cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
291
Views
10
Helpful
4
Replies
Juan Perez
Beginner

DNA-C Internet connectivity interface

Hi,

 

I am setting up a new DNA-C hardware appliance from scratch, by reading the documentation I can see the Enterprise port is used for Internet connectivity in case Cloud port is not used thus it should be configured with the default gateway information, however I have watched some CISCO videos/webinars on which the Management interface is configured with the default gateway as this interface is the one going out to the Internet. Can anyone confrm if Enterprise or Management interface should be configured with the default gateway (going out to the Internet) when Cluster port is not used?

 

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions

Sorry, that wasn't so clear. I made an attempt to clarify in an edit.

 

The answer to your last question is all about the routing table.  If traffic matches a static route, it will use that route.  If it doesn't, it will follow the default gateway.  In most instances that means that wherever you define the default gateway is where the Internet traffic will go.  But it's important to realize, that in your terminology, "internet traffic" is just any traffic that doesn't match your static routes.  So you have to carefully tell DNA all the subnets that belong to your enterprise, by way of defining those subnets in static routes on the enterprise port.

View solution in original post

4 REPLIES 4
Preston Chilcote
Cisco Employee

Hi Juan,

It may be easier if you think about it this way:  There is just one routing table available to Cisco DNA.  In theory (not in practice since we require cluster port to be UP), the appliance will work if you only use the enterprise port because the routing table (with a default gateway defined for the enterprise port) would just send all traffic out that port.  The other ports exist to allow for traffic segmentation, but the traffic flowing through them is entirely dictated by the routing table.  

 

If you aren't using the Cloud port, but are using a management port, you need to choose which interface the Northbound traffic to Cisco will use.  This could, in theory be done with static routes, but is often easier to do by adding the default gateway to that chosen interface.  In that case, any traffic not matching static routes to your known company subnets, (which you would define on the enterprise port,) would exit out the management port instead.

 

You never want to push any of that traffic out of the Cluster port.  Leave it for the internal traffic between nodes.

 

Also, it's good to know that these routes can be changed even after installation is complete.  So you don't have to get it perfect the first time.  Sometimes, we see that some network subnets were missing and need to be added to the enterprise port static routes; a problem first evident when you try to discover a device and Cisco DNA can't ping it.

 

You mentioned you had already tapped into some webinars, but if none of them were Ask-the-expert sessions, I highly encourage you to sign up for one or more so that you can hear from Cisco experts on all DNA related topics (and get to ask questions).  Here is the schedule:

 

https://learningnetwork.cisco.com/s/cisco-dna-ask-the-experts

Hi Preston,

 

Thanks so much for your reply. Let me ask you a few questions based on your answer as I am still not 100% clear.


"f you aren't using the Cloud port, you need to decide if you want the Northbound traffic to Cisco to also go through this port. If so, that would be accomplished by adding the default gateway to it."

Q/Are you referring to the Enterprise Port in the previous statement?

 

 

"In that case, any traffic not matching static routes to your known company subnets, (which you would define on the enterprise port,) would exit out the management port instead."

Q/What I can understand from the previous statement is that the default gateway is added on the Management Port and static routes on the Enterprise port, correct?

 

Basically the Internet traffic will go over whatever interface (Enterprise or management) I define the default gateway to, am I correct?

 

Thanks for the help!

Sorry, that wasn't so clear. I made an attempt to clarify in an edit.

 

The answer to your last question is all about the routing table.  If traffic matches a static route, it will use that route.  If it doesn't, it will follow the default gateway.  In most instances that means that wherever you define the default gateway is where the Internet traffic will go.  But it's important to realize, that in your terminology, "internet traffic" is just any traffic that doesn't match your static routes.  So you have to carefully tell DNA all the subnets that belong to your enterprise, by way of defining those subnets in static routes on the enterprise port.

View solution in original post

Hi Preston,

 

Got it now. Thanks for the help on this one!