2D and 3D Wireless Heatmap Performance Enhancement

Using Cisco DNA Assurance, Cisco DNA Center delivers a performance enhancement for 2D and 3D wireless heatmaps. Cisco DNA Center displays AP and heatmap data within seconds.

Cisco Connected Mobile Experiences (CMX) Integration Enhancements

Cisco DNA Center performs validation of CMX TLS/SSL certificates. The enhanced GUI provides an option to review and import CMX certificates to establish trust for new and existing CMX integrations. To avoid interruption of service between Cisco DNA Center and CMX, configure the CMX SSL/TLS certificates and import the CMX certificate to Cisco DNA Center Trusted Certificates before installing the Cisco DNA Center 2.3.7.3 upgrade. After the upgrade, you can validate the CMX connection status under System > Settings > Cisco Spaces/CMX Servers.

Configuration Drift of a Device

You can view the timestamp of the last configuration that was archived for the network devices and the timestamp of the config-drift verification that was performed on the device.

Control of Configurations Support in SWIM Upgrade Workflow

With the delivery of the enhanced control of configuration changes, you can send planned software image upgrades to ITSM for approval before deploying them.

Deletion of a Stack Member from a Switch Stack

You can delete a stack member from a switch stack by using the Delete Member option in the PnP dashboard.

Enhancements to VLAN Creation for FlexConnect SSIDs

Effective with this release, for the FlexConnect SSIDs, VLANs are not automatically created on the Cisco Catalyst 9800 Series Wireless Controller during provisioning. Instead, the interface and VLANs that are mapped to the wireless network profile are created on the Flex profile during AP provisioning.

Floor Import History of 2D Wireless Heatmaps

You can view the floor import history of 2D wireless heatmaps, including the logs of successfully and unsuccessfully imported APs, planned APs, and overlay objects.

AP Join Profile Rogue Parameters Support

Cisco DNA Center supports the following rogue parameters:

• Rogue detection minimum Received Signal Strength Indicator (RSSI)

• Rogue detection transient interval

• Rogue detection report interval

• Protected Management Frame (PMF) denial

AP Location Configuration for PnP Onboarding

You can configure the site assigned during the PnP claim as the AP location for PnP onboarding.

AP Preimage Download Progress

You can view details about an AP's preimage download task for all the APs associated with the device.

Application Quality of Service (QoS) Support

Cisco DNA Center allows you to enable Application QoS policy by default on wired devices onboarded through Plug and Play or through site assignment, if you deploy QoS policy on the site to which the device is provisioned.

Application Visibility and Controller-Based Application Recognition (CBAR) Enablement on Devices

Cisco DNA Center allows you to enable Application Visibility and CBAR by default on wired discovered devices and devices onboarded through Plug and Play or through site assignment.

C9800 Day 0 Onboarding Template Support

Cisco DNA Center PnP supports an onboarding template for wireless devices.

Configurable Limit on Importing Walls from CAD Files

When importing a CAD file to use as a floor map, you can set a limit to the number of walls that are imported. Setting this limit helps to minimize the time it takes to generate a 3D heatmap.

Deletion of Nodes from REP Ring for Nonfabric Deployments

Cisco DNA Center supports dynamic deletion of nodes from a REP ring for nonfabric deployments.

Enhanced 2D Wireless Heatmap Generation

The 3D-computed heatmap generator, which is enabled by default, supports both 2D and 3D heatmap generation. Although you can disable the 3D-computed heatmap generator and use the original heatmap generator, we recommend that you use the 3D-computed heatmap generator. It can generate heatmaps substantially faster than the original heatmap generator, and you can set a limit to the number of walls that are included in a heatmap computation, which also enhances processing speed.

Enhanced Experience Enabling CX License Trials for the Security Advisories, Field Notices, and Network Bug Identifier Features

The process for enabling the Security Advisories, Field Notices, and Network Bug Identifier feature trials has been enhanced. To begin any of these feature trials, you must accept the trial terms and conditions. However, you only have to accept them once for any of the trials. Afterward, you can simply start the other feature trials.

Inventory Resync Insights

You can view the last sync start time and the reason for the last sync in your inventory.

Option to Provide a Customized Loopback IP Address During LAN Automation

Under Provision > LAN Automation, when you provision LAN automation, in the HOSTNAME MAPPING section > Discovered Devices Hostname Prefix field, you can upload a CSV file that contains a serial number and hostname for each device. Optionally, it can also have a customized loopback IP address for each device. The ability to upload a customized loopback IP address is new in this release.

Software Image Management (SWIM) Extended Support for a Two-Way Compatibility Matrix Comparison

Cisco DNA Center SWIM performs a two-way compatibility matrix file comparison to improve In-Service Software Upgrade (ISSU) compatibility decision-making.

Cisco DNA Center is able to autodownload the compatibility matrix files of ISSU-supported devices' running images and golden tagged images available in cisco.com.

Support for Operational and Planned APs in 2D Heatmaps

You can display a coverage heatmap in 2D that shows both operational and planned APs. This option is only available when the 3D-computed heatmap generator is enabled, which is the default configuration. If you disable the 3D-computed heatmap generator, the 2D heatmap reverts to the original heatmap generator and only displays operational APs or planned APs in a heatmap, not both simultaneously.

Tooltip for the Resolved IP Address

You can view the resolved IP address of a device in the IP Address column.

User Interface Updated for Design > Network Settings > Network Window

Network Settings > Network window is updated to provide better user experience.

View Cisco DNA Center in Light or Dark Appearance

You can view Cisco DNA Center in light (default) or dark appearance. On the My Profile and Settings > Display Settings window, you can apply light or dark appearance.

Visibility and Control for Compliance Remediation

While fixing compliance violations, you can send planned network configurations to IT Service Management (ITSM) for approval before deploying them.

Visibility and Control of Configurations

With the delivery of the enhanced control, you can send planned network configurations to ITSM for approval before deploying them. Control ensures that only authentic and authorized configurations are provisioned onto your network devices, which further secures your devices.

Cross-Launch from Assurance Device 360 to Device Inventory

You can cross-launch from the Device 360 window to the Device Inventory window to view the device details.

Event Analytics - Preview Dashboard

You can view analytics and insights data for syslog messages and different types of network events. You can identify trends and correlate events across different data sources from the Event Analytics - Preview dashboard in the Issues and Events window. The dashboard displays heatmaps with counts of syslog messages and reachability transitions from wired and wireless devices.

Refresh Issues

The following issues are refreshed at the time of purge. Refresh time is 28 days. For each issue, the timestamp is updated so that the issue exists until the next purge cycle.

• AP Disconnect

• Switch Unreachable

• Router Unreachable

• WLC Unreachable

• AP(s) disconnect from WLC on Switch

RF Insights - Tx Drops Chart

The Tx Drops per Client KPI is available for clients connected with Cisco Catalyst 9800 Series Wireless Controller starting from Release 17.12. The RF tab in the Device 360 dashboard displays the Top Clients with Tx Drops per SSID chart with the top 5 clients with packet drop count per selected SSID for the selected radios.

The Connected tab in the Client 360 dashboard displays the Tx Drops chart, which shows the percentage of packet drops.

Third-Party Device Support for Wired Assurance

Third-party devices are supported for Wired Assurance. You can monitor and troubleshoot third-party devices from the Network and Device 360 Assurance health dashboard. By default, third-party devices are mapped under the Core device family category.

You can view issues generated by third-party devices in the Issue Settings dashboard.

New APIs

Sites API

Cisco DNA Center platform supports the following Sites API:

• GET <cluster-ip>/dna/intent/api/v1/site-member/${id}/member

  Get devices that are assigned to a site.

To access the new Sites APIs, click the menu icon and choose Platform > Developer Toolkit > APIs.

Expand the Know Your Network drop-down list and choose Sites.

API Enhancements

taskId Datatype

In the response schema, the taskId parameter now supports the string datatype for the following APIs:

• Update SNMPv3 credentials

• Delete Device by Id

• Sync Devices

• Update SNMP read community

• Add Device

• Delete discovery by Id

• Create HTTP write credentials

• Start discovery

• Create SNMP write community

• Update global credentials

• Create SNMP read community

• Update HTTP read credential

• Create CLI credentials

• Updates an existing discovery by specified Id

• Create SNMPv3 credentials

• Create/Update SNMP properties

• Update Device Details

• Update HTTP write credentials

• Update Device role

• Create HTTP read credentials

• Delete discovery by specified range

• Update Netconf credentials

• Export Device list

• Run read-only commands on devices to get their real-time configuration

• Delete all discovery

• Delete global credentials by Id

• Update CLI credentials

• Update SNMP write community

• Create Netconf credentials

Devices API

In the Add Device API, the type request parameter now includes the FIREPOWER MANAGEMENT CENTER and THIRD PARTY DEVICE device types.

Deprecated APIs

Network Management APIs

The following Network Management APIs are deprecated:

• POST <cluster-ip>/dna/intent/api/v1/device-credential

  Create Device Credentials.

• DELETE <cluster-ip>/dna/intent/api/v1/device-credential/${id}

  Delete Device Credential.

• PUT <cluster-ip>/dna/intent/api/v1/device-credential

  Update Device Credentials.

• GET <cluster-ip>/dna/intent/api/v1/device-credential

  Get Device Credential Details.

New APIs

Devices API

Cisco DNA Center platform supports the following Devices API:

POST <cluster-ip>/dna/intent/api/v2/networkDevices/${deviceId}/interfaces/query

Get Device Interface Stats Info.

The new API allows 500 requests per minute.

To access the new Devices API, click the menu icon and choose Platform > Developer Toolkit > APIs.

Expand the Know Your Network drop-down list and choose Devices.

Sites APIs

Cisco DNA Center platform supports the following Sites APIs:

• GET <cluster-ip>/dna/intent/api/v2/site

  Get Site V2.

• GET <cluster-ip>/dna/intent/api/v2/site/count

  Get Site Count V2.

To access the new Sites APIs, click the menu icon and choose Platform > Developer Toolkit > APIs.

Expand the Know Your Network drop-down list and choose Sites.

Compliance APIs

Cisco DNA Center platform supports the following Compliance APIs:

• GET <cluster-ip>/dna/intent/api/v1/network-device-config/task

  Get config task details.

• POST <cluster-ip>/dna/intent/api/v1/network-device-config/write-memory

  Commit device configuration.

To access the new Compliance APIs, click the menu icon and choose Platform > Developer Toolkit > APIs.

Expand the Know Your Network drop-down list and choose Compliance.

Configuration Archive API

Cisco DNA Center platform supports the following Configuration Archive API:

GET <cluster-ip>/dna/intent/api/v1/network-device-config

Get configuration archive details.

To access the new Configuration Archive API, click the menu icon and choose Platform > Developer Toolkit > APIs.

Expand the Site Management drop-down list and choose Configuration Archive.

System Settings APIs

Cisco DNA Center platform supports the following System Settings APIs:

• DELETE <cluster-ip>/dna/intent/api/v1/authentication-policy-servers/${id}

  Delete Authentication and Policy Server Access Configuration.

• POST <cluster-ip>/dna/intent/api/v1/authentication-policy-servers

  Add Authentication and Policy Server Access Configuration.

• GET <cluster-ip>/dna/intent/api/v1/ise-integration-status

  Cisco ISE Server Integration Status.

• PUT <cluster-ip>/dna/intent/api/v1/integrate-ise/${id}

  Accept Cisco ISE Server Certificate for Cisco ISE Server Integration.

• PUT <cluster-ip>/dna/intent/api/v1/authentication-policy-servers/${id}

  Edit Authentication and Policy Server Access Configuration.

To access the new System Settings APIs, click the menu icon and choose Platform > Developer Toolkit > APIs > System Settings.

User and Roles APIs

Cisco DNA Center platform supports the following User and Roles APIs:

• PUT <cluster-ip>/dna/system/api/v1/role

  Update role API.

• DELETE <cluster-ip>/dna/system/api/v1/user/${userId}

  Delete user API.

• POST <cluster-ip>/dna/system/api/v1/role

  Add role API.

• DELETE <cluster-ip>/dna/system/api/v1/role/${roleId}

  Delete role API.

To access the new User and Roles APIs, click the menu icon and choose Platform > Developer Toolkit > APIs.

Expand the Cisco DNA Center System drop-down list and choose User and Roles.

LAN Automation APIs

Cisco DNA Center platform supports the following LAN Automation APIs:

• PUT <cluster-ip>/dna/intent/api/v1/lan-automation/${id}

  LAN Automation Stop and Update Devices.

• PUT <cluster-ip>/dna/intent/api/v1/lan-automation/updateDevice

  LAN Automation Device Update.

To access the new LAN Automation APIs, click the menu icon and choose Platform > Developer Toolkit > APIs.

Expand the Site Management drop-down list and choose LAN Automation.

API Enhancements

Event Management APIs

The Create Webhook Destination, Get Webhook Destination and Update Webhook Destination APIs now include the isProxyRoute attribute.

Devices APIs

Cisco DNA Center platform supports the following Devices API enhancements:

• Get Device list: Added the pendingSyncRequestsCount, pendingSyncRequestsCount, reasonsForDeviceResync, reasonsForPendingSyncRequests, dnsResolvedManagementAddress and lastDeviceResyncStartTime response fields.

• Get the Details of Physical Components of the Given Device: Includes the new manufacturer attribute in the response schema.

• Get Device Count API: Added managementIpAddress, macAddress, hostname and locationName query parameters.

• Get Chassis Details for Device: The response parameters assemblyNumber, assemblyRevision are now optional.

• Returns Device Interface VLANs: The mask response parameter is now an optional field.

• Get Modules and Get Module Info by Id: The assemblyNumber, assemblyRevision, moduleIndex and operationalStateCode response parameters are now optional.

• Get Device Values that match fully or partially an Attribute: The following sample response schema is now included.

  { "response": [ "string" ], "version": "string" }

Compliance APIs

Multiple value support is added to the complianceStatus and complianceType attributes in the Get Compliance Detail Count and Get Compliance Detail intent APIs.

Enrichment Details APIs

For improved useability, the rate limit in the following APIs increased to 100 requests per minute:

• Get Client Enrichment Details

• Get Device Enrichment Details

• Get Issue Enrichment Details

• Get User Enrichment Details

Sites API

Get devices that are assigned to a site.

Updated URL: PUT <cluster-ip>/dna/intent/api/v1/site-member/${id}/member

Deprecated APIs

Device Onboarding (PnP) APIs

The following Device Onboarding (PnP) APIs are deprecated:

• GET <cluster-ip>/dna/intent/api/v1/onboarding/pnp-device/sacct/${domain}/vacct/${name}/sync-result

  Get Sync Result for Virtual Account.

• POST <cluster-ip>/dna/intent/api/v1/onboarding/pnp-device/vacct-sync

  Sync Virtual Account Devices.

• POST <cluster-ip>/dna/intent/api/v1/onboarding/pnp-device/unclaim

  Unclaim Device.

New Events

Assurance Events

Cisco DNA Center platform supports the following new Assurance events:

• High input/output utilization on Third Party Device WAN interfaces: The event is generated when there is high input or output utilization on WAN interfaces.

• Fabric LISP session status on Control Plane node: The event is generated when the LISP session status from Control Plane to fabric node is down.

• Fabric LISP PubSub session status is down: The event is generated when the LISP PubSub session status between border node and control or transit control plane node is down. One event is generated for each pair of border and control plane.

• Fabric Border node internet is unavailable: Internet Availability monitors the default route on external borders and registers that with the control plane node within a LISP or PUBSUB site. One event is generated for each pair of border and control plane.

• Fabric BGP session status is down with Peer Device: The event is generated when the BGP session is down on border node with IP Transit peer. One issue is generated for each pair of border and control plane.

• Fabric Border node remote internet is unavailable: Remote Internet Availability monitors whether remote fabric sites can provide backup internet through SDA-Transit connected Borders within a LISP or PUBSUB site. One event is generated for each pair of border and control plane.

Event Enhancements

Assurance Events

New supported connector types SNMP and NO_ENDPOINT are added to the existing Assurance events.

For information about events and setting up a notification for an event, see the "Developer Toolkit GUI" chapter of the Cisco DNA Center Platform User Guide.

New Reports

AI Endpoint Analytics

The AI Endpoint Analytics report type includes the locked Endpoint Profiling report.

Long Term

The Long Term report type includes the following types of locked reports:

• AP Performance Report

• Long Term AP Detail

• Long Term AP Radio

• Long Term AP Usage and Client Breakdown

• Long Term Client Detail

• Long term Client Session

• Long Term Network Device

Report Enhancements

Flexible Reports

Cisco DNA Center platform supports the following Flexible report enhancements:

• The following new options are added under Entities:

  • SWIM: Supports the Summary report type.

  • POE

• A new operator-based selection criteria is included for field filters.

For more information, see the "Generate a Flexible Report" topic in the "Reports" chapter of the Cisco DNA Center Platform User Guide.

Other Enhancements

Email Authentication Support

This Cisco DNA Center platform release supports email authentication for primary and secondary SMTP servers while configuring an email destination to receive notifications.

For more information, see the "Configure an Email Destination" topic in the "Configurations" chapter of the Cisco DNA Center Platform User Guide.

Custom Policy Tag Reuse

You can reuse custom policy tags across sites (areas, buildings, and floors).

Enhancements to VLAN Creation for FlexConnect SSIDs

Effective with this release, for the FlexConnect SSIDs, VLANs are not automatically created on the Cisco Catalyst 9800 Series Wireless Controllers during provisioning. Instead, the interface and VLANs that are mapped to the wireless network profile are created on the Flex profile during AP provisioning.

Global Search Support for Wireless Menu and Settings

Cisco DNA Center supports the global Search function for the wireless parameters in network settings, model configuration designs, and workflows.

AP Location Configuration for PnP Onboarding

You can configure the site assigned during the PnP claim as the AP location for PnP onboarding.

In the System > Settings > Device Settings > PnP AP Location window:

• If you check the Configure AP Location check box, Cisco DNA Center configures the assigned site as the AP location for PnP onboarding.

• If you uncheck the Configure AP Location check box, Cisco DNA Center doesn't configure the AP location during PnP onboarding and you can use the Configure Access Points workflow to configure the AP location.

This check box is unchecked by default.

Detect Conflicts in a CLI Template for Wireless

Cisco DNA Center supports detection of potential design conflicts and run-time conflicts in the CLI templates for wireless.

Enhancement in Handling Cisco Wireless Controller Configurations

During the reprovisioning of a Cisco Wireless Controller, Cisco DNA Center ensures not to overwrite configurations that are not part of the intent.

Enhancements to Access Control Lists for Central Web Authentication SSIDs of Guest Wireless Network

Effective with this release, Cisco DNA Center-generated preauthentication Access Control Lists (ACL) are created only for the configured AAA or PSN servers for Central Web Authentication (CWA) SSIDs of guest wireless networks.

Enhancements to Admin Status of Radio Bands in RF Profiles for Cisco AireOS Wireless Controller

Effective with this release, for Cisco AireOS Wireless Controllers, if you disable the Admin status of a band in the RF profile and reprovision the wireless controller or AP, Cisco DNA Center creates the RF profile for the corresponding band and maps it to the AP group (instead of configuring it as None) and disables the Admin status of all radios of the corresponding band on the APs.

Enhancements to FlexConnect Settings Modifications for Existing SSIDs

If you modify any nonflex SSIDs that are already provisioned on a wireless controller to flex SSIDs (or conversely), you must reprovision the wireless controller to ensure that the expected intent is configured on the wireless controller.

If you modify the VLAN ID value in the Local to VLAN ID field of an existing SSID and reprovision the AP without reprovisioning the wireless controller, the latest value of the VLAN ID is updated in the flex profile used by the AP.

Enhancements to Associating Templates for Wireless Network Profiles

You can associate onboarding and day-n templates to a network profile for wireless. The onboarding templates are used while onboarding wireless devices using Plug and Play (PnP).

Enhancements to Channel Width Selection for APs in Dual Radio Mode

In earlier releases, if the dual radio mode was enabled on an AP, its slot 2 couldn't be in the Client-Serving or Monitor radio role with the 160 MHz channel width.

Effective with this release, if the dual radio mode is enabled on an AP, its slot 2 can't be in the Client-Serving radio role with the 160 MHz channel width.

Enhancements to RF Profile Updates for Cisco AireOS Wireless Controllers

Effective with this release, for Cisco AireOS Wireless Controllers, if you modify the DCA channels or data rates for an RF profile that is already provisioned on a wireless controller, Cisco DNA Center resets the corresponding radio.

Enhancements to SSID Workflow, Preauthentication ACLs, IP-Based Access Contract, and RX SOP Threshold in RF Profiles

Cisco DNA Center supports authentication key management settings, ingress and egress QoS settings, and wireless encryption settings in the SSID creation workflow for enterprise and guest networks.

Cisco DNA Center supports additional protocols in the preauthentication access control lists and IP-based access control contracts.

Cisco DNA Center supports custom Receiver Start of Packet Detection (RX SOP) threshold values for each band for basic and AI RF profiles using the RX-SOP Threshold (dBm) Custom Value field.

Support for Additional WLAN Parameters

Cisco DNA Center supports additional WLAN parameters for the advanced SSID model configuration design. The SSID creation workflows for enterprise and guest networks support the selection of an advanced SSID model configuration design.

Support for Manual Data Refresh to Track the Replacement Status in the AP Refresh Workflow

In the Access Point Refresh workflow, to view the latest AP replacement status, you can use the Refresh Data option.

Support for New Country Codes

Cisco DNA Center supports new country codes for Cisco Catalyst 9800 Series Wireless Controllers running Cisco IOS XE Release 17.12 or later. The radios within the APs are assigned to a specific regulatory domain at the factory, but the country code enables you to specify a particular country of operation within that regulatory domain.

For a complete list of country codes supported per product, see https://www.cisco.com/c/dam/assets/prod/wireless/wireless-compliance-tool/index.html.

Support for Static IP Address for Wireless Management Interface During Provisioning of Cisco Catalyst 9800 Series Wireless Controller

Effective with this release, you must configure a static IP address for the wireless management interface on the Cisco Catalyst 9800 Series Wireless Controller to prevent provisioning failure.

Visibility and Control of Wireless Device Configurations

Effective with this release, Cisco DNA Center supports enhanced control for wireless device configurations. With enhanced control, you can ensure that only authentic and authorized configurations are provisioned onto your network devices through an IT Service Management (ITSM) check.

By default, Configuration Preview is enabled and ITSM Approval is disabled. You can update these settings on the System > Settings > Visibility and Control of Configurations window. To enable ITSM Approval, make sure that Configuration Preview and ITSM are enabled.

Visibility and Control of Fabric Configurations

With the Control feature, you can send planned fabric configurations to ITSM for approval before deploying them on the fabric devices.

All fabric workflows and configurations support the Visibility and Control feature.

New Automation for SD-Access

The enhanced Cisco SD-Access user interface provides a succinct view of the fabric elements and their attributes.

Preprefix Affinity

Preprefix Affinity enables multihoming of a data center wherein multiple fabric sites that are linked through an SD-Access transit are connected to the same data center. In this setup, each fabric site may choose its own local internal border to reach the data center host. If a fabric site does not have local reachability to the data center, traffic is forwarded through a remote site or load balanced across multiple remote sites, if all site borders have equal priority. This behavior is enabled by default.

You can also configure the traffic to be routed to a particular remote site though the data center host is reachable through the local internal border. This is helpful in deployments that require traffic to egress through a particular internal border for more efficient routing. For assistance in enabling this steering of traffic to a particular site, contact Cisco Support.

Support for AS Path Prepend

You can steer the selection of the ingress border in the SD-Access fabric by modifying the AS Path prepends. You can define the number of AS Path prepends to the BGP AS_PATH list.

Support for Wireless Mesh Access Point in an SD-Access Fabric

Starting with Cisco DNA Center Release 2.3.7, you can onboard a wireless Mesh AP in an SD-Access fabric. You can provision a mesh AP either as a Mesh Access Point (MAP) or a Root Access Point (RAP), depending on the network requirement.

Support for Workgroup Bridge

Support for the Workgroup Bridge (WGB) in Cisco SD-Access extends the fabric connectivity to areas where deploying a fabric edge, or an extended node, or a policy extended node is not possible. A WGB associates with the fabric Access Point (AP) on a fabric SSID, and the wired client connects to the Layer 2 switch positioned behind the WGB. In scenarios where a client has to be subjected to 802.1X authentication, configure the WGB to enable port-based authentication. For assistance with the configuration of WGB, contact Cisco Support.

New in 2.3.7.3

New Walkthroughs

• Add a Window to My Favorites

• Manage My Favorites

New in 2.3.7.0

New Walkthroughs

• Clone a CLI Template

• Create a CLI Template

• Export a CLI Template

• Import a CLI Template

• View Field Notices

Deprecated Walkthrough

Create a Composite Template

CSCwe38665

When there are many managed devices in the inventory, running the Inventory report fails and the following error is displayed:

BAPI Execution Failed.Response Code = 500, Response Content=null

CSCwe74245

After a disaster recovery failover, CBAR provisioning fails in specific scenarios for Catalyst 9800 controllers, Catalyst 9300 switches, and Catalyst 9400 switches that have wireless enabled on them.

CSCwe85799

Cisco DNA Center three-node cluster: After removing the proxy from the setup, the node shows that connectivity with the host is lost, even though it is reachable.

CSCwf16863

In the Global LLDP configuration, if the hold time and timer values are very large, the database discards the configured values during the device sync.

CSCwf17924

Some service instances are inactive after shutting down a node in a three-node cluster.

CSCwf24189

An exception occurs during device controllability configurations.

CSCwf56037

When two site assignment tasks are created—one to assign a device to a site and the other to remove a device from a site—no conflict notification is displayed on the Tasks window.

CSCwf59765

Cisco DNA Center-generated preauthentication ACLs have only AAA/ISE servers mapped to a specific SSID. Cisco DNA Center ignores all other AAA servers that are added. Because this change brings the ACE’s changes to the ACL rule that’s already created, Cisco DNA Center repushes the complete ACL to the device. There are no WLAN flaps, but there is a change in the ACL definition.

CSCwf81439

If a task is discarded, a mismatch occurs between Cisco DNA Center and the device config for N+1 config.

CSCwf88553

Compliance remediation fails for the CBAR interface. The following error is generated:

NCSP11000: Error occurred while processing the 'complianceRemediation' request.
Additional info for support: taskId: '71d06526-a361-471a-b66c-acc267369e6a'.

CSCwf95418

Cisco DNA Center Basic ITSM CMDB sync might fail with a timeout error on the BAPI Schedule to Publish Inventory Details - ServiceNow Connector.

To work around this problem, increase the REST and JSON Catch All Transaction Quota rule on ServiceNow to a higher timeout value, which helps the sync complete successfully.

CSCwh03807

If the CLI prompt command that is configured on the device contains special characters, spaces, or tabs, the device doesn’t go to Managed state in Cisco DNA Center. Instead, the device remains in Syncing state in Cisco DNA Center.

CSCwh16964

The three-node cluster is stuck at 50% optional package install state.

CSCwh35302

When you assign a device with the intent for Cisco ISE integration to a site, the deployment of the device controllability and telemetry settings fails and the Cisco ISE device integration fails.

CSCwh35343

Request to add multiple wireless IP pool support for fabric SSID.

CSCwh45346

In deployments with large numbers of devices in inventory, the CMDB sync fails. The Schedule to Publish Inventory Details - ServiceNow Connector times out after around three hours.

CSCwh48163

Even after the Wide Area Bonjour application is installed and is operational, often the Tools menu does not show the Wide Area Bonjour application as a navigation option. The dashboard also does not show the Wide Area Bonjour application symbol to navigate to.

CSCwh59381

The NETWORK-NON-FABRIC_WIRELESS-1-150 REST event notification does not return key:value pairs such as tenantId, tags, and tntId.

CSCwh63005

The Cisco DNA Center inventory is not synced with Service Now. The devices count in Service Now is 0.

CSCwh88238

The Get Device Enrichment Details API does not work after upgrading Cisco DNA Center. The following error is generated:

The client made a request for a resource that does not exist, for get all devices API while enriching device information.

CSCwh91534

Inventory report generation fails after upgrading Cisco DNA Center.

CSCwh94858

The Assurance "sdflow" service restarts unexpectedly.

CSCwh96829

The Cisco DNA Center GUI is not accessible. Most of the services are in "CrashLoopBackOff." Some services are in "CreateContainerConfigError" state.

CSCwi28259

A mobility anchor configuration pushed using the CLI template (and without choosing the force push template option) is removed after an upgrade to Cisco DNA Center 2.3.5.4.

This problem occurs when you use a CLI template to configure mobility anchors and then you provision the controller without choosing the force push template option.

CSCwi28419

After upgrading from Cisco DNA Center 2.3.3.7 to Cisco DNA Center 2.3.5.4, the Cisco DNA Center intent overwrites the CLI template for the default-ap-join profile, which was initially set up to allow SSH accessto APs. Cisco DNA Center automatically generates a default APprofile using device default values, which disables SSH access.

CSCvt57069

Cisco DNA Center custom Portal Builder settings are not saved.

CSCwd04618

Unable to upload an image in the Guest portal via the Edit option.

CSCwd32003

Onboarding new APs reverts all APs to default-ap-profile, causing APs to reload.

CSCwd70903

Report generation fails and displays the following error:

Maximum running time for the worker pod exceeded.

CSCwe45252

If some Assurance events are configured for notification, SNMP is shown as a channel for notification. However, Assurance events do not support SNMP and the SNMP notification does not work.

CSCwf31064

Cisco DNA Center wireless provisioning fails with an error in SiteTagInfo for the Cisco Catalyst 9800 Series Wireless Controller mesh role.

CSCwf39432

In the schema-updater log under /data/maglev/srv/diagnostics/maglev-system/workflow-worker, a number format exception occurs while running the ProfileAttributeMigrator.

CSCwf71596

In SLAAC mode, the Cisco SD-Access wireless client exhibits delayed association for the IPv6 stack.

CSCwf72802

The mobility tunnel creation peer fails via Cisco DNA Center. The following error is generated:

ERROR: duplicate key value violates unique constraint "mobilitypeerproperty_bk"

CSCwf73918

After upgrading from Cisco DNA Center 2.3.5.4, the Cisco Catalyst 9800 Series Wireless Controller reprovision config preview fails for "Policyprofilename."

CSCwf83571

Unmarking a device for replacement via the API does not work when "faultyDeviceId" is used.

CSCwf86000

When the AP Refresh workflow card is in pending or in-progress state, it doesn't show any APs.

CSCwf87650

Cisco DNA Center may delete a PnP acquired device from inventory but the device is not deleted from PnP.

CSCwf87650

When you delete a PnP device from inventory, the device is not deleted from PnP.

CSCwf90876

Wireless controller provisioning fails for a few countries when running Cisco IOS-XE 17.9.x.

CSCwf94495

Unable to delete an edge node from the Fabric page.

CSCwh02680

When attempting to do a SWIM upgrade, a critical error is shown at the Schedule Task and Clean Up page of the workflow. The critical error states invalid inputs, but there are no errors on the actual page or anything to suggest what the issue is.

CSCwh07308

When switching from a fabric site to a fabric zone, the fabric site view is displayed instead of displaying the fabric zone view.

CSCwh08579

When viewing a failed port-assignment task, the browser floods with endless API calls, causing the browser to time out.

CSCwh12140

After provisioning a wireless controller, Cisco DNA Center's Compliance Report may show that device as non-compliant for Policy Tag, Site Tag, and AP Tag mappings.

CSCwh13140

A failure occurs when provisioning the Cisco Catalyst 9124AX in mesh root AP mode.

CSCwh17495

The map-server key at the inherited site under the LISP L2 instance does not match the anchored site.

CSCwh28374

An upgrade to Cisco DNA Center 2.3.5.3 fails on CommonSettingsApProfileMigrator for the AireOS AP profile with mesh settings.

CSCwh29152

WLAN Passphrase update on any personal SSID is not getting pushed to the AireOS controller.

CSCwh41361

Cisco DNA Center Inventory may degrade to Out of Memory condition due to a huge number of Base Radio records.

CSCwh49384

Cisco SD-Access: CiscoSensorProvisioning SSID mapped to wrong interface.

CSCwb93305

The AP refresh workflow fails with the following error:

AP already part of another AP refresh task "null".

CSCwc39603

When a user configures a new event notification in Cisco DNA Center, the Try It option for the subscribed event may return the following error:

FAILURE - Endpoint Connection Timed Out.

CSCwc93896

AP and wireless controller provisioning fails due to the following error:

NCSP10001: User intent validation failed.

CSCwd34763

Cisco DNA Center may configure AP tags with default values rather than the site tags configured in the network profile.

CSCwd48297

Cannot create a nonflex AP group if at least one flex SSID has been configured.

CSCwd50441

Failed templates get re-pushed during the port assignment process.

CSCwd53101

Wireless controller provisioning fails with an NCSP11001 error.

CSCwd64690

The credential validation task skips validation of enabled credentials.

CSCwd64902

Several NETCONF error scenario details are lost in the NP error response (code + parameters).

CSCwd66496

When a new stack member is added to a Cisco Catalyst 9400 Series switch, Cisco DNA Center doesn't automatically push down the "device-tracking attach-policy IPDT_POLICY" configuration on new interfaces.

CSCwd77779

Editing auth template does not update CLIs on device.

CSCwd96245

The license usage details API endpoint returns the following error when using the device_type "ise":

500 Internal error.

CSCwe10186

The wrong fabric zone is assigned for multicast pools when bulk fabric zones are created.

CSCwe14566

Cisco DNA Center's port assignment to an IE-3200 extended node fails for deployment of network intent "RouterProvisioning Failed."

CSCwe24079

License mode shows "NA" for a device in Cisco DNA Center.

CSCwe26616

The Catalyst 9410R switch and related hypervisor families don't show the correct number of devices under the family within Cisco DNA Center's Image Repository.

CSCwe27459

The banner shows an incorrect AI Endpoint Analytics warning alert for ISE integration.

CSCwe32559

The Cisco DNA Center VLAN report returns zero or one site VLAN record:

RestApiSourceExecutor - Returned Total count 0/4.

CSCwe37500

vManage integration flaps when inventory service logs return a large XML.

CSCwe38622

Meraki MR52/MR53 cloud-managed APs don't show topology links.

CSCwe39344

While configuring event notifications for the webhook and REST channels, event notification does not work after the first attempt. The following error is generated:

Endpoint Connection Timed Out.

CSCwe42089

The external config archive in Cisco DNA Center doesn't store files.

CSCwe43814

After upgrading to Cisco DNA Center 2.3.5.3, if you try to reprovision an AP by changing the floor (without a controller provision after upgrade), provisioning might fail.

CSCwe43877

New Policy tags and Site tags are created and mapped to the APs when APs are reprovisioned after a Cisco DNA Center upgrade, without reprovisioning the controller first.

CSCwe46169

Addition of a new IP pool under Guest VN fails with an exception. Cisco SD-Access fabric had a dedicated GUEST border deployment from an older release and is currently on a newer release which does not support GUEST border workflow.

CSCwe52889

The Inventory window doesn’t load correctly due to a new line character in the Meraki device's serial number.

CSCwe54433

Unable to save an RF profile in a cluster upgraded from 2.2.2.9 to 2.3.3.6 to 2.3.5.3.

CSCwe59569

Software image base and SMU distribution/activation skips the operation to perform flash cleanup.

CSCwe66749

The Meraki AP model type is not populated in the inventory.

CSCwe74038

Virtual network operation triggered wireless controller provisioning replaces WLANs but does not trigger the AP provisioning flow.

CSCwe82555

All device details are not exported in the csv and pdf file.

CSCwe89409

Image distribution fails for the Cisco 1100 Integrated Services router.

CSCwe92274

Device provisioning may fail due to other fabric devices missing loopback interfaces.

CSCwe95262

Wireless controller provisioning fails with the following error:

"NCSP11108: Error occurred while processing the request."

CSCwe95541

The software image update gets stuck in In Progress state and does not succeed or fail.

CSCwe98803

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device.

This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ins-acc-con-nHAVDRBZ

CSCwf20392

PnP: AP claim provisioning should error out and not leave with default site tags.

CSCwf20970

The Cisco DNA Center License Manager may not show the virtual account name.

CSCwf25120

Wireless controller provisioning failure occurs when changing from a Cisco DNA Center-generated site tag to a custom site tag.

CSCwf26803

Cisco DNA Center may not send accurate emails for SYSTEM_PERFORMANCE_FILESYSTEM_UTILIZATION.

CSCwf28011

An NCSW32001 error occurs while trying to copy an image to a device using an external repository.

CSCwf29125

Cisco DNA Center's config-archive-service may decline into an out-of-memory condition and restart repeatedly.

CSCwf31445

The WLAN policy profile is not created when a new VLAN group is used in a network profile.

CSCwf31965

The nonflex WLAN policy profile is not created when an SSID is added under two network profiles using different interfaces.

CSCwf36885

After an upgrade to Cisco DNA Center 2.3.3.6, many devices inventory collection status may change to "internal error."

CSCwf38305

Rogue on the wire alerts show an incorrect connected switch.

CSCwf39680

The Add Fabric Border Device API body note should have a 4-byte ASN range, not a 2-byte ASN range.

CSCwf40854

Wireless controller provisioning may fail with the following error:

NCSP11108 CFS persistence failed.

CSCwf45762

Cisco DNA Center disables the radios to make changes to any custom RF profile.

CSCwh58183

When you update the protocol pack to version 67 in Cisco DNA Center, the update fails.