Re: Template config

rasmus.elmholt · ‎02-05-2024

I have made some simple templates that should configure dot1x on userdefined ports. But when I try to provision the template, either to the device or just to preview I get an #Conflict error in the CLI output.

Running DNAC 2.3.5.5 on Cat9300 on IOS 17.9.x.

I include my interface configuration from a base-config file.

{% macro interface_dot1x_closed() %}
source template DOT1X_CLOSED
{% endmacro %}

And include it in the template I am using on the device:

{% set userports = "!" %}
{% if __device.platformId == "C9300LM-24U-4Y" %}
{% set userports = "gi 1/0/1 - 22" %}
{% elif __device.platformId == "C9300LM-48U-4Y" %}
{% set userports = "gi 1/0/1 - 46" %}
{% endif %}
! ### USER PORTS ###
interface range {{ userports }}
{{ interface_dot1x_closed() }}
!

But when I try to provision the device it gives me an error, even tough I can paste all the commands on the switch using the CLI.

! ### USER PORTS ###
interface range gi 1/0/1 - 22
 source #Conflict template DOT1X_CLOSED

Any help on how to troubleshoot this would be appreciated. I have looked in the apic-em-network-programmer log and it tells be there is a conflict but does not tell me why.

Preston Chilcote · ‎02-05-2024

I suggest a TAC case to help troubleshoot, but I also recommend avoiding interface range. By using a for loop instead to generate the interface configs, you will be able to take advantage of CLI Template Compliance so that DNA can warn you if any of the configured interfaces change their configs. This is not supported when using the 'interface range' command.

rasmus.elmholt · ‎02-05-2024

Hi @Preston Chilcote ,

I will keep this in mind about the range command.

I don't think this has anything to do with the error we see, as we get the same #Conflict in other lines of the configuration as well.

With something as simple as the dhcp snooping configuration in global config mode.

I have been looking in the apic-em-network-programmer log but can only find the error message, but no reason for it.

ScottJ9664 · ‎02-09-2024

I've also ran into this and then found your post.

I've narrowed it down to it only happening on a 9300. If I try the same output for 9200's we don't see these #CONFLICT statements added. One for TAC I think.

rasmus.elmholt · ‎02-12-2024

I find it strange that it is not possible to troubleshoot this.

I will look into the SPF log on friday, and if I can't figure out what the issue is, then I will create a TAC case.

rasmus.elmholt · ‎02-16-2024

During my troubleshooting I found some log in the apic-em-network-programmer mentioning a conflict. But when I try to find the right Template it does not exist.

Log:

2024-02-16 12:21:58,425 |   INFO | http-nio-17125-exec-1     |  | c.c.a.t.p.s.u.TemplateDesignValidationCache | The line number 33 in template 81986562-779b-4b78-9c32-bb6e7e3d21c8 already has a conflict, this is an update call |

When I try to find the template using the API I get nothing:

How can a template that does not existe give an error?