Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
30866
Views
30
Helpful
19
Replies

DNA Center & C9800 "ERROR-NETCONF-CONNECTION-PORT-MISSING"

Go to solution
JPavonM
VIP
VIP

‎10-31-2019 06:39 AM - edited ‎07-05-2021 11:13 AM

Hi community,

 

After setting up my 3-node DNAC cluster, I discovered my newly installed Catalyst 9800 to provision them, but the status column returns "ERROR-NETCONF-CONNECTION-PORT-MISSING".

 

All the credentials are right, CLI, SNMPv3, SNMPv2 and also Netconf is enabled for discovery (default port 830), and enabled in the controller (Device(config)# netconf-yang). No firewall is between DNAC and c9800 so traffic is going straight through.

 

Any solution?

 

Device(config)# show platform software yang-management process

confd : Running
nesd : Running
syncfd : Running
ncsshd : Running
dmiauthd : Running
nginx : Running
ndbmand : Running
pubd : Running
gnmib : Not Running

8 people had this problem
19 Replies 19

Go to solution
aleopoldie
Level 3
Level 3
In response to Cyptic man

‎11-26-2019 10:16 AM

Good new ! :-)

thats weird you had to do this anyway...

 

you didn’t have to create a new certificate through crypto pki command ?

 

Alex

0 Helpful

Go to solution
Cyptic man
Level 1
Level 1
In response to aleopoldie

‎11-26-2019 12:47 PM

Nope, but i removed all existing certs. DNAC add the certificates first before it attempt to do netconf. 

Go to solution
Xividar
Level 1
Level 1
In response to Cyptic man

‎09-24-2020 04:28 AM

I found correcting this on the WLC was the easiest method - also, within ISE, ensure your WLC has Priv 15.

 

Capture.PNG

 

Capture.PNG

0 Helpful

Go to solution
andrew.butterworth
Level 7
Level 7

‎06-03-2021 06:20 AM

Due to an omission of a Device License for our SD Access Lab ISE VM I have had to change from TACACS+ to RADIUS Authentication.  I did this and reprovisioned the Catalyst 9300's and 9800 controller, however hit this issue with Netconf access not working.  After some debugging and looking at the ISE logs I discovered that for a netconf login over TCP/830 the RADIUS request doesn't include the NAS-PORT-TYPE attribute which we are using in the ISE policy to push 'priv-lvl=15' to the devices.  It does however send the attribute 'service-type=Outbound' so I have added this to the Authorisation policy and it now works as it did with TACACS+.

0 Helpful

Go to solution
sanket
Cisco Employee
Cisco Employee

‎11-04-2022 02:23 AM

Make sure you have these two configs in your switch :

aaa authentication login default local

aaa authorization exec default local 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card