Solved: Re: DNA Center how to disable AAA via cli

EddyFonseca3815 · ‎10-19-2021

I have installed DNA center and I was adding the AAA external Authentication. I was testing it out but it seems I needed to log out. I had open two session to the GUI but it seems to log me out of both so when I enter my username and password it failed but I now can not get back into via GUI. I would like to know if there is a way I can disable the External Auth option so I can use my Admin password to access this system.

Note I am not able to get into with the admin or my user creds to this appliance.

Note I do not use ISE I am using a Radius box to authenticate me.

thank you

Eddy

Tomas de Leon · ‎10-19-2021

From the Cisco DNA Center CLI:

$ magctl rbac external_auth_fallback enable
$ magctl rbac external_auth_fallback disable
$ magctl rbac external_auth_fallback display

View solution in original post

Tomas de Leon · ‎10-19-2021

From the Cisco DNA Center CLI:

$ magctl rbac external_auth_fallback enable
$ magctl rbac external_auth_fallback disable
$ magctl rbac external_auth_fallback display

EddyFonseca3815 · ‎10-20-2021

I would like to know if I enter the external server which is Juniper device. How does DNA know what the user role will be once he/she enter there username and password. If I enter IP address for Authentication server in >setting menu> external services > Authentication and Policy Servers . I can enter the IP and Ports used for Auth and Acct but it seems per the documents I should see external username , Roles , etc below it but I do not know if we have to add user to the list or how it know what role the user that is access the DNA center GUI has which role.

I enter the server but I think there should be a link to the user and the role. the only thing I see if the local username and roles but I would have to enter each user if this is the link.

Let me know what I am missing to link it together.

thank you

Eddy