Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2644
Views
0
Helpful
2
Replies

Pxgrid showing unavailable in Cisco DNAC. Please help!!

AnilKumar95946
Level 1
Level 1

‎05-12-2021 06:02 AM

From last few weeks i am seeing PXGRID service is showing unavailable. ISE is already integrated using Authentication and policy servers. We are using version 2.2.1.6. We have a distributed environment having multiple PAN, PSN and MNT nodes. I have recently done DNAC system update from 1.5.255 to 1.5.279 using GUI. When i check the ISE node under PxGRID services it is not showing any client including web clients with DNAC name. Previously it was showing as offline but we deleted them. We have no issue whatsoever in authentication as we are using ISE as our AAA server. Secondly how we can login into DNAC using Local account. I have removed TACACS authentication and created local user having super admin role. Still i am not able to login using Local credentials. 

I have read that we need to use $ magctl rbac external_auth_fallback command to accomplish this. Please let me know user views on it.

 

Thanks in advance.

 

Labels:
Preview file
24 KB
0 Helpful
2 Replies 2

Mike.Cifelli
VIP Alumni
VIP Alumni

‎05-14-2021 05:48 AM

A few things:

We have no issue whatsoever in authentication as we are using ISE as our AAA server.

-This is normal and expected.  Just because pxgrid is or may be down between ISE/DNAC does not mean that this will ever affect client onboarding.  Pxgrid is used between the two to share information relating to GBAC, etc.  However, an example of when this could bite you is if you are relying on ISE as the driver for GBAC and you need to deploy a new network.  With no Pxgrid connectivity to DNAC you would not be able to propagate a new SGT that further along in the process would need to be assigned in the VN on DNAC side. 

-If possible I would suggest engaging TAC, but here is a command that may shed some light on the issue:

$magctl service logs -r pxgrid | grep ERROR

 

0 Helpful

Tomas de Leon
Cisco Employee
Cisco Employee

‎05-14-2021 07:52 AM

Please check the following on ISE:

  • Is the PxGrid CERT expired?
  • Is the PxGrid CERT Self Signed?

For version 2.1.x.x and later, the PxGrid Cert will not work if self signed. Move the PxGrid CERT to (ISE internal or external CA).

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card