1. Is there a way to get the entire device configuration using the api? including passwords and snmp information etc.
Working on a solution to automate the replacement of a deployed switch (in case of RMA) with PnP.
The best solution would be to allow the API to create a new PnP project using an existing configuration ID from the Inventory which is not possible.. This way could provision the replacement switch with the exact same configuration using PnP.
The other solution is using the API to download the device configuration and upload it again while creating the PnP project. The problem is that the device configuration is missing all the sensible information like passwords and snmp information.
Ans) Not today..This was a deliberate design design due to data confidentiality. GET API only require OBSERVER role. Prime Infrastructure solves this with a privileged API call. We need to address this to implement RMA ourselves.
2. Using Tacacs for switches and PnP isn't able to provision a new switch only if the following statements are removed from the device configuration:
aaa authentication enable default group **** enable
aaa authorization exec default group **** if-authenticated
aaa authorization commands 15 default group **** if-authenticated
Ans). The first command is fine, is it the second two that cause the issue. This requires IOS change, or there is an EEM script you can use (as part of the config file you download to work around). Check the blog which covers this topic in detail. Network Automation with Plug and Play (PnP) – Part 7