Code ExchangeSearchRepository

Cisco DNA Center ISE Health Check

published
Docker Cloud Build Status
Docker Pulls

Cisco DNA-C and Cisco ISE Communication Health Check from Console

Sometimes Cisco DNA-C fails to communicate with Cisco ISE with Error on Application level.
This script helps you to verify that the communication paths between Cisco DNA-C and Cisco ISE is working (non-Application level)

Demo

Demo

Requirements

  • Cisco DNA Center Console access (ssh maglev@ -p 2222)
  • Internet Connectivity on DNA Center (Cloud Enabled)
    • DNA Center downloads this container image from Public Docker Registry (docker.io)

Usage

Login to Cisco DNA-C

  • ssh maglev@<dnac-ip-address> -p 2222

Run script

  • docker run -it --rm robertcsapo/cisco-dnac-ise-healthcheck && docker rmi robertcsapo/cisco-dnac-ise-healthcheck

Enter Cisco ISE FQDN (then hit ENTER)

  • Enter host (FQDN): cisco-ise.example.com

Automation

Run script with host flag

  • docker run -it --rm robertcsapo/cisco-dnac-ise-healthcheck -host cisco-ise.example.com && docker rmi robertcsapo/cisco-dnac-ise-healthcheck

Installation

If you need to manually build the script on the host.
(Important that you predownload golang:1.9.2-alpine3.7 from docker.io)

docker pull golang:1.9.2-alpine3.7

Build

  • docker build -t robertcsapo/cisco-dnac-ise-healthcheck .

Technologies & Frameworks Used

Cisco Products & Services:

  • Cisco DNA Center
  • Cisco ISE

Tools & Frameworks:

  • Golang (1.9.2)

Authors & Maintainers

Cisco ISE Port Reference

Overview

Cisco ISE 2.6 Installation Guide

Ports Used by the Administration Nodes

  • Administration
    • HTTP: TCP/80, HTTPS: TCP/443 (TCP/80 redirected to TCP/443; not configurable)
    • SSH Server: TCP/22
    • External RESTful Services (ERS) REST API: TCP/9060

Ports Used by the pxGrid Service Node

  • Administration
    • SSL: TCP/5222 (Inter-Node Communication)
    • SSL: TCP/7400 (Node Group Communication)
  • pxGrid Subscribers
    • TCP/8910

(Source: https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/install_guide/b_ise_InstallationGuide_26/b_ise_InstallationGuide_26_chapter_0110.html)

License

This project is licensed to you under the terms of the Cisco Sample
Code License.

Use Case

This script assists in troubleshooting connection failures between Cisco DNA Center and Cisco ISE. This script verifies that the communication paths are working on the network level. This script does not diagnose issues on the application level.

You can use a Docker command to download the script, connect to cisco-ise.example.com, and delete the script when the operation is complete.

docker run -it --rm robertcsapo/cisco-dnac-ise-healthcheck -host cisco-ise.example.com && docker rmi robertcsapo/cisco-dnac-ise-healthcheck
View code on GitHub
Related code repos

Code Exchange Community

Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
Disclaimer:
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.