06-27-2022 01:57 AM
Hello
Im about to deploy the DNA Spaces Connector. but there is this big problem, as i dont know which FW Ports i need to to open.
there is a configuration guide which mentions which connections are made (Cisco DNA Spaces: Connector Configuration Guide - Open Ports (Wireless) [Cisco DNA Spaces] - Cisco) but this is not detailed, as i do not think my dns server needs 53/UDP connecting to my Spaces Connector. or im pretty sure there is no i ncomming connection from DNA Spaces to my Spaces connector.
perhaps there is someone who can give me mor information which connections from who to who
Solved! Go to Solution.
06-27-2022 04:48 AM
Correct some do not need bi-directional -
Like 443 connecting to cisco cloud
DNS 53 and NTP to sysn Clock.
DNAspace to WLC need to be bidirectional.
06-27-2022 02:46 AM
As mentioned in the document that is correct -From DNA space to WLC - you need to below ports to be open :
TCP/8004, TCP/630, TCP/16113, UDP/161, UDP/2003, TCP/22
DNA space also required DNS Server / NTP / Radius for your infra Services, where the your DNS/NTP Radius in the network.
From DNA space to Internet (most people use proxy to communication( if you looking directly then you need 443 port open required for Cisco Cloud)
06-27-2022 03:41 AM
Thank You
i think i have not detailed out my question.
i need specific rulesets. i dont think DNS is unidirectional.
i need to know who establish ther session for fastlocate and so on.
in the graphic the lines are all unidirectional. and this cannot be correct.
06-27-2022 04:48 AM
Correct some do not need bi-directional -
Like 443 connecting to cisco cloud
DNS 53 and NTP to sysn Clock.
DNAspace to WLC need to be bidirectional.
06-28-2022 11:11 AM
Thank You very much!
This is the hint i needed!
06-28-2022 11:21 AM
Cisco need to improve this product better ...most of the config was command line still.
06-28-2022 11:25 AM
Yes absolutely. Also what cisco should improve is the distribution of their documentation on cisco dna spaces!
All documents to config guide, APIs are hard to find cause of different sources.
I think it is a nice product, and it absolutely will replace our old CMX appliance. As the lincences come with AIR-DNA-x.
04-11-2023 05:43 AM
DNS Spaces - I am defining here as Cisco Spaces Connector - VM Based (Inside of the network)
While communicating VM Based Spaces Connector with internal devices like WLC, APs or Cisco Catalyst, we can create the access list on the Core switch or create Policies on the firewall as per source & destination IP along with Source port & destination port.
As per the attached you can see the source & destination by observing the arrow direction sign.
Arrow sign is the Destination IP & Without Arrow is the source. This is my understanding.
Still verifying few other major points, will edit in-case found anything extra.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide