BRKCRS 2259

#CLMEL
123—Cisco DNAC
From Install to Operations Using
Cisco DNA Center
James Gilarte – Product Sales Specialist
BRKCRS-2259
#CLMEL
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Open the Cisco Events Mobile App
2 Find your desired session in the “Session Scheduler”
3 Click “Join the Discussion”
4 Install Webex Teams or go directly to the team space
5 Enter messages/questions in the team space
cs.co/ciscolivebot#BRKCRS-2259
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
• Where we are in the industry
Agenda today
• Cisco DNA-Center to the
rescue
• Use Cases
• Installation
• Setup
• Integration with other platforms

• AAA/ISE
• Cisco CMX
• LiveNX
• Cisco IT’s Approach
#CLMEL BRKCRS-2259 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Who am I?
• Cisco Enterprise
Networking
Specialist
• 10 years at Cisco
• Comic Book Writer
• Currently writing
Star Wars
Adventures
Where Are We In The
Industry Today?
Cisco’s DNA Evolution
Cisco Digital Network Architecture Intent Based Networking
Learning
Intent Context
Security
Unprecedented Demands on the Network
Difficult to Segment Complex to Manage Slower Issue Resolution
Ever increasing number of users Multiple steps, Separate user policies for
and endpoint types user credentials, complex wired and wireless networks
interactions
Ever increasing number of VLANs Unable to find users
and IP Subnets Multiple touch-points when troubleshooting
Traditional Networks Cannot Keep Up!

#CLMEL © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Example
Telemetry Aggregation
SaaS SaaS
Server Application Application
VM
VM
VM
VLAN 24
VLAN 24
Datacentre
VLAN 54
WAN
DC VRF
Core Tenant VRF

What it looks like VM
Network
VLAN 14
Distribution
User Group
A
Access
Control
The Need For A More Intuitive Network.
Informed By Context Powered By Intent Driven By Knowledge.
Visibility into traffic Translate Business Intent Machine learning at scale to

and threat patterns to Network Policy provide increasing intelligence.
Who, What, When, Automate the management and Predictive performance and
Where, How. provisioning millions of devices assurance.
instantly.
Introducing Cisco DNA-C

Cisco DNA Center
Central network management system
Cisco DNA Center™
Policy Provision Design Assurance
Cisco DNA Center Complete network Analytics for assurance

Appliance management system • Verify intent of network settings
• Single pane of glass for all devices • Proactively resolve issues
• End-to-end health information in real time • Reduce time spent troubleshooting
• Granular visibility
• Simplified workflows
Physical and virtual infrastructure Automation for provisioning Platform for extensibility
• Zero-touch deployment • Integrate APIs with third-party solutions
• Device lifecycle management • Integrate and customise ServiceNow
Cisco and third party • Policy enforcement • Evolve operational tools and processes
Initial Platform Capabilities – APIs, Adapters and
SDKs
Business and Network Intent APIs
IT and Network
System Process Application Policy Software Image
Management (SWIM)
Assurance
Network Inventory /
ITSM Wireless Provisioning
Discovery
Plug-n-Play
IPAM Command Runner
Topology
Template Programmer
Reporting
eNFV Provisioning
ITSM
Analytics
X-Domain Integration
Networking
3rd Party SDKs
Map 3rd Party Network Devices to Data Model Security
Level 1 Operations support:
Discovery, Inventory, Topology, Availability, Health Score Data Centre
Introducing Cisco DNA Center Covered in this session
Policy-Based Network
Fabric Network Automation Assurance
Business Intent driven Simplify Day 0 to Day Monitoring

Network Changes N Changes and Troubleshooting
Proactive Issue
Decouple Policy from Industry Best-Practices
Identification and
Network Topology and Policy Compliance
Resolution
Cisco DNA Center First
Time Installation
Pre-requisites
Go From This
To This!
#CLUS BRKRST-2777 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Lessons From The Field.
PLAN
DNAC 1.2 Supported Network Platforms
CAT2K / CAT3K / CAT4K Switches CAT9K / CAT6K / N7K Switches ASR / ISR / CSRv Routers
CAT2K Recommended OS Minimum OS CAT9K Recommended OS Minimum OS ISR 4K Recommended OS Minimum OS
C2960-L IOS 15.2(2)E7 IOS 15.2(1)E1
C9300 IOS-XE 16.6.2 IOS-XE 16.6.1 ISR 4431 WIP WIP
C2960-P IOS 15.2(2)E7 IOS 15.2(1)E1
C9300 Stack IOS-XE 16.6.2 IOS-XE 16.6.1 ISR 4221 WIP WIP
C2960-C IOS 15.2(2)E8 IOS 15.2(1)E1
C9400-LC-48UX IOS-XE 16.6.2 IOS-XE 16.6.1 ISR 4351 WIP WIP
C2960-CPD IOS 15.2(2)E8 IOS 15.2(1)E1
C9400-LC-24XS IOS-XE 16.6.2 IOS-XE 16.6.1 ISR 4451-X WIP WIP
C2960-X Stack IOS 15.2(2)E6 IOS ≥ 12.1
C2960-XR IOS 15.2(2)E6 IOS ≥ 12.1 C9400 (Sup1XL) IOS-XE 16.6.2 IOS-XE 16.6.1
Recommen Minimum
C2960-XR Stack IOS 15.2(2)E6 IOS ≥ 12.1 C9400 (Sup1E) IOS-XE 16.6.2 IOS-XE 16.6.1 ISR 1K (Selected PIDs Only)
ded OS OS
C2960-CX IOS 15.2(4)E3 IOS ≥ 12.1 C9500 IOS-XE 16.6.2 IOS-XE 16.6.1
C1112-8P + (LTEEA) IOS-XE 16.7.1 IOS-XE 16.6.1
C9500 Stack IOS-XE 16.6.2 IOS-XE 16.6.1
C1113-8P + (M,LTE*,WE,WA,WZ,MWE) IOS-XE 16.7.1 IOS-XE 16.6.1
CAT3K Recommended OS Minimum OS
CAT6K Recommended OS Minimum OS C1114-8P + (LTEEA) IOS-XE 16.7.1 IOS-XE 16.6.1
C3560-CX IOS 15.2(6)E All Versions C1115-8P + (PM, LTEEA,PMLTEEA) IOS-XE 16.7.1 IOS-XE 16.6.1
C3650 (Copper) IOS-XE 16.6.1 All Versions C6503E (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
C3650-Stack IOS-XE 16.6.1 All Versions C6504E (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2 ASR 1K Recommended OS Minimum OS
C3850(Copper/Fiber) IOS-XE 16.6.1 All Versions C6506E (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
ASR 1001-X WIP ≥ 15.2(2)S, ≥ 15.3(1)S1
C3850-Stack (Copper/Fiber) IOS-XE 16.6.1 All Versions C6509E (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
ASR 1002-X WIP ≥ 15.2(2)S, ≥ 15.3(1)S1
C6513E (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
ASR 1006-X WIP ≥ 15.2(2)S, ≥ 15.3(1)S1
CAT4K Recommended OS Minimum OS C6807-XL (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
ASR 1009-X (RP2|RP3) WIP WIP
C4500-X IOS-XE 3.10E All Versions C6840-X (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
ASR 1001-HX WIP WIP
C6880-X (Sup 2T|6T) IOS 15.5.1 SY ≥ 12.2
C4500-E (SUP 7E|7LE|8LE) IOS-XE 3.10E All Versions ASR 1002-HX WIP WIP
C4507R+E (SUP 7E|7LE|8LE) IOS-XE 3.10E All Versions
Virtual Router Recommended OS Minimum OS
Wireless Controllers / APs
C4503E (Sup 8E|9E) IOS-XE 3.10E All Versions
C4506E (Sup 8E|9E) IOS-XE 3.10E All Versions CSRv (Virtual) WIP WIP
C4507R+E (Sup 8E|9E) IOS-XE 3.10E All Versions
C4510R+E (Sup 8E|9E) IOS-XE 3.10E All Versions
*WLC 5520, 8540 Check latest release notes on Cisco.com #CLMEL BRKCRS-2259 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
First Steps.
 Cisco DNA Center deployment can be a seamless process once due

consideration is given to following:
 First time installation considerations
 Racking and stacking
 Pre-requisites: IP addressing, DNS, Internet connectivity, etc.
 Ensure devices and their current software images are supported
 Follow the DNA-C supported devices matrix
Deployment Journey Map: Cisco DNAC 7. Device Ready
Assurance
for Assurance
• Client health
• Client 360
6. Recommended: • Network health
Configure telemetric • Application health
protocols
• SNMP
4. Design and 5. Inventory • Syslog
Discovery Collection • Net Flow
• Run discovery • Assign • Enabled at deployment
2. Device wizard • Create site devices to
site
automaton and 3. Cloud hierarchy
configuration Connectivity (area, building,
• Power on DNAC Package floor,
Prerequisites • Input IP address, Downloads and and maps) ~ 20 min
• Order appliance, 1. Setup DNAC
• Power on cluster link, upgrade to latest
power supply, etc. gateway, NTP, released version
• Set up Port • Configure CIMC ~ 60 min
IP Address DNS, Proxy and
connections static route info
• Network and IP • Access CIMC
browser • Once entered, ~ 120 min
Address patching no further input
• Cloud connectivity ~ 240
required
 Installation time can vary based on Engineer performing the tasks
min
port options
• Validate software
compatibility of
Network Devices
~ 180 min
 Installation time is dependent on the available bandwidth in the
premises where the DNA Center appliance is located and is
~ 40
min referenced here in ideal conditions.
~ 180 min
 Baseline needs to be monitored for each new version
Prerequisites must
be completed before
 The design and discovery/ Inventory collection timers are based
DNAC installation
on 10 or fewer sites.
can begin
DNAC 1.2.5 Appliance Set up and Install DNA Assurance Day 1 Setup
Prerequisites - Understanding the requirements
 Cisco DNA Center Appliance (DN2-HW-APL)

 Installation on a VM or custom UCS server is not supported
 Network Patch Requirements for each DNAC Appliance

 Appliance Management port – CIMC
 10Gbit port - Enterprise Network
 10Gbit port - Intra Cluster Link
 1Gbit port - Management
 1Gbit port - Cloud Update Connectivity (optional *)
 Note: All ports need dedicated VIP (in total 7 IP addresses minimum)
* Required only if the Cloud Update server is not reachable via the Enterprise Network
Prerequisites - IP Address Requirements
 Additional Settings for Configuration Wizard
 DNS Server IP Address (1 required, 2+ recommended)
 NTP Server IP Address (1 required, 2+ recommended)
 Proxy Server IP Address (required if direct internet access is not available – http proxy only)
 Proxy server port if required
 DNA Center Cluster

 Cluster Virtual IP Address – Used to point telemetry data towards
 This IP Address should be taken from the Enterprise Network subnet
 Cluster subnet and Service subnet address pool - /21 subnet for each
 Used for internal cluster communications and should not conflict with any other IP in the Enterprise Network
Example IP Addressing Scheme
Device Enterprise IP OOB CIMC Cluster Link Address Service Subnet Address
Name Address
Cisco 10.224.92.101 10.224.100.150/32 10.224.100.151/32 192.168.0.0/21 192.168.8.0/21
DNA
Center
1
2 10.224.92.102
3 10.224.92.103
Virtual 10.224.92.100
IP
Prerequisites - External Connectivity Requirements
The following URLs need to be accessible from the DNA Center for various
operations
Use Case URLs
DNA Center Update package downloads https://*.ciscoconnectdna.com/*
Smart Account and SWIM Software Downloads https://*.cisco.com/*
Rendering Geo-Maps on the DNA Center UI https://*.tiles.mapbox.com/*
Meraki Integration https://*.meraki.com/
IPAM Integration URL for the IPAM-server
User feedback https://dnacenter.uservoice.com/
DNA Center First
Time Installation
Best Practices
Back Panel Ports – Check For M5 Servers
1Gb Ethernet dedicated out-of-band management
port. Reserved for OOB management of DNA
Center and the appliance chassis using CIMC. VGA video port
Connect to the dedicated management network. (DB-15)
10Gb port for the Enterprise Network. Second embedded 1Gb ethernet controller port.
Optional, intended for connecting to an isolated
network with a static route for cloud services.
10Gb port for Intra Cluster interface. Leave

it unconnected in standalone mode initially.
The 10Gb interfaces must be First embedded 1Gb ethernet controller port.
Reserved for the dedicated management network.
connected to switches in
switch-port mode
Best Practices
 Always treat DNA-C as a cluster: plan for a “cluster”
 Standalone box is a “single node cluster”
 Provision for separate intra-cluster link on day 1

 Changing the intra-cluster link from one interface to another is not supported
 Use a complete private network for intra-cluster link

 No other machines should be in this network
 Use isolated L2 domain (all clusters must be in the same L2 domain)
 Ensure < 10ms latency (RTT) across the intra-cluster link
Installation Best Practices (continued)
 Provision for Virtual IP on day 1

 Network Devices will continue to see the same IP when more nodes are added
 Reserve cluster subnet and service subnet address pool

 Minimum required size is /21 each
 Example: 10.60.0.0/21 and 10.60.8.0/21
 Need not be routable in enterprise network, just ensure they don’t clash
 Changing cluster subnet and service subnet is not supported yet
Cloud Updates
Cisco Cloud Ops Connected DNA Option 2: User

pushes packages to
cloud Cloud downloads Packages
DNA
Production Catalog
Packages
DNA Node(s)
 Update using cloud tethering. Cloud tethered images

are available once every few weeks
 Production catalog is secure and goes through rigorous
testing by Cisco’s security and trust organisation
Installation Walkthrough
Installation Walkthrough
When a customer purchases DNAC the following considerations for Installation needs to be
thought through.
Reserve IP addresses!
Is the box going to be installed by the same Will the installation happen at a lab first and
Gather information around how to connect to
person who will configure it? then move to production? Identify caveats.
internet, proxy information (IP,
Is the box installed in a location where physical How will access to the system be provided,
username/Pwds), which firewall ports to open,
access is not easy? L3/terminal systems?
DNS additions etc.
How long will it take to rack and stack? Who will troubleshoot any physical connectivity
Plan for how long it will take to get tthis done
problems?
before Installation
DNA Center Installation
Setting Up DNA Center
 Select Start a DNA-C Cluster to setup master

node
 Configure 1st network interface Ten Gigabit

Ethernet port #1 on the appliance
 This interface can be used for Intra Cluster

communications. Connect to access switch
with connections to other nodes in the cluster

 Provide IPv4 address for accessing DNA Center
GUI (WEB and API)
 Provide a default Gateway and a DNS Server
 If needed provide a static route, or leave it blank.

Format <Network IP>/<Subnet>/<Gateway>
 Recommended: Select a dedicated 10G interface

to make it part of cluster in future. Not required
for single node installation
 IPv6 will be supported in a later release.
 Click Next to continue.

 Provide IP address and netmask for accessing
lab devices that DNA-C will manage.
 Typically, to connect to lab devices, DNS Server

and Default Gateway are left blank and a static
route is used to force DNA-C to use this
dedicated link to connect to network devices.
Format:
<NetworkIP>/<Subnet>/<Gateway>
 Make sure the gateway is reachable.
 Please leave “Cluster Link” and ”IPv6 address”

options unselected.
 Click Next to continue.

 Provide the IP address, Netmask for
cluster nodes. This interface is used to
connect to the Enterprise network.
 Provide the Default Gateway and DNS

Server IP address.
 Do not select Cluster link
 Let the system proceed with the installation
 Enter the network Proxy Server settings to

enable Internet Connectivity.
 Provide Virtual IP Address for Cluster

Setup
 Needs to be on the same subnet as the

Enterprise Network interface
 Click Next to continue
Setting Up Passwords
 Enter the passwords for the operating

system “Linux password” and the
“Administrative Passphrase”
 Linux Password is used to SSH to the

appliance
 Administrative Passphrase is used to access

the appliance from Web and API interfaces
 Both passwords and passphrases require a

capital letter, lower case letter and number or
symbol.
 The symbols ”%” or “+” cannot be used in

passwords.
Setting Up Passwords
 Enter the passwords for the operating system

“Linux password” and the “Administrative
Passphrase”
 Linux Password is used to SSH to the appliance
 Administrative Passphrase is used to access

the appliance from Web and API interfaces
 Both passwords and passphrases require a

capital letter, lower case letter and number or
symbol.
 The symbols ”%” or “+” cannot be used in

passwords.
NTP Check
 Provide at least one NTP server
 DNA-C will then check reachability
Advanced Settings
 Provide Service and Cluster /21 subnets
 Make sure that this subnet does not conflict

with any network addresses currently in use.
Finish Installation
 Let the DNA-C proceed with installation

process.
Finish Installation
 Allow approximately 3 hours for the

installation to complete from this point.
Web Access to DNA-C
DNA Center web interface is compatible with the following HTTPS-enabled
browsers:
 First time login as system administrator ("admin", with SUPER-ADMIN-ROLE)

 Create DNA-C users (Recommended: At least one for daily operations NETWORK-
ADMIN-ROLE)
Setting up DNAC – Day 0
Admin Password
Change
 DNA-C installation may have been
done by someone other than Admin
 Cisco recommends changing Admin

password on Day 0
Register CCO-Id
 Provide your cisco.com (CCO) Id
 Mandatory for features e.g SWIM,

Telemetry, Licensing to work properly
 Can be added later
Smart Account
 Provide your cisco Smart Account
 Helps you manage Cisco licenses across

your organisation
IP Address
Management
 Provide your IPAM credentials
 Integrate DNA-C with your IPAM

 Infoblox
 Bluecat
Proxy Server
 Provide your Proxy

server credentials if
required
 Validate access to
Proxy
 Needed to get DNA-C

Software Updates
Terms and Conditions
 Implicit Cisco End User

License Agreement
acceptance
 Mandatory Acceptance
required
Ready to Go
 Initiate Device
discovery
 Setup Site Hierarchy

or Network Profiles
 Provision, Monitor
and Troubleshoot
devices
Login
 Login with your

username,
password
 Design, Automate
and Assure your
Network
DNA Center First
Time Installation
Site Design
Design Workflow
Define Network Create Assign Wireless

Define Wireless Define Wireless
Create Sites Common Templates Network Profile
Settings Network Profile
Settings (Optional) to Sites
Provision Buildings, Sites, Floors
• “Design” is where buildings are defined
• Shortcut link on main screen: “Add site locations on the network”
• Click “Add Site” to create sites, buildings, and floors
Design Workflow
1 Create Sites
Define Network
Common Settings Area Level
Define Wireless Building Level

Settings
Floor Level
Create Templates
(Optional)
Define Wireless
Network Profile
Assign Wireless
Network Profile to Sites
Design Workflow – Add Building
Design Workflow – Add Floor
Design Workflow
Create Sites
Define Network
2 Common Settings
Define Wireless
Settings
Create Templates
(Optional)
Define Wireless
Network Profile
Assign Wireless
Network Profile to Sites
DNA Center First
Time Installation
Device Discovery
Network Device Setup
• What is required to add devices into DNAC?
• Ensure the following ports are open in ACLs/Firewalls between DNAC and network
devices
ping ssh snmp poll snmp trap syslog netflow https
ICMP echo and reply TCP/22 UDP/161 UDP/162 UDP/514 UDP/6007 TCP/443
• CLI and SNMP details are required for DNAC to discover devices:
• SSH/Telnet Login (Privileged / RW)
• SNMP v2/v3 community (RO)
• Full list of ports that need to be opened can be found in the release notes
Discovery
• Access the Discovery App from the DNAC landing page
Discovery
• Access the Discovery App from the DNAC landing page
Discovery
• Once discovery is added, click Start
• Wait until “Complete” is seen on top left
Inventory
• Device will be in
managed state once
discovery is complete
Provision Devices to Sites
• Select “Provision” devices link on the DNAC landing page
• From the device inventory, select the devices and assign to a building
• Choose the devices and then click Actions > Assign Device to Site, shown as follows
• Choose the devices and then click Actions > Assign Device to Site, shown as follows
• Choose the appropriate site or floor from the drop-down menu and click Apply.
Adding the WLC to a Building
• Select WLC from list and click Actions > Assign Device to Site
What Happens When a Device is Added to
DNAC?
• Inventory Collection
• Configuration pushed to devices to allow DNAC manageability
• Establish Streaming Telemetry over secure connection
Configuration Changes on WLCs
3
1 2 REST based API
(https)
Download Cert Push WSA configuration
Configuration Changes on Switches
3
1 2 Syslog and
SNMP Trap
Push PKI, IPDT, HTTP Server, SNMP Poll and CLI
SNMP configuration telemetry collection
Adding the AP to a Floor Plan
• Design > Select Building/Site/Floor from hierarchy
• Select “Edit” button
• Access Points > “Add”
• Select Access Points > Position if AP’s area already assigned to the floor
Adding AP to Floor Step 1
Step 3
Step 4
Step 2
77
Assurance Real World
Examples
Integrations – AAA/ISE
AAA Server - ISE Integration
Objectives and Key Points
• Single pane of management for all AAA/policy administration between

network devices and ISE
• Automate Radius/TACACS configuration for network devices.
• Support only one ISE cluster.
• Enable secure services between DNA-C and ISE:
o pxGrid Service to pull the info out of ISE (Uni-Directional)
Obtain TrustSec metadata such as SGT, IP-SGT mappings and TrustSec
policy.
Pre-Requisites
• The minimum supported ISE version is 2.3

• pxGrid service and SSH should be enabled on ISE.
• ISE super admin credential is used for trust establishment for SSH/ERS API
communication.
• ISE CLI and UI user accounts must use the same username and password
• ISE admin certificate must contain ISE IP or FQDN in either CN or SAN.
• DNA-C system certificate must contain DNAC IP or FQDN in either subject
name or SAN.
• pxGrid node should be reachable on eth0 IP of ISE from DNA-C.
Add ISE Step3d
EasyQoS in DNA-C
- Trust and Verify
Shared secret
between ISE and
devices for TACACS
or Radius
FQDN from ISE

deployment
Integrations - CMX
Building Blocks of Wireless Profile
Wireless Site Profile
Wireless Network
Site Network Settings
Profile
AAA, DHCP/DNS,
Wireless Settings Templates
NTP, Time Zone, MoD
SSIDs, Wireless
SNMP/Syslog/Netflow
Interfaces
SSH/SNMP
RF Profiles
Credentials
CMX
CMX Integration
Key Points:
• Objective is to simplify CMX integration via DNA-C automation of the following manual
tasks:
• Import maps to CMX
• Add WLCs to CMX
• Most of Integration is done via REST API calls (e.g. adding WLC); the rest (e.g. deleting
maps) is done via SSH CLI.
• Support On-Prem CMX only in DNA-C 1.2
• The minimum supported CMX version is 10.4.1.12
CMX Integration
Features:
• Automatically push floor changes to CMX
• Query CMX, discovery client locations and render clients on floor map
• Track client live on floor for troubleshooting
• Display historical trajectory of a client on a specified floor with historical RF metrics.
CMX Integration - Design
• At global level of “Design->Network Settings->
Wireless”, there is a new option to add CMX
settings
• IP Address UI Login
• UI/API Login Credential

• CLI Login Credential
CLI
Login
CMX Integration - Provision
Automation - Add WLC to CMX
It happens automatically when DNA-C provision WLC to site
1 DNA-C
2 CMX
Integrations –
LiveAction Live NX
LiveNX and Cisco DNA-C Integration
• Visual Analytics
• Faster troubleshooting and deep network insight
• Multi Vendor Network Visibility

● Flow ● ● Device
• 3rd Party Vendor Support
● User
● SNMP Inventory ● SD-Access • Full telemetry suite: Flow, Packet, SNMP, REST API
● Site Semantics
• Cisco DNA-C Integration
• Health/Issues – Site, Network, App, Client
DNAC REST API PxGrid REST API • Context, Semantics, Inventory
• Cross Launch 360 Views
• ISE/pxGrid
• SD-Access Over/Underlay Visibility
DNA Center PxGrid ● ISE • Virtual Network and SGT Info
Cisco Network
Devices
Cisco SD-Access
Fabric Visibility across Cisco SD-Access
• SD-Access objectives: workgroup agility thru fine grained segmentation.
• Technical: Correlation of inner and outer headers
• Virtual network (VN) and scalable group (SG)
• Client application and DSCP information
• Operational: Visibility for fast troubleshooting
DNA-Center Integration: LiveNX for SD-Access
Cross launch
LiveNX and Cisco DNA-Center Integration
Cisco IT
Sanjeet Sharma
Cisco at a Glance AP Other 7%
AM Other 6%
EU/EM 7%
6,243 8,415 10,690

Routers LAN Switches UCS Servers Billion DNS
requests per day
72,357 133,361 RTP 14%
SJC 45%
Connected Global IT Staff
India 21%
Employees Stakeholders Countries Offices Distribution
100 76,136 192,770 PB MW 6.4M

Services Virtual Machines
Cisco IT 639 6,243 313
Global Backbone 8,415
Wireless LAN LAN Switches
Controllers Routers Call Managers
72 101,289
Cache Engines Virtual Private

London
Network
San Jose/ Kanata Amsterdam
Denver Chicago
932
Redwood City
Hong Kong
Bangalore
Tokyo
RTP
NY
Hong Kong
Shanghai
Tokyo
Hawthorne 30,481
Sydney Hawthorne Orlando Bangalore/
MVDC
Lawrenceville Chennal San Jose
San Jose
10 Gb/s
2.5 Gb/s
622 Mb/s Hawthorne
Wide Area Cisco Virtual
155 Mb/s Singapore Application (WAE) Office
Engines
Tier 1a Transit Node
Tier 1b Non-Transit Node
San Paulo
Sao Paulo
Production Data
Center
Sydney
13,000 403
2+
ASA
Million Access Points
Challenges in managing a large enterprise
network
Transport Application Slow to
Increasing complexity of Flexibility & Assurance troubleshoot
segregating traffic from Segmentation
business function hard to predict
Too many Simplified Disjointed

Operations Security Agility and
many points of Flexibility
control & Challenges
administration
Cloud Time
Cloud applications Consumption To Capability
result in non- To slow to react to
optimised traffic business change
patterns
#CLMEL © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Over 20,000 Network
devices in Cisco IT Network!
Programmable Infrastructure
CLI Scripting/Programmable Data Model Telemetry
1day? 1hour? near real time?

Cisco IT – Our Pieces of the Puzzle
CMX/DNA
Spaces
ISE
H/W
DNA-C
S/W
Development: Beta dev/testing
Production Network PoC Network
Cisco DNA-C/ISE
• PoC: Dev Environment
• Feedback not cases
• Incentivise users to join
SDA Fabric • Failure scenario
• Agile development
through release
SSID: Cisco SSID: Cisco-Beta planning
Cisco DNA Center – Current Status
Amsterdam -
Netherlands
Richardson -
Texas
Singapore -
BETA Sites
Malaysia
1x standalone DNAC Dev
Environment Appliance
1x standalone & 1x
clustered DNAC Test
Environment Appliance 3 node clustered -DNAC
Appliance
Network Management Centers - Cisco DNA
Center – Dev, Test, Stage & Production
Amsterdam -
Netherlands
Richardson -
Texas
Singapore -
BETA Sites
Malaysia
1x standalone DNAC Dev
Environment Appliance –
DN2
1x standalone & 3 node
clustered DNAC Test
Environment Appliance – 3 node clustered -DNAC
DN2 Appliance
Cisco IT – A Look at SDA Architecture
Cisco Owned Cloud
Prod Network Cloud Ports

Internet
Internet/DMZ
DC Context SDWAN Cloud Services
Identity
Assigned Site Assigned
Segment Segment
Prod User Extranet IoT Acquisitions Labs VRF
ISE + SDA
Summary
Summary
• Make things simple not complex
• Plan deployment (addressing, infrastructure, use cases)
• Assurance, Automation, Segmentation, Platform
• Meet the expert session – Thursday 10:30-11:30
Other KEY Sessions
Other KEY Sessions
• BRKEWN-2034: Cisco DNA Wireless Assurance
• BRKRST-1686: Cisco DNA Center as the Platform
• BRKCRS-2684: Cisco DNA Center is NOT the “NEW” Prime: A Migration
Journey From Traditional NMS to Cisco’s Intent-based Networking
• BRKRST-3685: Taming the Wild Wild West of Applications in Your Network
Using Cisco DNA Center Application Policy
• BRKRST-2674: Cisco DNA-Center Automation
Q&A
#CLMEL
Complete Your Online Session Evaluation
• Give us your feedback and receive a
complimentary Cisco Live 2019 Power
Bank after completing the overall event
evaluation and 5 session evaluations.
• All evaluations can be completed via
the Cisco Live Melbourne Mobile App.
• Don’t forget: Cisco Live sessions will
be available for viewing on demand
after the event at:
https://ciscolive.cisco.com/on-demand-library/
Thank you
#CLMEL
#CLMEL

BRKCRS 2259

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKCRS 2259

Uploaded by

Copyright:

Available Formats

#CLMEL

• Integration with other platforms

• Cisco IT’s Approach

Difficult to Segment Complex to Manage Slower Issue Resolution

Traditional Networks Cannot Keep Up!

Core Tenant VRF

Informed By Context Powered By Intent Driven By Knowledge.

Visibility into traffic Translate Business Intent Machine learning at scale to

Introducing Cisco DNA-C

Cisco DNA Center™

Policy Provision Design Assurance

Cisco DNA Center Complete network Analytics for assurance

Fabric Network Automation Assurance

Business Intent driven Simplify Day 0 to Day Monitoring

 Cisco DNA Center deployment can be a seamless process once due

 Cisco DNA Center Appliance (DN2-HW-APL)

 Network Patch Requirements for each DNAC Appliance

 DNA Center Cluster

Use Case URLs

DNA Center Update package downloads https://*.ciscoconnectdna.com/*

Smart Account and SWIM Software Downloads https://*.cisco.com/*

Rendering Geo-Maps on the DNA Center UI https://*.tiles.mapbox.com/*

Meraki Integration https://*.meraki.com/

IPAM Integration URL for the IPAM-server

User feedback https://dnacenter.uservoice.com/

10Gb port for Intra Cluster interface. Leave

 Provision for separate intra-cluster link on day 1

 Use a complete private network for intra-cluster link

 Provision for Virtual IP on day 1

 Reserve cluster subnet and service subnet address pool

Cisco Cloud Ops Connected DNA Option 2: User

 Update using cloud tethering. Cloud tethered images

Setting Up DNA Center

 Select Start a DNA-C Cluster to setup master

Setting Up DNA Center

 Configure 1st network interface Ten Gigabit

 This interface can be used for Intra Cluster

Setting Up DNA Center

 Provide a default Gateway and a DNS Server

 If needed provide a static route, or leave it blank.

 Recommended: Select a dedicated 10G interface

 IPv6 will be supported in a later release.

 Click Next to continue.

Setting Up DNA Center

 Typically, to connect to lab devices, DNS Server

 Make sure the gateway is reachable.

 Please leave “Cluster Link” and ”IPv6 address”

 Click Next to continue.

Setting Up DNA Center

 Provide the Default Gateway and DNS

 Do not select Cluster link

Setting Up DNA Center

 Let the system proceed with the installation

Setting Up DNA Center

 Enter the network Proxy Server settings to

Setting Up DNA Center

 Provide Virtual IP Address for Cluster

 Needs to be on the same subnet as the

 Click Next to continue

 Enter the passwords for the operating

 Linux Password is used to SSH to the

 Administrative Passphrase is used to access

 Both passwords and passphrases require a

DNA Center Update package downloads https://.ciscoconnectdna.com/

Smart Account and SWIM Software Downloads https://.cisco.com/

Rendering Geo-Maps on the DNA Center UI https://.tiles.mapbox.com/