Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1623
Views
8
Helpful
3
Replies

Questions about PnP

Go to solution
sw1ft-code
Level 1
Level 1

‎03-22-2017 08:22 AM - edited ‎03-01-2019 04:37 AM

Hi

We are running APIC-EM in our LAB environment and I have a few pending issues/questions before going into production.

1. Is there a way to get the entire device configuration using the api? including passwords and snmp information etc.

GET /network-device/{networkDeviceId}/config

I'm working on a solution to automate the replacement of a deployed switch (in case of RMA) with PnP. In my opinion the best solution would be to allow the API to create a new PnP project using an existing configuration ID from the Inventory (not possible right now). This way I could provision the replacement switch with the exact same configuration using PnP. The other solution is using the API to download the device configuration and upload it again while creating the PnP project. The problem is that the device configuration is missing all the sensible information like passwords and snmp information.


2. We are using Tacacs on our switches and PnP isn't able to provision a new switch if I don't remove the following statements from the device configuration:

aaa authentication enable default group **** enable

aaa authorization exec default group **** if-authenticated

aaa authorization commands 15 default group **** if-authenticated

Is this problem going to be addressed in the next release?


Thanks

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
aradford
Cisco Employee
Cisco Employee

‎03-22-2017 04:36 PM

Hi Stefano,

#1) Not today.  This was a deliberate design design due to data confidentiality.  GET API only require OBSERVER role.  Prime Infrastructure solves this with a privileged API call.   We need to address this to implement RMA ourselves.

#2).  The first command is fine, is it the second two that cause the issue.  This requires IOS change, or there is an EEM script you can use (as part of the config file you download to work around).  My blog covers this in detail. Network Automation with Plug and Play (PnP) – Part 7

Adam

View solution in original post

3 Replies 3

Go to solution
aradford
Cisco Employee
Cisco Employee

‎03-22-2017 04:36 PM

Hi Stefano,

#1) Not today.  This was a deliberate design design due to data confidentiality.  GET API only require OBSERVER role.  Prime Infrastructure solves this with a privileged API call.   We need to address this to implement RMA ourselves.

#2).  The first command is fine, is it the second two that cause the issue.  This requires IOS change, or there is an EEM script you can use (as part of the config file you download to work around).  My blog covers this in detail. Network Automation with Plug and Play (PnP) – Part 7

Adam

Go to solution
sw1ft-code
Level 1
Level 1
In response to aradford

‎03-23-2017 03:06 AM

Hi Adam

In that case I will use the Prime API as a workaround to solve my RMA problem.

Thank you for the suggestion about EEM. 

By the way your blog posts are very helpful!

Go to solution
aradford
Cisco Employee
Cisco Employee
In response to sw1ft-code

‎03-23-2017 02:28 PM

Thanks Franco,

let us know if you have other questions.

Adam

0 Helpful
Customers Also Viewed These Support Documents