Re: Cisco DNA Discover - Netconf fail in Switch and WLC - Page 2

iran · ‎06-25-2023

Hi,

Can anyone help me understand and list the requirements needed to successfully discover a device via Netconf?

I validate that the devices have the command:
netconf-yang

1 - I read something that the device can not have AAA, TACACS, Radius configuration, is it true?

2 - I read something that the device must only have below configs regarding AAA, is it true?

3 - I know that to provisioning the WLC 9800 in Cisco DNA I need to have NETCONF, but to provision a device do I need to have NETCONF?

Please can anyone clarify my question above and let me know the right procedure?

iran · ‎06-29-2023

Don´t believe so, because in the tcpdump capture that I took in DNAC I see packets from WLC in port 830 to DNA.
And I noticed that the Switch/WLC is always sending a "Reset" to the connection

Output from the WLC:
show netconf-yang status
netconf-yang: enabled
netconf-yang ssh port: 830
netconf-yang candidate-datastore: disabled

Any idea?

Flavio Miranda · ‎06-29-2023

Probably compare the Lab and production. If you can do it on the lab which means your procedure is right. Now, if it is failing on the production clearly you have some difference. If the connectivity is fine, I dont see alternatives besides dig into the devices and see what they have different.

Sometimes the solution is simple like disable, enable service, reload device, upgrade ,etc.

You may also try to send ssh on 830 port from another source for testing.

iran · ‎07-10-2023

Dont believe that it is the firewall since DNAC first establish a TCP session.
I stuck with this error.
I can access via SSH, but not via netconf:

Flavio Miranda · ‎07-10-2023

The message suggest the wlc has no netconf enabled