ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
408
Views
0
Helpful
5
Replies
Highlighted
Beginner

ISE & DNAC Integration

I am having a problem trying to integrate ISE with DNAC for the first time.

I am following this guide https://community.cisco.com/t5/networking-documents/how-to-cisco-dna-center-ise-integration/ta-p/3896410 and my question is regarding the shared secret and where this is configured on the ISE? I can't see any reference to where this is configured in the ISE. When i add try to add the ISEon DNAC it fails & under pxGrid services on ISE, there are none pending?

5 REPLIES 5
Highlighted
Beginner

Re: ISE & DNAC Integration

Hi c.walsh:

as mentioned in the guide the "shared secret Cisco DNA Center will deploy to NADs when provisioned". So it will be used for your network devices if you add them to DNAC > DNAC will then add via pxGrid a Network Device in ISE with the shared secret in the Radius section.

 

Do you have a Firewall in between ISE and DNAC? If yes can you please check if there are any blocked connections between ISE and DNAC - especially TCP/443 (in both directions).

 

 


.:|:..:|:.Please rate helpful posts.:|:..:|:.
Highlighted
Beginner

Re: ISE & DNAC Integration

No firewalls, all ip's allowed & can ping between devices. 

My main question is where is the shared secret configured on the ISE?

Don't see that anywhere in the deployement guide?

No services are pending on 

Highlighted
Beginner

Re: ISE & DNAC Integration

See attachment


.:|:..:|:.Please rate helpful posts.:|:..:|:.
Highlighted
Contributor

Re: ISE & DNAC Integration

You don’t need to configure it on ise. When you set shared secret while integrating DNAC with ISE, DNAC will use this shared secret to push to NADs and NADs automatically gets added to ISE with this shared secret.
Since you are following the guide it should ask you to enable all services, make sure you have plus license (required for PxGrid), also make sure if you changed the certificate in DNAC then the same CA signed certificate is used by ISE also to build 2 way trust, if you are using self signed certificate in DNAC then it should be fine. 

-Rate helpful posts-
Highlighted
Cisco Employee

Re: ISE

Hi C.walsh,

Kindly see the link below, this will walk you through the integration process.

https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/guide-c07-741860.html
Content for Community-Ad
This widget could not be displayed.