BRKNMS 2031

Cisco DNA Center
The evolution from traditional management

to Intent Based automation and assurance
Lila Rousseaux – CCIE #6899
Technical Solutions Architect
@lila_rousseaux
BRKNMS-2031
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
BRKNMS-2031 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda BRKNMS-2031
• Why an Intent Based solution
• Traditional Management vs. Intent Based Networking
• What is Cisco DNA Center
• Cisco DNA Center Automation- Use Cases Examples
• DAY0: Onboarding new devices using Zero Touch Deployment
• DAY1: Configurations using Templates
• DAYN: Security Advisories based on Machine Reasoning Engine
Demo
• DAYN: Simplified Software Management based on Golden Images &
• DAYN: Defective Device Replacement - RMA
Lecture
• Cisco DNA Center Assurance- Use Cases Examples
• Network Health & Device 360
• Client Health & Client 360
• Application Health & Application 360
• Proactive troubleshooting using Sensors
• What about Prime Infrastructure?

• Key Takeaways
Why an Intent
Based Solution ?
The Cost of Doing Business in the Digital World
$60B Spent on Network

Operations Labor and Tools
Why are companies spending so much?
95% 70% 75%
Network Changes Policy Violations OpEx Spent on Network

Performed Manually Due to Human Error Changes & Troubleshooting
*McKinsey study conducted for Cisco in 2016
Traditional Management vs.
Intent Based Networking
What do we mean by Intent Based Networking?
Manual Policy Intent Based Policy

Conventional Model
Deployment Deployment
The What
The What “QoS Policy for Admin
Branches A-N” Driven
“QoS Policy for
Branches A-N”
Admin
Driven The How
The How
“Change QoS System
config in the “Change QoS
Config in the Driven
following elements”
following flements”
Feature Configuration vs. Intent Based
Networking
FEATURE CONFIGURATION
Feature Configuration vs. Intent Based
Networking INTENT BASED NETWORKING
What is Cisco DNA Center?
Cisco DNA Center: Design, Policy, Provision, Assurance
Intent Based Driven Management
Logical workflow to design, Monitor end-to-end Pinpoint problems faster Manage hardware and
provision, set policy network performance Reduce downtime with an software lifecycles
Respond to changes faster Predict and act on problems end-to-end view instead of Keep up to date, meet
before they happen hop by hop compliance and plan for refresh
Cisco DNA Center: Design,

provision, automate policy and
assure services from one place
Pillars of Cisco DNA Center Covered in this
session
Pillars of Cisco DNA Center Might come up in
Q&A
Cisco DNA Center
Automation:
Using Cisco DNA

Center for Base
Network
Automation
DNA Center Automation - Journey Map
Day 0 Day 1 Day 2 Day N

Network On-boarding Config & Operations Security & Optimization Patching and Maintenance
• Software upgrade
• Greenfield switch on- • Device Provisioning • MRE based Security using SWIM
boarding • Wireless Rogue Advisory
• Application Policy
• WiFi site planning & detection* • Netflow/ETA enablement
deployment w/ Stealthwatch • Bonjour
• StackWise Virtual (SVL)*
• AP Refresh • RMA
Automation Use Cases covered in this session
• Use Case #1- New device onboarding
• Use Case #2- Configurations using Templates

Demo
• Use Case #3- Security Advisories based on Machine
&
Reasoning Engine
Lecture
• Use Case #4- Software and Image Management
• Use Case #5- Defective Device Replacement - RMA
Preparing Cisco DNA Center
Demo
Preparing Cisco DNA Center For your
reference
• Step 1 – Define your network hierarchy

• Step 2 – Define Network Settings and Device Credentials
• Step 3 – Discover existing network
• Step 4 – Check Inventory (Devices in Managed State)
• Step 5 – Assign Devices to Sites
• Step 6 (Optional) - Check Topology
New device onboarding –
Network Plug and Play
Use Case Example
Device Deployment in Campus
Cisco DNA Center
DHCP Server (PnP Server)
IP Address
10.11.11.11
Day 0
Network Admin Pre-

Provisions Cisco DNA
Center
Use Case Example
Device Deployment in Campus Device validates server’s location and
establishes a communication with the server
Cisco DNA Center
DHCP Server
(PnP Server)
Cisco
IOS-XE®
Config IP Address
<..snip..>
file…. 10.11.11.11
CISCO_PNP.pnpserver
"5A;B2;K4;I10.11.11.11;J80"; Switch running
<..snip..> PnP Agent
Day 1
Remote Installer
Day 1 • Mount and cable
devices
• Power-on
Network Admin remotely
monitors status of install
while in progress.
Installer
New device onboarding – Network Plug
and Play
Demo
PnP Server Discovery Options For your
reference
Routers
DHCP with options 60 and 43 (ASR, ISR)
1 PnP string: 5A1D;B2;K4;I172.19.45.222;J80 added to DHCP Server
Wireless
Automated
Access Points
DNS lookup
2
pnpserver.localdomain resolves to Cisco DNA Center IP Address
Switches
(Catalyst®)
Cloud re-direction https://devicehelper.cisco.com/device-helper

3 Redirect
Cisco hosted cloud, re-directs to on-prem Cisco DNA Center IP Address
Manual discovery
not supported for
USB-based bootstrapping Access Points
4 router-confg/router.cfg/ciscortr.cfg
Manual
Manual - using the Cisco® Installer App*

5 iPhone, iPad, Android
* Cisco DNA Center Support in Roadmap

DHCP Server Configuration For your
reference
Microsoft DHCP server to configure
using option 43.
Cisco device acting as a

DHCP server:
ip dhcp pool pnp_device_pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
5A1N;B2;K4;I10.4.48.232;J80
DHCP Server Configuration For your
reference
Sample Linux DHCP server
# Sample /etc/dhcpd.conf configuration
default-lease-time 600;
max-lease-time 7200;
option space CISCO_PNP;
option CISCO_PNP.pnpserver code 43 = string;
option subnet-mask 255.255.255.0;
option broadcast-address 10.30.30.255;
subnet 10.30.30.0 netmask 255.255.255.0 {
range 10.30.30.1 10.30.30.255;
}
class "ciscopnp" {
match if option vendor-class-identifier = "ciscopnp"
option vendor-class-identifier "ciscopnp";
vendor-option-space CISCO_PNP;
option CISCO_PNP.pnpserver "5A;B2;K4;I172.19.210.215;J80";
}
Day-0 deployment using PnP For your
reference
Connect
Cisco® Customer Smart
supply chain Device SN Account Device SN
PnP Connect
Cloud-based device
discovery
Label
2 3
Cisco DNA Center downloads SN
Device SN added SN per Smart 5 from PnP Connect
into customer Account available in
Smart Account PnP Connect Device SN
SSL
4 SSL
Cisco DNA Center

registers its identity
with PnP Connect
7
CCW order
SSL
1 Deploy image and configuration 6

Device provisioned upon Corporate Profile mapped
Customer Smart Cisco DNA HQ to site
Account added as
Installer
8 discovery and Center
part of ordering association to site
Single workflow from supply chain to onboarding Admin
Plug & Play Stack Support
Full Stack Support in

“Unclaimed” and
“Planned” workflow
Plug & Play Stack Support
Software
Upgrade to
whole stack
• Auto-Discover Stack Members

• Stack Icon
Starting with Cisco DNA
Stack Switch Numbering Issue Center1.2
Port # tied to
Before Stack switch Configuration
stack Member ID
Physical View of Stack Logical View of Stack
SR#A
!
1 1 SR#C
SR#B
2 2 SR#B
3 SR#C Discrepancies can cause 3 SR#A

misconfigurations
Physical Rack/Stack/Cabling 4 SR#D 4 SR#D
Device cabling is done based on the Installer Admin 2

physical view of switches Logical view is based on switch Configuration applied
boot-up sequence to logical view
Cisco DNA Center 1.2 PnP

Provides option to select
Logical View of Stack Logical View of Stack
Top of Stack(TOS) and
renumber stack during 1 SR#C 1 SR#A
Renumber stack
provisioning
members 2 SR#B 2 SR#B
Select TOS 3 SR#A 3 SR#C
4 4
SR#D SR#D
Before Renumbering After Renumbering
Deterministic stack order with renumbering

Stack Switch Numbering Issue
Enter the Top of Stack SN and

Stack License level –> System
Level Stack Renumbering
Stack Renumbering triggers an

extra reload
Day N Configuration with Templates
Demo
How do Variables Work For your
reference
Velocity Template Language For your
reference
What is It? What features do I gain

Java-based template engine Source-binding
Allows Cisco DNA-C to expose variables Manipulation of variables
Allows scripting logic to be included in a If-then branches

template
Greatly expands ability of templates to be used For-each loops

everywhere
Variables & Bind to Source For your
reference
Variables & Bind to Source For your
reference
Bind to Source For your
reference
What information can I access?
Common Settings
Inventory
Network Profile
Flexible Deployment Options For your
reference
Key-Value Pairs
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Flexible Deployment Options For your
reference
Min-Max Values
Security Advisories based on
Machine Reasoning Engine
Identifying and fixing vulnerabilities is challenging
and ongoing
Machine Reasoning Engine
Cisco Cloud
Security Advisories based on Machine
Reasoning Engine
Demo
Security Advisories For your
reference
The Common Vulnerability Scoring System

(CVSS) provides a way to capture the principal
characteristics of a vulnerability and produce a
numerical score reflecting its severity.
reference
reference
Software and Image
Management
But wait! Indicates ITSM Process Steps
Doesn’t PI have Image Management?

How to interpret
Actions outside of NMS,
mostly manual
the colors Steps covered in NMS Tool
Steps covered in DNA-C

General Steps to Update Software Image Update
Plan a Select Identify Create a Post
Approval Pre-Check Distribute Activate
Image Golden devices to Change Upgrade Close CR
of CR validations Image Image
Upgrade Image upgrade Request Validation
Traditional NMS Software Image Update

Cisco DNA Center Software Image Update

But wait! Doesn’t PI have Image Management?
Selecting Golden Image
Identify Devices to Upgrade
Image Update Readiness Checks
Out of box Pre-Checks and Post-Checks
Software Upgrade – Integrity Verification
End User Deployment Cisco Development Cycle
Network Integrity Known Good Value Network Device

CCO
Devices Verification Collection Development
Software Is the software used by the device authentic? Includes checks of the
software files (Known Good Value) and in-memory (Imprint Value) contents. Also
includes shell access attempts (Event Occurrence)
• To provide a level of security integrity devices must run authentic and valid software
• Cisco DNA Center Integrity Verification uses a system to compare collected image
integrity data to Known Good Values (KGV) for Cisco software.
• The MD5 or SHA values of the images are validated against KGV’s.
• To provide a level of security integrity devices must run authentic and valid software
• Cisco DNA Center Integrity Verification uses a system to compare collected image
integrity data to Known Good Values (KGV) for Cisco software.
• The MD5 or SHA values of the images are validated against KGV’s.
Software and Image Management
Demo
What you need to know …
• Both BUNDLE mode and INSTALL mode are supported
• We don’t support BUNDLE/INSTALL mode conversion
• INSTALL mode doesn’t allow to import image directly from the device
• To upgrade image during PnP the device has to be in INSTALL mode
Bundle Mode
Install Mode
N+1 rolling AP upgrades For your
reference
Zero client downtime during image upgrades
Unified management
with Cisco DNA Center Key highlights
Policy Automation Assurance
WLC #N WLC #1 WLC #2  Automated group creation

N+1 Cisco® Catalyst® with Radio Resource
9800 Series Wireless Management for
Controllers N+1 rolling AP upgrades
 No more manual
intervention to create
groups in Cisco Prime®
Infrastructure
 Manage all your software

Wave 1 and Wave 2 updates and upgrades
access points through Cisco DNA Center
N+1 Rolling AP Upgrade - Process AP
Trigger Rolling
Upgrade
X
Version : X+1 Mobility Group Version: X+1
Primary 1. Device auto selects candidate APs based on selected Upgraded N+1
% and RRM AP Neighbor Map
2. The primary controller selects a set of APs as part of
iteration and configures their primary controller to point to
the N+1 controller and does a swap and reboot of APs.
3. Once the APs are available on the N+1 controller, they

send out the message to primary controller to move to
the next iteration.
4. After all the APs are upgraded and moved to the N+1
controller, the primary controller is rebooted to activate
the new image.
5. After the primary controller is upgraded with the new

image, the APs from N+1 controller will be moved back
to primary controller in a staggered way without
rebooting the APs.
N+1 Rolling AP Upgrade For your
reference
• An N+1 HA controller is required to perform the Rolling AP upgrade

• The N+1 controller is already running the Golden image
• N+1 controller should be running the same configuration as the Primary WLC
(WLANs and policies)
• The N+1 controller is reachable and in Managed state in Cisco DNA Center.
• Mobility Tunnel Up between Primary & N+1: The Primary WLC and N+1 WLC should
be part of same Mobility Group and the Mobility Tunnel should be UP between the
two before initiating the Rolling AP upgrade process.
• The AP upgrade information between the Primary and N+1 controllers are
exchanged through the mobility tunnel.
Defective Device
Replacement - RMA
Why Defective device replacement
(RMA) in Cisco DNA Center?
• RMA is a critical part of device lifecycle management.
• Existing RMA procedure is manual and time consuming.
• RMA in Cisco DNA Center provides users the ease of
automation to recover failed device quickly, thus
improving productivity and reducing Opex.
   Replace  Revoke
Device in Replace
Deploy PKI
Restore Deploy DNAC Device in
Archived trustpoint
Image License (Inventory, ISE
Config from faulty
Assurance
device
SDA)
Return Material Authorization (RMA) workflow
Cisco DNA Center
Gig 1/0/1 IP Address

10.11.11.11
SW1 Failed
Device
Return Material Authorization (RMA) workflow
Cisco DNA Center
Gig 1/0/1 IP Address

10.11.11.11
Replacement switch is racked SW 1
Config
and all the connections are file….
moved from the RMA device to
the replacement switch
SW1 Failed
Device
SW2 Replacement
Device
Installer
Benefits of DNA Center RMA Workflow
     
DNA Center RMA
Replace
Revoke
Device in Replace
Deploy PKI
Restore Deploy DNAC Device in
Archived trustpoint
Image License (Inventory, ISE
Config from faulty
Assurance
device
SDA)
Traditional NMS/Manual

 
Manual Deploy Manual
Archived
Config
Defective Device Replacement - RMA
Demo
Cisco DNA Center 1.3.1: RMA For your
reference
• Only like-to-like replacement is supported.

• Supports both fabric (SDA) and no-fabric devices. SDA supports One-Touch RMA only
• RMA Methods:
• Zero-Touch RMA - Replacement device is connected to Cisco DNA Center via PnP. No
manual configuration on device required. Not yet supported for devices in fabric (SDA).
• One-Touch RMA - Replacement device is manually configured via console with basic IP
and mgmt. credentials first so it can be discovered by Cisco DNA Center
• Supported platforms: Routers and Switches.
• It is two-reboot process if image upgrade is required, 1st reboot for image upgrade and 2nd
reboot for configuration, licensing and etc.
• Configuration:
• The running config is archived only at initial discovery of device and at 23:00 daily.
• vlan.dat on switch is archived same way as the running config.
Checklist before proceeding with For your
RMA in production reference
• Cisco DNA Center release is 1.3.1 is or above.

• Faulty switch that needs to be replaced must be in UNREACHABLE state.
• The replacement switch has the same exact SKU as the RMA device (faulty)
• Replacement switch is racked and all the connections are moved from the RMA
device to the replacement switch
• Replacement switch is powered up
• Replacement switch onboarded using PnP and is available as an unclaimed device in
the PnP inventory.
• For devices with legacy licensing, the license on the replacement device should
match the license on the faulty device to be replaced.
• Replacement switch boot mode is INSTALL mode (as opposed to BUNDLE mode)
Cisco DNA Center
Assurance:
Gaining Deep Insights

with Cisco DNA Center
Assurance and Analytics
Cisco DNA Center Assurance
From Network Data to Business Insights
Network Telemetry Complex Event Guided

Correlated Insights
Contextual Data Processing Remediation
Traceroute 001110101100110
Complex
1010110010 Clients Baseline
Syslog Netflow correlation
00101101
AAA Router DHCP Metadata
0110100 extraction
Telnet Wireless CLI
1101101
DNS
OID IPSLA Ping 00101101 Steam
SNMP MIB 10101100110 Processing Application Network
IPAM
AppD 101011000110011
CMX
Everything as a Sensor
170+ Actionable Insights
Client | Applications | Wireless | Switching | Routing
Assurance Use Cases covered in this session
• Use Case #1- Overall Health Dashboard
• Use Case #2- Network Health & Device 360
• Use Case #3- Client Health & Client 360 Demo

• Use Case #4- Application Health & Application 360
• Use Case #5- Sensors
Assurance & Analytics
Demo
What about Prime
Infrastructure?
Deployment with Prime and Cisco DNA Center
DNA Center Managed Prime and DNA Center

Network Managed Network
• DNA Center is used for Day • Run DNA-C and Prime

0 and Day 2. together in the network
• One time migration from • DNA Center is used for
Prime to DNA Center Automation or Assurance or
both for parts of the
network
There is only one system that will make changes to the network
Migration Scenarios
Full Migration from Prime to DNAC
Prime and DNAC Co-existence
1 DNAC on Assurance Mode PI = R/W, DNAC = RO
2 DNAC on Automation + Assurance Mode PI = RO, DNAC = R/W
3 DNAC on Automation Mode PI = RO, DNAC = R/W
Assurance in Cisco DNA Center and Config in
Prime
1 Prime DNA Center
Devices Devices
Maps Identify the Maps

Select WLC
Sites
– Migrate to CMX Settings
CMX Settings Managed
DNAC
by WLC
ISE Mapping ISE Mapping
Groups / Sites Groups / Sites
WLC is RO in DNAC
• Reports • Maps synced from

• Configuration of WLC Prime for selected sites
• Update of Maps • Issues and resolution in
• Rogue DNAC
• Compliance • Sensor & Proactive
troubleshooting
Co-Existence Overview
• Sites
• Buildings
• Floors with floor
plan
• Floor elements –
Inclusion/Exclusion
Areas, Obstacles
etc
• WLCs
• APs
• Routers
• Switches
• CMX Servers
Prime Infrastructure Cisco DNA Center –
3.5 Update 2 1.2.6,1.2.8,1.2.10, 1.3
Jump start with DNA Center with a readily available site layout
Co-existence Overview
Prime DNA Center
California California
♻ Site
♻ Buildings
Denver
♻ Floors along with floor plan
New York ♻ Routers
Seattle ♻ Switches
♻ WLC
Florida
♻ AP’s
♻ AP Position on the floor maps
♻ Floor Elements like
Exclusion/Inclusion Regions,
Obstacles etc
Jump start with DNA Center with a readily ♻ CMX Servers
available site layout
Co-existence Workflow
Enabling auto sync will move modifications of already

migrated data from Prime Infrastructure to DNA Center
automatically right after modification
Cisco DNAC vs Prime - Lifecycle Mgmt for IOS-XE Based
Infrastructure
Cisco DNAC Prime Comments For your
Discovery/Inventory/Sites/Topology reference
Day 0
Device Onboarding/PnP
Sensor Onboarding
StealthWatch/ETA Integration
Day 1
App Policy
Rolling AP Upgrades PI: limited support (AireOS only)
Rogue Detection 1.3.1: 1st phase
Proactive Insights w/ Sensors
Intelligent Capture
Day N
1.3.1: Configure and deploy application policies on

Application policy support
Catalyst 9800 WLC
Compliance
1.3.1: Client, Inventory, SWIM

Reports
Roadmap: other reports
*Cisco DNAC 1.4
Cisco DNAC vs Prime - Lifecycle Mgmt for IOS-XE Based
Infrastructure
Cisco DNAC Prime Comments For your
reference
Defective device replacement
Security advisories Requires Machine Reasoning package
Browser-Based Configuration Wizard
Application hosting Docker applications on Catalyst 9300 series switches
Telemetry profile enhancements 1.3.1: support for the Application Visibility profile
ACI groups in Cisco DNA Center

Day N
Wide Area Bonjour application Provides you with centralized access control and
monitoring capabilities for large-scale Bonjour services
Stealthwatch Security Analytics Service 1.3.1: 1st phase
AI: Network Analytics
AI: Trends, Insights, Comparative Analytics
Data Rate KPI (wireless clients)
Ekahau Integration
Embedded Wireless Support: Fabric Edge Support for Cisco Catalyst 9300/9400/9500 Series
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Key Takeaways
Key Takeaways
Traditional NMS solutions are insufficient for managing

TODAY’s networks
“Network Profiles” help deliver Business Intent for

Automation - Day 0 to Day N
Downtime is expensive. Leverage Cisco DNA Center

Assurance to address issues faster to dramatically minimize
downtime and increase productivity.
DNA Center is real and ready for production deployments
today, both greenfield and brownfield
Check out my blogs
Blog #1: Network Plug and Play &

RMA
https://gblogs.cisco.com/ca/2019/11/11/unpacking-cisco-dna-center-part-1-of-3-base-
automation-use-case-network-plug-and-play-rma/
Blog #2: Intent-based Software

Upgrades
https://gblogs.cisco.com/ca/2019/12/18/unpacking-cisco-dna-center-part-2-of-3-base-
automation-intent-based-software-upgrades/
Complete your
online session
survey • Please complete your session survey
after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events
Mobile App or by logging in to the Content
Catalog on ciscolive.com/emea.
Cisco Live sessions will be available for viewing on

demand after the event at ciscolive.com.
Continue your education
Demos in the
Walk-In Labs
Cisco Showcase
Meet the Engineer

Related sessions
1:1 meetings
Thank you
Reference Slides
Cisco DNA Center Scale

and device support
DNA Appliance – Scale and Hardware Spec
DN2 - Entry DN2 – Mid Size DN2 - Large
 44 Core M5  56 Core M5  112 Core M5

 1000 Switches and Routers  2000 Switches/Routers  5K switches/routers
 4000 APs  6000 AP  13K AP
 25K Clients (75K transient)  40,000 Clients (120K transient)  100,000 Clients (40/60KWLAN)
 1.2.8 Release  1.3 Release (250K transient)
 1.3 Release
Automation HA available with all models

Cluster members must be of the same
appliance type
Including (DN2-Entry with DN1)
Cisco DNA Center 1.3.3 Supported Devices
https://www.cisco.com/c/en/us/support/cloud-systems-management/dna-
center/products-device-support-tables-list.html
Reference Slides
Sensor Tests
Cisco DNA Center Sensor Tests
Network Tests
• Wireless Onboard Tests: Connects to the SSID with credentials and gets the IP address
through DHCP. It then verifies the gateway and DNS server received through DHCP.
• RF Assessment Test: Cisco DNA Center collects various RF performance measurements
like Tx/Rx Data rate and SNR during the active sensor testing and assesses the quality of
the RF environment during that sensor test.
• DNS Tests: Resolves IP address for the domain name.
• Host Reachability Tests: Verifies reachability using the Internet Control Message Protocol
(ICMP) echo request.
• RADIUS Tests: The sensor acts as a RADIUS authenticator and authenticates through
wireless. Sensors can test RADIUS Server using Password Authentication Protocol (PAP)
or the Microsoft version of the Challenge-Handshake Authentication Protocol (MS-CHAP).
*if the network administrator is already using the Wi-Fi Onboarding test that includes
802.1x/EAP Authentication, then this RADIUS test is essentially already covered as part of
the onboarding test.
Performance Tests
• Speed Test: Performs tests against NDT servers in the internet to obtain to the
downlink & uplink throughput and latency. Here is test sequence
• Sensor will send http query to M-Lab Server to get nearest M-lab Server info.
• Then Sensor will use returned NDT server cluster info
• Sensor will access NDT server using TCP Port 3001
• IP SLA Test: Sensor sends an UDP probe to the AP that acts as a responder to
determine the Jitter, Latency, Packet Loss and Round Trip time of the last hop
Application Tests
• Email Tests includes the following:

• Internet Message Access Protocol (IMAP) - Connects to IMAP server TCP port (143).
• Post Office Protocol3 (POP3 - Connects to POP3 server TCP port (110).
• Outlook Web Server (OWS) - Logs into the OWS (with On-Premise Exchange Server)
and verifies access.
• File Transfer Tests: Tests for upload or download file operation using FTP protocol
• Web Tests (http, https): Tests for access to the provided URL and verifies the
response data.
Reference Slides
Prime and DNAC

Migration Scenarios
Migration Scenarios For your
reference
Full Migration from Prime to DNAC
Prime and DNAC Co-existence
1 DNAC on Assurance Mode PI = R/W, DNAC = RO
2 DNAC on Automation + Assurance Mode PI = RO, DNAC = R/W
3 DNAC on Automation Mode PI = RO, DNAC = R/W
Scenario 1 For your
Full Migration: Prime to DNA Center reference
Prime DNA Center
Devices One-time migration to Devices

DNA Center
Maps Maps
CMX Settings CMX Settings
Co-Existence: Scenario - 1 For your
reference
Assurance in DNA Center and Config in Prime
1 Prime DNA Center
Devices Devices

Select WLC
Sites
DNAC
by WLC
WLC is RO in DNAC
• Reports • Maps synced from

• Configuration of WLC Prime for selected sites
• Update of Maps • Issues and resolution in
• Rogue DNAC
• Compliance • Sensor & Proactive
troubleshooting
reference
Assurance and Automation in DNA Center
Prime DNA Center
2 Devices
Devices

Select WLC
Sites
DNAC
by WLC
WLC is RO in Prime
• Reports • Automated Deployment

• Rogue • Issues and resolution in
• Maps synced from DNAC
DNAC for migrated sites • Sensor & Proactive
• Cannot push changes to troubleshooting
WLC or AP’s managed • Maps and AP Placement
by DNAC
reference
Automation in DNA Center and Monitoring with Prime
Prime DNA Center
3 Devices Devices

Select WLC
Sites
DNAC
by WLC
WLC is RO in Prime
• Reports • Automated Deployment

• Rogue • Software Update
• Maps synced from • Day 2 Changes
DNAC for migrated sites • Maps and AP Placement
• Troubleshooting from
Prime

BRKNMS 2031

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

BRKNMS 2031

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKNMS 2031

Uploaded by

Copyright:

Available Formats

Cisco DNA Center

The evolution from traditional management

• What about Prime Infrastructure?

$60B Spent on Network

Why are companies spending so much?

95% 70% 75%

Network Changes Policy Violations OpEx Spent on Network

Manual Policy Intent Based Policy

Cisco DNA Center: Design,

Using Cisco DNA

Day 0 Day 1 Day 2 Day N

• Use Case #1- New device onboarding

• Use Case #2- Configurations using Templates

• Use Case #5- Defective Device Replacement - RMA

• Step 1 – Define your network hierarchy

Network Admin Pre-

Cloud re-direction https://devicehelper.cisco.com/device-helper

Manual - using the Cisco® Installer App*

* Cisco DNA Center Support in Roadmap

Cisco device acting as a

Cisco DNA Center

1 Deploy image and configuration 6

Single workflow from supply chain to onboarding Admin

Full Stack Support in

• Auto-Discover Stack Members

Physical View of Stack Logical View of Stack

3 SR#C Discrepancies can cause 3 SR#A

Device cabling is done based on the Installer Admin 2

Cisco DNA Center 1.2 PnP

Select TOS 3 SR#A 3 SR#C

Before Renumbering After Renumbering

Deterministic stack order with renumbering

Enter the Top of Stack SN and

Stack Renumbering triggers an

What is It? What features do I gain

Allows Cisco DNA-C to expose variables Manipulation of variables

Allows scripting logic to be included in a If-then branches

Greatly expands ability of templates to be used For-each loops

The Common Vulnerability Scoring System

Doesn’t PI have Image Management?

the colors Steps covered in NMS Tool

Steps covered in DNA-C

Traditional NMS Software Image Update

Cisco DNA Center Software Image Update

End User Deployment Cisco Development Cycle

Network Integrity Known Good Value Network Device

WLC #N WLC #1 WLC #2  Automated group creation

 Manage all your software

3. Once the APs are available on the N+1 controller, they

5. After the primary controller is upgraded with the new

• An N+1 HA controller is required to perform the Rolling AP upgrade

Gig 1/0/1 IP Address

Gig 1/0/1 IP Address

• Only like-to-like replacement is supported.

• Cisco DNA Center release is 1.3.1 is or above.

Gaining Deep Insights

Network Telemetry Complex Event Guided