Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
166
Views
0
Helpful
2
Replies

Catalyst Center - Default GW when using Enterprise AND Internet port

Cainam
Level 1
Level 1

‎06-04-2024 07:51 AM - edited ‎06-04-2024 07:56 AM

Hello everyone,

In the near future, we will be deploying a physical 32-core Catalyst Center appliance in a customer network for the first time.
After reading both the Third-Generation Appliance Installation Guide and the User Guide (both release 2.3.7 in our case) many times, most of the steps have become clear, however I keep tripping over the maglev configuration portion during the initial installation of Catalyst Center.

This customer's production network sits in an air gapped environment, so it seems logical to us to use both the Enterprise port for internal (air gapped) traffic and the optional Internet port for DMZ traffic (Catalyst Center application upgrades, images, licensing, etc.).

What I've also found is that, despite having multiple physical interfaces, the CC appliance uses a single routing table that only allows one default gateway (both from engineers who've deployed this in the past and some random internet forums, I can't find confirmation about this in the documentation).

If that's the case, is my configuration below correct (using mock subnets to illustrate)?

Air Gapped production subnet: 10.0.10.0/24
DMZ subnet: 10.0.20.0/24 with GW 10.0.20.254 to internet

Enterprise Port configuration:
IP: 10.0.10.1
Mask: 255.255.255.0
Default Gateway: LEAVE BLANK (we can only configure one)
Static Routes: LEAVE BLANK (or does this need a 0.0.0.0 0.0.0.0/0 route to the internet port IP 10.0.20.1?)
DNS: LEAVE BLANK (I assume DNS is only needed to resolve Cisco addresses on the internet port? Or can I configure separate DNS servers for different interfaces/subnets?)

Internet Port configuration:
IP: 10.0.20.1
Mask: 255.255.255.0
Default Gateway: 10.0.20.254
Static Routes: LEAVE BLANK
DNS: Internal DNS proxy server or public DNS like 1.1.1.1, 8.8.8.8, 9.9.9.9 if reachable from this port

Additionally, how does CC choose the source interface for NTP, does it just use the Internet Port?

Whatever the case, thank you for reading!

EDIT: I have just noticed there is a separate forum for Catalyst Center, my sincere apologies for asking this question in the wrong place. If anyone could move/delete this?

Labels:
0 Helpful
2 Replies 2

andy!doesnt!like!uucp
Spotlight
Spotlight

‎06-04-2024 09:35 AM

if you production network is isolated on such n extent that there is no way to escape it via FW/PROXY/OtherSecurityAppliance chain, the best option for u to enable connectivity to CX cloud is to use Internet port: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-3-3/install_guide/2ndgen/b_cisco_dna_center_install_guide_2_3_3_2ndGen/m_plan_deployment_2_3_3_2ndgen.html#:~:text=(Optional)%201%2DGbps/10%... . u'd define default route via the DGW behind it to use it as exit point.
u would use more specific static routes toward your production network via DW behind Enterprise port.
dont forget u need to reach DNAC for mgmt (Enterprise port or Management port) & CIMC
i assume u dont deploy cluster :0) 

0 Helpful

Gioacchino
Level 1
Level 1

‎06-22-2024 02:01 AM - edited ‎06-22-2024 02:03 AM

Hi@Cainam

I'm facing the same "issue".

In my case it's the VM 2.3.7. The installation procedure is a bit clumsy in the way that it is open to many ways of configuring.

What's true is that DNAC uses just one routing instance, hence there can be only one def gw, regardless out of which interface.

Gio

0 Helpful
Customers Also Viewed These Support Documents