11-07-2022 10:00 AM
Hello,
I'm working on a new SDA deployment with a customer. They have a single DNAC running 2.3.3.5, ISE 3.1, borders are 2x 9500-48Y4C running 17.6.4 and Edge switches are WS-C3650-12X48FD running 16.12.3s.
When I LAN automate, in the LA section of DNAC, the status goes to In Progress, the new switch shows as claimed, interface and Loopback IPs are shown as reserved in the LA log. But it just sits there forever.
If I go to the PNP page in DNAC I see the new switch in the "Pending Authorization" state with the onboarding progress bar at 40%. Again, it sits here forever.
In the PNP section, I have to select the switch > actions > authorize for LAN automation to complete.
Is this normal behaviour nowadays or have a missed something somewhere? It's not the end of the world, I'm just surprised I have to do this for LA to work.
Any and all advice gratefully received.
Many thanks in advance,
Matt.
Solved! Go to Solution.
11-08-2022 01:55 AM - edited 11-08-2022 02:00 AM
Hi Mattw,
Please go to Systems > Settings > PnP Device Authorization and uncheck the box "Device Authorization" so you don't have to do it manually during the workflow.
The idea is that with that checkbox, you have to manually authorize devices being onboarded.
If someone had a switch plugged in that is not supposed to be Lan Automated, DNAC would just go ahead and deploy it automatically without you approving of it. This adds a bit of extra protection to the LAN Auto workflow when it comes to unauthorized devices.
Regards,
Pablo.
11-08-2022 01:06 AM
Hi Mattw,
Here you have two LAN Automation guides:
Cisco DNA Center SD-Access LAN Automation Deployment Guide
LAN Automation: Step-by-step deployment guide and Troubleshooting
Remember that the LAN Automation is a two step workflow, where by you:
1. Start the LAN Automation
and then
2. Stop the LAN Automation (you have to go to the LAN Auto status page and click stop)
Let me know if that helps.
Regards,
Pablo.
11-08-2022 01:21 AM
Hi Pablo,
Thank you for your note. I'm well aware that you have to start and then stop the LAN automation. I have no problem with that at all.
But why do I have to go into the PNP page, select the switch and then click AUTHORIZE for it to finish the first step?
11-08-2022 01:55 AM - edited 11-08-2022 02:00 AM
Hi Mattw,
Please go to Systems > Settings > PnP Device Authorization and uncheck the box "Device Authorization" so you don't have to do it manually during the workflow.
The idea is that with that checkbox, you have to manually authorize devices being onboarded.
If someone had a switch plugged in that is not supposed to be Lan Automated, DNAC would just go ahead and deploy it automatically without you approving of it. This adds a bit of extra protection to the LAN Auto workflow when it comes to unauthorized devices.
Regards,
Pablo.
11-08-2022 02:39 AM
Thank you Pablo,
I have found the above setting and it was checked/enabled so I have unchecked/disabled the option and saved it. Let's see if this resolves the issue. If so, I will update this thread.
Many thanks!
11-09-2022 12:24 PM
Sorry Pablo, forgot to update you yesterday but your solution worked perfectly. Thank you very much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide