Re: Catalyst Center Override Network Settings

dm2020 · ‎05-20-2024

Hi All,

Is it possible to override the networks settings (or ignore) when provisioning devices within Catalyst Center?

I'm currently deploying switches at a site that inherit NTP, DNS, AAA settings from the Building -> Floor level of the network hierarchy. I'm installing one switch that will be located within this same building/floor, however I dont want AAA to be enabled when provisioning. After some testing, the only way that this appears to be possible is if I create a dedicated floor for this one device with AAA disabled. Is this the only way to achieve this?

Thanks

estetson · ‎05-20-2024

I believe it's granular to the floor level, so within a floor you can't choose which devices would receive it and which wouldn't.

Creating a new floor is one option. You could also create a template that removes the AAA configs Catalyst Center pushes to it. Just keep in mind that when we provision a device a second, third, fourth, etc time, we need to make sure we check the "push template if it's already been configured" option.

Templates are pushed once and shouldn't be pushed again unless that box is selected. So if you don't select it, you'll find the AAA settings on the device.

Arne Bier · ‎05-29-2024

I think it’s fair to say that all Cat devices should get device admin (AAA/TACACS) but I agree about needing an option to not provision RADIUS (client NAC) for switches that don’t have NAC. Making a distr/core level is what also came to mind. But seems a bit of a hack.
Attaching a template to unprovision unwanted DNAC config is just asking for trouble. If Cisco changes the DNAC default commands then it breaks you template and you don’t want to have to maintain that.