So you have the DNA Center racked and stacked in your data centre, and you are thinking what next?
To get instant value from your DNA Center, you should next discover and add your network devices to it. In this video, we will take you through the discovery process and also show you how to add devices in the appropriate sites within your network. Note that although the video showcases the discovery of a WLC, the process is same for other device type as well.
Also, it’s always a good idea to visit the DNA Center compatibility matrix page, to see what results you can expect once the devices are added to the DNA Center. The feature and capability that you will achieve once the devices are added, will depend on hardware and software combination you might have.
Cisco DNA Center 1.3v Assurance: Network Discovery
Cisco DNA Center 2.1v Assurance: Network Discovery
At this point if you are wondering what happened behind the scenes and what configuration if at all was added to the devices. Below we provide a sample configuration for different types of devices in the network, which is pushed onto them once they are added to DNA Center.
Wireless:
Note: This example is from a Cisco Catalyst 9800-CL Cloud Wireless Controller, X.X.X.X is the Virtual IP (VIP) of DNAC's enterprise interface and Y.Y.Y.Y is the management IP address of WLC.
crypto pki trustpoint sdn-network-infra-iwan
enrollment pkcs12
revocation-check crl
rsakeypair sdn-network-infra-iwan
crypto pki trustpoint DNAC-CA
enrollment mode ra
enrollment terminal
usage ssl-client
revocation-check crl none
source interface GigabitEthernet1
crypto pki certificate chain sdn-network-infra-iwan
certificate 14CFB79EFB61506E
3082037D 30820265 A0030201 02020814 CFB79EFB 61506E30 0D06092A 864886F7
<snip>
quit
certificate ca 7C773F9320DC6166
30820323 3082020B A0030201 0202087C 773F9320 DC616630 0D06092A 864886F7
<snip>
quit
crypto pki certificate chain DNAC-CA
certificate ca 113070AFD2D12EA443A8858FF1272F2A
30820396 3082027E A0030201 02021011 3070AFD2 D12EA443 A8858FF1 272F2A30
<snip>
quit
telemetry ietf subscription 1011
encoding encode-tdl
filter tdl-uri /services;serviceName=ewlc/wlan_config
source-address Y.Y.Y.Y
stream native
update-policy on-change
receiver ip address X.X.X.X 25103 protocol tls-native profile sdn-network-infra-iwan
telemetry ietf subscription 1012
<snip - many different "telemetry ietf subscription" sections - which ones depends on IOS version and DNAC version>
network-assurance enable
network-assurance icap server port 32626
network-assurance url https://X.X.X.X
network-assurance na-certificate PROTOCOL_HTTP X.X.X.X /ca/ pem
Router:
crypto pkitrustpointDNAC-CA
enrollment mode ra
enrollment terminal
usage ssl-client
revocation-check crl
crypto pkicertificate chain DNAC-CA
<snip>
quit
iphttp client source-interface Loopback0
snmp-server community <RO-COMMUNITY> RO
snmp-server community<RW-COMMUNITY> RW
Switch:
crypto pki trustpoint DNAC-CA
enrollment mode ra
enrollment terminal
usage ssl-client
revocation-check crl
crypto pki certificate chain DNAC-CA
<snip>
quit
device-tracking tracking
!
device-tracking policy IPDT_MAX_10
limit address-count 10
no protocol udp
tracking enable
!
interface <ACCESS-INTERFACES>
device-tracking attach-policy IPDT_MAX_10
ip http client source-interface Loopback0
snmp-server community <RO-COMMUNITY> RO
snmp-server community <RW-COMMUNITY> RW
Next time while you are requesting a change window for performing discovery of your network devices, the above information could come handy.
Want to learn more and get real-time Cisco expert advice? Through live Q&A and solution demos, Ask the Experts (ATXs) real-time sessions help you tackle deployment hurdles and learn advanced tips to maximize your use of Cisco technology. View and register for the upcoming Ask the Experts (ATXs) sessions today. [Pro tip: Subscribe to the event listing for new session updates.]
Need more ATXs resources? Access the latest guides, recordings and more via Cisco DNA Center ATXs Resources.
|