Release Notes for Cisco Digital Network Architecture Center, Release 1.2.8

We are pleased to announce the availability of Cisco DNA Center, Release 1.2.8 to further accelerate the intent-based networking journey for our customers. The new release marks general availability of 3-node HA support, plus quality improvements in the areas of installation and upgrade, platform stability, and bug fixes.

Cisco DNA Center 1.2.8 is the recommended release for all new customers who are just starting on the intent-based networking journey with Cisco DNA Center. Existing customers should review the guidance in the following section.

Change History

The following table lists changes to this document since its initial release.

Table 1. Document Change History

Date

Change

Location

2019-08-09

Cisco Catalyst 9500 high-performance switches (including C9500-32C, C9500-32QC, C9500-24Y4C, C9500-48Y4C) are not supported as seed devices and PnP agents for LAN automation.

Limitations and Restrictions

2019-07-19

Clarified that you can back up and restore Automation data only or both Automation and Assurance data. But you cannot use the GUI or the CLI to back up or restore only Assurance data.

Limitations and Restrictions

2018-12-19

Initial release.

Guidance for New and Existing Cisco DNA Center Deployments

  • New customers: Go directly to 1.2.8 via the cloud update.

  • Existing Assurance/non-fabric deployments: Upgrade to 1.2.8 if you want to use the new features and enhancements in this release.

  • Existing Software-Defined Access production deployments: Upgrade to 1.2.8 only if you need the new device support for the Cisco Catalyst 9200 or 9200L; otherwise, remain on 1.2.6.

Upgrade paths:

  • Existing customer deployments on 1.1.7, 1.1.8, or 1.2 – 1.2.4: Upgrade first to 1.2.6.

  • Existing customer deployments on 1.2.5: Upgrade first to 1.2.6. After the update is applied, you will see a "Cisco DNA Center 1.2.8 is Here!" banner and can upgrade to 1.2.8.

  • Existing customer deployments on 1.2.6: You must apply a system update before you can upgrade to 1.2.8. The system update version is 1.1.0.659.1 and is available in the production catalog. After the update is applied, you will see a 1.2.8 banner and can upgrade to 1.2.8.

Compatible Browsers

The Cisco DNA Center web interface is compatible with the following HTTPS-enabled browsers:

  • Google Chrome: version 62.0 or later

  • Mozilla Firefox: version 54.0 or later

We recommend that the client systems you use to log in to Cisco DNA Center be equipped with 64-bit operating systems and browsers.

What's New in Cisco DNA Center, Release 1.2.8

Cisco DNA Center, Release 1.2.8 resolves several pre-existing issues and is designed to enhance your product's performance and stability.

Table 2. Updated Packages and Versions in This Release

Update Type

Package Name

Version

System Updates

System

1.1.0.715

Package Updates

Application Policy

2.1.26.170075

Assurance - Base

1.2.8.239

NCP - Services

2.1.26.60283

Automation - Base

2.1.26.60283

Command Runner

2.1.26.60283

Device Onboarding

2.1.26.60283

Cisco DNA Center Platform

1.0.6.50

Automation - Intelligent Capture

2.1.26.60283

Image Management

2.1.26.60283

NCP - Base

2.1.26.60283

Network Data Platform - Base Analytics

1.1.8.619

Network Data Platform - Core

1.1.8.847

Network Data Platform - Manager

1.1.8.678

Network Controller Platform

2.1.26.60283

Path Trace

2.1.26.60283

Cisco DNA Center UI

1.2.8.123

Cisco SD-Access

2.1.26.60283

Assurance - Sensor

1.2.8.237

Automation - Sensor

2.1.26.60283

3-Node HA Support (General Availability)

  • Automation and Cisco SD-Access (without Assurance)

  • HA failover optimization: 50% reduction in failover time

Support for Cisco Nexus 9500 Series Switches

Cisco DNA Center supports the following functionalities on Cisco Nexus 9504, Cisco Nexus 9508, and Cisco Nexus 9516 switches:

  • Discovery

  • Inventory

  • Topology

  • Template Programmer

  • Software image management

  • Basic monitoring

Cisco Plug and Play

Cisco DNA Center 1.2.8 includes the following Plug and Play enhancements and changes:

  • Plug and Play functionality has moved to Provision > Devices > Plug and Play, which replaces the Unclaimed tab. There is no longer a separate Network Plug and Play application. If you are upgrading from 1.2.x, and Network Plug and Play was previously installed, you will still see a Network Plug and Play application tile on the home screen but it links to the Plug and Play tab under Provision.

  • The Plug and Play workflows in prior 1.2.x releases are available only through APIs in this release. The workflow tasks (image, configuration, stack renumbering, and stack license) are available as options in the Plug and Play device claiming process.

  • The ability to import an image from a local PC or file path during Plug and Play device claiming is available only through APIs. Now you can import and map a golden image for a device during site design and assign it to the device during the Plug and Play device claiming process.

  • The ability to import a configuration file from a local PC or file path during Plug and Play device claiming is available only through APIs. Now you can define an Onboarding Configuration template in the site profile and assign it to the device during the Plug and Play device claiming process.

  • The previous Network Plug and Play application settings for Smart Accounts and the End-User License Agreement (EULA) are now available in the Cisco DNA Center system settings under System Settings > Settings > Cisco Credentials > PnP Connect and System Settings > Settings > Device EULA Acceptance.

Application Policy

Cisco DNA Center 1.2.8 includes the following Application Policy enhancements:

  • Policy for Wired Devices: When you upgrade to Cisco DNA Center 1.2.8, policies for wired devices are marked as stale due to the new NBAR2 support. Cisco DNA Center displays a message similar to the following to let you know that you have policies that are affected by this change:

    Cisco QoS Design was improved for the Catalyst Switches.
    These improvements include an improved queuing policy for the Catalyst 3850, 3650, and 9000 families, and adding support for NBAR on applicable Catalyst 9000 devices.

    You must redeploy these policies to update the devices with the new NBAR2-supported policies.

  • Favorite Applications: When creating or editing policies, applications marked as favorites are listed at the top of the application sets.

  • Updated NBAR2 Support: Cisco DNA Center has updated its Cisco Next Generation Network-Based Application Recognition (NBAR2) support. Cisco DNA Center can now deploy policies based on NBAR2—instead of ACLs—to Cisco Catalyst 9300, 9400, and 9500 Series Switches (except Cisco Catalyst 9500H Series Switches) when the following requirements are met:

    • The switch is running Cisco IOS XE 16.10 or later.

    • The switch is in the Access role.

    • The switch has the Cisco DNA Advantage license installed.

    • Cisco Encrypted Traffic Analytics (ETA) is not configured on the switch.

    When you deploy a policy, Cisco DNA Center checks that these requirements are met and takes the following action:

    • If the switch meets all of the requirements, Cisco DNA Center deploys the policy based on NBAR2.

    • If the switch does not have the Cisco DNA Advantage license installed or has ETA configured on the switch, Cisco DNA Center displays a warning and proceeds to deploy the policy to the switch based on ACLs, not Cisco NBAR2.

    You can run policy precheck or policy preview before attempting to deploy policies. That way, Cisco DNA Center can analyze the switch configuration and indicate whether it meets the requirements, and you can make any required changes.

Create a Regular Template

You can use the default Day-0 configuration or create a custom CLI template and attach that as the Day-0 configuration for Day-N templates. By default, the Onboarding Configuration project is available for Day 0. You can create your own custom projects. Templates created in custom projects are categorized as Day-N templates.

Create Network Profiles

You can choose a template from Onboarding Template or Day-N Templates for custom configuration from the list of available templates. The templates are filtered by device type and tag name.

Assign a Software Image to a Device Family

For PnP devices, you can import a software image and assign it to a device family even before the device is available. You can also mark the image as a golden image. When the device is made available in the inventory, the image assigned to the device family will be automatically assigned to the newly added devices of that device family.

Device EULA Acceptance

You must accept the EULA before downloading software or provisioning a configuration. If you have not configured cisco.com credentials already, you are prompted to configure them in the Device EULA Acceptance page.

Upload the KGV File

You can view the current KGV file information to verify and import the latest KGV file, if required.

Schedule Data Backups

You can schedule a backup for any day of the week and view the progress in the status bar. You can view the scheduled backup jobs in the Schedule tab. After the backup starts, you can view the backup status in the Activity tab.

Recover Failed Hosts in a Cluster

If a node that belongs to a three-node cluster fails, it usually takes 30 minutes for the cluster to recover: 5 minutes to detect that the node is down and 25 minutes to move services to another node.

Cisco DNA Center Wireless

Cisco DNA Center 1.2.8 includes the following wireless enhancements:

  • You can visualize the AP license count and license level for both entitlement and consumption levels at the Cisco Wireless Controller level for the following controllers:

    • Cisco Catalyst 9800-40 Wireless Controller

    • Cisco Catalyst 9800-80 Wireless Controller

  • Provisioning Log Enhancements: On the Provision > Device Inventory page, click See Details in the Provision Status column to get more information about the network intent or to view a list of actions. Expand Configuration Summary to view the operation details, feature name, and the management capabilities. The configuration summary displays any error that occurred while provisioning the device with reasons for the failure. Expand Provision Summary to view details of the exact configuration that is sent to the device.

  • Site Selector Component Enhancements

    • During Cisco Wireless Controller provisioning, while associating a wireless controller to a site, you can either select a parent site or the individual sites. If you select a parent site, all children under the parent site are also selected.

    • You can select multiple AP locations that are managed by the wireless controller during the wireless controller provisioning. Inheritance of managed AP locations allows you to automatically choose a site along with the buildings and floors under that particular site.

    • During the SSID creation, you can either select a parent site or the individual sites to associate the network profile.

Cisco SD-Access

The following table lists the new software features in Cisco SD-Access 1.2.8.

Table 3. New Software Features in Cisco SD-Access 1.2.8

Feature

Description

Platforms and Images Supported

Support for Layer 2 Border Handoff on Cisco Catalyst 6000 Series Switches

Starting Cisco SD-Access 1.2.8, Cisco Catalyst 6000 Series Switches support Layer 2 border handoff functionality.

This functionality enables host communication between a VxLAN-based fabric and a traditional VLAN switch port or trunk port that is connected to an enterprise network.

This functionality enables the following:

  • Migration of traditional (brownfield) networks to Cisco SD-Access fabric.

  • No downtime during migration because the same subnets remain extended across the fabric and external network.

Note 

For Layer 2 border handoff, the default gateway must be on the border for the Layer 2 gateway.

The handoff exists on:

  • a Sup6T supervisor

  • a chassis with a Sup2T supervisor and the handoff exists on a Cisco Catalyst 6800 Series line card or a WS-X6900 Series line card

For a supported image, contact the Cisco Technical Assistance Center.

LAN Automation Enhancements

  • Performance improvement in Stop LAN Automation time by resynchronizing only the interface-related features.

  • Ability to select different sites for primary and peer devices.

  • The LAN Automation Status tab displays detailed device status: Queued, Unclaimed, Provisioned, PnP Error, Completed, and Deleted.

Fabric Readiness and Compliance Checks

Fabric readiness checks are done automatically to ensure that the device is ready to be provisioned. After provisioning a device, fabric compliance checks are done to ensure that the device is ready to operate according to the user intent that is configured during provisioning.

Network Profile for Switching

Ability to create a network profile for switching. The profile can be used to provision the device.

API Support for Adding or Deleting a Border device

Cisco DNA Center business APIs (BAPIs) are now available to automatically add or delete a border node in the fabric. The following are the prerequisites for using this API:

  • The fabric is ready to be deployed.

  • VN definitions are set up in Cisco DNA Center.

  • IP pools are set up in Cisco DNA Center.

  • All devices are provisioned in Cisco DNA Center.

For more information on the APIs, see https://developer.cisco.com/docs/dna-center/.

Cisco SD-Access High Availability (3-node HA with SDA)

Cisco SD-Access now supports a 3-node cluster of Cisco DNA Center to handle complete failover scenarios and achieve high availability.

The following table lists the new hardware introduced in Cisco SD-Access 1.2.8.

Table 4. New Hardware in Cisco SD-Access 1.2.8

Device Role

Product Family

SKU Number

Description

Fabric Edge

Cisco Catalyst 9000 Series

C9200L-24T-4G

C9200L-24P-4G

C9200L-48T-4G

C9200L-48P-4G

C9200L-24T-4X

C9200L-24P-4X

C9200L-48T-4X

C9200L-48P-4X

C9200-24T

C9200-48T

C9200-48P

Catalyst 9200 Series Switches

Cisco DNA Assurance

The following table lists the new software features in Cisco DNA Assurance 1.2.8.

Table 5. GUI Enhancements and Features in Cisco DNA Assurance 1.2.8

GUI Enhancements

Features

Client Health Enhancements

The SSID and Band drop-down lists are now available under Filter.

Sensor Enhancements

In the Wireless Sensor window, the test results are presented in 1-hour time intervals. You can get an aggregated result or detailed results.

Client Data Sets and Reports

The Top 10 Locations by Client Count is renamed to Top N Summary and contains the following charts:

  • Top 10 locations by client count

  • Top 10 locations by poor client health

IWAN Application

The IWAN application is no longer supported on Cisco DNA Center.

Beta Features

The following features in this release are in beta or are being released as an engineering field trial (EFT):

  • SD-Access Extension for IoT

  • Intelligent Capture support

  • Skype for Business Application Experience

  • Cisco Catalyst 9800 Wireless Controller for Cloud

  • Cisco Catalyst 9800 Embedded Wireless Controller on Cisco Catalyst 9300 Series Switches

  • Fabric in a Box with Wireless on Cisco Catalyst 9300 Series Switches

IP Address and FQDN Firewall Requirements

To determine the IP addresses and fully qualified domain names (FQDNs) that must be made accessible to Cisco DNA Center through any existing network firewall, see "Required Internet URLs and FQDNs" in the Cisco Digital Network Architecture Center Installation Guide.

Border Node Requirements on Cisco Nexus 7700 Series Switches

To configure a Cisco Nexus 7700 Series Switch as a border, ensure that the following actions are performed:

  • A valid MPLS_PKG license is installed on the switch.

  • The install feature-set fabric and install feature-set mpls commands are enabled in the Admin VDC or in the default VDC if Admin VDC is not present.


Note

Only Cisco Nexus 7700 Series Switch with M3 line card supports the border role.


Installing Cisco DNA Center

You install Cisco DNA Center as a dedicated physical appliance purchased from Cisco with the Cisco DNA Center ISO image preinstalled. Refer to the Cisco Digital Network Architecture Center Installation Guide for information about installation and deployment procedures.


Note

The following applications are not installed on Cisco DNA Center by default. If you need any of these applications, you must manually download and install the packages separately.

  • SD-Access

  • Assurance - Sensor

  • Automation - Sensor

  • Application Policy

  • Cisco DNA Center platform

  • Intelligent Capture


For more information about downloading and installing a package, see the "Manage Applications" chapter in the Cisco Digital Network Architecture Center Administrator Guide.

Prerequisites for Upgrading to Cisco DNA Center, Release 1.2.8

You can perform the package updates only after completing the system updates. Do not attempt to either download or install package updates until all system updates have been installed. Failure to download and install system updates first can cause problems with package updates.


Note

You cannot upgrade the packages individually. You must follow all the steps in this procedure.

Before you upgrade, make sure the cluster link interface is connected to a switch port and is in the up state.


Review the following list of prerequisites and perform the following procedures before upgrading your installed instance of Cisco DNA Center:

  • Only a user with SUPER-ADMIN-ROLE permissions can perform this procedure. For more information, see the Cisco Digital Network Architecture Center Administrator Guide.

  • You can directly upgrade to Cisco DNA Center 1.2.8 from the following release only:

    • Cisco DNA Center 1.2.6 (November 1, 2018)


    Note

    When you upgrade from 1.2.6, the > System Settings > Software Updates page shows a system update for 1.2.6.1. Accept the update for 1.2.6.1. After the upgrade to 1.2.6.1 is complete, a Cisco DNA Center 1.2.8 is Here! banner appears at the top of the Software Updates page with a Switch Now button.


    To upgrade from Cisco DNA Center 1.2.5 to Cisco DNA Center 1.2.8, see Upgrading from Release 1.2.5 to Release 1.2.8.

    To upgrade from Cisco DNA Center 1.1.7, 1.1.8, 1.2, 1.2.1, 1.2.2, 1.2.3, or 1.2.4 to Cisco DNA Center 1.2.8, follow these steps:

    1. Upgrade to Cisco DNA Center 1.2.6. See Release Notes for Cisco Digital Network Architecture Center, Release 1.2.6.

    2. Upgrade from Cisco DNA Center 1.2.6 to Cisco DNA Center 1.2.8. See Upgrading from Release 1.2.6 to Release 1.2.8.

    To upgrade from Cisco DNA Center releases earlier than 1.1.7 to Cisco DNA Center 1.2.8, follow these steps:

    1. Upgrade to Cisco DNA Center 1.1.8. See Release Notes for Cisco Digital Network Architecture Center, Release 1.1.8.

    2. Upgrade from Cisco DNA Center 1.1.8 to Cisco DNA Center 1.2.6. See Release Notes for Cisco Digital Network Architecture Center, Release 1.2.6.

    3. Upgrade from Cisco DNA Center 1.2.6 to Cisco DNA Center 1.2.8. See Upgrading from Release 1.2.6 to Release 1.2.8.


    Important

    You must contact the Cisco TAC for help with upgrading from Cisco DNA Center 1.1.x to Cisco DNA Center 1.2.8.

    Note

    Do not perform any activities on the cluster until after both the system (platform) and application updates are complete. After the system update is installed, the GUI displays "complete." Before you choose Download All, you must ensure all services are up and running, which might take 10 to 15 minutes after the system upgrade has completed. Before choosing the Download All option, SSH to the Cisco DNA Center cluster IP with the Linux username (maglev) and the password that was configured for the maglev user. Then, enter the following command and make sure no results are returned:

    magctl appstack status | grep 0/

    If results are returned, it means services are disrupted and the system is working to restore services. If services are not restored within 20 minutes, contact the Cisco TAC.


  • Create a backup of your Cisco DNA Center database. For information about backing up and restoring Cisco DNA Center, see the Cisco Digital Network Architecture Center Administrator Guide.

  • If you have a firewall, make sure you allow Cisco DNA Center to access the following location for all system and package downloads: https://www.ciscoconnectdna.com:443. To ensure that you have cloud connectivity to AWS, log in to the cluster and run the following CLI command: maglev catalog settings validate. For more information, see the Cisco Digital Network Architecture Center Installation Guide.

  • Have the username and password for at least one cisco.com user account. You might be prompted, once, for the account credentials during package installations. This can be any valid cisco.com user account.

  • Allocate the appropriate time for the upgrade process. Upgrading from Cisco DNA Center 1.2.x can take approximately 6 hours to complete. If you are upgrading from Cisco DNA Center 1.1.x, you can expect the upgrade to take considerably longer.

  • We strongly recommend that you do not use Cisco DNA Center or any of its applications or tools when it is in the process of being upgraded.

  • Before you upgrade, make sure that there are no packages with the status installing or downloading. The packages displayed should have a status of running.

    • For upgrades from Cisco DNA Center 1.1.7 or 1.1.8, check the > System Settings > App Management > Packages & Updates page for the package status.

    • For upgrades from Cisco DNA Center 1.2, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, or 1.2.6, check the > System Settings > Software Updates > Updates page for the package status.

  • If the Cisco DNA Center download, update, or install procedures fail for any reason, always retry the procedure a second time using the GUI. If the procedure fails a second time, contact Cisco TAC for support.

In a multihost cluster, you can trigger an upgrade of the entire cluster from the Cisco DNA Center GUI (the GUI represents the entire cluster and not just a single host). An upgrade triggered from the GUI automatically upgrades all hosts in the cluster.


Note

If you upgrade a three-node Cisco DNA Center cluster from any version of 1.2.x, the application upgrade will fail its dependency checks. To upgrade a three-node (multihost) cluster, Service Distribution (or HA) must be enabled.


Upgrading from Release 1.1.7 or 1.1.8 to Release 1.2.8

Before you begin

You cannot upgrade directly from Cisco DNA Center 1.1.7 or 1.1.8 to 1.2.8. You must first upgrade to Cisco DNA Center 1.2.6 and then upgrade from 1.2.6 to 1.2.8.

Procedure


Step 1

From the Cisco DNA Center home page, choose > System Settings > App Management.

A Cisco DNA Center 1.2.6 is Here! banner appears at the top of the App Management page with a Switch Now button.

The App Management page also displays the following side tabs:

  • Packages & Updates: Shows the packages currently installed and updates available for installation from the Cisco cloud.

  • System Updates: Shows the System updates currently installed and updates available for installation from the Cisco cloud.

Step 2

Click Switch Now in the banner.

Step 3

At the prompt, click OK to proceed with the upgrade.

Clicking OK changes the release train in the back end. The message "Connecting to... 1.2.6 cloud catalog" with a progress bar appears.

Wait for approximately 90 seconds for the progress bar to finish and the updated system version to display. Refresh the page if the new system version does not appear.

Step 4

After the release train change finishes, review the System Updates page.

The following information is displayed:

  • Package: System package

  • Status: Running

  • Installed Version: Current system package installed

  • Available Update: System package available for installation

Step 5

Click Install in the Available Update column.

During the install process, the following Cisco DNA Center GUI changes are made:

  • App Management tab: Changes to the Software Updates tab

  • System Updates side panel: Changes to the Updates side panel

  • Packages & Updates side panel: Changes to the Installed Apps side panel

Step 6

After the system installation is finished and is in Running state, refresh the page.

A new Updates page displays the following information:

  • Platform Update: Displays the updated system version with a statement that the system is currently up to date. Additionally, a green check mark indicates a successful system upgrade.

  • Apps Updates: Displays groupings of applications with their current file size and version.

Note 
After performing system updates, clear the browser cache and log in to Cisco DNA Center 1.2.6 again.
Step 7

At the top of the Apps Updates field, click the Download All button.

After clicking this button, all the application upgrade packages are downloaded.

Note 

There are additional Download All buttons for different application groups (for example, Automation, and Assurance). These buttons are dimmed and disabled. You need to only click the Download All button at the top of the page.

Step 8

After all of the application packages have been downloaded, click the Update All button at the top of the Apps Updates field.

After clicking this button, all of the applications are subsequently updated.

Note 

There are additional Update All buttons for different application groups (for example, Automation, and Assurance). These buttons are dimmed and disabled. You need to only click the Update All button at the top of the page.

Step 9

Ensure that each application has been updated by reviewing its version in the Installed Apps page.

The application versions should be updated in this page.

Note 

There may be some new application packages that were not part of your previous Cisco DNA Center configuration, and for this reason have not been installed by this procedure (for example, the Test Support package listed on this page).

Step 10

Upgrade to Cisco DNA Center 1.2.8. See Upgrading from Release 1.2.6 to Release 1.2.8.


Upgrading from Release 1.2.5 to Release 1.2.8

Procedure


Step 1

From the Cisco DNA Center home page, choose > System Settings > Software Updates.

You will see a system update for 1.2.6; accept the update, download the 1.2.6 packages, and upgrade to 1.2.6.

After the upgrade to 1.2.6 is complete, a Cisco DNA Center 1.2.8 is Here! banner appears at the top of the Software Updates page with a Switch Now button.

Step 2

Click Switch Now in the banner.

Step 3

At the prompt, click OK to proceed with the upgrade.

Step 4

If a system update appears on the Software Updates page, click Update.

Step 5

Download the applications by doing one of the following:

  • To download all applications at once, click Download All at the top of the Application Updates field.

  • To download a specific application group, click Download All next to that group.

  • To download a specific application, click Download next to that application.

Step 6

Update the applications by doing one of the following:

  • To update all applications at once, click Update All at the top of the Application Updates field.

  • To update a specific application group, click Update All next to that group.

  • To update a specific application, click Update next to that application.

Step 7

Ensure that each application has been updated by reviewing its version in the Installed Apps page.

The application versions should be updated on this page.

Note 

There may be some new application packages that were not part of your previous Cisco DNA Center configuration, and for this reason have not been installed by this procedure (for example, the Test Support package listed on this page).


Upgrading from Release 1.2.6 to Release 1.2.8

Procedure


Step 1

Do one of the following:

  • If you installed Cisco DNA Center 1.2.6 as a fresh installation, you must apply a system update patch (1.1.0.659.1) before you can upgrade to 1.2.8. From the Cisco DNA Center home page, choose > System Settings > Software Updates.

    After you apply the system update patch, a Cisco DNA Center 1.2.8 is Here! banner appears at the top of the page with a Switch Now button. Click Switch Now and OK.

  • If you upgraded to 1.2.6 (system update 1.1.0.659.1) from a previous Cisco DNA Center release, you see a Cisco DNA Center 1.2.8 is Here! banner. Click Switch Now and OK.

Step 2

On the Software Updates page, click Update.

Step 3

Download the applications by doing one of the following:

  • To download all applications at once, click Download All at the top of the Application Updates field.

  • To download a specific application group, click Download All next to that group.

Step 4

Update the applications by doing one of the following:

  • To update all applications at once, click Update All at the top of the Application Updates field.

  • To update a specific application group, click Update All next to that group.

Step 5

Ensure that each application has been updated by reviewing its version in the Installed Apps page.


Recovering from Premature Package Downloads

Successful migration to this release requires that you install all system updates before downloading or installing application package updates. Due to dependencies among the updates, failure to observe this rule can make it impossible to install both system updates and package updates. Problem indicators include messages that a system update has failed and package update downloads that never exit the "Downloading" state.

As an admin user with Maglev SSH access privileges, complete the following steps to recover and install the system update.

Procedure


Step 1

Using an SSH client, log in to the Cisco DNA Center appliance using the IP address of the out-of-band management network adapter, on port 2222. Use the maglev login command and log in with an admin username and password (which is the same login used for the admin user on the Cisco DNA Center UI).

Step 2

At the command line, delete all prematurely downloaded package updates by entering the following command:

for pkg in $(maglev package status -o json | jq -r '.[] | select(.available!="-") | [ .name,.available | tostring ] | join (":")'); do maglev catalog package delete $pkg 2>/dev/null; done
Step 3

Trigger the downloaded system update from the Cisco DNA Center UI.

Step 4

After the system update installs successfully, download and install the package updates.


Cisco DNA Center Platform Support

For information about Cisco DNA Center platform, including information about new features, installation, upgrade, and open and resolved bugs, see the separate Cisco DNA Center Platform Release Notes.

CMX Support

Cisco DNA Center supports the following CMX versions:

  • CMX 10.4.1

  • CMX 10.5.0

Plug and Play Considerations

Plug and Play Support

General Feature Support

Plug and Play supports the following features, depending on the Cisco IOS software release on the device:

  • AAA device credential support: The AAA credentials are passed to the device securely and the password is not logged. This feature allows provisioning a device with a configuration that contains aaa authorization commands. This feature requires software release Cisco IOS 15.2(6)E1, Cisco IOS 15.6(3)M1, Cisco IOS XE 16.3.2, or Cisco IOS XE 16.4 or later on the device.

  • Image install and upgrade for Cisco Catalyst 9200 Series, Catalyst 9300 Series, Catalyst 9400 Series, Catalyst 9500 Series, Catalyst 3650 Series, and Catalyst 3850 Series switches are supported only when the switch is booted in install mode. (Image install and upgrade is not supported for switches booted in bundle mode.)

Secure Unique Device Identifier Support

The Secure Unique Device Identifier (SUDI) feature that allows secure device authentication is available on the following platforms:

  • Cisco routers:

    • Cisco ISR 1100 Series with software release 16.6.2

    • Cisco ISR 4000 Series with software release 3.16.1 or later, except for the ISR 4221, which requires release 16.4.1 or later

    • Cisco ASR 1000 Series (except for the ASR 1002-x) with software release 16.6.1

  • Cisco switches:

    • Cisco Catalyst 3850 Series with software release 3.6.3E or 16.1.2E or later

    • Cisco Catalyst 3650 Series and 4500 Series with Supervisor 7-E/8-E, with software release 3.6.3E, 3.7.3E, or 16.1.2E or later

    • Cisco Catalyst 4500 Series with Supervisor 8L-E with software release 3.8.1E or later

    • Cisco Catalyst 4500 Series with Supervisor 9-E with software release 3.10.0E or later

    • Cisco Catalyst 9300 Series with software release 16.6.1 or later

    • Cisco Catalyst 9400 Series with software release 16.6.1 or later

    • Cisco Catalyst 9500 Series with software release 16.6.1 or later

  • NFVIS platforms:

    • Cisco ENCS 5400 Series with software release 3.7.1 or later

    • Cisco ENCS 5104 with software release 3.7.1 or later


Note

Devices that support SUDI have two serial numbers: the chassis serial number and the SUDI serial number (called the License SN on the device label). You must enter the SUDI serial number in the Serial Number field when adding a device that uses SUDI authentication. The following device models have a SUDI serial number that is different from the chassis serial number:

  • Cisco routers: Cisco ISR 43xx, Cisco ISR 44xx, Cisco ASR1001-X/HX, Cisco ASR1002-HX

  • Cisco switches: Cisco Catalyst 4500 Series with Supervisor 8-E/8L-E/9-E, Catalyst 9400 Series


Management Interface VRF Support

Plug and Play operates over the device management interface on the following platforms:

  • Cisco routers:

    • Cisco ASR 1000 Series with software release 16.3.2 or later

    • Cisco ISR 4000 Series with software release 16.3.2 or later

  • Cisco switches:

    • Cisco Catalyst 3650 Series and 3850 Series with software release 16.6.1 or later

    • Cisco Catalyst 9300 Series with software release 16.6.1 or later

    • Cisco Catalyst 9400 Series with software release 16.6.1 or later

    • Cisco Catalyst 9500 Series with software release 16.6.1 or later

4G Interface Support

Plug and Play operates over a 4G network interface module on the following Cisco routers:

  • Cisco 1100 Series ISR with software release 16.6.2 or later

Configuring Server Identity

To ensure successful Cisco DNA Center discovery by Cisco devices running newer IOS releases, the server SSL certificate offered by Cisco DNA Center during the SSL handshake must contain an appropriate Subject Alternate Name (SAN) value, so that the Cisco Plug and Play IOS Agent can verify the server identity. This may require the administrator to upload a new server SSL certificate, which has the appropriate SAN values, to Cisco DNA Center.

This requirement applies to devices running the following Cisco IOS releases:

  • Cisco IOS Release 15.2(6)E2 and later

  • Cisco IOS Release 15.6(3)M4 and later

  • Cisco IOS Release 15.7(3)M2 and later

  • Cisco IOS XE Denali 16.3.6 and later

  • Cisco IOS XE Everest 16.5.3 and later

  • Cisco IOS Everest 16.6.3 and later

  • All Cisco IOS releases from 16.7.1 and later

The value of the SAN field in the Cisco DNA Center certificate must be set according to the type of discovery being used by devices, as follows:

  • For DHCP option-43/option-17 discovery using an explicit IPv4 or IPv6 address, set the SAN field to the specific IPv4/IPv6 address of Cisco DNA Center.

  • For DHCP option-43/option-17 discovery using a hostname, set the SAN field to the Cisco DNA Center hostname.

  • For DNS discovery, set the SAN field to the plug and play hostname, in the format pnpserver.domain.

  • For Cisco Plug and Play Connect cloud portal discovery, set the SAN field to the Cisco DNA Center IP address, if the IP address is used in the Plug and Play Connect profile. If the profile uses the Cisco DNA Center hostname, then the SAN field must be set to the fully qualified domain name (FQDN) of the controller.

If the Cisco DNA Center IP address that is used in the Plug and Play profile is a public IP address that is assigned by a NAT router, then this public IP address must be included in the SAN field of the server certificate.

If an HTTP proxy server is used between the devices and Cisco DNA Center, ensure that the proxy certificate has the same SAN fields with the appropriate IP address or hostname.

We recommend that you include multiple SAN values in the certificate, in case discovery methods vary. For example, you can include both the Cisco DNA Center FQDN and IP address (or NAT IP address) in the SAN field. If you do include both, set the FQDN as the first SAN value, followed by the IP address.

If the SAN field in the Cisco DNA Center certificate does not contain the appropriate value, the device cannot successfully complete the plug and play process.


Note

The Cisco Plug and Play IOS Agent checks only the certificate SAN field for the server identity. It does not check the common name (CN) field.


Important Notes

Update Telemetry Profiles to Use a New Cluster Virtual IP Address

If you are using the Cisco DNA Center Telemetry tool to monitor device data, and you need to change the Cisco DNA Center cluster virtual IP address (VIP), complete the following steps to change the VIP and to ensure that node telemetry data is sent to the new VIP.

Before you begin

You need the following:

  • Determine whether the version of Cisco DNA Center you are using is in the 1.1.x or 1.2.x release train. You can check this by logging in to the Cisco DNA Center web interface and using the About option to view the Cisco DNA Center version number. For example, if the version you are using begins with "1.1," it is in the 1.1.x release train.

  • SSH client software.

  • The VIP address that was configured for the 10 GB interface facing the enterprise network on the Cisco DNA Center master node. You log in to the appliance at this address, on port 2222. To identify this port, see the rear-panel figure in the "Front and Rear Panels" section in the Cisco Digital Network Architecture Center Installation Guide.

  • The Linux username (maglev) and password configured on the master node.

  • The cluster VIP that you want to assign. The cluster VIP must conform to the requirements explained in the "Required IP Addresses and Subnets" section in the Cisco Digital Network Architecture Center Installation Guide.

Procedure


Step 1

Access the Cisco DNA Center GUI and use the Cisco DNA Center Telemetry tool to push the Disabled profile to all nodes, as follows:

  1. From the Cisco DNA Center home page, click Telemetry in Tools.

  2. Click the Site View tab.

  3. In the Site View table, choose all the sites and devices currently being monitored.

  4. Click the Actions button and choose the Disable Telemetry profile from the drop-down list.

  5. Wait for the Site View table to show that telemetry has been disabled for the selected sites and devices.

Step 2

Use the appliance Configuration wizard to change the cluster VIP, as follows:

  1. Using an SSH client, log in to the VIP address that was configured for the 10 GB interface facing the enterprise network on the Cisco DNA Center master node. Be sure to log in on port 2222.

  2. When prompted, enter the Linux username and password.

  3. Enter the following command to access the Configuration wizard on the master node:

    
    $ sudo maglev-config update
    
    

    If prompted for the Linux password, enter it again.

  4. Click [Next] until the screen prompting you for the cluster virtual IP appears. Enter the new cluster VIP, then click [Next] to proceed through the remaining screens of the wizard.

    From Cisco DNA Center 1.2.5, you must configure one virtual IP per configured interface. We recommend that you enter the sudo maglev-config update command so that the wizard prompts you to provide one VIP per configured interface.

  5. When you reach the final screen, a message appears stating that the wizard is ready to apply your changes. Click [proceed] to apply the cluster VIP change.

    At the end of the configuration process, a success message appears and the SSH prompt reappears.

Step 3

Restart the necessary Cisco DNA Center services by entering the following series of commands at the SSH prompt. Use the commands for the release train appropriate for your Cisco DNA Center version.

For versions of Cisco DNA Center in the 1.1.x release train (versions 1.1.1 and later, up to but not including 1.2.0), enter the following series of commands:
magctl service restart -d netflow-go
magctl service restart -d syslog
magctl service restart -d trap
magctl service restart -d wirelesscollector
For Cisco DNA Center in the 1.2.x release train (versions 1.2.0 and later), enter the following series of commands:
magctl service restart -d collector-netflow
magctl service restart -d collector-syslog
magctl service restart -d collector-trap
magctl service restart -d wirelesscollector
Step 4

Wait for all services to restart. You can monitor the progress of the restarts by entering the following command, substituting service names as needed for the release train appropriate for your Cisco DNA Center version. For example, if you are using a version of Cisco DNA Center in the 1.2.x release train, enter the following command:

magctl appstack status | grep -i -e collector-netflow -e collector-syslog -e collector-trap -e wirelesscollector

When all necessary services are running, you see command output similar to the following, with a "Running" status for each service that has restarted successfully:

assurance-backend  wirelesscollector-123-bc99s  1/1   Running   0   25d   <IP>   <IP>
ndp                        collector-netflow-456-lxvlx   1/1   Running   0   1d   <IP>   <IP>
ndp                        collector-syslog-789-r0rr1    1/1   Running   0   25d   <IP>   <IP>
ndp                        collector-trap-101112-3ppllm  1/1   Running   0   25d   <IP>   <IP>
 
Step 5

Access the Cisco DNA Center GUI and use the Cisco DNA Center Telemetry tool to push the Optimal Visibility profile to all nodes, as you did in Step 1.


Bugs

Open Bugs—HA

The following table lists the open HA bugs for Cisco DNA Center for this release.

Table 6. Open Bugs—HA

Bug Identifier

Headline

CSCvm33809

Three-node HA: The device remains in onboarding state even after the image upgrade succeeds.

CSCvn24661

Cannot pair wireless controller HA if one of the wireless controllers is already part of a fabric.

CSCvn32215

In a three-node setup, if you bring down the node while LAN automation is in progress, the LAN automation status shows as complete, yet without success.

This problem occurs if you perform a network-orchestration service restart or a full node restart while LAN automation is in progress.

The network orchestration service doesn't resume the ongoing LAN automation session. It marks LAN automation as complete and releases all IP addresses allocated from IPAM. Users are expected to perform a configuration cleanup on the seed and write-erase/reload discovered devices and start a new LAN automation session.

CSCvn38463

The UI and API are unresponsive for 5 minutes when one of the nodes goes down in a three-node cluster.

CSCvn41837

In an HA cluster, during a system update, the rabbitmq service might get in an inconsistent database state due to multiple restarts, which can lead to some message queues not getting mirrored to all nodes. As a result, the system package upgrade remains in PENDING_UPGRADE state indefinitely.

CSCvn50293

In an HA configuration, if you bring down one of the non-seed nodes while a backup is in progress, the backup operation might hang. You can, however, manually cancel the backup.

CSCvn50929

In a three-node HA cluster, power cycling one or more cluster hosts might result in a postgres crash. Some other services that depend on the postgres service might also crash.

This problem occurs if one or more cluster nodes are power cycled without a graceful shutdown.

CSCvn59736

In a three-node setup, the PnP Connect Profiles > IP field shows the node IP address instead of the cluster VIP.

CSCvn64113

External clients (such as Cisco ISE, network devices, and so on) can no longer communicate with Cisco DNA Center.

This behavior occurs when you change one or more of the virtual IP addresses used by your Cisco DNA Center deployment.

CSCvn67667

In a three-node HA setup, ASAv devices aren't configured with all three node host IP addresses for SNMP management.

Open Bugs—Non HA

The following table lists the open non-HA bugs for Cisco DNA Center for this release.

Table 7. Open Bugs—Non HA

Bug Identifier

Headline

CSCvj41522

Plug and Play CSV with 25 APs fails.

CSCvj75410

The Elasticsearch data store moves to an available node and the old entries and mappings are removed. When this happens, no data is shown on the Assurance pages.

CSCvm40832

Cannot enable Layer 2 handoff if the border has SDA transit connected.

CSCvm65634

Cannot access the Cisco DNA Center UI due to an error: "backendRequest failed."

CSCvn01937

Occasionally, you cannot delete NFV devices.

CSCvn13878

In the Assurance Network Devices table, the same device name appears twice in the Trend View.

CSCvn32554

Wireless controller goes into unmonitored state after a restore from the backup.

CSCvn33431

Plug and Play: Error while updating a smart account profile (both IP address and profile name).

CSCvn36192

The Cassandra container remains in CrashLoopBackOff state.

CSCvn42568

After vNICs are deleted from vNFS, interfaces and configurations aren't deleted.

CSCvn46294

The Assurance Sensor-Driven Test interface allows a single sensor to be used in multiple test suites, of which each test suite can have one or more tests. Each suite has a defined recurring interval at which the tests within the suite are scheduled to run. If a sensor is overloaded by the number of tests within a single suite or is used across multiple suites containing multiple tests, a scenario occurs where the sensor cannot complete the suite tests within the defined recurring interval. When this occurs, gaps are seen in the 24-hour test results.

CSCvn47919

An unclear error message is shown when you can't edit a sensor name.

CSCvn49721

The WAN interface doesn't appear during provisioning.

CSCvn51853

AP PnP CSV file imported in Cisco DNA Center 1.2.6: some data is lost after migrating to 1.2.8.

CSCvn54047

Can't delete the device from the fabric because Cisco ISE is allowed to be deselected from network settings.

CSCvn54563

Images loaded through Plug and Play show in newly added sites and in all sites.

CSCvn58261

PnP: The sensor goes to provisioned state before it is fully provisioned.

CSCvn62085

Assurance is not enabled for the Mobility Express controller when claimed via Plug and Play.

CSCvn66350

Cisco DNA Center Provision: Various devices display "Failed" under the credential status column.

CSCvn69457

Cisco Aironet 1800S: Upgrading a sensor image returns errors for sensors. The Software Image Management application says the upgrade failed when it actually succeeded.

CSCvn71189

Edit border attributes of fabric-in-a-box with extended node does not work.

CSCvn71745

If several switch members go down or are reloaded, the Assurance page reports only the last switch member that goes down. Assurance should report a separate issue for different stack members that go down.

CSCvn73587

CCO metadata fails due to a connection/network reachability issue and the image repository becomes blank.

CSCvn75941

Host physical link failures must be detected and service traffic must be rerouted.

Resolved Bugs

The following table lists the resolved bugs for Cisco DNA Center for this release.

Table 8. Resolved Bugs

Bug Identifier

Headline

CSCvj15985

There is a need to reboot the Cisco vEDGE/ISRv router if any updates are made on the VNIC.

CSCvk20971

The maglev-config update command does not update DNS records.

CSCvk33113

Editing the global PSK SSID does not change the override PSK SSID after reprovisioning the wireless controller.

CSCvk73751

Issues with the Find option in the APIs page under the Developer Toolkit.

CSCvm09710

An invalid character in the configuration on plug-and-play fails with a timeout.

CSCvm46121

With L2 border handoff, the Catalyst 6500/Catalyst 6800 15.5(1)SY2 image does not encode DHCP option 82 in the DHCP discover packet.

CSCvm47215

Mobility Express shows as null on the provisioning page after a successful Mobility Express plug-and-play claim.

CSCvm53612

Cisco Wireless Controller provision and add to fabric succeeds, but the wireless controller shows the fabric as disabled.

CSCvm59095

Recent tasks in image repository and device update status occasionally show no data.

CSCvm60582

SWIM: The Mobility Express upgrade succeeds but is reported as failed.

CSCvm64770

Cisco DNA Assurance 1.2.6 doesn't display wired endpoint information with client health filters.

CSCvm96687

Guest anchor selection from UI should be disabled when the SSID profile is fabric.

CSCvn02130

Device interface config validation fails: Server port assignment may not specify address or voice.

CSCvn06074

Network Controller Platform package upgrade fails from 1.1.8 to 1.2.6.

CSCvn10238

After upgrading, the Cisco Aironet 1800S inventory has the device but does not show the MAC address, and the configuration is not pushed. The workaround is to delete the device from inventory and claim it again.

Using the Bug Search Tool

Use the Bug Search tool to search for a specific bug or to search for all bugs in this release.

Procedure


Step 1

Point your browser to http://tools.cisco.com/bugsearch.

Step 2

At the Log In screen, enter your registered cisco.com username and password; then, click Log In. The Bug Search page opens.

If you do not have a cisco.com username and password, you can register for them at http://tools.cisco.com/RPF/register/register.do.

Step 3

To search for a specific bug, enter the bug ID in the Search For field and press Return.

Step 4

To search for bugs in the current release:

  1. In the Search For field, enter Cisco DNA Center and press Return. (Leave the other fields empty.)

  2. When the search results are displayed, use the filter tools to find the types of bugs you are looking for. You can search for bugs by modified date, status, severity, and so forth.

    To export the results to a spreadsheet, click the Export Results to Excel link.

Limitations and Restrictions

Backup and Restore Limitations

Backup and restore limitations and restrictions include:

  • You cannot take a backup of one version of Cisco DNA Center and restore it to another version of Cisco DNA Center. You can only restore a backup to an appliance that is running the same Cisco DNA Center software version, applications, and application versions as the appliance and applications from which the backup was taken.

  • After performing a restore operation, update your integration of Cisco ISE with Cisco DNA Center. After a restore operation, Cisco ISE and Cisco DNA Center might not be in sync. To update your Cisco ISE integration with Cisco DNA Center, choose System Settings > Settings > Authentication and Policy Servers. Choose Edit for the server. Enter your Cisco ISE password to update.

  • After performing a restore operation, the configuration of devices in the network might not be in sync with the restored database. In such a scenario, you should manually revert the CLI commands pushed for authentication, authorization, and accounting (AAA) and configuration on the network devices. Refer to the individual network device documentation for information about the CLI commands to enter.

  • Re-enter the device credentials in the restored database. If you updated the site-level credentials before the database restore, and the backup that is being restored does not have the credential change information, all the devices go to partial-collection after restore. You must then manually update the device credentials on the devices for synchronization with Cisco DNA Center, or perform a rediscovery of those devices to learn the device credentials.

  • Perform AAA provisioning only after adjusting network device differential changes to the restored database. Otherwise, device lockouts might occur.

  • You can back up and restore Automation data only or both Automation and Assurance data. But you cannot use the GUI or the CLI to back up or restore only Assurance data.

HA Limitation

In this release, Cisco DNA Center provides HA support only for Automation and Cisco SD-Access. HA for Assurance is not supported.

Cisco ISE Integration Limitations

Cisco ISE integration limitations and restrictions include:

  • ECDSA keys are not supported as either SSH keys for Cisco ISE SSH access, or in certificates in Cisco DNA Center and Cisco ISE.

  • Full certificate chains must be uploaded to Cisco DNA Center while replacing an existing certificate. If a Cisco DNA Center certificate is issued by a subordinate CA of a root CA, the certificate chain uploaded to Cisco DNA Center while replacing the Cisco DNA Center certificate must contain all three certificates.

  • Self-signed certificates applied to Cisco DNA Center must have the Basic Constraints extension with cA:TRUE (RFC5280 section-4.2.19).

  • The IP address or FQDN of both Cisco ISE and Cisco DNA Center must be present in either the Subject Name field or the Subject Alt Name field of the corresponding certificates.

  • If a certificate is replaced or renewed in either Cisco ISE or Cisco DNA Center, trust must be re-established.

  • The Cisco DNA Center and Cisco ISE IP or FQDN must be present in the proxy exceptions list if there is a web proxy between Cisco DNA Center and Cisco ISE.

  • Cisco DNA Center and Cisco ISE nodes cannot be behind a NAT device.

  • Cisco DNA Center and Cisco ISE cannot integrate if the ISE Admin and ISE pxGrid certificates are issued by different enterprise certificate authorities.

    Specifically, if the ISE Admin certificate is issued by CA server A, the ISE pxGrid certificate is issued by CA server B, and the pxGrid persona is running on a node other than ISE PPAN, the pxGrid session from Cisco DNA Center to Cisco ISE does not work.

  • For automation integration, the Cisco ISE internal certificate authority must issue the pxGrid certificate for Cisco DNA Center.

Brownfield Feature-Related Limitations

Brownfield feature-related limitations include:

  • Cisco DNA Center cannot learn device credentials.

  • You must enter the preshared key (PSK) or shared secret for the AAA server as part of the import flow.

  • Cisco DNA Center does not learn the details about DNS, WebAuth redirect URL, and syslog.

  • Cisco DNA Center can learn only one wireless controller at a time.

  • For site profile creation, only the AP groups with AP and SSID entries are considered.

  • Automatic site assignment is not possible.

  • SSIDs with an unsupported security type and radio policy are discarded.

  • For authentication and accounting servers, if the RADIUS server is present in the device, it is given first preference. If the RADIUS server is not present, the TACACS server is considered for design.

  • The Cisco ISE server (AAA) configuration is not learned through brownfield provisioning.

  • The authentication and accounting servers must have the same IP addresses for them to be learned through brownfield provisioning.

  • When an SSID is associated with different interfaces in different AP groups, during provisioning, the newly created AP groups with the SSID are associated with the same interfaces.

  • A wireless conflict is based only on the SSID name, and does not consider other attributes.

Wireless Policy Limitation

If an AP is migrated after a policy is created, you must manually edit the policy and point the policy to an appropriate AP location before deploying the policy. Otherwise, the error "Policy Deployment failed" is displayed.

Cisco Plug and Play Limitations

Plug and Play limitations and restrictions include:

  • Virtual Switching System (VSS) is not supported.

  • The Cisco Plug and Play Mobile app is not supported with Plug and Play in Cisco DNA Center.

  • The Stack License workflow is supported for Cisco Catalyst 3650 and 3850 Series switches running Cisco IOS XE 16.7.1 and later.

  • The Plug and Play agent on the switch is initiated on VLAN 1 by default. Most deployments recommend that VLAN 1 be disabled. If you do not want to use VLAN 1 when PnP starts, enter the following command on the upstream device:

    pnp startup-vlan <vlan_number>

LAN Automation Limitation

Cisco Catalyst 9500 high-performance switches (including C9500-32C, C9500-32QC, C9500-24Y4C, C9500-48Y4C) are not supported as seed devices and PnP agents for LAN automation. If you try to use a Catalyst 9500H as the seed device, the GUI displays the following error:

Failed to create LAN Automation session. BAD_Request:
[Common Settings - Please change the discovery interface configuration to L2 mode and then re-sync the primary device from Inventory App].

Get Assistance from the Cisco TAC

Use this link to open a TAC case. Choose the following when opening a TAC case:

  • Technology: Cisco DNA - Software-Defined Access

  • Subtechnology: Cisco DNA Center Appliance (SD-Access)

  • Problem Code: Install, uninstall, or upgrade

Related Documentation

The following publications are available for Cisco DNA Center.

For this type of information...

See this document...

Release information, including new features, system requirements, and open and resolved bugs.

Cisco DNA Center Release Notes

Installation and configuration of Cisco DNA Center, including post-installation tasks.

Cisco DNA Center Installation Guide

Use of the Cisco DNA Center GUI and its applications.

Cisco DNA Center User Guide

Configuration of user accounts, RBAC scope, security certificates, authentication and password policies, and global discovery settings.

Monitoring and managing Cisco DNA Center services.

Backup and restore.

Cisco DNA Center Administrator Guide

Security features, hardening, and best practices to ensure a secure deployment.

Cisco DNA Center Security Best Practices Guide

Supported devices, such as routers, switches, wireless access points, NFVIS platforms, and software releases.

Supported Devices

Hardware and software support for Cisco SD-Access.

Cisco SD-Access Hardware and Software Compatibility Matrix

Use of the Cisco DNA Assurance GUI.

Cisco DNA Assurance User Guide

Licenses and notices for open source software used in Cisco DNA Assurance.

Open Source Used in Cisco DNA Assurance

Use of the Cisco DNA Center platform GUI and its applications.

Cisco DNA Center Platform User Guide

Cisco DNA Center platform release information, including new features, deployment, and open bugs.

Cisco DNA Center Platform Release Notes

Licenses and notices for open source software used in Cisco DNA Center platform.

Open Source Used in Cisco DNA Center Platform

Key features and scale numbers.

Cisco DNA Center Data Sheet

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation.

You can also subscribe to the What’s New in Cisco Product Documentation RSS feed, which delivers lists and content of new and revised Cisco technical documentation directly to your desktop, using any RSS reader application. This RSS feed is a free service.