Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
789
Views
0
Helpful
5
Replies

DNAC Add Device invalid CLI

Ruelb2214
Level 1
Level 1

‎11-01-2024 02:38 AM

Hi,

We have existing DNAC (v2.3.5.5) and there are existing devices already on board and assign to site using one CLI credentials.

Recently we had deployed new 9200 switches on infrastructure and wanted to add or discover the devices. when we are trying to add and use the same CLI credentials it always pop-up error "Invalid credentials for CLI" even we tried with new CLI it still the same.

The original CLI I don't want to delete/re-create as I'm afraid it might impact on the existing devices.

But I notice I don't have this kind of issue in SNMP.

Does anyone encounter the same issue?

*Switches firmware 17.06.05

 

0 Helpful
5 Replies 5

Flavio Miranda
VIP
VIP

‎11-01-2024 03:07 AM

@Ruelb2214 

 On the switch run

no netconf-yang

netconf-yang

From the DNAC CLI try to access the switch on Port 830

0 Helpful

HansK_NL
Level 1
Level 1

‎11-01-2024 03:15 AM

Hi,

You have switches configured outside of DNA Center that you want to add to the inventory and the credentials used by DNA Center are not the same as those configured on the switch?

Did you add the new/additional credentials in DNA Center under Design -> Network Settings -> Credentials?

Then you should be able to start a discovery by selecting the correct credentials-set.

0 Helpful

jmanzanera
Level 1
Level 1

‎11-03-2024 12:21 PM

Hello,
Just to understand what is happening please run the following test:

 

1/ Can you please try ssh with the credentials to the switch directly to see if the connectionis successfull?
2/ Confirm the same credentials on the dnac are configured on the switch.
3/ Run a test with show log on the switch, you should be able to see if the username is valid or not

0 Helpful

shane.carnahan
Level 1
Level 1

‎11-04-2024 09:10 AM

Sorry if this is basic but didn't see it called out. Do you have a basic AAA configuration on the switches? Something like the below?

aaa new-model
aaa authentication login default local
aaa authentication login console local
aaa authorization exec default local if-authenticated
netconf-yang
0 Helpful

jmanzanera
Level 1
Level 1

‎11-04-2024 11:53 PM

Hello @shane.carnahan ,
Your configuration looks good for the aaa new-model, however I see the username used by DNAC to connect to the switch is not configured (maybe you didn't show it and it is already configured).

I suggest to do the following:

1/ Use the same aaa new-model used.
2/ Confirm if you have the username configured on the switch (the one you have configured on the DNAC to connect).
3/ Cofirm the netconfg is configured with port opened with command show netconf-yang status
4/ Add teh following script on your switch to see all the changed done by the DNAC (later on you can remove it)

!!//Add Event Manager script
conf t
event manager applet catchall
event cli pattern ".*" sync no skip no
action 1 syslog msg "$_cli_msg"
end
term mon
term no mon

!!//Remove Event Manager script
configure terminal
no event manager applet catchall'''

 5/ Run the discovery and check the logs from the switch and the information provided by the DNAC task

0 Helpful
Customers Also Viewed These Support Documents