Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1295
Views
5
Helpful
1
Replies

Cisco PnP Rollback - ISR4351

Go to solution
sherrick
Level 1
Level 1

‎07-31-2019 05:19 AM

Hello all,

 

I have an ISR4351 on IOS version 16.9.3 connected to a Cisco PnP server via its management interface. I'm able to push a full configuration to the device, but once the config is on the ISR it starts behaving strangely in the CLI. I'm consoled into the ISR4351, and it continulously asks for the enable password:

 

Password: 
% Password: timeout expired!
Password: 
% Password: timeout expired!
% Bad secrets

 

If I enter the password, it accepts it and I'm in priv exec mode for a few seconds before it asks again. I'm also consistently getting Rollback messages triggered from the pnp process:

 

Total number of passes: 1
Rollback Done

 

The rollback configlet from the last pass is listed below:
********
!List of Rollback Commands:
archive
path flash:pnp-archive
end
********


Rollback aborted after 5 passes
The following commands are failed to apply to the IOS image.
********
archive
path flash:pnp-archive
********

 

The running configuration matches what the PnP server passed to it, and stays on the router during all these rollback messages. I also cannot SSH to the ISR from a directly connected device (% Connection refused by remote host). Debugging SSH on the ISR provides no output in the console line. 

 

Does anyone know what is causing this weird behavior? What explicitly causes the PnP Rollback to occur?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sherrick
Level 1
Level 1

‎08-02-2019 08:15 AM

Figured out the answer, for those interested:

 

The PnP portion worked fine. After the full config file was transferred, the router performs a "configure replace" (or at least performs a function that is very similar). The rollback feature was triggered by invalid lines in my config - specifically referencing TACACS servers when there was no AAA config. I'm not sure what was causing the rollback feature to repeat ad infinitum, but the issue was resolved after removing the invalid config. 

 

- Steve

View solution in original post

1 Reply 1

Go to solution
sherrick
Level 1
Level 1

‎08-02-2019 08:15 AM

Figured out the answer, for those interested:

 

The PnP portion worked fine. After the full config file was transferred, the router performs a "configure replace" (or at least performs a function that is very similar). The rollback feature was triggered by invalid lines in my config - specifically referencing TACACS servers when there was no AAA config. I'm not sure what was causing the rollback feature to repeat ad infinitum, but the issue was resolved after removing the invalid config. 

 

- Steve

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card