cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for Cisco DNA Center Resources to help you on your journey with Cisco DNA Center

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

1422
Views
5
Helpful
3
Replies

Catalyst 9000 configuration for DNA center assurance

Hi all,

 

I have some questions about how to configure a cat 9K for DNAC assurance.

 

  1. Once I added the 9K's to DNAC I can see the following in the config:
    crypto pki trustpoint DNAC-CA and crypto pki certificate chain TP-self-signed
    For what is this used?
  2. I applied a telemetry profile to a switch, but without configuring network settings for a site.
    It seems that nothing changes in my switch config.
    What would be the use case for the 'telemetry profile'?
    Is this for configuring the switch, or to allow DNAC to receive syslog/snmp/...?
  3. It does not seem to be possible to add a telemetry profile with netflow for switches.
    Does this mean I can't send netflow to DNAC from the 9K's?
    If it is be possible to send netflow, how would I configure this on the switches manually, as there are many possibilities in flexible netflow?

 

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Catalyst 9000 configuration for DNA center assurance

Hi Diana,

 

Just to correct you .

 

During device discovery Dnac configures below :

1) PKI 

2)IPDT

3)HTTP server & SSH source 

4) SNMP RO & RW community 

 

When Telemetry configured for switch then below gets configured :

 

1) Syslog 

2) SNMP traps 

 

You need to configure the telemetry profile for optimal visibility .By default telemetry is disabled .

 

Cheers,

Dheeraj

 

3 REPLIES 3

Re: Catalyst 9000 configuration for DNA center assurance

1) DNA-C acts as a "kind of" CA and once you add your 9.4k to DNA it recives a certificate from DNAC for trustworthy naughty things ;)

VIP Collaborator

Re: Catalyst 9000 configuration for DNA center assurance

Hello! 

 

When you apply the telemetry profile to your switch you should get the next configuration:

 

device-tracking tracking
!
device-tracking policy IPDT_MAX_10
limit address-count 10
no protocol udp
tracking enable

!

!

And this command will be applied in all your access ports:

device-tracking attach-policy IPDT_MAX_10

 

 

This way the DNA will collect all the client telemetry information and can use it for health diagnostic and for troubleshooting purposes.

 

Please do not forget to rate useful post.

 

 

Best Regards,

 

 

 

 

Cisco Employee

Re: Catalyst 9000 configuration for DNA center assurance

Hi Diana,

 

Just to correct you .

 

During device discovery Dnac configures below :

1) PKI 

2)IPDT

3)HTTP server & SSH source 

4) SNMP RO & RW community 

 

When Telemetry configured for switch then below gets configured :

 

1) Syslog 

2) SNMP traps 

 

You need to configure the telemetry profile for optimal visibility .By default telemetry is disabled .

 

Cheers,

Dheeraj

 

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards