cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.
Get the latest news in this issue of the Cisco Small Business Monthly Newsletter

Service Activation: Installing and Activating Service on the Cisco DNAC Appliance (version 1.2.8)

1317
Views
5
Helpful
0
Comments

Installing and Activating Service on the Cisco DNAC Appliance v1.2.8

This document describes the steps that you need to follow to install and activate the Cisco Digital Network Architecture v1.2.8

Note: For additional information about how to use the Cisco DNA Center v1.2.8, refer to the documentation at https://www.cisco.com/c/en/us/support/cloud-systems-management/dna-center/products-installation-guides-list.html and navigate to Required version of Install Guides.  Look for the documentation that is applicable to your version of DNA Center software you are planning to install.

Before You Begin

You will need some or all of the following resources, depending on your IP addressing implementation and the service you want to activate within DNA Center:-

DNA Center Best Practices Checklist

Prerequisites What do I need ?

  • Review environmental requirements in Installation Guide and provision for 2 x PSUs
  • Network Patch Requirements for each DNAC Appliance (based on best practice recommendations):

Appliance Management port CIMC (recommended)

10Gbit port [enp9s0] - Enterprise Network

10Gbit port [enp10s0] - Intra Cluster Link

1Gbit port [enp1s0f0] - Management (optional *)

1Gbit port [enp1s0f1] - Cloud Update Connectivity (optional *)

  • Additional Settings for Configuration Wizard

DNS Server IP Address (1 required, 2+ recommended)

NTP Server IP Address (1 required, 2+ recommended)

Proxy Server IP Address (required if direct internet access is not available http proxy only)

  • Proxy server port if required
  • Proxy server username / password if required

Note: * Required only if the Management network and/or the Cloud Update server is not reachable via the Enterprise Network.

Prerequisites – IP Address Requirements

DNA Center Cluster

Cluster Virtual IP Address Used to connect to the Enterprise Network

  • This IP Address should be taken from the Enterprise Network subnet
  • The Cluster Virtual IP must not be same as any of the node IP address (because it floats around the live nodes)

Cluster subnet and Service subnet address pool - /21 subnet for each

  • Used for internal cluster communications and should not conflict with any other IP in the Enterprise Network

For each DNAC Appliance

CIMC Management of the DNAC Appliance hardware (recommended)

Enterprise Network Interface that is connected to the Enterprise network

  • All DNA appliances should be in the same subnet as the Cluster Virtual IP address (see above)

Intra Cluster Link isolated network used for communication between the DNA Center cluster nodes

  • All DNA appliances should be in the same VLAN

Management (optional *) used for DNA Center management

Cloud Update Connectivity (optional *) used to update the DNA Center software

Note: *The Intra Cluster Link IP address and the Cluster/Service subnet address pools cannot be changed after installation.

Installation Best Practices

  • Always treat DNA-C as a cluster: plan for a “cluster”
  • Standalone box is a “single node cluster”
  • Provision for separate intra-cluster link on day 1
  • Changing the intra-cluster link from one interface to another is not supported
  • Provision for Cluster Virtual IP on day 1
  • Network Devices will continue to see the same IP when more nodes are added
  • Use a complete private network for intra-cluster link (no other machines should be in this network)
  • Use isolated L2 domain (all clusters must be in the same L2 domain)
  • Ensure < 10ms latency (RTT) across the intra-cluster link

Planning the DNAC Deployment:-

Ensure the below steps have been taken care before you start with Installation and Configuration of Device

Required Interface cable connections

Required IP address and Subnets

Required Internet URLs and FQDNs and Provide Secure Access to the Internet

Required Network Ports

Required First-Time Setup Information

Once you have got the above links checked you should be good to go with the installation and changes of install failure and getting exhausted of IP address gets reduced, resulting in successful installation. Lets now jump to installation and configuration procedures to complete DNA Center full deployment.

Installation Steps:-

Step-1: Connect and power on the appliance, Attach the supplied power cord to each power supply in the appliance and then attach the power cords to a grounded AC power outlet.

Step-2: Connect a USB keyboard and VGA monitor to the server, using the supplied KVM cable connected to the KVM connector on the front panel. Alternatively, you can use the VGA and USB ports on the rear panel. You can only connect to one VGA interface at a time. 

Step-3: LED lights will come up check the front and rear-panel LEDs and ensure they are functioning properly. Front and Rear panel

Configure the Appliance Steps:-

Link for Step-by-Step guidance on Appliance configuration:

Configuration guide for DNA Center Appliance 1.2.8

Device/Service Activation (For First time installaters):

Device First time setup and Activation

Manage Credentials and Passwords:-

Cluster Password

Cisco DNA Center supports cluster formation with three nodes. For efficiency and security, we recommend that:

  • The cluster is created with dedicated separated interfaces for connecting to the enterprise network, forming an intra-cluster network and connecting to a dedicated management network.

  • The intra-cluster network is created as an isolated Layer 2 segment and not connected or routed through any other network segments.

  • You not reuse passwords (CIMC or SSH) across the Cisco DNA Center cluster members.

SSH/Maglev Password Recovery

You must secure the SSH password. Share the SSH password only with the super admin. Cisco DNA Center does not provide functionality to recover the SSH password.

Web UI Password Recovery

If a web UI user's password is lost, the password can be reset using the command line shell (which requires SSH or console access). See "Reset Forgotten Password" in the Cisco Digital Network Architecture Center Administrator Guide.

Password Encryption

Cisco DNA Center uses SHA-512 encoding of operating system user passwords (the strongest method available for UNIX-based systems). There is no user-configurable action available for Cisco DNA Center’s password encryption mechanism.

Logs and Database Management

The system logs are available to the operating system administrator user with escalated privileges (sudo access). The application logs are stored in Elasticsearch, and accessed through the web UI after authentication. The databases are protected by credentials, which are randomly generated during installation and securely passed to the applications that need database access. There is no user-configurable action available to change these settings.

Communication Protocol Payload Encryption

In clustered mode, Cisco DNA Center nodes communicate with each other through the intra-cluster network. There is no separate encryption applied to the intra-cluster traffic. There, it is important to keep the intra-cluster network isolated.