There are 3 main services that need to be enabled and running in order to complete a successful Integrations:
Just before you begin check to make sure ISE and Cisco DNA Center can ping each other, This may sound trivial, but many times is overseen and can save some headaches.
SSH enables the exchange of certificates to establish a trust relationship between ISE and Cisco DNA Center.
Verify that SSH is enabled on ISE. The following entry can be seen on the CLI Note: Both CLI and GUI Account must have identical passwords.
Validate by performing SSH from Cisco DNA Center to ISE , as well use the same username and password to access ISE GUI ( http://<ISE-Node> )
Various ERS API calls are used for the following:
- Certification exchange
- Cisco DNA Center requires knowledge of the ISE deployment infrastructure in order to subscribe to the pxGrid Persona
- pxGrid - subscription to ISE publisher to retrieve contextual date and SGTs
- Update ISE with Cisco DNA Center Orchestrated Group Based Policies (SGTs,Contracts)
In ISE, navigate to Administration > System > Settings > ERS Settings and verify the "Enable ERS for Read/Write" check box is marked.
Cisco DNA Center will subscribe to the pxGrid publisher in order to retrieve contextual data as well as the SGTs.When integration is complete the Scalable Groups on the Policy Dashboard in Cisco DNA Center will be updated reflecting the existing list of SGTs on ISE.
Navigate to Administration > System > Deployment and click the node on the right hand side.
Navigate on Cisco DNA Center dashboard to the top right and click on the cog icon and select "System Settings"
Select "Settings" tab and choose "Authentication and Policy Servers"
Click on the plus icon and enter the ISE settings
Once complete click "Apply"
Note: To complete the integration process you may need to log onto your ISE instance and navigate to Administration > pxGrid Services to approve "dnac" Subscriber at which stage the "Pending" Status will change to "Online".
When Integration is completed you will notice on the Cisco DNA Center Policy Dashboard that the "Scalable Groups" value has incremented to the value of the number of SGTs currently on your ISE deployment (the value was null before the integration).What you are witnessing is Cisco DNA Center retrieving the ISE SGTs over API call.
As a sanity check, create an SGT on ISE and see how it increments on the Cisco DNA Center Policy dashboard.
Hi all ,I am newbie learning networking I have more than 40 switches using PVST and make core-switch as ROOTSo, how can I verify STP status to make sure no any "loop" on my network guide me please. because sometimes when reboot...
Hello, everyone, I have noticed there are numbers following the IP addresses in dynamic NAT configuration (see attached picture). I know in a PAT configuration (overload) those numbers are port numbers. I'm wondering if they are port numbers in ...
I have a layer 3 switch with a VLAN 10 interface with IP 172.16.0.30/28. There's a link connecting VLAN 10 devices to the switch. Also connected to the layer 3 switch is a router which I want to ping from VLAN 10. The router's g0/0 interface with IP&...
Support Talks video- How to determine a legitimate hardware issue
(Live event - Thursday 13 May, 2020 at 9:30 am Pacific/ 12:30 pm Eastern / 6:30 pm Paris)
This event had place on Thursday 13th, May 13 at 9:30hrs PST
This event helps you to ...