+++++++++++++++++++++++++++++++++++++++ Configuring the passwords for ISE +++++++++++++++++++++++++++++++++++++++ ================== OS Password ================== password: Enter old password: Kbits@123 Enter new password: Cisco@123 Confirm new password: Cisco@123 ================== ISE Password ================== application reset-passwd ise admin Enter new password: Cisco@123 Confirm new password: Cisco@123 +++++++++++++++++++++++++++++++++++++++ Configuring ISE for DNAC Integration +++++++++++++++++++++++++++++++++++++++ 1. Enable the pxGrid Service 2. Enable the ERS (Read/Write) & Open API (Read/Write) Capabilities 3. Verify that the pxGrid Service is operational +++++++++++++++++++++++++++++++++++++++ Configuring DNAC for ISE Integration +++++++++++++++++++++++++++++++++++++++ IP Address: 10.10.101.239 Shared Secret: Cisco@123 Username: admin Password: Cisco@123 FQDN: dnac-ise.kbits.local Accept the Certificate. It should show as Connected both on DNAC & ISE +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Configuring DNAC-Border Communication via the Fusion Device +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ===================== Fusion Device ===================== 1. Configure the Fusion with a Trunk towards the border. 2. Configure a VLAN and SVI for Border-Fusion Communication ===================== Border Device ===================== 1. Configure the Border with a Trunk towards the Fusion Device. 2. Configure a VLAN and SVI for Border-Fusion Communication. 3. Configure a Default Gateway pointing towards the Fusion. 4. Configure SSH Credentials to allow the DNAC to log into the border using SSH. 5. Configure SNMP RO & RW communities +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exporting Routes between Global Routing Table and the VRFs(VNs) +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ================================== Route Leaking from Global to VRF ================================== access-list 1 permit 10.10.101.0 0.0.0.255 ! route-map ABC match ip address 1 ! vrf definition SALES_VN address-family ipv4 import ipv4 unicast map ABC ! vrf definition TECH_VN address-family ipv4 import ipv4 unicast map ABC ================================== Route Leaking from VRF to Global ================================== access-list 2 permit 172.16.1.0 0.0.0.255 access-list 2 permit 172.16.2.0 0.0.0.255 ! access-list 3 permit 172.16.3.0 0.0.0.255 access-list 3 permit 172.16.4.0 0.0.0.255 ! route-map SALES_ROUTES match ip address 2 ! route-map TECH_ROUTES match ip address 3 ! vrf definition SALES_VN address-family ipv4 export ipv4 unicast map SALES_ROUTES ! vrf definition TECH_VN address-family ipv4 export ipv4 unicast map TECH_ROUTES or ip route 172.16.1.0 255.255.255.0 vlan3002 ip route 172.16.2.0 255.255.255.0 vlan3002 ! ip route 172.16.3.0 255.255.255.0 vlan3003 ip route 172.16.4.0 255.255.255.0 vlan3003