Cisco SD-WAN revolutionizes network deployment with automated WAN edge onboarding through Plug-and-Play (PnP) and Zero-Touch Provisioning (ZTP). These methods enable seamless integration of new devices into the SD-WAN fabric without manual configuration, ideal for large-scale deployments. Here’s how Cisco Sdwan PNP and ZTP work:
Automated Onboarding Overview
Cisco SD-WAN offers two automated onboarding workflows:
Plug-and-Play (PnP) for IOS-XE devices (e.g., ASR1000, ISR4000)
Zero-Touch Provisioning (ZTP) for Viptela v Edge devices
Both methods dynamically discover the v Bond orchestrator to establish control-plane connectivity and retrieve configurations from vManage16.
Zero-Touch Provisioning (ZTP) for v Edge Devices
Process Flow:
DHCP Setup: The v Edge device boots up and obtains an IP/gateway/DNS via DHCP on its WAN transport interface
DNS Resolution: Queries ztp.viptela.com to locate the ZTP server (cloud-based or on-prem)
v Bond Redirection: ZTP server validates the device’s serial number and redirects it to the organization’s v Bond orchestrator
Control-Plane Setup:
v Bond shares v Manage/v Smart controller IPs
Mutual certificate authentication occurs between v Edge and controllers
Configuration Push:
manage assigns a system IP and deploys preconfigured templates
v Smart pushes security/routing policies
Data-Plane Activation: IPsec tunnels auto-establish with other SD-WAN edges
Prerequisites:
DHCP server on WAN transport
DNS resolution for ztp.viptela.com
Device serial pre-registered in Cisco PnP portal
Template attached to device in v Manage
Plug-and-Play (PnP) for IOS-XE Devices
Key Differences from ZTP:
Feature PnP (IOS-XE) ZTP (Viptela)
Discovery URL devicehelper.cisco.com ztp.viptela.com
Supported Interfaces GigabitEthernet (routed) All WAN interfaces
Device Examples ASR1000, ISR4000 vEdge 1000/5000
Process Flow:
Device performs DNS lookup for devicehelper.cisco.com12.
Retrieves organization-specific vBond IP from Cisco PnP cloud.
Follows similar control-plane authentication and configuration flow as ZTP26.
Why Automated Onboarding Matters
Time Savings: Eliminates manual CLI configuration (30-60 mins/device)57.
Consistency: Enforces standardized configurations via vManage templates68.
Scalability: Supports bulk deployment of 1,000+ edge devices58.
Security: Certificate-based authentication prevents unauthorized joins47.
Troubleshooting Tips
Verify DHCP/DNS functionality on WAN interfaces34
Confirm device serial exists in Cisco PnP portal3
Check control-plane connectivity (vBond IP reachability)48
Validate template assignments in vManage67
Automated onboarding exemplifies Cisco’s vision for intent-based networking, where devices self-integrate into the SD-WAN fabric while adhering to centralized policies. As networks grow increasingly distributed, PnP/ZTP will remain critical for agile infrastructure scaling.
For hybrid deployments, Cisco also supports manual USB/bootstrap configurations when automated methods aren’t feasible
WAN Edge Onboarding in Cisco SD-WAN (Viptela) Using PnP and ZTP
Introduction
In Cisco SD-WAN (Viptela), onboarding WAN Edge devices is a critical step to establish secure and scalable network connectivity. Cisco offers two primary methods for automating and simplifying the onboarding process:
Zero-Touch Provisioning (ZTP) – Typically used for Cisco-hosted controllers.
Plug and Play (PnP) – Used when deploying controllers in an on-premises environment.
These methods eliminate the need for manual configuration and enable quick deployments across multiple sites.
Understanding ZTP in Cisco SD-WAN
What is ZTP?
Zero-Touch Provisioning (ZTP) is an automated onboarding process that enables WAN Edge devices to register with Cisco-hosted controllers without requiring manual intervention. It simplifies large-scale deployments and minimizes provisioning time.
ZTP Process Flow
Power Up the Device: Once powered on, the WAN Edge device boots with a factory-default configuration.
DHCP Request: The device requests an IP address from the DHCP server and obtains DNS information.
ZTP Server Contact: The device reaches out to Cisco’s ZTP server (ztp.viptela.com) over the internet.
Authentication and Redirection: The ZTP server authenticates the device using its serial number and redirects it to the correct vBond orchestrator.
vBond Communication: The WAN Edge contacts the vBond orchestrator, which provides information about vManage and vSmart controllers.
Configuration and Enrollment: The device downloads its full configuration from vManage and enrolls into the SD-WAN fabric.
Understanding PnP in Cisco SD-WAN
Cisco SDwan
What is PnP?
Plug and Play (PnP) is an alternative onboarding method used when deploying SD-WAN controllers in an on-premises environment rather than relying on Cisco-hosted ZTP servers. PnP allows devices to discover the required controller infrastructure using a local PnP server.
PnP Process Flow
Device Boot-Up: The WAN Edge device boots with a default configuration.
DHCP Option 43 Discovery: The device uses DHCP Option 43 to get the IP address of the PnP server.
PnP Server Contact: The device communicates with the PnP server to obtain provisioning details.
vBond Authentication: The PnP server provides the vBond information for secure authentication.
Controller Enrollment: The device contacts vManage and vSmart to retrieve its configuration and policies.
Full Integration: The device is fully onboarded into the SD-WAN fabric.
Key Differences Between ZTP and PnP
Feature ZTP (Zero-Touch Provisioning) PnP (Plug and Play)
Controller Deployment Cisco-hosted controllers On-premises controllers
Device Authentication Uses Cisco’s ZTP server Uses a local PnP server
Discovery Mechanism DNS-based lookup DHCP Option 43
Scalability Ideal for large-scale deployments Suitable for controlled enterprise environments
Internet Dependency Requires internet access to reach ZTP server Works in private networks
Best Practices for WAN Edge Onboarding
Ensure proper connectivity: WAN Edge devices should have internet or local network access for initial onboarding.
Verify serial number registration: Devices must be registered in vManage before onboarding.
Monitor onboarding logs: Use vManage GUI or CLI to track onboarding status and troubleshoot any failures.
Use templates: Automate device configuration with feature templates in vManage for consistency.
Conclusion
Cisco SD-WAN provides two efficient onboarding methods—ZTP for cloud-managed deployments and PnP for on-premises controllers. Both methods streamline the deployment process and reduce manual effort, making SD-WAN adoption easier for enterprises. Choosing the right method depends on the network architecture and operational requirements.
By leveraging ZTP or PnP, organizations can ensure a smooth and secure onboarding process for their WAN Edge devices, leading to a more agile and scalable SD-WAN environment.