Contents
- Release Notes for Cisco Digital Network Architecture Center, Release 1.1.0, Patch 1
- Introduction
- What's New in Cisco Digital Network Architecture Center, Release 1.1.0, Patch 1
- DNA Center Scale
- Installing Cisco DNA Center
- Upgrading to Cisco DNA Center, Release 1.1.0, Patch 1
- Caveats
- Open Caveats
- Resolved Caveats
- Using the Bug Search Tool
- Limitations and Restrictions
- Back Up and Restore Limitations
- IWAN Application Limitations
- Service and Support
- Related Documentation
- Obtaining Documentation and Submitting a Service Request
First Published:
Last Updated:
Text Part Number:
Release Notes for Cisco Digital Network Architecture Center, Release 1.1.0, Patch 1
This document describes the features, limitations, and bugs for this DNA Center patch release.
Introduction
Cisco® Digital Network Architecture (Cisco DNA) is an open, extensible, software-driven architecture that accelerates and simplifies your enterprise network operations. Only Cisco provides a single network fabric that is powered by deep intelligence and integrated security to deliver automation and analytics across your entire organization at scale. Cisco DNA gives IT time back from time-consuming, repetitive network configuration tasks so you can focus on the innovation your business needs. Cisco DNA automation is built on a Software-Defined Network (SDN) controller, rich contextual analytics, network virtualization and the limitless scalability of the cloud.
Cisco DNA Center can manage your end to-end network from the campus, branch, and WAN to the cloud. Using intuitive work flows, DNA Center makes it easy to design, provision, and apply policy across your network. It also delivers end-to end visibility and uses network insights to optimize network performance and deliver the best user and application experience.
Note
The following are beta features for this release:
Application policy
Assurance
Global search
High Availability
New wireless guest
Sensor
What's New in Cisco Digital Network Architecture Center, Release 1.1.0, Patch 1
DNA Center, Release 1.1.0, Patch 1 supports the following new features and functionality:
Scale support has been upgraded.
IWAN application (limited availability)
Sensor support (beta functionality)
High availability for automation (beta functionality)
Resolution of several pre-existing issues and is designed to enhance your product's performance and stability.
DNA Center Scale
Table 1 DNA Center Area Scale Area
Supported Scale
Total Devices including Routers, Switches and WLC's (This is individual physical switches deployed in the network).
1,000
Wireless Devices (APs)
4,000
Total number of Clients(Wired/Wireless) per DNAC instance
25,000
Total number of IP Pools - per DNAC instance
500
Number of sites
200
Note For Assurance, the number of supported sites is 20.
Number of Fabric Domains
10
Profiles
25
Parallel Device Upgrades/Threads (SWIM)
25
Concurrent UI users
10
Table 2 DNA Center Fabric Domain Scale Fabric Domain
Supported Scale
Total number of clients
15,000
Total number of IP pools
500
Fabric nodes1
500
Control plane nodes
2
Border nodes
4
1 Each fabric node is a stack of 8 switches.
Table 3 DNA Center Policy Scale Policy
Supported Scale
Policies
1,000
Contracts
500
Scalable Groups
1,000
Virtual Networks
64
Traffic Copy Policies
10
SGACLs - IP Based (Device)
Refer to device spec in switching.cisco.com
SGACL - Group Based (Device)
Refer to device spec in switching.cisco.com
SGT Group/Fabric Domain
1,000
Installing Cisco DNA Center
You install the Cisco DNA Center as a dedicated physical appliance purchased from Cisco with the ISO image pre-installed. Refer to the Cisco Digital Network Architecture Center Appliance Installation Guide, Release 1.1.0, for information about the installation and deployment procedures.
Upgrading to Cisco DNA Center, Release 1.1.0, Patch 1
Use the following procedure to upgrade to DNA Center, Release 1.1, Patch 1.
Before You BeginProcedure
If you use Automation, you must install the DNA Center packages in the order shown in the following table:
If you use Assurance only, you must install the DNA Center packages in the order shown in the following table:
Table 5 System Upgrade Installation Order for Assurance Only Installation Order
Package
1
From the DNA Center Home page, click the gear icon () and then choose System Settings > App Management > System Updates, and then upgrade main-system-package.
Note Download and install main-system-package from the System Updates page only. Even if the main-system-package appears on the Packages & Updates page, do not download or install it from that page. Use the System Updates page only.
From the DNA Center Home page, click the gear icon () and then choose System Settings > App Management > Packages & Updates, and install the packages in the following order:
2
Network Data Platform – Core
3
Network Data Platform – Base Analytics
4
Network Data Platform – Manager
5
Assurance - base
6
Path Trace
7
Command Runner
Review the following list of prerequisites and perform the recommended procedures before upgrading your DNA Center:
Only a user with SUPER-ADMIN-ROLE permissions may perform this procedure. For more information, see the Cisco Digital Network Architecture Center Administrator Guide.
You can only upgrade to this DNA Center release from DNA Center, Release 1.1. If your current DNA Center release version is not this version, then first install DNA Center, Release 1.1 before proceeding.
Create a backup of your DNA Center database. For information about backing up and restoring the controller, see the Cisco Digital Network Architecture Center Administrator Guide.
If you have a firewall, make sure you allow DNA Center to access the following location for downloads: https://www.ciscoconnectdna.com:443.
Allocate the appropriate time for the upgrade process; upgrading from earlier releases to this DNA Center release may take up to an hour and a half to complete.
Step 1 In the DNA Center GUI, click the gear icon () and select System Settings. Step 2 Click the App Management tab. Step 3 Review the App Management window that now appears. The App Management window consists of the following side tabs:
Packages & Updates—Packages currently installed and updates available for installation from the Cisco cloud.
System Updates—System updates that have been downloaded from the Cisco cloud.
Note Users will first click on Download on any Package and then install it. At times, the download itself may get stuck while in the process of downloading. If this issue occurs, log on to the cluster using and issue the CLI command: maglev catalog package pull (packagename):(version) --force
Note Download and install system updates from the System Updates page only. Even if system updates appear on the Packages & Updates page, do not download or install them from that page. Use the System Updates page only.
Step 4 In the Systems Updates window, click Refresh icon several times to refresh the window. The system update should appear in the Available Update column.
Step 5 Click the system update to move it from the Available Update column to the Downloaded Version column. This step downloads the system update to your appliance.
Step 6 Click the system update again to move it from the Downloaded Version column to the Installed Version column. This step installs the system update to your appliance. This process should take approximately 30 minutes to complete.
Step 7 After the installation process completes, click the Refresh icon. Step 8 Ensure that DNA Center has been updated, by reviewing the Status and Installed Version columns. After updating the system in the previous steps, proceed to update the individual DNA Center application packages.
Step 9 Click the Packages & Updates side tab. Step 10 Locate the updates in the Packages & Updates side tab. Step 11 Click the Deploy link in the Action column to update each package. Important:After clicking the Deploy link, a message may appear with additional information about the package, as well as requirements as to other package dependencies. Review and follow the information in these messages, including any required package installation order. Additionally, you may be logged out of DNA Center when the package for the UI is being updated. If this occurs, then log back in to finish this procedure.
Step 12 Ensure that each application has been updated, by reviewing its Status and Installed Version columns. The current version should be updated and the status should change to Running.
The process to update the individual packages should take approximately one hour to complete.
Caveats
Open Caveats
The following table lists the open caveats for DNA Center for this release.
Table 6 Open Caveats Caveat ID Number
Headline
Cisco DNA Center is running DNA Center, version 1.1 and when upgrading the package to this patched release this issue may occur. During the time when downloading each image from the catalog server, when you click the refresh button on the Package & Upgrade page, it spins forever and can not refresh the page.
Workaround:
When this issue happens, log on to the cluster via CLI and issue the command:
maglev catalog package pull (package name) :(version) --force
After integrating DNA Center with Cisco ISE (and Cisco ISE is scaled to 400 policies), it takes more than 120 seconds to create a new policy in DNA Center.
Workaround:
There is no workaround at this time.
After integrating DNA Center with Cisco ISE, policies are displayed in DNA Center as UNKNOWN for approximately 45 minutes.
Workaround:
Wait for approximately 45 minutes after Cisco ISE integration (if total number of policies being synchronized are in the few hundreds), after that correct state will be shown.
Cisco Catalyst 9300 switch goes into partial collection failure UNKNOWN after reboot.
Workaround:
Delete and re-add the device
Policy deletion on DNA Center is not reflected on Cisco ISE after performing a back up and restore.
Workaround:
There is no workaround at this time.
Cisco ISE fully qualified domain name is not resolvable from DNA Center.
Workaround:
There is no workaround at this time.
When you choose System Settings > App Management > System Updates and click Refresh, it might take 1-2 minutes for the screen to refresh.
Workaround:
The user can wait about 2 or 3 minutes and refresh the entire page to view the new updates.
In a 3-node setup, right after the addition of node-2 and node-3, if you perform a "maglev node remove" on the first node, the 3- node cluster becomes usable.
Workaround:
Please avoid performing a node removal until you have successfully performed node scale refresh to enable HA.
After initiating a restore on a cluster, while trying to monitor progress of the restore directly on the cluster, you might be logged out and/or see a "You are not authorized to perform this operation" message.
Workaround:
Wait for a few minutes, log back into the GUI and try again.
You cannot specify a proxy.pac file location in the Https_proxy field of the interface wizard.
Workaround:
In this release, we support network-reachable proxy hosts only. Please specify a host IP/hostname.
In a 3-node setup, if an admin wishes to perform some form of maintanance (non-RMA) on one of the 3 boxes, we do not have an explicit cordoning mechanism available.
Workaround:
Shut-down the node, perform maintenance and reboot it. It will rejoin the cluster.
While performing a backup, if one of the entities being backed up fails, we do not fail the entire backup. This can lead to a "bad" backup being made available to perform a restore with, which can lead to other complications on the cluster where the restore is being performed.
Workaround:
Before performing a restore, please ascertain that the backup ID that is being restored is completely successful.
If you do not key in a proxy server's IP or host name while configuring the box, the install time might be slower.
Workaround:
If the user decides to not key in the HTTP proxy on the interface wizard, the time the wizard spends on this screen is approximately 5 to 7 minutes. Wait for the screen to return and then select the "skip_proxy" option to proceed with the install.
Search query fails, and the Assurance GUI does not show data.
Workaround:
There is no workaround at this time.
When you choose Provision > Discover and provision switches to defined sites in Network Telemetry, a windows appears with title "Application Package Not Available."
Workaround: Access the Network Telemetry page by choosing Tools > Telemetry.
On reboot, WLC is going into partial collection failure.
Workaround:
Resync WLC from the inventory.
After deleting Cisco WLC from the DNA Center, some fabric configurations remain in Cisco WLC.
Workaround:
Delete the configurations manually.
Provision status shows success when actual deployment failed.
Workaround:
There is no workaround at this time.
Pre-verification check sometime gives a false positive even though there is no actual issue on the device or in the topology.
Workaround:
Manually retry the pre-verification checks a few times; only if the pre-verification checks fail for three times in a row should you conclude that there is some real problem with the device.
Package takes a long time to deploy or upgrade.
Workaround:
SSH into the appliance and run the following command:
maglev package upgrade --force package_nameSD-access installation package fails on RC build.
Workaround:
There is no workaround at this time.
In a scale setup with 1,002 devices, System Health and Data Plane Connectivity data does not appear in the Network Health page donut charts.
Workaround:
There is no workaround at this time.
Dynamic Addition of Cisco Catalyst 6000 switches (border) fail to update external MSMR BGP configuration.
Workaround:
There is no workaround at this time.
Geomap on Assurance landing, client and network health pages show no data when you delete or add a site.
Workaround:
There is no workaround at this time.
The AP count on Cisco WLC 360 should plot points instead of lines.
Workaround:
There is no workaround at this time.
The switch Healthscore might be displayed as good even if the error percentage is greater than 1% for uplink ports.
Workaround:
There is no workaround at this time.
Health Score and KPI charts are not displayed on the Device 360.
Workaround:
There is no workaround at this time.
The Device-Type in the Assurance Client Health does not reflect the device type reported by Cisco ISE.
Workaround:
There is no workaround at this time.
Wired clients show Device Type as Unknown on the Client Healthscore and 360 pages after Cisco ISE integration.
Workaround:
There is no workaround at this time.
Network Health data for the Wireless tab drill-down might not show devices.
Workaround:
There is no workaround at this time.
All issues are displayed even when filtering for 3 hours and 24 hours.
Workaround:
There is no workaround at this time.
When you delete a site, the site might still appear in Assurance. However, the devices belonging to a deleted site are deleted. Deleted sites still appear in geo map.
Workaround:
Create a new site with a unique name. You can reuse other information (like address, location, etc.). The old site shows as gray in geo map.
Client Health page takes more than 20 seconds to load when there are more than 40 sites. API to retrieve site information is traversing one site at a time and hence the slowness.
Workaround:
There is no workaround at this time.
When you try to install the main-system-package from the App Management > System Updates page, the installation might fail.
Workaround:
SSH into the DNA Center appliance and run the following command:
sudo systemctl restart dockerResolved Caveats
The following table lists the resolved caveats for DNA Center for this release.
Table 7 Resolved Caveats Caveat ID Number
Headline
If a BGP instance is configured on network borders before being added into the fabric, then perform a resync and add into fabric.DNA Center is not able to remove it successfully, by generating error "Unable to push configs" to device.
When removing one of the two MS/MR nodes from the fabric, the corresponding map server configurations are not removed from Cisco Nexus 7000 borders by DNA Center.
After DNA Center appliance reload using the CLI commands, a specific deployment failed.
Adding a client IP address pool segment to SSID in Host on-boarding takes approximately 1 hour.
After on-boarding an interface on devices, the status bar keeps rotating for hours.
After importing a floormap from Prime, you are unable to edit the building address.
While adding a remote server, an admin might notice an error message appear about not being able to setup the remote server.
Intermittently, no devices or scores are displayed on the Assurance Overall Health, Network 360, and Client 360 pages.
Path Trace does not work between wireless clients that are registered in local AP mode.
After Assurance software upgrade, the Overall Health page and the Network Health page takes 15 - 20 minutes to display data.
No data is displayed on Assurance Client Health and Client 360 pages.
The data displayed on the Network Health page has a 10 minute lag because of an issue with the time filter.
DNA Center scale: AP provisioning fails and the RF profile is not created in Cisco WLC.
If you are creating and SSID for the first time, the SSID is created as a Fabric SSID.
Provisioning of RF profile with one radio fails when the radio is enabled on the device.
Create or edit policy option on any of the Policy pages should be disabled for a user who logs into DNA Center with Observer role credentials.
While deploying IP ACL policy, only the default rule gets deployed. The created IP ACL policy does not show up on the DNA Center Policy History dashboard.
DNA Center should not allow different shared secret for client and network authentication when the site has associated the same ISE with Radius protocol enabled.
If you forgot to save device credentials, there is no validation message while provisioning.
The hardware recommendation is incorrect for UCS-E devices.
CSCvg92898 When removing a Cisco ISR400/ASR1001-X border device from a fabric, the BGP IP address pool is not released back to the IP Address Pool.
There is an IP Address Manager issue, the free count IP Address is incorrect after a single pool is released.
Topology GUI intermittently crashes when moving network devices in the GUI.
When creating a template under template runner and selecting the IOS-XE variant, trying to push the template onto Cisco 3000 and 9000 devices fails.
For dual-band client issues, the connection history event chart in Assurance is taking time to load.
Browser does not respond after an external certificate is uploaded and enabling SubCA mode (instead of showing the next screen which is the CSR screen).
Using the Bug Search Tool
Procedure
Step 1 Go to http://tools.cisco.com/bugsearch. Step 2 At the Log In screen, enter your registered Cisco.com username and password; then, click Log In. The Bug Search page opens.
Note If you do not have a Cisco.com username and password, you can register for them at http://tools.cisco.com/RPF/register/register.do.
Step 3 To search for a specific bug, enter the bug ID in the Search For field and press Return. Step 4 To search for bugs in the current release:
Limitations and Restrictions
DNA Center limitations and restrictions are described in the following sections:
Back Up and Restore Limitations
After performing a restore operation, proceed to update integration between Cisco ISE with DNA Center. There is a chance that after a restore operation, Cisco ISE and DNA Center may not be in sync. To update your Cisco ISE integration with DNA Center, access Settings in the GUI, then open the Authentication and Policy Servers window, then choose Edit for the server. Enter your Cisco ISE password to update.
After performing a restore operation, the network configuration may not be in sync with the restored database. For this reason, you may need to manually revert the CLI commands pushed for AAA (Authentication Authorization and Accounting) and configuration on the network devices. Refer to the individual network device documentation for information about the CLI commands to enter.
Re-enter the device credentials on the restored database. If you updated the site level credentials before the database restore and the database does not have the credential change information, then all devices will go to partial-collection post restore. You then need to manually update the device credentials on the devices for synchronization to DNA Center or perform a rediscovery of those devices to learn the device credentials.
AAA provisioning needs to be performed only after adjusting diff changes to the restored database. Otherwise, there is a chance of device lockouts.
DNA Center Assurance data is not supported for back up and restore.
IWAN Application Limitations
The Automation-SD Access and the Automation-Application Policy packages cannot be used together with the IWAN package on DNA Center. Any instructions for using these packages are irrelevant, if the IWAN package has already been installed.
Ensure that IP address pools created in DNA Center do not conflict with IP address pools defined in the IWAN tool (if it has been installed). Unfortunately, DNA Center is unable to make this check and warn the user, if he or she tries to define a IP address pool that is not compliant with this requirement.
Service and Support
Related Documentation
The following publications are available for the DNA Center.
Table 8 Related Documentation For this type of information...
See this document...
Release information, including new features, system requirements, and open and resolved caveats.
Installation and configuration of DNA Center, including post-installation tasks.
Cisco Digital Network Architecture Center Appliance Installation Guide
Introduction to the DNA Center GUI and its applications.
Configuration of user accounts, RBAC scope, security certificates, authentication and password policies, and global discovery settings.
Monitoring and managing DNA Center services.
Backup and restore.
Cisco Digital Network Architecture Center Administrator Guide
Supported devices, such as routers, switches, wireless access points, NFVIS platforms, and software releases.
Supported Devices Used in Cisco Digital Network Architecture Center
Licenses and notices for open source software used in DNA Center Assurance
Open Source Used In Cisco DNA Center Assurance, Release 1.1.x
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at:
http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation as an RSS feed and delivers content directly to your desktop using a reader application. The RSS feeds are a free service.
Copyright © 2017, Cisco Systems, Inc. All rights reserved.