10-15-2019 05:10 PM - edited 10-17-2019 02:14 PM
Cisco DNA Center provides a robust Design application to allow customers of every size and scale to easily define their physical Sites and common network resources (DHCP, DNS, etc.). This is implemented using a hierarchical format for intuitive use, while removing the need to redefine the same resource in multiple places when provisioning devices.
The behavior of Cisco DNA Center is to inherit settings from the global level into subsequent levels of the hierarchy. This enables consistency across large domains while also giving administrators the flexibility to adapt and change for a local building or a floor.
To begin, select the Design app to open it. Once there, you will see a world map within a frame and a site hierarchy on the left-hand side. Add Site is used to create new sites manually or to import them from a CSV file. Cisco DNA Center provides a template that can be downloaded from the Import Sites. This template can be populated with Countries, States, Buildings, etc. and then imported to create a Global Hierarchy. In this article, we will be manually creating sites.
Note: The browser used to configure Cisco DNA Center must have Internet connectivity for the maps to appear.
Create a site hierarchy – Cisco Meraki > Meraki-1 > Floor 5. Select Add Site and select Add Area. Define this Area as Cisco Meraki.
Devices need to be assigned to a Building or Floor. Click on Cisco Meraki and select the gear to add a Building where the network devices will reside. Define this building as Meraki-1. Address: 500 Terry A Francois Blvd, San Francisco, CA 94158
Last, we will create Floors. Floors need to be assigned to a Building or Floor. Expand Meraki-1. Click on the to add a Floor in Meraki-1 building where the network devices will reside. Define this Floor as Floor 5, with the following parameters.
Note: The floor names have to be unique. If there is more than one floor, ensure use a unique name.
We can also add the Floor plan map to the Floor. Upload an already existing Floor plan in dxf, dwg, jpg, gif, or png formats.
We will also add another Area called San Jose. Building in San Jose called SJC-22. And Floor 3 in SJC-22 Building. Once complete, you should see the following hierarchy in your Cisco DNA Center.
Cisco DNA Center lets you save common resources (e.g. DHCP, DNS, syslog) with the Network Setting feature in the Design Application. Information pertaining to the enterprise can be stored and reused across the network and are assigned during when the devices are provisioned to the site.
In the Cisco DNA Center UI, navigate to Design > Network Settings > Network. This is where you configure all device related network settings.
Add the following information for the common resources (shared services) and hit Save in bottom right.
DHCP: Your DHCP server IP Address (both IPv6 and IPv6): 10.5.130.2 and ACE::1
DNS Domain: Your DNS server doman: cisco.com
DNS Server: Your DNS server IP: 10.172.3.220
Syslog Server: Check Cisco DNAC as syslog server
SNMP Server: Check Cisco DNAC as snmp server
NTP Server: Your NTP server IP: 171.68.10.80
Time Zone: PDT
From 1.3, Cisco DNAC we support both IPv4 and IPv6 for DHCP and DNS.
Click on + Add Servers to add AAA and NTP server. Click OK.
We will use ISE TACACS for the authentication for logging into the network devices and ISE RADIUS for the authentication for the endpoints logging onto the network. Add the following information for AAA.
Under AAA Server, select Network and Client/Endpoint.
For Network, select ISE as the server and TACACS as the Protocol. Enter IP address of ISE servers. If ISE server is not configured, click on System Settings.
For Clients, select ISE as the server and RADIUS as the Protocol. Enter IP address of ISE servers. If ISE server is not configured, click on System Settings.
The device credentials created during discovery show up here. Credentials can be modified or new credentials can be created. For onboarding of AP’s and Extended Nodes, the device CLI credentials and SNMP Write need to be selected and saved here. Since we will be doing Fabric wireless, we will need to save the CLI and SNMP Write credentials here.
Click on the CLI Credentials radio button and save at the bottom of the screen.
Click on SNMPV2C Write and click on the radio button and save at the bottom of the screen.
Define Global IP Pools for Network
IP Address Pools are created at the Global level and then reserved within sites. IP Address Pools can be created in Global as a larger Network (e.g. /16) and then reserved as a smaller Subnet within the sites (e.g. /24). Cisco DNA Center uses IP addresses from configured IP address pools for the SD-Access use cases:
Cisco DNA Center will support both manually entering IP Address allotments as well as integrating with IPAM solutions, such as Infoblox, to learn of existing IP Address Pools already in use.
In this article, we will be manually defining the IP Address Pools we require and only creating /24 Subnets for Global IP Pools.
Navigate to Design > Network Settings > IP Address Pools and click on + to Add an IP pool.
Enter IP address details for AP, Campus, IoT, Guest, Border handoff and Multicast Global IP Pools as shown in the following screenshots.
Note: The Overlapping check box, should not be checked. Overlapping allows users to identify overlapping subnets within their network, enabling these addresses to be used in multiple places that would otherwise be denied.
You should see the following Pools created in Global:
For Campus, Guest, Multicast and Border Handoff for a Building
We will be reserving the IP Pools for the site we will be provisioning the devices to. In the hierarchy on the left side, choose SJC-22.When you navigate to the building, the following message appears. It explains the functioning of the hierarchy within Cisco DNA Center and how the network settings can be inherited (assigned) for the child sites in the hierarchy. To prevent its re-appearance, check Don’t show again. Click OK to continue.
On SJC-22, click Reserve IP Pool to make a reservation for this building. Follow the screenshots shown below to reserve IP Pools (for AP, Campus, IoT, and Border Handoff) for building 22.
AP Pool will be just IPv4. Right now, dual stack is not supported.
You should see the following Pools reserved for SJC-22 at the end of this:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: