Release Notes for Cisco Digital Network Architecture Center, Release 1.1.2 Version 2

This document describes the features, limitations, and bugs for the DNA Center, Release 1.1.2 Version 2 release.

What's New in Cisco DNA Center, Release 1.1.2 Version 2

  • DNA Center, Release 1.1.2 Version 2 resolves several pre-existing issues and is designed to enhance your product's performance and stability.

DNA Center Beta Features

For this release, High Availability is a beta feature.

DNA Center Scale

The following tables provide the scale numbers for DNA Center for this release.


Note

The scale numbers remain the same whether DNA Center is deployed either as a single host (stand alone cluster) or a three hosts cluster.


Table 1. DNA Center Area Scale

Area

Supported Scale

Total Devices including Routers, Switches, and WLCs (This is individual physical switches deployed in the network).

1,000

(500 of which can be fabric devices)

Wireless Devices (APs)

4,000

Total number of Clients (Wired/Wireless) per DNAC instance

25,000

Total number of IP Pools - per DNAC instance

500

Number of Site Hierarchies

200

Note 

A site hierarchy can include sites, buildings, and floors.

Number of Fabric Domains

10

Profiles

25

Parallel Device Upgrades/Threads (SWIM)

25

Concurrent UI users

10

Table 2. DNA Center Fabric Domain Scale

Fabric Domain

Supported Scale

Total number of clients

15,000

Total number of IP pools

500

Fabric nodes1

500

Control plane nodes

2

Border nodes

4

1 A fabric node can consist of a single switch or a stack consisting of up to 8 switches.
Table 3. DNA Center Policy Scale

Policy

Supported Scale

Policies

1,000

Contracts

500

Scalable Groups

1,000

Virtual Networks

64

Traffic Copy Policies

10

SGACLs - IP Based (Device)

Device dependent, refer to the following:

CTS Release Bulletin

SGACL - Group Based (Device)

Device dependent, refer to the following:

CTS Release Bulletin

SGT Group/Fabric Domain

1,000

Installing Cisco DNA Center

You install the Cisco DNA Center as a dedicated physical appliance purchased from Cisco with the DNA Center ISO image pre-installed. Refer to the Cisco Digital Network Architecture Center Appliance Installation Guide, Release 1.1, for information about the installation and deployment procedures.

Upgrading to Cisco DNA Center, Release 1.1.2 Version 2

Before you begin

Review the following list of prerequisites and perform the recommended procedures before upgrading your DNA Center:

  • Only a user with SUPER-ADMIN-ROLE permissions may perform this procedure. For more information, see the Cisco Digital Network Architecture Center Administrator Guide.

  • You can only upgrade to this DNA Center release from the following releases:

    • DNA Center, Release 1.1

    • DNA Center, Release 1.1, Patch 1

    • DNA Center, Release 1.1, Patch 2

    If your current DNA Center release version is not one of these versions, then first install DNA Center, Release 1.1, Release 1.1, Patch 1, or Release 1.1, Patch 2 before proceeding.

  • Create a backup of your DNA Center database. For information about backing up and restoring the controller, see the Cisco Digital Network Architecture Center Administrator Guide.

  • If you have a firewall, make sure you allow DNA Center to access the following location for downloads: https://www.ciscoconnectdna.com:443.

  • Allocate the appropriate time for the upgrade process; upgrading from earlier releases to this DNA Center release may take several hours to complete.

  • Before you upgrade, check the System Settings > App Management > Packages & Updates page to make sure there are no packages with the status installing or downloading.

Procedure


Step 1

From the DNA Center Home page, click > System Settings.

Step 2

Click the App Management tab.

The App Management window consists of the following side tabs:

  • Packages & Updates: Packages currently installed and updates available for installation from the Cisco cloud.

  • System Updates: System updates currently installed and updates available for installation from the Cisco cloud.

Note 

Users will first click on Download on any package and then install it. At times, the download itself may get stuck while in the process of downloading. If this issue occurs, log on to the cluster you're using and issue the CLI command: maglev catalog package pull (packagename) : (version) --force

Step 3

Click System Updates.

Step 4

In the Systems Updates window, click Refresh icon several times to refresh the window.

The system update should appear in the Download Version column.

Download and install main-system-package from the System Updates page only. Even if the main-system-package appears on the Packages & Updates page, do not download or install it from that page. Use the System Updates page only.

You do not need to download or install the system-updater package.

Step 5

Click Install next to the system update package.

This step installs the system update to your appliance.

Step 6

After the installation process completes, click the Refresh icon.

Step 7

Ensure that DNA Center has been updated, by reviewing the Status and Installed Version columns.

After updating the system in the previous steps, proceed to update the individual DNA Center application packages.

Step 8

In the DNA Center GUI, click > System Settings > App Management > Packages & Updates.

Step 9

Click the check box next to Package at the top of the page so that all the packages on the page are selected.

Step 10

From the Actions drop-down list, click Download.

Step 11

After the packages have finished downloading, from the Actions drop-down list, click Update.

Step 12

Ensure that each application has been updated, by reviewing its Status and Installed Version columns.

The current version should be updated and the status should change to Running.

The process to update each of the individual packages should take approximately one hour to complete.

Though it is not the preferred upgrade method, you can upgrade packages individually after you have installed the system updates. See Upgrading Packages Individually for more information.


Upgrading Packages Individually

If you chose to install packages individually, you must install the packages in the following order depending on if you use Automation or Assurance.

Before you begin

The preferred method to upgrading your DNA Center is explained in Upgrading to Cisco DNA Center, Release 1.1.2 Version 2. However, you can also install packages individually after you have installed the system updates.

Procedure


Step 1

Install the system updates as explained in Steps 1 through 7 in Upgrading to Cisco DNA Center, Release 1.1.2 Version 2.

Step 2

From the DNA Center Home page, click > System Settings > App Management > Packages & Updates, and install the packages one at a time, depending on if you use Automation or Assurance in one of the following two tables.

Note 

Packages that have available updates appear automatically. If a package does not appear in the Available Version column, skip it and install the next package in the following sequence.

Table 4. System Upgrade Installation Order for Automation

Installation Order

Package

1

NCP – Base

2

NCP – Services

3

Network Controller Platform

4

Automation - Image Management

5

Command Runner

6

Automation – Device Onboarding

7

Assurance – Path Trace

8

Automation – Base

9

Automation – SD Access

10

Automation - Sensor

Table 5. System Upgrade Installation Order for Assurance Only

Installation Order

Package

1

From the DNA Center Home page, click > System Settings > App Management > System Updates, and then upgrade main-system-package.

Note 

Download and install main-system-package from the System Updates page only. Even if the main-system-package appears on the Packages & Updates page, do not download or install it from that page. Use the System Updates page only.

From the DNA Center Home page, click > System Settings > App Management > Packages & Updates, and install the packages one at a time in the following order.

Note 

Packages that have available updates appear automatically. If a package does not appear in the Available Update column, skip it and install the next package in the following sequence.

2

Network Data Platform – Core

3

Network Data Platform – Base Analytics

4

Network Data Platform – Manager

5

Assurance - Base

6

Assurance - Sensor

For the IP-based access control feature, you must install the following packages in the order specified:
  1. Network Control Platform

  2. Automation - Base

If you previously installed SD Access, at a minimum, you must upgrade the following packages in the order specified:
  1. Network Controller Platform

  2. Automation - Base

  3. Automation - SD Access


Bugs

Open Bugs

The following table lists the open bugs for DNA Center for this release.


Note

For information about open and resolved bugs for an earlier DNA Center release, refer to the release notes for that specific release.


Table 6. Open Bugs

Bug ID Number

Headline

CSCvh64258

Meraki integration is not working for external proxy with user credentials

Workaround:

There is no workaround at this time.

CSCvh73882

After system upgrade, the first time setup prompt is shown again.

Workaround:

Skip the UI prompts for which you already have data, before upgrade.

CSCvh66680

Netflow Telemetry performance profile applied to all the interfaces in router including WAN and MGMT.

Workaround:

Prior to using netflow telemetry config, check if there is an existing config on the router for performance profile. If it exists, do not use this configuration. If netflow telemetry config is used for configuring netflow, manually un-configure performance profile from router interfaces.

CSCvh72311

Devices that are assigned to Global sites do not have any associations with a TQ profile.

Workaround:

Assign the device to a specific site which is not Global.

CSCvh21864

Image upgrade is initiated using DNA Center SWIM GUI for multiple devices at a time. One of the devices fails with the message: Workflow Distribute Image failed.

Workaround:

Initiate image upgrade using DNA Center SWIM GUI for one device not in parallel with any other device.

CSCvh61432

Local VLAN ID is not updating during re-provisioning.

Workaround:

There is no workaround at this time.

CSCvh62232

Screen goes blank if Dashboard name is made of special characters.

Workaround:

There is no workaround at this time.

CSCvh64294

Git591: bring down one node during data restore, postgress process keeps crashing.

Workaround:

There is no workaround at this time.

CSCvh69032

Policies for a new flex group does not get applied when AP movement across the flex group happens.

Workaround:

There is no workaround at this time.

CSCvh62248

AppX and Site hierarchy table column selection not saved.

Workaround:

There is no workaround at this time. Need to re-select the filters to make them effective.

CSCvh18753

Package takes a long time to deploy or upgrade.

Workaround:

Log into the DNA Center appliance using SSH and run the following CLI command:

maglev package upgrade --force package_name

CSCvh13824

When you try to install the main-system-package from the App Management > System Updates page, the installation might fail.

Workaround:

Log into the DNA Center appliance using SSH and run the following CLI command:

sudo systemctl restart docker

CSCvg86146

After integrating DNA Center with Cisco ISE (and Cisco ISE is scaled to 400 policies), it takes more than 120 seconds to create a new policy in DNA Center.

Workaround:

There is no workaround at this time.

CSCvg84108

Cisco Catalyst 9300 switch goes into partial collection failure UNKNOWN after reboot.

Workaround:

There is no workaround at this time.

CSCvg96320

After initiating a restore on a cluster, while trying to monitor progress of the restore directly on the cluster, you might be logged out and/or see a "You are not authorized to perform this operation" message.

Workaround:

Wait for a few minutes, log back into the GUI and try again.

CSCvg96340

In a 3-node setup, if an admin wishes to perform some form of maintanance (non-RMA) on one of the 3 boxes, we do not have an explicit cordoning mechanism available.

Workaround:

Shut-down the node, perform maintenance and reboot it. It will rejoin the cluster.

CSCvg96351

If you do not key in a proxy server's IP or host name while configuring the box, the install time might be slower.

Workaround:

If the user decides to not key in the HTTP proxy on the interface wizard, the time the wizard spends on this screen is approximately 5 to 7 minutes. Wait for the screen to return and then select the "skip_proxy" option to proceed with the install.

CSCvg96368

Search query fails, and the Assurance GUI does not show data.

Workaround:

There is no workaround at this time.

CSCvg96381

When you choose Provision > Discover and provision switches to defined sites in Network Telemetry, a windows appears with title "Application Package Not Available."

Workaround: Access the Network Telemetry page by choosing Tools > Telemetry.

CSCvg80485

Pre-verification check sometimes provides a false positive, even though there is no actual issue on the device or in the topology.

Workaround:

Manually retry the pre-verification checks a few times; only if the pre-verification checks fail for three times in a row should you conclude that there is some real problem with the device.

CSCvg82530

The Device-Type in the Assurance Client Health does not reflect the device type reported by the Cisco ISE.

Workaround:

There is no workaround at this time.

CSCvg90715

Cisco ISE fully qualified domain name (FQDN) is not resolvable from DNA Center.

Workaround:

There is no workaround at this time.

CSCvh74386

The Client count chart-client health page displays partial data after upgrading.

Workaround:

There is no workaround at this time.

CSCvh80477

WLC assurance provisioning fails.

Workaround:

Delete the WLC and rediscover it.

CSCvh85584

Adding a second RP to a fabric might fail. The GUI shows that it is added, but no CLI is pushed to the devices.

Workaround:

There is no workaround at this time.

CSCvh89550

The same AP shows different health scores on the Client landing page and on the Network landing page.

Workaround:

There is no workaround at this time.

CSCvh78163

When you use the Chrome browser in a non-maximized screen, the content Network Setting > Setting flickers.

Workaround:

Resize the browser to a larger size or refresh the page.

CSCvh83431 Power failure of a node in a cluster running spf-service-manager.

Workaround:

After services transition to another node in the cluster, re-sync all devices on the Inventory page.

CSCvh89792

Cisco ISE integration might fail on a 3-node cluster after performing a system upgrade.

Workaround:

In the Maglev CLI interface, restart identity-service.

CSCvh85172

Importing recommended software images and downloading software images from cisco.com is not successful.

Workaround:

Import software images from your local computer or from a URL.

CSCvh89758

If you enter special characters in the Username field in Device Credentials, issues are encountered.

Workaround:

Do not use special characters in the Username field.

CSCvh85806

If you enters emojis and characters in the Network Settings > Network > Banner text, devices do not understand these characters, and there will be an error while provisioning the device.

Workaround:

Do not enter emojis or characters in the banner text.

CSCvh87492

When you do not provide a CIDR to import, or you enter a partial CIDR, the API throws an error and no pools are shown on the UI to import.

Workaround:

Provide a complete CIDR value before retrieving the pools.

CSCvi01570

Path-trace fails to run when started and the following error message is displayed: Path-trace Pre-condition Failed: Syncing network topology for first time.

Workaround:

There is no workaround at this time.

CSCvh28852

Using FTP (port 21) to back up DNA Center does not work.

Workaround:

Use SSH (port 22) to back up DNA Center.

Resolved Bugs

The following table lists the resolved bugs for DNA Center for this release.

Table 7. Resolved Bugs

Bug ID Number

Headline

CSCvh65395

Installation is failing on Cisco ISR 4451.

CSCvh66709

Aggregate health score for switch 360 page shows - when the health chart is still plotting data

CSCvh69479

Activation fails for Cisco IE devices.

CSCvh69821

Git811: TQ : Fusion - Max visibility applying wrong NF configuration to device.

CSCvh70469

Loopback IP for ASR9k device is not retrieved after upload to inventory or update operation.

CSCvh64439

Client health site hierarchy table loads two times, if timeline changed and site applied quickly.

CSCvh69761

Cat4500X series platform is not getting polled by CLI collector for TCAM issue generation.

CSCvh70340

Wireless clients can show up under wired device when filters are applied in the Client List table.

CSCvh72149

Viewing of Scope details doesn't show the correct filters.

CSCvh75628

SMU does not get distributed and activated on ISR, CSR and ASR devices.

CSCvh75688

Distribution of base image fails if the base image is already present.

CSCvh66709

In the device 360 UI, the charts might show delayed information and not include the current status.

CSCvh64439

Sometimes, the Client Health Site Hierarchy table loads two times if the timeline changed and the site was applied quickly, or when the site filter was applied twice quickly with different filters.

CSCvh69761

Cat4500X series platform is not polled bythe CLI collector for TCAM issue generation.

CSCvh70340

Wireless clients can be listed under Wired Devices when filters are applied under the Client List table.

CSCvh72149

In a dashboard, viewing the Scope details doesn't match the filters used for Scope creation.

CSCvh87994

The RSSI chart in Client 360 does not show any values for 24 hours after you upgrade the package.

Note 

Resolved in Assurance package 1.0.5.630.

CSCvh81727

iOS analytics do not show on Wireless Client 360 page.

Note 

Resolved in Assurance package 1.0.5.630.

CSCvh87986

After upgrading from the Assurance package release in December, ISO(70030), to the latest package, the site hierarchy table is missing from Client Health.

Note 

Resolved in Assurance package 1.0.5.630.

Using the Bug Search Tool

Use the Bug Search tool to search for a specific bug or to search for all bugs in this release.

Procedure


Step 1

Go to http://tools.cisco.com/bugsearch.

Step 2

At the Log In screen, enter your registered Cisco.com username and password; then, click Log In. The Bug Search page opens.

Note 

If you do not have a Cisco.com username and password, you can register for them at http://tools.cisco.com/RPF/register/register.do.

Step 3

To search for a specific bug, enter the bug ID in the Search For field and press Return.

Step 4

To search for bugs in the current release:

  1. In the Search For field, enter DNA Center and press Return. (Leave the other fields empty.)

  2. When the search results are displayed, use the filter tools to find the types of bugs you are looking for. You can search for bugs by modified date, status, severity, and so forth.

    Note 
    To export the results to a spreadsheet, click the Export Results to Excel link.

Limitations and Restrictions

DNA Center limitations and restrictions are described in the following sections:

Backup and Restore Limitations

  • You cannot take a backup from one version of DNA Center and restore it to another version of DNA Center. You can only restore a backup to an appliance that is running the same DNA Center software version, applications, and application versions as the appliance and applications from which the backup was taken. To view the current applications and versions on DNA Center, click > System Settings > App Management.

  • After performing a restore operation, upgrade your integration of Cisco ISE with DNA Center. After a restore operation, Cisco ISE and DNA Center may not be in sync. To update your Cisco ISE integration with DNA Center, access Settings in the GUI, then open the Authentication and Policy Servers window, then choose Edit for the server. Enter your Cisco ISE password to update.

  • After performing a restore operation, the configuration of devices in the network may not be in sync with the restored database. For this reason, you may need to manually revert the CLI commands pushed for authentication, authorization, and accounting (AAA) and configuration on the network devices. Refer to the individual network device documentation for information about the CLI commands to enter.

  • Re-enter the device credentials in the restored database. If you updated the site-level credentials before the database restore and the backup being restored does not have the credential change information, then all devices will go to partial-collection after restore. You then need to manually update the device credentials on the devices for synchronization with DNA Center or perform a rediscovery of those devices to learn the device credentials.

  • AAA provisioning needs to be performed only after adjusting network device difference changes to the restored database. Otherwise, device lockouts might occur.

  • DNA Center Assurance data is not supported for back up and restore.

IWAN Application Limitations

  • The Automation-SD Access and the Automation-Application Policy packages cannot be used together with the IWAN package on DNA Center. Any instructions for using these packages are irrelevant, if the IWAN package has already been installed.

  • Ensure that IP address pools created in DNA Center do not conflict with IP address pools defined in the IWAN tool (if it has been installed). Unfortunately, DNA Center cannot make this check and warn you if you try to define an IP address pool that does not comply with this requirement.

Cisco ISE Integration Limitations

  • ECDSA keys are not supported as either SSH keys for Cisco ISE SSH access, nor in certificates in DNA Center and Cisco ISE.

  • Full certificate chains must be uploaded to DNA Center while replacing the existing certificate. If the DNA Center certificate is issued by a subCA of a rootCA, the certificate chain uploaded to DNA Center while replacing the DNA Center certificate must contain all three certificates.

  • Self-signed certificates applied on DNA Center must have the Basic Constraints extension with cA:TRUE (RFC5280 section-4.2.19).

  • The IP address or FQDN of both Cisco ISE and DNA Center should be present in either the Subject Name field or the Subject Alt Name field of the corresponding certificates.

  • If the certificate is replaced or renewed in either Cisco ISE or DNA Center, trust must be re-established.

  • DNA Center and Cisco ISE IP/FQDN must be present in the proxy exceptions list if there is a web proxy between Cisco ISE and DNA Center.

  • DNA Center and Cisco ISE nodes cannot be behind a NAT device.

  • Pxgrid persona changes after trust establishment are not detected by DNA Center.

Service and Support

Related Documentation

The following publications are available for DNA Center.

Table 8. Related Documentation

For this type of information...

See this document...

Release information, including new features, system requirements, and open and resolved caveats.

Cisco Digital Network Architecture Center Release Notes

Installation and configuration of DNA Center, including post-installation tasks.

Cisco Digital Network Architecture Center Installation Guide

User Guide to the DNA Center GUI and its applications.

Cisco Digital Network Architecture Center User Guide

Configuration of user accounts, RBAC scope, security certificates, authentication and password policies, and global discovery settings.

Monitoring and managing DNA Center services.

Backup and restore.

Cisco Digital Network Architecture Center Administrator Guide

Supported devices, such as routers, switches, wireless access points, NFVIS platforms, and software releases.

Supported Devices

Licenses and notices for open source software used in DNA Center Assurance.

Open Source Used In Cisco DNA Center Assurance

Cisco IWAN app guide that describes the new methods and features that apply to the IWAN app within DNA Center, as well as including important notes and limitations.

Cisco IWAN Application on DNA Center Quick Start Guide

Cisco IWAN app release information, including new features, system requirements, and open and resolved caveats.

Cisco IWAN Application on DNA Center Release Notes

Key features and scale numbers.

DNA Center Data Sheet

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at:

http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html

Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation as an RSS feed and delivers content directly to your desktop using a reader application. The RSS feeds are a free service.