using api to assign authentication template to switchport

-Davy- · ‎08-05-2021

Hi folks, I'm running into an obstacle.

What i want to do is use the rest api to assign authentication template to a switchport.

If i use a GET request, i get this info about the port:

GET: https://cisco-dnacenter.myoffice.com/dna/intent/api/v1/business/sda/hostonboarding/user-device?device-ip=10.128.2.14&interfaceName=GigabitEthernet2/0/45

RESULT:

{
"status" : "success",
"description" : "Port assignment data successfully retrieved from SDA fabric.",
"siteNameHierarchy" : "Global/Netherlands/MyCity/Head Office",
"deviceManagementIpAddress" : "10.128.2.14",
"interfaceName" : "GigabitEthernet2/0/45",
"dataIpAddressPoolName" : "MY-USR_VN",
"voiceIpAddressPoolName" : "",
"authenticateTemplateName" : "Closed Authentication"
}

But if i want to use a POST request to apply a different authenticateTemplate it tells me that i have an invalid siteNameHierarchy in request.

This is the body i sent in the request:
{
"siteNameHierarchy" : "Global/Netherlands/MyCity/Head Office",
"deviceManagementIpAddress" : "10.128.2.14",
"interfaceName" : "GigabitEthernet2/0/45",
"dataIpAddressPoolName" : "MY-USR_VN",
"voiceIpAddressPoolName" : "",
"authenticateTemplateName" : "No Authentication"
}

And the result i get back is:
{
"status" : "failed",
"description" : "Invalid siteNameHierarchy in request.",
"executionStatusUrl" : "https://10.128.4.250/api/dnacaap/v1/dnacaap/management/execution-status/21c7e85b-etc.."
}

I don't get why my name is invalid, it's the one it gave back to me on the get-request..

Does the api have a problem with the space in the name "Head Office" perhaps?

-Davy- · ‎08-05-2021

Ok this is somewhat disappointing: I renamed the building to "HeadOffice", and now the siteNameHierarchy is working...

This confirms my suspicion about the name of the building being the problem.

However, the authenticateTemplateName is now the next value with a space in it:

When I do a POST request with this data:

{
"siteNameHierarchy" : "Global/Netherlands/MyCity/HeadOffice",
"deviceManagementIpAddress" : "10.128.2.14",
"interfaceName" : "GigabitEthernet2/0/45",
"dataIpAddressPoolName" : "MY-USR_VN",
"voiceIpAddressPoolName" : "",
"authenticateTemplateName" : "wrongtemplatename"
}

I get this result:

{
"status" : "failed",
"description" : "Invalid authenticateTemplateName. Allowed values are Open Authentication, Closed Authentication, Low Impact or No Authentication .",
"executionStatusUrl" : "https://10.128.4.250/api/dnacaap/v1/dnacaap/management/execution-status/db9e9-etc.."
}

Easy right? All I have to do now is to post any allowed value:

{
"siteNameHierarchy" : "Global/Netherlands/MyCity/HeadOffice",
"deviceManagementIpAddress" : "10.128.2.14",
"interfaceName" : "GigabitEthernet2/0/45",
"dataIpAddressPoolName" : "MY-USR_VN",
"voiceIpAddressPoolName" : "",
"authenticateTemplateName" : "Open Authentication"
}

Unfortunately, the result I get is this:

{
"status" : "failed",
"description" : "Could not find authenticateTemplateName in SDA fabric=Open Authentication",
"executionStatusUrl" : "https://10.128.4.250/api/dnacaap/v1/dnacaap/management/execution-status/99d94-etc.."
}

This behavior makes me suspect that the rest api does not play well with spaces in strings..

Is there any way to make this work?

Aninda Chatterjee · ‎08-05-2021

Unfortunately, yes, our APIs have issues if the site hierarchy has spaces in them (some GET APIs will work, some won't. And I don't think most, if not all, POST/PUT APIs work). We're working to get this fixed and it is being roadmapped.

Having said that, only site hierarchy with spaces is the issue I've seen. Authentication Template with spaces should be fine. What DNAC version are you trying this API in?

-Davy- · ‎08-05-2021

Hi Aninda,

Thanks for your reply.

We just upgraded to version 2.2.2.3

As for the authenticateTemplateName attribute: I can't see a way to rename these in the gui of dnacenter ( I guess that's by design).

And I was so glad that we finally got rid of the bug that I could not retreive the authenticateTemplateName at all in version 1.3 lol.

Is there a way to check the log(s) in dna center for any hints on this?

Aninda Chatterjee · ‎08-05-2021

There's no need to rename the auth templates - there's nothing wrong with them. As I said earlier, spaces in the auth template works perfectly fine, and they're pre-defined template names. The problem is that due to the bug I referenced earlier, the site ID cannot be found when this API is called. There's no workaround for this issue, unfortunately.

2.2.2.4 should be out soon, and the fix is in that. DNAC has a service called 'dnacaap-runtime'. Logs for this can be referenced for any API specific issues, however, please be aware this returns a lot of data to parse through, which may not make sense at first glance.

Mike.Cifelli · ‎08-05-2021

Not sure of your DNAC version, but I also hit this bug a while back in 1.x train. AFAIK this has been road-mapped for roughly 18 months if not longer. IMO you are better off renaming the site since it is a quick workaround/fix. I had the same result, once the space is removed it was no longer an issue. To be more specific for others though here is the bug: Bug Search (cisco.com)

HTH!

Aninda Chatterjee · ‎08-05-2021

True, it's been roadmapped for a while. But I can confidently say it is being worked on now. Also, OP is most likely hitting CSCvy25560 (as long as spaces are removed from site hierarchy). This was bug introduced in 2.1.2.6, fixed in 2.1.2.7/2.2.2.4.