Overview
In this episode of our ongoing Catalyst Center Automation Series, our focus is on using multiple dynamic approaches to automating the network. We have previously, in the series, concentrated our efforts on specific concepts concerning automation. Still, in this Self-Paced Standalone Lab, we will start to combine various ideas to give you a more in-depth look at what is possible through automation provided by Catalyst Center. We will automate the access layer with Dynamic templates, which can auto-provision ports based on PoE events. During this lab, we will utilize various velocity templates discussed in Lab 7 to deal with specific use cases so that Catalyst Center provisioning can enable those use cases via automation. This enables you, the network administrator, with the capability to solve more types of configuration issues from Catalyst Center and to deal with the dynamics of an enterprise network.
Unlike the previous Labs in the series, this lab is a self-contained lab and has no dependencies on any of the previous labs. While you can add concepts from Labs 5 and 6 to this lab, it is designed to have no pre-configuration. It utilizes various automation techniques to show the complete art of the possible in a non-Software Defined Access approach.
Within this series, we cover the following;
- PnP Preparation – explains the overall Plug and Play set up steps
- Onboarding Templates – explains in-depth how to deploy Day 0 templates
- Day N Templates – dives into Day N template constructs with both regular and composite templates and use cases
- Application Policys – explores Application Policys and SD-AVC in Catalyst Center and their use
- Telemetry – explains how to deploy Telemetry for assurance
- Advanced Automation – explores Advanced Automation techniques
- Dynamic Automation – a deployment lab for dynamic automation
What will I learn in the Dynamic Automation Lab?
This is an enablement type module within the Wired Automation lab, and it allows customers to reach beyond what they currently understand by trying new concepts, really pushing the boundaries of automation. We will cover various topics about template logic to solve multiple use cases during this lab. We cover some previous concepts with an in-depth focus on broadening their capabilities.
The concept of this lab is for you to build the environment from Discovery and PnP through to deployment. Allowing a safe place for you to try, modify, and get used to the various concepts and approaches.
Approach
Preparation
The Lab is built for minimal intervention making use of things like Rest-API run via Postman within a collection runner to quickly configure Catalyst Center. This allows us to deploy Settings, Credentials, Discover Devices, Build Sites, Buildings, Floors, and assign the devices to those sites. This is a powerful example of what can be done, because it demonstrates how quickly you can get Catalyst Center up and running utilizing Rest-API using just one tool.
For the Microsoft Windows environment, DNS and DHCP services are implemented using a PowerShell script for speed of implementation. This allows us to quickly add DHCP Scopes and DNS Entries for the required services in the lab environment.
But wait there is more…
Templates
We use templates within the lab to configure all the hardware equipment, in preparation for the Plug and Play onboarding of the access switch, and then deploy the DayN Composite template to completely configure the switch in the most dynamic way possible allowing for the use of low-impact mode dependent on what type of device is plugged into the switch. All templates and projects for Catalyst Center in the lab are downloaded as JSON files and imported allowing for minimal set up time.
There are so many advanced configurations offered within the lab that time should be spent after set up to delve into and understand them all. Once you have mastered all these concepts you should be at the point where you can deal with most automation tasks demanded in modern enterprise networks.
Topics
The various topics we will touch on and deploy within the lab consist of the following:
- Integrating Catalyst Center and Identity Services Engine via PxGrid
- Using Rest-API to configure Catalyst Center via Postman Command Runner
- Utilizing Discovery to onboard network devices
- Provisioning Regular and Composite Templates to Discovered Devices
- Sample PowerShell scripts to simplify DHCP and DNS deployment
- Plug and Play (PnP) Onboarding of Devices
- Regular and Composite Templates for Routers and Switches
- Autoconf and Embedded Event Manager
- IBNS 2.0 configuration
- Working with Identity Service Engine (ISE) Profiling and Policies
Use Cases
We will cover the Topics above in several use cases to show the capability and flexibility of the templating engine within Catalyst Center. In this lab we utilize Velocity language. Similarly, we can utilize the Jinja2 language although not in this lab. These were the topics in the previous lab we covered which are relevant:
- Renaming interfaces
- Building Stacks
- Assigning port configuration
- Autoconf port configuration
- Non SDA IBNS 2.0 port configuration
With that, the lab utilizes these topics;
We will gain a practical understanding of the steps associated with setting up a Catalyst Center and an environment to support complex, advanced, regular templates to deliver device configuration during these labs. The labs aim to aid engineers in rapidly beginning using Catalyst Center automation and help them work towards a global template strategy. Additionally, these labs will give customers a permanent place to try out the regular and composite templates and include configurations for various use cases. Finally, this environment will enable engineers to reduce the time and effort needed to instantiate the network.
Additional things covered in the lab;
Autoconf
In these labs, we use Autoconf, a solution that manages port configurations for data or voice VLAN, quality of service (QoS) parameters, storm control, and MAC-based port security on end devices to deploy configuration in an automated way in the access layer of a network. Device classification is enabled when you enable the Autoconf feature using the autoconf enable
global configuration mode command. The device detection acts as an event trigger, which in turn applies the appropriate automatic template to the interface. When the Autoconf feature is enabled using the autoconf enable
command, the default Autoconf service policy is applied to all the interfaces. For more information about Autoconf. Autoconf and service-policies at this time cannot co-exist on the same interface and so for interfaces which have templates statically assigned to the interface with service-policy attachment for authentication we may employ other methods to make the interface Dynamic.
EEM scripts
EEM scripts use some kind of event to trigger them. Within the EEM script, you can reconfigure interfaces, send event notifications via email and much more. In this lab we use EEM scripts to reconfigure interfaces on a down event to a base closed authentication template, and modify them to low impact mode when a PoE Power up event is detected. The uses for such a script are numerous, and this lab covers one specific use case but an imaginative mind can come up with many other uses for such a feature.
Self-Destructing EEM scripts
Self-Destructing EEM scripts are those that delete themselves on termination. Within the EEM script, code removes the EEM applet from the configuration, and then writes the configuration to NVRAM. The uses for such a script are numerous, and this lab covers one specific use case but an imaginative mind can come up with many other uses for such a feature.
IBNS 2.0 Configuration
While not covering all the aspects of IBNS 2.0, we cover the configuration that we may implement in order to allow for automating host onboarding within a non-SD-Access campus network. These concepts while not built into a formal UI within Catalyst Center for legacy networks allow organizations that wish to automate their infrastructure the chance to automate.
The format of the code within all these sections of the lab is in an easy copy-to-paste window allowing you to import them into Catalyst Center simply by pasting them into the editor.
Starting…
Within DCLOUD, several sandbox-type labs are available. These self-contained environments are there to allow you to use them as you please within the time scheduled. In addition, this allows us a place to start practicing various concepts without fear of impacting production environments.
As a result, we hope to demystify some of the complexities of setting up automation and help guide customers through the caveats. Therefore, to aid customers in the transition toward automation, we have put together a set of small helpful labs within a GitHub repository. In this way, these self-guided labs provide a glimpse into the fundamentals of building velocity templates and offer examples that you can download and expand from. In addition, the sample templates and JSON files supplied are for easy import into Catalyst Centers’ template editor for quicker adoption. Lastly, some scripts are ready-made excerpts of code that allow you to build the environment to test.
Within the Wired Automation lab, in the Advanced Automation module, we step by step delve into advanced automation methods and ways to utilize them to solve various use cases. Second, we provide answers and explanations to many of the questions that come up during automation workshops. We hope that you find the information both helpful and informative.
Where can I test and try these labs?
DCLOUD Lab Environment
To help customers succeed with Cisco Catalyst Center automation, you may utilize the above labs as they have been designed to work within DCLOUD’s Cisco Enterprise Networks Hardware Sandbox Labs in either:
- Cisco Enterprise Networks Hardware Sandbox West DC
- Cisco Enterprise Networks Hardware Sandbox East DC
The DCLOUD labs allow you to run these labs and gives an environment to try the various code samples. You may choose to develop and export your code for use in production environments. Also, this gives you an environment where you can safely POC/POV methods and steps without harming your production environments. The DCLOUD environment also negates the need for shipping equipment, lead times, and licensing issues needed to get moving rapidly. Please do adhere to the best practices for the DCLOUD environment when using it.
Lab Connectivity
The environment allows for a web-based browser client for VPN-less connectivity. Additionally, there is AnyConnect VPN client connectivity for those who prefer it. Choose the Cisco Enterprise Network Sandbox. Additionally, you may choose from our San Jose and RTP Facilities labs by either selecting US East or US West. To access this or other content, demonstrations, and labs in DCLOUD, please directly work with your Cisco or Partner Account Team. Your Account teams will schedule the session and share it for you to use. Once booked, follow the guide within GitHub to complete the tasks adhering to the best practices of the DCLOUD environment.
Content
The Wired Automation labs, Advanced Automation module content is located within the existing DNAC-TEMPLATES repository to give a one-stop-shop for all the necessary tools, scripts, templates, and code samples. Within it are seven labs, which build upon the tutorials to test the methods in a lab environment. The repository was featured in a previous post on Cisco Blogs about Catalyst Center Templates earlier in May 2021.
Additional Information
Catalyst Center Template Labs
The previously named DNAC Template LABS within the DNAC-TEMPLATES GitHub repository aims to guide you through the typical steps required to enable the various automation tasks delivered by Catalyst Center. This lab will give examples of templates used in Catalyst Center that we can modify for our use and test on equipment within the LAB environment. Additional information within the lab provides a well-rounded explanation of Automation methods with Templates. Lastly, the lab allows for customers to use Catalyst Center workflows to practice deploying Onboarding, DayN Templates, and Application Policy automation on both Wired and Wireless Platforms.
The goal of this lab is for it to be a practical guide to aid engineers to rapidly begin using Catalyst Center automation and help them work towards a deployment strategy. Additionally, this lab will give customers a permanent place to try out the configurations for various use cases. Finally, this environment will enable engineers to reduce the time and effort needed to instantiate the network.
As a result, you will gain experience in setting up Plug and Play onboarding and templates and utilizing all features. Additionally, you will use advanced templating methods and troubleshooting tools. These may help during faultfinding to determine what is failing in a deployment.
Catalyst Center Labs
Please use this menu to navigate the various sections of this GitHub repository. Within the multiple folders are examples and explanation readme files for reference. There are now two sets of labs, and these are being continually expanded upon.
New Catalyst Center Lab Content
Please use this menu to navigate the various sections of this GitHub repository. Within the multiple folders are examples and explanation readme files for reference. There are now two sets of labs, and these are being continually expanded upon.
This newer and more modular lab approach is designed to deal with and includes concepts from the legacy labs in a newer more modular format.
- Lab 1 Wired Automation – Covers green and brown field use cases (allow 4.0 hrs)
- Lab 2 Wireless Automation – Covers traditional wireless automation (allow 4.0 hrs)
- Lab 4 Rest-API Orchestration – Covers automation of Cisco Catalyst Center via Postman with Rest-API (allow 2.0 hrs)
- Lab 7 CICD Orchestration – Covers Python with JENKINS orchestration via REST-API (allow 4.0 hrs)
We will share additional labs and content in an ongoing effort to fulfill all your automation needs with Catalyst Center.
In conclusion, if you found this set of labs and repository helpful,
please fill in comments and feedback on how it could be improved.
We’d love to hear what you think. Ask a question or leave a comment below.
And stay connected with Cisco on social!
Check out our Cisco Networking video channel
Subscribe to the Networking blog
Share: