09-23-2022 01:12 PM
Good day everyone.
We recently decidied to utilize MFA to CLI access to our network equipment. we already have that setup in ISE and working with one test switch.
but now we are faced with changing the TACACS timeout value which is currenlty 2 seconds to 15 so that MFA athentication does not get caught up with a short timer.
Under network settings in DNAC i accessed the AAA settings and changed the timeout value and then resynced dnac with ISE.
After the change above occured i resynced a couple devices in DNAC but my changes to TACACS did not come down via the resync.
when i re-provisoned a device, the configuration preview then infact showed the change would be made then with a re-provision job.
Honestly i am afriaid to kick off some mass re-provison job of all my swithces at once...we have over 400 devices and we are adding more as we add more switching capacity for WIFI and VOIP.
is there a way to easily re-provision a subset of switches at a time until they have all been touched? trying to do this the GUI honestly seemed cumbersome for 100s of switches.
Thanks in Advance.
Mike
Solved! Go to Solution.
09-27-2022 10:47 AM
Hey Mike,
As you experienced, a re-sync does not push any changes made to within Design -> Network settings. You are required to re-provision the network devices in a location in order to have changes made within Design -> Network settings in order for those changes to be applied. Re-provisioning the network devices from the Cisco DNA Center GUI is going to be the easiest approach but you can also get creative by using the available Cisco DNA Center API calls to trigger these provisioning tasks as well. You can get more information on the Cisco DNA Center platform including REST API calls here:
-- https://developer.cisco.com/docs/dna-center/#!cisco-dna-center-2-3-4-api-overview
From the GUI, you have the flexibility of provisioning single devices, bulk devices, by floor/building/site. You can also add tags to subset of network devices in order to easily keep try of which devices in your inventory you have already re-provisioned.
HTH!
BR,
09-27-2022 10:47 AM
Hey Mike,
As you experienced, a re-sync does not push any changes made to within Design -> Network settings. You are required to re-provision the network devices in a location in order to have changes made within Design -> Network settings in order for those changes to be applied. Re-provisioning the network devices from the Cisco DNA Center GUI is going to be the easiest approach but you can also get creative by using the available Cisco DNA Center API calls to trigger these provisioning tasks as well. You can get more information on the Cisco DNA Center platform including REST API calls here:
-- https://developer.cisco.com/docs/dna-center/#!cisco-dna-center-2-3-4-api-overview
From the GUI, you have the flexibility of provisioning single devices, bulk devices, by floor/building/site. You can also add tags to subset of network devices in order to easily keep try of which devices in your inventory you have already re-provisioned.
HTH!
BR,
09-27-2022 11:01 AM
Hey Dan,
Thanks for your reply.
So....we had issues with a database in DNAC which crashed our platform a few hours later. was complelty un related to the changes i am speaking about BUT it made me nervous to push a provisioning job out too all our sites and equipment.
this might not have been the best way, but what i ended up doing was using and API call from dnac to get a full list of devices, and then i fed the management IP into netmiko and then i made the tacacs changes on each switch that way. i assume if we have to re-provision anything else once we are a bit more stable, DNAC will simply overwrite what i ended up placing on each switch via a python script...
i did not find a easy way in the GUI to select over 400 devices spread out between 200+ sites. maybe ill look at the provisoning API and use a python scirpt to trigger in the future as well.
Thanks,
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide