Cisco - configure replace fails on exit-af-interface command

[paulbauer1]

Description of Issue/Question

Note: Please check https://guides.github.com/features/mastering-markdown/ to see how to properly format your request.

Did you follow the steps from https://github.com/napalm-automation/napalm#faq

(Place an x between the square brackets where applicable)

• [x] Yes
• [] No

Setup

Running dev envionment/python in docker container. Python 3.11.7. Working on a configure replace ansible script. Package Version

---

ansible 9.1.0 ansible-compat 4.1.10 ansible-core 2.16.1 ansible-lint 6.22.1 attrs 23.1.0 bcrypt 4.1.1 black 23.11.0 bracex 2.4 certifi 2023.11.17 cffi 1.16.0 charset-normalizer 3.3.2 click 8.1.7 cryptography 41.0.7 filelock 3.13.1 future 0.18.3 idna 3.6 Jinja2 3.1.2 jsonschema 4.20.0 jsonschema-specifications 2023.11.2 junos-eznc 2.6.8 lxml 4.9.3 markdown-it-py 3.0.0 MarkupSafe 2.1.3 mdurl 0.1.2 mypy-extensions 1.0.0 napalm 4.1.0 napalm-ansible 1.1.0 ncclient 0.6.13 netaddr 0.9.0 netmiko 4.3.0 netutils 1.6.0 nornir 3.4.1 ntc_templates 4.0.1 packaging 23.2 paramiko 3.3.1 pathspec 0.11.2 pip 23.3.1 platformdirs 4.1.0 pycparser 2.21 pyeapi 1.0.2 Pygments 2.17.2 PyNaCl 1.5.0 pyparsing 3.1.1 pyserial 3.5 PyYAML 6.0.1 referencing 0.32.0 requests 2.31.0 resolvelib 1.0.1 rich 13.7.0 rpds-py 0.13.2 ruamel.yaml 0.18.5 ruamel.yaml.clib 0.2.8 scp 0.14.5 setuptools 65.5.1 six 1.16.0 subprocess-tee 0.4.1 textfsm 1.1.3 transitions 0.9.0 ttp 0.9.5 ttp-templates 0.3.5 typing_extensions 4.8.0 urllib3 2.1.0 wcmatch 8.5 wheel 0.42.0 yamllint 1.33.0 yamlordereddictloader 0.4.2

napalm version

(Paste verbatim output from pip freeze | grep napalm between quotes below)

napalm==4.1.0
napalm-ansible==1.1.0

Network operating system version

(Paste verbatim output from show version - or equivalent - between quotes below)

Cisco IOS XE Software, Version 17.06.05
Cisco IOS Software [Bengaluru], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.6.5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2023 by Cisco Systems, Inc.
Compiled Wed 25-Jan-23 16:15 by mcpre

Cisco IOS-XE software, Copyright (c) 2005-2023 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.

ROM: IOS-XE ROMMON
BOOTLDR: System Bootstrap, Version 17.6.1r, RELEASE SOFTWARE (P)

Switch uptime is 1 hour, 46 minutes
Uptime for this control processor is 1 hour, 48 minutes
System returned to ROM by PowerOn
System image file is "bootflash:packages.conf"
Last reload reason: PowerOn

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Technology Package License Information: 

------------------------------------------------------------------------------
Technology-package                                     Technology-package
Current                        Type                       Next reboot  
------------------------------------------------------------------------------
network-advantage       Smart License                    network-advantage   
dna-advantage           Subscription Smart License       dna-advantage                 
AIR License Level: AIR DNA Advantage
Next reload AIR license Level: AIR DNA Advantage

Smart Licensing Status: Registration Not Applicable/Not Applicable

cisco C9500-24Y4C (X86) processor with 2889884K/6147K bytes of memory.
Processor board ID
18 Virtual Ethernet interfaces
48 TwentyFive Gigabit Ethernet interfaces
8 Hundred Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
15995680K bytes of physical memory.
11161600K bytes of Bootflash at bootflash:.
11161600K bytes of Bootflash at bootflash-2:.
1638400K bytes of Crash Files at crashinfo:.
1638400K bytes of Crash Files at crashinfo-2:.
234430023K bytes of SATA hard disk at disk0:.
234430023K bytes of SATA hard disk at disk0-2:.

Base Ethernet MAC Address          : 3c:26:e4:50:f4:00
Motherboard Assembly Number        : 4874
Motherboard Serial Number          :
Model Revision Number              : V02
Motherboard Revision Number        : 3
Model Number                       : C9500-24Y4C         
System Serial Number               :

Switch 02
---------
Base Ethernet MAC Address          : 88:fc:5d:da:98:e0
Motherboard Assembly Number        : 4874
Motherboard Serial Number          :
Model Revision Number              : V02
Motherboard Revision Number        : 3
Model Number                       : C9500-24Y4C         
System Serial Number               :

Steps to Reproduce the Issue

Try and apply the following configuration with napalam configure replace. If I run configure replace from the switch cli the commands work. Ansible module fails as well. I tried both straight python and ansible.

router eigrp Century ! address-family ipv4 unicast autonomous-system 300 ! af-interface default passive-interface exit-af-interface ! topology base exit-af-topology network 10.126.0.0 0.0.127.255 network 172.31.0.40 0.0.0.0 nsf exit-address-family

Error Traceback

(Paste the complete traceback of the exception between quotes below)

+router eigrp Century
 +address-family ipv4 unicast autonomous-system 300
  +af-interface default
   +passive-interface
  +exit-af-interface
  +topology base
  +exit-af-topology
  +network 10.126.0.0 0.0.127.255
  +network 172.19.0.40 0.0.0.0
  +nsf
Traceback (most recent call last):
  File "/code/test.py", line 10, in <module>
    device.commit_config()
  File "/usr/local/lib/python3.11/site-packages/napalm/ios/ios.py", line 569, in commit_config
    raise ReplaceConfigException(msg)
napalm.base.exceptions.ReplaceConfigException: Candidate config could not be applied
Failed to apply command   exit-af-interface
Aborting Rollback.

Rollback failed.Reverting back to the original configuration: bootflash:napalm-archive-Dec-14-22-20-53.232-44 ...
%EIGRP: Deleting base topology is not allowed.
Total number of passes: 1
Rollback Done

The original configuration has been successfully restored.

[ktbyers]

@paulbauer1 Let me see if I can reproduce.

Remind me in two weeks if I forget (as I am leaving on Christmas travel soon).

[paulbauer1]

@paulbauer1 Let me see if I can reproduce.

Remind me in two weeks if I forget (as I am leaving on Christmas travel soon).

Will do. Have a good break.

[paulbauer1]

@paulbauer1 Let me see if I can reproduce. Remind me in two weeks if I forget (as I am leaving on Christmas travel soon).

Will do. Have a good break.

Also, when running the command directly with netmiko it seems that the issue occurs when the "revert trigger error" parameters are included in the configure replace command. If I include only force the error does not seem to occur.

I can also set the following optional args and it will work. This seems to avoid the error. optional_args: auto_rollback_on_error: false revert_in_min: false