cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
296
Views
0
Helpful
1
Replies

Authentication via public key while using DNAC

michael.busch67
Level 1
Level 1

Hi,

we are using Cisco Catalyst Switches and at the moment our authorization and authentication is via ISE against our Active Directory. Our security group wants us to go away from using passwords. We are now examining to use public/private key for authentication. Is ist possible to configure DNAC to use a public key for the communication with the switches?

 

Kind Regards

Michael

1 Reply 1

Nikolas Lymperis
Cisco Employee
Cisco Employee

Hello @michael.busch67,

Your current AAA implementation sounds very effective in terms of minimizing password need.

However, can you please clarify which passwords you want to go away from?

After a switch is discovered from DNAC, a device certificate is generated and pushed to the device. You can check the device certificates on System -> Settings -> Device Certificate.

Other than that, both DNAC and devices support the use of keys. However, the communication between DNAC and switches does not require passwords manually and it's performed automatically. If by going passwordless you also mean to delete device credentials, it's not a best practices approach for many reasons.

For example, device discovery from DNAC requires at least CLI and SNMP credentials which are normally configured globally (Design -> Network Settings -> Device Credentials). If you are using Device Controllability, many settings (including global credentials) are going to be frequently pushed to devices, so deleting credentials after discovering devices will not work.

Also, AAA configuration is pushed to the switches after they are provisioned, so please ensure that your switches are under provisioned state.

Please use this link for more information regarding DNAC Authentication and Policy Servers.

If you need more help please reply to this thread.

If you find my reply solved your question, kindly click the 'Accept as Solution' button and vote it as helpful.

Kind Regards,

Nikolas

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: