Cisco CCNP Enterprise 300-435 ENAUTO – Network Device Programmability Part 6
January 30, 2023

25. ZTP Lab

Now I’m going to show you the ZTP process, how this looked like. Let me quickly show you the default configuration that the device is sipped with. So if we go and check showrun system here you can see that the system wide configuration is pointing towards Aztp Viptella. com. And if we go and check the VPN zero configuration so we are ready to get the IP from the ISP. All right? So here we have these basic configuration. What we need to do that we need to go and kick off this process. So we understand and we see all each and every step. What I’ll do that I will do the monitored start for the syslog so we can see whatever things that is happening over the screen. And here you can see at the moment we don’t have IP over any of the VPN interface, but we have the management IP from where we logged into the device. All right, so what we have to do that we should go and push the template from the We Manage. So let me quickly log into the we manage dashboard.

Here you can see you have the configuration and the template. We have the inbuilt templates here that I can go and use. Here you can see that device attach Is zero. So let’s go and attach the device. We can confirm that this is the chassis ID that we want to attach and that can be confirmed from the we manage dashboard. Now, if you know these variables and later on we’ll discuss about that, how we can create the feature template and how we can create the CLI template. Those things we can discuss. But if you know these things, you can go and put these values like click edit template and you can put all these values. Suppose if you don’t know these things and you have these things inside the CSV file so you can go and upload it. So options are there.

Download this, fill in the blanks for all the CSV entries and then you can go and upload it. So what I try to tell here is that if I open the CSV file and if I show you this, you can see that what exactly they look like. So let me quickly show you this and you can see that how exactly they look like and what are the fields exactly you are looking to fill. So these are the values that is missing here. And what we can do if you download this, you will download that template without any field. But if you have already dashed, you can click upload, choose the file and I can go and I can go to the desktop and I can put that file. Once you upload, you’ll see that all those values will be filled up.

Now we’ll go next and this is scheduled. Meanwhile we’ll go to the place where we want to see all the inputs. Now in this point of time. Say, suppose if your Van interface is down, it will not work. So your Van interface should be up and running and we should get the IP from the DHCP. Anyways, if you don’t have the IP from the DSCP, if we are not able to resolve the first step, then obviously this will not resolve the other steps. So I’m kicking off the Van interface that was by default down. I have enabled that.

And once the Van interface is up, then you will see that we’ll start getting the Syslog messages. Okay, so we’ll wait till we start getting the Syslog message. Now you can see that I got the IP with this range and it’s tried to resolve the VPN zero and the DNS resolution, that is ZTP Triptaila. com. And then here you can see that ZTP Triptaila. com is able to reach. Now once we reach to the ZTP Triptela. com, then it will redirect that information towards the local V one. In our case, that local vivant is Born Cisco. com. And let’s see that where it is.

So here you can see if I can show you this, otherwise I will copy this log messages to the notepad and then I will show you all the steps. So now here you can see this vBond Cisco. com which is showing up and once I connect to that, then it will offer the V manage IP. So my vBond Cisco. com or my local vBond will offer the vBond IP that is 198-1810 to the local edge and then the Local edge will try to form the connection. Once it form the connection, obviously we have pushed the template as well. And let me do one thing quickly. Here it is going fastly. Let me copy all this log message in the note pad and then let’s go through it, because whatever steps that we will see here, there’s the exact same steps or exactly the same thing that is happening behind the scenes for the web teller process. So if you understand these steps, these steps will help us to drill down the process behind the scene. So let me quickly go and copy this.

These are copied, I will go and paste inside the notepad and let’s see. So first of all, what happened? It will go and search ZTP Viptella. com. So here you can see that ZTP Viptella. com has been resolved. Once it resolved that, then he will redirect that towards the local V one, that is V one dot Cisco. com in our case. So here you can see line number 27. Once it resolved that then now at this point of time, inside V manage we have the IP system IP. Actually, this is the system IP. Or the S device. Now. System IP. The S device is getting the system IP from the V manage. Now once they have the IP from the V manage, then again they will try to form the connection with the vBond Cisco. com. With this particular system. IP, that is. So that means the overall thing is that first of all they will bring up the control connection. Once the control connection, that means the GTLS is up and running, then they will go and form the OMP session.

Once we have the OMP session up and running, then my Vs smart actually he will exchange the Ipsic keys and the tlock information across different devices. Once they exchange the IPsec key and tlock information across different devices, these different devices, they will initiate the Ipsight tunnel and palely, they will send the BFT packet inside OMP. So my Vsmart should know that, okay, these are the tunnel endpoints and BFT is tracking those tunnel endpoints inside the OMP. That message will go and get exchanged. Now once my control plane is up, once my OMP is up, once my data plane is up, then only with help of OMP, these devices will go and install the routing information or routing table. So we have basically three different type of table.

We have OMP table, we have routing table, and finally with help of routing table, we have the Fib table that is the IP to next stop. So here you can see all these processes happening. Then whatever OMP has, whatever OMP based path has there, they will go and push those information to these S devices. And this is the way that the GTP process is working. So once GTP process is up and running, you can see the branches, they have their actual name.

And you can go and check the control connection. You can go and check the IPsec inbound outbound connection. You can go and check the outbound connection as well. Likewise you can go and check the BFD sessions and you can go and check the tunnel in detail as well. That is the stats. So this information you can go and check. All right, so I hope you understand the ZTP process. Now PNP process is also very much similar to ZTP with some few minor changes that we can discuss in the upcoming sessions.


I do recommend that you follow these URLs that I’m going to show you here. And this section we are going to do the summary as well. So whatever we have a study from last four to five videos or sessions, I’m going to do a quick summary for that. You should go and visit these URLs. These are very nice document. You can see it’s very recent one as well, 2020 Jan. And here you will get some more information about the device onboarding. Actually the detailed information about device onboarding and then we should know about the plug and P portal. So the customer nowadays we have the smart account and those smart accounts we can see each and everything. And this is not only specific to SDWAN but this is the complete lifecycle for DNA as well. Or you can think this is the new type of license management option that Cisco is giving us. So we can go to the software Cisco. com. There you can go and check your smart licenses, your virtual accounts and from there you can go and check the plug and P portal as well. Okay, so please go through and check these documents. Now we have discussed about these steps earlier that you are seeing here.

So whenever you’re on boarding the device, first of all they will go and try to establish the session with V wand means vBond is working as authenticator. Once we want will authenticate, you will bypass that message to the Vmanage and the Vsmart and we manage smart will form the connections. Once your control plane is up and running, then the data plane will form and then with help of OMP the Vs smart test the actual control plane, he will push the configuration to the edge devices that’s the overall flow that we have seen. Now we have learned about a GTP process and how different this PNP is.

Let’s discuss about that. So again here you can see there are steps that when you are onboarding the C edge devices, Cisco devices. So at that time they will query to the PNP server that is something DeviceHelper Ciscocom instead of ZTP Vipelercom. And from there it will get redirected towards the local V one and the rest of the process will be the same that we have a study. Now this is actually the nice workflow or the flow of the smart licenses connected with PNP connected with ZTP process. So here you can see that you have your V manage setting and this we manage. So what this we manage is doing. Let me quickly go and log into the we manage dashboard.

So if you go to the V manage dashboard and configuration and devices, you can see here that you have option to sync a smart account. At the moment you will go and click here, all the serial number and chassis ID will pop up here and those serial number and chassis ID and the controller profile you should create inside the We Manage. So here you can see that you have your We Manage. If you do auto sync, it will sync with PNP portal and PNP Portal even he is updating the ZTP server as well. So the Vs devices, the workflow, they will query to the ZTP server and they will get the serial number, chassis ID and then it will get redirected to the local we want in case of C Edge they will go and query the PNP portal.

So here you can see that you have Surface engineer, they have the controller profile updated to PNP portal or the customer or the partner. They can go to CCW where they can manage the smart account, virtual accounts, sav plus the hardware inventory list. Actually from that PNP portal you don’t need tack to raise some sort of RMA cases and hardware replacement and those steps directly you can go there and fill all the forms and you can raise it. So it’s nice and easy to manage your profile and the devices or inventory licenses etc, etc. From the PNP portal. So we know at this point of time, and this is a very interesting diagram and important that the data plane and control plane they are forming the OMP control plane is your Vsmart from We Manage.

They are using NETCONF to push the configuration and with the vBond we have a transient connection. We don’t have permanent connection with vBond. In this slide you can see that this device is using what. So iOS XE, they are using PNP and V Edge, they are using ZTP for automated deployment. So we have automated deployment and we have manual deployment as well. So suppose we have the boot strap method as well, means the iOS XE, you can upgrade the iOS XE image to SDWAN image and then you can run the SDWAN feature inside the iOS XE you may have iOS XE which already have the SDWAN image. So you can go and start writing the code means you can do the manual deployment. Later on in this section I will show you that how manually you can go and configure the devices. So this is the summary here you can see that you have all sorts of options. You have automated deployment, you have manual deployment, we can use the boot strap as well.

Now here we have the list where you can see that which device is using PNP which is capable of boot strapping, which is doing the manual in terms of iOS XE, in terms of VH, different hardware platforms. You can see, and this is a little bit up actually the VH cloud should be cut mark here and the manual is okay, but with VH cloud, how much automated deployment we can do, we have seen in the last session. All right and again this will go and redirect towards device helper. Cisco. com, if you’re doing the PNP and my ASR thousand two X they are not using PNP, it’s not applicable for them. But the rest of the hardware you can see that they can do PNP and they have the manual option as well. Now while you are doing the ZTP which interface you are connecting with the van. So here you can see for vs 101 hundred B, four gig, four for vs 1000 20020 5001st port on the first half level network slot vs cloud. This is not required in the manual process. I always try to explain this that you should do the system wide minimum configuration and VPN configuration. Inside VPN configuration you have the interface tunnel routing default route plus management interface configuration. So if you do all these minimum configuration so your manual process will up and running.

After that you can put different features like app route, QS, local policy, central policy et cetera et cetera. But first bring up the system and then later on you can go and do a number of things. Now suppose if your devices are behind the firewall and here you can see the list of the firewall ports related to UDP and TCP that should be opened. So here you can see that for UDP 12346 is the default. What I try to tell here if you go ahead and check show control connection you can see the port numbers here that is 12346 and then they will jump with 20. So these are the port numbers 123-461-2346 but they will jump with 20 and they will try to get whatever the available ports they have. In TCP they are using 23456 like this. So if it is behind the firewall, the idea is that you should go and create a rules to open those port numbers.

Now the basic configuration, what configuration you have say in V edge show control connection but in C edge you have to use the keyword SDWAN show SDWAN control connection again in V edge you can see you have control connection. Actually these outputs we have seen, we haven’t seen with the Ch. So let me quickly log into the ch and let me show you these results. Here I logged in inside the ch and I can go and I can type show SDWAN control connections so you can see that the command that you have to use SDWAN as a keyword then you can go and run those output. Again I can go and check show SDWAN and then the let’s start the question mark. So you have the control and with control you can see you have connection history, info connection, local properties summary et cetera. So everything but you have to use the keyword called SDWAN run these commands.

Leave a Reply

How It Works

Step 1. Choose Exam
on ExamLabs
Download IT Exams Questions & Answers
Step 2. Open Exam with
Avanset Exam Simulator
Press here to download VCE Exam Simulator that simulates real exam environment
Step 3. Study
& Pass
IT Exams Anywhere, Anytime!