Cisco IWAN Application on DNA Center Release Notes, Releases 1.1 Patch 1 and 1.1.2, Limited Availability
These release notes provide a summary of the components in Cisco Intelligent Wide Area Network Application (Cisco IWAN app) on DNA Center, for releases:
-
1.1 Patch 1, Limited Availability.
-
1.1.2, Limited Availability
The Cisco Digital Network Architecture (DNA) Center, Release 1.1 Patch 1 introduces Cisco Intelligent WAN application (IWAN app) as an optional package that operates as a component of DNA Center. Previously, Cisco IWAN app has been available as a tool within Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM).
Operating within Cisco DNA Center, the IWAN app extends Software Defined Networking to the branch with an application-centric approach based on business policy and application rules. This provides IT centralized management with distributed enforcement across the network.
The IWAN app automates and orchestrates Cisco IWAN deployments with an intuitive browser-based GUI. A new router can be provisioned in a matter of minutes without any knowledge of the Command Line Interface (CLI). Business priorities are translated into network policies based on Cisco best practices and validated designs. The IWAN app dramatically reduces the time required for configuring advanced network services through the use of automation and simple, predefined workflows.
The IWAN app offers a turnkey solution that enables IT to get out of the weeds of managing low-level semantics, such as VPN, QoS, optimization, ACL policies. Instead, IT can focus on the bigger picture, such as, aligning network resources with business priorities and delivering outstanding user experience that result in better business outcomes.
The IWAN app includes the following features:
-
Zero touch provisioning—Plug and play for remote devices without user intervention
-
Simple workflows—Use case driven with step-by-step and site-to-site provisioning
-
Business level policies—Rules drive network actions, abstraction of underlying policy configuration
Supported Cisco Platforms and Software Releases
Platform |
Models |
Software Release |
---|---|---|
Cisco 4000 Series Integrated Services Routers |
ISR 4221 ISR 4321 ISR 4331 ISR 4351 ISR 4431 ISR 4451-X |
Cisco IOS XE Everest 16.6.1 Cisco IOS XE Everest 16.6.2 1 |
Cisco ASR 1000 Series Aggregation Services Routers |
ASR1001 ASR 1001-X ASR 1001-HX ASR 1002 ASR 1002-X ASR 1002-HX ASR 1004 ASR 1006 ASR 1006-X |
Cisco IOS XE Everest 16.6.1 Cisco IOS XE Everest 16.6.2 |
Virtual Routers |
Cloud Services Router 1000V ENCS 5400 (ISRv) |
Cisco IOS XE Everest 16.6.1 Cisco IOS XE Everest 16.6.2 |
Cisco Integrated Services Routers Generation 2 (ISR-G2) Series Routers—800 Series |
C891-24X-K9 C891F-K9 C891FW-A-K9 C891FW-E-K9 C892-FSP-K9 C896VAG-LTE-GA-K9 C896VA-K9 C897VAB-K9 C897VAG-LTE-GA-K9 C897VAG-LTE-LA-K9 C897VAGW-LTE-GAEK9 C897VA-K9 C897VAMG-LTE-GA-K9 C897VA-M-K9 C897VAM-W-E-K9 C897VAW-A-K9 C897VAW-E-K9 C898EAG-LTE-GA-K9 C898EAG-LTE-LA-K9 C898EA-K9 C899G-LTE-GA-K9 C899G-LTE-JP-K9 C899G-LTE-LA-K9 C899G-LTE-NA-K9 C899G-LTE-ST-K9 C899G-LTE-VZ-K9 |
Cisco IOS 15.7(3)M |
Cisco Integrated Services Routers Generation 2 (ISR-G2) Series Routers—1900 Series |
ISR 1921 ISR 1941 |
Cisco IOS 15.7(3)M |
Cisco Integrated Services Routers Generation 2 (ISR-G2) Series Routers—2900 Series |
ISR 2901 ISR 2911 ISR 2921 ISR 2951 |
Cisco IOS 15.7(3)M |
Cisco Integrated Services Routers Generation 2 (ISR-G2) Series Routers—3900 Series |
ISR 3925 ISR 3925E ISR 3945 ISR 3945-E |
Cisco IOS 15.7(3)M |
Limitations and Restrictions
Installation Notes and Limitations
Issue |
Details |
---|---|
Not compatible with the Policy package |
Do not install the IWAN App together with the Automation Application Policy package. |
Not compatible with Cisco SDA |
Do not install the IWAN App together with Cisco Software-Defined Access (SDA). |
Caveats
Open Caveats in Cisco IWAN App on DNA Center, Releases 1.1 Patch 1 and 1.1.2
Caveat ID Number |
Description |
---|---|
IWAN APP flow with ENCS, Inventory using Mgmt IP instead of WAN IP for discovery |
|
Delete claimed devices from DNA Provision page didn't remove the same device from PNP devices |
|
DNAC1.1: DHCP and Dialer interface support under NFV workflows Router WAN configuration |
|
DNA-C/IWAN Build 2.1.1.260206: FQDN not allowed for NTP/Syslog and other global settings |
|
Provisioned iwan device can be assigned to a new site on DNAC provision page |
|
DNA-C/IWAN Build 2.1.1.260206: SWIM error "Workflow Distribute Image failed" seen for HUB BR |
|
DNAC IWAN: NWS mismatch on DayN |
|
DNAC IWAN: BF validation fails for ISR4K+UCSE provisioned devices |
|
Device validation status not update in back end when device validation in progress |
|
DNAC IWAN: Provisioned Branch devices are not marked "Success" Under DNAC provision status |
|
DNA-C 1.1: Make DHCP Server non-mandatory for IWAN workflow |
|
DNA-C 1.1 IWAN App integration with Live Action issues |
Caveat ID Number |
Description |
---|---|
Day-N MTT link add failed on Transit HUB |
|
Greenfield SR3L-SPOKE deployment failure due to wrong PKCS URL |
|
IWAN APP flow with ENCS, Inventory using Mgmt IP instead of WAN IP for discovery |
|
Delete claimed devices from DNA Provision page didn't remove the same device from PNP devices |
|
DNAC1.1: DHCP and Dialer interface support under NFV workflows Router WAN configuration |
|
DNA-C/IWAN Build 2.1.1.260206: FQDN not allowed for NTP/Syslog and other global settings |
|
Provisioned iwan device can be assigned to a new site on DNAC provision page |
|
DNA-C/IWAN Build 2.1.1.260206: SWIM error "Workflow Distribute Image failed" seen for HUB BR |
|
DNAC IWAN: NWS mismatch on DayN |
|
DNAC IWAN: BF validation fails for ISR4K+UCSE provisioned devices |
|
Device validation status not update in back end when device validation in progress |
|
DNAC IWAN: Provisioned Branch devices are not marked "Success" Under DNAC provision status |
|
DNA-C 1.1: Make DHCP Server non-mandatory for IWAN workflow |
|
DNA-C 1.1 IWAN App integration with Live Action issues |
System Requirements
Software Requirements for Cisco IWAN App on DNA Center
The following software is required on the server for Cisco IWAN App on DNA Center:
-
Browser
-
Chrome (version 50.0 or higher)
-
Mozilla Firefox (version 46.0 or higher)
-
Cisco IWAN App Software Compatibility
Compatible and recommended software versions for operating the IWAN app on DNA Center:
Cisco IWAN App |
OS on ASR1000 Series, ISR4000 Series, and CSR1000V Series Routers |
OS on ISR-G2 Series Routers |
Protocol Pack |
Cisco DNA Center |
---|---|---|---|---|
2.1.2.x |
Cisco IOS XE Everest 16.6.1 Cisco IOS XE Everest 16.6.2 (Cisco ISR 4221 Router & Cisco ISR 1100 Series Routers) |
15.7(3)M |
32.0.0 |
Release 1.1.2 Release 1.1 Patch 1 |
2.1.1.x |
Cisco IOS XE Everest 16.6.1 Cisco IOS XE Everest 16.6.2 (Cisco ISR 4221 Router & Cisco ISR 1100 Series Routers) |
15.7(3)M |
32.0.0 |
Release 1.1 Patch 1 |
Firewall Requirements
If there is a firewall between the branch and DNA Center, please ensure that the following ports are open:
-
Branch to DNA Center:
-
PKI—TCP 80
-
PNP—TCP 80, 443
-
NTP—UDP 123
-
-
DNA Center to branch:
-
SNMP—TCP and UDP ports: 161, 162
-
SSH—TCP 22
-
-
Internet branch to hub routers:
-
GRE and IPsec—UDP 500, 4500, IP—50
-
Supported Hub Devices — Required License
See Platforms and their Roles for details per model.
-
ASR 1000 Series
-
License—Image with licenses for Advanced IP Services or Advanced Enterprise Services
-
-
ISR 4451 and 4431
-
License—Appx and Security
-
The following is a sample configuration that shows how to enable IPsec license and accept the End User License Agreement (EULA) on Cisco ASR 1000 Series Aggregation Services Routers.
Router(config)# crypto ipsec profile TEST
Router(ipsec-profile)# exit
Router(config)# interface tunnel 123
Router(config-if)# tunnel protection ipsec profile TEST
Note |
The configuration must be removed after the EULA is accepted. |
Supported Spoke Devices — Required License
See Platforms and their Roles for details per model.
-
ASR 1000 Series
-
License—Advanced IP Services or Advanced Enterprise Services
-
-
CSR1000v Series
-
License—AX throughput
-
-
ISR 4000 Series
-
License—Appx and Security
-
-
ISR G2 Series
-
License—Advanced IP Services (for ISR G2 892-FSP), Data, and Security
-
Platforms and their Roles
-
ASR 1001—Hub, branch, or dedicated master controller
-
ASR 1001-X—Hub, branch, or dedicated master controller
-
ASR 1001-HX Router—Branch
-
ASR 1002—Branch or dedicated master controller
-
ASR 1002-X—Hub, branch, or dedicated master controller
-
ASR 1002-HX Router—Hub and branch
-
ASR1004—Hub or dedicated master controller
-
ASR1006—Hub or dedicated master controller
-
ASR1006-X—Hub or dedicated master controller
-
CSR 1000v—Branch or dedicated master controller
-
ENCS 5400 (ISRv)—Branch
-
ISR 4451-X—Hub, branch, or dedicated master controller
-
ISR 4221—Branch
-
ISR 4321—Branch
-
ISR 4331—Branch
-
ISR 4351—Branch
-
ISR 4431—Branch
-
ISRv 5406—Branch
-
ISRv 5408—Branch
-
ISRv 5412—Branch
-
C891-24X-K9—Branch
-
C891F-K9—Branch
-
C891FW-A-K9—Branch
-
C891FW-E-K9—Branch
-
C892FSP-K9—Branch
-
C896VAG-LTE-GA-K9—Branch
-
C896VA-K9—Branch
-
C897VAB-K9—Branch
-
C897VA-K9—Branch
-
C897VAG-LTE-GA-K9—Branch
-
C897VAG-LTE-LA-K9—Branch
-
C897VAGW-LTE-GAEK9—Branch
-
C897VAMG-LTE-GA-K9—Branch
-
C897VA-M-K9—Branch
-
C897VAM-W-E-K9—Branch
-
C897VAW-A-K9—Branch
-
C897VAW-E-K9—Branch
-
C898-EA-K9—Branch
-
C898EAG-LTE-GA-K9—Branch
-
C898EAG-LTE-LA-K9—Branch
-
C899G-LTE-GA-K9—Branch
-
C899G-LTE-JP-K9—Branch
-
C899G-LTE-LA-K9—Branch
-
C899G-LTE-NA-K9—Branch
-
C899G-LTE-ST-K9—Branch
-
C899G-LTE-VZ-K9—Branch
-
ISR 1921—Branch
-
ISR 1941—Branch
-
ISR 2901—Branch
-
ISR 2911—Branch
-
ISR 2921—Branch
-
ISR 2951—Branch
-
ISR 3925—Branch
-
ISR 3925E—Branch
-
ISR 3945—Branch
-
ISR 3945-E—Branch
Related Documentation
Documentation |
Description |
---|---|
Cisco IWAN Application on DNA Center Quick Start Guide, Release 2.2 |
Information about installation, deployment,configuration of Cisco IWAN on DNAC. Explains the Cisco IWAN GUI and how to manage connected devices and hosts within your network. |
Cisco Digital Network Architecture Center Appliance Installation Guides |
Installation and configuration of DNA Center, including post-installation tasks. |
Cisco Digital Network Architecture Center Administrator Guides |
Configuration of user accounts, RBAC scope, security certificates, authentication and password policies, and global discovery settings. Monitoring and managing DNA Center services. Backup and restore procedures. |
Introduction to the DNA Center GUI and its applications. |
|
Release information, including new features, system requirements, and open and resolved caveats. |
|
Cisco IWAN designs are explained in the Cisco IWAN technology design guides. |
|
Configuration Guide for Cisco Network Plug and Play on Cisco APIC-EM |
Information about Cisco Network Plug and Play solution. |
Overview of the Plug and Play solution, component descriptions, summary of major use cases, and basic deployment requirements, guidelines, limitations, prerequisites, and troubleshooting tips. |
|
The user guide for the previous version of the IWAN app, running as part of Cisco APIC-EM, offers in-depth information about IWAN app functionality. |
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation.
To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the . RSS feeds are a free service.