DNA Center Automates Your Campus!

In?last week’s LinkedIn blog I mentioned that people now are investing time in deeper use of ISE, while waiting for hardware orders to arrive.

NetCraftsmen is also seeing increased interest and use of DNA Center (“DNAC”). So the product use is heating up, if not already hot! And note that there is solid value to be had from DNAC, even if your ISE deployment and NAC situation is still a Work In Progress.

Context: DNAC is Cisco’s automation and management tool for campus / Catalyst switch / IOS devices, including AP’s, WLC’s and newer industrial switches. It can even do things like deploy containerized apps to Cat9K switches.?

TL;DR:?Some of why this is happening might apply to you as well! Seize the opportunity!

There are several use cases that appear to be driving this:

  • DNAC for new switch, AP, and/or WLC (controller) management or deployment
  • DNAC for better switch operations/assurance/visibility, automated upgrades, etc.?
  • DNAC for QoS deployment (QoS desired for IP phones, and DNAC automation likely to be far less costly and much more accurate than manual deployment)
  • DNAC for SD-Access

You don't have to have Cat 9K switches to leverage DNAC. It can automate prior vintage devices. See below.

Note that “deeper ISE” can be independent of DNAC. Yeah, you typically do integrate the two, but that mainly provides the convenience of working within DNAC when deploying SD-Access, rather than having to move back and forth between DNAC and ISE.?

The way I think of it is that ISE controls access to the network, monitoring connected devices, etc. The role of DNAC is design/deployment of devices and policy. The integration of DNAC and ISE means you can do the design/deployment/policy work in one place, DNAC.?

My Recommendations

It comes down to what are your biggest problems, and where can the tools help best.?

ISE device profiling seems to take sites a while to do, for various reasons. So one approach might be to get started monitoring ports (open policy), seeing what’s out on your network, classifying / profiling it, and gradually working your way towards 802.1x/NAC. But that might just need a starting “pop” of focused activity, followed by intermittent attention for a while. (Depending on the urgency of tightening up network security.)

If you have DNAC (and the related Advantage licensing), I’d suggest using it to do automated management of equipment, at the least. The Operations/Assurance features have been getting enhanced, and can spot at least some issues out in “campus switch land”. Some of the wireless features (3-D heat maps!) are pretty nifty.?

While you’re at it (especially if budget planning is active), you might check out the DNAC support documents: which devices, code versions, and DNAC applications are supported.?

DNAC supports most Catalyst and some Nexus equipment. On the Catalyst front, Catalyst 3750 and 3850 are supported to a fair degree. Most recent AP’s and WLC models are also supported by DNAC. (Cisco hasn’t announced end of life for Cisco Prime, and it is still needed for older AP’s and WLC’s that DNAC does not support. But “the end of Prime is on the horizon”?)

The supported devices and code versions can be found from the DNAC support matrix:

This will allow checking which hardware running which software versions DNAC supports. In particular, you can see if your current wireless equipment is or is not supported by DNA Center.

Note that SD-Access ("SDA") support is separate. Unless you’re doing SDA prep planning, if it asks about the SD-Access support matrix, just click "Cancel".

DNAC familiarization: if you want a better idea what DNAC can do for you, I think highly of my NetCraftsmen DNAC Tour blog series. Go to the blog filter Peter Welcher blogs to see my blogs. Several are currently posted. The last ones in the DNAC tour are being posted one per week, subject to reviewer availability.

If you’re going to do SD-Access, I’m a big fan of setting up a lab. References:

For more about SD-Access and how it works, see also the rest of the SD-Access blogs I wrote in 2021 on the NetCraftsmen site. The?final SDA blog?has links to all the blogs in that series.?

Some of the DNAC GUI look and feel may have changed, but the rest should still be useful. Furthermore, that series gets into some topics I haven’t seen elsewhere, including IP address planning for a middle to large multi-site SD-Access deployment. The Cisco materials seem to assume either doing it on the fly, or single-site deployment for starters. Or maybe keeping it simple, either as the most immediate user need, or so as to not scare anyone off (putting on my cynical hat).?

Conclusion

While you’re waiting for backlogged hardware, now is the time to document and do some house-keeping, but also to advance things that you’ve had to put off. ISE features, especially device profiling and 802.1x/NAC is one such possibility, and automation / monitoring or QoS via DNA Center is another “low-hanging fruit”.?

Comments

Comments are welcome, both in agreement or constructive disagreement about the above. I enjoy hearing from readers and carrying on deeper discussion via comments. Thanks in advance!?

Hashtags:?#NetCraftsmen #CiscoChampion #CCIE1773 #ISE #DNACenter?

Disclosure statement

Twitter:?@pjwelcher

LinkedIn:?Peter Welcher

要查看或添加评论,请登录

Peter Welcher的更多文章

  • Introduction to Microsegmentation

    Introduction to Microsegmentation

    This blog begins an introductory series of moderately long blogs, covering key aspects of Microsegmentation and Zero…

    3 条评论
  • Pete’s Take: Catchpoint at Cloud Field Day 22

    Pete’s Take: Catchpoint at Cloud Field Day 22

    Tech Field Day always produces such great technical content! However, it can be a challenge keeping up with it due to…

  • AI Ate My Blog on RoCEv2

    AI Ate My Blog on RoCEv2

    I acknowledge I’ve been a blog technology summarizer for quite a while. It served to help me broaden/solidify my skills…

  • AI Datacenter Switch Math

    AI Datacenter Switch Math

    Author: Pete Welcher, Coauthor: Brad Gregory This is blog #3 in a small series about Networking for AI Datacenters…

  • AI Requirements for Datacenter Networking

    AI Requirements for Datacenter Networking

    Author: Pete Welcher. Coauthor: Brad Gregory.

  • Quick Takes #2, February 2025

    Quick Takes #2, February 2025

    I’m working on some longer blogs that I hope to be able post in the next week or two. In the meantime, lots of exciting…

  • Quick Takes: February 2025

    Quick Takes: February 2025

    I’ve got some longer technical blogs in the works. For this week, it’s time again for some of my “Quick Takes”:…

  • Pete’s Take: Pain Points in Networking and IT

    Pete’s Take: Pain Points in Networking and IT

    It’s a new year, so time to look at how Networking and IT have been evolving. Ignoring the AI elephant in the room.

    1 条评论
  • Pete’s Take: Pondering NetOps/AIOps Strategy

    Pete’s Take: Pondering NetOps/AIOps Strategy

    What’s new in NetOps, including AIOps, and where are things heading? Some thoughts ..

    1 条评论
  • Pete's Take: AI/ML and Error

    Pete's Take: AI/ML and Error

    Artificial Intelligence (AI) has certainly received a lot of press lately. And achieved new levels of hype.

社区洞察

其他会员也浏览了