provisioning and Discovery with PnP Connect

What is PnP Connect?

Cisco Plug and Play Connect (a component of the Cisco Network Plug and Play solution) is a secure and scalable cloud-based service that provides a discovery mechanism for a network device to discover it on-premise Cisco DNA-Center or DNAC-Cloud. It’s the go-to solution for simple day-zero provisioning across all Cisco Enterprise platforms (routers, switches, and wireless access points).

What drives the necessity for this solution?

Installing and deploying the vast number of networking devices that reach their data center, branch networks, and campus rollout are costly for enterprises and campus deployments. Any computer usually has to be pre-staged by a professional installer and equipped with a CLI configuration via a console connection that allows it to connect to the rest of the network. This method is expensive, time consuming, and vulnerable to error. Due to these factors, customers would like to increase the speed and reduce the complexity of the deployment without compromising the security.

For PnP solutions we have the following 3 major pillars:

1. The solution should be simple, as that is critical for automation. For this our device should be able to call home to our controller, and this path should be robust.

2. The solution should be secure. We know some vendors have ZTP provision but that is traditional and not secure, specially through WAN connections. In PnP, the device gets secured connection via HTTPS solution and this gives the image to device. SUDI authentication is an added layer on top of this. When device calls home, a challenge is sent over the tunnel, and device will un-sign the certificate with a private key and it will be determined if the device is legit.

3. The solution has to have a consistent workflow for all kind of devices. Hence, we needed a simple secure unified and integrated solution that eases new branch rollouts or provisioning existing deployments.

What are the PnP solution components?

1. First, we need a server or orchestrator that makes the device do what it needs to do. This could be running on DNAC.

2. Second, the PnP agent is embedded in Cisco devices and communicates to the Cisco Network Plug and Play application using the open plug and play protocol over HTTPS during device deployments. The PnP agent attempts to obtain the IP address of the PnP server it wishes to connect with. The agent interacts with the PnP server to conduct deployment-related activities after a server is identified and a connection has been created.

3. PnP Server communicates with the PnP agent on the device using PnP protocol.

PnP protocol is the main connection. From that connection they will start using PNP schema (XML schema) to tell each other what they need to do and from there we provision the image or config.

4. If the device is not able to communicate to the server using DHCP or DNS it can use the PnP connect cloud-based service. This is the PnP Connect solution we launched that redirects device to the on prem DNAC.

How does PnP connect work?

PnP connect is a highly automation-based pre -provision workflow. Under this solution all the configurations that are to be pushed, site hierarchy and software image details are associated to a certain Serial Number of a device. All of this information will be linked to the device using the Smart Account. We can put our smart account information in our order when we buy it.

If you order plug and play network devices through Cisco Commerce Workspace (CCW), these network devices are automatically registered with Plug and Play Connect as long as a Cisco Smart Account is assigned to the order and you include the NETWORK-PNP-LIC option for each device that you want to use with Cisco Network Plug and Play. This option causes the device serial number and PID to be automatically registered in your Smart Account for plug and play.

There is also an option to manually add the device. The users can import a device from a CSV file or enter the devices information manually.

We also need to register DNAC as the default controller for the Smart Account, which will port all the SNs to DNAC. So, we will not need to import separate CSV files. Now, when device boots up their SN will get mapped and it will be sent to the mapped on-prem DNAC and all of configurations that were supposed to be pushed will be done accordingly in association to site.

The flexibility and efficiency that is achieved by using PnP connect is what makes it the true-blue solution.

Continue reading

How to Use the Plug and Play API in DNA Center – Part 2

Continuing the PnP story…

The first blog in this series gave an overview of network Plug and Play (PnP) and how it has evolved in DNA Center.   It showed a very simple workflow to provision a device with a configuration template with a variable called “hostname”.

One of my customers had a requirement to automate the PnP process for  deploying 1600 new switches.   Assigning a workflow and template variables to each device through the user interface would be a very time consuming and (potentially) error prone process.

This blog has an example script to automate this, then breaks down each of the API calls in case you would like to further customize.

The following API steps will be shown in detail:

1. Automated discovery of configuration template and variables from an onboarding workflow.
2. Automated addition of a new device to PnP.
3. Automated claiming of a device, assignment of the workflow and population of template variables.

The example scripts used here are all available from this Github repository.

Bulk Device Provisioning – Template Example

In order to bulk configure devices, I need a configuration file (csv in this case).  This file contains

◈ name of the PnP rule
◈ serial number of the device to be onboarded
◈ product ID of the device
◈ workflow name – which contains a configuration template
◈ hostname – a variable used in the configuration template defined in the workflow.

name,serial,pid,workflow,hostname
auto_python0,12345678910,WS-C3850,simpleTemplate,adam0
auto_python1,12345678911,WS-C3850,simpleTemplate,adam1
auto_python2,12345678912,WS-C3850,simpleTemplate,adam2
auto_python3,12345678913,WS-C3850,simpleTemplate,adam3
auto_python4,12345678914,WS-C3850,simpleTemplate,adam4
auto_python5,12345678915,WS-C3850,simpleTemplate,adam5
auto_python6,12345678916,WS-C3850,simpleTemplate,adam6
auto_python7,12345678917,WS-C3850,simpleTemplate,adam7
auto_python8,12345678918,WS-C3850,simpleTemplate,adam8
auto_python9,12345678919,WS-C3850,simpleTemplate,adam9

The csv file is used as input to the script.  In this case it is only 10 devices, but it would be the same process for 1600.

python ./10_add_and_claim.py work_files/bigtest.csv
Using device file: work_files/bigtest.csv
##########################
Device:12345678910 name:auto_python0 workflow:simpleTemplate Status:PLANNED
Device:12345678911 name:auto_python1 workflow:simpleTemplate Status:PLANNED
Device:12345678912 name:auto_python2 workflow:simpleTemplate Status:PLANNED
Device:12345678913 name:auto_python3 workflow:simpleTemplate Status:PLANNED
Device:12345678914 name:auto_python4 workflow:simpleTemplate Status:PLANNED
Device:12345678915 name:auto_python5 workflow:simpleTemplate Status:PLANNED
Device:12345678916 name:auto_python6 workflow:simpleTemplate Status:PLANNED
Device:12345678917 name:auto_python7 workflow:simpleTemplate Status:PLANNED
Device:12345678918 name:auto_python8 workflow:simpleTemplate Status:PLANNED
Device:12345678919 name:auto_python9 workflow:simpleTemplate Status:PLANNED

The DNA Center GUI shows 10 new devices have been added to PnP service, waiting to be onboarded. Once the devices connect to the network, they will contact DNA Center and be onboarded with the intended configuration.

The other python scripts in the repository will show the complete configuration template for the device (before it is provisioned) and do a bulk delete of the devices.

Looking at the API details – Workflow

I am going to keep the same steps as the first blog.  The first step it to examine the workflow to find the template and extract the variables from it.

A GET request looks up the workflow  “simpleTemplate” by name.  The workflow has a single step, called “Config Download” and the template has a UUID of  “d0259219-3433-4a52-a933-7096ac0854c3”, which is required for the next step. The workflow id is 5b16465b7a5c2900077b664e . This is required to claim the device.

GET https://dnac/api/v1/onboarding/pnp-workflow?name=simpleTemplate  

[

    {

        "version": 1,

        "name": "simpleTemplate",

        "description": "",

        "useState": "Available",

        "type": "Standard",

        "addedOn": 1528186459377,

        "lastupdateOn": 1528186459377,

        "startTime": 0,

        "endTime": 0,

        "execTime": 0,

        "currTaskIdx": 0,

        "tasks": [

            {

                "taskSeqNo": 0, 

                "name": "Config Download",

                "type": "Config", 

                "startTime": 0,

                "endTime": 0,

                "timeTaken": 0,

                "currWorkItemIdx": 0,

                "configInfo": {

                    "configId": "d0259219-3433-4a52-a933-7096ac0854c3" ,

                    "configFileUrl": null,

                    "fileServiceId": null,

                    "saveToStartUp": true,

                    "connLossRollBack": true,

                    "configParameters": null

                }

            }

  ],

        "addToInventory": true,

        "tenantId": "5afe871e2e1c86008e4692c5",

        "id": "5b16465b7a5c2900077b664e"

    }

]

A GET API call using the template id d0259219-3433-4a52-a933-7096ac0854c3 retrieves the template.  Notice there is a single variable with the name “hostname”, which will be used in the claim process.

Some of the response has been removed for brevity.  Templates will be covered  in more detail in future blogs.

GET https://dnac/api/v1/template-programmer/template/d0259219-3433-4a52-a933-7096ac0854c3

{

    "name": "base config",

    "description": "",

    "tags": [],

    "deviceTypes": [

        {

            "productFamily": "Switches and Hubs"

        }

    ],

    "softwareType": "IOS-XE",

    "softwareVariant": "XE",

    "templateParams": [

        {

            "parameterName": "hostname",

            "dataType": null,

            "defaultValue": null,

            "description": null,

            "required": true,

            "notParam": false,

            "displayName": null,

            "instructionText": null,

            "group": null,

            "order": 1,

            "selection": null,

            "range": [],

            "key": null,

            "provider": null,

            "binding": "",

            "id": "4481c1a4-fcb1-4ee8-ba2f-f24f2d39035b"

        }

    ],

<snip>

Adding a PnP device

The next step is to add the device to PnP database.  The three mandatory attributes are “name”,  “serialNumber” and “pid”.  The “pid” (productid) is used to determine if the device is capable of stacking, as some workflows have specific steps for stacks.  A POST request sends the attributes in a JSON payload.

The payload takes a list of “deviceInfo”, so multiple devices could be added in a single API call.

POST https://dnac/api/v1/onboarding/pnp-device/import  

[{

"deviceInfo": {

"name": "pnp-test",

"serialNumber": "FDO1732Q00B",

"pid":"ws-c3650",

"sudiRequired": false,

"userSudiSerialNos": [],

"stack": false,

"aaaCredentials": {

"username": "",

"password": ""

}

}

}]

The result has been shortened for brevity.   It was a synchronous API call (no task was returned in contrast to APIC-EM).

The “id” “5b463bde2cc0f40007b126ee” will be required for the claim process.  The id uniquely identifies this PnP device rule.

{

    "successList": [

        {

            "version": 1,

            "deviceInfo": {

                "serialNumber": "FDO1732Q00B",

                "name": "pnp-test",

                "pid": "ws-c3650",

                "lastSyncTime": 0,

                "addedOn": 1531329502838,

                "lastUpdateOn": 1531329502838,

                "firstContact": 0,

                "lastContact": 0,

                "state": "Unclaimed",

                "onbState": "Not Contacted",

                "cmState": "Not Contacted",

                "userSudiSerialNos": [],

                "source": "User",

"id": "5b463bde2cc0f40007b126ee"

Claiming PnP device

The final step is to “claim” the device. This step associates the workflow (including the configuration template and variables) with the device.  The values of  “workflowId”,“configId”(template) and “deviceId” were discovered in earlier steps.

A value for the hostname variable of is required in this case “pnp-test1” is provided.

Again, a list is provided for a given workflow, so multiple devices could be claimed by the same workflow.  Each device can have a unique set of config parameters.

POST https://dnac/api/v1/onboarding/pnp-device/import  

{

  "workflowId": "5b16465b7a5c2900077b664e",

  "deviceClaimList": [

    {

      "configList": [

        {

          "configId": "d0259219-3433-4a52-a933-7096ac0854c3",

          "configParameters": [

            {

              "value": "pnp-test1",

              "key": "hostname"

            }

          ]

        }

      ],

      "deviceId": "5b463bde2cc0f40007b126ee"

    }

  ],

  "populateInventory": true,

  "imageId": null,

  "projectId": null,

  "configId": null

}

The response is synchronous and gives a simple indication of success.

{

    "message": "Device(s) Claimed",

    "statusCode": 200

}

Summary

This blog covered the green API calls below.  Although “un-claimed” workflow was not officially covered, the claim API is the same as pre-provisioned.  The source of the network device differs as the device contacts DNA center before a rule is in place.  This means the /api/v1/onboarding/pnp-device/import API call is not required.

Using these API you can automate the onboading of tens, hundreds, or even thousands of devices.

Continue reading

Introducing PnP Connect

What is Cisco Network Plug & Play?

Cisco Network Plug & Play (PnP) is a secure and scalable solution for simple day-zero provisioning across all Cisco Enterprise platforms (routers, switches and wireless access points). The PnP application runs on top of Cisco Enterprise SDN Controller – APIC-EM.

Continue reading