Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1774
Views
2
Helpful
8
Replies

magctl rbac external_auth_fallback enable not working on 2.3.7.0 VA

Go to solution
shane.carnahan
Level 1
Level 1

‎11-10-2023 04:34 AM

Trying to find out what replaces the "magctl rbac external_auth_fallback enable" command on 2.3.7.0 and if it's still needed. Generally looking for any CLI information on 2.3.7 since it seems to have changed.

 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tomas de Leon
Cisco Employee
Cisco Employee

‎11-10-2023 07:55 AM

Shane,

As you have found out or finding out thru your exploration of the CLI in the Cisco Catalyst Center Virtual Appliance, there are some changes and differences with commands in the CLI interface.

The Cisco Catalyst Center HW Appliance and the Virtual Appliances are different platforms/products. As a result, the platform software between the two under the hood is much different.

What you will see is that some commands have been removed in the Virtual Appliance as the support is not present. So please keep this in mind when you see different things or perceived missing things.

From the CLI perspective, the customer should not really need to access this interface unless troubleshootin possible problems.


That said...

There is no command at this time that is comparable to "magctl rbac external_auth_fallback enable"


There are some APIs calls that can be used to perform the same task but these are internal API calls. This will require access to the "Root Shell" to run which requires a Consent Token/challenge key to access so that you can run these API commands.

Please open a Cisco TAC Case so that a TAC engineer can work with you on the Consent Token and the API commands to enable fallback.

View solution in original post

8 Replies 8

Go to solution
Torbjørn
Spotlight
Spotlight

‎11-10-2023 05:56 AM

There are some significant differences between the regular ISO install and the VA. I don't think you can expect much before it reaches general availability.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

Go to solution
shane.carnahan
Level 1
Level 1
In response to Torbjørn

‎11-10-2023 06:49 AM

Yeah I suspected that, but I'm doing an approved FCS deployment and trying to figure some of this stuff out. I might have to save up my questions and see if TAC can help but I thought I would check here first.

0 Helpful

Go to solution
pieterh
VIP
VIP
In response to shane.carnahan

‎11-10-2023 07:27 AM

the command is still mentioned in  Cisco DNA Center Administrator Guide, Release 2.3.7   page 123

0 Helpful

Go to solution
Torbjørn
Spotlight
Spotlight
In response to shane.carnahan

‎11-10-2023 07:57 AM

I think that is the way to go for the time being. I don't know how much one can discuss about the VA here before general availability.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

Go to solution
Tomas de Leon
Cisco Employee
Cisco Employee

‎11-10-2023 07:55 AM

Shane,

As you have found out or finding out thru your exploration of the CLI in the Cisco Catalyst Center Virtual Appliance, there are some changes and differences with commands in the CLI interface.

The Cisco Catalyst Center HW Appliance and the Virtual Appliances are different platforms/products. As a result, the platform software between the two under the hood is much different.

What you will see is that some commands have been removed in the Virtual Appliance as the support is not present. So please keep this in mind when you see different things or perceived missing things.

From the CLI perspective, the customer should not really need to access this interface unless troubleshootin possible problems.


That said...

There is no command at this time that is comparable to "magctl rbac external_auth_fallback enable"


There are some APIs calls that can be used to perform the same task but these are internal API calls. This will require access to the "Root Shell" to run which requires a Consent Token/challenge key to access so that you can run these API commands.

Please open a Cisco TAC Case so that a TAC engineer can work with you on the Consent Token and the API commands to enable fallback.

Go to solution
shane.carnahan
Level 1
Level 1
In response to Tomas de Leon

‎11-10-2023 08:06 AM

Thank you for the reply Tomas. I've heard that they are different but just not any details yet.

0 Helpful

Go to solution
93meehanlj
Level 1
Level 1
In response to Tomas de Leon

‎05-09-2024 03:18 AM

Just to add further detail to the solution, the API call is performed by CURL within the restrict shell section of the maglev CLI.

It will need TAC involvement but this is the process:

1) Generate access challenge and give response to TAC
# _shell -c
2) Use TAC response in following command
# _shell -v *Response*
3) Make API call
# curl --location --request POST 'http://lauth.iam.svc.cluster.local:8001/api/idm/v1/internal/local/tenants/TNT0/fallback' --header 'Content-Type: application/json' --data-raw '{"enabled": true}' -i -k

 

 

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card