cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2385
Views
25
Helpful
16
Replies
Highlighted
Beginner

DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

Hi community,

 

After setting up my 3-node DNAC cluster, I discovered my newly installed Catalyst 9800 to provision them, but the status column returns "ERROR-NETCONF-CONNECTION-PORT-MISSING".

 

All the credentials are right, CLI, SNMPv3, SNMPv2 and also Netconf is enabled for discovery (default port 830), and enabled in the controller (Device(config)# netconf-yang). No firewall is between DNAC and c9800 so traffic is going straight through.

 

Any solution?

 

Device(config)# show platform software yang-management process

confd : Running
nesd : Running
syncfd : Running
ncsshd : Running
dmiauthd : Running
nginx : Running
ndbmand : Running
pubd : Running
gnmib : Not Running

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

After openning a TAC case they told me I was hitting bug CSCvo82246 where DNAC cannot use customized authentication groups for remote control after upgrade to 1.3.

 

Final workaround was to set up "aaa authentication login default group" instead using custom groups.

View solution in original post

16 REPLIES 16
Highlighted
Participant

Re: DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

Same issue here, very annoying ...

Even with trying a different port like 835, still not working after DNAC's upgrade to 1.3.1.3...

Highlighted
Beginner

Re: DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

After openning a TAC case they told me I was hitting bug CSCvo82246 where DNAC cannot use customized authentication groups for remote control after upgrade to 1.3.

 

Final workaround was to set up "aaa authentication login default group" instead using custom groups.

View solution in original post

Highlighted
Participant

Re: DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

Hello Jesus.pavon,

 

Well that's interesting, thanks for sharing.

I currently have the following "aaa authentication login default group dnac-network-radius-group local" generated dynamically from the DNAC, and "dnac-network-radius-group" pointing to the ISEs. I think you had the same ?

Highlighted
Beginner

Re: DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

I manually created that entry in c9800 before re-discovering the device through DNAC and that worked for me.

Highlighted
Participant

Re: DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

What do you mean by that entry ? What did you create manually ?

Highlighted
Beginner

Re: DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

These are the lines that I configured manually before re-discovering c9800 with DNAC and Netconf reachability was success:

aaa authentication login default group NPS_MGMT local

aaa authentication enable default group NPS_MGMT enable

aaa authorization exec default group NPS_MGM

 

Cheers

Highlighted
Participant

Re: DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

Hmm I've done the same, discovery is ok but still partial collection failure ... Very strange issue ...

Highlighted
Beginner

Re: DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

Hi!

I got the same error but my netconf icon is grayed out. Did this fix even that?

Running 1.3.1.3 as well and ewlc 16.12

Highlighted
Beginner

Re: DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

Hi!

I got the same error but my netconf icon is grayed out. Did this fix even that?

Running 1.3.1.3 as well and ewlc 16.12. 

Highlighted
Beginner

Re: DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

Have you enabled netconf in the eWLC?

Have you configured aaa in the eWLC? If you have, check aaa login/exec configs to point to default group.

Highlighted
Beginner

Re: DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

Yes i have.

I'm working with the TAC on this. It seems like my DNA Center doesn't see or accept the netconf updates.

Highlighted
Participant

Re: DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

Hello Cyptic,

 

What you can try :

- Verify the netconf status and port used (show netconf-yang status)

- Try also to disable netconf-yang and reactivate it

- test the netconf access from the DNAC Center CLI to the WLC (ssh -p <netconf> port <username@WLC IP address> -s netconf)

 

Alex.

Highlighted
Beginner

Re: DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

When debugging in the WLC i get this message. I'm not sure of what trustpoint or cert the netconf session is requesting??

I now cleared all existing old trustpoints from the device but it still gives me this message.

 


[Tue Nov 26 11:52:17 UTC] maglev@192.168.x.x (maglev-master-192-168-x.x) ~
$ ssh -p 830 nxxxx@10.x.x.x -s netconf
ssh_exchange_identification: read: Connection reset by peer

 

Error message from eWLC:

Nov 26 11:52:01.670 Central: %DMI-3-NETCONF_SSH_ERROR: Chassis 1 R0/0: ncsshd_bp: NETCONF/SSH: error: Trustpoint does not have a cert

 

Highlighted
Beginner

Re: DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

Hi!

 

I removed the netconf-yang and readded the command, removed the WLC and rediscovered it. Now it's able to connect using netconf. Case closed.

 

Thank's for all details.

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey