cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15024
Views
25
Helpful
5
Comments
Tomas de Leon
Cisco Employee
Cisco Employee

Technote of the Day (TOTD)

 

DNAC IP Address Planning Worksheet

Prepared for: Cisco DNA Customer, Solutions Support Prepared by: Tomas de Leon, Technical Leader

November 02, 2018
Document number: 11022018_v2

 

Objective

The objective of this document is to help you with planning for the different IP addresses and IP address pools that may be needed when planning for the configuration of a DNAC appliance(s) and network devices in your fabric.

 

Goals

There are some external links that talk about all the different components of the fabric that require IP addressing like the DNAC, Underlay, Overlay etc. Here are some examples but this worksheet will help with the planning if even only for the DNAC.

 

Update

The worksheet has been updated to include the new VIP requirements for DNAC versions 1.2.5 and later.

 

The worksheet & example is attached to this article.

Comments
ciscoworlds
Level 4
Level 4

Hi;

you’ve mentioned that one separate VIP address is needed per any configured IP address per cluster and there is total of 4 interface per DNAC device. Did you mean we need to have 3 VIP addresses per DNAC device (supposing we are going to use 3 interfaces on each DNAC: Enterprise port, Cluster port & mgmt port)? If yes, why did you only configured just one VIP address in the example worksheet?

 

thanks.

Tomas de Leon
Cisco Employee
Cisco Employee

ciscoworlds,

 

  • Each configured interface needs to be connected and status of UP.
  • Each configured interface has an associated VIP address configured also

so if you have 2 configured interfaces then you need 2 VIPs.

so if you have 3 configured interfaces then you need 3 VIPs.

so if you have 4 configured interfaces then you need 4 VIPs.

 

it just depends on your Cisco DNAC configuration.

 

 

ciscoworlds
Level 4
Level 4

Hi;

supposing we've assigned IP address of 1.1.1.1/24 to the Enterprise Interface on DNAC 1 and 1.1.1.2/24 to DNAC 2 and configured VIP address of that Enterprise interface as 1.1.1.100/24, (meanwhile, do we need to assign, for example, 1.1.1.101/24 as VIP to DNAC 2 ?!) then which of these IP addresses are seen by other devices and clients as DNAC IP address?

I was reviewing the DNAC installation guide on Cisco website and got confused about some of parameters. The guide shows configuration of the vNICs (eth0 and eth1) on CIMC web page. To which physical interfaces on the DNAC these vNICs point? to two 10 Gbps interfaces on the DNAC? If so, why these interfaces configured as trunk? I mean, if we are supposed to assign a single IP address to the Enterprise and Cluster interfaces on the DNAC, then shouldn't we configured these interfaces on the DNAC as access port? 

dna02.png

 

I think the configuration guide about the DNA is very confusing and full of blind spots and gaps. Considering the DNA Center is a new product, I think the configuration and installation guide should be very clear so everyone can follow the guide to deploy the solution easily. I read on the document that it is currently impossible to change the IP and configuration of the DNAC after initial setup process and the only way is reimaging the DNA with the help of the TAC!! So I think configuring the DNAC for the first time is like a playing with time bomb!!!

I appreciate any help on understanding the fundamentals as I will deploy the DNAC in the near future for a customer. 

 

Thanks in advance.

Tomas de Leon
Cisco Employee
Cisco Employee

The VIP address screen will only appears on DNAC1 install setup.  DNAC1 uses "START A CLUSTER" and DNAC2 & DNAC3 uses "JOIN A CLUSTER".

 

Take a look at my worksheet.  It shows a picture of the NICs and the MLOMs.  The MLOMs are the 10gb links.

 

Left = 10Gbit port [enp10s0] - Intra Cluster Link (recommended)
Right = 10Gbit port [enp9s0] - Enterprise Network
Left = 1Gbit port [enp1s0f0] - Management (recommended)
Right = 1Gbit port [enp1s0f1] - Cloud Update Connectivity (recommended)

 

For Example:

NETWORK ADAPTER #1 10_Gbit port [enp10s0] - Intra Cluster Link (recommended)
NETWORK ADAPTER #2 1_Gbit port [enp1s0f0] - Management (recommended)
NETWORK ADAPTER #3 1_Gbit port [enp1s0f1] - Cloud Update Connectivity (recommended)
NETWORK ADAPTER #4 10_Gbit port [enp9s0] - Enterprise Network (recommended)

 

Here is a sample of what I have configured for the MLOMs

 

From the ACCESS SWITCH

interface Ethernet1/12

description DNAC1 MLOM2 Intra Cluster Network
switchport mode trunk
switchport trunk allowed vlan 11

!

interface Ethernet1/16
description DNAC2 MLOM2 Intra Cluster Network
switchport mode trunk
switchport trunk allowed vlan 11

!

interface Ethernet1/18
description DNAC3 MLOM2 Intra Cluster Network
switchport mode trunk
switchport trunk allowed vlan 11

**

interface Ethernet1/11
description DNAC1 MLOM1 Enterprise Network
switchport mode trunk
switchport trunk allowed vlan 211

!

interface Ethernet1/15
description DNAC2 MLOM1 Enterprise Network
switchport mode trunk
switchport trunk allowed vlan 211

!

interface Ethernet1/17
description DNAC3 MLOM1 Enterprise Network
switchport mode trunk
switchport trunk allowed vlan 211

 

 

 

deadbeef-n9k1# show mac address-table vlan 11
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 11 380e.4d37.af0a dynamic 0 F F Eth1/12
* 11 b4de.31bd.7aa1 dynamic 0 F F Eth1/16
* 11 b4de.31dd.77ed dynamic 0 F F Eth1/18

 

deadbeef-n9k1# show mac address-table vlan 211
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 211 380e.4d37.af09 dynamic 0 F F Eth1/11
* 211 b4de.31bd.7aa0 dynamic 0 F F Eth1/15
* 211 b4de.31dd.77ec dynamic 0 F F Eth1/17

 

 

From the CIMC (DNAC1)
Host Ethernet Interfaces
Total 2

NAME CDN           MAC               MTU  VLAN  VLAN MODE
eth0 VIC-MLOM-eth0 38:0E:4D:37:AF:09 1500 211   TRUNK
eth1 VIC-MLOM-eth1 38:0E:4D:37:AF:0A 1500 11    TRUNK

 

 

If may serve you better to open a Cisco TAC Case so you can discuss all your questions and doubts with a Cisco DNA Center Engineer.

 

ciscoworlds
Level 4
Level 4

Thank you. You solved my first question with this detailed answer. Would I ask why both 10Gbps ports (as you said, mLOM ports, or eth0/eth1 ports) have been configured as trunk? If I got right, we need to configure a separate VIP for each configured interface and I read somewhere that the VIP is the reason behind the port type of trunk. But The both of the VIP and the interface primary IP address are members of the same L3/VLAN, so shouldn't we configure those port as access? What is the benefit of setting up those ports as trunk, but restricting them to only "one single" VLAN?!! Is it the mandatory setup or what?

 

I appreciate your time @Tomas de Leon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: