Wireless Plug and Play Deployment Guide

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction
Components Used
Requirement Overview
APIC VM Install
DHCP Requirement
DNS Requirement
AP PnP Agent Requirement
Feature Configuration Step-by-Step
Site Pre-Provisioning Workflow
Creating a Site or Project
Adding a Device
Uploading the Configuration File
Deploying Devices
Claiming the Device
Bulk Import Sites and Devices
Troubleshooting the Cisco Network Plug and Play
Checking Cisco Network Plug and Play Status
Reviewing the Status from the Dashboard
Public Cloud Re-direction Service

Introduction

The Cisco Network Plug and Play solution provides a simple, secure, unified, and integrated offering for enterprise network customers to ease new branch or campus rollouts, or for provisioning updates to an existing network. The solution allows use of Cloud Redirection service, on-prem, or combination which provide a unified approach to provision enterprise networks comprised of Cisco routers, switches, and wireless devices with a near zero touch deployment experience.

This deployment guide introduces the Cisco Network Plug and Play application for wireless access points. This application allows you to pre-provision the remote site. When you provision a large site, you can use the Cisco Network Plug and Play application to pre-provision the site and add access points to the site. This includes entering access point information and setting up a bootstrap configuration if required. The bootstrap configuration enables the Plug and Play Agent to configure the access point such as the WLC info, hostname, AP group, FlexGroup, AP mode and so on.

When you create small sites where pre-provisioning is not required, access points can be deployed without prior set up on the Cisco Network Plug and Play application and then claimed. When an installer installs and powers up the access point, it auto-discovers the Cisco APIC-EM controller by using the DHCP, DNS or cloud redirection service. After the auto-discovery process is complete, the AP either joins a WLC with configuration from local PnP server, or communicates with the cloud redirection service for direction to target WLC or PnP server.

Components Used

APIC-EM minimum release of 1.0.1.30 with Cisco Network Plug and Play, virtually hosted in a Cisco UCS or equivalent server.
VMWare ESXi 5.x/6.x Virtual Machine minimum requirement:

Virtual Machine Options	VMware ESXi Version	5.1/5.5
Virtual Machine Options	Server Image Format	ISO
Hardware Specifications	Virtual CPU (vCPU)	6
	CPU (speed)	2.4 GHz
	Memory	64 GB

Note

For a multi-host deployment (2 or 3 hosts) only 32 GB of RAM is required for each host

Note

A single network adapter or network interface controller (NIC) is the minimum requirement. For security, we recommend that you use and configure two NICs on the server. See Security in the Limitations and Restrictions section of these release notes for additional information.

3800/2800/1800
3600/2600/1600
700i/700w

Requirement Overview

Install APIC EM Controller VM (optional if testing on-prem PnP server).
Configure a DHCP server with option 43 to allow Cisco network devices to auto-discover the APIC-EM controller (option 43 is not required if only testing cloud redirection).
Cloud redirection service requires a connection to the internet, and valid DNS server that can resolve ‘devicehelper.cisco.com’
On-prem PnP server can be added to DNS using ‘pnpserver.yourlocal.domain’
Pre–provision the device configuration in the Cisco Network Plug and Play application for all new devices to be deployed. This includes setting up the site and devices in it with the access point info of serial numbers and bootstrap configuration.
Device bring up order—In general, routing and upstream devices should be brought up first. Once the router and all upstream devices are up and provisioned, switches and downstream devices can be brought up. The Cisco Network Plug and Play Agent attempts to auto-discover the APIC-EM controller only during initial device startup. If at this time, the device cannot contact the controller, device provisioning fails, so upstream devices should be provisioned first
Cisco Router Trunk/Access Port Configuration–Typical branch networks include routers and switches. One or more switches are connected to the WAN router and other endpoints like IP phones and access points connect to the switches. When a switch connects to an upstream router, the following deployment models are supported for Cisco Network Plug and Play
Downstream switch is connected to the router using a switched port on the router. In this type of connection, the switched port on the router must be configured as an access port. The Cisco Network Plug and Play solution does not work for the switch if the switched port on the router is configured as a trunk port.

APIC VM Install

Upload the ISO to the ESXi 5.x server.

Guest OS—Ubuntu Linux 64bit
CPU Cores—6
RAM—64 GB
NIC—1
Storage—500 GB

Mount the ISO in the CD/DVD then power up the VM.

Allow the installation to complete, the VM will reboot as required. Once completed, the APIC-EM License Agreement will prompt to accept and continue (use keyboard to input and navigate).

Select 'Create a new APIC-EM cluster'.

Procedure

APIC-EM will proceed with installation, which will take some time (15-30 minutes). It provides an URL to monitor the progress at this link - HTTPS://MGT-IP-ADDRESS:14141 (note port 14141)

The console provides the configuration wizard status.

The previous link allows to monitor services being installed/started. Log in using the admin credentials provided in the installation step 3.

In the console dashboard, when deployed services and running clients are all showing green, it is then ready to be used for testing.

When configuration is successful, log in to the management application, link HTTPS://MGT-IP-ADDRESS (no additional port added). Use the same admin credentials created in step 3.

DHCP Requirement

New devices can reach the DHCP server
The DHCP server is configured with option 43 for Cisco Network Plug and Play

Name of DHCP pool	ip dhcp pool pnp_device_pool
Range of IP addresses assigned to clients	network 192.168.1.0 255.255.255.0
Gateway address	default-router 192.168.1.1
option 43 ascii "5A1N;B2;K4;I192.168.1.123;J80"	**

** Option 43 string, copy/paste include quotes, insert your APIC management IP address here.

DNS Requirement

New devices can reach the DHCP server
For on-premise, the APIC-EM controller is deployed with the hostname “pnpserver”

AP PnP Agent Requirement

Cisco CAPWAP access points with software release 8.3 provides the necessary recovery image to support PnP. An example output from the console of a NEW AP during boot up will show the following:

*Mar 1 00:00:13.027: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg config failed,trying backup. *Mar 1 00:00:13.027: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg.bak config failed. *Mar 1 00:00:15.035: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up *Mar 1 00:00:15.107: %SYS-5-RESTART: System restarted -- Cisco IOS Software, C3700 Software (AP3G2-RCVK9W8-M), Experimental Version 15.3(20150923:181842)[pkpanda 173] Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Wed 23-Sep-15 11:21 by pkpanda *Mar 1 00:00:15.107: %SNMP-5-COLDSTART: SNMP agent on host APfc5b.395a.b56c is undergoing a cold start *Mar 1 00:00:15.191: %LWAPP-3-CLIENTERRORLOG: NumOfSlots Mismatch Reinit all Radios config rcb:0 Cfg:2 *Mar 1 00:00:15.359: %SSH-5-ENABLED: SSH 2.0 has been enabledlwapp_crypto_init: MIC Present and Parsed Successfully

*Mar 1 00:00:16.151: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up *Mar 1 00:00:20.003: DPAA Initialization Complete *Mar 1 00:00:20.003: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited *Mar 1 00:00:21.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up *Mar 1 00:00:23.003: %LINK-6-UPDOWN: Interface BVI1, changed state to down *Mar 1 00:00:24.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down *Mar 1 00:00:27.151: %LINK-6-UPDOWN: Interface BVI1, changed state to up *Mar 1 00:00:28.151: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up *Mar 1 00:00:28.223: %PNPA-DHCP Op-43 Msg: Process state = READY *Mar 1 00:00:28.223: %PNPA-DHCP Op-43 Msg: OK to process message *Mar 1 00:00:28.223: XML-UPDOWN: PNPA_DHCP_OP43 XML Interface(102) UP. PID=47 *Mar 1 00:00:28.223: %PNPA-DHCP Op-43 Msg: _pdoon.1.ntf.don=47 *Mar 1 00:00:28.223: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.10.50.248, mask 255.255.255.0, hostname APfc5b.395a.b56c

*Mar 1 00:00:28.223: %PNPA-DHCP Op-43 Msg: _pdoop.1.org=[A1D;B2;K4;I192.168.1.123;J80;] *Mar 1 00:00:28.223: %PNPA-DHCP Op-43 Msg: _pdgfa.1.inp=[B2;K4;I192.168.1.123;J80;] *Mar 1 00:00:28.223: %PNPA-DHCP Op-43 Msg: _pdgfa.1.B2.s12=[ ipv4 ] *Mar 1 00:00:28.223: %PNPA-DHCP Op-43 Msg: _pdgfa.1.K4.htp=[ transport http ] *Mar 1 00:00:28.223: %PNPA-DHCP Op-43 Msg: _pdgfa.1.Ix.srv.ip.rm=[ 192.168.1.123 ] *Mar 1 00:00:28.223: %PNPA-DHCP Op-43 Msg: _pdgfa.1.Jx.srv.rt.rm=[ port 80 ] *Mar 1 00:00:28.223: %PNPA-DHCP Op-43 Msg: _pdoop.1.ztp=[pnp-zero-touch] host=[] ipad=[192.168.1.123]port=80 *Mar 1 00:00:28.223: %PNPA-DHCP Op-43 Msg: _pors.done=1 *Mar 1 00:00:28.223: %PNPA-DHCP Op-43 Msg: _pdokp.1.kil=[PNPA_DHCP_OP43] pid=47 idn=[BVI1] *Mar 1 00:00:28.223: XML-UPDOWN: BVI1 XML Interface(102) SHUTDOWN(101). PID=47 *Mar 1 00:00:29.155: %PNPA-DHCP Op-43 Msg: _pdoon.2.ina=[BVI1] *Mar 1 00:00:29.155: %PNPA-DHCP Op-43 Msg: _papdo.2.cot=[5A1D;B2;K4;I192.168.1.123;J80;] lot= [5A1D;B2;K4;I192.168.1.123;J80;] *Mar 1 00:00:29.155: %PNPA-DHCP Op-43 Msg: Process state = READY *Mar 1 00:00:29.155: %PNPA-DHCP Op-43 Msg: OK to process message *Mar 1 00:00:29.155: XML-UPDOWN: PNPA_DHCP_OP43 XML Interface(102) UP. PID=34 *Mar 1 00:00:29.155: %PNPA-DHCP Op-43 Msg: _pdoon.2.ntf.don=34

*Mar 1 00:00:34.039: No Config Present. PNP required. This indicates PNP process will initiate since no configuration is present.

Example that AP config is present (PNP will not start):

*Mar 1 00:00:34.043: Config Present. PNP Not required.

To check if AP has configuration perform the following command on the AP console:

AP#show capwap client rcb AdminState : ADMIN_ENABLED SwVer : 8.2.4.4 NumFilledSlots : 2 Name : APfc5b.395a.b56c Location : default location MwarName : There is no WLC name MwarMacAddr : ff01.0000.0000 MwarHwVer : 0.0.0.0 There is no WLC IP Address ApMode : Local ApSubMode : Not Configured OperationState : DISCOVERY

Feature Configuration Step-by-Step

Site Pre-Provisioning Workflow

Cisco Network Plug and Play allows you to pre-provision and plan for new sites. When you create a new site, Cisco Network Plug and Play enables you to pre-provision the access point(s) configuration file, product serial # and product ID for the selected platform. This simplifies and accelerates the time that it takes to get a site fully functional.

To pre-provision a site on your network, perform these steps:

Procedure

Creating a Site or Project

Creating a Site/Project