PnP using vlan 3001

rasmus.elmholt · ‎09-21-2021

Hi all,

I have an onboarding template that uses the G0/0 on a 9300 switch to do the initial PnP and get registered on the DNAC, when registered we claim it with some configuration and it is now using a trunk and a management VLAN to register in the inventory.

But if the mangement VLAN is 3001 the switch never created the VLAN and never succeeds in the onboarding.

I have the following template working and the mangement VLAN is 101:

{% include "NDK-Imports/NDK-Ports" %}

!###### Temp debugging #####
!
event manager applet catchall
event cli pattern ".*" sync no skip no
action 1 syslog msg "$_cli_msg"
!
logging Buffered 4000000
logging persistent url flash:/PERSISTENTLOGS size 104857600 filesize 5242880
!
!###### Clock&Timezone&NTP ######
!
clock timezone CET 1
!
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
service timestamps log datetime show-timezone localtime 
!
ntp server 10.10.8.1
!
!###### Error checks and recovery ######
!
errdisable recovery cause all
errdisable recovery interval 120
!
udld aggressive
!
Spanning-tree loopguard default
!
!###### Spanning-tree Non-root ######
!
spanning-tree mode rapid-pvst
spanning-tree vlan 1-4094 priority 36864
!
{% set vlans = ['101;admin', '102;elev', '103;print', '104;pub'] %}
{% for vlan in vlans %}
{% set vlanInfo = vlan.split(';') %}
vlan {{ vlanInfo[0] }}
 name {{ vlanInfo[1] }}
{% endfor %}
!
!###### Access interface #####
!Do not provision until DayN
!
###### Uplink port ######
default int ra te 1/1/1-4
Interface ra te1/1/1-2
{{ uplink_trunk() }}
!
!###### Downlink port ######
Interface range te1/1/3-4
{{ downlink_trunk() }}
!
!###### MGMT Interface ######
interface vlan 1
 shutdown
!
interface GigabitEthernet0/0
 shutdown
!
{% set MGMTVLAN = "101" %}
{% set MGMTIPSTRING = "10.254.0.233 255.255.255.0" %}
interface vlan{{ MGMTVLAN }}
 ip address {{ MGMTIPSTRING }}
 no shutdown
!
ip route 0.0.0.0 0.0.0.0 10.254.0.1
!###### VTP ######
!
vtp mode transparent
! 
!###### Source interface ######
!
ip ssh source-interface vlan {{ MGMTVLAN }}
!
ip tacacs source-interface vlan {{ MGMTVLAN }}
!
ip radius source-interface vlan {{ MGMTVLAN }}
!
ip http client source-interface vlan {{ MGMTVLAN }}
!
ntp source vlan {{ MGMTVLAN }}
!
!###### DHCP Snooping ######
!
ip dhcp snooping
ip dhcp snooping vlan 1-4094
!
!###### AAA ######
!
aaa new-model
aaa authentication attempts login 3
!
netconf-yang
!
!###### Logging #####
!
logging Buffered 4000000
logging Buffered notifications
!
!####### Cleanup from PnP progress
!
!no pnp profile pnp-zero-touch
!
pnp profile pnp-zero-touch
 transport https ipv4 10.10.8.10 port 443
!

The switche PnP's and the configuration is applied and starts to use the uplinks for access to the DNAC and registers with IP 10.254.0.233 as shown in the template.

If I then change the admin VLAN for 3001 the PnP fails every time and the VLANs does not even get created on the switch during PnP.

Changes made for testing:

{% set vlans = ['3001;admin', '102;elev', '103;print', '104;pub'] %}
{% for vlan in vlans %}
{% set vlanInfo = vlan.split(';') %}
vlan {{ vlanInfo[0] }}
 name {{ vlanInfo[1] }}
{% endfor %}
!
!
{% set MGMTVLAN = "3001" %}
{% set MGMTIPSTRING = "10.254.0.233 255.255.255.0" %}
interface vlan{{ MGMTVLAN }}
 ip address {{ MGMTIPSTRING }}
 no shutdown
!
ip route 0.0.0.0 0.0.0.0 10.254.0.1
!###### VTP ######
!

All the template generation looks fine in the template CLI:

spanning-tree mode rapid-pvst
spanning-tree vlan 1-4094 priority 36864
!
vlan 3001
 name admin
vlan 102
 name elev
vlan 103
 name print
vlan 104
 name pub
!

None of the maglev services gives errors, and the network-programmer service seems to be pushing the commands.

Looking at the catchall EEM script on the switch during config push I see:

000148: Sep 21 16:37:48.463: %HA_EM-6-LOG: catchall: vlan 3001
000149: Sep 21 16:37:48.464: %HA_EM-6-LOG: catchall: name admin
000150: Sep 21 16:37:48.464: %HA_EM-6-LOG: catchall: vlan 102
000151: Sep 21 16:37:48.465: %HA_EM-6-LOG: catchall: name elev
000152: Sep 21 16:37:48.466: %HA_EM-6-LOG: catchall: vlan 103
000153: Sep 21 16:37:48.473: %HA_EM-6-LOG: catchall: name print
000154: Sep 21 16:37:48.474: %HA_EM-6-LOG: catchall: vlan 104
000155: Sep 21 16:37:48.475: %HA_EM-6-LOG: catchall: name pub

000235: Sep 21 16:37:48.820: %HA_EM-6-LOG: catchall: interface Vlan1 
000236: Sep 21 16:37:48.822: %HA_EM-6-LOG: catchall: shutdown 
000237: Sep 21 16:37:48.823: %HA_EM-6-LOG: catchall: interface GigabitEthernet0/0 
000238: Sep 21 16:37:48.823: %HA_EM-6-LOG: catchall: shutdown 
000239: Sep 21 16:37:53.140: %HA_EM-6-LOG: catchall: interface Vlan3001 
000240: Sep 21 16:37:53.140: %HA_EM-6-LOG: catchall: ip address 10.254.0.233 255.255.255.0
000241: Sep 21 16:37:53.141: %HA_EM-6-LOG: catchall: no shutdown 
000242: Sep 21 16:37:53.142: %HA_EM-6-LOG: catchall: ip route 0.0.0.0 0.0.0.0 10.254.0.1

000262: Sep 21 18:37:53 CEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan3001, changed state to down
000263: Sep 21 18:37:54 CEST: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
000264: Sep 21 18:37:55 CEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down

But VLAN 3001 never gets created:

DK-SJ2-TEMP>en
000279: Sep 21 18:39:30 CEST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: ] [Source: LOCAL] [localport: 0] at 18:39:30 CEST Tue Sep 21 2021
Password: 
000280: Sep 21 16:39:33.059: %HA_EM-6-LOG: catchall: enable 
DK-SJ2-TEMP#show vlan brie

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/2, Gi1/0/3
                                                Gi1/0/4, Gi1/0/5, Gi1/0/6
                                                Gi1/0/7, Gi1/0/8, Gi1/0/9
                                                Gi1/0/10, Gi1/0/11, Gi1/0/12
                                                Gi1/0/13, Gi1/0/14, Gi1/0/15
                                                Gi1/0/16, Te1/0/17, Te1/0/18
                                                Te1/0/19, Te1/0/20, Te1/0/21
                                                Te1/0/22, Te1/0/23, Te1/0/24
                                                Te1/1/2, Te1/1/3, Te1/1/4
                                                Ap1/0/1
102  elev                             active    
103  print                            active    
104  pub                              active    
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 
DK-SJ2-TEMP#

And because the VLAN 3001 never gets created the SVI 3001 never comes up and contacts the DNAC, and the PnP fails.

But if I during PnP manually creates the VLAN I am able to create it and complete the PnP process.

DK-SJ2-TEMP#show ip int brie | inc 3001
Vlan3001               10.254.0.233    YES TFTP   down                  down    
DK-SJ2-TEMP#conf 
000266: Sep 21 16:47:56.421: %HA_EM-6-LOG: catchall: show ip interface brief t
Enter configuration commands, one per line.  End with CNTL/Z.
DK-SJ2-TEMP(config)#vlan 
000267: Sep 21 16:47:58.569: %HA_EM-6-LOG: catchall: configure terminal 3001
DK-SJ2-TEMP(config-vlan)#e
000268: Sep 21 18:48:00 CEST: %SMART_LIC-3-COMM_FAILED: Communications failure with the Cisco Smart License Utility (CSLU) : Unable to resolve server hostname/domain name xit
DK-SJ2-TEMP(config)#
000269: Sep 21 16:48:00.979: %HA_EM-6-LOG: catchall: vlan 3001
000270: Sep 21 16:48:01.890: %HA_EM-6-LOG: catchall: exit end
DK-SJ2-TEMP#
000271: Sep 21 18:48:03 CEST: %SYS-5-CONFIG_I: Configured from console by console
000272: Sep 21 16:48:03.229: %HA_EM-6-LOG: catchall: end 
000273: Sep 21 18:48:05 CEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan3001, changed state to up
DK-SJ2-TEMP#show ip int brie | inc 3001
Vlan3001               10.254.0.233    YES TFTP   up                    up      
DK-SJ2-TEMP#
000274: Sep 21 16:48:12.062: %HA_EM-6-LOG: catchall: show ip interface brief 
000275: Sep 21 18:48:12 CEST: %NDBMAN-5-ACTIVE: Switch 1 R0/0: ndbmand: All data providers active.

I have tried this a million times to test, and when I use pnp startup-vlan on the seed switch everything works with VLAN 3001, but for some reason not when I use the OOB mgmt port.

Any comments and feedback is welcome.

The Gi0/0 ports is connected to a switch with the PnP VLAN(101/3001) in access mode, and Te1/1/1 is connected to a switch with the same VLAN tagged.

Preston Chilcote · ‎09-21-2021

I tried to reproduce your observation of vlan 3001 not being created. I used a 9300 running 17.3.1 and a very simple Onboarding template:

spanning-tree mode rapid-pvst
spanning-tree extend system-id

vlan 3001
name admin

interface vlan 3001
ip address 10.0.0.1 255.255.255.0

The vlan was placed into vlan database as expected:

9300-pnp#sh vlan brie

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Gi1/0/2, Gi1/0/3, Gi1/0/4

[snip]

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

3001 admin active

What version are you testing with?

rasmus.elmholt · ‎09-21-2021

I am using version 17.3.4 and this is only an issue if I start the PNP process on the Gi 0/0 port.

If I onboard it using one of the front facing ports everything works with VLAN 3001 as well.

But using a front facing port for PnP is not an option in my setup as the seed switch will shut down the port with STP-inconsisten as the nativ vlan is not the same on the seed device(vlan 101/3001), and the pnp device(nativ vlan 1).