09-28-2018 05:32 AM - edited 03-08-2019 05:27 PM
Hello community,
I am trying to work into the Topic Cisco DNA Center and I already have a few questions.
I hope someone could help me..
1. How to integrate Legacy/old Hardware into the DNA platform? How does NAC work for those devices and what are the prequesites for a device to be able to get integrated into DNAC?
2. And how to integrate non-Cisco devices? Is that even possible?
3. I always read about intent commands in "simple, natural language“ - how am I supposed to think of an command like that? How looks such a command?
4. How to encrypt traffic for embedded systems? I was told that SSH is not possible for those. I red DNAC only supports SSH and Telnet.
5. Production networks are to be viewed critically. In most cases, a heterogeneous landscape prevails and outdated devices. How to use DNAC in this case without neglecting safety?
6. Is it possible to use a partial implementation of DNAC or only fot the entire network?
7. How is it about maintenance? If there comes a worker to maintenance a system. How should he get access to the system/network? Access via guest wlan?
Thanks,
Kind regards,
Stew
10-08-2018 01:55 AM
hi stew,
i will try to answer some of your questions :)
1) your hardware needs to be "dna ready" - have a look here for hardware which works with dna center. the hardware need specific ASICs to work with dna center. if they dont have it, IMO they are not applicable with dnac / fabric stuff. but you should be able to pull them into your inventory via ssh / snmp.
2) imho dont even think about it.
3) you are doing this by creating policies. first you are creating virtual networks which can reflect (e.g.) the ogranization of your company. secondly you do the micro segmentation via policies.
let me give you an example:
you have a virtual network called "great company llc." inside this virtual network you have groups (aka scalable or security) groups called "marketing", "sales" and "guests". now you can create a policy saying: "the marketing group is allowed to speak via ip with my "sales" group. another policy could be "the guest group ist not allowed to do any ssh connection to the rest of the vn". dnac will offer you an gui where you can design those policies via drag and drop in "kind of a human language".
4) sorry, dont get the point of this question.
5) you think of havin a critical network besides your dna-network / fabric network?
6) it is. you can still use a legacy network and connect it via the fusion device to your "dna network".
7) you could you the guest VN or even create a separate SG for those kind of "problems"
10-08-2018 02:50 AM
11-15-2018 05:25 AM
Hi Stew,
You can find it below
1. How to integrate Legacy/old Hardware into the DNA platform? How does DNAC work for those devices and what are the prequesites for a device to be able to get integrated into DNAC?
The hardware needs to be DNA ready to integrate into DNA platform .There are 2 fields of deployments , Brown field deployment is done for adding instances on DNA center
2. And how to integrate non-Cisco devices? Is that even possible?
Now there is not a option to integrate for Non cisco devices. Only virtual devices can be integrated with DNA.
3. I always read about intent commands in "simple, natural language“ - how am I supposed to think of an command like that? How looks such a command?
Basically you can create policies and also microsegment your network
4. How to encrypt traffic for embedded systems? I was told that SSH is not possible for those. I red DNAC only supports SSH and Telnet.
Yes DNAC suppoers SSH and Telnet and ports needs to be opened in ACL and firewall to access .
5. Production networks are to be viewed critically. In most cases, a heterogeneous landscape prevails and outdated devices. How to use DNAC in this case without neglecting safety?
DNAC can be used securely as it is using ISE . If there is any critical network besides DNA , then we have to work
6. Is it possible to use a partial implementation of DNAC or only fot the entire network?
it is. you can still use a legacy network and connect it via the fusion device to your "dna network
7. How is it about maintenance? If there comes a worker to maintenance a system. How should he get access to the system/network? Access via guest wlan?
You can create a separate guest wifi Vlan for checking those problem
08-20-2019 06:24 AM
08-20-2019 07:25 AM
08-20-2019 10:40 AM
Most customers transition to DNA for network assurance (monitoring) and automation first. The list of supported platforms for that is more extensive that the link Mike gave for Software Defined Access (fabric). Even without a fabric deployed, the DNA Center platform gives you access to time saving features like software image management, wireless/wired issue detection, and automated provisioning. It also has an API that I've seen customers use to integrate into their existing management tools.
For third party support, refer to mentions of third-party in this faq
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide