Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3058
Views
6
Helpful
1
Replies

DNAC and external authentication

Maciej Waliszko
Level 1
Level 1

‎07-09-2021 12:15 AM - edited ‎07-09-2021 12:26 AM

Hello,

DNAC newest version 2.2.2.3 (if I recall correctly) + ISE 2.6 patch 4.

ISE is integrated with DNAC as a non-ISE/AAA sever (because we don't have Plus licenses so pxgrid is not possible) - both radius and tacacs+ is checked.

Now I want to log into DNAC as an external user. I am basically following

https://www.hospitableit.com/howto/cisco-dna-center-external-authentication-using-ise-tacacs-part-1/

The first problem:

1) I am not able to switch into tacacs+. While I am putting the cursor over the button it is greyed out. Why?

There is no option to change into tacacs when ISE is integrated as non-ISE/AAA?

2) When I prepare the right AuthZ Profile with cisco-av-pair = Role=NETWORK-ADMIN-ROLE, then I build the right policy which is matched while I am trying to log in (all is green on ISE live radius logs), I am still getting Invalid credentials on the initial login screen of DNAC.

I have also tried to reboot DNAC but still no luck.

Anyone can help?

1 person had this problem
Labels:
0 Helpful
1 Reply 1
Customers Also Viewed These Support Documents