cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
782
Views
0
Helpful
6
Replies

DNAC Jinja Template failing on Embedded WLC programming

NeOps
Level 1
Level 1

When executing a Jija based template from DNAC/Catalyst Center on an ISR 1100 from factory defaults the following snippet is executed and fails to configure the embedded WLC. *Note this is a start to the config as the whole config still doesn't apply due to the error early in the interactive chain.

 

#MODE_ENABLE
#INTERACTIVE
hw-module session 0/3 endpoint 0<IQ>Terminal ready<R>\n<IQ>Enter Administrative User Name<R>USERNAMEHERE<IQ>characters<R>SUP3Rc0mpl3xPw0rd<IQ>Password<R>SUP3Rc0mpl3xPw0rd<IQ>System Name<R>WLC-DeviceSN
#MODE_END_ENABLE
#ENDS_INTERACTIVE

 

 This is the error that is received:

 

 

Message: Unable to push the invalid CLI to the device XXX.XXX.XXX.XXX using protocol ssh2. Invalid CLI - Current output : ****************

Re-enter Administrative Password :
Current expects : SUP3Rc0mpl3xPw0rd (Device echo)

Can anybody tell me what I am missing? I have been googling and trying to figure this out for the past week and some change. Thanks in advance y'all.

6 Replies 6

Dan Rowe
Cisco Employee
Cisco Employee

The nested control constructs look a bit off. Try:

#MODE_ENABLE
#INTERACTIVE
hw-module session 0/3 endpoint 0<IQ>Terminal ready<R>\n<IQ>Enter Administrative User Name<R>USERNAMEHERE<IQ>characters<R>SUP3Rc0mpl3xPw0rd<IQ>Password<R>SUP3Rc0mpl3xPw0rd<IQ>System Name<R>WLC-DeviceSN
#ENDS_INTERACTIVE
#END_MODE_ENABLE

 You should end interactive before ending enable mode. Also the proper syntax to end enable mode is #END_MODE_ENABLE not #MODE_END_ENABLE

@Dan Rowe 

I was hoping to follow up on this to see if you could provide any more insight.

It seems, as if, when Re-Entering the Admin Password, Jinja is reading the original password as all Asterisks (*********). Is there any way to make the previous password display in plain text, or have Jinja just input the password without it looking at the original password.

This seems like a bug within DNAC since we can enter all Answers to all Questions manually, without the device getting hung up.

NeOps
Level 1
Level 1

I have modified to match what @Dan Rowe placed above. I still receive the same error message of 

 

Message: Unable to push the invalid CLI to the device XXX.XXX.XXX.XXX using protocol ssh2. Invalid CLI -  Current output :  **********************

Re-enter Administrative Password                 : 
Current expects : SUP3Rc0mpl3xPw0rd

 

I do not know what is stopping it from proceeding. The only thing I can think of is the asterisks or the close parenthesis is messing with the regex match string I am providing. Has anyone else beaten this issue?

Torbjørn
VIP
VIP

Can you post the output of a terminal session where you do this manually? 

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

@Torbjørn 

Just wanted to see if you were able to review the manual input that was provided. When entering everything manually, the device configures without any issue, but when utilizing Jinja and Interactive Mode to answer the questions, it reads the original Password as all Asterisks (***********) when it is trying to verify the password.

Do you know of any way to make Jinja not read the previous password as ********* and see it in plain text or have it ignore the previous password all together?

NeOps
Level 1
Level 1

I can post the list of questions and answers that are a part of the initial boot up and configuration of the embedded WLC. Please see below.

Enter Administrative User Name (24 characters max): USERNAMEHERE

Enter Administrative Password (3 to 127 characters): SUP3Rc0mpl3xPw0rd

Re-enter Administrative Password: SUP3Rc0mpl3xPw0rd

System Name [Cisco-extra.text.here] (24 characters max): WLC-DeviceSN

Enter Country Code list (enter 'help' for a list of countries) [US]: US

Configure a NTP server now? [YES][no]: no

Use default NTP servers [YES][no]: no

Enter the NTP server's IP address: XXX.XXX.XXX.XXX

Enter timezone location index (enter 'help' for a list of timezones): 1

Management Interface IP Address: XXX.XXX.XXX.XXX

Management Interface Netmask: XXX.XXX.XXX.XXX

Management Interface Default Router: XXX.XXX.XXX.XXX

Create Management DHCP Scope? [yes][NO]: NO

Employee Network Name (SSID)?:  ARealNetworkName

Employee Network Security? [PSK][enterprise]: enterprise

Enter the RADIUS Server's Address: XXX.XXX.XXX.XXX

Enter the RADIUS Server's Port [1812]: 1812

Enter the RADIUS Server's Secret: AnotherSecretPassword

Enable RF Parameter Optimization? [YES][no]: no

 

Embedded WLC reboots and starts normal operations.