Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2210
Views
1
Helpful
2
Replies

provisioning an interface template using DNAC

andrewswanson
Level 7
Level 7

‎04-18-2023 06:31 AM

Hi
I'm currently using Prime Infrastructure to allow front line support to change the interface template used on a given Catalyst 3650 switchport.

On Prime, this uses velocity templates (see below) and Configuration Groups. When the template is run, the user is prompted to select (from drop down lists) the switch and port numbers as well as the name of the required interface template

#if (${switch} && ${port})

default interface GigabitEthernet ${switch}/0/${port}
interface GigabitEthernet ${switch}/0/${port}

#if(${InterfaceTemplate})
 source template ${InterfaceTemplate}
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 ip verify source
 shutdown
 no shutdown
#end
exit
#end

I've managed to get this working in DNAC by:

  • creating a velocity template under Tools > Template Editor
    Assigning the template to a Network Profile under Design > Network Profile and then assigning that profile to a site.

When I try and provision a switch, i can run the template but all the site Network Settings are re-provisioned on the switch at the same time. Is there any way to just apply this template without re-provisioning the switch's Network Settings every time?

Thanks
Andy

Labels:
0 Helpful
2 Replies 2

Preston Chilcote
Cisco Employee
Cisco Employee

‎04-18-2023 02:43 PM

This will probably be achievable with the new Template Hub being released in 2.3.5 soon. However, it would be much easier on your team if you didn't need anyone to manually reprovision ports.  What is the difference between the various templates they choose from on the switch?  If it's just a vlan, they can do that directly from the DNA Inventory menu (by drilling down to device details page and selecting an interface).  There is also the autoconf feature that can detect the type of device connected to the access port and apply the corresponding template:  https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ibns/configuration/15-e/ibns-15-e-book/ibns-autoconf.html

In the long run, deploying dot1x with ISE helps keep all your access switch port configs standardized and security policy centralized on ISE.  Then you never need to touch your access switch configs; all your policy changes happen on ISE and get pushed via radius.

andrewswanson
Level 7
Level 7
In response to Preston Chilcote

‎04-19-2023 02:11 AM

Hi
Thanks for the reply.

The difference between the interface templates isn't just the vlan. The associated ibns 2.0 policies are different as well - different host modes, some are mab and dot1x (or one or the other) or CWA and they also activate different "pre-authentication" SGTs.

I can see the advantages of autoconf for the bulk of the mab devices but there are a large number of desktops and laptops that have to be seperated by vlan for compliance reasons - WoL and WDS imaging are also still required.

I'll have a look at the Template Hub option in the short term but I agree that moving to a zero touch approach to the access layer is the best way forward.

Is there a release date available for 2.3.5 with the Template Hub feature?

Thanks
Andy

0 Helpful
Customers Also Viewed These Support Documents