Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3796
Views
10
Helpful
6
Replies

Questions about Cisco DNA Center

StewDent
Level 1
Level 1

‎09-28-2018 05:32 AM - edited ‎03-08-2019 05:27 PM

Hello community,

I am trying to work into the Topic Cisco DNA Center and I already have a few questions.
I hope someone could help me..


1. How to integrate Legacy/old Hardware into the DNA platform? How does NAC work for those devices and what are the prequesites for a device to be able to get integrated into DNAC?
2. And how to integrate non-Cisco devices? Is that even possible?
3. I always read about intent commands in "simple, natural language“ - how am I supposed to think of an command like that? How looks such a command?

4. How to encrypt traffic for embedded systems? I was told that SSH is not possible for those. I red DNAC only supports SSH and Telnet.

5. Production networks are to be viewed critically. In most cases, a heterogeneous landscape prevails and outdated devices. How to use DNAC in this case without neglecting safety?

6. Is it possible to use a partial implementation of DNAC or only fot the entire network?

7. How is it about maintenance? If there comes a worker to maintenance a system. How should he get access to the system/network?  Access via guest wlan?

 

Thanks,

Kind regards,

Stew

1 person had this problem
Labels:
0 Helpful
6 Replies 6

AndiBuchmann157
Level 1
Level 1

‎10-08-2018 01:55 AM

hi stew,

 

i will try to answer some of your questions :)

 

1) your hardware needs to be "dna ready" - have a look here for hardware which works with dna center. the hardware need specific ASICs to work with dna center. if they dont have it, IMO they are not applicable with dnac / fabric stuff. but you should be able to pull them into your inventory via ssh / snmp.

 

2) imho dont even think about it.

 

3) you are doing this by creating policies. first you are creating virtual networks which can reflect (e.g.) the ogranization of your company. secondly you do the micro segmentation via policies.

 

let me give you an example:

you have a virtual network called "great company llc." inside this virtual network you have groups (aka scalable or security) groups called "marketing", "sales" and "guests".  now you can create a policy saying: "the marketing group is allowed to speak via ip with my "sales" group. another policy could be "the guest group ist not allowed to do any ssh connection to the rest of the vn". dnac will offer you an gui where you can design those policies via drag and drop in "kind of a human language".

 

4) sorry, dont get the point of this question.

 

5) you think of havin a critical network besides your dna-network / fabric network?

 

6) it is. you can still use a legacy network and connect it via the fusion device to your "dna network".

 

7) you could you the guest VN or even create a separate SG for those kind of "problems"

StewDent
Level 1
Level 1
In response to AndiBuchmann157

‎10-08-2018 02:50 AM

Thank you,
that helped me a lot.

0 Helpful

anantsiv
Cisco Employee
Cisco Employee

‎11-15-2018 05:25 AM

Hi Stew,

You can find it below

1. How to integrate Legacy/old Hardware into the DNA platform? How does DNAC work for those devices and what are the prequesites for a device to be able to get integrated into DNAC?

The hardware needs to be DNA ready to integrate into DNA platform .There are 2 fields of deployments , Brown field deployment is done for adding instances on DNA center


2. And how to integrate non-Cisco devices? Is that even possible?

Now there is not a option to integrate for Non cisco devices. Only virtual devices can be integrated with DNA.


3. I always read about intent commands in "simple, natural language“ - how am I supposed to think of an command like that? How looks such a command?

Basically you can create policies and also microsegment your network

4. How to encrypt traffic for embedded systems? I was told that SSH is not possible for those. I red DNAC only supports SSH and Telnet.

Yes DNAC suppoers SSH and Telnet and ports needs to be opened in ACL and firewall to access .

5. Production networks are to be viewed critically. In most cases, a heterogeneous landscape prevails and outdated devices. How to use DNAC in this case without neglecting safety?

DNAC can be used securely as it is using ISE . If there is any critical network besides DNA , then we have to work

6. Is it possible to use a partial implementation of DNAC or only fot the entire network?

it is. you can still use a legacy network and connect it via the fusion device to your "dna network

7. How is it about maintenance? If there comes a worker to maintenance a system. How should he get access to the system/network?  Access via guest wlan?

You can create a separate guest wifi Vlan for checking those problem

t.piening
Level 1
Level 1
In response to anantsiv

‎08-20-2019 06:24 AM

Hi Guys I have the same Questions: 1. How to integrate Legacy/old Hardware into the DNA platform? How does NAC work for those devices and what are the prequesites for a device to be able to get integrated into DNAC? - Yes I know DNA Ready Hardware is needed, But Do I need an other Management for Older Equipment? ( In cruiseliner Business we cannot Change everything together - but we need a full topology with all components) 2. And how to integrate non-Cisco devices? Is that even possible? Are there any better Answers today , nearly one Year Later? Thank you for Answers Thomas
0 Helpful

Mike.Cifelli
VIP Alumni
VIP Alumni
In response to t.piening

‎08-20-2019 07:25 AM

For several of the questions relating to types of supported hardware I have been told by Cisco BU that this: https://www.cisco.com/c/en/us/solutions/enterprise-networks/software-defined-access/compatibility-matrix.html
Is updated weekly.
For question 2, as of now you will not be able to integrate non-Cisco devices into your fabric. However, you could deploy an IBN (internal border node) that essentially does an iBGP peer to your IBN/s and does the translation between your fabric and let's say your legacy networking gear. The gist of this scenario is that you would still run your legacy network behind the fabric, then utilize the fabric as a means of transport to get beyond/outside the fabric via the IBN translations. HTH!
0 Helpful

Preston Chilcote
Cisco Employee
Cisco Employee
In response to t.piening

‎08-20-2019 10:40 AM

Most customers transition to DNA for network assurance (monitoring) and automation first.  The list of supported platforms for that is more extensive that the link Mike gave for Software Defined Access (fabric).   Even without a fabric deployed, the DNA Center platform gives you access to time saving features like software image management, wireless/wired issue detection, and automated provisioning.  It also has an API that I've seen customers use to integrate into their existing management tools.

 

For third party support, refer to mentions of third-party in this faq

https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-dna-center-faq-cte-en.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents