"The What?" - In this blog I want to share some valuable Digital Network Architecture Center (DNAC) tips & tricks that I have collected that are quite useful when needing to troubleshoot/perform some basic admin duties.
"The Why?" - I have been fortunate to work in an Software-Defined Access (SDA) environment for a few years now. During this time I have encountered issues, worked with Cisco TAC/BU, & along the way picked up some helpful items. Hopefully these helps others during their journeys with SDA/DNAC.
"The How?" - Ok, so here are a collection of command examples to perform a variety of tasks and/or aide in troubleshooting:
DNAC info for upgrade status:
$ sudo maglev system_updater update_info --shows status of upgrade via cli
Tail logs during DNAC upgrade:
$magctl service logs -rf system_updater --tail logs in real time
Output logs to identify issues with hosts that failed installing host components:
$magctl service logs -r system_updater > system_updater.log --outputs log to file in current directory
Check appstack statuses:
$magctl appstack status
$magctl appstack status -fw --f pulls up anything not in running status; w watch live;
$magctl appstack status | grep 0/ --determine appstack issues
Terminate hung pods if depicted as 'Null' in GUI and/or 'terminating' via CLI; verify with $sudo magctl appstack status | grep 0/:
$magctl service kill <service> example: kong-775f685fdb-8ccbz --kills hung pods
Restart a hung pod:
$magctl service restart -d <pod>
Get Chassis product information:
$ sudo cat /sys/devices/virtual/dmi/id/product_name
Get Chassis serial number:
$ sudo cat /sys/devices/virtual/dmi/id/product_serial
Halt the appliances:
#sudo shutdown -h now
Warm reboot appliances:
$sudo shutdown -r now
Change DNAC admin password from CLI with maglev:
$magctl user password update admin -p <pass> TNT0
Check DNAC configured interfaces:
$sudo ip a | egrep "enp|eno|management|internet|cluster|enterprise"
Enable External Authentication fallback from CLI so you can locally login to DNAC if remote AAA is having issues:
$sudo magctl rbac external_auth_fallback enable/disable --enable allows local user login; disable only allows AAA external auth;
Verify is external authentication is enabled/disabled:
$ sudo magctl rbac external_auth_fallback display
Verify validity of internal DNAC certificates:
$sudo maglev-config certs info --show internal cert statuses/expiration
Lastly, I want to share a few Cisco links that are very helpful:
CIMC Tshoot tech support collection guide: Visual Guide to Collect UCS Tech Support Files - B, C and S Series - Cisco
Airgapped/offline deployment/upgrade document: Cisco DNA Center Air Gap Deployment Guide - Cisco
DNAC compatibility guide: Cisco DNA Center Compatibility Matrix
DNAC Best Practices Guide: Cisco DNA Center Security Best Practices Guide - Cisco
Cisco Community SDA resources: Cisco SD-Access Fabric Resources - Cisco Community
SDA Troubleshooting guide: Cisco SD-Access Fabric Troubleshooting Guide - Cisco
SDA compatibility matrix: Cisco Software-Defined Access Compatibility Matrix
NOTE: I strongly suggest working directly with TAC for any issues to ensure you have their support. These notes are meant to provide help & save time, but not an end-all be-all by any means.
Thanks for reading, Cheers!