cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Choose one of the topics below for Cisco DNA Center Resources to help you on your journey with Cisco DNA Center

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

1554
Views
10
Helpful
6
Replies
Highlighted
Beginner

Questions about Cisco DNA Center

Hello community,

I am trying to work into the Topic Cisco DNA Center and I already have a few questions.
I hope someone could help me..


1. How to integrate Legacy/old Hardware into the DNA platform? How does NAC work for those devices and what are the prequesites for a device to be able to get integrated into DNAC?
2. And how to integrate non-Cisco devices? Is that even possible?
3. I always read about intent commands in "simple, natural language“ - how am I supposed to think of an command like that? How looks such a command?

4. How to encrypt traffic for embedded systems? I was told that SSH is not possible for those. I red DNAC only supports SSH and Telnet.

5. Production networks are to be viewed critically. In most cases, a heterogeneous landscape prevails and outdated devices. How to use DNAC in this case without neglecting safety?

6. Is it possible to use a partial implementation of DNAC or only fot the entire network?

7. How is it about maintenance? If there comes a worker to maintenance a system. How should he get access to the system/network?  Access via guest wlan?

 

Thanks,

Kind regards,

Stew

Everyone's tags (2)
6 REPLIES 6
Highlighted

Re: Questions about Cisco DNA Center

hi stew,

 

i will try to answer some of your questions :)

 

1) your hardware needs to be "dna ready" - have a look here for hardware which works with dna center. the hardware need specific ASICs to work with dna center. if they dont have it, IMO they are not applicable with dnac / fabric stuff. but you should be able to pull them into your inventory via ssh / snmp.

 

2) imho dont even think about it.

 

3) you are doing this by creating policies. first you are creating virtual networks which can reflect (e.g.) the ogranization of your company. secondly you do the micro segmentation via policies.

 

let me give you an example:

you have a virtual network called "great company llc." inside this virtual network you have groups (aka scalable or security) groups called "marketing", "sales" and "guests".  now you can create a policy saying: "the marketing group is allowed to speak via ip with my "sales" group. another policy could be "the guest group ist not allowed to do any ssh connection to the rest of the vn". dnac will offer you an gui where you can design those policies via drag and drop in "kind of a human language".

 

4) sorry, dont get the point of this question.

 

5) you think of havin a critical network besides your dna-network / fabric network?

 

6) it is. you can still use a legacy network and connect it via the fusion device to your "dna network".

 

7) you could you the guest VN or even create a separate SG for those kind of "problems"

Highlighted
Beginner

Re: Questions about Cisco DNA Center

Thank you,
that helped me a lot.

Highlighted
Cisco Employee

Re: Questions about Cisco DNA Center

Hi Stew,

You can find it below

1. How to integrate Legacy/old Hardware into the DNA platform? How does DNAC work for those devices and what are the prequesites for a device to be able to get integrated into DNAC?

The hardware needs to be DNA ready to integrate into DNA platform .There are 2 fields of deployments , Brown field deployment is done for adding instances on DNA center


2. And how to integrate non-Cisco devices? Is that even possible?

Now there is not a option to integrate for Non cisco devices. Only virtual devices can be integrated with DNA.


3. I always read about intent commands in "simple, natural language“ - how am I supposed to think of an command like that? How looks such a command?

Basically you can create policies and also microsegment your network

4. How to encrypt traffic for embedded systems? I was told that SSH is not possible for those. I red DNAC only supports SSH and Telnet.

Yes DNAC suppoers SSH and Telnet and ports needs to be opened in ACL and firewall to access .

5. Production networks are to be viewed critically. In most cases, a heterogeneous landscape prevails and outdated devices. How to use DNAC in this case without neglecting safety?

DNAC can be used securely as it is using ISE . If there is any critical network besides DNA , then we have to work

6. Is it possible to use a partial implementation of DNAC or only fot the entire network?

it is. you can still use a legacy network and connect it via the fusion device to your "dna network

7. How is it about maintenance? If there comes a worker to maintenance a system. How should he get access to the system/network?  Access via guest wlan?

You can create a separate guest wifi Vlan for checking those problem

Highlighted
Beginner

Re: Questions about Cisco DNA Center

Hi Guys I have the same Questions: 1. How to integrate Legacy/old Hardware into the DNA platform? How does NAC work for those devices and what are the prequesites for a device to be able to get integrated into DNAC? - Yes I know DNA Ready Hardware is needed, But Do I need an other Management for Older Equipment? ( In cruiseliner Business we cannot Change everything together - but we need a full topology with all components) 2. And how to integrate non-Cisco devices? Is that even possible? Are there any better Answers today , nearly one Year Later? Thank you for Answers Thomas
Highlighted
VIP Collaborator

Re: Questions about Cisco DNA Center

For several of the questions relating to types of supported hardware I have been told by Cisco BU that this: https://www.cisco.com/c/en/us/solutions/enterprise-networks/software-defined-access/compatibility-matrix.html
Is updated weekly.
For question 2, as of now you will not be able to integrate non-Cisco devices into your fabric. However, you could deploy an IBN (internal border node) that essentially does an iBGP peer to your IBN/s and does the translation between your fabric and let's say your legacy networking gear. The gist of this scenario is that you would still run your legacy network behind the fabric, then utilize the fabric as a means of transport to get beyond/outside the fabric via the IBN translations. HTH!
Highlighted
Cisco Employee

Re: Questions about Cisco DNA Center

Most customers transition to DNA for network assurance (monitoring) and automation first.  The list of supported platforms for that is more extensive that the link Mike gave for Software Defined Access (fabric).   Even without a fabric deployed, the DNA Center platform gives you access to time saving features like software image management, wireless/wired issue detection, and automated provisioning.  It also has an API that I've seen customers use to integrate into their existing management tools.

 

For third party support, refer to mentions of third-party in this faq

https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-dna-center-faq-cte-en.html

CreatePlease to create content
Content for Community-Ad