cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4098
Views
20
Helpful
10
Replies

IP Addressing Building DNAC

thefilmguy
Level 1
Level 1

Are the cluster and service (/20 or /21) networks only usable in the DNAC appliance? Or can they not overlap any IP space in the external network? If so, what is the real reason behind this?

2 Accepted Solutions

Accepted Solutions

Preston Chilcote
Cisco Employee
Cisco Employee

They are used for internal communication inside the appliance. They don't need to be routable to the outside world.

 

If it's not too late, you can do a fresh install of 2.1 release for Cisco DNA and these subnet requirements are removed.  The 169.x subnet will be used instead.  It only works with a fresh install though, not an upgrade from 1.3

View solution in original post

For your interfaces, how did you configure them? I made each interface a /28. Would that work?

-As long as you have connectivity to other networks and it works to meet your requirements then you should be fine.  

 

ENT - VLAN 20 IP Sub - did you static route this interface for all 10.x IP addressing? I guess I'm confused on what's the point of having this if a default gateway is configured on mgmt. I keep getting validation error.

-Technically on paper (Cisco Docs) the enterprise port is used for communication between DNAC and your NADs inside the SDA fabric via the underlay.  You can only configure one DFG so if you are using that on MGMT int that's fine.  In this scenario then you would need static routes on the ENT interface essentially telling DNAC what interface to use and how to route to reach the NADs in your underlay.

HTH!

View solution in original post

10 Replies 10

Preston Chilcote
Cisco Employee
Cisco Employee

They are used for internal communication inside the appliance. They don't need to be routable to the outside world.

 

If it's not too late, you can do a fresh install of 2.1 release for Cisco DNA and these subnet requirements are removed.  The 169.x subnet will be used instead.  It only works with a fresh install though, not an upgrade from 1.3

Actually I read that and I got confused. This is perfect because I am rebuilding our cluster. So I'll shoot for that version instead. Thanks!

Mike.Cifelli
VIP Alumni
VIP Alumni

Just literally reimaged 3 new UCS C220 M5 G2 servers to prep for a production G1 to G2 cluster migration.  I can confirm that the fresh install of 2.1.2.5 uses the following which is default and recommended per Cisco guides:

Container Subnet: 169.254.32.0/20

Cluster Subnet: 169.254.48.0/20

Purposes/definitions:

Container subnet = A dedicated, non-routed IP subnet that Cisco DNA Center uses to manage internal services.

Cluster subnet = A dedicated, non-routed IP subnet that Cisco DNA Center uses to manage internal cluster services. 

HTH!

Oh thanks Mike I didn't see this.

Mike,

 

Did you use separate VLANs for the cluster and enterprise/mgmt/cimc ports?

Mike.Cifelli
VIP Alumni
VIP Alumni

Did you use separate VLANs for the cluster and enterprise/mgmt/cimc ports?

-Yes for all.  When running through the install via maglev wizard OR the web ui install you will not be able to proceed when attempting to use same vlan for two interfaces. 

 

Here are a few good-to-knows that caused me grief:

Note once you IP & select interface as cluster you cannot modify it post install.  If you try to do so you will hit this error:

dnac_maglev_cluster_ip_error.PNG

I actually had this issue and I had to reimage a node due to this. 

 

The web ui installer is actually pretty cool and aides in identifying/ensuring you are configuring the right interfaces.  Make sure interfaces are UP and configured otherwise you cannot progress further:

dnac_ui_webinstall_LI.jpg

Another item that changed I think in 2.x is that post install on first UI login you get prompted to reset admin password:

dnac_2125_admin_change.PNG

If you find yourself having to change it from what you want due to this you can always just change it back via CLI using this:

 $magctl user password update admin -p <pass> TNT0 

HTH!

 

Thanks Mike!

Hey Mike,

 

For your interfaces, how did you configure them? I made each interface a /28. Would that work?

 

MGMT - VLAN 10 IP/Sub/GW
ENT - VLAN 20 IP Sub - did you static route this interface for all 10.x IP addressing? I guess I'm confused on what's the point of having this if a default gateway is configured on mgmt. I keep getting validation error.

For your interfaces, how did you configure them? I made each interface a /28. Would that work?

-As long as you have connectivity to other networks and it works to meet your requirements then you should be fine.  

 

ENT - VLAN 20 IP Sub - did you static route this interface for all 10.x IP addressing? I guess I'm confused on what's the point of having this if a default gateway is configured on mgmt. I keep getting validation error.

-Technically on paper (Cisco Docs) the enterprise port is used for communication between DNAC and your NADs inside the SDA fabric via the underlay.  You can only configure one DFG so if you are using that on MGMT int that's fine.  In this scenario then you would need static routes on the ENT interface essentially telling DNAC what interface to use and how to route to reach the NADs in your underlay.

HTH!

Yea I'm confused on it. Since ENT needs access to all 10.0.0.0/8 and some other networks. It makes more sense to put the DFG on the ENT interface. But then I'm confused on the static route for the mgmt interface. Can I do a default 0.0.0.0/0.0.0.0/172.17.96.33 on the MGMT?

 

I am also not sure internet is reachable from the interfaces. Since our core is very locked down. Is internet reach-ability required in the validation?

Review Cisco Networking for a $25 gift card