07-17-2024 04:25 PM
This might be more of a complaint than a question...
But I have a switch that I PnP onboarded. I assigned to a site and provisioned the switch. Then I realised I assigned it to the wrong site.
I deleted the switch from inventory, and readded it to the correct site and tried to provision again.
However provisioning fails since it doesn't like the fact there were already radius groups and accounting settings on the switch. The exact ones it previously provisioned, and were the same as what it was about to provision anyway.
So I have to go in and manually remove all the 'conflicting' aaa config, resync then reprovision just for it to put the exact same settings back on the switch.
This is on 2.3.5.5. Hopefully it's fixed in later versions...
07-18-2024 12:40 AM
While I do agree that this is annoying - I think this might be a good precaution for the catalyst center to take.
A couple of years ago I experienced a situation where a non-Cisco automation tool that broke authentication on a few hundred IOS-XE devices. This happened as the tool wasn't able to "understand" and account for certain lines of existing configuration.
07-19-2024 12:45 PM
As Torbjorn mentioned, this is intended behavior to protect the system and the network devices from getting locked out. Catalyst Center will not provision a device that has brownfield AAA configuration with the exception of the Learn Device Config feature. The point of this is because Catalyst Center cannot determine which configuration is safe to remove/ignore so that it can push the required configuration to bring the device into a managed state for network settings.
You may ask why the provision doesn't import the existing configuration, and again, that is to protect the system and the network device from bricking or locking out the users. So instead, when brownfield AAA commands that were not pushed by Catalyst Center to an existing managed device are detected during a provision operation and AAA is defined in the network settings for that site the device is being provisioned to, Catalyst Center will fail the operation and give you that warning.
And yes, Catalyst Center originally provisioned those configs, but when you removed the device from inventory, those records were deleted from Catalyst Center's database thus making them brownfield configurations once you re-added the device.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide