cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
882
Views
5
Helpful
2
Replies

DNAC compliance question

Maciej Waliszko
Level 1
Level 1

I have DNAC 2.2.3.x and WLC added into its inventory running on 17.3.3.

My question is related to compliance check (especially to run vs startup config).

According to

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-2-2/user_guide/b_cisco_dna_center_ug_2_2_2/m-compliance-audit-for-network-devices.html

"

Compliance check can be automated or performed on demand.

  • Automated compliance check: Uses the latest data collected from devices in Cisco DNA Center. This compliance check listens to the traps and notification from various services such as inventory, SWIM, and so on to assess data.
  • Manual compliance check: Enables user to manually trigger the compliance in Cisco DNA Center.
  • Scheduled compliance check: A scheduled compliance job is a weekly compliance check that runs every Saturday at 11 pm"

Automatic checks says about notification/traps which I presume are snmp traps and syslog. WLC has DNAC configured as snmp trap receiver and syslog destination. However when I log into WLC out-of-band (via ssh or its GUI) and I do the change from there for the running-config (I add a new ntp server but I don't click save (from GUI) nor copy run start from vty session), then:

- snmp trap is not send despite the above and the following config line

'snmp-server enable traps config'. Debug snmp packets on WLC confirms that no trap is sent.

- however the syslog entry is generated because of the following

archive

log config

  logging enable

  logging size 200

  notify syslog contenttype plaintext

and it is sent up to DNAC (sudo tcdump -i enterprise host 514 - confirms that).

 

Also according to the info included in the above link

"The compliance for startup vs running configurations is triggered within five minutes of any out of band changes".

This also doesn't happen. DNAC doesn't detect the change.

What am I missing here?

 

 

'

2 Replies 2

rasmus.elmholt
Level 7
Level 7

Hi, 

When you go to Device 360 do you see the event in the event viewer?

I think the syslog message needs to be the in the correct format: %SYS-5-CONFIG_I: Configured from console by <name> 

 

 

Hello,

There is no such thing like Event Viewer for WLC on its Device 360 page.

On the WLC/device itself I see for example:

Aug  5 14:59:52.427 CET: %PARSER-5-CFGLOG_LOGGEDCMD: User:gsobczak  logged command:ntp server 1.2.3.4

Aug  5 14:59:53.578 CET: %SYS-5-CONFIG_I: Configured from console by gsobczak on vty0 (10.72.79.153)

 

In addition to the above I can see those messages arriving on the DNAC after I type:

sudo tcpdump -i enterprise host .... and port 514

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco