DNAC/Catalyst Center will push it's certificates to devices when it discovers them. It uses these to secure the communication with devices. An important thing to consider is CRL. If your DNAC/Catalyst Center certificate was signed and has a CRL then you need to do one of 2 things. 1) make sure your end devices (WLC, Switches etc) have access to check if the certificate is revoked. If they fail this check they will not communicate with DNAC/Catalyst Center. 2) Under Design/Network Setting/Security and Trust, make sure Revocation Check is set to CRL None. This could be different depending on your version. This option is not available on some older versions of DNAC/Catalyst Center and would require some manual workarounds. If you don't use CRL then you don't need to worry about any of this.
See attached screenshot.
@shane.carnahan I have discovered the WLC , but still I am not able to get it as healthy and fully provisioned.
I am seeing the below provision status in Device..?
Any clue if I am missing something, Is the Netconf Mandatory for WLC to fetch the telementry data and complete the provisioning..?
Hello @titusroz03
Netconf is mandatory for the WLC to work properly. Netconf uses the default methods under AAA. You would need something like the below in your WLC config for Netconf to work. Below that is a link to a document to assist with troubleshooting Assurance connectivity on the 9800 WLC. If there is a firewall between your CatC deployment and the WLC make sure you have allowed all the required ports and protocols. Those can be found in the Appliance Installation Guide in the Plan the Deployment section. In the guide pay close attention to Table 6. Notice that for the 9800 you need to allow TCP 25103 which is different from AireOS controllers. If this is not in place then telemetry will not work. I hope that helps.
aaa new-model
aaa authentication login default_local local
aaa authorization exec default local
