Buy or Renew
Buy or Renew
Register Here! - Join us 11/13 for the "Navigating DHCP Processes in SD-Access Network" Community Live event
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4531
Views
0
Helpful
5
Replies

ISE & DNAC Integration

c.walsh
Level 3
Level 3

‎04-08-2020 01:57 AM

I am having a problem trying to integrate ISE with DNAC for the first time.

I am following this guide https://community.cisco.com/t5/networking-documents/how-to-cisco-dna-center-ise-integration/ta-p/3896410 and my question is regarding the shared secret and where this is configured on the ISE? I can't see any reference to where this is configured in the ISE. When i add try to add the ISEon DNAC it fails & under pxGrid services on ISE, there are none pending?

Labels:
0 Helpful
5 Replies 5

Benjamin-A
Level 1
Level 1

‎04-08-2020 02:20 AM

Hi c.walsh:

as mentioned in the guide the "shared secret Cisco DNA Center will deploy to NADs when provisioned". So it will be used for your network devices if you add them to DNAC > DNAC will then add via pxGrid a Network Device in ISE with the shared secret in the Radius section.

 

Do you have a Firewall in between ISE and DNAC? If yes can you please check if there are any blocked connections between ISE and DNAC - especially TCP/443 (in both directions).

 

 


.:|:..:|:.Please rate helpful posts.:|:..:|:.
0 Helpful

c.walsh
Level 3
Level 3

‎04-08-2020 03:29 AM

No firewalls, all ip's allowed & can ping between devices. 

My main question is where is the shared secret configured on the ISE?

Don't see that anywhere in the deployement guide?

No services are pending on 

0 Helpful

Benjamin-A
Level 1
Level 1
In response to c.walsh

‎04-08-2020 04:23 AM - edited ‎04-08-2020 04:24 AM

See attachment


.:|:..:|:.Please rate helpful posts.:|:..:|:.
Preview file
43 KB
0 Helpful

ammahend
VIP Alumni
VIP Alumni

‎04-08-2020 04:44 AM

You don’t need to configure it on ise. When you set shared secret while integrating DNAC with ISE, DNAC will use this shared secret to push to NADs and NADs automatically gets added to ISE with this shared secret.
Since you are following the guide it should ask you to enable all services, make sure you have plus license (required for PxGrid), also make sure if you changed the certificate in DNAC then the same CA signed certificate is used by ISE also to build 2 way trust, if you are using self signed certificate in DNAC then it should be fine. 

-hope this helps-
0 Helpful

haddo
Cisco Employee
Cisco Employee

‎04-08-2020 08:35 AM

Hi C.walsh,

Kindly see the link below, this will walk you through the integration process.

https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/guide-c07-741860.html
0 Helpful
Customers Also Viewed These Support Documents