Guest

Preview Tool

Cisco Bug: CSCvr98535 - Cisco DNA Center doesn't configure HTTP source interface for PKI - eWLC telemetry stays connecting

Last Modified

Aug 22, 2020

Products (1)

  • Cisco DNA Center

Known Affected Releases

DNAC1.3.1.2

Description (partial)

Symptom:
After being added to Cisco DNA Center's Inventory, an eWLC's Telemetry status may stay in the Connecting State. CRL fetch failure observed in eWLC logs.  Cisco DNA Center does not configure the HTTP client "source interface" on the PKI trust point Cisco DNA Center-CA, thereby resulting in a CRL fetch failure and Telemetry connection staying in "Connecting" State.

Conditions:
The Cisco DNA Center-CA and sdn-network-infra-iwan certificates are configured properly by Cisco DNA Center on the eWLC.  "ip http client source-interface" configured on eWLC.

crypto pki trustpoint DNAC-CA {
  enrollment mode ra
  enrolment terminal
  usage ssl-client
  revocation-check crl none
  source interface Vlan500
}
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.