Popular Post Siscco Posted January 7, 2023 Popular Post Share Posted January 7, 2023 Found this useful thread. This is the hidden content, please Sign In or Sign Up 119 21 1 Link to comment Share on other sites More sharing options...
dds69 Posted January 8, 2023 Share Posted January 8, 2023 thanks for your help guys Link to comment Share on other sites More sharing options...
zshengh Posted January 10, 2023 Share Posted January 10, 2023 Thanks champ anytime!! Link to comment Share on other sites More sharing options...
Zoey Posted January 10, 2023 Share Posted January 10, 2023 thanks Link to comment Share on other sites More sharing options...
tinker123 Posted January 12, 2023 Share Posted January 12, 2023 Thank for your help! Link to comment Share on other sites More sharing options...
visasman Posted January 28, 2023 Share Posted January 28, 2023 Very nice article. Thanks a lot! For this task, does anyone know the exact steps? I could not get TACACS live logs from the Fabric switches, although my DNA is synchronized/managed with the Fabric switches and integrated with ISE. Link to comment Share on other sites More sharing options...
cnet123 Posted January 28, 2023 Share Posted January 28, 2023 a Link to comment Share on other sites More sharing options...
visasman Posted February 19, 2023 Share Posted February 19, 2023 During my first attempt, I mentioned in my post that I skipped 2.1 and started 2.2, but I could not continue with 2.2 because the SDA border nodes were not synchronised which prevented 2.2. I did the synchronisation and then it went fine. So, do check the sync part. 1 2 Link to comment Share on other sites More sharing options...
kat Posted February 24, 2023 Author Share Posted February 24, 2023 Does it affect 2.2-2.5 score after completing 2.2-2.5 properly, if I make a mistake on 2.1? Link to comment Share on other sites More sharing options...
there Posted February 28, 2023 Share Posted February 28, 2023 Nice Threat Link to comment Share on other sites More sharing options...
johnnyboy Posted April 4, 2023 Share Posted April 4, 2023 (edited) Took the exam recently and it said the password needed a capital letter or something for the user password. I guess we have to go in and change the password policy or something? Anyone think they mastered this question yet? Edited April 4, 2023 by johnnyboy 1 Link to comment Share on other sites More sharing options...
ShoIProute Posted April 5, 2023 Share Posted April 5, 2023 4 hours ago, johnnyboy said: Took the exam recently and it said the password needed a capital letter or something for the user password. I guess we have to go in and change the password policy or something? Anyone think they mastered this question yet? Yes: Administration>Identity Management/Settings>User Authentication Settings Uncheck everything that would prevent u from using the username and pw that they want us to use.  Link to comment Share on other sites More sharing options...
johnnyboy Posted April 5, 2023 Share Posted April 5, 2023 40 minutes ago, ShoIProute said: Yes: Administration>Identity Management/Settings>User Authentication Settings Uncheck everything that would prevent u from using the username and pw that they want us to use.  Thanks, I ran out of time so didn't have a chance to dive into it. Going to use this for next time! 1 Link to comment Share on other sites More sharing options...
maxdieng Posted April 26, 2023 Share Posted April 26, 2023 Hello Link to comment Share on other sites More sharing options...
NTWMaster Posted April 29, 2023 Share Posted April 29, 2023 (edited)  I found this on the cisco website. I have not yet taken the lab but maybe this will help with the Tacacs part? Radius is the default when configuring ISE in DNAC. You can't use Tacacs in the Design module if you have not selected it when integrating ISE and Edited May 7, 2023 by NTWMaster 11 1 1 Link to comment Share on other sites More sharing options...
NTWMaster Posted April 29, 2023 Share Posted April 29, 2023 (edited) Okay, I found one more document that may be helpful. I will obviously know more once I finally take the lab OR someone could be kind enough to say this may be a solution.   Edited May 7, 2023 by NTWMaster 13 1 1 Link to comment Share on other sites More sharing options...
NTWMaster Posted May 2, 2023 Share Posted May 2, 2023 (edited) . Edited May 4, 2023 by NTWMaster Link to comment Share on other sites More sharing options...
johnnyboy Posted May 10, 2023 Share Posted May 10, 2023 (edited) Here are some rough steps that I put together from using my lab. A lot of it depends on what is already configured in the lab. From what I remember in the lab I know for sure that TACACS was not enabled on the ISE server in DNA. ISE _____ Administration-> Deployment -> PSN -> Enable Device Admin Service -> SAVE Administration-> Identity Management -> Settings -> User Authentication Settings -> Uncheck all password must contain at least: -> SAVE Administration-> Network Resources -> Network Devices -> Click Devices -> "Check TACACS Authentication Settings" -> "Enter Shared Secret" 'cisco' -> SAVE Administration-> Identities -> Users -> "Add" -> "Name: netadmin password: admin User Groups: ALL_ACCOUNTS" -> Submit Work Centers-> Device Administration -> "View Default Policy" -> Authentication Policy -> "Internal Users" -> Options If User not found "Continue" -> Authorization Policy "Create New Command Set" called All_Commands -> Check Box "Permit any command that is not listed below" -> Shell Profiles "Create New Shell Profile" named Priv15 -> Default Privilege to "15" -> Submit -> Select and Save both of these new policies DNA _____ System Settings -> Update ISE -> Click ISE server -> "Edit" -> "View Advanced Settings" -> Check TACACS -> Apply Design -> Network Settings -> Add Servers -> AAA -> Check "Network" -> Choose ISE then Protocol "TACACS" -> Choose PSN -> SAVEDo this at Global Level. Make sure it applies to both branches Provision -> Devices-> Select all 4 Switches -> Actions -> Provision Device After Provision is successful: Choose all four switches -> Actions -> Edit Device -> Change CLI to netadmin/admin Test with SSH and DNA resync  @NTWMaster, let us know if you have any new design questions in that thread. Edited May 10, 2023 by johnnyboy Link to comment Share on other sites More sharing options...
takak Posted May 17, 2023 Share Posted May 17, 2023 thx Link to comment Share on other sites More sharing options...
random147 Posted July 30, 2023 Share Posted July 30, 2023 Awesome tips, ty Link to comment Share on other sites More sharing options...
mountaintop2 Posted August 5, 2023 Share Posted August 5, 2023 On 5/10/2023 at 9:40 AM, johnnyboy said: Work Centers-> Device Administration -> "View Default Policy" -> Authentication Policy -> "Internal Users" -> Options If User not found "Continue" -> Authorization Policy "Create New Command Set" called All_Commands -> Check Box "Permit any command that is not listed below" -> Shell Profiles "Create New Shell Profile" named Priv15 -> Default Privilege to "15" -> Submit -> Select and Save both of these new policies @NTWMaster, let us know if you have any new design questions in that thread. Are you changing the Default Authorization Policy, or creating a new one above it? If creating a new one, what are you using for the condition? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now