There are 3 main services that need to be enabled and running in order to complete a successful Integrations:
Just before you begin check to make sure ISE and Cisco DNA Center can ping each other, This may sound trivial, but many times is overseen and can save some headaches.
SSH enables the exchange of certificates to establish a trust relationship between ISE and Cisco DNA Center.
Verify that SSH is enabled on ISE. The following entry can be seen on the CLI Note: Both CLI and GUI Account must have identical passwords.
Validate by performing SSH from Cisco DNA Center to ISE , as well use the same username and password to access ISE GUI ( http://<ISE-Node> )
Various ERS API calls are used for the following:
- Certification exchange
- Cisco DNA Center requires knowledge of the ISE deployment infrastructure in order to subscribe to the pxGrid Persona
- pxGrid - subscription to ISE publisher to retrieve contextual date and SGTs
- Update ISE with Cisco DNA Center Orchestrated Group Based Policies (SGTs,Contracts)
In ISE, navigate to Administration > System > Settings > ERS Settings and verify the "Enable ERS for Read/Write" check box is marked.
Cisco DNA Center will subscribe to the pxGrid publisher in order to retrieve contextual data as well as the SGTs.When integration is complete the Scalable Groups on the Policy Dashboard in Cisco DNA Center will be updated reflecting the existing list of SGTs on ISE.
Navigate to Administration > System > Deployment and click the node on the right hand side.
Navigate on Cisco DNA Center dashboard to the top right and click on the cog icon and select "System Settings"
Select "Settings" tab and choose "Authentication and Policy Servers"
Click on the plus icon and enter the ISE settings
Once complete click "Apply"
Note: To complete the integration process you may need to log onto your ISE instance and navigate to Administration > pxGrid Services to approve "dnac" Subscriber at which stage the "Pending" Status will change to "Online".
When Integration is completed you will notice on the Cisco DNA Center Policy Dashboard that the "Scalable Groups" value has incremented to the value of the number of SGTs currently on your ISE deployment (the value was null before the integration).What you are witnessing is Cisco DNA Center retrieving the ISE SGTs over API call.
As a sanity check, create an SGT on ISE and see how it increments on the Cisco DNA Center Policy dashboard.
I wanted implement label distribution without LDP. To accomplish this I planned to use a dynamic routing protocol capable of distributing the labels (ISIS or eBGP). I set up a ISIS network and was able to configure mpls traffic-engineering tunnels an...
Hi, I have read the Cisco documentation on HTTPS certs for Cisco IOS here Sadly, I don't quite understand what a "TrustPoint" is, and what steps I do and do not need to take to generate a CSR to submit to our internal AD CA. It's also talki...
New on this job. Nothing was labeled, drawings are all off, and I'm going through and doing a physical audit of the whole network now. I have on the old controller (5500) an AP labeled in the basement, but guess what. No network at all down there, black h...
we wanted to upgrade a switch/stack over Prime, but failed as it reported that there is not enough space on the member;
not aware where this usage might be coming from , 10 other 9200 stacks were upgraded the same way without issues;