Buy or Renew
Buy or Renew
Join the Catalyst Center Onboarding Ask Me Anything event happening now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1832
Views
0
Helpful
4
Replies

Cisco ISE - DNAC Integration Problem

OrkhanRustamli
Level 1
Level 1

‎11-07-2019 06:27 AM

Hi All,

My DNAC and ISE seems to be integrated. I see connection as green. Old groups and policies are installed on DNAC. But I did some changes on groups and policies one week ago and none of them is moving to DNAC yet. What can be problem?

Any help is appreciated!

Thanks in advance!

Labels:
0 Helpful
4 Replies 4

jedolphi
Cisco Employee
Cisco Employee

‎11-07-2019 03:49 PM

Hello Orkhan,

I assume you are talking about DNAC 1.2.x or 1.3.0.x, because in 1.3.1+ we've made changes to the code that prevent you from adjusting SGACLs in two places i.e. either DNAC is is control of SGACLs or ISE is in control of SGACLs and the other system is locked.

In DNAC 1.2.x or 1.3.0.x you should make changes only in one system always, either DNAC or ISE. If you integrated DNAC with ISE, then you made changes to SGACLs in ISE, DNAC will not learn about them automatically. You will need to reintegrate DNAC with ISE to resynchronise DNAC with ISE. Probably best to open a TAC case.

Jerome

0 Helpful

OrkhanRustamli
Level 1
Level 1
In response to jedolphi

‎11-07-2019 11:51 PM

Hi @jedolphi,

I think you understood my problem correctly. DNAC is 1.3.0.94 and ISE is 2.4.0.357. I do not need them to be integrated they already are. The problem is I change SGACL in ISE and they are not propogated to DNAC automatically, although DNAC shows ISE connection as okay. Moreover I need to change which VN has which SGTS because DNAC is the only way of doing that and then new changes are not pushed to ISE.

0 Helpful

jedolphi
Cisco Employee
Cisco Employee
In response to OrkhanRustamli

‎11-08-2019 05:59 PM

Orkhan,

If you integrate DNAC 1.2.x or 1.3.0.x with ISE, then you need to make all future changes only in DNAC. ISE will not push changes to DNAC automatically. You can try to re-trigger the DNAC-ISE integration by editing the ISE integration in DNAC, adding a character to the ISE password, then deleting the character, then clicking apply. BUT, if this is a production system (not a lab) then please raise a TAC case.

Jerome

0 Helpful

manirul
Level 1
Level 1

‎11-10-2019 04:09 AM

Screenshot (59).png

 

What is the purpose of pushing changes from ISE to network devices? If I change anything anything in ISE, I use this button to push the changes to end devices. 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card