Had some issues with Cisco DNAC and Stealthwatch. After settings up Stealthwatch server and Netflow collector, some of SDA devices were not compatible with Stealthwatch. The reason was: “NBAR is enabled on this device“. In DNA center, NBAR and CBAR was actually disabled, but the problem stil persisted. CBAR and NBAR were previously enabled, but after disabling it, it did not clean all devices. Guess this is a “cleanup” bug in DNA center. Solution was to manually remove ip flow from affected devices.
DNA center version: 22.214.171.124
Screenshot of affected devices:
Solution: Clear ip flow from all interfaces on affected device, and resync device in DNA center.
conf t int range gi1/0/1-48,Te1/1/1-4,Gi1/1/1-4 no ip flow monitor dnacmonitor input no ip flow monitor dnacmonitor output end wr
Go to DNA center, Inventory -> Select device -> Actions -> Inventory -> Resync device
Wait couple of minutes, and you should be able to enable Stealthwatch for this device.