11-10-2023 04:34 AM
Trying to find out what replaces the "magctl rbac external_auth_fallback enable" command on 2.3.7.0 and if it's still needed. Generally looking for any CLI information on 2.3.7 since it seems to have changed.
Solved! Go to Solution.
11-10-2023 07:55 AM
Shane,
As you have found out or finding out thru your exploration of the CLI in the Cisco Catalyst Center Virtual Appliance, there are some changes and differences with commands in the CLI interface.
The Cisco Catalyst Center HW Appliance and the Virtual Appliances are different platforms/products. As a result, the platform software between the two under the hood is much different.
What you will see is that some commands have been removed in the Virtual Appliance as the support is not present. So please keep this in mind when you see different things or perceived missing things.
From the CLI perspective, the customer should not really need to access this interface unless troubleshootin possible problems.
That said...
There is no command at this time that is comparable to "magctl rbac external_auth_fallback enable"
There are some APIs calls that can be used to perform the same task but these are internal API calls. This will require access to the "Root Shell" to run which requires a Consent Token/challenge key to access so that you can run these API commands.
Please open a Cisco TAC Case so that a TAC engineer can work with you on the Consent Token and the API commands to enable fallback.
11-10-2023 05:56 AM
There are some significant differences between the regular ISO install and the VA. I don't think you can expect much before it reaches general availability.
11-10-2023 06:49 AM
Yeah I suspected that, but I'm doing an approved FCS deployment and trying to figure some of this stuff out. I might have to save up my questions and see if TAC can help but I thought I would check here first.
11-10-2023 07:27 AM
the command is still mentioned in Cisco DNA Center Administrator Guide, Release 2.3.7 page 123
11-10-2023 07:57 AM
I think that is the way to go for the time being. I don't know how much one can discuss about the VA here before general availability.
11-10-2023 07:55 AM
Shane,
As you have found out or finding out thru your exploration of the CLI in the Cisco Catalyst Center Virtual Appliance, there are some changes and differences with commands in the CLI interface.
The Cisco Catalyst Center HW Appliance and the Virtual Appliances are different platforms/products. As a result, the platform software between the two under the hood is much different.
What you will see is that some commands have been removed in the Virtual Appliance as the support is not present. So please keep this in mind when you see different things or perceived missing things.
From the CLI perspective, the customer should not really need to access this interface unless troubleshootin possible problems.
That said...
There is no command at this time that is comparable to "magctl rbac external_auth_fallback enable"
There are some APIs calls that can be used to perform the same task but these are internal API calls. This will require access to the "Root Shell" to run which requires a Consent Token/challenge key to access so that you can run these API commands.
Please open a Cisco TAC Case so that a TAC engineer can work with you on the Consent Token and the API commands to enable fallback.
11-10-2023 08:05 AM
Just an FYI,
Release Notes for Cisco Catalyst Center on ESXi, Release 2.3.7.x
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/dna-center-va/esxi/2-3-7/rns/b_release-notes-for-cisco-dna-center-va-release-1-0.html
Cisco Catalyst Center on ESXi, Release 2.3.7 Deployment Guide
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/dna-center-va/esxi/2-3-7/deployment-guide/b_cisco_dna_center_virtual_appliance_esxi_deployment_guide.html
Cisco Catalyst Center on ESXi Administrator Guide, Release 2.3.7
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/dna-center-va/esxi/2-3-7/admin-guide/b_cisco_dna_center_va_esxi_admin_guide.html
11-10-2023 08:06 AM
Thank you for the reply Tomas. I've heard that they are different but just not any details yet.
05-09-2024 03:18 AM
Just to add further detail to the solution, the API call is performed by CURL within the restrict shell section of the maglev CLI.
It will need TAC involvement but this is the process:
1) Generate access challenge and give response to TAC
# _shell -c
2) Use TAC response in following command
# _shell -v *Response*
3) Make API call
# curl --location --request POST 'http://lauth.iam.svc.cluster.local:8001/api/idm/v1/internal/local/tenants/TNT0/fallback' --header 'Content-Type: application/json' --data-raw '{"enabled": true}' -i -k
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide