Release Notes for Cisco Digital Network Architecture Center, Release 1.1.5

This document describes the features, limitations, and bugs for DNA Center, Release 1.1.5.

What's New in Cisco DNA Center, Release 1.1.5

DNA Center, Release 1.1.5 resolves several pre-existing issues and is designed to enhance your product's performance and stability.

What's New for DNA Center Assurance, Release 1.1.5

The following enhancements are added to Cisco DNA Center Assurance for this release. The enhancements are described in Cisco Digital Network Architecture Center User Guide, Release 1.1.

Table 1. Enhancements in DNA Center Assurance

GUI Pages

Enhancements

Network Health Page Enhancements

  • View AP data in the AP Analytics dashlet, such as the total number of APs that are up and down, and the top N APs by client count.

  • View additional details in the Network Health Summary and Network Health by Device/Role dashlets.

Device 360 Page Enhancements

Neighbor topologies are enhanced in the Device 360 pages.

Client Health Page Enhancements

  • Client health score computation is enhanced. It includes SNR and RSSI values.

  • View client count per SSID.

  • View client count per band frequency.

  • View the SNR distribution for all clients over time.

  • View the total DNS requests and responses for all clients over time.

Client 360 Page Enhancements

DNS request and response-over-time chart.

Sensor Enhancements

  • WebAuth Enabled SSIDs: You can add sensor-driven tests for WebAuth enabled SSIDs.

  • Sensor Dashboard: You can monitor and troubleshoot the health of wireless sensors.

  • Sensor Dynamic Testing: You can configure the number of APs on which the sensor tests should run. You can also configure the RSSI threshold value for the sensor to select the APs.

Issues Enhancements

  • Global issues can support grouping at the DHCP server and AAA server level (Requires WLC version 8.7).

  • Global issues are triggered based on unique clients that are impacted.

DNA Center Beta Features

For this release, High Availability is a beta feature.

IP Address and FQDN Firewall Requirements

When deploying DNA Center, the following table of IP addresses and Fully Qualified Domain Names (FQDNs) must be made accessible to DNA Center through any existing network firewall. You must configure access to these IP addresses and FQDNs to permit IP traffic to travel through any network firewall that exists between DNA Center and the Internet, or from DNA Center to a proxy server through any network firewall to the Internet.

Table 2. IP Address and FQDN Firewall Requirements

Access Needed For...

...to these IP Addresses and FQDNs

System and package downloads

Recommended:

*.ciscoconnectdna.com:4431

Or, for customers who prefer not to use a wildcard:
  • https://www.ciscoconnectdna.com

  • https://cdn.ciscoconnectdna.com

  • https://registry.ciscoconnectdna.com

  • https://registry-cdn.ciscoconnectdna.com

Cisco Meraki integration

Recommended:

*.meraki.com:443

Or, for customers who prefer not to use a wildcard:
  • dashboard.meraki.com:443

  • api.meraki.com:443

  • n63.meraki.com:443

CCO and Smart Licensing integration

*.cisco.com:443

User feedback submission

dnacenter.uservoice.com:443

IP address manager (IPAM) integration

The URL of your IPAM server

Browser map rendering

*.tiles.mapbox.com/* :443

1 Cisco owns and maintains ciscoconnectdna.com and its subdomains. The Cisco Connect DNA infrastructure meets Cisco's Security and Trust guidelines and undergoes continuous security testing. This infrastructure is robust, with built-in load balancing and automation capabilities. It is monitored and maintained by a cloud operations team to ensure 24x7 availability.

Upgrading to Cisco DNA Center, Release 1.1.5

Before you begin

Warning
Warning

You must perform the system updates first when you are migrating to this version. Do not attempt to either download or install package updates until all system updates have been installed.

Failure to download and install system updates first can cause problems with package updates. See Recovering From Premature Package Downloads for information on how to diagnose and recover from this problem.


Review the following list of prerequisites and perform the following procedures before upgrading your installed instance of DNA Center:

  • At times, system update downloads may get stuck while in the process of downloading. If this issue occurs, log in to the cluster you are using and issue the CLI command: maglev catalog package pull packagename --force (where packagename is the name and version of the system update package).

  • Only a user with SUPER-ADMIN-ROLE permissions may perform this procedure. For more information, see the Cisco Digital Network Architecture Center Administrator Guide.

  • You can upgrade to this DNA Center release from the following releases only:

    • DNA Center 1.1.4 Release (April 5, 2018)

    • DNA Center 1.1.3 Release (March 9, 2018)

    • DNA Center 1.1.2 Patch 1 Release (February 12, 2018)

    • DNA Center 1.1.2 Release (January 28, 2018)

    • DNA Center 1.1 Patch 1 Release (December 18, 2017)

    • DNA Center 1.1 Release (November 30, 2017)

    If your current DNA Center release version is not one of these versions, you must first upgrade to one of the above release versions before proceeding.

  • Create a backup of your DNA Center database. For information about backing up and restoring DNA Center, see the Cisco Digital Network Architecture Center Administration Guide.

  • If you have a firewall, make sure you allow DNA Center to access the following location for all system and package downloads: https://www.ciscoconnectdna.com:443.

  • Have the username and password for at least one cisco.com user account. You may be prompted, once, for the account credentials during package installations. This can be any valid cisco.com user account.

  • Allocate the appropriate time for the upgrade process. Upgrading from earlier releases to this DNA Center release may take several hours to complete.

  • Before you upgrade, check the > System Settings > App Management > Packages & Updates page to make sure there are no packages with the status installing or downloading.

In a multihost cluster, you can trigger an upgrade of the whole cluster from the DNA Center GUI (the GUI represents the entire cluster and not just a single host). An upgrade triggered from the GUI automatically upgrades all the hosts in the cluster.

Procedure


Step 1

From the DNA Center Home page, choose > System Settings > App Management. The App Management page displays the following side tabs:

  • Packages & Updates: Shows the packages currently installed and the updates available for installation from the Cisco cloud.

  • System Updates: Shows the system updates currently installed and the updates available for installation from the Cisco cloud.

Step 2

Click the System Updates tab.

Step 3

Click the Refresh icon several times to refresh the System Updates window.

The system update should appear in the Download Version column.

Download and install main-system-package from the System Updates page only. Even if the main-system-package appears on the Packages & Updates page, do not download or install it from that page. Use the System Updates page only.

You do not need to download or install the system-updater package.

Step 4

Click Install next to the system update package.

This step installs the system update on your appliance.

Step 5

After the installation process completes, click the Refresh icon.

Step 6

Ensure that DNA Center has been updated by reviewing the Status and Installed Version columns.

After updating the system in the previous steps, proceed to update the individual DNA Center application packages.

Step 7

Click > System Settings > App Management > Packages & Updates.

Step 8

Click the check box next to Package at the top of the page so that all the packages on the page are selected.

Step 9

From the Actions drop-down list, click Download.

Step 10

After the packages have finished downloading, from the Actions drop-down list, click Update.

Step 11

Ensure that each application has been updated by reviewing its Status and Installed Version columns.

The current version should be updated and the status should change to Running.

The process to update each of the individual packages should take approximately one hour to complete.

Though it is not the preferred upgrade method, you can upgrade packages individually after you have installed the system updates. See Upgrading Packages Individually for more information.


Upgrading Packages Individually

If you chose to install packages individually, you must install the packages in the following order depending on if you use Automation or Assurance.

Before you begin

The preferred method to upgrading your DNA Center is explained in Upgrading to Cisco DNA Center, Release 1.1.5. However, you can also install packages individually after you have installed the system updates.

Have the username and password for at least one cisco.com user account. You may be prompted, once, for the user credentials during package installations. This can be any valid cisco.com user account.

Procedure


Step 1

Install the system update as explained in Steps 1 through 7 in Upgrading to Cisco DNA Center, Release 1.1.5.

Step 2

From the DNA Center Home page, choose > System Settings > App Management > Packages & Updates.

Step 3

Install the packages one at a time, depending on if you use Automation or Assurance in one of the following two tables.

Note 
Packages that have available updates appear automatically. If a package does not appear in the Available Version column, skip it and install the next package in the following sequence.
Table 3. System Upgrade Installation Order for Automation

Installation Order

Package Name in GUI

2

Package Name in CLI

3

1

NCP – Base

ncp-system

2

NCP – Services

automation-core

3

Network Controller Platform

network-visibility

4

Automation - Image Management

image-management

5

Command Runner

command-runner

6

Automation - Application Policy

application-policy

7

Automation – Device Onboarding

device-onboarding

8

Assurance – Path Trace

path-trace

9

Automation – Base

base-provision-core

10

Automation – SD Access

sd-access

11

Automation - Sensor

sensor-automation

2 GUI name refers to the package name as shown in Settings > System Settings > App Management.
3 CLI name refers to the package name as shown in maglev package status output.
Table 4. System Upgrade Installation Order for Assurance Only

Installation Order

Package

1

From the DNA Center Home page, click > System Settings > App Management > System Updates, and then upgrade main-system-package.

Note 
Download and install main-system-package from the System Updates page only. Even if the main-system-package appears on the Packages & Updates page, do not download or install it from that page. Use the System Updates page only.

From the DNA Center Home page, click > System Settings > App Management > Packages & Updates, and install the packages one at a time in the following order.

Note 
Packages that have available updates appear automatically. If a package does not appear in the Available Update column, skip it and install the next package in the following sequence.

2

Network Data Platform – Core (ndp-platform)

3

Network Data Platform – Base Analytics (ndp-base-analytics)

4

Network Data Platform – Manager (ndp-ui)

5

Assurance - Base (assurance)

6

Assurance - Sensor (sensor-assurance)

For the IP-based access control feature, you must install the following packages in the order specified:
  1. Network Control Platform (network-visibility)

  2. Automation - Base (base-provision-core)

If you previously installed SD Access, at a minimum, you must upgrade the following packages in the order specified:
  1. Network Controller Platform (network-visibility)

  2. Automation - Base (base-provision-core)

  3. Automation - SD Access (sd-access)


Recovering From Premature Package Downloads

Successful migration to this release requires that you install all system updates before downloading or installing application package updates. Due to dependencies among the updates, failure to observe this rule can make it impossible to install both system updates and package updates. Problem indicators include messages that a system update has failed and package update downloads that never exit the "Downloading" state.

As an admin user with Maglev SSH access privileges, complete the following steps to recover and install the system update.

Procedure


Step 1

Using an SSH client, log in to the DNA Center appliance using the IP address of the out-of-band management network adapter, on port 2222. Use the maglev login command and log in with an admin username and password (which is the same login used for the admin user on the DNA Center UI).

Step 2

At the command line, delete all prematurely downloaded package updates by entering the following command:

$ for pkg in $(maglev package status -o json | jq -r '.[] | select(.available!="-") | [ .name,.available | tostring ] | join (":")'); do maglev catalog package delete $pkg 2>/dev/null; done
Step 3

Trigger the downloaded system update from the DNA Center UI.

Step 4

After the system update installs successfully, download and install the package updates.


Bugs

Open Bugs

The following table lists the open bugs for DNA Center for this release.

For information about open and resolved bugs for an earlier DNA Center release, refer to the release notes for that specific release.

Table 5. Open Bugs

Bug ID Number

Headline

CSCvg80485

Pre-verification check sometimes provides a false positive, even though there is no actual issue on the device or in the topology.

Workaround:

Manually retry the pre-verification checks a few times; only if the pre-verification checks fail for three times in a row should you conclude that there is some real problem with the device.

CSCvg82530

The Device-Type in the Assurance Client Health does not reflect the device type reported by the Cisco ISE.

Workaround:

There is no workaround at this time.

CSCvg96340

In a 3-node setup, if an admin wishes to perform some form of maintanance (non-RMA) on one of the 3 boxes, we do not have an explicit cordoning mechanism available.

Workaround:

Shut down the node, perform maintenance and reboot it. It will rejoin the cluster.

CSCvh13824

When you try to install the main-system-package from the App Management > System Updates page, the installation might fail.

Workaround:

Log into the DNA Center appliance using SSH and run the following CLI command:

sudo systemctl restart docker

CSCvh18753

Package takes a long time to deploy or upgrade.

Workaround:

Log into the DNA Center appliance using SSH and run the following CLI command:

maglev package upgrade --force package_name

CSCvh62232

Screen goes blank if Dashboard name is made of special characters.

Workaround:

There is no workaround at this time.

CSCvh62248

AppX and Site hierarchy table column selection not saved.

Workaround:

There is no workaround at this time. Need to re-select the filters to make them effective.

Resolved Bugs

The following table lists the resolved bugs for DNA Center for this release.

Table 6. Resolved Bugs

Bug ID Number

Headline

CSCvg96320

After initiating a restore on a cluster, while trying to monitor progress of the restore directly on the cluster, you might be logged out and/or see a "You are not authorized to perform this operation" message. Wait for a few minutes, log back in and try again.

CSCvg96351

If you do not key in a proxy server's IP or host name while configuring the box, the install time might be slower.

CSCvh28852

Using FTP (port 21) to back up DNA Center does not work. Use SSH (port 22) to back up DNA Center.

CSCvh32877

DNA-Sensor: not seeing wireless sensor in test wizard sensor list

CSCvi59576

Git991: 1.0.7 Site Rollup & Time rollup failed due to Error while registering metric.

CSCvi64330

Git986: Device inventory sync issue between NCP and NDP post upgrade

CSCvi77319

Git1045: 1.0.7 nbar pipeline restarts due to UserCodeException: NoSuchMethodError: CTupleFactory.emp

CSCvi77498

Git1047: 1.0.7 api/ndp/v1/data/devices/ returns Error Code : 500 due to NoNodeAvailableException[No

CSCvi77843

Git1048: 1.0.7 Trigger from Aggregation & Simple trigger From Stream failed.

CSCvh57200

Sensor:Farallon provisioning accepts building but does not show up in sensor UI for selection

CSCvh74098

DNAC Unable to delete WLC From Provisioning and Inventory Partial Collection Failure after Sync

CSCvh96002

Deny EID prefixes and permit all other prefixes while importing BGP to LISP

CSCvi05957

Git881: query engine is not able to connect to the db after upgrade DNAC from 1.1.2 to 1.1.2 Patch 1

CSCvi11155

Git887: DNAC::WTH::Wireless/Deviceprocessor pipelines are continuously restarting after package upgr

CSCvi11430

Uber: Scaling test: can not complete to assign IP pool to VN or unacceptable slow

CSCvi29734

DNAC1.1.2 - Remove "map-cache 0.0.0.0/0 map-request" command pushed on INFRA_VN

CSCvi29744

DNAC1.1.2 - Inject a default route pointing to border as a part of underlay automation

CSCvi37533

Client with IPv4 and IPv6, IPv6 address added to the host table

CSCvi38614

DNAC::Oxy WLC inventory delete error "delete on table "baseradio" violates foreign key constraint"

CSCvi54573

Path trace process is stuck and does not accept any more request

CSCvi66224

C3850: route target commands pushed to device rejected in ipbase

CSCvi67500

DNAC-1.2 only recognizes Farallon sensors with "B" regulatory domains as a sensor device

CSCvi67664

GH2942: Unable to upgrade maglev package due to issue app-container issue

CSCvi71213

DNA-Sensor: Webpass with psk is missing field for passphrase

CSCvi73567

Git1037: TQ NDP: TQ page is showing duplicate devices because of API response

CSCvi75403

[SCALE] Kafka lag/Partial data seen in assurance client count after maglev upgrade

CSCvi87957

Git1180: Upgrade failed due to encryption strength limit on workflow-worker

CSCvi90401

Delete prefix-list on internal borders when address-pool is removed from VN

CSCvi91683

Deny EID prefixes while importing BGP to LISP on Internal+External Borders with co-located MS/MR

CSCvj05136

Uber[2.1.9.70011]:Scaling: take a long time to remove IP SLA vrf after remove BR from FD

CSCvj17270

DNAC1.1.5: Restore from successfully created Backup not working

CSCvj17306

DNAC1.1.5: Deleting WLC device from provision page is not working.

CSCvh93109

Sensor: 2800I AP though working as XoR is shown as AP as Sensor in DNAC UI

CSCvi13220

Git892: redis lookup throwing exception

CSCvi19852

Git909: Performance issues in MWC setup

CSCvi20327

Git893: [MWC] nls is not returning any data

CSCvi24368

Ungraceful restart of network orchestration service should ensure stale entries are deleted from DB

CSCvi39021

Git949: MWC Setup: Errors in QE and ES pods, queries are not working

CSCvi42949

Duplicate ISIS network ID seen on two edges after LAN automation

CSCvi45044

In fabric provisioning page,verification is failed by complaining no vrf found.But vrf are in device

CSCvi58671

Git987: 1.0.7 Netflow metrics are not displayed in Ops Center/Grafana

CSCvi90034

DNAC UI should show correct version 1.1.5 in Settings - > About DNA center page for April19th patch

CSCvj12467

"Specified ReleaseChannel not found in repository 'None': dnac" message on UI with 1.0.4.821

CSCvj13182

1.1.5.40 sensor-assurance package is not showing on UI with 1.0.4.821

CSCvj15311

Same version is showing on both Package Installed and Downloaded versions with 1.0.4.823

CSCvi66475

Physical neighbor topology view does not show connected client under AP

Note 
Resolved in Assurance package 1.1.5.222

CSCvi60745

WLC 8.7 sends CL_EVENT_BLACKLISTED with reason MAX_RETRY_EXCEED =101 but DNA-C does not display this message

Note 
Resolved in Assurance package 1.1.5.222

CSCvi80893

Global issues should be sorted by timestamp

Note 
Resolved in Assurance package 1.1.5.222

CSCvi74779

Network health device table filter autofill should react to site filter

Note 
Resolved in Assurance package 1.1.5.222

CSCvi90354

Show "--" when there is no data instead of 0% and empty

Note 
Resolved in Assurance package 1.1.5.222

CSCvi97777

DNAC not reporting WLC uptime and redundancy information

Note 
Resolved in Assurance package 1.1.5.222

CSCvi84568

AP count is incorrectly displayed

Note 
Resolved in Assurance package 1.1.5.222

Using the Bug Search Tool

Use the Bug Search tool to search for a specific bug or to search for all bugs in this release.

Procedure


Step 1

Point your browser to http://tools.cisco.com/bugsearch.

Step 2

At the Log In screen, enter your registered cisco.com username and password; then, click Log In. The Bug Search page opens.

If you do not have a cisco.com username and password, you can register for them at http://tools.cisco.com/RPF/register/register.do.

Step 3

To search for a specific bug, enter the bug ID in the Search For field and press Return.

Step 4

To search for bugs in the current release:

  1. In the Search For field, enter DNA Center and press Return. (Leave the other fields empty.)

  2. When the search results are displayed, use the filter tools to find the types of bugs you are looking for. You can search for bugs by modified date, status, severity, and so forth.

    To export the results to a spreadsheet, click the Export Results to Excel link.

Limitations and Restrictions

This topic describes limitation and restrictions on this release of DNA Center.

Backup and Restore Limitations

Backup and restore limitations and restrictions include:

  • You cannot take a backup from one version of DNA Center and restore it to another version of DNA Center. You can only restore a backup to an appliance that is running the same DNA Center software version, applications, and application versions as the appliance and applications from which the backup was taken. To view the current applications and versions on DNA Center, click > System Settings > App Management.

  • After performing a restore operation, update your integration of Cisco ISE with DNA Center. After a restore operation, Cisco ISE and DNA Center may not be in sync. To update your Cisco ISE integration with DNA Center, access Settings in the GUI, then open the Authentication and Policy Servers window, then choose Edit for the server. Enter your Cisco ISE password to update.

  • After performing a restore operation, the configuration of devices in the network may not be in sync with the restored database. For this reason, you may need to manually revert the CLI commands pushed for authentication, authorization, and accounting (AAA) and configuration on the network devices. Refer to the individual network device documentation for information about the CLI commands to enter.

  • Re-enter the device credentials in the restored database. If you updated the site-level credentials before the database restore and the backup being restored does not have the credential change information, then all devices will go to partial-collection after restore. You then need to manually update the device credentials on the devices for synchronization with DNA Center or perform a rediscovery of those devices to learn the device credentials.

  • AAA provisioning needs to be performed only after adjusting network device differential changes to the restored database. Otherwise, device lockouts might occur.

  • DNA Center Assurance data is not supported for backup and restore.

Cisco ISE Integration Limitations

ISE integration limitations and restrictions include:

  • ECDSA keys are not supported as either SSH keys for Cisco ISE SSH access, nor in certificates in DNA Center and Cisco ISE.

  • Full certificate chains must be uploaded to DNA Center while replacing the existing certificate. If the DNA Center certificate is issued by a subCA of a rootCA, the certificate chain uploaded to DNA Center while replacing the DNA Center certificate must contain all three certificates.

  • Self-signed certs applied on DNA Center must have the Basic Constraints extension with cA:TRUE (RFC5280 section-4.2.19).

  • The IP address or FQDN of both Cisco ISE and DNA Center should be present in either the Subject Name field or the Subject Alt Name field of the corresponding certificates.

  • If the certificate is replaced or renewed in either Cisco ISE or DNA Center, then trust needs to be re-established.

  • DNA Center and Cisco ISE IP/FQDN must be present in the proxy exceptions list if there is a web-proxy between Cisco ISE and DNA Center.

  • DNA Center and Cisco ISE nodes cannot be behind a NAT device.

  • Pxgrid persona changes after trust establishment are not detected by DNA Center.

Cisco IWAN Application Limitations

IWAN application limitations and restrictions include:

  • The Automation-SD Access and the Automation-Application Policy packages cannot be used together with the IWAN package on DNA Center. Any instructions for using these packages are irrelevant, if the IWAN package has already been installed.

  • Ensure that IP address pools created in DNA Center do not conflict with IP address pools defined in the IWAN tool (if it has been installed). Unfortunately, DNA Center cannot make this check and warn you if you try to define an IP address pool that does not comply with this requirement.

Service and Support

Related Documentation

The following publications are available for DNA Center.

Table 7. Related Documentation

For this type of information...

See this document...

Release information, including new features, system requirements, and open and resolved caveats.

Cisco Digital Network Architecture Center Release Notes

Installation and configuration of DNA Center, including post-installation tasks.

Cisco Digital Network Architecture Center Installation Guide

User Guide to the DNA Center GUI and its applications.

Cisco Digital Network Architecture Center User Guide

Configuration of user accounts, RBAC scope, security certificates, authentication and password policies, and global discovery settings.

Monitoring and managing DNA Center services.

Backup and restore.

Cisco Digital Network Architecture Center Administrator Guide

Supported devices, such as routers, switches, wireless access points, NFVIS platforms, and software releases.

Supported Devices

Licenses and notices for open source software used in DNA Center Assurance.

Open Source Used In Cisco DNA Center Assurance

Cisco IWAN app guide that describes the new methods and features that apply to the IWAN app within DNA Center, as well as including important notes and limitations.

Cisco IWAN Application on DNA Center Quick Start Guide

Cisco IWAN app release information, including new features, system requirements, and open and resolved caveats.

Cisco IWAN Application on DNA Center Release Notes

Key features and scale numbers.

DNA Center Data Sheet

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation.

You can also subscribe to the What’s New in Cisco Product Documentation RSS feed, which delivers lists and content of new and revised Cisco technical documentation directly to your desktop, using any RSS reader application. This RSS feed is a free service.