on 01-29-2024 12:29 PM
Cisco Catalyst Center can be configured to communicate with an external IP address manager. When the Cisco Catalyst Center is used to create, reserve, or delete any IP address pool, Cisco Catalyst Center conveys this information to the external IP address manager.
Catalyst Center IPAM integration supports both Infoblox and BlueCat. Integration with other 3rd party IPAM solutions are possible using APIs. Attributes are not exchanged between Catalyst Center and IPAMs at this time.
As for Catalyst Center 2.3.7.4, the following are the limitations of Catalyst Center - Infoblox integration:
This document outlines the steps using the following workflow. The steps described cover the these three scenarios:
This documents describe the steps in both vCenter, Infoblox, as well as Catalyst Center.
This document covers the installation of Infoblox DDI 60-day evaluation on the VMware ESX virtual appliances. Installation instructions on Microsoft Hyper-V, and KVM hypervisors, and the licensed Infoblox DDI versions can be found on the Infoblox web site.
The document is written using the following products and versions:
Step 1. Download the Infoblox DDI OVA for the VMware ESX platform and save to the local hard drive.
Step 2. Launch vSphere Client, right click on the ESXi host and select Deploy OVF Template.
Step 3. Click Local file radio button. Select all the files downloaded in the previous step and click Open.
Step 4. After all the files are uploaded, click NEXT.
Step 5. Type in the virtual machine name, click NEXT.
Step 6. Select the ESXi host to host the virtual machine, Click NEXT.
Step 7. Click NEXT after reviewing.
Step 8. Read the agreement, click I accept all license agreements and NEXT.
Step 9. Select the appropriate model under Configuration. Click NEXT.
Step 10. Select the ESXi storage, click NEXT.
Step 11. Select the network that the virtual machine uses, click NEXT.
Step 12. Click NEXT.
Step 13. Click FINISH.
Step 1. Launch vSphere Client, right lick on the ESXi VM host and select Power > Power On.
Step 2. Right lick on the ESXi VM host and select Open Remote Console.
Step 3. Login into the Infoblox console using default credential with the username of admin and password of Infoblox.
Step 4. Type in set network to configure the IP address, netmask, and gateway. You may leave the VLAN to be untagged and skip the IPv6 settings. After confirming the settings, type in y and y. The system will restart to get the changes applied.
Step 5. After the virtual machine comes back from reboot, login in with admin/Infoblox. Type in set temp_license. Type in 2. Type in y to confirm generating the 60-day temporary license.
Step 6. Enter y to confirm UI.
Step 7. Enter y to restart UI.
Step 8. Login in with admin/Infoblox. Type in set temp_license. Type in 4 to add NIOS license.
Step 9. Type in 3 to select IB-V815. Type in y to confirm the temporary license. The system will restart.
Step 1. Use a browser and access the IP address of the VM. Click Advanced and Accept the Risk and Continue.
Step 2. Login with admin/infoblox.
Step 3. Click I Accept to accept the license agreement.
Step 4. Click OK.
Step 5. You are entering the Grid Setup Wizard. With Configure Grid Master selected, click Next.
Step 6. Fill in the information in the Grid Properties screen. Click Next.
Step 7. After verifying the IP information entered earlier, click Next.
Step 8. Change the default password by entering and retying the new password. Click Next.
Step 9. Set Time Zone as needed. Click Next.
Step 10. Click Next.
Step 11. The GUI should enter into the log in screen. If it is not done automatically, log out and log in again with the new credential just entered.
In order to comply with Product Security Baseline (PSB) standards, Catalyst Center certificate validation is used to validate Certs when TLS communication is established between the Catalyst Center & the Infoblox for IPAM integration.
The PSB requirement are as follow:
Some manual steps are required to "import" the Certificate for the IPAM Server into the Cisco Catalyst Center's Trustpool. The following outline the steps for self-signed certificates. Use appropriate steps for PKI implementations.
Step 1. In the Infoblox page, click Grid > Grid Manager. Click the check mark next to your Infoblox VM. With the VM checked, in the Toolbar on the right hand side, select Certificates > HTTPS Cert > Download Certificate.
Step 2. Pay attention to the file name certificate apache_server.crt that is just saved to the local drive. This file will need to be uploaded to Catalyst Center in later steps.
Step 1. Browse to Catalyst Center. Go to the menu System > Settings.
Step 2. Go to Certificates > Trusted Certificated. Click Import.
Step 3. Click Choose a file.
Step 4. Find the .crt file that was downloaded earlier. Click Import.
Note: Earlier versions of Catalyst Center only recognize a file with the extension of .cer during certificate import. Make a copy of apache_server.crt and renamed the copy to apache_server.cer. If Windows Explorer is used, make sure that File name extensions is checked is extension is viewable.
Step 5. Certificate should be imported successfully.
Step 1. Go to System > Settings > External Services > IP Address Manager. Fill in the information under IP Address Manager. The username and password should match the Infoblox credential. Select the Provider as INFOBLOX. Select the view default. If the settings entered are correct, the Save button will be highlighted. Click Save.
Step 2. A message of settings updated successfully will be displayed. If the Save button is not highlighted, this message will not be displayed. Correct the entries entered incorrectly.
Note: If one has already defined an IP Address Pool inside Catalyst Center, and that address pool also exists in Infoblox, the integration will fail. The duplicate pool should be removed from either Catalyst Center or Infoblox.
Step 3. Go to System > System 360 and verify that under IP Address Manager (IPAM), the Infoblox has the green Available status.
Step 4. If the IP address pools have been configured in Catalyst Center, go to Infoblox, under Data Management > IPAM, all the address pools will be listed.
IP address pools can be created in Infoblox. The pools can be imported by Catalyst Center. The steps below outlined the procedures.
Step 1. Access Infoblox. Go to Data Management > DHCP > Networks > Networks. Click The + icon to create a new pool.
Step 2. With the Add Network radio button on, click Next.
Step 3. Fill in the Netmask. Click the + icon to add the subnet. In the Comment field, type in the name of the IP address pool. This name will appear as the pool name inside Catalyst Center. Click Next.
Step 4. Click Next.
Step 5. For any field that you want to enter manually, click the Override and + button. The Override button will turn into Inherit in case one wants to turn back.
Step 6. Click Next if no assigned VLANs are needed.
Step 7. Click Next if no extensible attributes are needed.
Step 8. Click Save and Close to create the IP address pool.
Step 9. The IP address pool created will appear under Networks.
Step 1. In Catalyst Center, go to the main menu Design > Network Settings
Step 2. Click the IP Address Pools tab. Under Import, select Import from IPAM Server.
Step 3. Type in the subnet/mask, and click Retrieve.
Step 4. The pool would appear for selection. Click the check mark and select the address pool. Click Import.
Step 5. Go to Design > Network Settings > Servers. Under DHCP, Click on the + to add the Infoblox as a DHCP server. Click Save.
Step 6. Click the IP Address Pools tab. Click on the check mark next to pool that was just imported. Click Edit.
Step 7. Under DHCP Server, click the pull down icon, and select the Infoblox server IP address. Click Save.
Note: Normally, DHCP server is designated when a pool is reserved to the site. In a Fabric environment, the Infoblox IP address as a DHCP server will be pushed down to the Edges as an IP Helper address when the IP address pool is provisioned to the VN.
This session studies the impacts of deleting an IP address pool in Infoblox as well as in Catalyst Center when the integration has been established.
We start by verifying that two pools 192.168.1.0/24 and 192.168.2.0/24 existing in both Catalyst Center and Infoblox.
Step 1. In Infoblox, select pool 192.168.2.0/24. Click the trash can icon. Click Yes.
Step 2. Click Yes to confirm.
Step 3. Observe pool 192.168.2.0/24 removed from the list in Infoblox.
Step 4. Observe pool 192.168.2.0/24 still exists in Catalyst Center.
Step 1. In Catalyst Center, select pool 192.168.1.0/24. Click More Actions > Delete Selected.
Step 2. Click Yes to confirm.
Step 3. In Infoblox, observe pool 192.168.1.0/24 removed from the list.
Based on the two sections, it can be concluded that when Catalyst Center is integrated with Infoblox:
Catalyst Center can perform heartbeat monitoring for IPAM servers to ensure connectivity. In the steps below, we will configure this feature to get Catalyst Center to send out email notifications in the event that it losses connectivity to Infoblox. The notifications can also be done via SNMP, Syslog, and REST, Webex, and page duty.
Step 1. Email destination need to be set up. Go to the main menu of System > Settings > Destinations. Click on the Email tap. Fill in the SMTP info.
Step 2. Scroll down to complete the rest of the form. Click Save.
Step 3. Go to the main menu of Platform > Developer Toolkit.
Step 4. Click the Event Notifications tab and Notifications. Click Create New.
Step 5. Click Let’s Do it to enter the workflow.
Step 6. Do not select any site. Type in IPAM to start a search. Select External IPAM provider connectivity failure. Click Next.
Step 7. Select EMAIL. Click Next.
Step 8. Select Create New Instance. Fill in the form. Click Next.
Step 9. Type in the name and description. Click Next.
Step 10. Click Finish after reviewing the summary.
Step 11. A confirmation screen is shown.
Step 12. Go to the main menu of System > System 360 > System Health. Observe that the IPAM server is up.
Step 13. Click on the IPAM server. Additional information is shown.
Step 14. Remove Infoblox from the network. An email is received regarding of even of Catalyst losing connectivity of Infoblox.
Step 15. Catalyst Center shows that Infoblox is not reachable.
Infoblox NIOS Virtual Appliances for VMware
Managing Infoblox Certificates
https://docs.infoblox.com/space/nios85/35381871/Managing+Certificates
Infoblox Administration Guide
https://docs.infoblox.com/space/nios85/35384355/Administration
Catalyst Center Administration Guide
Catalyst Center Release Note
3rd Party IP Address Management Provider Integration API
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: