Solved: Re: APIC-EM Template Issue with VLANs

adammmorton · ‎09-25-2017

I have a template that adds VLANs and VLAN names to switches. For some reason when the template is pushed it will not create the VLANs on the switch. When I manually paste the config in, it works fine. Any suggestions. Note, two of the VLANs are created because the interfaces are put into them. VLAN 30 does not get created and VLANs 10 and 20 do not get the name applied to them. Sanitized template output below.

service timestamps debug datetime msec
service timestamps log uptime
service timestamps
logging x.x.x.x
logging trap debugging

service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
errdisable recovery interval 180
errdisable recovery cause all
!
no logging console
!
username xxxxxxxxxxxxxxxxxxxxxx privilege 15 secret xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
!
radius server xxxxx
address ipv4 x.x.x.x auth-port 1645 acct-port 1646
key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
aaa group server radius xxxxx
server name xxxxx
ip radius source-interface vlan 30
!
aaa authentication attempts login 10
aaa authentication login xxxxxxxxxx local
aaa authentication fail-message $
******************** W A R N I N G *************************

YOUR ATTEMPTS ARE BEING LOGGED!

******************** W A R N I N G *************************
$
!
aaa session-id common
clock timezone CST -5 0
clock summer-time CDT recurring
!
no ip domain-lookup
ip domain-name xxx.xxx
!
ip tftp source-interface vlan 30
!
vlan 30
name MGMT
!
vlan 20
name VOICE
!
vlan 10
name DATA
!
archive
log config
logging size 1000
hidekeys
path tftp://x.x.x.x/xxxxxxxxxxxxxxxx/$h
write-memory
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
ip name-server x.x.x.x
!
vlan internal allocation policy ascending
!
ip ssh authentication-retries 4
ip ssh version 2
lldp run
!
interface range gig 1/0/1-2
description Switch Trunk Port
switchport mode trunk
!
interface range gig 1/0/3-48
description PC or Phone
switchport access vlan 10
switchport mode access
switchport voice vlan 20
spanning-tree portfast
!
interface range gig 1/0/49-52
switchport mode trunk
!
interface Vlan30
description Management SVI
ip address x.x.x.x 255.255.255.0
!
ip default-gateway x.x.x.x
no ip http server
no ip http secure-server
!
access-list 55 permit x.x.x.x 0.0.0.255
!
access-list 90 permit x.x.x.x 0.0.0.255
!
snmp-server community xxxxxxxxxxxxxxxxxxxxx RO 55
snmp-server community xxxxxxxxxxxxxxxxxxxxx RO 55
banner login ^
***************************************************************************
*****   UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED      *****
*****   You must have explicit permission to access or configure      *****
*****   this device. All activities performed on this device may     *****
*****   be logged. Violations of this policy may result in           *****
*****   disciplinary action and may be reported to law enforcement.   *****
*****   There is no right to privacy on this device.                  *****
***************************************************************************
^
!
aaa authentication login default group xxxxx local
aaa authentication login xxxxx local
aaa authorization exec default group xxxxx local
!
ntp server x.x.x.x
!
line con 0
login authentication xxxxx
privilege level 15
logging synchronous
!
line vty 0 15
access-class 90 in vrf-also
transport input ssh
privilege level 15

Switch#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/2, Gi1/0/49
                                                Gi1/0/50, Gi1/0/51, Gi1/0/52
10   VLAN0010                        active    Gi1/0/3, Gi1/0/4, Gi1/0/5
                                                Gi1/0/6, Gi1/0/7, Gi1/0/8
                                                Gi1/0/9, Gi1/0/10, Gi1/0/11
                                                Gi1/0/12, Gi1/0/13, Gi1/0/14
                                                Gi1/0/15, Gi1/0/16, Gi1/0/17
                                                Gi1/0/18, Gi1/0/19, Gi1/0/20
                                                Gi1/0/21, Gi1/0/22, Gi1/0/23
                                                Gi1/0/24, Gi1/0/25, Gi1/0/26
                                                Gi1/0/27, Gi1/0/28, Gi1/0/29
                                                Gi1/0/30, Gi1/0/31, Gi1/0/32
                                                Gi1/0/33, Gi1/0/34, Gi1/0/35
                                                Gi1/0/36, Gi1/0/37, Gi1/0/38
                                                Gi1/0/39, Gi1/0/40, Gi1/0/41
                                                Gi1/0/42, Gi1/0/43, Gi1/0/44
                                                Gi1/0/45, Gi1/0/46, Gi1/0/47
                                                Gi1/0/48
20   VLAN0020                        active    Gi1/0/3, Gi1/0/4, Gi1/0/5
                                                Gi1/0/6, Gi1/0/7, Gi1/0/8
                                                Gi1/0/9, Gi1/0/10, Gi1/0/11
                                                Gi1/0/12, Gi1/0/13, Gi1/0/14
                                                Gi1/0/15, Gi1/0/16, Gi1/0/17
                                                Gi1/0/18, Gi1/0/19, Gi1/0/20
                                                Gi1/0/21, Gi1/0/22, Gi1/0/23
                                                Gi1/0/24, Gi1/0/25, Gi1/0/26
                                                Gi1/0/27, Gi1/0/28, Gi1/0/29
                                                Gi1/0/30, Gi1/0/31, Gi1/0/32
                                                Gi1/0/33, Gi1/0/34, Gi1/0/35
                                                Gi1/0/36, Gi1/0/37, Gi1/0/38
                                                Gi1/0/39, Gi1/0/40, Gi1/0/41
                                                Gi1/0/42, Gi1/0/43, Gi1/0/44
                                                Gi1/0/45, Gi1/0/46, Gi1/0/47
                                                Gi1/0/48
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

aradford · ‎09-25-2017

Hi Adam,

I am going to assume this is a PnP template? APIC-EM does not support day-n config templates (yet).

this looks like a vtp issue. In default mode, the VLAN config is not done through the PnP config file, but in exec mode.

If you delete the vlan.dat file 'del vlan.dat' you will find that all vlans fail to be created.

If you change vtp to be transparent or off, then the vlans should be created from the config file.

Adam

View solution in original post

aradford · ‎09-25-2017

Hi Adam,

I am going to assume this is a PnP template? APIC-EM does not support day-n config templates (yet).

this looks like a vtp issue. In default mode, the VLAN config is not done through the PnP config file, but in exec mode.

If you delete the vlan.dat file 'del vlan.dat' you will find that all vlans fail to be created.

If you change vtp to be transparent or off, then the vlans should be created from the config file.

Adam

adammmorton · ‎09-26-2017

You sir are a genius! Yes, I was referring to PnP templates. You are two for two with the correct answers to my posts. By adding vtp mode off to the config, it created the VLANs as you stated.

On another note, you said "APIC-EM does not support day-n config templates (yet)." Does that mean we are to expect n-day config templates in the near future? If so, do you have any sort of ballpark timeframe?

aradford · ‎09-26-2017

Great to hear and thanks for confirming this was the solution.

Hopefully in the next 3-6 months we should have templates.

Adam

APIC-EM PnP Template Issue with VLANs