Cisco DNA Center 2.3.5 Data Sheet

Network discovery

Automatically discovers and maps network devices to a physical topology with detailed device-level data. The discovery function uses the following protocols and methods to retrieve device information, such as IP addresses, neighboring devices, and hosts connected to the device:

Inventory

Retrieves and saves details, such as host IP addresses, MAC addresses, and network attachment points, about devices in its database. After the initial discovery, Cisco DNA Center periodically scans the network to create a “single source of truth” for IT. This inventory includes all network devices, along with an abstraction for the entire enterprise network. It keeps an updated inventory of devices and software images on that device for version control and provides data to applications (such as Software Image Management [SWIM] and Cisco EasyQoS) so that the correct device and image version are used. It allows applications to be device independent, so configuration differences between devices are not a problem.

Network design and profile-based management

Allows you to manage your network in a hierarchical fashion by letting you add areas and buildings on a geospatial map. You can start by defining your sites, then add buildings to sites and add floors with detailed floor plans to the buildings. Cisco DNA Center lets the user define profiles, which consist of common network settings such as device credentials, DHCP, DNS server, AAA server, IP address pool, etc. Wireless settings such as SSIDs and RF profiles can be created globally and customized at site levels. These profiles form the basis for network automation. Network profiles can be created for Cisco Network Function Virtualization Infrastructure Software (NFVIS), routing, firewall (including Cisco Adaptive Security Appliance [ASA]), switching, and wireless.

Cisco Network Plug and Play (PnP)

Allows off-the-shelf Cisco devices to be provisioned simply by connecting them to the network. Cisco Network PnP provides a secure, scalable, seamless, and unified zero-touch-deployment experience for customers across Cisco's entire enterprise network portfolio of wired and wireless devices. Deploy new devices in minutes, without onsite support visits. Eliminate repetitive tasks and eliminate staging. Network PnP reduces the burden on enterprises by greatly simplifying the deployment process for new devices, which can significantly lower Operating Expenditures (OpEx) as well. For more details, refer to the solution guide for the Network Plug and Play application: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Plug-and-Play/solution/guidexml/b_pnp-solution-guide.html

Software Image Management (SWIM)

Manages software upgrades and controls the consistency of image versions and configurations across your network. Speeds and simplifies the deployment of new software images and patches. Pre- and post-checks help ensure no adverse effects from an upgrade. This is an easy way to build a central repository of software images and apply them to devices. Administrators can mark software images as golden for a device family, allowing them to upgrade devices to the software image and patch versions that are in compliance with the golden versions defined in the repository. Patches are supported in Cisco DNA Center from intent to pre- and post-checks in the same way that we manage regular images. It also tracks when software maintenance updates, subpackages, ROM Monitor, AP Service Pack, and AP Device Pack upgrades are applied to the base image.

Network compliance audit and remediation

Network compliance audit feature allows network operators to quickly assess the devices that don’t adhere to corporate standards. The network compliance remediation feature allows network operators to automatically sync running (production) configurations with startup configurations for all the network elements. Network operators can select one or many devices, view and validate the change, select and sync those devices, and remediate them to maintain compliance. These two features reduce human involvement and error and helps ensure that the network is running the intended configuration standards.

Device tagging

An administrator can tag network devices in order to associate devices that share a common attribute. For example, you can create a tag and use it to group devices based on a platform ID, Cisco IOS release, or location. Allows for grouping of devices based on specialized needs.

Configuration drift visibility

Allows network operators to compare any two device configuration versions in a very visual manner. Having different versions of a device configuration available allows for accurate accountability of every configuration change.

Device replacement and RMA workflows

Workflow templates allow for the replacement (RMA) of switches, routers, and access points. Includes restoration of Cisco IOS Software, configurations, and licenses. Also completes device replacement in operational systems such as Cisco ISE, certificate servers, and Cisco DNA Center inventory. Saves time and retains existing setup, licenses, and KPI trends.

Branch deployment automation

Simplified workflows for physical and virtual branch automation; day-0 router, and NFV design. Onboard WAN devices and services through these easy steps:

Configure network settings, service provider, and IP pools.

Design a router or virtual profile.

Assign to sites and provision network devices.

Wireless automation

Intent-based workflows for simplified wireless deployment and automation:

Cisco StackWise^® Virtual support

Base automation (inventory, discovery, SWIM, topology, and template programmer) and assurance support for Cisco Catalyst^® 9500 and 9400 Series StackWise Virtual switches. StackWise Virtual technology on the Cisco Catalyst 9000 platform allows the clustering of two physical switches together into a single logical entity, resulting in enhancements in all areas of network design, including high availability, scalability, management, and maintenance. Customers can now use Cisco DNA Center to manage the StackWise Virtual device, along with monitoring the health and status of StackWise Virtual ports and links.

Policy creation

Allows the creation of policies based on business intent for a particular part of the network. Users can be assigned policies for the services they consume, and these policies follow them throughout the network. Policies are translated by Cisco DNA Center into network-specific and device-specific configurations that can be adjusted dynamically based on network conditions. Of foundational importance for intent-based networking, policies define the business intent that is desired and allow the network to guarantee services.

Application policy creation

Allows policies to be assigned to applications based on business relevance. These applications can then be attached to sites (locations) where the policy should be applied. This feature allows business-critical applications to have greater QoS priority in the sites where their use is relevant. It is important for mission-critical applications such as machine-to-machine control in manufacturing or life-saving devices in healthcare, as well as for business-critical applications such as video in customer experience centers or voice in support sites.

Rogue management and aWIPS

Supports the detection of rogue and Cisco Adaptive Wireless Intrusion Prevention System (aWIPS) threats on your network from within Cisco DNA Center. The Rogue and aWIPS Dashboard provides detailed threat analysis and a global view of all rogue access points detected in the network, with insight into the highest priority threats so that they can be quickly identified. The Threat 360 view on this dashboard provides further details on any specific threat. This includes a map view for quick location, and all affected clients.

Meraki discovery and integration

Provides for the discovery of all Meraki devices in the network and integrates them into the Cisco DNA Center dashboard. It provides for a single pane of glass for both Cisco and Meraki devices.

Meraki wireless provisioning

Provision SSIDs in Meraki APs through Cisco DNA Center. This feature allows Meraki access points to be assigned SSIDs through Cisco DNA Center, without having to open the Meraki dashboard application.

Cisco Umbrella integration

Allows Cisco Umbrella to be deployed across sites and SSIDs from within the Cisco DNA Center dashboard. Cisco Umbrella provides DNS-layer security and is one of the quickest and most effective ways to improve your security stack. Read the blog: https://blogs.cisco.com/networking/cisco-dna-center-and-cisco-umbrella-automate-your-journey-towards-dns-security.

Network and Client Health dashboards

Assurance dashboards that give a high-level overview of the health of every network device and client on the network, wired and wireless. They provide the top 10 global issues and allow the administrator to expand views by geographical site, device list, client list, or topology. Any poorly connected devices or communication issues are highlighted, with suggested remediation. Users can customize how the health score is computed.

Application Health dashboard

Provides a general overview of the health of all applications on the network. Includes a special section on applications that have been tagged as business relevant. Business-relevant application issues are highlighted, with suggested remediation for any anomalies.

ThousandEyes integration

Cisco ThousandEyes agents can be installed on all supported switches through a GUI-based installation process in Cisco DNA Center. The application resides on the switch’s flash storage, providing significant time and cost savings to deploy ThousandEyes. Data from the ThousandEyes agents is used by Cisco DNA Center to provide visibility into application performance and help the administrator pinpoint problem domains.

Webex integration

The Webex integration shows a consolidated view of quality metrics for audio, video, and shared components and provides administrators with a single pane of glass for troubleshooting Webex performance. Network operators can quickly identify and resolve issues in Cisco DNA Center without having to switch between multiple interfaces.

Cisco AI Network Analytics

Using AI and machine learning, Cisco AI Network Analytics drives intelligence in the network, empowering administrators to improve performance and issue resolution accurately and effectively. We are taking network analytics to a new level where noise and false positives are significantly reduced and enabling customers to very accurately identify issues, trends, anomalies, and root causes.

Intelligent issue detection and analysis

Machine Reasoning Engine (MRE)

Defines the next intelligence evolution and helps in complex workflows where the result of one action determines the next. It closely resembles how human beings themselves reason things out and accomplish multistep tasks. An example where Cisco DNA Center uses MRE is to find and fix potentially crippling routing loops that require a careful analysis spanning multiple devices. This allows your new IT team members to accomplish complex tasks instead of escalating them, and saves time for your more seasoned IT team members by automating tedious workflows. For more information, read the blog: https://blogs.cisco.com/networking/machine-reasoning-is-the-new-ai-ml-technology-that-will-save-you-time-and-facilitate-offsite-netops.

Wireless 3D Analyzer

The Wireless 3D Analyzer provides granular analysis of millions of spatial RF data points and the ability to visualize wireless coverage. Network operators can identify the areas most affected by RF strengths, view client locations, simulate different RF environments, and conduct spatial planning and prediction of the interior environment. After loading basic architectural structural information, network operators can enter a virtual office space and move an access point or create an imaginary wall and see the resulting impact on Wi-Fi signal propagation. The Wireless 3D Analyzer helps network operators maximize WLAN performance and identify trouble spots and WLAN design issues faster.

Wireless Network Services Analytics

View Authentication, Authorization, and Accounting (AAA) and Dynamic Host Configuration Protocol (DHCP) services for wireless devices across Cisco and all third-party servers in a global comprehensive view. This capability includes the overall health of these critical services all in one place, highlighting the worst-performing service server, site-level impact, and scope of end-user impact. This helps network operators reduce overall issue-ticket resolution time and leads to lower ticket volume.

Global assurance event viewer

The global assurance event viewer gives the network administrator a consolidated view of events from all devices, where they can search and filter on the events that are most important to address. The event view allows the user to identify, correlate, and troubleshoot network issues and quickly get to the root cause.

Power over Ethernet analytics

Provides visibility into the power loads that a switch is experiencing. Endpoint devices that are pulling too much power, as well as switches that are approaching overload, are flagged. Granular visibility shows the available power on any switch for quick installation of IoT endpoint devices.

Path Trace

Allows the operator to visualize the path of an application or service from the client through all devices and to the server. A common, and critical, troubleshooting task that normally requires 6 to 10 minutes is displayed instantly upon clicking a client or application. Troubleshoots issues along the network path.

True Trace

Captures live traffic on devices for path analysis. Cisco DNA Center’s True Trace extends the current path trace capability and provides KPIs for each hop, granular reasons for path degradation, and downloadable packet capture files. These deep insights enable faster troubleshooting in enterprise deployments and lead to operational savings.

Application QoS (Quality of Service) support for industrial switches

Authors and pushes QoS policies to Cisco Catalyst IE3300 and IE3400 Rugged Series Switches from Cisco DNA Center’s Application QoS. Applies default QoS trust settings as well as queuing settings based on Cisco Validated Designs, or writes a custom QoS policy for these devices. This removes the complexity of pushing a QoS policy and helps organizations ensure a good experience for end users in industrial environments.

Wi-Fi 6 Readiness dashboard

Prepares your network for the new Wi-Fi standard, verifying your hardware and configuration compatibility and checking your capacity readiness. This visibility will speed your upgrade and help ensure that you are upgrading the neediest locations first. After upgrading, advanced wireless analytics will indicate performance and capacity gains as a result of the Wi-Fi 6 deployment.

It categorizes wireless clients by Wi-Fi version (protocol) and indicates areas where upgrade is most urgent. Shows wireless system performance following upgrade.

The Wi-Fi 6 Readiness dashboard allows customers to visualize two main aspects. First, it shows the readiness of their network with respect to Wi-Fi 6 across several different sites and locations. Key aspects of the readiness assessment include how many Wi Fi 6-capable clients are seen in the network, whether the user has the right AP model to support Wi-Fi 6, whether the APs and Wireless LAN controllers (WLCs) are running the right OS version, whether the Wi-Fi 6 configuration is enabled, etc. Second, the dashboard allows the user to visualize the benefits of the Wi-Fi 6 network in terms of higher capacity, superior connectivity, and lower latencies on Cisco DNA Center Analytics and Assurance. After upgrading, advanced wireless analytics indicate performance and capacity gains as a result of the Wi-Fi 6 deployment. For more information, see https://blogs.cisco.com/networking/cisco-dna-your-fastest-route-to-wi-fi-6.

Device 360 and Client 360

Provide assurance and overall health of devices, including parameters such as memory or CPU utilization, uplink availability, and other KPIs to help operators be more proactive and enable them to predict future issues. Device 360 and Client 360 help you understand what problems have happened, when and why they happened, and how much of an impact they have. They also provide suggested remediation, resolved issue lists, and historical data to help troubleshoot issues.

Application Experience

Tracks performance of predefined “critical business applications.” Shows user experience and performance metrics. Provides specialized rapid troubleshooting per application and per client. Enables unparalleled visibility and performance control over the applications that are critical to your core business, on a per-user basis. Multimedia monitoring uses Perfmon processing for Real-Time Protocol (RTP) streams, allowing teams to verify the quality of critical real-time applications such as multimedia. URL monitoring provides visibility into cloud-based (URL-based) applications so that their performance is optimized. Application Experience provides users the performance they need on the applications that are key to their company role.

Reporting

Derive insights into your network and its operations by creating reports. Cisco DNA Center offers a set of pre-canned reports that can be generated in several formats and have flexible scheduling and configuration options to customize for your operational needs. Supported use cases include:

Wireless Sensor dashboard

Shows overall tests, connectivity statistics, and top wireless issues discovered by Cisco Aironet Active Sensors. Includes test results for DHCP, DNS, host reachability, RADIUS, email, Microsoft Exchange Server, web, FTP, and a complete IP SLA for data throughput speed, latency, jitter, and packet loss. Provides guided remediation for any test failures.

Streaming telemetry

Enables network devices to send near-real-time telemetry information to Cisco DNA Center. The data can be used to optimize networks, locate where problems occur, and investigate issues in a collaborative manner. Telemetry data (events, KPIs) can be exported and surfaced through event-driven notifications.

Traffic Telemetry Appliance

This hardware solution collects networking data, processes it, and provides streaming telemetry to Cisco DNA Center. This can be useful in areas of your network where you do not have devices that support the types of telemetry that you need to collect from the local network, including NetFlow, Application Visibility and Control (AVC), Network-Based Application Recognition (NBAR), NBAR2, etc. This appliance can also perform Deep Packet Inspection (DPI) on network traffic in order to support Cisco AI Endpoint Analytics. This is a strong solution for areas with only Layer-2 network devices or for branch offices with third-party switches that do not support transmission of real-time telemetry. For more information, see the data sheet: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-traffic-telemetry-appliances/datasheet-c78-744352.html.

Network time travel

Allows the operator to see device or client performance in a timeline view to understand the network state when an issue occurred. Allows an operator to go back in time up to 14 days and see the cause of a network issue, instead of trying to re-create the issue in a lab.

On-device analytics

Assurance and analytics are performed on the Cisco switch, router, or wireless controller where the anomaly was discovered. Critical metrics can be identified and immediately acted on before an incident occurs. KPIs that are core to business operations can be maintained in real time, and close to the users that rely on them.

Connectivity analytics for Apple iOS, Samsung and Intel devices

Detailed analytics and insights from the device’s point of view, without the need for installing an agent on the device.

Intelligent Capture

Provides support for a direct communication link between Cisco DNA Center and APs, so that each of the APs can communicate with Cisco DNA Center directly. Using this channel, Cisco DNA Center can receive packet capture data, AP and client statistics, and spectrum data. With the direct communication link between Cisco DNA Center and APs, Cisco Intelligent Capture allows you access to data from APs that is not available from the wireless controllers.

ServiceNow and IT Service Management (ITSM) closed loop integration

Cisco DNA Center can now auto-resolve open ticket numbers in ServiceNow and other ITSM platforms. When Cisco DNA Center Assurance detects that a fault has been resolved, it will check for an ITSM ticket number. If one exists, it will send a ticket status change with the ticket number to the ITSM system, which will automatically close the open ticket in that system.

Enhanced visibility into endpoints and traffic patterns

The Endpoint Analytics application in Cisco DNA Center identifies and classifies endpoint devices on a campus network with the use of AI/ML. Through the use of various profiling methods, including Deep Packet Inspection (DPI), it establishes visibility into what is on the network so that new endpoints can be authenticated and assigned an appropriate policy for network usage, security, and segmentation.

Group-based policy analytics simplify the delivery of segmentation policies. It uses analytical models to visualize the activity between endpoint profiles, scalable groups, and host groups in order to verify that the network policies are optimizing performance and security. The feature provides a way for users and endpoints to be identified and categorized, and for granular access privileges to be provided to the resources that each endpoint requires, while segmenting them from everything else.

Granular multilevel segmentation

SD-Access, through Cisco DNA Center, creates virtual overlays over the underlying physical infrastructure and segments the network without regard to its topology. SD-Access also segments at a micro level by enforcing group-based policies through the network infrastructure. The resulting granular segmentation controls traffic flows without using complex firewalls and Access Control Lists (ACLs), which can be difficult and costly to maintain.

Benefits of fabric infrastructure optimizations:

Ease of migration to SD-Access fabric:

Deployment flexibility with SD-Access fabric:

◦      SD-Access Wireless using a VXLAN distributed data plane and a centralized control plane provides a consistent fabric experience and policy simplification for wired and wireless access.

◦      Over the top involves running a traditional Cisco Unified Wireless Network architecture with Control and Provisioning of Wireless Access Points (CAPWAPs) on top of a fabric wired network. This is a possible migration step to full SD-Access wireless implementation.

Simplified fabric operations:

SD-Access Assurance allows users to detect, diagnose, and troubleshoot fabric issues in real time with minimized downtime and a better experience. The newly introduced SD-Access Assurance landing page contains overall fabric health for each fabric site deployed. KPIs configured on the fabric nodes provide insights for faster issue identification and suggested actions to remediate issues. KPIs are organized into categories to quickly triage control plane, infrastructure, and connectivity issues.

Fabric UX2.0 provides administrators with an enhanced experience in the user interface that integrates simplicity, flexibility, and a rich, intuitive context.

Continuous verification of trust

Trust Analytics is an aggregation of various inputs and sources into a single, comprehensive, flexible trust score. Trust Analytics detects traffic from endpoints that are exhibiting unusual behavior. When anomalies in the network are detected, Trust Analytics lowers the trust score for the endpoint to limit or completely deny access to the network through integration with ISE. The feature expedites the detection and containment of untrustworthy endpoints that could lead to a security breach.

Role-Based Access Control (RBAC)

Allows users to be mapped to one of the four predefined roles. The role determines what types of operations a user can perform within the system.

Backup and restore

Supports complete backup and restore of the entire database for added protection.

ISE integration

Integrates with ISE through pxGrid or API for fabric overlay support.

Workflows

Cisco DNA Center workflows are step-by-step guides through particular tasks; for example, “Create a role,” “Refresh AP,” etc. Workflows can be paused and revisited through the “in-progress” library on the workflow homepage. The workflow homepage can be found by clicking the menu icon on the GUI and clicking on “Workflows.” The home page will have a library of workflows along with in-progress workflows.

Activity center

The activity center is a centralized space to find audit logs and scheduled tasks. Audit logs record system events that occurred, when and where they occurred, and which users initiated them. With audit logging, configuration changes to the system are logged in separate log files for auditing. The Scheduled Tasks tab allows you to view upcoming, in-progress, completed, and failed administrative tasks, such as OS updates or device replacements.

FIPS 140-2 support

Cisco DNA Center includes support for FIPS-140-2-compliant cryptography modules, ensuring that only strong NIST-approved ciphers are used, and enabling deployment in security-conscious verticals such as public sector, finance, and healthcare. During installation, the administrator can choose to enable FIPS, which will ensure only NIST-approved ciphers are used for data encryption.

Northbound REST APIs

The Cisco DNA Center platform supports Representational State Transfer (REST) APIs at the northbound layer for programmability. The Cisco DNA Center API provides support for the following features:

IT Service Management (ITSM) integration

Minimizes the need for handoffs, deduplicates issues, and optimizes processes for proactive insights and faster remediation. Out-of-the-box integration exists with ServiceNow. The generic APIs exposed by the Cisco DNA Center platform enable partners and developers to integrate with any ITSM system.

IP Address Management (IPAM) integration

Allows for a seamless import of IP pools for Cisco DNA Center workflows from external IPAM systems and the synchronization of IP pool and subpool usage information between the two systems. Out-of-the-box integration exists with Infoblox and BlueCat. The Cisco DNA Center platform provides generic APIs to integrate with any IPAM system.

Events and notifications

The Cisco DNA Center platform webhooks allow third-party applications to receive notifications and listen to any events detected by Cisco DNA Center Assurance, automation, and other task-based operational workflows.

Wireless insights
an analysis

Client onboarding

Client experience

Network coverage and capacity

Network device monitoring

Sensor issues

Sensor onboarding

Sensor experience

Routing issues

Router health

Routing technologies

Connectivity

Switching issues (nonfabric)

Client onboarding

Switch

SD-Access issues

Border and edge reachability

Data plane

Policy plane

Client onboarding

Switch

Endpoints

3000

50,000

16,000

32,000

80,000

112,000

80,000

1,000,000

150,000

150,000

1,000,000

100,000

200,000

200,000

Virtual networks²

64

128

128

256

256

256

1000

256

256

1000

256

1000

128

128

128

IPv4 routes

8000

60,000

450,000

8000

32,000

64,000

96,000

64,000

48,000

512,000

48,000

512,000

500,000

1,000,000

4,000,000

Fabric host entries³ (host /32 or /128)

16,000

180,000

450,000

16,000

32,000

70,000

96,000

70,000

150,000

512,000

150,000

512,000

32,000

1,000,000

4,000,000

IPv4: SGT bindings

12,000

256,000

256,000

10,000

32,000

40,000

109,000

40,000

40,000

200,000

200,000

200,000

200,000

750,000

750,000

SGT/DGT policies

4000

30,000

30,000

8000

7400

8000

32,000

8000

16,000

32,000

32,000

32,000

16,000

64,000

64,000

SG-ACEs (contract actions)

1500

12,000

30,000

5000

4800

18,000

16,000

18,000

13,000

4000

27,000

4000

128,000

64,000

64,000

Endpoints

Supported

Supported

8,000

32,000

16,000

100,000

16,000

32,000

256,000

32,000

256,000

NOT supported

NOT supported

NOT supported

Virtual networks

64

64

64

16

1¹

4²

32³

256

256

256

1000

256

Endpoints

2000

4000

4000

4000

2000

4000

4000

6000

18,000

6000

70,000

6000

IPv4: SGT bindings

12,000

12,000

128,000

10,000

8000

10,000

10,000

10,000

32,000

40,000

109,000

40,000

SGT/DGT policies

4000

4000

2000

2000

2000

2000

2000

8000

7400

8000

32,000

8000

SG-ACEs
(contract actions)

1350

1350

64,000

1200

1,000

1000

1000

5000

4800

18,000

16,000

18,000

Aironet 3504

150

3000

Aironet 5520

1500

20,000

Aironet 8540

6000

40,000

Catalyst 9800-L

250

5000

Catalyst 9800-40

2000

32,000

Catalyst 9800-80

6000

64,000

Catalyst 9800-CL (4 CPU/8 GB RAM)

1000

10,000

Catalyst 9800-CL (6 CPU/16 GB RAM)

3000

32,000

Catalyst 9800-CL (10 CPU/32 GB RAM)

6000

64,000

Access points

Not supported

25

50

Wireless endpoints

Not supported

500

1000

Access points

Not supported

50

200

200

200

Wireless endpoints

Not supported

1000

4000

4000

4000

Cisco DNA Center system scale

Devices¹ (switch, router, wireless controller) (non-fabric)

1000

1000

2000

5000

Devices¹ (switch, router, wireless controller) (fabric)

2000

2000

4000

8000

Wireless access points (non-fabric)

4000

4000

6000

13,000

Wireless access points (fabric)

3000

3000

4000

10,000

Wireless sensors

600

600

800

1600

Concurrent endpoints

25,000

25,000

40,000

100,000

Transient endpoints
(over 14-day period)

75,000

75,000

120,000

250,000

Ratio of endpoints to wired wireless

Any

Any

Any

Any

Any

Any

Any

Any

Site elements

2500

2500

5000

10,000

Wireless controllers

500

500

1000

2000

Ports²

48,000

48,000

192,000

768,000

API rate limit

50 APIs/min

50 APIs/min

50 APIs/min

50 APIs/min

NetFlow flows/sec

30,000

30,000

48,000

120,000

Concurrent software image updates

100

100

100

100

Cisco DNA Center SD-Access scale

Devices¹
(switch, router, wireless controller)

2000

2000

4000

8000

Wireless access points

3000

3000

4000

10,000

Fabric domains

10

10

20

20

Fabric sites

500

500

1000

2000

Cisco DNA Center Scale per Fabric Site

Layer 3 Virtual Networks

64/site

64/site

128/site

256/site

Fabric devices

500/site

500/site

600/site

1200/site

Scalable groups

4000

4000

4000

4000

Access contracts

500

500

500

500

Group-based policies

25,000

25,000

25,000

25,000

IP pools^3,4,5

100⁶

100⁶

300⁷

1000⁸

Layer 2 Virtual Networks^3,4,5

100⁶

100⁶

300⁷

1000⁸

Devices
(switch, router, wireless controller)

10,000

Wireless access points

25,000

Concurrent endpoints

300,000

Transient endpoints
(over 14-day period)

750,000

NetFlow

250,000 flows/sec

Part number for ordering

DN2-HW-APL and DN2-HW-APL-L

DN2-HW-APL-XL

Hardware series

UCSC-C220-M5SX (data sheet)

UCSC-C480-M5 (data sheet)

Power supply

Dual 770W AC

Hot-pluggable, redundant 1600W AC

Physical dimensions
(H x W x D)

Height: 1.7 in. (4.32 cm)

Width: 16.89 in. (43.0 cm); including handles:18.98 in. (48.2 cm)

Depth: 29.8 in. (75.6 cm); including handles: 30.98 in. (78.7 cm)

Height: 6.9 in. (17.6 cm)

Width: 19 in. (48.3 cm)

Depth including handles and power supplies: 32.7 in. (83.0 cm)

Temperature: operating

1° to 95°F (5° to 35°C)

Derate the maximum temperature by 1°C per every 1000 ft. (305 m) of altitude above sea level.

1° to 95°F (5° to 35°C)

Derate the maximum temperature by 1°C per every 1000 ft. (305 m) of altitude above sea level.

Temperature: nonoperating

-40° to 149°F (–40° to 65°C)

-40° to 149°F (–40° to 65°C)

Humidity: operating

10% to 90%, noncondensing at 82°F (28°C)

10% to 90%, noncondensing at 82°F (28°C)

Humidity: nonoperating

5% to 93% at 82°F (28°C)

5% to 93% at 82°F (28°C)

Altitude: operating

0 to 3000 m (0 to 10,000 ft)

0 to 3000 m (0 to 10,000 ft)

Altitude: nonoperating

0 to 12,192 m (0 to 40,000 ft)

0 to 12,192 m (0 to 40,000 ft)

Network and management I/O

Supported connectors:

One 1 Gigabit Ethernet dedicated management port

Two 1 Gigabit BASE-T Ethernet LAN ports

One RS-232 serial port (RJ-45 connector)

One 15-pin VGA2 connector

Two USB 3.0 connectors

One front-panel KVM connector that is used with a KVM cable, which provides two USB 2.0s, one VGA, and one serial (DB-9) connector

Supported connectors:

One 1 Gigabit Ethernet dedicated management port

Two 1 Gigabit BASE-T Ethernet LAN ports

One RS-232 serial port (RJ-45 connector)

One 15-pin VGA2 connector

Three USB 3.0 connectors

One front-panel KVM connector that is used with a KVM cable, which provides two USB 2.0s, one VGA, and one serial (DB-9) connector

Regulatory standards compliance: Safety and EMC

Regulatory compliance

Products should comply with CE Markings according to directives 2004/108/EC and 2006/95/EC

Safety

NEBS

EMC: Emissions

EMC: Immunity

Instance type

r5a.8xlarge

Cores

32vCPU

RAM

256 GB

Storage

4 TB

Storage type

GP3 EBS

Cisco Catalyst 3650 Series Switches

64

Cisco Catalyst 3850 Series Switches

64

Cisco Catalyst 4500 Series Switches

64

Cisco Catalyst 6800 Series Switches

1000 (128)

Cisco Catalyst 6500 Series Switches

1000 (128)

Data center switches (Cisco Nexus 7000 Series Switches)

4000 (128)

Cisco Cloud Services Router 1000V Series

4000 (128)

Cisco ASR 1000 Series Aggregation Services Routers

4000 (128)

Cisco 4000 Series Integrated Services Routers

4000 (128)

Cisco 4400 Series Integrated Services Routers

4000 (128)

Cisco 4200 Series Integrated Services Routers

4000 (128)

Cisco 4300 Series Integrated Services Routers

4000 (128)

Cisco Catalyst 9300/9300X Series Switches

256

Cisco Catalyst 9300 L Series Switches

256

Cisco Catalyst 9500 Series Switches

256

Cisco Catalyst 9500H Series Switches

256

Cisco Catalyst 9400 Series Switches

256

Cisco Catalyst 9200-L Switch Stack

1

Cisco Catalyst 9200 Switch Stack

4

Cisco Catalyst 9200-24PB Switch

32

Cisco Catalyst 9200-48PB Switch

32

Cisco Catalyst 9600 Series Switches

256

Network-Admin-Role

Users with this role have full access to all of the network-related Cisco DNA Center functions. They do not have access to system-related functions, such as application management, users (except for changing their own passwords), and backup and restore.

Observer-Role

Users with this role have view-only access to all Cisco DNA Center functions.

Telemetry-Admin-Role

Users with this role have the ability to perform system-level functions within Cisco DNA Center.

Super-Admin-Role

Users with this role have full access to all of the Cisco DNA Center functions. They can create other user profiles with various roles, including those with the Super-Admin-Role.

Information on product material content laws and regulations

Materials

Information on electronic waste laws and regulations, including products, batteries, and packaging

WEEE compliance

General

Product compliance

Safety and compliance information

Power

Power supply

Power supplies and typical and maximum power specifications

Material

Dimensions

Physical dimensions

Cisco.com

Identify customer account

System

Identify potential issues in customers’ environments to prevent problems and improve the product

Feature usage

Facilitate customer adoption and customer value

Network device inventory and license entitlement

Assist customers in tracking and maintaining license entitlement and renewals