05-08-2020 12:52 PM
After integration between the Cisco ISE and DNA-center, we cannot pull the scalable groups from ISE to DNA policy, there is reachability between them, and all services such as DNS record and NTP is a right.
Any help with that!
Solved! Go to Solution.
05-08-2020 05:11 PM
05-09-2020 03:19 AM - edited 05-09-2020 03:20 AM
Hello @Kalika
I will mention some keys should you have to done,
- Should be enabled sshd on cisco ISE through # enable sshd services.
- Enable the Pxgride services from cisco ISE through Administrator -----> Deployment -----> Policy service node (PSN) -----> checkmark box of pxGrid (pxGrid facilitates the sharing of information between network elements in real-time and on-demand using XMPP technology.pxGrid requires Plus license.)
-As you mentioned I think you know steps to add cisco ISE on the DNAC, so one thing only here is requiring from you as my colleague @Mike.Cifelli mentioned check the pxGrid requests and approve manually.
- Also should be enabled ERS service on cisco ISE through Administrator -----> settings -----> Protocols -----> ERS settings -----> enable ERS read and write for primary administration node -----> Save
ERS (External RESTful Services (ERS) is a REST API based on HTTPS over port 9060.
The ERS service is disabled by default. An ISE Administrator with the "ERS-Admin" or "ERS-Operator" group assignment is required to use the API. ERS on the primary administration node or a stand-alone node will allow the ERS client to perform read/write operations. On all other nodes, it allows only read access. For more information, please visit the ERS SDK page at:
https://Cisco ISE IP address:9060/ers/SDK
- Also if there is a firewall should be open these ports-TCP 5222,7400,8910,1200,9060.
05-08-2020 12:59 PM
05-08-2020 05:11 PM
05-09-2020 03:19 AM - edited 05-09-2020 03:20 AM
Hello @Kalika
I will mention some keys should you have to done,
- Should be enabled sshd on cisco ISE through # enable sshd services.
- Enable the Pxgride services from cisco ISE through Administrator -----> Deployment -----> Policy service node (PSN) -----> checkmark box of pxGrid (pxGrid facilitates the sharing of information between network elements in real-time and on-demand using XMPP technology.pxGrid requires Plus license.)
-As you mentioned I think you know steps to add cisco ISE on the DNAC, so one thing only here is requiring from you as my colleague @Mike.Cifelli mentioned check the pxGrid requests and approve manually.
- Also should be enabled ERS service on cisco ISE through Administrator -----> settings -----> Protocols -----> ERS settings -----> enable ERS read and write for primary administration node -----> Save
ERS (External RESTful Services (ERS) is a REST API based on HTTPS over port 9060.
The ERS service is disabled by default. An ISE Administrator with the "ERS-Admin" or "ERS-Operator" group assignment is required to use the API. ERS on the primary administration node or a stand-alone node will allow the ERS client to perform read/write operations. On all other nodes, it allows only read access. For more information, please visit the ERS SDK page at:
https://Cisco ISE IP address:9060/ers/SDK
- Also if there is a firewall should be open these ports-TCP 5222,7400,8910,1200,9060.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide