Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1177
Views
2
Helpful
3
Replies

PnP not deploying complete switch configuration

Joakim Backlund
Level 1
Level 1

‎10-02-2017 08:57 AM - edited ‎03-01-2019 04:41 AM

I need some advice or assistance to get PnP to deploy a complete switch stack configuration at the same times as I do a image upgrade.

I'm struggling getting the APIC-EM PnP to work as expected deploying the complete switch (WS-C3650-48PD) configuration. I've pre-provisioned switches to upgrade image to IOS-XE 16.3.3 and deploy a switch stack configuration where only the image is upgraded and the first half of the configuration is deployed. The odd thing is that PnP seems to think it is a success and says status Provisioned.

When I deploy the same configuration via CLI or do a new provision of the same switch stack but without image upgrade the complete configuration goes through without any errors so I assume the configuration is correct. I see no timeouts and we use 40 minutes timeout for image upgrade and 30 minutes for configuration deployment.

I have the same behavior on all switch stacks that the configuration deployment only deploy the interface configuration for the first two switches in the stack.

The interface configuration used is the following.

interface range GigabitEthernet2/0/1 - 48

switchport access vlan 42

switchport mode access

spanning-tree portfast

authentication control-direction in

authentication event fail action auth vlan 42

authentication event server dead action authorize vlan 42

authentication event no-response action authorize vlan 42

authentication event server alive action reinitialize

authentication host-mode multi-domain

authentication order dot1x mab

authentication priority dot1x mab

authentication port-control auto

authentication periodic

authentication timer reauthenticate server

mab

dot1x pae authenticator

dot1x timeout tx-period 3

dot1x timeout supp-timeout 10

dot1x max-req 3

spanning-tree bpduguard enable

switchport nonegotiate

storm-control broadcast level 0.5

storm-control multicast level 10

exit

!

interface range GigabitEthernet3/0/1 - 48

switchport access vlan 42

switchport mode access

spanning-tree portfast

authentication control-direction in

authentication event fail action auth vlan 42

authentication event server dead action authorize vlan 42

authentication event no-response action authorize vlan 42

authentication event server alive action reinitialize

authentication host-mode multi-domain

authentication order dot1x mab

authentication priority dot1x mab

authentication port-control auto

authentication periodic

authentication timer reauthenticate server

mab

dot1x pae authenticator

dot1x timeout tx-period 3

dot1x timeout supp-timeout 10

dot1x max-req 3

spanning-tree bpduguard enable

switchport nonegotiate

storm-control broadcast level 0.5

storm-control multicast level 10

exit

!

Labels:
3 Replies 3

Joakim Backlund
Level 1
Level 1

‎10-02-2017 12:58 PM

If I compare the configuration in PnP and the running configuration after a successful provisioning it looks like PnP only provided a partial configuration. How do I verify what configuration is really sent to the switch?

The switch says so it is satisfied with the configuration downloaded at least. Although not complete.

------------------ show pnp tasks ---------------------

Certificate-Install Task - Never Run

Image-Install Task - Never Run

Config-Upgrade Task - Last Run ID:3, ST:5202, Result:Success, LT:219061, ET:108323 ms

        Src:[https://pnpserver.<domain.com>:443/api/v1/file/onetimedownload/eb40303c-0cfd-4d45-970e-75412c992dee], Dst:[running]

CLI-Config Task - Last Run ID:2, ST:5201, Result:Success, LT:105156, ET:223 ms

        Src:[cli-config request], Dst:[running-config]

Licensing Task - Never Run

File-Transfer Task - Never Run

Redirection Task - Never Run

CLI-Exec Task - Last Run ID:5, ST:5401, Result:Success, LT:286802, ET:11239 ms

        Src:[cli-exec request], Dst:[running-exec]

aradford
Cisco Employee
Cisco Employee
In response to Joakim Backlund

‎10-04-2017 12:03 AM

Quick sanity check.

What version of PnP app?

What version of IOS are you upgrading from?

0 Helpful

Joakim Backlund
Level 1
Level 1
In response to aradford

‎10-05-2017 04:14 AM

Now running PnP 1.5.1.35, when I started the troubleshooting I was running 1.4.1.1159. There are two differences in behaviour between those two versions.

With 1.4.1.1159 a random number of interfaces on switch one and two were configured but nothing more. To be able to get the switch fully configured I had to delete the old provision job and create a new one without any image pointed out before I did a total reset on the switch via CLI.

With 1.5.1.35 all interfaces on switch 1 and 2 are fully configured but nothing more. Now it is enough to just reset the old provision job and do a complete reset on the switch via CLI.

Switches are mostly delivered with 3.6.6E which we upgrade to 16.3.3 to be able to do full AAA configuration directly without workarounds with EEM script.

I have a TAC case on this as well.

0 Helpful
Customers Also Viewed These Support Documents