Showing results for 
Search instead for 
Did you mean: 

SD-Access Hitless Authentication



Currently when changing the Authentication Template under the Onboarding section, there is no choice but to remove SGTs, VNs and IP Pools which clearly disrupt existing services.

Hitless Authentication was introduced in Cisco DNA Center providing the ability to modify the Authentication Template under "Host Onboarding" without the need to remove SGTs, VNs, and IP Pools and therefore avoiding impact of endpoint connectivity and services.

hitless authentication.png

Hitless Authentication also supports Site level based Authentication Templates , meaning you may have a different set of Authentication Templates per fabric site.
The changes made to the Site level templates will have no impact on the Global Level Template parameters and
take priority over the Global Level Template parameters.
Global Authentication Templates parameters apply to all sites if not overwritten at the Site level.


The Authentication Template can be found when navigating to
Provision > Fabric > (Your fabric site) > Host Onboarding
To modify the template parameters simply click on "Edit" and when finished click "Save"
Once you have chosen the relevant template click on  "Set as Default"
NOTE: Existing endpoints that have already been authenticated will not be impacted or forced to re-authenticated.
The Global Template Parameters can be found by navigating to Design > Authentication Template
When parameters are modified click on "Submit" to apply changes.