on 09-18-2020 11:19 AM
Installing and Activating Service on the Cisco DNAC Appliance v1.2.8
This document describes the steps that you need to follow to install and activate the Cisco Digital Network Architecture v1.2.8
Note: For additional information about how to use the Cisco DNA Center v1.2.8, refer to the documentation at https://www.cisco.com/c/en/us/support/cloud-systems-management/dna-center/products-installation-guides-list.html and navigate to Required version of Install Guides. Look for the documentation that is applicable to your version of DNA Center software you are planning to install.
Before You Begin
You will need some or all of the following resources, depending on your IP addressing implementation and the service you want to activate within DNA Center:-
DNA Center Best Practices Checklist
Prerequisites – What do I need ?
Appliance Management port – CIMC (recommended)
10Gbit port [enp9s0] - Enterprise Network
10Gbit port [enp10s0] - Intra Cluster Link
1Gbit port [enp1s0f0] - Management (optional *)
1Gbit port [enp1s0f1] - Cloud Update Connectivity (optional *)
DNS Server IP Address (1 required, 2+ recommended)
NTP Server IP Address (1 required, 2+ recommended)
Proxy Server IP Address (required if direct internet access is not available – http proxy only)
Note: * Required only if the Management network and/or the Cloud Update server is not reachable via the Enterprise Network.
Prerequisites – IP Address Requirements
DNA Center Cluster
Cluster Virtual IP Address – Used to connect to the Enterprise Network
Cluster subnet and Service subnet address pool - /21 subnet for each
For each DNAC Appliance
CIMC – Management of the DNAC Appliance hardware (recommended)
Enterprise Network – Interface that is connected to the Enterprise network
Intra Cluster Link – isolated network used for communication between the DNA Center cluster nodes
Management (optional *) – used for DNA Center management
Cloud Update Connectivity (optional *) – used to update the DNA Center software
Note: *The Intra Cluster Link IP address and the Cluster/Service subnet address pools cannot be changed after installation.
Installation Best Practices
Planning the DNAC Deployment:-
Ensure the below steps have been taken care before you start with Installation and Configuration of Device
Required Interface cable connections
Required IP address and Subnets
Required Internet URLs and FQDNs and Provide Secure Access to the Internet
Required First-Time Setup Information
Once you have got the above links checked you should be good to go with the installation and changes of install failure and getting exhausted of IP address gets reduced, resulting in successful installation. Lets now jump to installation and configuration procedures to complete DNA Center full deployment.
Installation Steps:-
Step-1: Connect and power on the appliance, Attach the supplied power cord to each power supply in the appliance and then attach the power cords to a grounded AC power outlet.
Step-2: Connect a USB keyboard and VGA monitor to the server, using the supplied KVM cable connected to the KVM connector on the front panel. Alternatively, you can use the VGA and USB ports on the rear panel. You can only connect to one VGA interface at a time.
Step-3: LED lights will come up check the front and rear-panel LEDs and ensure they are functioning properly. Front and Rear panel
Configure the Appliance Steps:-
Link for Step-by-Step guidance on Appliance configuration:
Configuration guide for DNA Center Appliance 1.2.8
Device/Service Activation (For First time installaters):
Device First time setup and Activation
Cluster Password
Cisco DNA Center supports cluster formation with three nodes. For efficiency and security, we recommend that:
The cluster is created with dedicated separated interfaces for connecting to the enterprise network, forming an intra-cluster network and connecting to a dedicated management network.
The intra-cluster network is created as an isolated Layer 2 segment and not connected or routed through any other network segments.
You not reuse passwords (CIMC or SSH) across the Cisco DNA Center cluster members.
SSH/Maglev Password Recovery
You must secure the SSH password. Share the SSH password only with the super admin. Cisco DNA Center does not provide functionality to recover the SSH password.
Web UI Password Recovery
If a web UI user's password is lost, the password can be reset using the command line shell (which requires SSH or console access). See "Reset Forgotten Password" in the Cisco Digital Network Architecture Center Administrator Guide.
Password Encryption
Cisco DNA Center uses SHA-512 encoding of operating system user passwords (the strongest method available for UNIX-based systems). There is no user-configurable action available for Cisco DNA Center’s password encryption mechanism.
Logs and Database Management
The system logs are available to the operating system administrator user with escalated privileges (sudo access). The application logs are stored in Elasticsearch, and accessed through the web UI after authentication. The databases are protected by credentials, which are randomly generated during installation and securely passed to the applications that need database access. There is no user-configurable action available to change these settings.
Communication Protocol Payload Encryption
In clustered mode, Cisco DNA Center nodes communicate with each other through the intra-cluster network. There is no separate encryption applied to the intra-cluster traffic. There, it is important to keep the intra-cluster network isolated.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: