Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1474
Views
5
Helpful
2
Replies

DNA Center proxy

KevinR99
Level 1
Level 1

‎10-06-2021 07:24 AM

Hi

Does anyone know if DNAC should use its proxy settings to get to the URL used for AI Analytics, api.euc1.prd.kairos.ciscolabs.com or to access TAC at cxd.cisco.com to upload case files?

The reason I ask is my DNAC is connecting to Cisco to check on software updates.  I know that uses the defined proxy because if I delete the proxy information DNAC immediately complains it cannot reach Cisco to check for updates.  This is expected because there is no direct internet access.

When I tick the box in Settings - Cisco AI Analytics to Enable AI Analytics it says cloud unreachable and to make sure we can reach api.euc1.prd.kairos.ciscolabs.com. 

From the CLI I do

# nc -zv api.euc1.prd.kairos.ciscolabs.com 443 and that fails. 

For the TAC case upload from the maglev cli I do a test to Cisco with

# nc -zv cxd.cisco.com 443 and that times out. 

When I do a tcpdump on the cli during both of these operations I see DNAC attempting to go directly to those URLs and nothing for this particular traffic going via my proxy.  Since I only have proxy access to the internet then if this is what is happening I cannot get to those URLs.

As another test I have a DNAC connected directly to the internet and both those # nc -zv commands work.

So either my failing DNAC uses the proxy and it is not passing the traffic.  Or it tries to go directly to each URL and that will fail because there is no direct internet access.

Thanks for any input, Kev.

Labels:
0 Helpful
2 Replies 2

KevinR99
Level 1
Level 1

‎10-06-2021 07:50 AM

I've done further tests that would seem to confirm my suspicions that the proxy is not being used.  I deleted the proxy settings and put false ones in place.  As expected software updates failed to contact Cisco.  However, from the CLI the nc -zv commands still succeeded.  So this would seem to verify at least that the cxd.cisco.com connection to upload TAC files does not use proxy.  With the false proxy details still in place I then disabled AI Analytics and re-enabled.  A small icon came up saying Testing cloud connectivity and it succeeded.  So that would also seem to confirm this traffic does not use the defined proxy.  When I removed the false proxy settings the software updates re-established a link to Cisco.  So that uses proxy access. 

I would still welcome any input anyone could add here. 

0 Helpful

tpoulose
Cisco Employee
Cisco Employee
In response to KevinR99

‎10-20-2021 05:05 AM

Kevin what version of DNAC are we using? It sounds like you have done a lot of the work already add some packet captures proving this and open a TAC case so they can provide or file a bug if needed.

Customers Also Viewed These Support Documents