Manage Your Inventory

About Inventory

The Inventory function retrieves and saves details, such as host IP addresses, MAC addresses, and network attachment points about devices in its database.

The Inventory feature can also work with the Device Controllability feature to configure the required network settings on devices, if these settings are not already present on the device.

Inventory uses the following protocols, as required:

  • Link Layer Discovery Protocol (LLDP).

  • IP Device Tracking (IPDT) or Switch Integrated Security Features (SISF). (IPDT or SISF must be enabled on the device.)

  • LLDP Media End-point Discovery. (This protocol is used to discover IP phones and some servers.)

  • Network Configuration Protocol (NETCONF). For a list of devices, see Discovery Prerequisites.

After the initial discovery, Cisco DNA Center maintains the inventory by polling the devices at regular intervals. The default interval is every six hours. However, you can change this interval up to 24 hours, as required for your network environment. For more information, see Update the Device Polling Interval. Also, a configuration change in the device triggers an SNMP trap, which in turn triggers device resynchronization. Polling occurs for each device, link, host, and interface. Only the devices that have been active for less than one day are displayed. This prevents stale device data, if any, from being displayed. On average, polling 500 devices takes approximately 20 minutes.

Inventory and Cisco ISE Authentication

Cisco ISE has two different use cases in Cisco DNA Center:

  • If your network uses Cisco ISE for device authentication, you need to configure the Cisco ISE settings in Cisco DNA Center. As a result, when provisioning devices, Cisco DNA Center configures the devices with the Cisco ISE server information that you defined. In addition, Cisco DNA Center configures the devices on the Cisco ISE server and propagates subsequent updates to the devices. For information about configuring Cisco ISE settings in Cisco DNA Center, see Configure Global Network Servers.


    Note
    If you are using Cisco ISE for authenticating Cisco Catalyst 9800 series devices, you must configure Cisco ISE to provide privilege for NETCONF users.

    If a device is not configured or updated on the Cisco ISE server as expected due to a network failure or the Cisco ISE server being down, Cisco DNA Center automatically retries the operation after a certain wait period. However, Cisco DNA Center does not retry the operation if the failure is due to a rejection from Cisco ISE, as an input validation error.

    When Cisco DNA Center configures and updates devices in the Cisco ISE server, the transactions are captured in the Cisco DNA Center audit logs. You can use the audit logs to help troubleshoot issues related to the Cisco DNA Center and Cisco ISE inventories.

    After you provision a device, Cisco DNA Center authenticates the device with Cisco ISE. If Cisco ISE is not reachable (no RADIUS response), the device uses the local login credentials. If Cisco ISE is reachable, but the device does not exist in Cisco ISE or its credentials do not match the credentials configured in Cisco DNA Center, the device does not fall back to use the local login credentials. Instead, it goes into a partial collection state.

    To avoid this situation, make sure that before you provision devices using Cisco DNA Center, you have configured the devices in Cisco ISE with the same device credentials that you are using in Cisco DNA Center. Also, make sure that you configured valid discovery credentials. For more information, see Discovery Credentials.

  • If required, you can use Cisco ISE to enforce access control to groups of devices.

Display Information About Your Inventory

The Inventory table displays information for each discovered device. Click the column header to sort the rows in ascending order. Click the column header again to sort the rows in descending order.

To select which columns to show or hide in the table, click . Note that the column selection does not persist across sessions.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Inventory.

The Inventory window displays the device information gathered during the discovery process. The following table describes the information that is available.
Table 1. Inventory
Column Description

Device Name

Name of the device.

Click the device name to view the following device details:

Details: Displays details such as device name, reachability status, Manageability status, IP address, device model, role, uptime, site, and so on.

  • View Assurance 360: Displays 360 window. For 360 to open, you must have installed the Assurance application.

  • Interfaces

    • Ethernet Ports (For all devices): Displays the operational status and admin status of the ethernet ports. Click the info icon to view the status legend.

      The Ports table displays the operational status, admin status, type, VLAN, MAC address, PoE status, speed, and MTU. You can click the Search or Filter option to view the details of the desired ports.

    • VLANs (Only for Switches and hubs): The VLAN table displays the VLAN ID, operational status, admin status, VLAN type, and IP address. You can click the Search or Filter option to view the details of the desired VLAN.

    • Virtual Ports (Only for wireless devices, controllers, and routers): The ports table displays the operational status, admin status, type, MAC address, PoE status, speed, and MTU. You can click the Search or Filter option to view the details of the desired ports.

  • Hardware and Software: Displays the hardware and software details of the device.

  • Configuration: Displays detailed configuration information similar to what is displayed in the output of the show running-config command.

    This feature is not supported for access points (APs) and wireless controllers. Therefore, configuration data is not returned for these device types.

  • Power: Displays power budgeted, power consumed, and power remaining details of the device. The Power Supplies table shows the operational status, serial number, and vendor equipment type details.

  • Fans: Displays the operational status, serial number, and vendor equipment type of fans.

  • Wireless Info: Displays the primary and secondary managed locations.

  • Mobility: Displays the mobility group name, RF group name, virtual IP, and mobility MAC address.

Note 
A device name that is displayed in red means that inventory has not polled the device and updated its information for more than 30 minutes.

IP Address

IP address of the device.

Support Type

Shows the device support level as follows:

  • Supported: The device pack is tested for all applications on Cisco DNA Center. You can open a service request if any of the Cisco DNA Center functionalities for these devices do not work.

  • Unsupported: All remaining Cisco and third party devices which are not tested and certified on Cisco DNA Center. You may try out various functionalities on Cisco DNA Center for these devices as best effort. However, we do not expect you to raise a service request or a bug if Cisco DNA Center features do not work as expected.

  • Third Party: Device pack is built by customers/business partners and has gone through the certification process. Third party devices will support base automation capabilities such as Discovery, Inventory, Topology, and so on. Cisco TAC will provide an initial level of support for these devices. However, if there is a problem with the device pack, you must reach out to the business partner for a fix.

Reachability

The following is a list of the various statuses:

  • Reachable: The device is reachable by Cisco DNA Center using SNMP, HTTP(S), and Netconf poll mechanisms.

  • Ping Reachable: The device is reachable by Cisco DNA Center using ICMP polling mechanism and not reachable using SNMP, HTTP(S), and Netconf poll mechanisms.

  • Unreachable: The device is not reachable using SNMP, HTTP(S), Netconf, and ICMP poll mechanisms.

Manageability

Shows the device status as follows:

  • Managed with green tick icon: Device is reachable and is fully managed.

  • Managed with orange error icon: Device is managed with some error such as unreachable, authentication failure, missing Netconf ports, internal error and so on. You can hover the mouse over the error message to view more details about the error and the impacted applications.

  • Unmanaged: Device cannot be reached and no inventory information was collected due to device connectivity issues.

MAC Address

MAC address of the device.

Image Version

Cisco IOS software that is currently running on the device.

Platform

Cisco product part number.

Serial Number

Cisco device serial number.

Uptime

Period of time that the device has been up and running.

Device Role

Role assigned to each discovered device during the scan process. The device role is used to identify and group devices according to their responsibilities and placement within the network. If Cisco DNA Center is unable to determine a device role, it sets the device role to Unknown.

Note 

If you manually change the device role, the assignment remains static. Cisco DNA Center does not update the device role even if it detects a change during a subsequent device resynchronization.

If required, you can use the drop-down list in this column to change the assigned device role. The following device roles are available:

  • Unknown

  • Access

  • Core

  • Distribution

  • Border Router

Site

The site to which the device is assigned. Click Assign if the device is not assigned to any site. Click Choose a Site, select a site from the hierarchy, and then click Save. For more information, see About Network Hierarchy.

Last Updated

Most recent date and time that Cisco DNA Center scanned the device and updated the database with new information about the device.

Device Family

Group of related devices, such as routers, switches, hubs, or wireless controllers.

Device Series

Series number of the device; for example, Cisco Catalyst 4500 Series Switches.

Resync Interval

The polling interval for the device. This interval can be set globally in Settings or for a specific device in Inventory. For more information, see Cisco DNA Center Administrator Guide.

Last Sync Status

Status of the last Discovery scan for the device:

  • Managed: Device is in a fully managed state.

  • Partial Collection Failure: Device is in a partial collected state and not all the inventory information has been collected. Move the cursor over the Information (i) icon to display additional information about the failure.

  • Unreachable: Device cannot be reached and no inventory information was collected due to device connectivity issues. This condition occurs when periodic collection takes place.

  • Wrong Credentials: If device credentials are changed after adding the device to the inventory, this condition is noted.

  • In Progress: Inventory collection is occurring.

Launch Topology Map from Inventory

You can launch the Topology map for the discovered devices from the Inventory window.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provisioning > Inventory.

Step 2

Use the Toggle button to switch between the Topology map view and the Inventory view. The Topology map view displays the topology and the provisioning status of the device. Click on each node to view the device details. See About Topology for more information on Topology map.

Note 

Click Collapse All or Expand All to collapse and expand the Topology map view.

Types of Devices in the Cisco DNA Center Inventory

Devices show up in inventory one of two ways: by being discovered or by being added manually. Cisco DNA Center Inventory supports the following types of devices:

  • Network Devices: Supported network devices include Cisco routers, switches, and wireless devices such as wireless controllers (WLCs) and access points (APs).

  • Compute Devices: Supported compute devices include the Cisco Unified Computing System (UCS), devices running Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS), and other data center devices.

  • Meraki Dashboard: Dashboard to the Cisco cloud management platform for managing Cisco Meraki products.

For a complete list of supported devices, see Cisco DNA Center Supported Devices.

Manage Network Devices

Add a Network Device

You can add a network device to your inventory manually.

Before you begin

Make sure you configure your network device. For more information, see Discovery Prerequisites.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

The Inventory page displays the device information that is gathered during the Discovery process.
Step 2

Click Add Device.

Step 3

From the Type drop-down list, choose Network Device.

Step 4

In the Device IP / DNS Name field, enter the IP address or name of the device.

Note 

If the device uses HSRP protocol, you must enter the primary IP address and not the virtual IP address.
Step 5

Expand the CLI area, if it is not already expanded, and do one of the following:

  1. Click the Select global credential radio button if you want to use the global CLI credentials that have been already created.

    Note 
    If no CLI global credentials are available, create the global CLI credentials in the Network Settings > Device Credentials page. See Configure Global CLI Credentials.

  2. Click the Add device specific credential radio button and configure the following fields:

    Table 2. CLI Credentials

    Field

    Description

    Username

    Name that is used to log in to the CLI of the devices in your network.

    Password

    Password that is used to log in to the CLI of the devices in your network.

    For security reasons, re-enter the password as confirmation.

    Note 
    Passwords are encrypted for security reasons and are not displayed in the configuration.

    Enable Password

    Password used to move to a higher privilege level in the CLI.

    For security reasons, re-enter the enable password.

    Note 
    Passwords are encrypted for security reasons and are not displayed in the configuration.
Step 6

Expand the SNMP area, if it is not already visible and do one of the following:

  1. Click the Select global credential radio button if you want to use the global SNMP credentials that have been already created.

    Note 
    If no SNMP global credentials are available, create the global SNMP credentials in the Network Settings > Device Credentials page. See Configure Global SNMPv2c Credentials and Configure Global SNMPv3 Credentials.

  2. Click the Add device specific credential radio button and do the following:

Step 7

From the Version drop-down list, choose V2C (SNMP Version 2c) or V3 (SNMP Version 3).

If you chose V2C, configure the following fields:

Table 3. SNMPv2c Credentials

Field

Description

Read

  • Name/Description: Name or description of the SNMPv2c settings that you are adding.

  • Read Community: Read-only community string password used only to view SNMP information on the device.

Note 

Passwords are encrypted for security reasons and are not displayed in the configuration.

Write

  • Name/Description: Name or description of the SNMPv2c settings that you are adding.

  • Write Community: Write community string used to make changes to the SNMP information on the device.

Note 

Passwords are encrypted for security reasons and are not displayed in the configuration.

If you chose V3, configure the following fields:

Table 4. SNMPv3 Credentials

Field

Description

Name/Description

Name or description of the SNMPv3 settings that you are adding.
Username

Name associated with the SNMPv3 settings.

Mode

Security level that an SNMP message requires. Choose one of the following modes:

  • noAuthNoPriv: Does not provide authentication or encryption.

  • AuthNoPriv: Provides authentication, but does not provide encryption.

  • AuthPriv: Provides both authentication and encryption.

Auth Type

Authentication type to be used. (Enabled if you select AuthPriv or AuthNoPriv as the authentication mode.) Choose one of the following authentication types:

  • SHA: Authentication based on HMAC-SHA.

  • MD5: Authentication based on HMAC-MD5.

Auth Password

SNMPv3 password used for gaining access to information from devices that use SNMPv3. These passwords (or passphrases) must be at least eight characters in length.

Note 

  • Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Cisco DNA Center.

  • Passwords are encrypted for security reasons and are not displayed in the configuration.

Privacy Type

Privacy type. (Enabled if you select AuthPriv as the authentication mode.) Choose one of the following privacy types:

  • DES: DES 56-bit (DES-56) encryption in addition to authentication based on the CBC DES-56 standard.

  • AES128: CBC mode AES for encryption.

  • None: No privacy.

Note 

DES encryption is being deprecated and will be removed in a future release.

Privacy Password

SNMPv3 privacy password that is used to generate the secret key for encrypting messages that are exchanged with devices that support DES or AES128 encryption. Passwords (or passphrases) must be at least eight characters long.

Note 

  • Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Cisco DNA Center.

  • Passwords are encrypted for security reasons and are not displayed in the configuration.

Step 8

Expand the SNMP RETRIES AND TIMEOUT area, if it is not already expanded, and configure the following fields.

Table 5. SNMP Properties

Field

Description

Retries

Number of attempts allowed to connect to the device. Valid values are from 1 to 3. The default is 3.

Timeout

Number of seconds Cisco DNA Center waits when trying to establish a connection with a device before timing out. Valid values are from 1 to 300 seconds in intervals of 5 seconds. The default is 5 seconds.

Step 9

Expand the HTTP(S) area, if it is not already visible, and do one of the following:

  1. Click the Select global credential radio button if you want to use the global HTTP(S) credentials that have been already created.

    Note 
    If no HTTP(S) global credentials are available, create the global HTTP(S) credentials in the Network Settings > Device Credentials page. See Configure Global HTTP(S) Credentials.

  2. Click the Add device specific credential radio button and configure the following fields:

    Table 6. HTTP(S)

    Field

    Description

    Username

    Name that is used to log in to the HTTP(S) of the devices in your network.

    Password

    Password that is used to log in to the HTTP(S) of the devices in your network.

    For security reasons, re-enter the password as confirmation.

    Note 
    Passwords are encrypted for security reasons and are not displayed in the configuration.

    Port

    Specify the required http(s) port number.
Step 10

Expand the NETCONF area, if it is not already expanded, and configure the Port field.

NETCONF requires that you configure SSH as the CLI protocol and define the SSH credentials.
Step 11

Select one of the network Protocol radio button that enables Cisco DNA Center to communicate with remote devices. Valid values are SSH2 or Telnet.

Step 12

(Optional) Click Validate next to Credentials. Cisco DNA Center validates the device credentials and shows valid credentials with a green tick mark and invalid credentials with a red cross mark.

All the credentials will be validated except the SNMP Write credentials.
Step 13

Click Add.

Update Network Device Credentials

You can update the discovery credentials of selected network devices. The updated settings override the global and job-specific settings for the selected devices.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

You must have either administrator (ROLE_ADMIN) or policy administrator (ROLE_POLICY_ADMIN) permissions and the appropriate RBAC scope to perform this procedure.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

The Inventory page displays the device information gathered during the Discovery process.
Step 2

Select the network devices that you want to update.
Step 3

From the Actions drop-down list, choose Inventory > Edit Device.

Step 4

In the Edit Device dialog box, choose Network Device from the Type drop-down field, if it is not already selected.

Step 5

Expand the CLI area, if it is not already expanded, and do one of the following:

  1. If you want to use the global CLI credentials that have been already created, click the Select global credential radio button.

    Note 
    If no CLI global credentials are available, create them in the Network Settings > Device Credentials page. See Configure Global CLI Credentials.

  2. Click the Edit device specific credential radio button and configure the following fields:

Table 7. CLI Credentials

Field

Description

Username

Name that is used to log in to the CLI of the devices in your network.

Password

Password that is used to log in to the CLI of the devices in your network.

For security reasons, re-enter the password as confirmation.

Passwords are encrypted for security reasons and are not displayed in the configuration.

Enable Password

Password that is used to move to a higher privilege level in the CLI.

For security reasons, re-enter the enable password.

Passwords are encrypted for security reasons and are not displayed in the configuration.

Step 6

Expand the SNMP area, if it is not already expanded, and do one of the following:

  1. If you want to use the global SNMP credentials that have been already created, click the Select global credential radio button.

    Note 
    If no SNMP global credentials are available, create them in the Network Settings > Device Credentials page. See Configure Global SNMPv2c Credentials and Configure Global SNMPv3 Credentials.

  2. Click the Edit device specific credential radio button and do the following:

Step 7

From the Version drop-down list, choose V2C (SNMP Version 2c) or V3 (SNMP Version 3).

If you chose V2C, configure the following fields:

Table 8. SNMPv2c Credentials

Field

Description

Read

  • Name/Description: Name or description of the SNMPv2c settings that you are adding.

  • Read Community: Read-only community string password used only to view SNMP information on the device.

Note 

Passwords are encrypted for security reasons and are not displayed in the configuration.

Write

  • Name/Description: Name or description of the SNMPv2c settings that you are adding.

  • Write Community: Write community string used to make changes to the SNMP information on the device.

Note 

Passwords are encrypted for security reasons and are not displayed in the configuration.

If you chose V3, configure the following fields:

Table 9. SNMPv3 Credentials

Field

Description

Name/Description

Name or description of the SNMPv3 settings that you are adding.
Username

Name associated with the SNMPv3 settings.

Mode

Security level that an SNMP message requires. Choose one of the following modes:

  • noAuthNoPriv: Does not provide authentication or encryption.

  • AuthNoPriv: Provides authentication, but does not provide encryption.

  • AuthPriv: Provides both authentication and encryption.

Auth Type

Authentication type to be used. (Enabled if you select AuthPriv or AuthNoPriv as the authentication mode.) Choose one of the following authentication types:

  • SHA: Authentication based on HMAC-SHA.

  • MD5: Authentication based on HMAC-MD5.

Auth Password

SNMPv3 password used for gaining access to information from devices that use SNMPv3. These passwords (or passphrases) must be at least eight characters in length.

Note 

  • Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Cisco DNA Center.

  • Passwords are encrypted for security reasons and are not displayed in the configuration.

Privacy Type

Privacy type. (Enabled if you select AuthPriv as the authentication mode.) Choose one of the following privacy types:

  • DES: DES 56-bit (DES-56) encryption in addition to authentication based on the CBC DES-56 standard.

  • AES128: CBC mode AES for encryption.

  • None: No privacy.

Note 

DES encryption is being deprecated and will be removed in a future release.

Privacy Password

SNMPv3 privacy password that is used to generate the secret key for encrypting messages that are exchanged with devices that support DES or AES128 encryption. Passwords (or passphrases) must be at least eight characters long.

Note 

  • Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Cisco DNA Center.

  • Passwords are encrypted for security reasons and are not displayed in the configuration.

Step 8

Expand the SNMP RETRIES AND TIMEOUT area, if it is not already expanded, and configure the following fields.

Table 10. SNMP Properties

Field

Description

Retries

Number of attempts allowed to connect to the device. Valid values are from 1 to 3. The default is 3.

Timeout

Number of seconds Cisco DNA Center waits when trying to establish a connection with a device before timing out. Valid values are from 1 to 300 seconds in intervals of 5 seconds. The default is 5 seconds.

Step 9

Expand the HTTP(S) area, if it is not already expanded, and do one of the following:

  1. If you want to use the global HTTP(S) credentials that have been already created, click the Select global credential radio button.

    Note 
    If no HTTP(S) global credentials are available, create them in the Network Settings > Device Credentials page. See Configure Global HTTP(S) Credentials.

  2. Click the Edit device specific credential radio button and configure the following fields:

    Table 11. HTTP(S)

    Field

    Description

    Username

    Name that is used to log in to the HTTP(S) of the devices in your network.

    Password

    Password that is used to log in to the HTTP(S) of the devices in your network.

    For security reasons, re-enter the password as confirmation.

    Passwords are encrypted for security reasons and are not displayed in the configuration.

    Port

    Specify the required HTTP(s) port number.
Step 10

Expand the NETCONF area, if it is not already expanded, and configure the Port field.

NETCONF requires that you configure SSH as the CLI protocol and define the SSH credentials.
Step 11

Select one of the network Protocol radio buttons that enables Cisco DNA Center to communicate with remote devices. Valid values are SSH2 or Telnet.

Step 12

(Optional) Click Validate next to Credentials. Cisco DNA Center validates the device credentials and shows the valid credentials with green tick mark and invalid credentials with red cross mark.

If you have chosen more than one device for updating the credentials, the Validation button will be disabled.

Step 13

Click Update.

Manage Compute Devices

Add a Compute Device

You can add a compute device to your inventory manually. A compute device includes devices such as the Cisco Unified Computing System (UCS), devices running Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS), and other data center devices.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Inventory.

The Inventory page displays the device information gathered during the Discovery process.
Step 2

Click Add Device.

Step 3

From the Type drop-down list, choose Compute Device.

Step 4

In the Device IP / DNS Name field, enter the IP address or name of the device.

Step 5

Expand the HTTP(S) area, if it is not already expanded, and do one of the following:

  1. If you want to use the global HTTP(S) credentials that have been already created, click the Select global credential radio button.

    Note 
    If no HTTP(S) global credentials are available, create them in the Network Settings > Device Credentials page. See Configure Global HTTP(S) Credentials.

  2. Click the Add device specific credential radio button and configure the following fields:

    Table 12. HTTP(S)

    Field

    Description

    Username

    Name used to authenticate the HTTPS connection.

    Password

    Password used to authenticate the HTTPS connection.

    Port

    Number of the TCP/UDP port used for HTTPS traffic. The default is port number 443 (the well-known port for HTTPS).
Step 6

Expand the CLI area, if it is not already expanded, and do one of the following:

  1. If you want to use the global CLI credentials that have been already created, click the Select global credential radio button.

    Note 
    If no CLI global credentials are available, create them in the Network Settings > Device Credentials page. See Configure Global CLI Credentials.

  2. Click the Add device specific credential radio button and configure the following fields:

Table 13. CLI Credentials

Field

Description

Username

Name that is used to log in to the CLI of the devices in your network.

Password

Password that is used to log in to the CLI of the devices in your network.

For security reasons, re-enter the password as confirmation.

Passwords are encrypted for security reasons and are not displayed in the configuration.

Enable Password

Password that is used to move to a higher privilege level in the CLI.

For security reasons, re-enter the enable password.

Passwords are encrypted for security reasons and are not displayed in the configuration.
Step 7

Expand the SNMP area, if it is not already expanded, and do one of the following:

  1. If you want to use the global SNMP credentials that have been already created, click the Select global credential radio button.

    Note 
    If no SNMP global credentials are available, create them in the Network Settings > Device Credentials page. See Configure Global SNMPv2c Credentials and Configure Global SNMPv3 Credentials.

  2. Click the Add device specific credential radio button and do the following:

Step 8

From the Version drop-down list, choose V2C (SNMP Version 2c) or V3 (SNMP Version 3).

If you chose V2C, configure the following fields:

Table 14. SNMPv2c Credentials

Field

Description

Read

  • Name/Description: Name or description of the SNMPv2c settings that you are adding.

  • Read Community: Read-only community string password used only to view SNMP information on the device.

Note 

Passwords are encrypted for security reasons and are not displayed in the configuration.

Write

  • Name/Description: Name or description of the SNMPv2c settings that you are adding.

  • Write Community: Write community string used to make changes to the SNMP information on the device.

Note 

Passwords are encrypted for security reasons and are not displayed in the configuration.

If you chose V3, configure the following fields:

Table 15. SNMPv3 Credentials

Field

Description

Name/Description

Name or description of the SNMPv3 settings that you are adding.
Username

Name associated with the SNMPv3 settings.

Mode

Security level that an SNMP message requires. Choose one of the following modes:

  • noAuthNoPriv: Does not provide authentication or encryption.

  • AuthNoPriv: Provides authentication, but does not provide encryption.

  • AuthPriv: Provides both authentication and encryption.

Auth Type

Authentication type to be used. (Enabled if you select AuthPriv or AuthNoPriv as the authentication mode.) Choose one of the following authentication types:

  • SHA: Authentication based on HMAC-SHA.

  • MD5: Authentication based on HMAC-MD5.

Auth Password

SNMPv3 password used for gaining access to information from devices that use SNMPv3. These passwords (or passphrases) must be at least eight characters in length.

Note 

  • Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Cisco DNA Center.

  • Passwords are encrypted for security reasons and are not displayed in the configuration.

Privacy Type

Privacy type. (Enabled if you select AuthPriv as the authentication mode.) Choose one of the following privacy types:

  • DES: DES 56-bit (DES-56) encryption in addition to authentication based on the CBC DES-56 standard.

  • AES128: CBC mode AES for encryption.

  • None: No privacy.

Note 

DES encryption is being deprecated and will be removed in a future release.

Privacy Password

SNMPv3 privacy password that is used to generate the secret key for encrypting messages that are exchanged with devices that support DES or AES128 encryption. Passwords (or passphrases) must be at least eight characters long.

Note 

  • Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Cisco DNA Center.

  • Passwords are encrypted for security reasons and are not displayed in the configuration.

Step 9

(Optional) Click Validate next to Credentials. Cisco DNA Center validates the device credentials and shows the valid credentials with green tick mark and invalid credentials with red cross mark.

All the credentials will be validated except the SNMP Write credentials.
Step 10

Click Add.

Update Compute Device Credentials

You can update the discovery credentials of selected compute devices. The updated settings override the global and job-specific settings for the selected devices.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

The Inventory page displays the device information that is gathered during the Discovery process.
Step 2

Select the devices that you want to update.
Step 3

From the Actions drop-down list, choose Inventory > Edit Device.

Step 4

In the Edit Device dialog box, from the Type drop-down list, choose Compute Device.

Step 5

Expand the HTTP(S) area, if it is not already expanded.

Step 6

In the Username and Password fields, enter the username and password.

Step 7

In the Port field, enter the port number.

Step 8

(Optional) Click Validate next to Credentials. Cisco DNA Center validates the device credentials and shows valid credentials with a green tick mark and invalid credentials with a red cross mark.

If you have chosen more than one device for updating the credentials, the Validation button is disabled.

Step 9

Click Update.

Manage Meraki Dashboards

Integrate the Meraki Dashboard

You can integrate your Meraki dashboard with Cisco DNA Center.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

The Inventory page displays the device information that is gathered during the Discovery process.
Step 2

Click Add Device.

Step 3

In the Add Device dialog box, from the Type drop-down list, choose Meraki Dashboard.

Step 4

Expand the HTTP(S) area, if it is not already expanded.

Step 5

In the API Key/Password field, enter the API key and password credentials and click the Get Organization details link.

Step 6

From the Organization drop-down list, select the organization options, or search for an organization name.

Step 7

(Optional) Click Validate next to Credentials. Cisco DNA Center validates the device credentials and shows valid credentials with a green tick mark and invalid credentials with a red cross mark.

Step 8

Click Add.

Only the selected organizations start collecting for the Meraki dashboard and devices.

Update Meraki Dashboard Credentials

You can update the Meraki dashboard credentials of selected devices. The updated settings override the global and job-specific settings for the selected devices.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

The Inventory page displays the device information that is gathered during the Discovery process.
Step 2

Select the devices that you want to update.
Step 3

From the Actions drop-down list, choose Inventory > Edit Device.

Step 4

In the Edit Device dialog box, from the Type drop-down list, choose Meraki Dashboard.

Step 5

Expand the HTTP(S) area, if it is not already expanded.

Step 6

In the API Key / Password field, enter the API key and password credentials used to access the Meraki dashboard.

Step 7

In the Port field, enter the port number.

Step 8

(Optional) Click Validate next to Credentials. Cisco DNA Center validates the device credentials and shows valid credentials with a green tick mark and invalid credentials with a red cross mark.

If you have chosen more than one device for updating the credentials, the Validation button is disabled.

Step 9

Click Update.

Filter Devices


Note

To remove or change the filters, click Reset.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

The Inventory page displays the device information that is gathered during the Discovery process.
Step 2

Click Filter.

The following types of filters are available:

  • Quick Filter

  • Advanced Filter

  • Recent Filters

Quick Filter: This filter allows you to retrieve the device details based on:

  • Device Family

  • Device Role

  • Last Sync Status

  • Provision Status

  • Credential Status

  • OS Updated Status

  • Image Needs Update

  • Image Pre Check Status

  • Support Type

Advanced Filters: This filter allows you to set the filtering criteria using operators such as Contains, Starts With, Ends With, Equals, Does not contains and Regex (Regular Expression), to narrow down the device details. For example, you can choose the filter pattern by table column names and the operator from the drop-down list. In addition, you must enter filter criteria value based on the available data.

Recent Filters: This filter shows the recently used filters. To save the filter criteria, drag and drop the filters from the RECENT to the SAVED filters.

Step 3

Enter the appropriate value in the selected filter field. For example, for the Device Name filter, enter the name of a device.

Cisco DNA Center presents you with autocomplete values as you enter values in the other fields. Choose one of the suggested values or finish entering the desired value.

You also can use a wildcard (asterisk) with these filters. For example, you can enter values with an asterisk at the beginning, end, or in the middle of a string value. Then, press Enter.

Step 4

Click Apply to filter the information.

The data displayed in the Devices table updates automatically according to your filter selection.

Note 

You can use several filter types and more than one value per filter.

Step 5

(Optional) If needed, add more filters.

To remove a filter, click the x next to the corresponding filter value.

Manage Devices in Inventory

The following sections provide information about how to assign devices to sites and manage device tags by using the Inventory window.

Add a Device to a Site

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Inventory.

The Inventory window displays the device information gathered during the Discovery process.
Step 2

Check the check box for the devices that you want to assign to a site.
Step 3

From the Actions menu, choose Provision > Assign Device to Site.

The Assign Device to Site slide-in pane appears.
Step 4

In the Assign Device to Site slide-in pane, click the link next to the icon for the device.

The Choose a floor slide-in pane appears.
Step 5

In the Choose a floor slide-in pane, select the floor to assign to the device.

Step 6

Click Save.

Step 7

(Optional) If you selected multiple devices to add to the same location, you can check the Apply to All check box for the first device to assign its location to the rest of the devices.

Step 8

Click Assign.

Step 9

When assigning devices to a site, if Device Controllability is enabled, a workflow is automatically triggered to push the device configuration from the site to the devices.

From the Focus drop-down list, choose Provision and click See Details in the Provision Status column. The configuration that is pushed to the device is shown in a separate window if you enabled Device Controllability.

Tag Devices

A device tag allows you to group devices based on an attribute or a rule. A single device can have multiple tags; similarly, a single tag can be applied to multiple devices.

You can add tags to or remove tags from devices in the Provision window.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision. The Device Inventory page displays device information gathered during the discovery process.

Step 2

Check the check box next to the device(s) for which you want to apply a tag, and then click Tag Device.

Step 3

Enter a tag name in the Tag Name field.

  • If you are creating a new tag, click Create New Tag. You also can create a new tag with a rule. See Tag Devices Using Rules for more information.

  • If you are using an existing tag, select the tag from the list, and then click Apply.

A tag icon and the tag name(s) appear under the device name(s) for which you applied the tag(s).
Step 4

To remove a tag from a device, do one of the following:

  • Click Create New Tag, unselect all tags, and then click Apply.

  • Hover the cursor over the tag icon or tag name, and then click X to disassociate the tag from the device.

Tag Devices Using Rules

You can group devices based on tags in which you define a rule. When you define a rule, Cisco DNA Center automatically applies the tag to all devices that match the specified rule. Rules can be based on device name, device family, device series, IP address, location, or version.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision. The Device Inventory page displays device information gathered during the discovery process.

Step 2

Check the check box next to the device(s) for which you want to apply a tag, then click Tag Device.

Step 3

Enter a tag name in the Tag Name field, then click Create New Tag with Rule.

The Create New Tag window appears.

The Manually Added field under Total Devices Tagged Count indicates the number of devices you selected in Step 2.

Step 4

Click Add Condition, then complete the required fields for the rule.

The Matching Devices number automatically changes to indicate how many devices match this condition.

You can have two options to create additional conditions:

  • And conditions—Click the Add Condition link. And appears above the condition.

  • Or conditions—Click the add icon (+) next to an existing condition. Or appears next to the condition.

You can add as many conditions as needed. As you make changes to the rule, the Matching Devices count changes to reflect how many devices in the inventory match the rule you specified. You can click on the device number to view the devices that match the rule.

Step 5

Click Save to save your tag with the defined rule.

A tag icon and the tag name(s) appear under the device name(s) for which you applied the tag(s).

As devices are added to the inventory, if they match the rules you defined, the tag is automatically applied to the devices.

Edit Device Tags

You can edit device tags that you previously created.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision. The Device Inventory page displays device information gathered during the discovery process.

In the Device Name column, you can see any previously created device tags listed under the device names.

Step 2

Without selecting any devices, click Tag Device.

The previously created tags are listed.
Step 3

Hover your cursor over the tag you want to edit, then click the pencil icon next to the tag name.

Alternatively, you can select Tag Device > View All Tags, then click the pencil icon next to the tag that you want to edit.

Step 4

Make changes to the tag, then click Save to save your changes.

Delete Tags

You can delete a device tag or template tag only if it is not associated with a device or template.

Before you begin

Remove the tag that is associated statically or dynamically (using rules) with the device.

Remove the tag that is associated with a template.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision.

The Device Inventory page displays device information gathered during the discovery process.
Step 2

Without selecting any devices, choose Tag Device > Manage Tags.

Step 3

Hover your cursor over the tag that you want to delete, then click the delete icon next to the tag name.
Step 4

In the warning message, click Yes.

An error message is generated if the tag is associated with a device or template. Remove the tag associated with the device or template and delete the tag.

Change Device Role (Inventory)

During the Discovery process, Cisco DNA Center assigns a role to each of the discovered devices. Device roles are used to identify and group devices and to determine a device's placement on the network topology map in the Topology tool. The top tier is the internet. The devices underneath are assigned one of the following roles:

Table 16. Device Roles and Topology Positions

Topology Position

Device Role

Tier 1

Internet (non-configurable)

Tier 2

Border Router

Tier 3

Core

Tier 4

Distribution

Tier 5

Access

Tier 6

Unknown

Note

When you assign the Access role to a device, IP Device Tracking (IPDT) is either configured or removed from the device based on the IPDT settings of the Site.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

The Inventory page displays the device information gathered during the Discovery process.
Step 2

Locate the device whose role you want to change, click the pencil icon under the Device Role column, and choose a role from the Update Device Role dialog box. Valid choices are Unknown, Access, Core, Distribution, or Border Router.

Alternatively, you can update the device role in the Edit Device dialog box:

  • Select the device whose role you want to change.

  • Choose Actions > Inventory > Edit Device.

  • Click the Role tab and choose an appropriate role from the Device Role drop-down list.

Note 

If you manually change the device role, the assignment remains static. Cisco DNA Center does not update the device role even if it detects a change during a subsequent device resynchronization.

Update a Device's Management IP Address

You can update the management IP address of a device.


Note

You cannot update more than one device at a time. Also, you cannot update a Meraki device's management IP address.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

The Inventory page displays the device information that is gathered during the Discovery process.
Step 2

Select the device that you want to update.
Step 3

From the Actions drop-down list, choose Inventory > Edit Device.

The Edit Device dialog box is displayed.

Step 4

Click the Management IP tab, and enter the new management IP address in the Device IP/ DNS Name field.

Note 

Make sure that the new management IP address is reachable from Cisco DNA Center and that the device credentials are correct. Otherwise, the device might enter an unmanaged state.

What to do next

Reprovision the device to update the source-interface configuration.

Update the Device Polling Interval

You can update the polling interval at the global level for all devices by choosing System > Settings > Network Resync Interval or at the device level for a specific device by choosing Device Inventory. When you set the polling interval using the Network Resync Interval, that value takes precedence over the Device Inventory polling interval value.

If you do not want a device to be polled, you can disable polling.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

Step 2

Select the devices that you want to update.
Step 3

Click Update Polling Interval.

Step 4

From the Update Resync Interval dialog box, in the Status field, click Enabled to turn on polling or click Disabled to turn off polling.

Step 5

In the Polling Time field, enter the time interval (in minutes) between successive polling cycles. Valid values are from 25 to 1440 minutes (24 hours).

Note 

The device-specific polling time supersedes the global polling time. If you set the device-specific polling time and then change the global polling time, Cisco DNA Center continues to use the device-specific polling time.

Step 6

Click Update.

Resynchronize Device Information

You can immediately resynchronize device information for selected devices, regardless of their resynchronization interval configuration. A maximum of 40 devices can be resynchronized at the same time.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

The Inventory page displays the device information gathered during the Discovery process.
Step 2

Select the devices about which you want to gather information.
Step 3

From the Actions drop-down list, choose Inventory > Resync Device.

Step 4

Click OK.

Delete a Network Device

You can delete devices from the Cisco DNA Center database, as long as they have not already been added to a site.

Before you begin

You must have administrator (ROLE_ADMIN) permissions and access to all devices (RBAC Scope set to ALL) to perform this procedure.

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Inventory.

The Inventory window displays the device information gathered during the Discovery process.
Step 2

Check the check box next to the device or devices that you want to delete.

Note 

You can select multiple devices by checking additional check boxes, or you can select all the devices by checking the check box at the top of the list.

Step 3

From the Actions drop-down list, choose Inventory > Delete Device.

Step 4

In the Warning window, check the Config Clean-Up check box to remove the network settings and telemetry configuration from the selected device.

Step 5

Confirm the action by clicking OK.

Launch Command Runner (Inventory)

You can launch the Command Runner application for selected devices from within the Inventory window.

Before you begin

Install the Command Runner application. For more information, see the Cisco DNA Center Administrator Guide.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

The Inventory page displays the device information that is gathered during the Discovery process.
Step 2

Select the devices on which you want to run commands.
Step 3

From the Actions drop-down list, choose Others > Launch Command Runner.

For information about the commands that you can run and how to run them, see Run Diagnostic Commands on Devices.

Troubleshoot Device Reachability Issues Using Run Commands

You can launch the Run Commands window from the Inventory window and run platform commands such as ping, traceroute, and snmpget to troubleshoot device reachability issues.


Note
If you want to execute the platform commands directly on a Cisco DNA Center cluster, do not select any device before launching Run Commands. Otherwise, the execution of commands will be for that device and not the platform.

Before you begin

Install the Command Runner application. For more information, see the Cisco DNA Center Administrator Guide.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

Step 2

From the Actions drop-down list, choose Others > Run Commands.

You can enter man anytime to retrieve a list of currently supported commands and shortcuts.

Use a CSV File to Import and Export Device Configurations

CSV File Import

You can use a CSV file to import your device configurations or sites from another source into Cisco DNA Center. If you want to download a sample template, go to the Provision Devices page and choose Actions > Inventory > Import Inventory. Click Download Template to download a sample CSV file template.

When you use a CSV file to import device or site configurations, the extent to which Cisco DNA Center can manage your devices depends on the information you provide in the CSV file. If you do not provide values for CLI username, password, and enable password, Cisco DNA Center will have limited functionality and cannot modify device configurations, update device software images, or perform any other valuable functions.

You can specify the credential profile in the CSV file to apply the corresponding credentials to a set of devices. If you specify the credential profile and also enter the values manually in the CSV file, the manually entered credentials take higher priority and the device is managed based on a combination of manually entered credentials and credential profile. For example, if the CSV file contains a credential profile with SNMP and SSH or Telnet credentials in addition to manually entered SNMP credentials, the device is managed based on the manually entered SNMP credentials and the SSH or Telnet credentials in the credential profile. Telnet is not recommended.


Note

You also must provide values for the fields that correspond to the protocol you specify. For example, if you specify SNMPv3, you must specify values for the SNMPv3 fields in the sample CSV file such as the SNMPv3 username and authorization password.

For partial inventory collection in Cisco DNA Center, you must provide the following values in the CSV file:

  • Device IP address

  • SNMP version

  • SNMP read-only community strings

  • SNMP write community strings

  • SNMP retry value

  • SNMP timeout value

For full inventory collection in Cisco DNA Center, you must provide the following values in the CSV file:

  • Device IP address

  • SNMP version

  • SNMP read-only community strings

  • SNMP write community strings

  • SNMP retry value

  • SNMP timeout value

  • Protocol

  • CLI username

  • CLI password

  • CLI enable password

  • CLI timeout value

CSV File Export

Cisco DNA Center enables you to create a CSV file that contains all or selected devices in the inventory. When you create this file, you must enter a password to protect the configuration data that the file will contain.

Import Device Configurations from a CSV File

You can import device configurations from a CSV file.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

The Inventory page displays the device information gathered during the Discovery process.
Step 2

From the Actions drop-down list, choose Inventory > Import Inventory to import the device credentials.

Step 3

Drag and drop the CSV file into the boxed area in the Bulk Import dialog box or click the dotted-line boxed area and browse to the CSV file.

Step 4

Click Import.

Export Device Configurations

You can export specific data pertaining to selected devices to a CSV file. The CSV file is compressed.


Caution

Handle the CSV file with care because it contains sensitive information about the exported devices. Ensure that only users with special privileges perform a device export.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

The Inventory page displays the device information gathered during the Discovery process.
Step 2

To export configuration information for only certain devices, check the check box next to the devices that you want to include. To include all devices, check the check box at the top of the device list.

Step 3

From the Actions drop-down list, choose Inventory > Export Inventory to export the device configurations.

The Export Inventory dialog box appears.

Step 4

In the Password field, enter a password that will be used to encrypt the exported CSV file.

Note 

The password is required to open the exported file.
Step 5

Confirm the encryption password.
Step 6

Check the Include SSH key information check box to include information such as initial SSH key, initial SSH key algorithm, current SSH key, and current SSH key algorithm in the exported CSV file.

Step 7

Click Export.

Note 

Depending on your browser configuration, you can save or open the compressed file.

Export Device Credentials

You can export device credentials to a CSV file. You are required to configure a password to protect the file from unwanted access. You need to supply the password to the recipient so that the file can be opened.


Caution

Handle the CSV file with care because it lists all of the credentials for the exported devices. Ensure that only users with special privileges perform a device export.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

The Inventory page displays the device information that is gathered during the Discovery process.
Step 2

Check the check box next to the devices that you want to include in the CSV file. To include all the devices, select the check box at the top of the list.

Step 3

From the Actions drop-down list, choose Inventory > Export Inventory.

The Export dialog box appears.

Step 4

In Select Export Type, click the Credentials radio button.

Step 5

Check the Include SSH key information check box to include information such as initial SSH key, initial SSH key algorithm, current SSH key, and current SSH key algorithm in the exported CSV file.

Step 6

In the Password field, enter a password that will be used to encrypt the exported CSV file.

Note 

The password is required to open the exported file.
Step 7

Confirm the encryption password and click Export.

Note 

Depending on your browser configuration, you can save or open the compressed file.

Replace a Faulty Device

Replacing devices that fail in the network is a critical part of device lifecycle management. The existing procedure to replace failed devices with new devices is manual and time consuming. The Return Material Authorization (RMA) workflow in Cisco DNA Center provides users the ease of automation to replace failed devices quickly, thus improving productivity and reducing operational expense. RMA provides a common workflow to replace routers, switches, and access points.

When using the RMA workflow with routers and switches, the software image, configuration, and license are restored from the failed device to the replacement device. For wireless access points, the replacement device is assigned to the same site, provisioned with primary wireless LAN controller, RF profile, and AP group settings, and placed on the same floor map location in Cisco DNA Center as the failed access point.

Before you begin

  • The software image version of the faulty device must be imported in the image repository before marking the device for replacement.

  • The faulty device must be in an unreachable state.

  • The faulty device must be assigned to a user-defined site if the replacement device onboards Cisco DNA Center through Plug and Play (PnP).

  • The replacement device must not be in a provisioning state while triggering the RMA workflow.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

The Inventory page displays the device information that is gathered during the Discovery process.

Step 2

Select the faulty device that you want to replace.

Note 
RMA supports replacement of faulty SMUs and packages.
Step 3

From the Actions drop-down list, choose Inventory > Device Replacement > Mark Device for Replacement.

Step 4

In the Mark for Replacement window, click Mark.

Note 

To achieve seamless replacement of fabric devices, a DHCP server is configured on the neighbor device. This is required to assign an IP address, and is removed after successful replacement of the faulty device.

The latest configuration changes from the faulty device are pushed to the replaced device during the RMA workflow.
Step 5

From the Inventory drop-down list, choose Marked for Replacement.

A list of devices marked for replacement is displayed.
Step 6

(Optional) If you do not want to replace the device, select the device and choose Actions > Unmark for Replacement.

Step 7

Select the device that you want to replace and choose Actions > Replace Device.

Step 8

In the Replace Device window, click Start.

Step 9

In the Replace Device page, select a device under the Available Replacement Devices area.

Step 10

Click Next.

Step 11

Review the Replacement Summary and then click Next.

Step 12

Select whether to replace the device now, or schedule the replacement for a later time, and then click Submit.

The RMA workflow begins.
Step 13

Click Monitor Replacement Status to go to the Provision page.

Step 14

Click Replace Status for the replacement device to view the status of the RMA workflow progress, as follows:

  • Distribute the software image to the replacement device.

  • Activate the software image on the device.

  • Deploy licenses.

  • Create the DHCP server on the neighbor device.

  • Provision VLAN and startup configurations.

  • Reload the device.

  • Check for reachability.

  • Deploy SNMPv3 credentials to the replacement device.

  • Authenticate through Cisco ISE.

  • Revoke the PKI certificate.

  • Delete the faulty device.

  • Synchronize the replacement device.

  • Remove the DHCP server from the neighbor device.

Replace a Faulty Access Point

Using the AP RMA feature, you can replace a faulty AP with a replacement AP available in the device inventory.

Before you begin

  • The AP Return Material Authorization (RMA) feature supports only like-to-like replacement. The replacement AP must have the same model number and PID as the faulty AP.

  • The replacement AP must have joined the same Cisco Wireless Controller as the faulty AP.

  • A Cisco Mobility Express AP that acts as the wireless controller is not a candidate for the replacement AP.

  • The software image version of the faulty AP must be imported in the image repository before marking the device for replacement.

  • The faulty device must be assigned to a user-defined site if the replacement device onboards Cisco DNA Center through Plug and Play (PnP).

  • The replacement AP must not be in provisioning state while triggering the RMA workflow.

  • The faulty device must be in an unreachable state.

Procedure

Step 1

In the Cisco DNA Center GUI, click the Menu icon () and choose Provision > Devices > Inventory.

The Inventory page displays the device information that is gathered during the Discovery process.

Step 2

Check the check box of the faulty device that you want to replace.
Step 3

From the Actions drop-down list, choose Device Replacement > Mark Device for Replacement.

Step 4

In the Mark for Replacement window, click Mark.

A success message saying Device(s) Marked for Replacement Successfully appears.

Step 5

In the Replace Device window, review the details of the faulty device and the devices available for replacement.

Step 6

In the Available Replacement Devices table, click the radio button next to the replacement device name.

Step 7

Click Next.

Step 8

Review the Replacement Summary and then click Next.

Step 9

Select whether to replace the device now, or schedule the replacement for a later time, and then click Submit.

The RMA workflow begins.
Step 10

To monitor the replacement status, under What's Next, click Monitor Replacement Status.

The Mark For Replacement window lists the devices that are marked for replacement.

Check the status of the replacement in the Replace Status column, which initially shows In-Progress.

Step 11

Click In-Progress in the Replace Status column.

The Replace Status tab shows the various steps that Cisco DNA Center performs as part of the device replacement.

Step 12

In the Marked for Replacement window, click Refresh and click Replacement History to view the replacement status.

Step 13

The Replace Column in the Replacement History window shows Replaced after the faulty device is replaced successfully.

Step 14

(Optional) If you do not want to replace the device, select the device and choose Actions > Unmark for Replacement.

Limitations of the RMA Workflow in Cisco DNA Center

  • RMA supports replacement of similar devices only. For example, a Cisco Catalyst 3650 switch can be replaced only with another Cisco Catalyst 3650 switch. Also, the platform ID of the faulty and replacement devices must be the same.

  • RMA supports replacement of all switches, routers, and Cisco SD-Access devices, except for the following:

    • Devices with embedded wireless and wireless controllers.

    • WLCs

    • Fabric in a Box

    • Classic and policy extended nodes

    • Devices that are discovered and configured via LAN automation, including the seed devices (LAN automation primary and peer devices)

    • Chassis-based switches, including the Catalyst 9400, Catalyst 9600, Catalyst 4500e, Catalyst 6500, Catalyst 6800, and Nexus 7700 Series Switches

    • Switch stacks (hardware and SVL stacking)

    • Devices with single and dual supervisor engines

    • Devices that have third-party certificates

    • Devices that have external SCEP broker PKI certificates

  • The RMA workflow supports device replacement only if:

    • Both faulty and replacement devices have the same extension cards.

    • The number of ports in both devices does not vary because of extension cards.

    • The faulty device is managed by Cisco DNA Center with a static IP. (RMA is not supported for devices that are managed by Cisco DNA Center with a DHCP IP.)

  • Make sure that the replacement device is connected to the same port to which the faulty device was connected.

  • Cisco DNA Center does not support legacy license deployment. Also, the RMA workflow does not register the faulty device with CSSM, nor remove the faulty device license from CSSM.

    • If the software image installed on the faulty device is earlier than Cisco IOS XE 16.8, the License Details window does not display the Network and Feature License details and no warning message is displayed. Therefore, you should be aware of the legacy network license configured on the faulty device and manually apply the same legacy network license on the replacement device.

    • If the software image installed on the faulty device is Cisco IOS XE 16.8 or later, the License Details window displays details of the network license (for example, Legacy or Network) and the feature license (for example, IP Base, IP Service, or LAN Base). The following warning message is displayed while marking the faulty device for replacement:

      Some of the faulty devices don't have a Cisco DNA license. Please ensure your replacement device has the same Legacy license of the faulty device enabled.

    • If the legacy network licenses of the replacement and faulty devices do not match, the following error message is displayed during the license deployment:

      Cisco DNA Center doesn't support legacy license deployment. So manually update the faulty device license on the replacement device and resync before proceeding.

  • Cisco DNA Center provisions the replacement device with the running and VLAN configurations of the faulty device available in the archive. If any configuration changes were made to the old device after the latest archive, the replacement device might not have the latest configuration.

  • If the replacement device onboards through PnP-DHCP functionality, make sure that the device gets the same IP address after every reload, and the lease timeout of DHCP is longer than two hours.