Using Advanced Velocity Templates in Cisco DNA Center – Part 3

In Part 2 of this blog series we covered more sophisticated examples of bound variables and loops.  That post shows how to embed interactive and exec level commands into templates.

This is one area that Day0 (Plug and Play – PnP) templates differ from day-N.  During PnP, the entire config is pushed to the device in one shot and installed. During Day-N, the config is pushed line by line from Cisco DNA Center.  This means that interactive commands can be used (as they are parsed on Cisco DNA Center as opposed to being rendered on the device).

Interactive Commands

In this example, I have a “bogus” username to remove from the configuration.

3k-stack#show run | inc bog
username bogus privilege 15 password 7 0306540C131C

I try to fix this with a simple template.

no username bogus

The template times out? Why, take a look at the CLI when the “no username bogus” statement is issued.

3k-stack#conf t            
Enter configuration commands, one per line.  End with CNTL/Z.
3k-stack(config)#no username bogus
This operation will remove all username related configurations with same name.Do you want to continue? [confirm]

The command is an interactive command, and execution is paused, waiting for extra input. #INTERACTIVE will solve this problem. The tag <IQ> stands for “Interactive Question”, which is a string to match, and the tag <R> stands for response which in the example is a simple “y”. A simple modification to the template will resolve the issue.

#INTERACTIVE
no username bogus<IQ>confirm<R>y
#END_INTERACTIVE

This time the template succeeds.

Interactive commands can be problematic in Day0 templates as they consume the next line of config, which might mean the command fails, but also later lines of config are missing.  “crypto key generate rsa” is the most common example.  Fortunately, it is not required as DNA Center generates keys for you.

Exec Level Commands

The other use case is running commands from a template outside of configuration mode.  There are a few use cases for this.  For example, changing the priority of a switch stack member is an exec level command, not a config mode command.

3k-stack#switch 2 priority 15

Exec level commands are embedded in the template using  #MODE_ENABLE. Often these commands are also interactive, using #INTERACTIVE, <IQ>,<R> as well.

#MODE_ENABLE
#INTERACTIVE
switch 2 priority 15<IQ>yes<R>y
#END_INTERACTIVE 
#END_MODE_ENABLE

Saving Configuration

By default, day-N templates are not saved.  This is true for both the UI (provisioning process) and the API.  If you want to persist a template, there are three options.

• Embed a “do write memory” in the configuration template. This is a simple solution but can be hard to spot.
• Use a standalone MODE_ENABLE template to save the config. This allows for validation before saving the configuration.  This works more efficiently with the API.
• Embed a MODE_ENABLE statement in the template. This is easier to see, but there is a small caveat.

Standalone MODE_ENABLE

This is very simple, just create a new template with MODE_ENABLE and the write memory commands.  You can use the API to call this template directly after validating the configuration change.

It is also possible through the UI, but a little trickier.  When there are multiple templates in a network profile, the order is non-deterministic.  This can be achieved by putting individual  templates into a composite template, which has a set order for applying templates..

#MODE_ENABLE
write memory
#END_MODE_ENABLE

Embedded MODE_ENABLE

The write memory block can be embedded in the configuration using MODE_ENABLE.  There is a small caveat as the “exit” statement is needed in Cisco DNA Center version 1.3.3.4 and earlier to get out of configuration mode.  Notice that other configuration commands following the MODE_ENABLE block do not need a “conf t” statement.  That is implicit.  The config change to g2/0/9 will not be saved.

int g2/0/10
desc WRMEM
exit
#MODE_ENABLE
write memory
#END_MODE_ENABLE

int g2/0/9
desc WRMEM

Reset to Factory Defaults

One other use case for MODE_ENABLE and INTERACTIVE is resetting a device to factory defaults.  I use this quite a bit in my PnP testing.  Remember the template will technically fail, as the device will be rebooted.  It will however be reset to factory defaults.   This works best via the API.

#MODE_ENABLE
#INTERACTIVE
write erase<IQ>[confirm]<R>y
#ENDS_INTERACTIVE
#INTERACTIVE
reload <IQ>yes/no<R>no<IQ>Proceed<R>yes
#ENDS_INTERACTIVE
#MODE_END_ENABLE

What Next?

This blog shows examples of interactive command in velocity templates.  The next blog in the series will show how to use raw JSON input to a template.  This only works via API calls.

If you are interested in using the API to apply templates to devices, this blog post has a sample python tool for applying templates.

In the meantime, if you would like to learn more about Cisco DNA Center you could visit  Cisco Devnet.

Thanks for reading.  @adamradford123

Related resources:

• Cisco DNA Center
• DevNet Networking Dev Center
• DevNet Network Automation Exchange
• Cisco DevNet Certifications

We’d love to hear what you think. Ask a question or leave a comment below. And stay connected with Cisco DevNet on social!

Twitter @CiscoDevNet | Facebook | LinkedIn

Visit the new Developer Video Channel

Share