Any Cisco DNA questions

jerzyskol46 · ‎02-02-2021

Hey there, I have a few questions for you about Cisco DNA.

Can I manually configure the appliances managed by DNA?
Before connecting them, do I have to execute activation commands on the devices via CLI or is it okay to just give them username and password?
Can I use DNA Center without connecting it to the Internet?
The list of matrices updated on February 1st says that it is possible to connect FortiGate. Really?

And now the most important question.
I bought some C9300 switches and, included in the price, I got the DNA license.
With this license can I download the ISO to start DNA Center through ESXi VM or do I have to buy DNA separately and register my switches on the product indicating the licenses received?

THANK YOU!

usps tracking showbox speed test

Mike.Cifelli · ‎02-02-2021

Can I manually configure the appliances managed by DNA?

-Not exactly sure what you mean as this is a generalized statement. You have the ability to manually add configuration items via template editor within DNAC. DNAC will push a majority of necessary config for proper SDA client onboarding. For example, you will select a out-of-box DNAC template that gets assigned to your fabric. Without diving into all the specifics this will configure your 802.1x configs, etc. Lastly, within DNAC you configure network settings such as AAA, DHCP/DNS, etc. that gets pushed to devices during provisioning. I would suggest taking a look at resources provided below.

Before connecting them, do I have to execute activation commands on the devices via CLI or is it okay to just give them username and password?

-There are certain things that will need to be configured on the devices pre-discovering/adding them in DNAC inventory. Of course your underlay and network design needs to be implemented (see resources below), but DNAC specifically requires the following when adding devices to inventory: Device IP, SNMP version + username, mode, auth type, auth pass, priv type, priv pass, & retires/timeouts, CLI config which includes username/pass/enable pass. Without these you will have issues joining NADs to your DNAC inventory.

Can I use DNA Center without connecting it to the Internet?

-AFAIK, yes. It requires TAC involvement to get you software updates, etc. Keep in mind DNAC only needs outbound internet access to a few resources. See section (Required Internet URLs and Fully Qualified Domain Names) here: Cisco DNA Center First-Generation Appliance Installation Guide, Release 1.2.8 - Plan the Deployment [Cisco DNA Center] - Cisco

The list of matrices updated on February 1st says that it is possible to connect FortiGate. Really?

Yes, Per matrix: the minimum version of DNAC you should be running to support Fortigate is DNAC 1.3.1.0. Suggested release is Fortigate 5.6.2, but the minimum supported release is Fortigate 5.4.

I bought some C9300 switches and, included in the price, I got the DNA license.
And now the most important question.

With this license can I download the ISO to start DNA Center through ESXi VM or do I have to buy DNA separately and register my switches on the product indicating the licenses received?

-Please reference the licensing link below to understand the differences between essentials/advantage/premier as you did not include which one you specifically have. DNAC runs on UCS appliances (AFAIK its not technically supported in vmware yet). See (section: Cisco DNA Center Appliance: physical specifications) here: Cisco DNA Center - Cisco DNA Center 2.1.2.x Data Sheet - Cisco

I would recommend engaging your Cisco reps.

Great resources:

Cisco Software-Defined Access Compatibility Matrix

Cisco Content Hub - Compatibility Matrix

Cisco SD-Access Resources - Cisco Community

Cisco EN Validated Design and Deployment Guides - Cisco Community

Cisco DNA Software for Switching - Licensing - Cisco

HTH & Good luck!