12-03-2023 07:32 AM
I feel this is a fundamental question, but i need to ask as a newbie here. I have been trying to figure out how to edit a switch configuration once it has been discovered and onboarded into DNA Center. Command Runner won't let me use any command to edit the config. I am logged in as a "super admin", so what am I missing?
When I think of central management, having access to all CLI commands as admin should be allowed. It's got to be my understanding of how to get there, but I can't find it online or in the help documents.
Any thoughts?
Solved! Go to Solution.
12-03-2023 10:11 AM
You can use templates and push to device, or you can change on device cli (using SSH) and re-sync from DNAC also works.
DANC device configuration management :
https://blogs.cisco.com/networking/cisco-dna-center-and-device-configuration-management
12-03-2023 10:00 AM
>... Command Runner won't let me use any command to edit the config.
- What happens then ? What errors are you seeing ? What....
M.
12-03-2023 10:29 AM
I get a "Command is blacklisted, execution is not supported".
08-08-2024 06:23 PM
This error almost appears to be TACACS+ intervening with an ISE TACACS profile configured to disallow the command. That's where I have something similar to what you posted above. I realize this is an old thread, but figured I would post a suggestion anyhow.
JCD
12-03-2023 10:11 AM
You can use templates and push to device, or you can change on device cli (using SSH) and re-sync from DNAC also works.
DANC device configuration management :
https://blogs.cisco.com/networking/cisco-dna-center-and-device-configuration-management
12-03-2023 10:36 AM
If I read this correctly, you are saying there is no way to modify a switch config within DNAC? Lets say all I want to do is add an NTP reference. I would have to create a template of the entire switch config and then push it to the switch?
12-06-2023 09:40 AM
In general config changes are done through the Provision workflow (aka Day-N Automation). For something as simple as an NTP or DNS server you would make these changes in Design->Network Settings and then Provision all the devices that need the change to be made. The site hierarchy makes it possible to change these settings only one time for all or part of the network and push the changes to those sites in just a few clicks.
For features that aren't represented in Design Settings, you can use templates. You don't have to templatize the entire config, which is nice for brownfield scenarios like yours. The commands you templatize will be applied with the same logic as if you copied and pasted them yourself, meaning they just get added to the existing config. This has 2 extra advantages though:
1) If you need to change the configs in the template on multiple devices, it is again as simple as changing the necessary lines in the config template once, then applying to multiple devices. This saves time when lots of devices are invovled, and helps prevent copy/paste errors, which I think every IT person has an experience of screwing up when done manually.
2) When the config is pushed through Cisco DNA (aka Catalyst Center) it can also start monitoring those configs for CLI Template Compliance, meaning that if those lines of config have change (probably due to manual changes), you will get alerted.
I like to recommend getting started with Day-N automation on greenfield devices (after onboaridng them via Plug and Play), but the CLI template compliance features makes it reasonable to redo all or part of a brownfield device's config via the Provision workflow.
The last advantage of templatizing is config simplification. It's often a nightmare to manage a network where every access port has a different config, so trying to build a template is a good time to think about how one can simplify that to ease network operations.
For more information you can start leveraging Cisco Customer Success. There are webinars called Ask The Experts (ATX) delivered weekly:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide