Professional Documents
Culture Documents
TECNMS-2900
Getting Started with
Cisco DNA Center
Marcel Rothstein
Ivana Lukić
Technical Solutions Technical Solutions
Architect Specialist
Germany Germany
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Agenda
Cisco DNA Center 10 minutes overview
Key takeaways
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
It’s a « TAPAS » session
We are here to get you started with Cisco DNA Center
YES NO
✓ Basic actions you’ll most likely have ❌ Latest features or roadmaps
to do
❌ Advanced features you’ll deploy at a
✓ Global understanding of Cisco DNA second stage
Center
❌ Deep dive on the solution
✓ Basic network automation and
❌ API / Programmability
assurance
✓ Tips and tricks
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
The Network. Intuitive.
Constantly learning, adapting and protecting.
LEARNING
INTENT CONTEXT
Powered
by Intent Intent-based
Network Infrastructure
Translate Business Intent
to Network Policy
Automate the management
and provisioning millions of
devices instantly
SECURITY
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
The Old Way
Provisioning site by site, line by line
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
The New Way
Made simple by The Network. Intuitive.
INTENT
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Provision
Bring a new location online and add it to the fabric network
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Policy Segmentation
Provide different access rights by user/thing group
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Context
The Network takes the data around users, apps, devices, threats and turns it into
context
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
What Cisco DNA-Center will be used for – you
decide! Cisco DNA Center
Classic Design
Policy Automation Analytics
User Mobility
Policy stays
with user
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Cisco DNA Center
Not just a new Network Management System
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Agenda
Cisco DNA Center 10 minutes overview
Key takeaways
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
If your IT Management was very generous this
year…
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
If it was not a Christmas gift, below are the
Appliance Ordering Options
Greenfield
• DN2-HW-APL (entry) can be clustered with old one (DN1-HW-APL)
• DN2-HW-APL-L (mid-size)
• DN2-HW-APL-XL (large)
• Sizes are referring to the scale numbers / intended deployment
SDA Bundles
• SDA-W-LABKIT (wired only option)
• SDA-WW-LABKIT (wired + wireless)
“SeedIT” Program
• FY20 Offer for the first-time buyers (for more information visit www.cisco.com/go/seedit)
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Cisco DNA Center Scale – Scaling Parameters
37 Parameters directly relevant
when designing for scale
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Cisco DNA Center System Scale For Your
Reference
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Cisco DNA-C 1.3 – Device Support Summary For Your
Reference
(Attention: for SDA support see next slide!)
• Cat 2k (2960 C/CG/CPD/CX/L/P/X/XR)
• Cat 3k (3650CX, 3650, 3850 Copper & Fiber)
• Cat 4k (4500X, 4503E/06E/07R+E/10R+E with Sup7E or newer)
• Cat 6k (6503E/04E/06E/09E/13E, 6807, 6840, 6880 with 2T/6T)
• Cat 9k (9200/L, 9300/L, 9400, 9500, 9600)
• CDB (Digital Building Switch)
• N77k with M3
• IE 2k, 3k, 4k, 5k
• ASR 1k, ISR 1k & 4k
• WLC 3504, 5520, 8540, 9800
• Wave 1 & 2 APs, .11ax APs
• https://www.cisco.com/c/en/us/support/cloud-systems-management/dna-
center/products-device-support-tables-list.html
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Cisco DNA-C 1.3 – SD-A Device Matrix For Your
Reference
https://www.cisco.com/c/en/us/solutions/enterprise-networks/software-defined-access/compatibility-matrix.html
https://content.cisco.com/compatibilitymatrix.html
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Installation + first
steps
Before you start the installation 1/3
DN2-HW-APL-XL
DN2-HW-APL
and
DN2-HW-APL-L
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Before you start the installation 2/3
O Enterprise Network – Interface that is connected to the Enterprise network
• Virtual IP
• All Cisco DNA appliances must be in the same subnet as the Cluster Virtual IP address (see below)
O Intra Cluster Link – isolated network used for communication between the Cisco
DNA Center cluster nodes
• Virtual IP
• Cluster subnet and Service subnet address pool – min. /21 subnet for each (recommended /20-/16)
• Must conform with the IETF RFC 1918 or 6598
• The Cluster/Service subnet address pools cannot be changed after installation
• No other machines should be in this network
• Changing the intra-cluster link from one interface to another is not supported
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Before you start the installation 3/3
O Management – used for Cisco DNA Center management (optional*)
• Virtual IP
O Cloud Update Connectivity – used to update the Cisco DNA Center software
(optional *)
• Virtual IP
*Required only if the Management network and/or the Cloud Update server is not reachable via the Enterprise
Network
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Installation - Let’s get started!
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Installation - Let’s get started!
Option 1 Option 2
Maglev Wizard Browser-Based Wizard
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Installation – Option 1 – Maglev Wizard
Config Wizard:
Enter IP Change Add NTP Finalize
Boot
addresses Credentials Server Installation
Enter Cisco Shell and UI Enter NTP & Finalize
DNA Center IP Username and DNS Server IP installation and
and the other PWD plus CCO (mandatory!) bring up
required IPs login for update controller
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Installation – Option 1 – Maglev Wizard For Your
Reference
Startup Screen Enterprise NIC Setup InterCluster NIC Setup Mgmt. NIC Setup DMZ NIC Setup
NTP and Cluster Verifications Cluster Settings Cluster Settings Proxy Settings Host networking verification
Commit for Install TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Installation – Option 2 – Browser-Based Wizard
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Installation – Option 2 – Browser-Based Wizard
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Installation – Option 2 – Browser-Based Wizard
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Day 0 setup after installation For Your
Reference
After-Installation Register CCO Setup Smart Account IPAM Setup Proxy Setup
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Installation = DONE
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Installation – 3 Node Cluster
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Cisco DNA Center settings without HA
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Cisco DNA Center settings without HA
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Cisco DNA Center settings with HA
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Cisco DNA Center behavior on node failure For Your
Reference
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
External Connectivity Requirements For Your
Reference
The following URLs need to be accessible from the Cisco DNA Center for various operations
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Internal Connectivity Requirements For Your
Reference
Note:
For the detailed list of the required ports/protocols visit:
http://cs.co/dnac_required_ports
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Cisco DNA Center Software Updates Workflow
Cisco Cloud Ops Connected DNA DNA Node(s) Cisco DNA Center Portal
Cloud Tethered
Cloud Catalog HTTPS
On Premise
Cisco Cloud Ops pushes Packages available in cloud Secure connection from Cisco DNA Available updates are displayed in the Cisco DNA
packages to cloud catalog catalog. Push Notification to Center on-premise to Connect DNA Center Packages & Updates page. User downloads
users. Cloud [via Https (Port 443)] the packages to upgrade
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Update Management
Update Process
Available Update
Note:
Subsequent upgrades done via cloud tethering
Proxy configuration available
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Cisco DNA Center – Release Versioning
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
RBAC – Roles and Privileges For Your
Reference
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Backup and Restore Procedure
Note: The backup and restore node/ cluster should be running the same software version
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Backup and Restore Procedure For Your
Reference
▪ During backup, Cisco DNA Center creates a copy of ▪ During restore, Cisco DNA Center removes and replaces
the following files and exports the files to a specific the existing database and files with the backup files.
location on a remote server:
▪ Cisco DNA Center is unavailable during restore
▪ Cisco DNA Center databases ▪ You can restore a backup to a Cisco DNA Center system
with a different IP address. This could happen if for any
▪ Cisco DNA Center credentials reason the IP address is changed on Cisco DNA Center
▪ Cisco DNA Center file system and files and you need to backup from an older system
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Configuring Backup For Your
Reference
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Create a backup using UI For Your
Reference
If there are any packages in a deployment error state, the system will not allow to start
a backup. Please fix the error state prior to conducting a backup.
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Design
Considerations
High Availability Deployment Scenarios
Intracluster
Interface
Cloud Interface
Management
Interface
Two Switches: Single point of
Recommended failure for Cisco DNAC
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
High Availability Deployment Scenarios
Multi DC
DC1 DC2
Enterprise
Interface
Intracluster
Interface
Management
Interface
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Cisco DNA Center Design Considerations
• Number of devices / APs (see the scaling guide)
• One Cisco DNA Center can manage several sites
➢ Maybe more than 1 cluster is needed
• Latency
➢ <10ms Cisco DNA Center Cluster Links
➢ No support of physically distributing the cluster
➢ Same subnet for all appliances
➢ 200ms RTT to the Network Devices
• Check about
➢ SD-A requirements
➢ Applications used
➢ Number of users
➢ Number of config changes / IOS Updates
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Agenda
Cisco DNA Center 10 minutes overview
Key takeaways
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
What can I do with Cisco DNA Center to automate a
traditional wired network? Cisco DNA Center
Classic Design
Policy Automation Analytics
User Mobility
Policy stays
with user
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Base Automation
• Design
• Network Hierarchy
• Network Settings
• Network Profiles
• Populate device
inventory
• Provision
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Design matches network management BCP
Facts
Network Managed by Regions / Areas DHCP
Server DNS
Multiple Network Operations Team North
Server
EMEAR
America
Collocated Network Services
Differences in Network Designs
Syslog South AAA
Site2
America Server
Key Challenges Server
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Design Network Hierarchy
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Automate Roll Out of Regional Changes
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Cisco DNA Center – ISE pxGrid client
2
4
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Device Credentials
▪ Defined Globally
and Inherited
▪ CLI credentials
▪ HTTP(S) Credentials.
Mandatory for Enterprise
NFV
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Base Automation
• Design
• Populate device
inventory
• Device Discovery
• Device Addition
• Inventory Data Collection
• Provision
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Network Discovery
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Network Discovery
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Device controllability and discovery
▪ Enabled by default
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Base Automation
• Design
• Populate device inventory
• Provision
• Assign Devices to Sites
• Deploy Network Settings
• Deploy Configuration Template
• Upgrade Device
• New Device Onboarding
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Base Automation
• Design
• Populate device inventory
• Provision
• Assign Devices to Sites
• Deploy Network Settings
• Deploy Configuration Template
• Upgrade Device
• New Device Onboarding
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
How Device Deployment comes together
Site - “glues” Design Properties
Design
⚡︎ Network Settings
Provision
⚡︎ Router
⚡︎ Switch
⚡︎ WLC
⚡︎ AP
⚡︎ ENCS
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Provision device: assign devices to site
1
2
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Provision device: deploy network settings on
devices
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Base Automation
• Design
• Populate device inventory
• Provision
• Assign Devices to Sites
• Deploy Network Settings
• Deploy Configuration Template
• Upgrade Device
• New Device Onboarding
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
CLI Template Editor
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Template Editor
Template Engine is VTL (Velocity Template) like in Prime infrastructure
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Parameter definition
▪ Input validation
▪ Default value…
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Test your form with simulation tool
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
How Device Deployment comes together
Site - “glues” Design Properties
Design
⚡︎ Network Settings
Provision
⚡︎ Router
⚡︎ Switch
Design ⚡︎ WLC
⚡︎ Switch network Profile ⚡︎ AP
⚡︎ Templates ⚡︎ ENCS
⚡︎ Wireless network profiles
⚡︎ SSID’s
⚡︎ Interfaces
⚡︎ RF Profiles
⚡︎ Templates
⚡︎ Router/NFV network Profiles
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Base Automation
• Design
• Populate device inventory
• Provision
• Assign Devices to Sites
• Deploy Network Settings
• Deploy Configuration Template
• Upgrade Device
• New Device Onboarding
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Image management
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Managing Software Image
Goals: Benefits:
▪ Ensure Consistency of ▪ Golden Image based workflows
Software for all network drive software consistency
devices (by platform type) ▪ Pre/Post check ensures that
▪ React to PSIRT and bugs fast software updates do not have
▪ Deploy software with side effects on the network
confidence ▪ Patching provides small
updates to react quickly to
security fixes
Provision
Import Monitor
TAG Golden Outdated
Image/SMU* Upgrade
devices
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Visualize Software Images
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Manage Software Images
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Image Standardization - “Golden Images”
Device Type
• Golden image per device
type
Device Role
• Devices in the same family
classified by role (core,
distribution, access …)
Site Mapping
• Site hierarchy provides override of golden image
• Ex: EMEA uses v16.6.2s vs APJC uses 16.6.1
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Devices not Compliant with Golden Image
Built-in
Compliancy
checks to
Automatically
flag devices
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
SWIM/SMU Workflow Experience with
Cisco DNA Center • Select device/(s)
1 1 to update
Image/SMU
• Automatic Pre-
Checks done for
2 RAM & Flash
• Abort if Pre-
Check Fails
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
SWIM/SMU Workflow Experience with
Cisco DNA Center
3 ▪ Detailed status
information regarding
the Upgrade Process
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Base Automation
• Design
• Populate device inventory
• Provision
• Assign Devices to Sites
• Deploy Network Settings
• Deploy Configuration Template
• Upgrade Device
• New Device Onboarding
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Router and Switch workflow for
Plug and Play
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Router and Switch workflow for
Plug and Play
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
PnP Server Discovery Options
PnP Connect
3 https://devicehelper.cisco.com/device-helper re-directs to Cisco DNAC IP
Address
USB-based bootstrapping
4
USB drive with bootstrap config file - router-confg / router.cfg / ciscortr.cfg
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
PnP Server Discovery Options
PnP Connect
3 https://devicehelper.cisco.com/device-helper re-directs to Cisco DNAC IP
Address
USB-based bootstrapping
4
USB drive with bootstrap config file - router-confg / router.cfg / ciscortr.cfg
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
PnP Server Discovery Options
PnP Connect
3 https://devicehelper.cisco.com/device-helper re-directs to APIC-EM IP
Address
USB-based bootstrapping
4 Typical WAN use cases
USB drive with bootstrap configuration file - router-
confg/router.cfg/ciscortr.cfg
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Router and Switch workflow for
Plug and Play
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Create template in onboarding configuration
project
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Important Tips
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Router and Switch workflow for
Plug and Play
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Add Onboarding Template to network profile
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Router and Switch workflow for
Plug and Play
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Assign sites to profile
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Router and Switch workflow for
Plug and Play
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Router and Switch workflow for
Plug and Play
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
Demo
PnP Workflow
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
What can I do with Cisco DNA Center to
automate a traditional wireless network?
B B
SDA-Fabric
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 135
Design Wireless settings
Standard Network Wireless Interfaces
SSIDs RF Profiles
Settings Map dynamic interface
Based on best practices Based on best Practices
Create and inherit settings to VLAN
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 136
Design Wireless settings
Standard Network Wireless Interfaces
SSIDs RF Profiles
Settings Map dynamic interface
Based on best practices Based on best Practices
Create and inherit settings to VLAN
▪ Enterprise/Guest SSID
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 137
Design Wireless settings
Standard Network Wireless Interfaces
SSIDs RF Profiles
Settings Map dynamic interface
Based on best practices Based on best Practices
Create and inherit settings to VLAN
▪ Out-of-the-box RF Profiles
available -
High,Medium(Typical),Low
▪ Ability to customize RF
Profiles for 2.4 and 5GHz
clients: DCA Channels for
2.4 and 5Ghz clients, Data
Rates, TX power, RX SOP
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 138
How Wireless Deployment comes together
Site - “glues” Design & Provision Properties
Design
⚡︎ Network Settings
Provision
⚡︎ WLC
⚡︎ AP
Design
⚡︎ SSID’s
⚡︎ Interfaces
⚡︎ RF Profiles
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 139
WLC provisioning
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 140
WLC provisioning
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 141
WLC provisioning
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 142
AP positioning (like Prime Infrastructure)
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 150
Map editing, AP positioning
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 151
AP Heatmap
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 152
CMX Integration
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 155
Useful tools
Command Runner – A Debugging App
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 157
Command Runner – A Debugging App
Command runner is Cisco DNA Center package which facilitates
users to execute many read-only commands on one or more devices
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 158
License manager – Smart licensing made easier
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 159
Manage licensing with Cisco DNA Center
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 160
Smart Account
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 161
Licensing
• License comes with the device, not with Cisco DNA Center
• Cisco DNA Center licenses are term based (3/5/7 years)
• Cisco DNA Center requires a minimum of Cisco DNA Essentials licenses on the
infrastructure to use "NMS" capabilities
• Cat 9k has built-in license for minimum of 3 years
• Other switches can buy add-on Cisco DNA license
• E.g. C3850-DNA-E-24=, C2960X-DNA-E-48=, C6807-DNA-A=
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 162
Security Advisories
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 163
RMA workflow – replace faulty devices
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 164
Demo
RMA Workflow
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 166
RMA – good to know
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 167
Meraki Visibility in Cisco DNA Center
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 168
Adding Meraki Devices
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 169
BREAK !
15 minutes
Agenda
Cisco DNA Center 10 minutes overview
Key takeaways
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 173
What can I do with Cisco DNA Center to automate SD-
Access ? Cisco DNA Center
Classic Design
Policy Automation Analytics
User Mobility
Policy stays
with user
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 174
SD-Access agenda
B B
• Introduction to SD-Access
C
• Underlay automation
SD-Access
• Fabric provisioning
• Policy definition
• Host onboarding
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 175
SD-Access agenda
B B
• Introduction to SD-Access
C
• Underlay automation
SD-Access
• Fabric provisioning
• Policy definition
• Host onboarding
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 176
What is the Problem?
Topology diversity
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 177
What is the Problem?
Topology diversity
Cat 6k
Cat 3k
Cat 9k
Cat 2k Cat 4k
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 178
What is the Problem? Sup2T
Topology diversity
Cat 6k Sup6T
Cat 3k
Cat 9k
IOS IOS-XE
Cat 2k Cat 4k
Cat 6k Sup6T
Catabout
What 3k the VLAN architecture and
Cat 9k
addressing schema…
IOS IOS-XE
Cat 2k Cat 4k
Network Policy access-list 102 deny udp 167.160.188.162 0.0.0.255 gt 4230 248.11.187.246 0.255.255.255 eq 2165
access-list 102 deny udp 32.124.217.1 255.255.255.255 lt 907 11.38.130.82 0.0.31.255 gt 428
access-list 102 permit ip 64.98.77.248 0.0.0.127 122.201.132.164 0.0.31.255
access-list 102 deny tcp 247.54.117.116 0.0.0.127 gt 4437 136.68.158.104 0.0.1.255 gt 1945
access-list 102 permit icmp 136.196.101.101 0.0.0.255 90.186.112.213 0.0.31.255
access-list 102 deny udp 242.4.189.142 0.0.1.255 eq 1112 19.94.101.166 0.0.0.127 eq 959
access-list 102 deny tcp 82.1.221.1 255.255.255.255 eq 2587 174.222.14.125 0.0.31.255 lt 4993
access-list 102 deny tcp 103.10.93.140 255.255.255.255 eq 970 71.103.141.91 0.0.0.127 lt 848
access-list 102 deny ip 32.15.78.227 0.0.0.127 72.92.200.157 0.0.0.255
Enterprise Network
access-list
access-list
access-list
102
102
102
permit icmp 100.211.144.227 0.0.1.255 94.127.214.49 0.255.255.255
deny icmp 88.91.79.30 0.0.0.255 207.4.250.132 0.0.1.255
deny ip 167.17.174.35 0.0.1.255 140.119.154.142 255.255.255.255
access-list 102 permit tcp 37.85.170.24 0.0.0.127 lt 3146 77.26.232.98 0.0.0.127 gt 1462
access-list 102 permit tcp 155.237.22.232 0.0.0.127 gt 1843 239.16.35.19 0.0.1.255 lt 4384
SRC DST
PAYLOAD DATA DSCP PROT IP SRC IP DST
PORT PORT
IP
SSID C
ADDRESSES VLAN 20 VLAN 10
User/device info?
SSID A
▪ Locate you VLAN 30
▪ Identify you
VLAN 40
▪ Drive “treatment”
SSID B
▪ Constrain you SSID D
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 181
Solution? – Create a FABRIC that separates
“Forwarding Plane” from the “Services Plane”
Fabric brings Policy Simplification
Fabric breaks dependency between IP and Policy. Separation of Forwarding
and Services planes. In Fabric Polices are tied to User/Device Identity
Overlay
Overlay encapsulation (VXLAN) Fabric Overlay – Services plane
Supplier • Dynamically connects Users/Devices/Things
Overlay • End to End Policies and Segmentation
control plane • Homogeneous – Easy to automate
(LISP)
Devices Employee
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 182
SD-Access overall architecture
DNA Center
ISE
Identity Services Engine IPAM
(AAA)
Policy Automation Analytics
Policy Mobility
Everything provisioned
with no Topology
from single pane of glass
Dependence
B B
C
Outside
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 184
SD-Access agenda
B B
• Introduction to SD-Access
C
• Underlay automation
SD-Access
• Fabric provisioning
• Policy definition
• Host onboarding
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 185
Start building SD-Access fabric underlay
Use
Do it manually LAN Automation
Hosts
(End-Points)
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 186
Start building SD-Access fabric underlay
Greenfield or Brownfield
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 187
Start building SD-Access fabric underlaySup2T
Greenfield only
Cat 6k Sup6T
Just provide a global IP prefix
LAN automation leverages PnP
LAN Automation
Cat 3k and configures for you:
Cat 9k
• Routed interconnections
considerations
• Loopback0
IOS IOS-XE
• IS-IS routing protocol
• Host names
Cat 2k Prescriptive.
Cat 4k You need to start
from a seed device
Sup7 Sup8 Sup9
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Prepare your seed devices - interface For Your
Reference
configuration
Seed-1 Seed-2
S1(config)# interface Loopback 0 S1(config)# interface Loopback 0
S1(config-if)# ip address <ip> <mask> S1(config-if)# ip address <ip> <mask>
! Core !
S1(config)# interface <id> S2(config)# interface <id>
S1(config-if)# description CONNECTED TO SEED-2 S2(config-if)# description CONNECTED TO SEED-1
S1(config-if)# ip address 10.128.255.254 255.255.255.254 S2(config-if)# ip address 10.128.255.255 255.255.255.254
Seed 1 Seed 2
Core
Redistribute
PnP Agent PnP Agent
IS-IS deployed by
LAN automation
PnP Agent PnP Agent PnP Agent
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 190
Prepare your seed devices - routing configuration For Your
Reference
Example in case you use OSPF in the core
router isis
redistribute ospf 1
Core
router ospf 1
OSPF deployed
redistribute connected
manually
summary-address
Summarize 10.200.0.0 255.255.0.0
Seed 1 Seed 2
10.200.0.0/16
Automated
metric-style wide
log-adjacency-changes
nsf ietf
bfd all-interfaces
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 191
Supported topologies for a single LAN
automation process
Seed Seed
PnP Agent PnP Agent PnP Agent PnP Agent PnP Agent PnP Agent
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 192
Specify IP address pool that will be used for LAN
automation
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 193
Specify IP address pool that will be used for LAN
automation
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 194
Reserve the pool for LAN automation
on desired site
Reserve pool
for this site
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 195
Reserve the pool for LAN automation on desired
site
Name
reservation
Declare IP pool as
of type « LAN »
Select
previously
created pool
Segment it if
needed
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 196
LAN automation overall process For Your
Reference
• Define site with characteristics (includes credentials)
• Reserve an IP address pool for your LAN addressing (P2P links / loopbacks)
• Select your seed devices for automation (usually the core/distribution
switches)
• These ones will be configured manually
• Ensure the configuration is compatible with LAN automation
• Check existing routing protocols and redistribution
• Discover manually seed devices
• Enable LAN automation
Repeat as many • Choose interfaces where you want to discover downstream switches
times as needed • Choose prefix to be configured in hostname of discovered switches
(for example if
• LAN automation does it all (discover devices, allocate host names and
you add a new
switch) addresses, give credentials, add them in Cisco DNA Center)
• Stop LAN automation
• Newly discovered switches are now ready for fabric provisioning
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 200
Demo
LAN Automation
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
SD-Access agenda
B B
• Introduction to SD-Access
C
• Underlay automation
SD-Access
• Fabric provisioning
• Policy definition
• Host onboarding
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 203
SD-Access Fabric technologies
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 204
SD-Access Fabric technologies
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 205
SD-A roles and terminology ▪ Cisco DNA Center – Automation
appliance for fabric automation,
policy and assurance
▪ ISE – Identity Service Engine –
Identity Services Cisco DNA advanced AAA solution, implements
Engine Center
segmentation using trustsec
▪ Control-Plane Nodes – Map System
Fabric Border Fabric Mode
that manages Endpoint ID to Device
WLC relationships. Can be collocated with
B B Border Node
Control-Plane
▪ Border Nodes – A Fabric device
C Nodes (e.g. Core) that connects External
L3 network(s) to the SDA Fabric
▪ Edge Nodes – A Fabric device
Intermediate Fabric Edge (e.g. Access or Distribution) that
Nodes (Underlay) Nodes connects Wired Endpoints to the
SDA Fabric
Fabric
Fabric
Mode APs
▪ Fabric Wireless Controller –
Mode APs
Wireless Controller (WLC) that is
fabric-enabled
▪ Fabric Mode APs – Access Points
that are fabric-enabled.
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
SD-Access - Edge Nodes
B B
• Register specific Endpoint ID info (e.g. /32 or /128)
with the Control-Plane Node(s)
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 207
Fabric Enables any subnet anywhere
Routed
underlay
(no STP issues)
Anycast default
gateway
10.1.0.1/16
Stretched subnets
10.1.0.10/16 10.1.0.11/16
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 208
SD-Access – Control Plane Nodes
B B
• Host Database supports multiple types of Endpoint
ID lookup types (IPv4, IPv6 or MAC)
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 209
SD-Access - Border Nodes
Border Node is an Entry & Exit point for data traffic going Into & Out of a Fabric
C
There are 2 Types of Border Node! Known
Networks
Unknown
Networks
B B
• Internal Border
• Used for “Known” Routes inside your company
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 210
SD-Access - Border Nodes
B B
• Exports all internal IP Pools to outside (as
aggregate), using a traditional IP routing protocol(s).
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 211
SD-Access - Border Nodes
B B
• Exports all internal IP Pools outside (as aggregate)
into traditional IP routing protocol(s).
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 212
SD-Access - Border Nodes
B B
• Internal + External Border
• Enables External Border and Imports All Routes
except for 0.0.0.0/0
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 213
Fabric provisioning overall process For Your
Reference
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 214
SD-Access agenda
B B
• Introduction to SD-Access
C
• Underlay automation
SD-Access
• Fabric provisioning
• Policy definition
• Host onboarding
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 218
SD-Access - Two Level segmentation
Macro-segmentation
Building Management
Campus Users
VN
VN
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 219
SD-Access - Two Level segmentation
Micro-segmentation (inside a Virtual Network)
Network
Groups
Second level Segmentation
ensures role based access
control between two groups within
a Virtual Network. Provides the
ability to segment the network into
Building Management Finance SG Employee SG
VN Campus Users
either line of businesses or
VN functional blocks.
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 220
ISE / Cisco DNAC policy workflow
Global architecture
DNA-GUI
Identity
DNA Center
Services
Engine
Authorize (AAA)
Policy Authoring Workflows
Authenticate &
Policy
users
Fabric Management
things
Network
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 221
SDA – Macro segmentation
Internet &
DNA-C (UI) DNAC Cisco ISE
Intranet
B C B C
+ Create Fabric
SJC-19-Fabric
VN: IOT VN: USERS VN: GUEST
SGT: 10-15 SGT: 20-25 SGT: 30
Add Nodes to Fabric IP-POOL: A IP-POOL: B IP-POOL: C
Hosts
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 222
SDA enables Macro and Micro-segmentation
FABRIC
Micro segmentation
with ‘Scalable Groups’
Employees Contractors Cameras Printers
Contracts control
access between SGTs
Contracts (SGACLs)
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 223
VN to SGT binding For Your
Reference
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 224
Cisco DNAC / ISE Creating a Policy For Your
Reference
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 225
Cisco DNAC / ISE Creating a Policy
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 226
Contracts = SGACL For Your
Reference
Configuration made in Cisco DNA-C reflected in ISE
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 227
ISE / Cisco DNAC policy workflow For Your
Define Group Based policies Reference
POLICY DOWNLOAD
FABRIC NODES
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 228
Policy definition overall process For Your
Reference
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 229
SD-Access agenda
B B
• Introduction to SD-Access
C
• Underlay automation
SD-Access
• Fabric provisioning
• Policy definition
• Host onboarding
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 231
Select your default Authentication template For Your
Reference
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 232
Associate IP pools to VN and use (Data or Voice)
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 233
Configure ports individually when needed For Your
Reference
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 234
Host onboarding overall process For Your
Reference
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 236
Demo
Fabric workflow
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
And for Wi-Fi ? It’s the same !!!
Provision Add to fabric
Design
Policies
Policies for
Wired
AND
Wireless
Host onboarding
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 239
You should get prepared for Cisco SD-Access
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 240
Agenda
Cisco DNA Center 10 minutes overview
Key takeaways
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 241
Application
policies
Easy-QoS configures your
network to deliver best
performance for business
relevant applications
Application policies
EasyQoS
Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx
Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)
Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps
Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution
Scavenger CS1 Min BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox Live
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 246
Determining Applications Business-Relevance
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 247
EasyQoS workflow with Cisco DNA-Center
Create Create/Use
Application set(s) Create Application
Application(s) and Policy
(Optional) associate to
Application Set
(Optional)
Deploy
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 248
Application policy Creation
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 249
Create your own QoS – Policy Set
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 250
Use the pre-check
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 251
Check your settings and deploy
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 252
Assurance
Gain visibility in your network
and solve performance issues
faster
Assurance – how to use it
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 254
Network Quality is a Complex, End-to-End
Problem
Affects Join/Roam
Affects Quality/Throughput
What
WAN is the problem?
There are 100+
DHCP
points of failure Office site Where is theNetwork
problem?
services DC
between user
Mobile clients
APs Cisco Prime™
Local WLCs
and app
How can I fix the problem fast?
* Both = Join/roam and quality/throughput
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Assurance and Analytics - What’s New
Existing Approach Cisco DNA Approach
INSI GHTS
Application Network
Network Device
Client Onboarding Control Plane Data Plane Policy Plane
Monitoring
✓ Client/Device DHCP ✓ Control plane reachability ✓ Border and edge ✓ ISE/PxGrid connectivity ✓ High CPU
✓ Client/Device DNS ✓ Edge reachability connectivity ✓ High Mem
✓ Border Node policy
✓ Client authentication / ✓ Border reachability ✓ Border node health ✓ High Temp
✓ Edge Node policy
authorization ✓ Access node health
✓ MAP server ✓ SGACL validation ✓ Line-card
✓ BGP AS mismatch, Flaps ✓ Network Services ✓ Modules
DHCP, DNS, AAA
✓ OSPF adjacency failure ✓ POE power
✓ Interface High
✓ EIGRP adjacency failure Utilization ✓ TCAM Table
✓ Interface Flaps
✓ Gateway Connectivity
✓ Application
Performance (Packet
Loss, Latency, Jitter)
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 260
Proactive Connectivity Assessment for Wired
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 261
Supported Issues: Wireless Use Cases For Your
Reference
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 262
Wireless Sensors Proactively Assess
Performance
Test your network anywhere at any time
➢ On-Boarding Tests
• 802.11 Association
• 802.11 Authentication & Key Exchange
• IP Addressing DHCP (IPv4) Sensors act as Access point
➢ Network tests clients
• DNS (IPv4) Active Sensor AP1800S
• RADIUS (IPv4)
• First Hop Router/Default gateway (IPv4)
• Intranet Host
• External Host (IPv4)
➢ Application tests
• Email: POP3, IMAP, Outlook Web Access (IPv4) Dedicated Sensor AP1800
• File Transfer: FTP (IPv4) • HTTPS for Automation and
• Web: HTTP & HTTPS (IPv4) reporting
• PnP-based Provisioning
• Fully Managed by DNAC
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 263
Full Stack Visibility Use Cases
Network Client Sensor based Application
Experience Experience SLA Monitoring Experience
Client Health:
Network Health: Provide visibility into 1800s Active Sensor:
Health Score Dashboard:
Monitor and troubleshoot clients connected to the Proactively test the
Monitor App Health score
the overall health of network and their network and end user
of business critical apps
network devices experience experience
Client 360:
Device 360: Comprehensive view of Active Testing: App 360:
Comprehensive view to client issues, onboarding, 12+ types to onboarding Troubleshoot App issues
troubleshoot device event viewer and and network performance with a view on
issues connectivity status tests performance metrics
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 264
Overall Health
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 265
Network Health
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 266
Client Health
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 267
Device 360
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 268
Client 360
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 269
Client 360 Issues & Onboarding
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 270
Client 360 Events
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 271
Client 360 Application Experience
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 272
Client 360 Device Information
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 273
Client 360 Apple Insights
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 274
Cisco DNA Center Assurance
Apple Insights
1 Device Profile
2 Wi-Fi Analytics 3 Assurance
Client shares these Client shares these Client shares these
details details details
1. iPhone 7, iPad Pro 1. BSSID Error code for why did it
2. iOS 11 2. RSSI previously disconnected
3. Channel #
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 275
Start troubleshooting
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 279
Onboarding issues - details
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 280
Onboarding issues - how many clients are
affected?
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 281
Troubleshoot OSPF issue
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 282
OSPF issue - details
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 283
OSPF issue - suggestions
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 284
OSPF issue – step by step
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 285
OSPF issue - solution
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 286
Agenda
Cisco DNA Center 10 minutes overview
Key takeaways
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 287
Why to start with Cisco DNA Center today?
Monitoring Use Cisco DNA Center just for Analytics & Assurance (Read Only)
Analytics Even without SD-Access you get great insight & visibility
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 288
Why to start with Cisco DNA Center today?
Automation
Easy roll-out of new devices
Use Cisco DNA Center in the LAB to see automation in action
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 289
Simple Cisco SD-Access pilot architecture
Option 1 – Pilot fabric dissociated from current network
Underlay automation
testing
Fusion switch
B C B C Very close to
+ production site
Connection of No requirement on
ISE / Cisco existing infrastructure
DNAC / WLC
(and others if
needed)
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 290
Simple Cisco SD-Access pilot architecture
Option 2 – Pilot fabric on top of current network
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 291
Simple Cisco SD-Access pilot architecture
Option 2 – Pilot fabric on top of current network
Services in DC
No Underlay automation
Core as Fusion testing
B C B C
Interesting for validation of
the migration process for
large sites
Beware of MTU on
intermediate nodes
Traffic between fabric and
non-fabric switches always
passes through Border Nodes
Convert some
switches as
Edge Nodes
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 292
Opening Keynote 09:00
BRKNMS-2426
Cisco DNA Center - From
0 to 100 How to get the
08:30
OPS
LTRNMS-2500
network up and running
from scratch
Operations Track
www.ciscolive.com/emea/learn/technology-
Lab: A Practical Look 09:30 PSOOPS-2236 tracks/operations.html
at Cisco DNA Center Unlocking the power of
open platform with Cisco
11:00 BRKNMS-2031
Cisco DNA Center: The 11:15
DNA Center Platform
evolution from traditional BRKSDN-2295
TCRNMS-2100 Management to Intent-Based Controlling the wild wild west of 09:00
BRKNMS-2285 TechCircle: Cisco DNA 13:15 Automation & Assurance applications in your network using
Center Innovations Cisco DNAC QoS Policies
How to be a hero with 14:30
Cisco DNA Center BRKOPS-2150
Platform APIs Deploying Advanced 14:45 BRKOPS-2826
Network Services using Cisco DNA Center Maintenance 11:30
Cisco DNA Center
and Troubleshooting
BRKSDN-2497 BRKOPS-2024 Guest Keynote 17:00
Build Your API-Based 17:00 Wireless Automation & 16:45
NW Troubleshooting Assurance with Cisco
Cisco Live
Kit DNA Center using APIs
Celebration 18:30
DNA
Automation
#CLEMEA
Opening Keynote 09:00
LTRNMS-2043
Cisco DNA Assurance 09:00 BRKOPS-3825
OPS
LTRNMS-2500
and Analytics Lab Interpreting streaming
telemetry data using ML/AI
Operations Track
11:15 www.ciscolive.com/emea/learn/technology-
Lab: A Practical Look 09:30
at Cisco DNA Center BRKOPS-2991 BRKNMS-2031 tracks/operations.html
Machine Learning in 11:00 Cisco DNA Center: The
Network Operations: evolution from traditional
Lessons Learned Management to Intent-Based
BRKSDN-2295
BRKOPS-2131 Automation & Assurance Controlling the wild wild west of 09:00
Cisco DNA Analytics 14:30 applications in your network using
TCRNMS-2100 Cisco DNAC QoS Policies
and Assurance - The
TechCircle: Cisco DNA 13:15 BRKOPS-2100
Shortest Path to Resolving Network Faults 14:45
Network Innocence Center Innovations
Faster through Automating BRKOPS-2826
Entire Fault Management Cisco DNA Center Maintenance 11:30
BRKOPS-2024 Process. and Troubleshooting
BRKOPS-2562 Wireless Automation & 16:45
Guest Keynote 17:00
Data is the new Oil: 17:00 Assurance with Cisco
The Nuts & Bolts of DNA Center using APIs
Cisco Live
leveraging Cisco DNA Celebration 18:30
Assurance data for
creating value added
services DNA
Assurance
#CLEMEA
TUE WED THU FRI
BRKCRS-2818 BRKCRS-2819
Build a Software Defined 08:30 Creating multi-domain 09:00
BRKCRS-2815 Enterprise with Cisco SDWAN architecture using Cisco SD-
Keynote 09:00 Cisco SD-Access – 08:30 & SD-Access Access
Connecting Multiple Sites
in a Single Fabric BRKCRS-2830 BRKCRS-3811
Cisco SD-Access – Lessons 09:45 Cisco SD-Access – Policy 09:00
BRKCRS-2810 learned from Design & Driven Manageability
Cisco SD-Access - A 11:00
BRKCRS-2821 Deployment.
Cisco SD-Access – 11:00
Look Under the Hood
Connecting to the DC,
BRKCRS-2812
FW, WAN and more!
BRKCRS-2502 Cisco SD-Access – Integrating 11:30
BRKCRS-1400 Best Practices for Design and 11:15 with your existing network
Recipe for transforming Deployment of Cisco SD-
14:30
Enterprise Networks BRKCRS-2832 Access BRKARC-2020
with IBN Extending Cisco 11:00 Cisco SD Access - 11:30
SD-Access beyond BRKCRS-2825 Troubleshooting the fabric
Enterprise walls Cisco SD-Access - Scaling 11:15
BRKCRS-2811 the Fabric to 100s of Sites BRKCRS-2824
Cisco SD-Access – 17:00
Connecting the Fabric to BRKCRS-2823 BRKCRS-2823 Intuitive Zero-Trust Design, 11:30
Cisco SD-Access – 16:45 14:45 Migration When Securing the
External Networks Cisco SD-Access deep dive
Firewall Integration SD-Access Workplace
Customer Keynote
Appreciation 18:30 17:00
SD-Access
Cisco SD-Access Breakouts
#CLEMEA
Opening Keynote 09:00 BRKNMS-2426
Cisco DNA Center - 08:30
OPS
BRKNMS-2573
From 0 to 100 How to
get the network up and
Operations Track
www.ciscolive.com/emea/learn/technology-
From Prime 11:00 running from scratch
tracks/operations.html
Infrastructure to
Software Defined BRKOPS-2110 BRKNMS-2031
Cisco DNA Center: The 11:15
Network (SDN) End-2-end policy from the 11:00
evolution from traditional BRKSDN-2295
Management with Campus to the DC and back, a Controlling the wild wild west of 09:00
Management to Intent-Based
Cisco DNA Center packet journey with SDA to ACI applications in your network using
Automation & Assurance
Cisco DNAC QoS Policies
BRKOPS-2131 TCRNMS-2100
TechCircle: Cisco DNA 13:15
Cisco DNA Analytics 14:30
and Assurance - The
Center Innovations BRKOPS-2859
Towards operating a 11:30
Shortest Path to BRKSDN-2500 multi-domain network
Network Innocence Real World Use Cases for 14:45
Deploying and Operating Guest Keynote 17:00
Cisco SD-Access Using
Cisco Live
Cisco DNA Center
Celebration 18:30
#CLEMEA
Complete your
online session
survey • Please complete your session survey
after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events
Mobile App or by logging in to the Content
Catalog on ciscolive.com/emea.
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 297
Continue your education
Demos in the
Walk-In Labs
Cisco Showcase
TECNMS-2900 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 298
Thank you