05-12-2021 06:02 AM
From last few weeks i am seeing PXGRID service is showing unavailable. ISE is already integrated using Authentication and policy servers. We are using version 2.2.1.6. We have a distributed environment having multiple PAN, PSN and MNT nodes. I have recently done DNAC system update from 1.5.255 to 1.5.279 using GUI. When i check the ISE node under PxGRID services it is not showing any client including web clients with DNAC name. Previously it was showing as offline but we deleted them. We have no issue whatsoever in authentication as we are using ISE as our AAA server. Secondly how we can login into DNAC using Local account. I have removed TACACS authentication and created local user having super admin role. Still i am not able to login using Local credentials.
I have read that we need to use $ magctl rbac external_auth_fallback command to accomplish this. Please let me know user views on it.
Thanks in advance.
05-14-2021 05:48 AM
A few things:
We have no issue whatsoever in authentication as we are using ISE as our AAA server.
-This is normal and expected. Just because pxgrid is or may be down between ISE/DNAC does not mean that this will ever affect client onboarding. Pxgrid is used between the two to share information relating to GBAC, etc. However, an example of when this could bite you is if you are relying on ISE as the driver for GBAC and you need to deploy a new network. With no Pxgrid connectivity to DNAC you would not be able to propagate a new SGT that further along in the process would need to be assigned in the VN on DNAC side.
-If possible I would suggest engaging TAC, but here is a command that may shed some light on the issue:
$magctl service logs -r pxgrid | grep ERROR
05-14-2021 07:52 AM
Please check the following on ISE:
For version 2.1.x.x and later, the PxGrid Cert will not work if self signed. Move the PxGrid CERT to (ISE internal or external CA).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide