Professional Documents
Culture Documents
2.2.3.x(Shockwave)
Aug 2021
1 Key Highlights in Cisco DNAC 2.2.3.x
3 List of Features
Agenda
4 Cisco DNA Automation Update
• Application QOS and RMA support for IOT Extend the power of Intelligent Automation and AI-Ops to
switches IOT deployments with use cases such as App QOS, RMA
Drive Adoption • Endpoint Analytics – Seamless ISE increasing DNA Center adoption. Endpoint Analytics can
integration , NAT detection now work in NAT’ed environments too.
• Wireless - Mesh Configuration support
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Business Outcomes and Capabilities
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
New Capabilities in Cisco DNAC 2.2.3.x Enable IT Teams to Work
Smarter and Faster
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Center Use Cases and Capabilities
Category
Network
Base Automation Software Defined Access (SD-Access)
Assurance
Use Cases
1 2 3 4 5
Network Device Software Image
Network Assurance Network Segmentation Network Policy
Onboarding Management
a a a a a
Discovery, onboarding, and Upgrading and patching Configuring segmentation for
Monitoring health scores Configuring security policies
provisioning devices using network device software users, guests and network
(network, app, client etc.) and maintaining compliance
Plug-n-Play images devices
Capabilities
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
1 Network Device
2 Software Image
3 4 5
Network Assurance Network Segmentation Network Policy
Onboarding Management
Automation Configuration
Start up Vs Running config Comparison • Remediate Config differences using Bulk Sync between Startup & Running Configurations
Compliance
Troubleshooting and guided remediation using Machine • AAA Failure Root cause Analysis
Reasoning • Network Heatmap Export option
Network AI Ops • POE port availability dashlet, Stack Power Supply details
Assurance POE analytics • Troubleshoot Webex Audio, Video and sharing related issues via Webex control Hub integration
Webex Control Hub Integration • True Trace Enhancements to Path trace with KPI Overlay
AI / ML powered Truetrace
Assurance and aWIPS
• 3D Analyzer -Substantial addition/improvement in capabilities and user experience in
Wireless Assurance
heatmap/telemetry visualization, triaging of coverage problems, deployment planning and
Network
generating insight.
Assurance
• SPAN /ERSPAN Automation workflows for Traffic Telemetry Appliance (TTA)
App Experience
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configuring security policies leveraging AI GPA
Group Analytics Network Policy • New UI enhancements , Custom Policy view and Policy enforcement stats
recommendations
List of features
(Automation/Assurance/SD-Access/Platform)
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Summary of Features in Cisco DNAC Shockwave
• 2.2.3.x introduces 3x scale for Endpoints and 4000 Site element support for Large Enterprise deployments
• Automation – SWIM protocol preferences, WLAN Mesh config support, New Events/Reporting, Compliance
remediation . RMA and App QOS support extended to IOT 33xx switches.
• AIOps – Endpoint analytics now supports seamless ISE integration , Posture/Authentication Inputs to Trust score.
Network Heatmaps can now be exported .
• AI Ops – Introducing industry first 3D Analyzer for Wireless maps which provides new capabilities and user
experience for heatmap/telemetry visualization, triaging of coverage problems, deployment planning and
generating insight.
• Assurance - POE analytics enhancements, Isolate Collab issues faster with Webex Control hub integration for
Client 360 and Network Services Analytics to improve user Onboarding experience . True trace adds new KPIs
and packet capture capabilities with Path trace.
• SDA – Fabric Zones support , new UX for Automation and Assurance . Also support for AAA per SSID with
Embedded WLC in Fabric.
• SecOps – Security Advisory is now supported on 9800 WLC . Users can now subscribe into Rogue/aWIPS events
in addition to consuming reports .
• AND several more Innovations that deliver on Intelligent Automation & AI enabled Assurance/Analytics.
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco SD-Access and Zero-trust 2.2.3.x Features
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Automation 2.2.3.x Features
PNP /Device replacement(RMA) enhancements Inventory
• PNP – 801x for AP onboarding • Support for VLAN changes per interface
• PNP user Authorization while Onboarding • Support to identify Port Channel interfaces and ports in Error
Advisory
Wireless Maps Device Credential
• 3D Analyzer • Creation of device credentials and applying to the sites at the
• Neighbor Information displayed on Wireless Maps site level view
Wireless • Support for AES 256 privacy type for SNMP v3 credentials
• Mesh Configuration Support
• Support for Remote LAN configuration
• Bulk AP Rename – via AP config workflow
• Support for AAA override VLAN for Flexconnect SSID
Rogue Management/aWIPS
• SSID Site Level Override for L2-Security Type
• Event Subscription for Rogue and aWIPS Threats
Security Integrations
• Support for Overlapping IP’s in Flex Deployments
• Adhoc - Rogue Detection
• Update Called station-ID via Model Config
• New aWIPS Signatures - CTS/RTS Virtual Carrier Sense Attack.
• Ability to Disable Random MAC Clients
• Radius Profiling Support
Security Advisories
• Guest Anchor Support for both Guest and Enterprise
• Support for C9800 WLC.
SSID Types.
• Secure AP Onboarding – PnP
Config Compliance
• Config sync for Startup Vs Running config
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance 2.2.3.x Features
Wireless Assurance Application Health
• 3D Maps • WebEx Integration in Client 360.
• Network Service Assurance – AAA and DHCP detailed dashlets
Full Stack Health Visibility
App Ex
Wired Assurance
• PoE Port Availabilty
• PoE Power Allocation
• PoE information for Stack switches in switch 360
• TrueTrace – Enhanced PathTrace using Packet Captures
Wireless Sensors
• Ability to test WPA3 SSID
• Proxy support for Web Application Tests
• Subscribe to Sensor Issues
AI/ML
AI/ML & MRE
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Prime Migration
Wired Wireless
• CLI Templates Migration from Prime to DNAC • Anchor configurations for Dot1x and other non layer 3 web
policy SSIDs
Automation
• Keep the AP last contact CDP neighbor info when it goes • Missing KPIs on AP 360: Multiple Channel, Configured Rate,
down Power Status, BSSID Info and others
• Device CPU and Memory Utilization Report • AP KPI Report (Traffic and Client Breakdown)
Assurance
• Emergency, Severe and Critical Syslogs in the Event • Client Trend Report - Long Term report (90 days to 12 months)
• Neighbor information displayed on wireless maps with KPIs
viewer
• Critical KPIs on AP 360:
• Neighbor and Rogue AP view
• Client Distribution and Tx Power
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Center System 2.2.3.x Features
Disaster Recovery for single and 3-node Cluster (1:1 and 3:3
DR) 3x Scale
• Support for 1:1 DR in (44C) appliance (DN1 & DN2)
• DR Cluster to work with upto 350 ms latency •Supported only on 3-node DN2-HW-APL-XL
• API support for DR monitoring •4K site elements
• Support for adding a separate certificate for DR (optional)
Scale
•8K network devices
DR
License Manager
License Management
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Center Platform 2.2.3.x
• AI Endpoint Analytics – Endpoint profiling Report
• Client Trend report (Up to 12 months of data ) Licenses Out of Compliance events
New Events
• Group communication Summary Reports Rogue /aWIPS Events
• Group Pair Communication Analytics Report
New Reports
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
System Capabilities in 2.2.3.x
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
License Manager updates
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Out of compliance warning when licenses have expired
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
User License Upload Reports for SLP devices
❖ User can generate license upload reports for devices that are capable for Smart
licensing using policy
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
FQDN support for Smart proxy, On-Prem CSSM
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Disaster Recovery
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Disaster Recovery
RTO/RPO 30 mins
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Integration with BGP routing protocol to advertise the location of DR VIP upon failover
Disaster Recovery Monitoring
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Logical Topology after 1:1 DR configuration is successfully deployed
Disaster Recovery Event Timeline
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Event Timeline capturing the various stages of DR events
Scale
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNAC 3X Scale Update
DNAC Releases
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Software Defined Access
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
SD-Access Fabric Zones
2021 Cisco
© 2021 Ciscoand/or
and/oritsitsaffiliates.
affiliates.AllAll rights
rights reserved.
reserved. Cisco
Cisco Public
Confidential
SD-Access Fabric Zones
Use Case
• Before 2.2.3.x, the provisioning scope of an IP Pool was the whole fabric site. For security and/or better
fabric site scaling, some customers require granular control of IP Pool provisioning scope.
Details
Considerations
• L3VNs and IP Pools must be assigned to the parent fabric site before assigning to one or more
Fabric Zone.
FABRIC ZONE 1 FABRIC ZONE 2 FABRIC ZONE 3
• Only edge nodes (FE, EN, PEN) can be provisioned to a Fabric Zone. Collocated fabric roles (e.g.,
FE+B, FE + Embedded WLC, etc.) cannot be provisioned to a Fabric Zone.
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Fabric UX 2.0
2021 Cisco
© 2021 Ciscoand/or
and/oritsitsaffiliates.
affiliates.AllAll rights
rights reserved.
reserved. Cisco
Cisco Public
Confidential
Fabric Site Visualization and Management
New UX Workflows
Considerations
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Fabric UX 2.0 : Assurance
• Cisco DNA Center UI
Use Case Enhancements – Phase1
• Customers require detailed SD-Access health and fabric-specific operational visibility to
detect and troubleshoot issues.
Details
• Cisco DNA Center Assurance has a new SD-Access landing page that contains overall
fabric health information across all fabric sites.
• New fabric Assurance sub-categories have been added across various components to
quickly triage VN services, infrastructure and connectivity issues.
Considerations
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
AAA Server Per SSID for
Embedded Wireless
2021 Cisco
© 2021 Ciscoand/or
and/oritsitsaffiliates.
affiliates.AllAll rights
rights reserved.
reserved. Cisco
Cisco Public
Confidential
SSID1 Fabric Site
SSID2 SSID2
AAA-SVR3 AAA-SVR3
Use Cases AAA-SVR4 AAA-SVR4
AAA-SVR5 AAA-SVR5
• Certain Deployments may require RADIUS servers to be customized per SSID. SSID3 SSID3
AAA-SVR6 AAA-SVR6
• The most common use case is a different set of AAA servers for Enterprise and Guest AAA-SVR7 AAA-SVR7
users and endpoints.
Feature Overview
SD-Access Fabric
• This feature was introduced in Cisco DNA Center version 2.2.2.x for AireOS and
Catalyst 9800 Series Controllers
• The feature is supported for Cisco SD-Access Embedded Wireless on Catalyst 9000
Series Switches from Cisco DNA Center version 2.2.3.x
• Cisco DNA Center now allows up to six AAA severs per SSID.
• Both ISE PSN and regular AAA servers are supported with this feature.
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Center Automation
updates 2.2.3.x
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Device Credentials
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Device Credential
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Device Credential- SNMPv3
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Inventory Updates
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Inventory- Port/VLAN Changes
❖ Display Ether-channel
configured on the device / Port
Channel
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Inventory- Port/VLAN Changes
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Inventory- Port/VLAN Changes
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Inventory- Provisioning Focus- Configuration Difference
❖ Under the Provisioning Focus, we now have option to view the configuration difference
between previous running config and the intent which was pushed by DNAC
❖ The config diff will take 5 mins to show after the intent is provisioned successfully
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Template Editor
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Template Editor
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Template Editor
❖ Option to simulate composite templates introduced ❖ Attaching a template to profile has new changes
to 2.2.3.x release
❖ Based on device type, the templates are shown in
the table below
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
3D Analyzer Overview
• Easy steps to create high fidelity 3D space for a
floor, including high ceiling environments.
• Predictive heatmap for RSSI, SNR and Channel
interference.
• Three use-case based options for heatmap
visualization : Point cloud, Isosurface and
scanner.
• Intuitive 3D navigation tools : satellite view , first
person view, drop in a pin, game console like
movement in 3D space.
• Simulation capability to support what if
scenarios and commit simulation results to
production.
• Configurable insights on floor for coverage SLA,
Voice readiness , Channel interference.
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Floor Set up using CAD file
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
RSSI heatmap - ISOSurface
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
RSSI heatmap – Point cloud
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
RSSI heatmap - Scanner
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
SNR heatmap
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Interference heatmap
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Navigation – First person view
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Navigation – Drop a pin
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Navigation – Clip plane
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Navigation – Clip box
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Navigation – Insight view
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Insight – Configuration
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Insight – Voice coverage
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Insight - SLA
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Wireless Maps
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Neighbour information displayed on wireless maps
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Compliance
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Compliance – Startup vs Running Remediation
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application QOS
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Policy Support for Industrial IoT Switches
Extend Application Policy to support to customer's extended enterprise
deployments in outdoor spaces, warehouses, and distribution centers.
Customer Benefit
▪ Customers can automate QOS policy on parts of the networks
running IoT at the edge
▪ Ability for customers to use Application QOS Policy on IoT
switches can support growing IoT usage
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
API support for Application Policy
Enabling the flexibility and programmability to create policy in customer deployment
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Group-Based Access Control
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
New Group-Based Access Control Dashboard/Overview page
New dashboard:
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Extend VN Attribute Propagation for MDNAC Deployments
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Endpoint Analytics
Trust Analytics
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Wired Concurrent MAC Address Detection
Use Case
EA
Multiple wired endpoints are connected (for
example, on different switches or in different
VLANs on the same switch) with the same MAC
address. This may indicate duplicate MAC's or
MAC spoofing
Feature
Detect concurrent instances of the same MAC
address connected at the same time
DCS
Considerations
DNAC Version: 2.2.3 (Shockwave)
Catalyst 9K w/ IOS-XE: 17.6.1+
*Works on wired endpoints connected to CAT9k 00:26:AB:7C:EC:40 00:26:AB:7C:EC:40
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Detect NAT Devices
Use Case
Network Address Translation (NAT) devices are
providing unauthorized and unmanaged entry
points onto my network.
Feature
Detect NAT devices using the new NAT device
detection feature on Endpoint Analytics
Considerations
DNAC Version: 2.2.3 (Shockwave)
Catalyst 9K w/ IOS-XE: 17.6.1+
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Anomalous change in profile label
Multifactor Classification
Feature
Detect anomalous changes to the profile label
EA
while ignoring changes that are normal and
expected to happen
Considerations
DNAC Version: 2.2.3 (Shockwave)
Catalyst 9K w/ IOS-XE: 17.6.1+ DCS
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Globex Ultima CT Scanner
(Runs Windows 7)
Posture & Authentication Trust Score Input
Use Case
Authentication & Posture provide rich context
that is relevant to endpoint trust but are
currently not used in the trust score calculation.
Feature
Posture & Authentication data are now used
to evaluate the trust score of an endpoint.
Considerations
DNAC Version: 2.2.3 (Shockwave)
ISE Version: 2.4P11+, 2.6P5+ or 2.7P1+
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Support for ISE generated Unique-Id
Use Case
In the latest versions of Android and iOS,
devices can use random MAC addresses, and
this may be turned on by default. Tracking
endpoint based on random MAC becomes very
cumbersome.
Feature
Utilize ISE unique-IDs for endpoint
identification rather than MAC address.
Considerations
DNAC Version: 2.2.3 (Shockwave)
ISE Version: 2.4P11+, 2.6P5+ or 2.7P1+
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Endpoint Purge
DNAC 2.2.3
Use Case
Old and unused endpoints are in my inventory
and causing my DNAC to approach scaling
challenges.
Feature
Purge out old endpoints using the endpoint
purge policy feature based on the endpoint
profile
Considerations
DNAC Version: 2.2.3 (Shockwave)
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Roadmap
Threat Metrics
Vulnerability Status
Security Ecosystem
Vulnerability Auth/ Posture Metrics
communications
Encrypted/Clear
Databases
Profiling anomalies Trust Score
Spoofing behavior
Trust-based Policies
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Center Assurance
updates 2.2.3.x
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Services
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Services - AAA
• AAA Servers
• AAA Server Latency
• AAA Server Transactions
• AAA Transaction Failures %
• Top Sites by Transaction Failures
• Top Sites by Highest Latency
• AAA Servers
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network
NetworkServices
Services- -AAA
AAA
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Services – DHCP
View DHCP insights and
troubleshoot data within the
DHCP tab for a selected
period.
• DHCP Servers
• DHCP Server Latency
• DHCP Server Transactions
• DHCP Transaction Failures
%
• Top Sites by Transaction
Failures
• Top Sites by Highest
Latency
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Services - Overview
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
TrueTrace
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
TrueTrace
Enhanced Packet Capture that allows live traffic to be captured,
providing visibility into Network Topology, Security Policies, and
Performance Metrics to identify critical issues.
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
TrueTrace
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Start
Trace
TrueTrace (cont’d)
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Prime Migration features
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
Run and Review PDART
Report
2021 Cisco
© 2021 Ciscoand/or
and/oritsitsaffiliates.
affiliates.AllAll rights
rights reserved.
reserved. Cisco
Cisco Public
Confidential
Assess Prime Usage via PDART Tool
1 Software
PDART Tool
2 Network Devices
• Identify network devices in the wired and wireless network
• Assess network device compatibility with DNAC
PDART Tool
3 Use Cases
• Assess top Prime Infrastructure use cases.
• Surface any gaps – DNAC will prioritize them on the roadmap
PDART Tool
4 Scale
• Assess scale of managed devices (wired network devices,
access points and clients)
PDART Tool
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
2021 Cisco
© 2021 Ciscoand/or
and/oritsitsaffiliates.
affiliates.AllAll rights
rights reserved.
reserved. Cisco
Cisco Public
Confidential
Cisco DNA Center Platform
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
API support for Application Policy
Enabling the flexibility and programmability to create policy in customer deployment
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
New System APIs - Licenses
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
New Licensing Reports
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
New Report – Device Lifecycle information
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
New Reports – Group Communication summary
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public
New Report - AI Endpoint Analytics
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public