Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5220
Views
5
Helpful
3
Replies

Catalyst 9000 configuration for DNA center assurance

Go to solution
Bram Van den Bosch
Level 1
Level 1

‎10-10-2018 12:27 AM - edited ‎03-08-2019 05:27 PM

Hi all,

 

I have some questions about how to configure a cat 9K for DNAC assurance.

 

  1. Once I added the 9K's to DNAC I can see the following in the config:
    crypto pki trustpoint DNAC-CA and crypto pki certificate chain TP-self-signed
    For what is this used?
  2. I applied a telemetry profile to a switch, but without configuring network settings for a site.
    It seems that nothing changes in my switch config.
    What would be the use case for the 'telemetry profile'?
    Is this for configuring the switch, or to allow DNAC to receive syslog/snmp/...?
  3. It does not seem to be possible to add a telemetry profile with netflow for switches.
    Does this mean I can't send netflow to DNAC from the 9K's?
    If it is be possible to send netflow, how would I configure this on the switches manually, as there are many possibilities in flexible netflow?

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dhshukla
Cisco Employee
Cisco Employee
In response to Diana Karolina Rojas

‎04-13-2019 11:31 AM

Hi Diana,

 

Just to correct you .

 

During device discovery Dnac configures below :

1) PKI 

2)IPDT

3)HTTP server & SSH source 

4) SNMP RO & RW community 

 

When Telemetry configured for switch then below gets configured :

 

1) Syslog 

2) SNMP traps 

 

You need to configure the telemetry profile for optimal visibility .By default telemetry is disabled .

 

Cheers,

Dheeraj

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
AndiBuchmann157
Level 1
Level 1

‎10-11-2018 01:37 AM

1) DNA-C acts as a "kind of" CA and once you add your 9.4k to DNA it recives a certificate from DNAC for trustworthy naughty things ;)

0 Helpful

Go to solution
Diana Karolina Rojas
Cisco Employee
Cisco Employee

‎10-24-2018 02:26 PM

Hello! 

 

When you apply the telemetry profile to your switch you should get the next configuration:

 

device-tracking tracking
!
device-tracking policy IPDT_MAX_10
limit address-count 10
no protocol udp
tracking enable

!

!

And this command will be applied in all your access ports:

device-tracking attach-policy IPDT_MAX_10

 

 

This way the DNA will collect all the client telemetry information and can use it for health diagnostic and for troubleshooting purposes.

 

Please do not forget to rate useful post.

 

 

Best Regards,

 

 

 

 

Go to solution
dhshukla
Cisco Employee
Cisco Employee
In response to Diana Karolina Rojas

‎04-13-2019 11:31 AM

Hi Diana,

 

Just to correct you .

 

During device discovery Dnac configures below :

1) PKI 

2)IPDT

3)HTTP server & SSH source 

4) SNMP RO & RW community 

 

When Telemetry configured for switch then below gets configured :

 

1) Syslog 

2) SNMP traps 

 

You need to configure the telemetry profile for optimal visibility .By default telemetry is disabled .

 

Cheers,

Dheeraj

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents