Here are some commonly asked questions and answers to help with your adoption of Cisco DNA Center. Subscribe to this post to stay up-to-date with the latest Q&A and recommended Ask the Experts (ATXs) sessions to attend.
What are the system specifications that I need to be aware of before physically installing DNA Center in my Data Center?
Before you install DNA Center, be sure that you have gone through the power and rack requirements in the installation guide for the device model that you have:
Disclaimer: Although the installation guide is mentioned here for your reference, please note that End-of-Life (EoL) was set for first-generation DNA Center on 15th Feb, 2019. This hardware was last shipped on 14th Sep, 2019. Please contact your Cisco Account team to check on the available migration options.
I see that DNA Center has multiple ports available. Do I need to connect all of them? If not, which are the ones I need to focus on initially?
Note that with Second-Generation DNA Center appliance, all ports except the CIMC port are capable of 10 Gbps connectivity. When you are installing the device in your Data Centre, ensure that the uplink devices can support this. Mandatory ports required from Day 1:
10-Gbps Enterprise port: This port is used to connect back to your enterprise network. This needs to be connected to a switch which has reachability to rest of your infrastructure.
10-Gbps Cluster port: This port must be connected in a multi-node DNA Center installation.
Optional ports which are not needed on Day 1 but need to be considered at some later time:
1/10 Gbps Management port: This port, as the name suggests, is used for managing the DNA Center appliance. This is good to connect if your company policy is to have a separate management Vlan for managing devices on the network.
1/10 Gbps Cloud port: This port is used by the DNA Center appliance to reach out to the internet for software upgrades and other functions like location features. In the absence of this connectivity, please make sure that you can reach the internet via Enterprise port; otherwise you will not be able to get regular updates and some features might not work.
1 Gbps CIMC port: This port provides browser-based access to CIMC, which is the out-of-band GUI appliance management interface. Although not mandated, it is highly recommended to have this in place.
Can you also share the requirements for IP connectivity?
All interfaces mentioned in the previous question need an IP address to function. However, DNA Center requires more than an IP address on its interfaces to perform its operations. This is a requirement very particular to DNA Center and it’s important to plan for it. Apart from the interface IP addresses, DNA Center also requires two /21 subnets for internal communication. This is a Cisco DNA Center micro service architecture requirement. The two subnets are called:
Services Subnet: A dedicated IP subnet for the appliance to use in managing and getting IPs for communications among its internal application services: Cisco DNA Assurance, inventory collection, and similar.
Cluster Services Subnet: A dedicated IP subnet for the appliance to use in managing and getting IP addresses for communications among its infrastructure services: database access, the message bus, and similar.
Also note that these two subnets need to comply with IETF RFC 1918 and 6598 specifications for private networks:
Also required during installation are coordinates for DNS & NTP Servers. NTP Server is required because DNA Center is cluster-based implementation, which makes it important that the clocks in different nodes are in sync with each other. Clock Sync is also useful if you are integrating DNA Center with ISE.
Why do I need to provide internet access to DNA Center? If this is really necessary, what is the best way to achieve external connectivity?
By default, the appliance is configured to access the internet to download software updates, licenses, and device software, as well as, provide up-to-date map information, user feedback, and so on. Internet connection for these purposes is mandatory.
Using an HTTPS proxy server is a reliable way to access remote URLs securely. We recommend that you use an HTTPS proxy server to provide the appliance with the access it needs to the URLs listed in Table 2 here.
Are there any other pre-requisite before I start adding devices to DNA Center?
Yes. First, check the device compatibility matrix to ensure that the devices belong to a supported hardware family and have the minimum software installed.
Second, ensure that DNA Center can communicate with the device on the following protocols in Table 3 and 4 here.