Buy or Renew
Buy or Renew
Register Here! - Join us 11/13 for the "Navigating DHCP Processes in SD-Access Network" Community Live event
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1722
Views
0
Helpful
3
Replies

Configure fabric edge interfaces using a DNAC Template

c.walsh
Level 3
Level 3

‎07-01-2021 05:38 AM

Hi, attempting to apply/update interface configuration on a fabric edge switch stack using a Day-N template via DNAC.

DNAC version = 1.3.3.9

Fabric edge = Catalyst 9300 version 16.12.4

Configured the template to reconfigure an interface & it passes the simulation under the template editor.

Edited the network profile for the site adding the Day-N template to the profile.

Re provision the device, highlight the switch & enter the interface & deploy.

Get the Success message, stating device provisioned successfully.

However, looking at the CLI, the interface config has not changed/been updated.

Can someone advise what i missing or doing wrong?

TIA

Colin

Labels:
0 Helpful
3 Replies 3

c.walsh
Level 3
Level 3

‎07-06-2021 12:52 AM

Updated the build config template to include the command to default the interface & then apply the config for dot1x...

interface range $INTERFACES_RANGE
description *** AV with Dot1x/MAB ***
switchport mode access
device-tracking attach-policy IPDT_MAX_10
dot1x timeout tx-period 7
dot1x max-reauth-req 3
source template DefaultWiredDot1xOpenAuth
spanning-tree portfast

 

This does apply the config to the required interfaces, but under provisioning / fabric/ host onboarding, the config has not updated & is showing the previous vlans applied to the interface. Which results in an error being reported for the vlan not assigned to the interface.

Has anyone had this same issue?

0 Helpful

jalejand
Cisco Employee
Cisco Employee
In response to c.walsh

‎07-07-2021 12:49 AM - edited ‎07-07-2021 12:49 AM

You mean that you are configuring the interfaces with a template and expect host onboarding to "learn" the change? That will not happen. The final configuration looks like the default OpenAuth configuration for an Edge port on DNAC, why would you need to deploy a template for it?

If you need to automate host-onboarding, It would be better to use the DNAC API if you want host onboarding to have such information.portapi.PNG

0 Helpful

c.walsh
Level 3
Level 3
In response to jalejand

‎07-07-2021 03:06 AM

Hi,

   What we are trying to do, is to deploy 802.1x/MAB on the interfaces, we are using the openauth template to point to ISE for the actions.

The interfaces were originally configured using host onboarding, so if i manually clear the port config using host onboarding & then deploy the config it works. So are we doing this the wrong way & if so, how should we be deploying dot1x?

0 Helpful
Customers Also Viewed These Support Documents