Popular Post kat Posted December 26, 2022 Popular Post Share Posted December 26, 2022 (edited) What is the current question about 2.1? Is it just ISE or do I need to access This is the hidden content, please Sign In or Sign Up and change newmgmtadd/oldmgmtadd? I have heard that postman is no longer required in Section 2.1 Edited December 26, 2022 by kat 124 24 2 1 1 Link to comment Share on other sites More sharing options...
Siscco Posted December 26, 2022 Share Posted December 26, 2022 Section 2.1 is about integrating ISE and DNAC and not sure why do we need Postman to do that . 1 Link to comment Share on other sites More sharing options...
darkiori Posted December 26, 2022 Share Posted December 26, 2022 thanks Link to comment Share on other sites More sharing options...
Popular Post kat Posted December 26, 2022 Author Popular Post Share Posted December 26, 2022 10 hours ago, Siscco said: Section 2.1 is about integrating ISE and DNAC and not sure why do we need Postman to do that . Itt means that I don't need to access This is the hidden content, please Sign In or Sign Up and change newmgmtadd/oldmgmtadd anymore? 82 12 1 2 Link to comment Share on other sites More sharing options...
jonny18 Posted December 28, 2022 Share Posted December 28, 2022 (edited) there use to be a scenario where the devices managed by dnac did not have the correct management name/ipss, the api link is used to change this to the correct management names/ips. Last time a did the exam this was not requested, however not sure if there is some exam version that this is required, so best is to know how to do it I do recall that there was a new question to configure tacacs via dnac on ise and to enable on line vty only of some routers, but i dont remember the exact wording or how that could be solved Edited December 28, 2022 by jonny18 3 Link to comment Share on other sites More sharing options...
ShoIProute Posted December 28, 2022 Share Posted December 28, 2022 10 hours ago, jonny18 said: there use to be a scenario where the devices managed by dnac did not have the correct management name/ipss, the api link is used to change this to the correct management names/ips. Last time a did the exam this was not requested, however not sure if there is some exam version that this is required, so best is to know how to do it I do recall that there was a new question to configure tacacs via dnac on ise and to enable on line vty only of some routers, but i dont remember the exact wording or how that could be solved FABD2 wants to use TACACS+ AAA service for secure communication into the four switches of their SDx infrastructure which are already present in the DNAC inventory: - Use DNAC TACACS+ for Authentication & Authorization through ISE into all 4 switches: sw400, sw501, sw502 and sw510 - TACACS shared secret must be set to cisco - TACACS must only be used on the vty lines - Local authentication must remain as the only method for authenticating management users through the console - The below accounts must be created in ISE for testing purposes: netadmin - will provide full access to all commands This user must be configured in order to use password admin - Note: Do not change/modify aaa authentication login default local. It is already present in all four switches 1 Link to comment Share on other sites More sharing options...
Popular Post kat Posted December 29, 2022 Author Popular Post Share Posted December 29, 2022 Doesn't section 2.1 include This is the hidden content, please Sign In or Sign Up and change newmgmtadd/oldmgmtadd anymore? And is section 2.1 just ISE(TACACS+ AAA)? 61 12 Link to comment Share on other sites More sharing options...
Popular Post ShoIProute Posted December 29, 2022 Popular Post Share Posted December 29, 2022 1 hour ago, kat said: Doesn't section 2.1 include This is the hidden content, please Sign In or Sign Up and change newmgmtadd/oldmgmtadd anymore? And is section 2.1 just ISE(TACACS+ AAA)? i have taken it a couple of times recently and i have not run into the " This is the hidden content, please Sign In or Sign Up and change newmgmtadd/oldmgmtadd" task on either attempt. Unless they're doing variation i think the one their going with is only the ISE/DNAC TACACS+ AAA for Section 2.1 55 10 3 Link to comment Share on other sites More sharing options...
kat Posted December 30, 2022 Author Share Posted December 30, 2022 8 hours ago, ShoIProute said: i have taken it a couple of times recently and i have not run into the " This is the hidden content, please Sign In or Sign Up and change newmgmtadd/oldmgmtadd" task on either attempt. Unless they're doing variation i think the one their going with is only the ISE/DNAC TACACS+ AAA for Section 2.1 Did you take section 2.1 first or 2.2? I have heard that I should skip 2.1 first and try from 2.2. 35 5 1 Link to comment Share on other sites More sharing options...
ShoIProute Posted December 30, 2022 Share Posted December 30, 2022 1 hour ago, kat said: Did you take section 2.1 first or 2.2? I have heard that I should skip 2.1 first and try from 2.2. taken the exam recently i was referring to. but i would skip section 2.1 if u can. its very tricky and could potentially lock u out of the devices, so its best to avoid if possible. 2 Link to comment Share on other sites More sharing options...
kat Posted December 30, 2022 Author Share Posted December 30, 2022 13 minutes ago, ShoIProute said: taken the exam recently i was referring to. but i would skip section 2.1 if u can. its very tricky and could potentially lock u out of the devices, so its best to avoid if possible. Based on your experience, do 2.2-2.5 affect if I skip 2.1 first? Link to comment Share on other sites More sharing options...
ShoIProute Posted December 30, 2022 Share Posted December 30, 2022 (edited) 1 hour ago, kat said: Based on your experience, do 2.2-2.5 affect if I skip 2.1 first? From my understanding, with the new 2.1 task (DNAC/ISE AAA TACACS+) that task is independent and no other tasks would depend on that one being completed. Edited December 30, 2022 by ShoIProute 1 Link to comment Share on other sites More sharing options...
kat Posted December 30, 2022 Author Share Posted December 30, 2022 8 hours ago, ShoIProute said: From my understanding, with the new 2.1 task (DNAC/ISE AAA TACACS+) that task is independent and no other tasks would depend on that one being completed. Is it possible to pass the exam although I skip section 2.1? Link to comment Share on other sites More sharing options...
ShoIProute Posted December 31, 2022 Share Posted December 31, 2022 13 hours ago, kat said: Is it possible to pass the exam although I skip section 2.1? it should be. i think its only like 3 points. if u get most of the other tasks correct, u should be able to get enough points to afford skipping that one. remember, the name of the game is not to complete the lab 100%, but to get enough points to pass. i'm not sure how many points that is tho. 1 Link to comment Share on other sites More sharing options...
kat Posted January 2, 2023 Author Share Posted January 2, 2023 On 12/31/2022 at 12:02 PM, ShoIProute said: it should be. i think its only like 3 points. if u get most of the other tasks correct, u should be able to get enough points to afford skipping that one. remember, the name of the game is not to complete the lab 100%, but to get enough points to pass. i'm not sure how many points that is tho. Thank you Can SW400-510 be syncretized by skipping 2.1? Do I need some tasks before taking 2.2? Link to comment Share on other sites More sharing options...
Siscco Posted January 2, 2023 Share Posted January 2, 2023 (edited) Guys , I still wonder how'd we get locked out from devices if we do 2.1 ? we are dealing with VTY login , still we got OOB isn't it ? Edited January 2, 2023 by Siscco 1 Link to comment Share on other sites More sharing options...
ShoIProute Posted January 4, 2023 Share Posted January 4, 2023 On 1/2/2023 at 2:31 AM, Siscco said: Guys , I still wonder how'd we get locked out from devices if we do 2.1 ? we are dealing with VTY login , still we got OOB isn't it ? That is correct. Initially, i misunderstood this task and thought there were some AAA configs that needed to be manually configured locally on the switches, but those configs will be pushed out to VTY lines by the DNAC if done properly. And yes, u will still have OOB access to the switches via the console. 2 Link to comment Share on other sites More sharing options...
Siscco Posted January 4, 2023 Share Posted January 4, 2023 (edited) 2 hours ago, ShoIProute said: That is correct. Initially, i misunderstood this task and thought there were some AAA configs that needed to be manually configured locally on the switches, but those configs will be pushed out to VTY lines by the DNAC if done properly. And yes, u will still have OOB access to the switches via the console. Yeah , Initially I thought the same. I do not see an option to Specifically select , VTY or CON in DNAC while we do 2.1 . Any thoughts on that ? Edited January 4, 2023 by Siscco 1 Link to comment Share on other sites More sharing options...
ShoIProute Posted January 4, 2023 Share Posted January 4, 2023 8 hours ago, Siscco said: Yeah , Initially I thought the same. I do not see an option to Specifically select , VTY or CON in DNAC while we do 2.1 . Any thoughts on that ? I think the DNAC automatically automates that once u configure it as a "Network" AAA Server in "Network Settings". U have to make sure that ISE is configured as a TACACS Server in System Settings > Settings > Authentication and policy servers first tho. And the 'netadmin' username has to be configured in ISE with the shared secret (cisco) and privilege level and all of the AAA backend information in ISE. Then when u go to re-provision the switches in DNAC, it should push out all the necessary AAA configs to them in the global config and VTY lines. 1 Link to comment Share on other sites More sharing options...
Siscco Posted January 4, 2023 Share Posted January 4, 2023 1 hour ago, ShoIProute said: I think the DNAC automatically automates that once u configure it as a "Network" AAA Server in "Network Settings". U have to make sure that ISE is configured as a TACACS Server in System Settings > Settings > Authentication and policy servers first tho. And the 'netadmin' username has to be configured in ISE with the shared secret (cisco) and privilege level and all of the AAA backend information in ISE. Then when u go to re-provision the switches in DNAC, it should push out all the necessary AAA configs to them in the global config and VTY lines. I see. it looks like " aaa authentication login default local " is already preconfigured on all SDA switches. which might be the reason DNAC does not push the same to console? as it might intelligently automates the task ? 1 Link to comment Share on other sites More sharing options...
kat Posted January 4, 2023 Author Share Posted January 4, 2023 1 hour ago, ShoIProute said: I think the DNAC automatically automates that once u configure it as a "Network" AAA Server in "Network Settings". U have to make sure that ISE is configured as a TACACS Server in System Settings > Settings > Authentication and policy servers first tho. And the 'netadmin' username has to be configured in ISE with the shared secret (cisco) and privilege level and all of the AAA backend information in ISE. Then when u go to re-provision the switches in DNAC, it should push out all the necessary AAA configs to them in the global config and VTY lines. Can SW400-510 be syncretized by skipping 2.1? Do I need some tasks before taking 2.2? Link to comment Share on other sites More sharing options...
ShoIProute Posted January 4, 2023 Share Posted January 4, 2023 3 minutes ago, Siscco said: I see. it looks like " aaa authentication login default local " is already preconfigured on all SDA switches. which might be the reason DNAC does not push the same to console? as it might intelligently automates the task ? I think so Link to comment Share on other sites More sharing options...
ShoIProute Posted January 4, 2023 Share Posted January 4, 2023 3 minutes ago, kat said: Can SW400-510 be syncretized by skipping 2.1? Do I need some tasks before taking 2.2? They are already managed and synced in the new version of the lab. U should not have to do anything to get the other tasks complete. The re-sync task was in the old version of the lab. I'm not sure if their still giving that anymore. 1 Link to comment Share on other sites More sharing options...
Siscco Posted January 4, 2023 Share Posted January 4, 2023 4 minutes ago, ShoIProute said: I think so Thanks champ 1 Link to comment Share on other sites More sharing options...
ShoIProute Posted January 4, 2023 Share Posted January 4, 2023 5 minutes ago, Siscco said: Thanks champ anytime!! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now