08-27-2018 05:19 AM - edited 03-01-2019 05:10 PM
Technote of the Day (TOTD)
DNAC IP Address Planning Worksheet
Prepared for: Cisco DNA Customer, Solutions Support Prepared by: Tomas de Leon, Technical Leader
November 02, 2018
Document number: 11022018_v2
Objective
The objective of this document is to help you with planning for the different IP addresses and IP address pools that may be needed when planning for the configuration of a DNAC appliance(s) and network devices in your fabric.
Goals
There are some external links that talk about all the different components of the fabric that require IP addressing like the DNAC, Underlay, Overlay etc. Here are some examples but this worksheet will help with the planning if even only for the DNAC.
Update
The worksheet has been updated to include the new VIP requirements for DNAC versions 1.2.5 and later.
The worksheet & example is attached to this article.
Hi;
you’ve mentioned that one separate VIP address is needed per any configured IP address per cluster and there is total of 4 interface per DNAC device. Did you mean we need to have 3 VIP addresses per DNAC device (supposing we are going to use 3 interfaces on each DNAC: Enterprise port, Cluster port & mgmt port)? If yes, why did you only configured just one VIP address in the example worksheet?
thanks.
ciscoworlds,
so if you have 2 configured interfaces then you need 2 VIPs.
so if you have 3 configured interfaces then you need 3 VIPs.
so if you have 4 configured interfaces then you need 4 VIPs.
it just depends on your Cisco DNAC configuration.
Hi;
supposing we've assigned IP address of 1.1.1.1/24 to the Enterprise Interface on DNAC 1 and 1.1.1.2/24 to DNAC 2 and configured VIP address of that Enterprise interface as 1.1.1.100/24, (meanwhile, do we need to assign, for example, 1.1.1.101/24 as VIP to DNAC 2 ?!) then which of these IP addresses are seen by other devices and clients as DNAC IP address?
I was reviewing the DNAC installation guide on Cisco website and got confused about some of parameters. The guide shows configuration of the vNICs (eth0 and eth1) on CIMC web page. To which physical interfaces on the DNAC these vNICs point? to two 10 Gbps interfaces on the DNAC? If so, why these interfaces configured as trunk? I mean, if we are supposed to assign a single IP address to the Enterprise and Cluster interfaces on the DNAC, then shouldn't we configured these interfaces on the DNAC as access port?
I think the configuration guide about the DNA is very confusing and full of blind spots and gaps. Considering the DNA Center is a new product, I think the configuration and installation guide should be very clear so everyone can follow the guide to deploy the solution easily. I read on the document that it is currently impossible to change the IP and configuration of the DNAC after initial setup process and the only way is reimaging the DNA with the help of the TAC!! So I think configuring the DNAC for the first time is like a playing with time bomb!!!
I appreciate any help on understanding the fundamentals as I will deploy the DNAC in the near future for a customer.
Thanks in advance.
The VIP address screen will only appears on DNAC1 install setup. DNAC1 uses "START A CLUSTER" and DNAC2 & DNAC3 uses "JOIN A CLUSTER".
Take a look at my worksheet. It shows a picture of the NICs and the MLOMs. The MLOMs are the 10gb links.
Left = 10Gbit port [enp10s0] - Intra Cluster Link (recommended)
Right = 10Gbit port [enp9s0] - Enterprise Network
Left = 1Gbit port [enp1s0f0] - Management (recommended)
Right = 1Gbit port [enp1s0f1] - Cloud Update Connectivity (recommended)
For Example:
NETWORK ADAPTER #1 10_Gbit port [enp10s0] - Intra Cluster Link (recommended)
NETWORK ADAPTER #2 1_Gbit port [enp1s0f0] - Management (recommended)
NETWORK ADAPTER #3 1_Gbit port [enp1s0f1] - Cloud Update Connectivity (recommended)
NETWORK ADAPTER #4 10_Gbit port [enp9s0] - Enterprise Network (recommended)
Here is a sample of what I have configured for the MLOMs
From the ACCESS SWITCH
interface Ethernet1/12
description DNAC1 MLOM2 Intra Cluster Network
switchport mode trunk
switchport trunk allowed vlan 11
!
interface Ethernet1/16
description DNAC2 MLOM2 Intra Cluster Network
switchport mode trunk
switchport trunk allowed vlan 11
!
interface Ethernet1/18
description DNAC3 MLOM2 Intra Cluster Network
switchport mode trunk
switchport trunk allowed vlan 11
**
interface Ethernet1/11
description DNAC1 MLOM1 Enterprise Network
switchport mode trunk
switchport trunk allowed vlan 211
!
interface Ethernet1/15
description DNAC2 MLOM1 Enterprise Network
switchport mode trunk
switchport trunk allowed vlan 211
!
interface Ethernet1/17
description DNAC3 MLOM1 Enterprise Network
switchport mode trunk
switchport trunk allowed vlan 211
deadbeef-n9k1# show mac address-table vlan 11
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 11 380e.4d37.af0a dynamic 0 F F Eth1/12
* 11 b4de.31bd.7aa1 dynamic 0 F F Eth1/16
* 11 b4de.31dd.77ed dynamic 0 F F Eth1/18
deadbeef-n9k1# show mac address-table vlan 211
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 211 380e.4d37.af09 dynamic 0 F F Eth1/11
* 211 b4de.31bd.7aa0 dynamic 0 F F Eth1/15
* 211 b4de.31dd.77ec dynamic 0 F F Eth1/17
From the CIMC (DNAC1)
Host Ethernet Interfaces
Total 2
NAME CDN MAC MTU VLAN VLAN MODE
eth0 VIC-MLOM-eth0 38:0E:4D:37:AF:09 1500 211 TRUNK
eth1 VIC-MLOM-eth1 38:0E:4D:37:AF:0A 1500 11 TRUNK
If may serve you better to open a Cisco TAC Case so you can discuss all your questions and doubts with a Cisco DNA Center Engineer.
Thank you. You solved my first question with this detailed answer. Would I ask why both 10Gbps ports (as you said, mLOM ports, or eth0/eth1 ports) have been configured as trunk? If I got right, we need to configure a separate VIP for each configured interface and I read somewhere that the VIP is the reason behind the port type of trunk. But The both of the VIP and the interface primary IP address are members of the same L3/VLAN, so shouldn't we configure those port as access? What is the benefit of setting up those ports as trunk, but restricting them to only "one single" VLAN?!! Is it the mandatory setup or what?
I appreciate your time @Tomas de Leon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: