Re: DNA Assurance

omarmontes · ‎09-07-2018

Hi guys! I have two quick questions:

Can you monitor non-sda devices with the Assurance module? And is there a restriction in the device models? (i'm looking to monitor a non-sda WLC).

If the answer to the previous question is yes, do you need to provision the device? or is it sufficient to just discover it and having it in the inventory window.

Thanks in advance!

jedolphi · ‎09-07-2018

Hi,

Yes, absolutely, you can apply Assurance to non-SDA network devices. The list of supported devices and minimum software versions is here, see the Assurance column: https://www.cisco.com/c/en/us/support/cloud-systems-management/dna-center/products-device-support-tables-list.html

Please do note that on a non-SDA device might need a DNA subscription in order to implement Assurance. I would encourage you to talk to your Cisco AM or SE to discuss the value of Assurance, how you can trial it, and then how you might be able to move to a full production deployment.

At a minimum you should discover the device so it's in inventory, and then in the Provision menu assign the device to a site, but you don't have to provision the device. Then in the Telemetry tool you assign a telemetry profile to a device. Based on what telemetry profile you assign, DNAC may then configure Syslog and/or SNMP traps and/or Netflow on the device.

Cheers, Jerome

sawosankung · ‎09-15-2018

Hi Jerome,

Do you mean that DNAC can monitor only those devices in the compatibility URL/list that you attached? For example, if I manually configure NetFlow and snmp/syslog traps on a cat6509-E IOS 12.2(33) with the DNAC as destination server, would that work?

However, can DNAC be used only with the Analytics/ETA and StealthWatch features enabled?

Thank you very much.

Sankung

jedolphi · ‎09-17-2018

Hi Sankung,

Right now you must refer to the supported devices list I linked previously. If a network device is not on the supported devices list, or the IOS version is less that the minimum version listed in the supported devices list, then you will not be supported by TAC if any problems arise.

Also, at a minimum you must "discover" a network device in DNAC, which means DNAC will access the device and collect some preliminary information about it. If DNAC has not discovered a device then DNAC cannot monitor/manage it.

Hope that helps, Jerome

sawosankung · ‎09-17-2018

Hi Jerome,

Got it!

Thank you very much for your response. If I understand you correctly, it means that DNAC cannot monitor/manage devices like Cat 6509-E with Sup720-B or Nexus 3K model C3064PQ or Nexus 5K model N5K-C5548P.

Then in that case how do we monitor brownfield DC environments with N3/5K under DNAC?

Thanks a million.

Sankung

jedolphi · ‎09-17-2018

Hi Sankung,

You are correct. In DNAC there is no Nexus 5K, no Nexus 3K and no Sup720. You will need a different tool to monitor Nexus. There is Cisco tools to do brownfield DC monitoring/management, but please excuse me, I'm not a DC expert, perhaps raise the DC monitoring question in a DC community or with your Cisco account representative. Note that Sup720 is end of life, so please do consider the possibility of moving to something more recent.

DNAC has been created to solve predominantly LAN (wireless and wired) and WAN use cases. DNAC is much more than just a monitoring tool, as an example it can completely manage all aspects of a LAN configuration through Software Defined Access (if you choose to turn on SDA, it's not mandatory). LAN/WAN and DC technologies and use cases are significantly different, and as such DNAC does not attempt to monitor and manage the DC.

Best regards, Jerome

sawosankung · ‎09-17-2018

Hi Jerome,
Thank you very much for your diligence and patience with my questions. It is therefore clear that I need to maintain the Prime Infrastructure (PI) 3.x for monitoring/managing DC and non-DNA/SDA compliant devices beyond DNA/SDA migration.

I really thought that if we manually configure NetFlow and SNMP properly on these sunset non-SDN compatible devices (N3/5K and Cat6K/Sup720, etc.) then in theory it would be feasible to monitor data plane traffic through them.

Anyway, I will now rest this DNAC DC use case and continue with the ongoing upgrades to devices with UADP ASICS (or DNA compliant devices). But probably I'll use a lab to PoC it, which does not require TAC support!!

Many thanks for your great support here
Sankung

jedolphi · ‎09-17-2018

Hi Sankung,

You are more than welcome. Thank you for the questions!

There will an SDK coming later to develop 3rd party device packs for DNAC interop with other networking devices, including other vendors. This was briefly discussed in the Cisco Live Orlando 2018 presentation PSOCRS-1103 which you could review on ciscolive.com if you wish. In theory it **may** be possible to develop device models for unsupported Cisco devices, but that would be roadmap discussion you would need to request from your Cisco account team.

Cheers! Jerome

sawosankung · ‎09-18-2018

Got it!

I am looking forward to that (SDKs). Actually I was in CLUS 2018 but didn't attend this session.

Thank you very much.

ammahend · ‎11-18-2018

I Agree with Jerome, but in deployment I have seen a little different behavior, for e.g I have 3800 acting as Fusion which is not in list but I do get assurance data, its not 100% but its still good enough. see enclosed some of the printshots

-hope this helps-

nitekum5 · ‎09-28-2018

If devices are supported by DNAC, then we can monitor else not. DNAC device supported list attached.

sawosankung · ‎09-28-2018

Hi nitekum5<>,

Got your response and I checked the List.

Thank you very much.

Sankung

sivathot · ‎11-16-2018

Hi

SDKs that allow management to be extended to third-party vendors’ network devices to offer support for diverse environments. These southbound SDKs allow for the creation of device packs that allow DNA Center to recognize and manage previously unknown devices. In their first iteration these SDK’s support level 1 operations such as discovery, inventory, topology, availability and health scores.