Network Management

Anybody having any success with template groups.  My current setup is painfully simple yet doesn't work.  I have one group with two templates, 1-each for the two test models I have in the group; a 2530-8 port and 2540-48 port.  

The test CLI for the 2540 is: 

; JL357A Configuration Editor; Created on release #YC.16.05.0007
; Ver #12:08.04.99.03.b3.b8.ef.74.61.fc.68.f3.8c.fc.e3.ff.37.2f:66

module 1 type jl357a
include-credentials

ip default-gateway 10.0.99.1
ip dns domain-name "mycompany.com"
ip dns server-address priority 1 8.8.8.8
ip dns server-address priority 2 8.8.4.4

vlan 1
   name "Default VLAN"
   tagged 25-52
   no ip address
   exit	
vlan 99
name "Management"
   untagged 1-52
   ip address dhcp-bootp
   exit

The switch in question is enabled for Aruba-Central.  DNS is configured on the switch and the switch is shown as ONLINE in Central.  But the switch never receives the template.  Central always shows config sync errors with the full CLI script in the Config Difference. Unfortunately I cannot find any other usefull tools or auditing info to help with what the problem might be.  

Any ideas?

Checked with Central Engineering, this is their response:

-------------

Mechanisms to debug a template push is via the audit trail, show log -r from the switch & checking the errors in the config dashboard in central. 

If the error is in the template header the only error that would be visible would be a corrupted download file message in switch logs.

Errors visible from the template :

Seems to be edited by hand . To generate a template. Configure the same on a switch and use the show run as a starting point to avoid errors.

For example all the ports are untagged to vlan 99 , in the switch when we do this a corresponding no command is added under vlan 1 from where it is removed. This would cause the switch to reject the config. Hand edited templates are not supported by switch team as well.

If the template being used is the one pasted in the link , it wouldn’t work across switches. The template   header is unique and can’t be applied across switches . Also the template header changes across upgrades.

; JL357A Configuration Editor; Created on release #YC.16.05.0007 <— Raw template header won’t work across switches or post upgrade when it changes
; Ver #12:08.04.99.03.b3.b8.ef.74.61.fc.68.f3.8c.fc.e3.ff.37.2f:66

module 1 type jl357a
include-credentials

ip default-gateway 10.0.99.1
ip dns domain-name "mycompany.com"
ip dns server-address priority 1 8.8.8.8
ip dns server-address priority 2 8.8.4.4

vlan 1
name "Default VLAN"
tagged 25-52<——————untagged command missing
no ip address
exit
vlan 99
name "Management"
untagged 1-52
ip address dhcp-bootp
exit

The template header is unique , please use the _sys variable which would automatically fill in the header during template push.Sys module command similarly takes care of the module command in template. 

These should fix the most obvious errors , however without debugging for the switches present in group we can’t be sure this will be error free.

%_sys_template_header%
%_sys_module_command%
%_sys_stack_command%
include-credentials
ip default-gateway 10.0.99.1
ip dns domain-name "mycompany.com"
ip dns server-address priority 1 8.8.8.8
ip dns server-address priority 2 8.8.4.4

vlan 1
name "Default VLAN"
tagged 25-52
untagged %_sys_vlan_1_untag_command%
no ip address
exit
vlan 99
name "Management"
untagged 1-52
ip address dhcp-bootp
exit

Thanks for your response.

I have had support on the switch/Central all morning trying to resolve this.  They are strugging as well and have escallated the issue for further diagnostics.

I did add the variables as you sugested but the resulting template is the same.  The template we added originally was a copy from the actually running config of the switch.  When that didn't work we started manually cutting out a lot of the config in hopes to find a resolution to no avail.

Vlan 1 is not used on this switch but we need to route this vlan on uplink ports for other connected switches.

Cheers!

Hi ,

Can you please attach the show tech from the switch.

I would love to see the actual config before attempting to templatize it . However below is an attempt trying to remove some more errors that might be present ( changes:  snmp engine id command was missing . CWMP enable/disable command was missing etc ). Does your switch have 52 ports in show run?

%_sys_template_header%
%_sys_module_command%
hostname %_sys_hostname%
cwmp enable
include-credentials
snmpv3 engineid %_sys_snmpv3_engineid%
ip default-gateway 10.0.99.1
ip dns domain-name "mycompany.com"
ip dns server-address priority 1 8.8.8.8
ip dns server-address priority 2 8.8.4.4
vlan 1
name "DEFAULT_VLAN"
tagged 25-52
untagged %_sys_vlan_1_untag_command%
no ip address
exit
vlan 99
name "Management"
untagged 1-52
ip address dhcp-bootp
exit

Regards ,

Mubeesh

Mubeesh, thank you so much for your interest in assisting with this.  At this point I need to give the Aruba Level-3 engineers a chance to troubleshoot this.  They have transferred the management of this switch from our Central to their own and are duplicating the issue we face.  They have retreived the SHOW TECH as well as other Log File diagnostics.  We are hoping they will have a resolution by Monday and I will post the results for others to benefit in the future.

Thank you!