Having succesfuly deployed a brand new Cisco 4331 ( isr4300-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bi) the health check message appears.
4331SWA#sho pnp summ
----
There are no connectivity issues between APIC's VIP and the routers management network.
It's ironic that the downstream Cosco 2960X is in a provisioned state.
The APIC-EM device credentials give the appliance Level 15 access by virtue of vty privilege level 15 commands. Access is limited toi SSH and has been verified from a DHCP Server sat on the APIC-EM's subnet.
do you have "aaa command authorisation" in your configuration file?
Actually, just took a closer look. seems like there was an issue with the configuration file?
Config-Upgrade Task - Last Run ID:7, ST:5202, Result:Failed, LT:263730, ET:14309 ms
Src:[https://10.x.y.z:443/api/v1/file/onetimedownload/5cb9616d-cbca-48d7-8c19-a06d502995ed], Dst:[running]
Error Code:1413, Msg:[Invalid input detected]
That still might be due to "aaa command authorisation".
Have you tried pasting the config in manually to see where it fails?
Meanwhile, the router has now deployed withouterror although I waiting for the Provisioned Green light in my browser.
The ISR43xx router'd default inclusion of a interface vlan 1 SVI is strange to say the least; I had not stripped it from the deployed config and it generated the error.
Unfortunately I have just received another "PROVISIONING_CONFIG for more than threshold time: 0 hours, 16 minutes, 0 seconds".
written up the issue (and a solution) in this blog post Network Automation with Plug and Play (PnP) – Part 7 It is also addressed in IOS
A couple more things:
1) Can you verify the "show run" is the same as the config you pushed?
2) Can you discover the device (using the discovery process in APIC-EM)?
3) How did you deploy this device? A pre-provisioned rule or Ad-Hoc?
4) is there anything in "show loggin" that is interesting?
Resolution to Service Request 682005792,was achieved by adding an undocumented "ip http client source-interface" configuration command enabling the designated ssub-interface to initiate an xml heartbeat back to APIC-EM. However, the ongoing absence of nvram resident start-up configuration was addressed with the addition of a run-once-self destructing eem script attached to the foot of each and every deployed configuration.
Cisco also advised that manually deployed configurations should not include RSA keys; they are always generated by APIC-EM. Other issues raised include DHCP binding. APIC-EM forms an association using the initial DHCP supplied IP address; the bond is broken if for any reason this adrresss changes.
Since closure of the case my customer has also regained the ability to automatically upgrade IOS during the deployment.
Comments
0 comments
Please sign in to leave a comment.