Release Notes for Cisco Digital Network Architecture Center, Release 1.2.2

This document describes the features, limitations, and bugs for Cisco DNA Center, Release 1.2.2.

Change History

The following table lists changes to this document since its initial release.

Table 1. Document Change History

Date

Change

Location

2019-07-19

Clarified that you can back up and restore Automation data only or both Automation and Assurance data. But you cannot use the GUI or the CLI to back up or restore only Assurance data.

Limitations and Restrictions

2018-06-22

Initial release.

What's New in Cisco DNA Center, Release 1.2.2

Cisco DNA Center, Release 1.2.2 resolves several pre-existing issues and is designed to enhance your product's performance and stability.

Table 2. Updated Packages and Versions in This Release

Update Type

Package Name

Version

System Updates

System

1.1.0.576

Package Updates

Application Policy

2.1.17.170014

Assurance - Base

1.2.2.626

Warning 

If you have installed Assurance release, 1.1.8.1205, first upgrade to Assurance release 1.1.8.1440, and then install the 1.2.2.626 Assurance - Base package.

Assurance - Sensor

1.2.2.622

Automation - Base

2.1.17.60044

Automation - Sensor

2.1.17.60044

Command Runner

2.1.17.60044

Device Onboarding

2.1.17.60044

Device Onboarding UI

2.1.17.60044

Cisco DNA Center UI

1.2.0.22

Image Management

2.1.17.60044

NCP - Base

2.1.17.60044

NCP - Services

2.1.17.60044

Network Controller Platform

2.1.16.60044

Network Data Platform - Base Analytics

1.1.0.519

Network Data Platform - Core

1.1.0.574

Network Data Platform - Manager

1.1.0.586

Path Trace

2.1.17.60044

SD Access

2.1.17.60044

Beta Features

The following features in this release are in beta or are being released as an engineering field trial (EFT):

  • High Availability

  • SD-Access Distributed Campus (SD-Access Transit)

  • SD-Access Extension for IoT

Installing Cisco DNA Center

You install Cisco DNA Center as a dedicated physical appliance purchased from Cisco with the Cisco DNA Center ISO image preinstalled. Refer to the Cisco DNA Center Installation Guide for information about installation and deployment procedures.


Note

The following applications are not installed on Cisco DNA Center by default. If you purchased any of these applications, you must manually download and install the packages separately.

  • Cisco Software-Defined Access (sd-access)

  • Assurance - Sensor

  • Automation - Sensor

  • Application Policy

  • Cisco Plug and Play (device-onboarding-ui)


For more information about downloading and installing a package, see the "Manage Applications" chapter in the Cisco DNA Center Administrator Guide.

Border Node Requirements on Cisco Nexus 7700 Series Switches

To configure a Cisco Nexus 7700 Series Switch as a border, ensure that the following actions are performed:

  • A valid MPLS_PKG license is installed on the switch.

  • The install feature-set fabric and install feature-set mpls commands are enabled in the Admin VDC or in the default VDC if Admin VDC is not present.


Note

Only Cisco Nexus 7700 Series Switch with M3 line card supports the border role.


Prerequisites for Upgrading to Cisco DNA Center, Release 1.2.2

Prior to upgrading, a banner will appear in the GUI notifying you of the ability to upgrade to Cisco DNA Center, Release 1.2.2. Follow the steps in this procedure to successfully upgrade Cisco DNA Center to this release version.


Note

You must perform the system updates first when you are migrating to this version. Do not attempt to either download or install package updates until all system updates have been installed. Failure to download and install system updates first can cause problems with package updates.


You cannot upgrade the packages individually. You must follow all the steps in this procedure.

Review the following list of prerequisites and perform the following procedures before upgrading your installed instance of Cisco DNA Center:

  • Only a user with SUPER-ADMIN-ROLE permissions may perform this procedure. For more information, see the Cisco Digital Network Architecture Center Administrator Guide.

  • You can upgrade to this Cisco DNA Center release from the following releases only:

    • Cisco DNA Center 1.2.1 (June 15, 2018)

    • Cisco DNA Center 1.2 (June 5, 2018)

    • Cisco DNA Center 1.1.7 release (June 9, 2018)

    • Cisco DNA Center 1.1.6 Release (May 18, 2018)

    • Cisco DNA Center 1.1.5 release (April 27, 2018)

    If your current Cisco DNA Center release version is not one of these versions, you must first upgrade to one of the above release versions before proceeding.


    Note

    As part of upgrading from Cisco DNA Center 1.1.5, 1.1.6, 1.1.7, 1.2, or 1.2.1 to Cisco DNA Center 1.2.2, you should only perform any activity on the cluster after both the System (platform) and App updates complete. Performing any activity on the cluster after the System update, but not the App updates complete will cause unexpected failures in the Cisco DNA Center cluster.


  • Create a backup of your Cisco DNA Center database. For information about backing up and restoring Cisco DNA Center, see the Cisco Digital Network Architecture Center Administrator Guide.

  • If you have a firewall, make sure you allow Cisco DNA Center to access the following location for all system and package downloads: https://www.ciscoconnectdna.com:443. To ensure that you have cloud connectivity to AWS, you can log onto the cluster and run the following CLI command: maglev catalog settings validate.

  • Have the user name and password for at least one cisco.com user account. You may be prompted, once, for this during package installations. This can be any valid cisco.com user account.

  • Allocate the appropriate time for the upgrade process. Upgrading from earlier system package releases to this Cisco DNA Center system package release may take approximately one hour to complete.

  • We strongly recommend that you do not use Cisco DNA Center or any of its applications or tools when it is in the process of being upgraded.

  • Before you upgrade, make sure that there are no packages with the status installing or downloading. The packages displayed should have a status of running.

    • For upgrades from Cisco DNA Center 1.1.5, 1.1.6, or 1.1.7, check the > System Settings > App Management > Packages & Updates page for package status.

    • For upgrades from Cisco DNA Center 1.2 or 1.2.1, check the > System Settings > Software Updates > Updates page for package status.

  • If the Cisco DNA Center download, update, or install procedures fail for any reason, always retry the procedure a second time using the GUI. If the procedure fails a second time, contact the Cisco TAC for support.

In a multihost cluster, you can trigger an upgrade of the whole cluster from the Cisco DNA Center GUI (the GUI represents the entire cluster and not just a single host). An upgrade triggered from the GUI automatically upgrades all the hosts in the cluster.


Note

If you upgrade a three-node Cisco DNA Center cluster from any version of 1.2.x, the application upgrade will fail its dependency checks. To upgrade a three-node (multihost) cluster, Service Distribution (or HA) must be enabled. Be aware that Service Distribution (or HA) for a three-node cluster is a beta feature and is not recommended for use in production deployments. You must contact the Cisco TAC for help with upgrading a three-node cluster.


Guidance for Existing Cisco DNA Center, Release 1.1.x Deployments

Users with current deployments of Cisco DNA Center, Release 1.1.x should follow the guidance below.

  • Non-SDA deployments: Users who have not deployed SDA can upgrade to Cisco DNA Center, Release 1.2.2 to avail themselves of the new features and improved operational capabilities at their convenience.

    • If you do not need Cisco DNA Center, Release 1.2.2 features immediately, you can remain on Release 1.1.7. The Cisco DNA Center 1.1.x releases will continue for a few cycles beyond Release 1.1.7 to support current production deployments, and you will be able to upgrade from all of these releases to Cisco DNA Center, Release 1.2.2. With the support for incremental package updates in Release 1.1.6 and later, the update process is now faster and more robust.

    • Users on releases earlier than 1.1.5 are recommended to update to Release 1.1.7 and then update to Release 1.2.2 as needed.

    • Users on Release 1.1.5 or 1.1.6 can update directly to Release 1.2.2 as needed or update to Release 1.1.7 or later (as they are available) and hold per the recommendation above.

  • SDA deployments: Users that have active SDA deployments on releases earlier than 1.1.5 are recommended to update to Cisco DNA Center, Release 1.1.7 or later (as they are available). Users on Release 1.1.5 or 1.1.6 should stay on that release.


Warning

All Release 1.1.x users with SDA deployments should hold off from updating to Release 1.2.x.


  • The addition of SDA for Distributed Campus can result in situations where an update to Cisco DNA Center, Release 1.2.2 may disrupt the current single-site SDA fabric operation. Therefore, updating to Release 1.2.2 is not recommended for current SDA deployments.

  • SDA for Distributed Campus functionality can be evaluated on a fresh SDA install separate from production deployments.

  • Users need to plan change management windows to support AAA configuration updates (aligned with IBNS 2.0).

Upgrading from Release 1.1.5, 1.1.6, or 1.1.7 to Release 1.2.2

Procedure


Step 1

From the Cisco DNA Center Home page, choose > System Settings > App Management.

A Cisco DNA Center 1.2 is Here! banner appears at the top of the App Management page with a Switch Now button.

The App Management page also displays the following side tabs:

  • Packages & Updates: Shows the packages currently installed and updates available for installation from the Cisco cloud.

  • System Updates: Shows the System updates currently installed and updates available for installation from the Cisco cloud.

Step 2

Click the Switch Now button.

Step 3

At the prompt, click OK to proceed with the upgrade.

Clicking OK changes the release train in the back end. The message "Connecting to... 1.2.2 cloud catalog" with a progress bar appears.

Wait for approximately 90 seconds for the progress bar to finish and the updated system version to display. Refresh the page if the new system version does not appear.

Step 4

Once the release train change finishes, review the System Updates page.

The following information is displayed:

  • Package: System package

  • Status: Running

  • Installed Version: Current system package installed

  • Available Update: System package available for installation

Step 5

Click Install in the Available Update column.

During the install process, the following Cisco DNA Center GUI changes are made:

  • App Management tab: Changes to the Software Updates tab

  • System Updates side panel: Changes to the Updates side panel

  • Packages & Updates side panel: Changes to the Installed Apps side panel.

Step 6

After the system installation is finished and is in Running state, refresh the page.

A new Updates page is displayed. The following information is displayed on this page:

  • Platform Update: Displays updated system version with statement that system is currently up-to-date. Additionally, a green check mark appears that also indicates a successful system upgrade.

  • Apps Updates: Displays groupings of applications with their current file size and version. At the top of the Apps Updates field is an Download All button.

Step 7

At the top of the Apps Updates field, click the Download All button.

After clicking this button, all the application upgrade packages are downloaded.

Note 

There are additional Download All buttons for different application groups (for example, Core, Automation, and Assurance). These buttons are dimmed out and disabled. You need to only click the Download All button at the top of the page.

Step 8

After all the application packages have been downloaded, click the Update All button at the top of the Apps Updates field.

After clicking this button, all the applications are subsequently updated.

Note 

There are additional Update All buttons for different application groups (for example, Core, Automation, and Assurance). These buttons are dimmed out and disabled. You need to only click the Update All button at the top of the page.

Step 9

Ensure that each application has been updated by reviewing its version in the Installed Apps page.

The application versions should be updated in this page.

Note 

There may be some new application packages that were not part of your previous Cisco DNA Center configuration, and for this reason have not been installed by this procedure (for example, the Test Support package listed on this page).


Upgrading from Release 1.2 or 1.2.1 to Release 1.2.2

Procedure


Step 1

From the Cisco DNA Center home page, choose > System Settings > Software Updates.

Step 2

If a system update appears on the Software Updates page, click Update.

Step 3

Download the applications by doing one of the following:

  • To download all applications at once, click Download All at the top of the Application Updates field.

  • To download a specific application group, click Download All next to that group.

  • To download a specific application, click Download next to that application.

Step 4

Update the applications by doing one of the following:

  • To update all applications at once, click Update All at the top of the Application Updates field.

  • To update a specific application group, click Update All next to that group.

  • To update a specific application, click Update next to that application.

Step 5

Ensure that each application has been updated by reviewing its version on the Installed Apps page.

The application versions should be updated on this page.

Note 

There may be some new application packages that were not part of your previous Cisco DNA Center configuration, and for this reason have not been installed by this procedure (for example, the Test Support package listed on this page).


Recover from Premature Package Downloads

Successful migration to this release requires that you install all system updates before downloading or installing package updates. Due to dependencies among the updates, failure to observe this rule can make it impossible to install both system updates and package updates. Problem indicators include messages that a system update has failed and package update downloads that never exit the "Downloading" state.

As an admin user with Maglev SSH access privileges, complete the following steps to recover and install the system update.

Procedure


Step 1

Using an SSH client, log in to the Cisco DNA Center appliance using the IP address of the out-of-band management network adapter, on port 2222. Use the maglev login command and log in with an admin username and password (which is the same login used for the admin user on the Cisco DNA Center GUI).

Step 2

At the command line, delete all prematurely downloaded package updates by entering the following command:

for pkg in $(maglev package status -o json | jq -r '.[] | select(.available!="-") | [ .name,.available | tostring ] | join (":")'); do maglev catalog package delete $pkg 2>/dev/null; done
Important 

You must enter the preceding command as one line.

Step 3

Trigger the downloaded system update from the Cisco DNA Center GUI.

Step 4

After the system update installs successfully, download and install the package updates.


CMX Support

Cisco DNA Center supports the following CMX versions:
  • CMX 10.4.1

  • CMX 10.5.0

Before adding a CMX instance to Cisco DNA Center Network Settings, you must complete the following steps:

Procedure


Step 1

SSH to CMX using cmxadmin account.

ssh -l cmxadmin (cmx-ip-address)
Step 2

Start the API server.

# cmxos apiserver start
Step 3

Create an API server user for Cisco DNA Center.

cmxos apiserver user add --user admin --password

Use the same password as the CMX web admin user password.


Network Plug and Play Considerations

Network Plug and Play Support

The Network Plug and Play application is not installed in Cisco DNA Center by default. You must download and install the package named Device Onboarding UI, and then you can find the application in the Tools section. For more information about installing a package, see the chapter "Manage Applications" in the Cisco Digital Network Architecture Center Administrator Guide.

General Feature Support

Network Plug and Play supports the following features, depending on the Cisco IOS software release on the device:

  • AAA device credential support: The AAA credentials are passed to the device securely and the password is not logged. This feature allows provisioning a device with a configuration that contains aaa authorization commands. This feature requires software release IOS 15.2(6)E1, IOS 15.6(3)M1, IOS XE 16.3.2, or IOS XE 16.4 or later on the device.

  • Image install and upgrade for Cisco Catalyst 9300 Series, Catalyst 9400 Series, Catalyst 9500 Series, Catalyst 3650 Series, and Catalyst 3850 Series switches is supported only when the switch is booted in Install mode. (Image install and upgrade is not supported for switches booted in Bundle mode.)

SUDI Support

The Secure Unique Device Identifier (SUDI) feature that allows secure device authentication is available on the following platforms:

  • Cisco routers:

    • Cisco ISR 1100 Series with software release 16.6.2

    • Cisco ISR 4000 Series with software release 3.16.1 or later, except for the ISR 4221, which requires release 16.4.1 or later

    • Cisco ASR 1000 Series (except for the ASR 1002-x) with software release 16.6.1

  • Cisco switches:

    • Cisco Catalyst 3850 Series with software releases 3.6.3E or 16.1.2E or later

    • Cisco Catalyst 3650 Series and 4500 Series with Supervisor 7-E/8-E, with software releases 3.6.3E, 3.7.3E, or 16.1.2E or later

    • Cisco Catalyst 4500 Series with Supervisor 8L-E with software releases 3.8.1E or later

    • Cisco Catalyst 4500 Series with Supervisor 9-E with software release 3.10.0E or later

    • Cisco Catalyst 9300 Series with software release 16.6.1 or later

    • Cisco Catalyst 9400 Series with software release 16.6.1 or later

    • Cisco Catalyst 9500 Series with software release 16.6.1 or later

  • NFVIS platforms:

    • Cisco ENCS 5400 Series with software release 3.7.1 or later

    • Cisco ENCS 5104 with software release 3.7.1 or later


Note

Devices that support SUDI have two serial numbers: the chassis serial number and the SUDI serial number (called the License SN on the device label). You must enter the SUDI serial number in the Serial Number field when adding a device that uses SUDI authentication. The following device models have a SUDI serial number that is different from the chassis serial number:

  • Cisco routers: ISR 43xx, ISR 44xx, ASR1001-X/HX, ASR1002-HX

  • Cisco switches: Catalyst 4500 Series with Supervisor 8-E/8L-E/9-E, Catalyst 9400 Series


Management Interface VRF Support

Plug and Play operates over the device management interface on the following platforms:

  • Cisco routers:

    • Cisco ASR 1000 Series with software release 16.3.2 or later

    • Cisco ISR 4000 Series with software release 16.3.2 or later

  • Cisco switches:

    • Catalyst 3650 Series and 3850 Series with software release 16.6.1 or later

    • Cisco Catalyst 9300 Series with software release 16.6.1 or later

    • Cisco Catalyst 9400 Series with software release 16.6.1 or later

    • Cisco Catalyst 9500 Series with software release 16.6.1 or later

4G Interface Support

Plug and Play operates over a 4G network interface module on the following Cisco routers:

  • Cisco 1100 Series ISR with software release 16.6.2 or later

Configuring Server Identity

To ensure successful Cisco DNA Center discovery by Cisco devices running newer IOS releases, the server SSL certificate offered by Cisco DNA Center during the SSL handshake must contain an appropriate Subject Alternate Name (SAN) value, so that the Cisco Plug and Play IOS Agent can verify the server identity. This may require the administrator to upload a new server SSL certificate, which has the appropriate SAN values, to Cisco DNA Center.

This requirement applies to devices running the following Cisco IOS releases:

  • Cisco IOS Release 15.2(6)E2 and later

  • Cisco IOS Release 15.6(3)M4 and later

  • Cisco IOS Release 15.7(3)M2 and later

  • Cisco IOS XE Denali 16.3.6 and later

  • Cisco IOS XE Everest 16.5.3 and later

  • Cisco IOS Everest 16.6.3 and later

  • All Cisco IOS releases from 16.7.1 and later

The value of the SAN field in the Cisco DNA Center certificate must be set according to the type of discovery being used by devices, as follows:

  • For DHCP option-43/option-17 discovery using an explicit IPv4 or IPv6 address, set the SAN field to the specific IPv4/IPv6 address of Cisco DNA Center.

  • For DHCP option-43/option-17 discovery using a hostname, set the SAN field to the Cisco DNA Center hostname.

  • For DNS discovery, set the SAN field to the plug and play hostname, in the format pnpserver.domain.

  • For Cisco Plug and Play Connect cloud portal discovery, set the SAN field to the Cisco DNA Center IP address, if the IP address is used in the Plug and Play Connect profile. If the profile uses the Cisco DNA Center hostname, then the SAN field must be set to the fully qualified domain name (FQDN) of the controller.

If the Cisco DNA Center IP address that is used in the Plug and Play profile is a public IP address that is assigned by a NAT router, then this public IP address must be included in the SAN field of the server certificate.

If an HTTP proxy server is used between the devices and Cisco DNA Center, ensure that the proxy certificate has the same SAN fields with the appropriate IP address or hostname.

We recommend that you include multiple SAN values in the certificate, in case discovery methods vary. For example, you can include both the Cisco DNA Center FQDN and IP address (or NAT IP address) in the SAN field. If you do include both, set the FQDN as the first SAN value, followed by the IP address.

If the SAN field in the Cisco DNA Center certificate does not contain the appropriate value, the device cannot successfully complete the plug and play process.


Note

The Cisco Plug and Play IOS Agent checks only the certificate SAN field for the server identity. It does not check the common name (CN) field.


Important Notes

Update Telemetry Profiles to Use a New Cluster Virtual IP Address

If you are using the Cisco DNA Center Telemetry tool to monitor device data, and you need to change the Cisco DNA Center cluster virtual IP address (VIP), complete the following steps to change the VIP and to ensure that node telemetry data is sent to the new VIP.

Before you begin

You need the following:

  • Determine whether the version of Cisco DNA Center you are using is in the 1.1.x or 1.2.x release train. You can check this by logging in to the Cisco DNA Center web interface, choosing > About, and checking the Cisco DNA Center version number. For example, if the version you are using begins with "1.1," it is in the 1.1.x release train.

  • SSH client software.

  • The IP address that was configured for the 10 GB interface facing the enterprise network on the Cisco DNA Center primary node. To identify this port, see the rear-panel figure in "Front and Rear Panels" in the Cisco DNA Center Installation Guide. You log in to the appliance at this address, on port 2222.

  • The Linux username (maglev) and password configured on the primary node.

  • The cluster VIP that you want to assign. The cluster VIP must conform to the requirements explained in "Required IP Addresses and Subnets" in the Cisco DNA Center Installation Guide.

Procedure


Step 1

Access the Cisco DNA Center GUI and use the Telemetry tool to push the Disabled profile to all nodes, as follows:

  1. From the Cisco DNA Center home page, click Telemetry in Tools.

  2. Click the Site View tab.

  3. In the Site View table in this tab, choose all the sites and devices currently being monitored.

  4. Click the Actions button and choose the Disable Telemetry profile from the drop-down list.

  5. Wait for the Site View table to show that telemetry has been disabled for the selected sites and devices.

Step 2

Use the appliance Configuration wizard to change the cluster VIP, as follows:

  1. Using an SSH client, log in to the OOB management port of the Cisco DNA Center primary node. Be sure to log in on port 2222.

  2. When prompted, enter the Linux username and password.

  3. Enter the following command to access the Configuration wizard on the primary node:

    
    $ sudo maglev-config update
    
    

    If prompted for the Linux password, enter it again.

  4. Click [Next] until the screen prompting you for the cluster virtual IP appears. Enter the new cluster VIP, then click [Next] to proceed through the remaining screens of the Configuration wizard.

  5. When you reach the final screen, a message appears stating that the Configuration wizard is ready to apply your changes. Click [proceed] to apply the cluster VIP change.

    At the end of the configuration process, a CONFIGURATION SUCCEEDED! message appears and the SSH prompt reappears.

Step 3

Restart the necessary Cisco DNA Center services by entering the following series of commands at the SSH prompt. Use the commands for the release train appropriate for your Cisco DNA Center version.

For versions of Cisco DNA Center in the 1.1.x release train (versions 1.1.1 and later, up to but not including 1.2.0), enter the following series of commands:
magctl service restart -d netflow-go
magctl service restart -d syslog
magctl service restart -d trap
magctl service restart -d wirelesscollector
For Cisco DNA Center in the 1.2.x release train (versions 1.2.0 and later), enter the following series of commands:
magctl service restart -d collector-netflow
magctl service restart -d collector-syslog
magctl service restart -d collector-trap
magctl service restart -d wirelesscollector
Step 4

Wait for all services to restart. You can monitor the progress of the restarts by entering the following command, substituting service names as needed for the release train appropriate for your Cisco DNA Center version. For example, if you are using a version of Cisco DNA Center in the 1.2.x release train, enter the following command:

magctl appstack status | grep -i -e collector-netflow -e collector-syslog -e collector-trap -e wirelesscollector

When all necessary services are running, you see command output similar to the following, with a "Running" status for each service that has restarted successfully:

assurance-backend   wirelesscollector-111222333-bc99s   1/1       Running   0    25d       10.60.3.55     172.19.53.99
ndp                          collector-netflow-444555666-lxvlx   1/1       Running   0     1d       172.19.53.99   172.19.53.99
ndp                          collector-syslog-777888999-r0rr1    1/1       Running   0    25d       172.19.53.99   172.19.53.99
ndp                          collector-trap-000111222-3ppllm     1/1       Running   0    25d       172.19.53.99   172.19.53.99
 
Step 5

Access the Cisco DNA Center GUI and use the Telemetry tool to push the Optimal Visibility profile to all nodes, as you did in Step 1.


Bugs

Open Bugs

The following table lists the open bugs for Cisco DNA Center for this release.

Table 3. Open Bugs

Bug Identifier

Headline

CSCvj71299

Assurance does not show the health score with scale of 25,000 wireless clients.

CSCvj73874

Assurance data not getting plotted for devices after UI and NDP CLI restore.

CSCvj34839

In Appx 360 page, time series health plot on the chart is not visible.

CSCvj37133

Cisco DNA Center - NFV provisioning attempt with 50 devices at a time, API call fails with timeout.

CSCvj43086

The graph still have legacy edges from client to radio vertex.

CSCvj43440

After the upgrade of the Assurance package, the Wireless/Wired Clients are recognized differently. Therefore, if we query for a count with a time range which encompasses the Upgrade time stamp, then the same clients are represented/counted twice.

CSCvj65826

Wireless client username is showing up as Unknown in Client 360 page.

CSCvh79591

Error running df command while configuring backup server.

CSCvj15985

There is a need to reboot Cisco vEDGE/ISRv router if any updates are made on the VNIC.

CSCvj73671

Sensor statistics don't show cumulative data in 1800S device and also refresh token.

CSCvj88063

Assurance healthy client has missing data every hour.

CSCvi92534

Learning config for a WLC having multiple WLANs with same name causes implications on App Policy .

CSCvh04794

When we use Flex SSID for application policy deployment, application policy is not deployed on to the device as Flex SSID is not supported.

CSCvh98080

If the SSID used in a policy is switched to Fabric and reprovision device, status becomes 0/0 devices.

CSCvh98064

Provisioning new device to same site used in a policy gives no notification for policy redeployment.

CSCvi57785

Restoring a policy having the same name as one existing on the device empties the policy config.

CSCvj25268

Application Policy needs to support C7009 (Nexus 7009) platform.

CSCvj68170

After Node Remove and Re-add NDP, Fusion and Maglev services struck in ImagePullBackOff/CrashLo.

CSCvj62003

Node scale refresh failed.

CSCvj52275

Multiple services in ImagePullBackOff after shutting down seed node.

CSCvj46134

On a 3 node cluster, cassandra instance gets into CrashLoopBackOff on a node that was removed from the cluster and re-added back with the same IP.

CSCvj67936

Cisco DNA Center - Package update stuck in 'pending_upgrade' status.

CSCvj71825

Accessing the services using kubernetes service IPs fail.

CSCvh93087

CISCO_SWITCH_EVENT macro does not auto trigger for the listed device types.

CSCvi98298

After AP join, WLC inventory sync goes to partial collection failure.

CSCvj41920

Non-fabric router provision, the provision status is not being updated.

CSCvj59814

Disable IPv6 during installation, if not enabled in Maglev installation wizard.

CSCvj62108

PxGrid session fails to setup when ISE-2.4 deployment has 3 or more PxGrid nodes.

CSCvj69748

All docker containers except one stopped after two days on the primary node of a three-node cluster.

CSCvj70278

Discovery of devices in a three-node cluster collects data via the primary node IP.

CSCvj73255

Assurance UI fails to load due to "errorCode": "MAINTENANCE_SYSTEM_UPDATE_IN_PROGRES.

CSCvi69657

License count is incorrect in the dashboard for Smart License-enabled devices.

CSCvi94467

Dual ENCS - vEDGE + ISRv + vWAAS with Single WAN prov failing for a device.

CSCvj15139

Device in Partial Collection Failure (Unknown Error) after provision and resync.

CSCvj15985

Need to reboot vEDGE/ISRv router if any update on the VNIC.

CSCvj21371

Template: provision WLC with incorrect config, Cisco DNA Center reports config success.

CSCvj27343

Cisco DNA Center - vEdge + ISRv single WAN topology with GE0-1 as WAN link fails.

CSCvj33390

Cisco DNA Center - ISRv + vEdge + vWAAS single WAN topology with GE0-1 as WAN link fails.

CSCvj34448

Edit existing network profile not work after upgrade from 1.1.5 to 1.2, new profiles creation work.

CSCvj34839

In health chart, plot on the chart is not visible in some conditions.

CSCvj41220

Repeated audit log entries for netflow collector update on day-N.

CSCvj41522

Cisco DNA Center - PNP CSV With 25 APs fails.

CSCvj43440

Wrong Client count for a brief period after upgrading Assurance to Cisco DNA Center 1.2.

CSCvj44491

Mobility express controller upgrade fails with SFTP error.

CSCvj47529

Cisco DNA Center sensor exact time scheduling not working.

CSCvj50108

Incorrect AP target list in Cisco DNA Center view.

CSCvj61608

Cisco DNA Center AP Provisioning Fails during PnP CSV claim of 25 AP.

CSCvj68716

SWIM Readiness Check wasn't completed and keep rechecking for more than 10 minutes.

CSCvj73919

When 'Download All' is in progress, some packages are not displayed in the UI.

CSCvj78049

Wired 1800S is not able to successfully onboard after upgrade from 1.1.x to 1.2.0.

CSCvj77547

After upgrade from 115 --> 116 --> Cisco DNA Center 1.2, the cassandra docker image on one of the three cluster nodes was not rebuilt.

CSCvj71825

Accessing the services using kubernetes service IPs fail.

CSCvk11547

AAA Provisioning failing for ISRv/Physical router due to wrong time out value in Cisco DNA Center 1.2.2 server.

CSCvk25606

No global issues seen for sensor failures.

CSCvk25614

Sensor dashboard shows wrong percentage of failure for DHCP tests.

CSCvk29451

Not all SNMP traps are getting pushed for switches; only link up/down traps are pushed. For traps to work for Assurance issues, corresponding traps for fan/power supply/cpu/memory need to be pushed.

CSCvk31042

When editing custom profiles in the Telemetry application, any previous settings do not appear.

CSCvk31039

When editing the default profiles in the Telemetry application, the Save button does not appear.

Resolved Bugs

The following table lists the resolved bugs for Cisco DNA Center for this release.

Table 4. Resolved Bugs

Bug Identifier

Headline

CSCvj33750

Delete separate "Sensor Provisioning" button and merge it with single "Action" drop down box menu.

CSCvj48744

WLC provisioning for Assurance is done only during add device.

CSCvj78520

Site selection in sensor dashboard not working.

CSCvj79203

Band preference issue pop-up throwing DataTables warning.

CSCvk01843

Sites on sensor dashboard display "no data" intermittently.

CSCvj98136

Sensor test result timing does not sync with overall page update.

CSCvj80465

Pre-provisioning check fails for conflicting configuration found on device.

CSCvi92141

Cisco DNA Center - Hostonboarding segment push doesn't throw error message even upon failure.

CSCvj87983

Prov-ASAv: Provision failed with appended device name longer than 32 characters.

CSCvj68001

Cisco DNA Center - Inventory page sorting based on "uptime" freezes the page.

CSCvj74395

Mounting glusterfs volume to the host fails after system update from Cisco DNA Center 1.1.6 to 1.1.7.

CSCvj95035

AP group fails to show all global PSK SSID along with site specific override PSK SSID.

CSCvj73469

Assurance page cannot load if you click "system setting > data platform"

CSCvj56489

Golden image tagging audit logs displaying -1 for site names and device role value is empty.

CSCvi05701

ISRv getting deployed with the wrong image instead of the one marked golden in repository.

CSCvj68486

Additional site based WLANs created in disabled state after migration WLC reprovisioning failed.

CSCvj73354

Network Health summary shows incorrect device count for first 15 minutes after devices are discovered.

CSCvj77011

Cisco DNA Center - Client count mismatch between Donut and Client table due to rounding error in query.

CSCvj91831

After node scale refresh failed, several pods got stuck in Crash loop.

CSCvj95012

Custom RF profile with 6 Mbps configured fails provision to controller if 802.11g network disabled .

CSCvk06382

Dual WAN provision fails.

CSCvj27343

Cisco vEdge and Cisco ISRv single WAN topology with GE0-1 as WAN link fails.

CSCvj33390

Cisco ISRv and vEdge and vWAAS single WAN topology with GE0-1 as WAN link fails.

CSCvj34448

Unable to edit the existing network profile after an upgrade from Cisco DNA Center 1.1.5 to 1.2.

Using the Bug Search Tool

Use the Bug Search tool to search for a specific bug or to search for all bugs in this release.

Procedure


Step 1

Point your browser to http://tools.cisco.com/bugsearch.

Step 2

At the Log In screen, enter your registered cisco.com username and password; then, click Log In. The Bug Search page opens.

If you do not have a cisco.com username and password, you can register for them at http://tools.cisco.com/RPF/register/register.do.

Step 3

To search for a specific bug, enter the bug ID in the Search For field and press Return.

Step 4

To search for bugs in the current release:

  1. In the Search For field, enter Cisco DNA Center and press Return. (Leave the other fields empty.)

  2. When the search results are displayed, use the filter tools to find the types of bugs you are looking for. You can search for bugs by modified date, status, severity, and so forth.

    To export the results to a spreadsheet, click the Export Results to Excel link.

Limitations and Restrictions

Backup and Restore Limitations

Backup and restore limitations and restrictions include:

  • You cannot take a backup from one version of Cisco DNA Center and restore it to another version of Cisco DNA Center. You can only restore a backup to an appliance that is running the same Cisco DNA Center software version, applications, and application versions as the appliance and applications from which the backup was taken. To view the current applications and versions on Cisco DNA Center, click > System Settings > App Management.

  • After performing a restore operation, update your integration of Cisco ISE with Cisco DNA Center. After a restore operation, Cisco ISE and Cisco DNA Center might not be in sync. To update your Cisco ISE integration with Cisco DNA Center, access Settings in the GUI, then open the Authentication and Policy Servers window and choose Edit for the server. Enter your Cisco ISE password to update.

  • After performing a restore operation, the configuration of devices in the network might not be in sync with the restored database. For this reason, you might need to manually revert the CLI commands pushed for authentication, authorization, and accounting (AAA) and configuration on the network devices. Refer to the individual network device documentation for information about the CLI commands to enter.

  • Re-enter the device credentials in the restored database. If you updated the site-level credentials before the database restore and the backup being restored does not have the credential change information, all devices go to partial-collection after restore. You then need to manually update the device credentials on the devices for synchronization with Cisco DNA Center or perform a rediscovery of those devices to learn the device credentials.

  • Perform AAA provisioning only after adjusting network device differential changes to the restored database. Otherwise, device lockouts might occur.

  • You can back up and restore Automation data only or both Automation and Assurance data. But you cannot use the GUI or the CLI to back up or restore only Assurance data.

HA Limitation

In this release, Cisco DNA Center only provides HA support for Automation functionality. HA for Assurance is not supported at this time.

Cisco ISE Integration Limitations

Cisco ISE integration limitations and restrictions include:

  • ECDSA keys are not supported as either SSH keys for Cisco ISE SSH access, nor in certificates in Cisco DNA Center and Cisco ISE.

  • Full certificate chains must be uploaded to Cisco DNA Center while replacing the existing certificate. If the Cisco DNA Center certificate is issued by a subCA of a rootCA, the certificate chain uploaded to Cisco DNA Center while replacing the Cisco DNA Center certificate must contain all three certificates.

  • Self-signed certificates applied on Cisco DNA Center must have the Basic Constraints extension with cA:TRUE (RFC5280 section-4.2.19).

  • The IP address or FQDN of both Cisco ISE and Cisco DNA Center must be present in either the Subject Name field or the Subject Alt Name field of the corresponding certificates.

  • If the certificate is replaced or renewed in either Cisco ISE or Cisco DNA Center, trust must be re-established.

  • Cisco DNA Center andCisco ISE IP/FQDN must be present in the proxy exceptions list if there is a web proxy between Cisco DNA Center and Cisco ISE.

  • Cisco DNA Center and Cisco ISE nodes cannot be behind a NAT device.

  • Cisco DNA Center does not detect pxGrid persona changes after trust establishment.

  • Cisco DNA Center and Cisco ISE cannot integrate if the ISE Admin and ISE pxGrid certificates are issued by different enterprise certificate authorities.

    Specifically, if the ISE Admin certificate is issued by CA server A, the ISE pxGrid certificate is issued by CA server B, and the pxGrid persona is running on a node other than ISE PPAN, the pxGrid session from Cisco DNA Center to Cisco ISE does not work.

Brownfield Feature-Related Limitations

Brownfield feature-related limitations include:

  • Cisco DNA Center cannot learn device credentials.

  • You must enter the preshared key (PSK) or shared secret for the AAA server as part of the import flow.

  • Details about DNS, WebAuth redirect URL, and syslog are not learned.

  • Cisco DNA Center can learn only one wireless controller at a time.

  • For site profile creation, only those AP groups with AP and SSID entries are considered.

  • Automatic site assignment is not possible.

  • SSIDs with an unsupported security type and radio policy are discarded.

  • For authentication and accounting servers, if the RADIUS server is present in the device, it is given first preference. If the RADIUS server is not present, the TACACS server is considered for design.

  • Cisco ISE server (AAA) configuration is not learned through brownfield provisioning.

  • The authentication and accounting servers must have the same IP addresses for them to be learned through brownfield provisioning.

  • When the same SSID is associated with different interfaces in different AP groups, during the provisioning, the newly created AP group with the SSID is associated with the same interface.

  • A wireless conflict is based on the SSID name only and does not consider other attributes.

Wireless Policy Limitation

Wireless policy limitation includes:

  • If the AP is migrated after the policy was created, you must manually edit the policy and point to an appropriate AP location before deploying the policy. Otherwise, an error message saying "Policy Deployment failed" is displayed.

Cisco Plug and Play Limitations

Plug and Play limitations and restrictions include:

  • Virtual Switching System (VSS) is not supported.

  • The Cisco Plug and Play Mobile app is not supported with Plug and Play in Cisco DNA Center.

  • The Stack License workflow task is supported for Cisco Catalyst 3650 and 3850 Series switches running IOS XE 16.7.1 and later.

  • The Plug and Play agent on the switch initiates on VLAN 1 by default. Most deployments recommend that VLAN 1 be disabled. If you do not want to use VLAN 1 when PnP starts, enter the following CLI command on the upstream device:

    pnp startup-vlan <vlan_number>

Related Documentation

The following publications are available for Cisco DNA Center.

For this type of information...

See this document...

Release information, including new features, system requirements, and open and resolved bugs.

Cisco DNA Center Release Notes

Installation and configuration of Cisco DNA Center, including post-installation tasks.

Cisco DNA Center Installation Guide

Use of the Cisco DNA Center GUI and its applications.

Cisco DNA Center User Guide

Configuration of user accounts, RBAC scope, security certificates, authentication and password policies, and global discovery settings.

Monitoring and managing Cisco DNA Center services.

Backup and restore.

Cisco DNA Center Administrator Guide

Supported devices, such as routers, switches, wireless access points, NFVIS platforms, and software releases.

Supported Devices

Use of the Cisco DNA Assurance GUI.

Cisco DNA Assurance User Guide

Licenses and notices for open source software used in Cisco DNA Assurance.

Open Source Used in Cisco DNA Assurance

Use of the Cisco DNA Center platform GUI and its applications.

Cisco DNA Center Platform User Guide

Cisco DNA Center platform release information, including new features, deployment, and open bugs.

Cisco DNA Center Platform Release Notes

Licenses and notices for open source software used in Cisco DNA Center platform.

Open Source Used in Cisco DNA Center Platform

Key features and scale numbers.

Cisco DNA Center Data Sheet