Here are some commonly asked questions and answers to help with your adoption of Cisco DNA Center. Subscribe to this post to stay up-to-date with the latest Q&A and recommended Ask the Experts (ATXs) sessions to attend.
What are the system specifications that I need to be aware of before physically installing DNA Center in my Data Center?
Before you install DNA Center, be sure that you have gone through the power and rack requirements in the installation guide for the device model that you have:
Disclaimer: Although the installation guide is mentioned here for your reference, please note that End-of-Life (EoL) was set for first-generation DNA Center on 15th Feb, 2019. This hardware was last shipped on 14th Sep, 2019. Please contact your Cisco Account team to check on the available migration options.
I see that DNA Center has multiple ports available. Do I need to connect all of them? If not, which are the ones I need to focus on initially?
Note that with Second-Generation DNA Center appliance, all ports except the CIMC port are capable of 10 Gbps connectivity. When you are installing the device in your Data Centre, ensure that the uplink devices can support this. Mandatory ports required from Day 1:
10-Gbps Enterprise port: This port is used to connect back to your enterprise network. This needs to be connected to a switch which has reachability to rest of your infrastructure.
10-Gbps Cluster port: This port must be connected in a multi-node DNA Center installation.
Optional ports which are not needed on Day 1 but need to be considered at some later time:
1/10 Gbps Management port: This port, as the name suggests, is used for managing the DNA Center appliance. This is good to connect if your company policy is to have a separate management Vlan for managing devices on the network.
1/10 Gbps Cloud port: This port is used by the DNA Center appliance to reach out to the internet for software upgrades and other functions like location features. In the absence of this connectivity, please make sure that you can reach the internet via Enterprise port; otherwise you will not be able to get regular updates and some features might not work.
1 Gbps CIMC port: This port provides browser-based access to CIMC, which is the out-of-band GUI appliance management interface. Although not mandated, it is highly recommended to have this in place.
Can you also share the requirements for IP connectivity?
All interfaces mentioned in the previous question need an IP address to function. However, DNA Center requires more than an IP address on its interfaces to perform its operations. This is a requirement very particular to DNA Center and it’s important to plan for it. Apart from the interface IP addresses, DNA Center also requires two /21 subnets for internal communication. This is a Cisco DNA Center micro service architecture requirement. The two subnets are called:
Services Subnet: A dedicated IP subnet for the appliance to use in managing and getting IPs for communications among its internal application services: Cisco DNA Assurance, inventory collection, and similar.
Cluster Services Subnet: A dedicated IP subnet for the appliance to use in managing and getting IP addresses for communications among its infrastructure services: database access, the message bus, and similar.
Also note that these two subnets need to comply with IETF RFC 1918 and 6598 specifications for private networks:
Also required during installation are coordinates for DNS & NTP Servers. NTP Server is required because DNA Center is cluster-based implementation, which makes it important that the clocks in different nodes are in sync with each other. Clock Sync is also useful if you are integrating DNA Center with ISE.
Why do I need to provide internet access to DNA Center? If this is really necessary, what is the best way to achieve external connectivity?
By default, the appliance is configured to access the internet to download software updates, licenses, and device software, as well as, provide up-to-date map information, user feedback, and so on. Internet connection for these purposes is mandatory.
Using an HTTPS proxy server is a reliable way to access remote URLs securely. We recommend that you use an HTTPS proxy server to provide the appliance with the access it needs to the URLs listed in Table 2 here.
Are there any other pre-requisite before I start adding devices to DNA Center?
Yes. First, check the device compatibility matrix to ensure that the devices belong to a supported hardware family and have the minimum software installed.
Second, ensure that DNA Center can communicate with the device on the following protocols in Table 3 and 4 here.
Simply click on the preferred session time to reserve your spot today! Through live Q&A and solution demos, Ask the Experts (ATXs) real-time sessions help you tackle deployment hurdles and learn advanced tips to maximize your use of Cisco technology.
Want even more of your questions answered by Cisco experts?
After the sessions, Cisco experts will also answer any questions around Getting Started or Installation Best Practices on ATXs Follow Up Discussion from May 12 till May 14.
Don’t want to miss any ATXs? Bookmark the IBN ATXs calendar and register for new sessions as they're added, so you can discover more best practices and important tips for your technology.
Hello, Hope you all are doing well. I'm having issue with MPLS L3 VPN where I'm not getting ping reply from one CE to another CE where as routes are present in CE of another CE's. the IGP on the backbone is OSPF and using EIGRP to communicate be...
What would be the best way to filter route advertisements from and to a BGP neighbor with keeping flexibility in mind in case requirements change in future? Would it be just to create prefix-list then apply that to a route-map?
I have a setup where multiple identical industrial machines have a PLC with two network cards and routing between the internal 192.168.1.0 network and the plant network 172.16.0.0.Every machine has a unique IP in the plant network but internally the compo...
Hi, I purchased a number of used Cisco 1600 APs from Ebay. I would like to use them in Autonomous mode. One of the has this firmware on it (albeit old version). Since I don't have the ability to get me a more recent versi...
Hello, below I added a screen of my simple test ospfv2 network.From router IOU3 to IP 10.0.0.1/32 - two ways. One more short via IOU1 and another longer via IOU2.Default traceroute from IOU3 is: IOU3#traceroute 10.0.0.11 192.168.1.2 1 msec 0 msec 1 m...