Release Notes for Cisco Digital Network Architecture Center, Release 1.2.1

This document describes the features, limitations, and bugs for Cisco DNA Center, Release 1.2.1.

Change History

The following table lists changes to this document since its initial release.

Table 1. Document Change History

Date

Change

Location

2019-07-19

Clarified that you can back up and restore Automation data only or both Automation and Assurance data. But you cannot use the GUI or the CLI to back up or restore only Assurance data.

Limitations and Restrictions

2018-06-15

Initial release.

What's New in Cisco DNA Center, Release 1.2.1

Cisco DNA Center, Release 1.2.1 resolves several pre-existing issues and is designed to enhance your product's performance and stability. The following table lists the updated packages and their versions in this release.

Table 2. Updated Packages and Versions in This Release

Update Type

Package Name

Version

System Updates

System

1.1.0.524

Package Updates

Application Policy

2.1.16.170023

Assurance - Base

1.2.0.522

Assurance - Sensor

1.2.0.121

Automation - Base

2.1.16.60016

Automation - Sensor

2.1.16.60016

Command Runner

2.1.16.60016

Device Onboarding

2.1.16.60016

Device Onboarding UI

2.1.16.60016

Cisco DNA Center UI

1.0.5.141

Image Management

2.1.16.60016

NCP - Base

2.1.16.60016

NCP - Services

2.1.16.60016

Network Controller Platform

2.1.16.60016

Network Data Platform - Base Analytics

1.1.0.506

Network Data Platform - Core

1.1.0.546

Network Data Platform - Manager

1.1.0.577

Path Trace

2.1.16.60016

SD Access

2.1.16.60016

Preshared Key Override Override

The SSIDs are created at the global hierarchy level. The site, building, and the floor inherits settings from the Global hierarchy. You can override a preshared key (PSK) at the site, building, or the floor level. If you override a PSK at the building level, the subsequent floor inherits the new settings.

Template Editor

Introduction of new source and entity types to bind template variables to the pre-defined network settings in the system.

  • A new source type, that is Network Profile with entity SSID and Attribute wlanid has been introduced for template binding in this release.

  • For the source type inventory, two new entities have been introduced for template variable binding: APGroup and FlexGroup.

Beta Features

The following features in this release are in beta or are being released as an engineering field trial (EFT):

  • Network Plug and Play application

  • High Availability

  • SD-Access Distributed Campus (SD-Access Transit)

  • SD-Access Extension for IoT

Installing Cisco DNA Center

You install Cisco DNA Center as a dedicated physical appliance purchased from Cisco with the Cisco DNA Center ISO image pre-installed. See the Cisco DNA Center Installation Guide for information about installation and deployment procedures.


Note

The following applications are not installed on Cisco DNA Center by default. If you purchased any of these applications, you must manually download and install the packages separately.

  • Cisco Software-Defined Access (sd-access)

  • Cisco Assurance - Sensor (sensor-assurance)

  • Cisco Automation - Sensor (sensor-automation)

  • Cisco Application Policy (application-policy)

  • Cisco Plug and Play (device-onboarding-ui)


For more information about downloading and installing a package, see "Manage Applications" in the Cisco DNA Center Administrator Guide.

Border Node Requirements on Cisco Nexus 7700 Series Switches

To configure a Cisco Nexus 7700 Series Switch as a border, ensure that the following actions are performed:

  • A valid MPLS_PKG license is installed on the switch.

  • The install feature-set fabric and install feature-set mpls commands are enabled in the Admin VDC or in the default VDC if Admin VDC is not present.


Note

Only Cisco Nexus 7700 Series Switch with M3 line card supports the border role.


Prerequisites for Upgrading to Cisco DNA Center, Release 1.2.1

Prior to upgrading, a banner will appear in the GUI notifying you of the ability to upgrade to Cisco DNA Center, Release 1.2.1. Follow the steps in this procedure to successfully upgrade Cisco DNA Center to this release.


Note

You must perform the system update first when you are migrating to this version. Do not attempt to either download or install package updates until all system updates have been installed. Failure to download and install system updates first can lead to inability to download and install both system and package updates.

If you are upgrading directly from 1.2 to 1.2.1, there is no update for the system package. Proceed with downloading and installing the package updates.


You cannot upgrade the packages individually. You must follow all the steps this procedure.

Review the following list of prerequisites and perform the following procedures before upgrading your installed instance of Cisco DNA Center:

  • Only a user with SUPER-ADMIN-ROLE permissions may perform this procedure. For more information, see the Cisco Digital Network Architecture Center Administrator Guide.

  • You can upgrade to this Cisco DNA Center release from the following releases only:

    • Cisco DNA Center 1.2 (June 5, 2018)

    • Cisco DNA Center 1.1.7 (June 9, 2018)

    • Cisco DNA Center 1.1.6 (May 18, 2018)

    • Cisco DNA Center 1.1.5 (April 27, 2018)

    If your current Cisco DNA Center release version is not one of these versions, you must first upgrade to one of the above release versions before proceeding.


    Note

    As part of upgrading from Cisco DNA Center 1.1.5, 1.1.6, 1.1.7, or 1.2 to Cisco DNA Center 1.2.1, you should only perform any activity on the cluster after both the System (platform) and App updates complete. Performing any activity on the cluster after the System update completes, but before the App updates complete will cause unexpected failures in the Cisco DNA Center cluster.


  • Create a backup of your Cisco DNA Center database. For information about backing up and restoring Cisco DNA Center, see the Cisco Digital Network Architecture Center Administrator Guide.

  • If you have a firewall, make sure you allow Cisco DNA Center to access the following location for all system and package downloads: https://www.ciscoconnectdna.com:443. To ensure that you have cloud connectivity to AWS, you can log onto the cluster and run the following CLI command: maglev catalog settings validate.

  • Have the user name and password for at least one cisco.com user account. You may be prompted, once, for this during package installations. This can be any valid cisco.com user account.

  • Allocate the appropriate time for the upgrade process. Upgrading from earlier system package releases to this Cisco DNA Center system package release may take approximately one hour to complete.

  • We strongly recommend that you do not use Cisco DNA Center or any of its applications or tools when it is in the process of being upgraded.

  • Before you upgrade, make sure that there are no packages with the status installing or downloading. The packages displayed should have a status of running.

    • For upgrades from Cisco DNA Center 1.1.5, 1.1.6, or 1.1.7, check the > System Settings > App Management > Packages & Updates page for package status.

    • For upgrades from Cisco DNA Center 1.2, check the > System Settings > Software Updates > Updates page for package status.

  • If the Cisco DNA Center download, update, or install procedures fail for any reason, always retry the procedure a second time using the GUI. If the procedure fails a second time, contact the Cisco TAC for support.

In a multihost cluster, you can trigger an upgrade of the whole cluster from the Cisco DNA Center GUI (the GUI represents the entire cluster and not just a single host). An upgrade triggered from the GUI automatically upgrades all the hosts in the cluster.


Note

If you upgrade a three-node Cisco DNA Center cluster from any version of 1.2.x, the application upgrade will fail its dependency checks. To upgrade a three-node (multihost) cluster, Service Distribution (or HA) must be enabled. Be aware that Service Distribution (or HA) for a three-node cluster is a beta feature and is not recommended for use in production deployments. You must contact the Cisco TAC for help with upgrading a three-node cluster.


Guidance for Existing Cisco DNA Center, Release 1.1.x Deployments

Users with current deployments of Cisco DNA Center, Release 1.1.x should follow the guidance below.

  • Non-SDA deployments: Users who have not deployed SDA can upgrade to Cisco DNA Center, Release 1.2.1 to avail themselves of the new features and improved operational capabilities at their convenience.

    • If you do not need Cisco DNA Center, Release 1.2.1 features immediately, you can remain on Release 1.1.7. The Cisco DNA Center 1.1.x releases will continue for a few cycles beyond Release 1.1.7 to support current production deployments, and you will be able to upgrade from all of these releases to Cisco DNA Center, Release 1.2.1. With the support for incremental package updates in Release 1.1.6 and later, the update process is now faster and more robust.

    • Users on releases earlier than 1.1.5 are recommended to update to Release 1.1.7 and then update to Release 1.2.1 as needed.

    • Users on Release 1.1.5 or 1.1.6 can update directly to Release 1.2.1 as needed or update to Release 1.1.7 or later (as they are available) and hold per the recommendation above.

  • SDA deployments: Users that have active SDA deployments on releases earlier than 1.1.5 are recommended to update to Cisco DNA Center, Release 1.1.7 or higher (as they are available). Users on Release 1.1.5 or 1.1.6 should stay on that release.


Warning

All Release 1.1.x users with SDA deployments should hold off from updating to Release 1.2.x.


  • The addition of SDA for Distributed Campus can result in situations where an update to Cisco DNA Center, Release 1.2.1 may disrupt the current single-site SDA fabric operation. Therefore, updating to Release 1.2.1 is not recommended for current SDA deployments.

  • SDA for Distributed Campus functionality can be evaluated on a fresh SDA install separate from production deployments.

  • Users need to plan change management windows to support AAA configuration updates (aligned with IBNS 2.0).

Upgrading from Release 1.1.5, 1.1.6, or 1.1.7 to Release 1.2.1

Procedure


Step 1

From the Cisco DNA Center home page, choose > System Settings > App Management.

A Cisco DNA Center 1.2.1 is Here! banner appears at the top of the App Management page with a Switch Now button.

The App Management page also displays the following side tabs:

  • Packages & Updates—Shows the packages currently installed and the updates available for installation from the Cisco cloud.

  • System Updates—Shows the system updates currently installed and the updates available for installation from the Cisco cloud.

Step 2

Click the Switch Now button in the banner.

A text field appears asking you to confirm your decision to upgrade to Release 1.2.1.

Step 3

Click OK to proceed with the upgrade.

Clicking OK starts the download for the system package. The message "Connecting to... 1.2.1 cloud catalog" with a progress bar appears.

Wait for approximately 90 seconds for the progress bar to finish and the updated system version to display. Refresh the page if the new system version does not appear.

Step 4

After the download finishes, review the System Updates page.

The following information is displayed:

  • Package—System package

  • Status—Running

  • Installed Version—Current system package installed

  • Available Update—System package available for installation

Step 5

Click Install in the Available Update column.

During the install process, the following Cisco DNA Center GUI changes are made:

  • App Management tab—Changes to the Software Updates tab

  • System Updates side panel—Changes to the Updates side panel

  • Packages & Updates side panel—Changes to the Installed Apps side panel

Step 6

After the system installation is finished and is in Running state, refresh the page.

A new Updates page appears with the following information:

  • Platform Update—Displays the updated system version with a statement that the system is up to date. A green check mark also indicates a successful system upgrade.

  • Apps Updates—Displays groupings of applications with their current file size and version.

Step 7

At the top of the Apps Updates field, click the Download All button.

After clicking this button, all of the application upgrade packages are downloaded.

Note 

There are additional Download All buttons for different application groups (for example, Core, Automation, and Assurance). These buttons are grayed out and disabled. You need to only click the Download All button at the top of the page.

Step 8

After all of the application packages have been downloaded, click the Update All button at the top of the Apps Updates field.

After clicking this button, all of the applications are subsequently updated.

Note 

There are additional Update All buttons for different application groups (for example, Core, Automation, and Assurance). These buttons are grayed out and disabled. You need to only click the Update All button at the top of the page.

Step 9

Ensure that each application has been updated by reviewing its version on the Installed Apps page.

The application versions should be updated on this page.

Note 

There may be some new application packages that were not part of your previous Cisco DNA Center configuration, and for this reason have not been installed by this procedure (for example, the Test Support package listed on this page).


Upgrading from Release 1.2 to Release 1.2.1

Procedure


Step 1

From the Cisco DNA Center home page, choose > System Settings > Software Updates.

Step 2

Download the applications by doing one of the following:

  • To download all applications at once, click Download All at the top of the Application Updates field.

  • To download a specific application group, click Download All next to that group.

  • To download a specific application, click Download next to that application.

Step 3

Update the applications by doing one of the following:

  • To update all applications at once, click Update All at the top of the Application Updates field.

  • To update a specific application group, click Update All next to that group.

  • To update a specific application, click Update next to that application.

Step 4

Ensure that each application has been updated by reviewing its version on the Installed Apps page.

The application versions should be updated on this page.

Note 

There may be some new application packages that were not part of your previous Cisco DNA Center configuration, and for this reason have not been installed by this procedure (for example, the Test Support package listed on this page).


Recover from Premature Package Downloads

Successful migration to this release requires that you install all system updates before downloading or installing package updates. Due to dependencies among the updates, failure to observe this rule can make it impossible to install both system updates and package updates. Problem indicators include messages that a system update has failed and package update downloads that never exit the "Downloading" state.

As an admin user with Maglev SSH access privileges, complete the following steps to recover and install the system update.

Procedure


Step 1

Using an SSH client, log in to the Cisco DNA Center appliance using the IP address of the out-of-band management network adapter, on port 2222. Use the maglev login command and log in with an admin username and password (which is the same login used for the admin user on the Cisco DNA Center GUI).

Step 2

At the command line, delete all prematurely downloaded package updates by entering the following command:

for pkg in $(maglev package status -o json | jq -r '.[] | select(.available!="-") | [ .name,.available | tostring ] | join (":")'); do maglev catalog package delete $pkg 2>/dev/null; done
Important 

You must enter the preceding command as one line.

Step 3

Trigger the downloaded system update from the Cisco DNA Center GUI.

Step 4

After the system update installs successfully, download and install the package updates.


Network Plug and Play Support

The Network Plug and Play application is not installed in Cisco DNA Center by default. You must download and install the package named Device Onboarding UI, and then you can find the application in the Tools section. For more information about installing a package, see the chapter "Manage Applications" in the Cisco Digital Network Architecture Center Administrator Guide.

General Feature Support

Network Plug and Play supports the following features, depending on the Cisco IOS software release on the device:

  • AAA device credential support: The AAA credentials are passed to the device securely and the password is not logged. This feature allows provisioning a device with a configuration that contains aaa authorization commands. This feature requires software release IOS 15.2(6)E1, IOS 15.6(3)M1, IOS XE 16.3.2, or IOS XE 16.4 or later on the device.

  • Image install and upgrade for Cisco Catalyst 9300 Series, Catalyst 9400 Series, Catalyst 9500 Series, Catalyst 3650 Series, and Catalyst 3850 Series switches is supported only when the switch is booted in Install mode. (Image install and upgrade is not supported for switches booted in Bundle mode.)

SUDI Support

The Secure Unique Device Identifier (SUDI) feature that allows secure device authentication is available on the following platforms:

  • Cisco routers:

    • Cisco ISR 1100 Series with software release 16.6.2

    • Cisco ISR 4000 Series with software release 3.16.1 or later, except for the ISR 4221, which requires release 16.4.1 or later

    • Cisco ASR 1000 Series (except for the ASR 1002-x) with software release 16.6.1

  • Cisco switches:

    • Cisco Catalyst 3850 Series with software releases 3.6.3E or 16.1.2E or later

    • Cisco Catalyst 3650 Series and 4500 Series with Supervisor 7-E/8-E, with software releases 3.6.3E, 3.7.3E, or 16.1.2E or later

    • Cisco Catalyst 4500 Series with Supervisor 8L-E with software releases 3.8.1E or later

    • Cisco Catalyst 4500 Series with Supervisor 9-E with software release 3.10.0E or later

    • Cisco Catalyst 9300 Series with software release 16.6.1 or later

    • Cisco Catalyst 9400 Series with software release 16.6.1 or later

    • Cisco Catalyst 9500 Series with software release 16.6.1 or later

  • NFVIS platforms:

    • Cisco ENCS 5400 Series with software release 3.7.1 or later

    • Cisco ENCS 5104 with software release 3.7.1 or later


Note

Devices that support SUDI have two serial numbers: the chassis serial number and the SUDI serial number (called the License SN on the device label). You must enter the SUDI serial number in the Serial Number field when adding a device that uses SUDI authentication. The following device models have a SUDI serial number that is different from the chassis serial number:

  • Cisco routers: ISR 43xx, ISR 44xx, ASR1001-X/HX, ASR1002-HX

  • Cisco switches: Catalyst 4500 Series with Supervisor 8-E/8L-E/9-E, Catalyst 9400 Series


Management Interface VRF Support

Plug and Play operates over the device management interface on the following platforms:

  • Cisco routers:

    • Cisco ASR 1000 Series with software release 16.3.2 or later

    • Cisco ISR 4000 Series with software release 16.3.2 or later

  • Cisco switches:

    • Catalyst 3650 Series and 3850 Series with software release 16.6.1 or later

    • Cisco Catalyst 9300 Series with software release 16.6.1 or later

    • Cisco Catalyst 9400 Series with software release 16.6.1 or later

    • Cisco Catalyst 9500 Series with software release 16.6.1 or later

4G Interface Support

Plug and Play operates over a 4G network interface module on the following Cisco routers:

  • Cisco 1100 Series ISR with software release 16.6.2 or later

Configuring Server Identity

To ensure successful Cisco DNA Center discovery by Cisco devices running newer IOS releases, the server SSL certificate offered by Cisco DNA Center during the SSL handshake must contain an appropriate Subject Alternate Name (SAN) value, so that the Cisco Plug and Play IOS Agent can verify the server identity. This may require the administrator to upload a new server SSL certificate, which has the appropriate SAN values, to Cisco DNA Center.

This requirement applies to devices running the following Cisco IOS releases:

  • Cisco IOS Release 15.2(6)E2 and later

  • Cisco IOS Release 15.6(3)M4 and later

  • Cisco IOS Release 15.7(3)M2 and later

  • Cisco IOS XE Denali 16.3.6 and later

  • Cisco IOS XE Everest 16.5.3 and later

  • Cisco IOS Everest 16.6.3 and later

  • All Cisco IOS releases from 16.7.1 and later

The value of the SAN field in the Cisco DNA Center certificate must be set according to the type of discovery being used by devices, as follows:

  • For DHCP option-43/option-17 discovery using an explicit IPv4 or IPv6 address, set the SAN field to the specific IPv4/IPv6 address of Cisco DNA Center.

  • For DHCP option-43/option-17 discovery using a hostname, set the SAN field to the Cisco DNA Center hostname.

  • For DNS discovery, set the SAN field to the plug and play hostname, in the form of pnpserver.domain.

  • For Cisco Plug and Play Connect cloud portal discovery, set the SAN field to the Cisco DNA Center IP address, if the IP address is used in the Plug and Play Connect profile. If the profile uses the Cisco DNA Center hostname, then the SAN field must be set to the fully qualified domain name (FQDN) of the controller.

If the Cisco DNA Center IP address that is used in the Plug and Play profile is a public IP address that is assigned by a NAT router, then this public IP address must be included in the SAN field of the server certificate.

If an HTTP proxy server is used between the devices and Cisco DNA Center, ensure that the proxy certificate has the same SAN fields with the appropriate IP address or hostname.

It is recommended to include multiple SAN values in the certificate, in case discovery methods vary. For example, you can include both the Cisco DNA Center FQDN and IP address (or NAT IP address) in the SAN field. If you do include both, set the FQDN as the first SAN value, followed by the IP address.

If the SAN field in the Cisco DNA Center certificate does not contain the appropriate value, the device will not be able to successfully complete the plug and play process.


Note

The Cisco Plug and Play IOS Agent checks only the certificate SAN field for the server identity. It does not check the common name (CN) field.


Bugs

Open Bugs

The following table lists the open bugs for Cisco DNA Center for this release.

Table 3. Open Bugs

Bug Identifier

Headline

CSCvj86234

On single node with scale of 25,000 clients, kafka lag seen after three days.

CSCvj21853

Catalog pull failed and packages after release_channel activated from 1.1.5 to 1.2.x.

CSCvj87983

Upgrade server 1.1.6 to 1.2.1: vManage with RootCA provision failed.

CSCvj95012

Custom RF profile with 6 Mbps configured fails provision to controller if 802.11g network disabled.

CSCvj95035

AP group fails to show all global PSK SSID along with site specific override PSK SSID.

CSCvj53868

Smart Account Sync on registered Virtual Account stays in Syncing state indefinitely.

CSCvj50251

Global search not able to search wireless clients based on MAC address.

CSCvj73874

Assurance data not getting plotted for devices after UI and NDP CLI restore.

CSCvj74528

Cisco DNA Center: collector-agent service restarts for 17 times on scale server, reason terminated.

CSCvj33322

Issue Catalog does not load up any issues.

CSCvj34839

In App 360 page, time series health plot on the chart is not visible.

CSCvj54186

Trend chart on Client health page of Assurance does not reflect the real number of client count.

CSCvj73901

Wrong Network device health score on Cisco DNA Center clusters.

CSCvj43086

The graph still have legacy edges from client to radio vertex.

CSCvj43440

After the upgrade of the Assurance package, the Wireless/Wired Clients are recognized differently. Therefore, if we query for a count with a time range which encompasses the Upgrade time stamp, then the same clients are represented/counted twice.

CSCvj65826

Wireless client username is showing up as Unknown in Client 360 page.

CSCvj73122

Impacted hosts API calls needs to be reduced from 2 to 1 call for issues.

CSCvj73469

Assurance page can not load after click "system setting - data platform".

CSCvh01102

Cisco DNA Center should not touch the config on fusion-facing interface on N7K.

CSCvh97104

Task-service generates around 200k log messages every hour.

CSCvj51327

Cisco DNA Center - Host On boarding page of a Fabric site takes > 1 minute to load.

CSCvj51357

Cisco DNA Center - Virtual network update in host on boarding page doesn't load even after 10 minutes.

CSCvj67457

Device Provisioning is failing due to parser error in Jura.

CSCvg58796

Need to change the order of deletion when multicast and router LISP configs are present.

CSCvh72267

Multicast pool creation fails if we use IP pools that have been reserved at site level.

CSCvj14409

Cisco DNA Center APIs need documentation.

CSCvi05701

ISRv getting deployed with the wrong image instead of the one marked golden in repository.

CSCvj15985

There is a need to reboot Cisco vEDGE/ISRv router if any updates are made on the VNIC.

CSCvj27343

Cisco vEdge and Cisco ISRv single WAN topology with GE0-1 as WAN link fails.

CSCvj33390

Cisco ISRv and vEdge and vWAAS single WAN topology with GE0-1 as WAN link fails.

CSCvj34448

Unable to edit the existing network profile after an upgrade from Cisco DNA Center 1.1.5 to 1.2.

CSCvj35129

CCO images will not be listed for few Cisco Catalyst 4000, Cisco Catalyst 6000, and WLC 5520 devices.

CSCvi92534

Learning config for a WLC having multiple WLANs with same name causes implications on App Policy.

CSCvh04794

When we use Flex SSID for application policy deployment, application policy is not deployed on to the device as Flex SSID is not supported.

CSCvh98080

If the SSID used in a policy is switched to Fabric and reprovision device, status becomes 0/0 devices.

CSCvh98064

Provisioning new device to same site used in a policy gives no notification for policy redeployment.

CSCvi28588

Stale behavior for AP Migration with respect to Flex Policy should inform user that Site needs to be modified.

CSCvi50584

The Provision Status of Cisco WLC shows as Failure even if the provision is successful.

CSCvi57785

Restoring a policy having the same name as one existing on the device empties the policy config.

CSCvj19890

If the SSID used in a app- policy is deleted there should be a warning/message.

CSCvj40574

Device goes to Partial Collection Failure after successful discovery.

CSCvj74057

AAA override is not enabled for Identity PSK (IPSK) security.

CSCvj71411

Cisco WLC preprovision check fails with false reason.

CSCvj25268

Application Policy needs to support C7009 (Nexus 7009) platform.

CSCvj67406

On a 3node cluster with HA enabled, if the seed node is brought down, New Sites and Devices are not synced to NDP Telemetry.

CSCvj68170

After Node Remove and Re-add NDP, Fusion and Maglev services struck in ImagePullBackOff/CrashLo.

CSCvj64178

Post Node scale refresh causes 404 errors in UI.

CSCvj62003

A nodescale refresh fails.

CSCvj52275

Multiple services in ImagePullBackOff after shutting down seed node.

CSCvj59173

Kafka and Pipeline Job manager crashing due to ZK connect lost due to Too many connections.

CSCvj52924

The elasticsearch pods are restarted continuously with OOM errors due to heap exhaustion.

CSCvj46134

On a 3 node cluster, cassandra instance gets into CrashLoopBackOff on a node that was removed from the cluster and re-added back with the same IP.

CSCvj67936

Cisco DNA Center - Package update stuck in 'pending_upgrade' status.

CSCvj71825

Accessing the services using kubernetes service IPs fail.

CSCvj74395

Mounting glusterfs volume to the host failed after system update.

CSCvh93087

CISCO_SWITCH_EVENT macro does not auto trigger for the listed device types.

CSCvi98298

After AP join, WLC inventory sync goes to PCF.

CSCvj41920

Non-fabric router provision, the provision status is not being updated.

CSCvj48744

WLC provisioning for Assurance is done only during add device.

CSCvj59814

Disable IPv6 during installation, if not enabled in Maglev installation wizard.

CSCvj62108

PxGrid session fails to setup when ISE-2.4 deployment has 3 or more PxGrid nodes.

CSCvj68001

Inventory page sorting based on "uptime" freezes the page.

CSCvj69748

All docker containers except one stopped after two days on the primary node of a three-node cluster.

CSCvj70278

Discovery of devices in a three-node cluster collects data via the primary node IP.

CSCvj73255

Assurance UI failed to load due to "errorCode": "MAINTENANCE_SYSTEM_UPDATE_IN_PROGRES.

CSCvi69657

License count is coming wrong in Dashboard for SL enable devices.

CSCvi92141

Host onboarding segment push doesn’t throw error message even upon failure.

CSCvi94467

Dual ENCS - vEDGE + ISRv + vWAAS with Single WAN prov failing for a device.

CSCvj15139

Device in Partial Collection Failure (Unknown Error) after provision and resync.

CSCvj15985

Need to reboot vEDGE/ISRv router if any update on the VNIC.

CSCvj21371

Template: provision WLC with incorrect config, Cisco DNA Center reports config success.

CSCvj27343

Cisco DNA Center - vEdge + ISRv single WAN topology with GE0-1 as WAN link fails.

CSCvj33390

Cisco DNA Center - ISRv + vEdge +vWAAS single WAN topology with GE0-1 as WAN link fails.

CSCvj34448

Edit existing network profile not work after upgrade from 1.1.5 to 1.2, new profiles creation work.

CSCvj34839

In health chart, plot on the chart is not visible in some conditions.

CSCvj41220

Repeated audit log entries for netflow collector update on day-N.

CSCvj41522

Cisco DNA Center - PNP CSV With 25 APs fails.

CSCvj43440

Wrong Client count for a brief period after upgrading Assurance to Cisco DNA Center.

CSCvj44491

Mobility express controller upgrade fails with SFTP error.

CSCvj47529

Cisco DNA Center sensor exact time scheduling not working.

CSCvj50108

Incorrect AP target list in Cisco DNA Center view.

CSCvj52545

Path trace fails with the error - failed to obtain complete L2 path over SVI.

CSCvj56489

Golden image tagging audit logs displaying -1 for site names and device role value is empty.

CSCvj61608

Cisco DNA Center AP Provisioning Fails during PnP CSV claim of 25 AP.

CSCvj68716

SWIM readiness check does not complete and keeps rechecking for more than 10 minutes.

CSCvj73919

When 'Download All' is in progress, few packages are not displayed in UI.

CSCvj75543

%SNMP-3-RESPONSE_DELAYED inventory collection fail in Cisco DNA Center due to SNMP response delay from device.

CSCve12817

%SNMP-SW1-3-RESPONSE_DELAYED: processing GetNext of ciscoFlashFileEntry.

CSCvi25438

Scheduling of 20 WLC provision took more than 5 minutes to process.

CSCvj34245

Device list in Provision summary page takes around 1.4 minutes to load 100 devices.

CSCvh66064

SSIDs don't get disabled on foreign WLC during prov on removing managed AP location from anchor WLC.

CSCvj61216

Cisco DNA Center: HoB port assignment panel disappears after validation history is clicked.

CSCvj48318

Cisco DNA Center: Deleting device fails for one of the devices.

CSCvj56401

Migration 1.1 to 1.2: After migration, the unused VN are not removed from FD.

CSCvj67842

Cisco DNA Center: IBNS2.0 auth template can only be edited before it is selected for any fabric site.

CSCvj78049

Wired 1800S is not able to successfully onboard after upgrade from 1.1.x to 1.2.0.

CSCvj77369

Event viewer data for clients is empty in user 360 page.

CSCvj33322

Issue catalog not showing up.

CSCvj77547

After upgrade from 115 --> 116 --> Cisco DNA Center 1.2, the cassandra docker image on one of the three cluster nodes was not rebuilt.

CSCvj71825

Cannot access the services using kubernetes service IPs.

CSCvj33750

Delete separate "Sensor Provisioning" button and merge it with single "Action" drop-down list.

Resolved Bugs

The following table lists the resolved bugs for Cisco DNA Center for this release.

Table 4. Resolved Bugs

Bug Identifier

Headline

CSCvi81751

Sorting of site field after filtering with provision status does not display any device details.

CSCvj22987

The Neighbor Topology shown in the Cisco DNA Center AP360 view may show a different client count than what one finds drilling down into the devices themselves.

CSCvj31982

Fabric devices show unreachable from controller running Cisco DNA Center 1.1.5.

CSCvj34245

Device list in Provision summary page takes around 1.4 minutes to load 100 devices.

CSCvj37635

For Cisco Catalyst series switch 9300, install mode with eWLC/SMU upgrade and boot parameters wrongly set, which crashes the switch.

CSCvj42525

For Cisco Catalyst series switch 9400, Stand by boot flash is taking precedence to activate SMU during upgrade.

CSCvj43086

Onboarding topology displaying wrong AP in client 360.

CSCvj43433

Access Point shows a Health Score of -1.

CSCvj49878

The Assurance GUI goes into an endless spin when clicking on a particular issue to view.

CSCvj50108

Incorrect AP target list in Cisco DNA Center view.

CSCvj55847

AP provisioning with custom RFProfile (custom1+custom2) fails with Internal error.

CSCvj57865

Upgrade fails using SCP for tar images.

CSCvj59344

Wireless client username displays as Unknown in Client 360 page.

CSCvj64498

Auto-populated WCM IP address is not accepted during UCSE provisioning.

CSCvj67949

Upgrade Status shows "Activate Operation" fails to execute PostActivation hook.

CSCvj70849

vWAAS device goes to partial collection failure in 1.1.6 to 1.2 upgraded server.

CSCvj70874

If upgrade to 1.2 is used, provisioning of NfVIS devices does not work after upgrade.

CSCvj73059

Path trace fabric cases fail due to RouteCache incomplete.

CSCvj73127

Reporting: Graphs taper at the end of time interval.

CSCvj73489

Scheduled backup fails to pull image and fails the backup job.

CSCvj75432

Control-plane connectivity shows down for collocated border and map server device.

CSCvj79380

Client health score remains at 1 for 802.1x authenticated clients.

CSCvj80465

FlexConnect SSID VLAN mapping issue.

Using the Bug Search Tool

Use the Bug Search tool to search for a specific bug or to search for all bugs in this release.

Procedure


Step 1

Point your browser to http://tools.cisco.com/bugsearch.

Step 2

At the Log In screen, enter your registered cisco.com username and password; then, click Log In. The Bug Search page opens.

If you do not have a cisco.com username and password, you can register for them at http://tools.cisco.com/RPF/register/register.do.

Step 3

To search for a specific bug, enter the bug ID in the Search For field and press Return.

Step 4

To search for bugs in the current release:

  1. In the Search For field, enter Cisco DNA Center and press Return. (Leave the other fields empty.)

  2. When the search results are displayed, use the filter tools to find the types of bugs you are looking for. You can search for bugs by modified date, status, severity, and so forth.

    To export the results to a spreadsheet, click the Export Results to Excel link.

Limitations and Restrictions

Backup and Restore Limitations

Backup and restore limitations and restrictions include:

  • You cannot take a backup from one version of Cisco DNA Center and restore it to another version of Cisco DNA Center. You can only restore a backup to an appliance that is running the same Cisco DNA Center software version, applications, and application versions as the appliance and applications from which the backup was taken. To view the current applications and versions on Cisco DNA Center, click > System Settings > App Management.

  • After performing a restore operation, update your integration of Cisco ISE with Cisco DNA Center. After a restore operation, Cisco ISE and Cisco DNA Center might not be in sync. To update your Cisco ISE integration with Cisco DNA Center, access Settings in the GUI, then open the Authentication and Policy Servers window and choose Edit for the server. Enter your Cisco ISE password to update.

  • After performing a restore operation, the configuration of devices in the network might not be in sync with the restored database. For this reason, you might need to manually revert the CLI commands pushed for authentication, authorization, and accounting (AAA) and configuration on the network devices. Refer to the individual network device documentation for information about the CLI commands to enter.

  • Re-enter the device credentials in the restored database. If you updated the site-level credentials before the database restore and the backup being restored does not have the credential change information, all devices go to partial-collection after restore. You then need to manually update the device credentials on the devices for synchronization with Cisco DNA Center or perform a rediscovery of those devices to learn the device credentials.

  • Perform AAA provisioning only after adjusting network device differential changes to the restored database. Otherwise, device lockouts might occur.

  • You can back up and restore Automation data only or both Automation and Assurance data. But you cannot use the GUI or the CLI to back up or restore only Assurance data.

HA Limitation

In this release, Cisco DNA Center only provides HA support for Automation functionality. HA for Assurance is not supported at this time.

Cisco ISE Integration Limitations

Cisco ISE integration limitations and restrictions include:

  • ECDSA keys are not supported as either SSH keys for Cisco ISE SSH access, nor in certificates in Cisco DNA Center and Cisco ISE.

  • Full certificate chains must be uploaded to Cisco DNA Center while replacing the existing certificate. If the Cisco DNA Center certificate is issued by a subCA of a rootCA, the certificate chain uploaded to Cisco DNA Center while replacing the Cisco DNA Center certificate must contain all three certificates.

  • Self-signed certificates applied on Cisco DNA Center must have the Basic Constraints extension with cA:TRUE (RFC5280 section-4.2.19).

  • The IP address or FQDN of both Cisco ISE and Cisco DNA Center must be present in either the Subject Name field or the Subject Alt Name field of the corresponding certificates.

  • If the certificate is replaced or renewed in either Cisco ISE or Cisco DNA Center, trust must be re-established.

  • Cisco DNA Center andCisco ISE IP/FQDN must be present in the proxy exceptions list if there is a web proxy between Cisco DNA Center and Cisco ISE.

  • Cisco DNA Center and Cisco ISE nodes cannot be behind a NAT device.

  • Cisco DNA Center does not detect pxGrid persona changes after trust establishment.

  • Cisco DNA Center and Cisco ISE cannot integrate if the ISE Admin and ISE pxGrid certificates are issued by different enterprise certificate authorities.

    Specifically, if the ISE Admin certificate is issued by CA server A, the ISE pxGrid certificate is issued by CA server B, and the pxGrid persona is running on a node other than ISE PPAN, the pxGrid session from Cisco DNA Center to Cisco ISE does not work.

Brownfield Feature-Related Limitations

Brownfield feature-related limitations include:

  • Cisco DNA Center cannot learn device credentials.

  • You must enter the preshared key (PSK) or shared secret for the AAA server as part of the import flow.

  • Details about DNS, WebAuth redirect URL, and syslog are not learned.

  • Cisco DNA Center can learn only one wireless controller at a time.

  • For site profile creation, only those AP groups with AP and SSID entries are considered.

  • Automatic site assignment is not possible.

  • SSIDs with an unsupported security type and radio policy are discarded.

  • For authentication and accounting servers, if the RADIUS server is present in the device, it is given first preference. If the RADIUS server is not present, the TACACS server is considered for design.

  • Cisco ISE server (AAA) configuration is not learned through brownfield provisioning.

  • The authentication and accounting servers must have the same IP addresses for them to be learned through brownfield provisioning.

  • When the same SSID is associated with different interfaces in different AP groups, during the provisioning, the newly created AP group with the SSID is associated with the same interface.

  • A wireless conflict is based on the SSID name only and does not consider other attributes.

Wireless Policy Limitation

Wireless policy limitation includes:

  • If the AP is migrated after the policy was created, you must manually edit the policy and point to an appropriate AP location before deploying the policy. Otherwise, an error message saying "Policy Deployment failed" is displayed.

Cisco Plug and Play Limitations

Plug and Play limitations and restrictions include:

  • Virtual Switching System (VSS) is not supported.

  • The Cisco Plug and Play Mobile app is not supported with Plug and Play in Cisco DNA Center.

  • The Stack License workflow task is supported for Cisco Catalyst 3650 and 3850 Series switches running IOS XE 16.7.1 and later.

  • The Plug and Play agent on the switch initiates on VLAN 1 by default. Most deployments recommend that VLAN 1 be disabled. If you do not want to use VLAN 1 when PnP starts, enter the following CLI command on the upstream device:

    pnp startup-vlan <vlan_number>

Related Documentation

The following publications are available for Cisco DNA Center.

For this type of information...

See this document...

Release information, including new features, system requirements, and open and resolved bugs.

Cisco DNA Center Release Notes

Installation and configuration of Cisco DNA Center, including post-installation tasks.

Cisco DNA Center Installation Guide

Use of the Cisco DNA Center GUI and its applications.

Cisco DNA Center User Guide

Configuration of user accounts, RBAC scope, security certificates, authentication and password policies, and global discovery settings.

Monitoring and managing Cisco DNA Center services.

Backup and restore.

Cisco DNA Center Administrator Guide

Supported devices, such as routers, switches, wireless access points, NFVIS platforms, and software releases.

Supported Devices

Use of the Cisco DNA Assurance GUI.

Cisco DNA Assurance User Guide

Licenses and notices for open source software used in Cisco DNA Assurance.

Open Source Used in Cisco DNA Assurance

Use of the Cisco DNA Center platform GUI and its applications.

Cisco DNA Center Platform User Guide

Cisco DNA Center platform release information, including new features, deployment, and open bugs.

Cisco DNA Center Platform Release Notes

Licenses and notices for open source software used in Cisco DNA Center platform.

Open Source Used in Cisco DNA Center Platform

Key features and scale numbers.

Cisco DNA Center Data Sheet