Solved: CSCvu03730-eWLC and Cisco DNAC with sdn-network-infra-iwan cert

abuzarghalib · ‎12-22-2022

Hello ,

Looks like I have the issue even through the DNA center version 2.3.3.5 and the WLC is 17.3.4c. If I need to add sdn-network-infra-iwan certificate manually, how can I get that certificate from the DNA center?

Thanks in advance.

abuzarghalib · ‎11-01-2023

I wasn't able to add the certificate manually, but my issue is resolved and DNAC was able to push it to WLC after updating the DNS entry for the DNAC. It was pointing to the enterprise IP and is updated to point to virtual IP instead then after than I push the telemetry back with force to WLC.

View solution in original post

patoberli · ‎07-19-2023

I had a very similar issue just now, but with a C9300 switch. I could solve it by opening DNAC, Devices -> Inventory -> select the affected device -> Actions -> Telemetry -> Update Telemetry settings -> select the Force configuration update option -> Next a few times until it starts to push it. This will delete and re-create the sdn-network-infra-iwan certificate on the affected device.

troelsl · ‎09-13-2023

The solution from patoberli, fixed the issue on my 9800 which deleted the sdn-network-infra-iwan certificate, updating the telemetry settings did not recreate the certificate without marking the checkmark Force configuration.

ereid99 · ‎10-23-2023

I'm not getting any telemetry data from my WLC either. On the WLC if I run show telemetry ietf subscription all, all subscriptions validate except for:

2118 Configured Invalid Invalid value '/services;serviceName=ewlc_oper/rrmMeasurement' for parameter 'filter

I updated the telemetry settings and used the force option like it was suggested, but it doesn't appear to have resolved my problem.

Output of: show telemetry ietf subscription 2118 detail
Telemetry subscription detail:

Subscription ID: 2118
Type: Configured
State: Invalid
Stream: native
Filter:
Filter type: tdl-uri
TDL-URI: /services;serviceName=ewlc_oper/rrmMeasurement
Update policy:
Update Trigger: periodic
Period: 30000
Encoding: encode-tdl
Source VRF:
Source Address: 10.100.49.67
Notes: Invalid value '/services;serviceName=ewlc_oper/rrmMeasurement' for parameter 'filter'.

Named Receivers:
Name Last State Change State Explanation

-------------------------------------------------------------------------------------------------------------------------------------------------------
tls-native://sdn-network-infra-iwan@10.100.49.69 08/31/23 20:17:28 Disconnected Subscription invalid

Is it safe to try and remove that item?

patoberli · ‎10-31-2023

Are you running an eWLC on an access point or a full WLC?

Based on the compatibility matrix, eWLC is not specifically listed, so I'm not entirely sure if it is supported at all.

In any case, try to send the Telimetry configuration again, with the Force option checked. That should completely clean the old configuration and send the new valid one.

ereid99 · ‎10-31-2023

It's a full WLC (9800-40). I tried the Telemetry config with the Force option a couple of times and it didn't resolve it. I have a TAC case open, but haven't got on a call with them yet. I'll post back what we end up doing.

abuzarghalib · ‎11-01-2023

I wasn't able to add the certificate manually, but my issue is resolved and DNAC was able to push it to WLC after updating the DNS entry for the DNAC. It was pointing to the enterprise IP and is updated to point to virtual IP instead then after than I push the telemetry back with force to WLC.