DNAC – External Authentication with ISE Radius

You probably want to use an existing Identity Store such as Active Directory when managing your network infrastructure – including DNAC. Below is a guide on how to configure this functionality. When you enable external authentication in DNAC it will not exempt you from using the locally defined users on DNAC – at least not the built-in admin user. DNAC External Authentication Configuration Locate the “External Authentication” page in Settings -> System Settings -> Users

CCIE Lab Passed

April 4 2018 I did my 4th attempt of the CCIE R&S Lab in Brussels. This time I passed! Now I know how to approach the lab and through my failed attempts I learned what works for me in terms of strategy. I will go through it here: First of all you need to master all topics in the blueprint. This goes without saying. Not only do you need to know the technologies inside out, but you must also master how to troubleshoot, diagnose, and configure them – fast!

DNA Center – Reinstall

If you messed up your DNAC or just want to start over, you can do so by downloading the ISO for the appliance. Get the ISO on the below link: Download DNA Center ISO from CCO After downloading the ISO, you� must� create a USB installer by using� Etcher If you use Rufus or any other tools for the USB installer creation, it might not work due to insanely long file names in the ISO.

DNAC Integration with ISE using a self-signed Certificate

NOTE! Using ISE 2.3p3 is not an option due to CSCvi94778 If you’re deploying a DNAC and you want to integrate with ISE, you might have read the following documents: Perform Post-Installation Tasks Cisco ISE Integration Limitations I did and ended up with this error in DNAC when adding ISE: Clearly this is a certificate error. The thing is that Cisco mentions that SAN (Subject Alternate Name) is essential for the trust between DNAC and ISE.

Deploy ISE PoV 2.3 OVA using ovftool

When you want to deploy the ISE Proof of Value OVA in a ESXi 6.5 this happens: We create a new VM, specify the name and select the ova:[ ]1 In the last step, you’ll receive an error that “A required disk image was missing.” Most likely due to� CSCvf26967 Instead of combining the 5 zip files you downloaded from box.cisco.com (.001-.005), you should extract them and use ovftool to deploy the vm.

ISR4321 Switch Module Not Working – CPLD Incompatibility

I recently had the pleasure of upgrading a ISR4321 router to Denali (16.3.5). If you have a NIM-ES2-8 for example you might want to be careful and check the CPLD version before doing the upgrade! Here is why. Here the CPLD version is 14101324 The Firmware Version is the ROMMON version. As of writing there is no way of correlating the CPLD version show in the output of show platform and the one you can download on CCO.

ISR4321 Software Upgrade – Signature Verification Failed

If you try to upgarde to Everest (16.6.2) you will probably hit a ROMMON bug due to the image footprint (being larger than 512MB). Specifically you will see this: Turns out the bug is reported as� CSCvg89038 If your router has a switch module installed, you might want to check out this post.

Cisco 4321 – Boot Loop

I had the opportunity to configure a new Cisco 4321 router the other day. Opened the box and plugged in the power which by the way is via an external power supply that has a� Mickey Mouse (C5) connector! Waiting in excitement for the router to boot… After some time I realised the router wasn’t booting. The error was: unable to open bootflash:xdsl/packages.conf (14) My output from SecureCRT: Great! Brand new out of box router from Cisco that doesn’t boot!