2023-10-20

Added a limitation about the site hierarchy for a Rogue and aWIPS report.

Limitations and Restrictions

2023-09-28

Added the open bug CSCwe28523.

Open Bugs

2023-07-31

Previously, the Cisco DNA Center Release Notes and the Cisco DNA Center Platform Release Notes were separate. Now, they are combined into a single release note; the Cisco DNA Center platform content has been consolidated into this document.

—

2023-02-27

Added the open bug CSCwe27538.

Open Bugs

2023-02-17

Added a limitation about In-Service Software Upgrade (ISSU).

Limitations and Restrictions

2022-11-08

Added the open bug CSCwc09546.

Open Bugs

2022-07-27

Updated the information provided for the Cisco DNA Center 2.2.3.6 System package.

Package Versions in Cisco DNA Center, Release 2.2.3.x

2022-07-21

Added the list of packages in Cisco DNA Center 2.2.3.6.

Package Versions in Cisco DNA Center, Release 2.2.3.x

Noted that Cisco DNA Center 2.2.3.6 contains fixes for the Spring4Shell vulnerability.

New and Changed Features in Cisco DNA Center

Added the Resolved Bugs table for 2.2.3.6.

Resolved Bugs

Added the open bug CSCwb28540.

2022-04-04

Added the new and changed Interactive Help information for 2.2.3.5.

New and Changed Features in Interactive Help

Added the list of packages in Cisco DNA Center 2.2.3.5.

Package Versions in Cisco DNA Center, Release 2.2.3.x

Added the Resolved Bugs table for 2.2.3.5.

Resolved Bugs

Added the open bugs CSCwa88686 and CSCwa99062

Open Bugs

2021-12-23

Added the list of packages in Cisco DNA Center 2.2.3.4.

Package Versions in Cisco DNA Center, Release 2.2.3.x

Added the Resolved Bugs table for 2.2.3.4.

Resolved Bugs

Noted that Cisco DNA Center 2.2.3.4 contains fixes for the Apache Log4j vulnerability.

New and Changed Features in Cisco DNA Center

2021-11-23

Added the open bug CSCwa30225.

Open Bugs

2021-10-26

Added the link to download Cisco DNA Center software.

Package Versions in Cisco DNA Center, Release 2.2.3.x

2021-10-04

Added the list of packages in Cisco DNA Center 2.2.3.3.

Package Versions in Cisco DNA Center, Release 2.2.3.x

Added the Resolved Bugs table for 2.2.3.3.

Resolved Bugs

Added the open bug CSCvy87482.

Open Bugs

2021-08-19

Added the open bug CSCvy30606.

Open Bugs

2021-08-04

Initial release.

—

3D Wireless Maps

A 3D mode has been added for viewing wireless maps.

With 3D wireless maps, you can view a 3D visualization of your wireless network and key performance indicators (KPIs). 3D wireless maps offer a wide range of features and functionality, such as:

• Navigate through your wireless network in a 3D environment.

• Receive near real-time KPI data from the 3D wireless maps predictive model.

• View the radio frequency (RF) coverage for specific elevations.

• Gain insights for the areas in your wireless network where service-level agreements (SLAs) are not being met.

• Create simulations of custom device configurations.

802.1x Authentication Support for Access Points

You can configure the authentication settings for the secure onboarding of access points (APs) using Plug and Play (PnP). Based on the authentication settings configured at the Global-level or Site-level hierarchy in Cisco DNA Center, PnP pushes the 802.1x (Dot1x) supplicant and certificates when claiming APs.

Application Policy Support

Application Policy support is available for Cisco Catalyst IE3300 Series and IE3400 Series switches.

Change the Protocol Order of an Image Distribution Server

You can choose the required protocol for software image distribution by changing the protocol order of an image distribution server. The protocol order helps perform verification checks on the image distribution servers.

Compliance

When Startup and Running configurations for a device are mismatched, you can run compliance checks and synchronize running configurations across multiple devices under Action > Compliance in the Inventory window.

Define Custom Applications for Devices Without QoS Policy

You can configure custom applications with attribute sets and maps on Cisco DNA Traffic Telemetry Appliance without configuring the quality of service (QoS) policy.

Deny RCM Clients

Cisco DNA Center prevents the clients that are using random MAC addresses from joining the network. You can choose to deny or allow the clients with random MAC addresses when creating Enterprise SSIDs and Guest SSIDs.

Different Views for Templates and Model Configs

You can view the templates and model configurations in the Cards view or the Table view when creating a network profile for Switching or Wireless.

Enable Telemetry on Switches

You can configure Switched Port Analyzer (SPAN) and Encapsulated Remote Switched Port Analyzer (ERSPAN) sessions on switches to share IP traffic for application assurance and endpoint analytics.

Fixed Versions for Security Advisories

The Fixed Versions column has been added to the Security Advisories window. This column lists the minimum known fixed version for security advisories. You can remove an advisory on your device by upgrading to the version mentioned in the Fixed Versions column.

Flash Cleanup

You can store only the running software image and remove all the previous software images saved on a device when provisioning a software image or upgrading a software image with In-Service Software Upgrade (ISSU).

FlexConnect VLAN Mapping for AAA Override

For FlexConnect deployments, you now have the option to configure AAA override VLANs for dynamic VLAN assignment of locally switched clients.

Group-Based Access Control Policy Dashboard

With the Group-Based Access Control Policy dashboard, you can view a summary of network activity, policy-related issues, and traffic trends. In the Cisco DNA Center GUI, click the Menu icon and choose Policy > Group-Based Access Control > Overview to view this dashboard.

IPAM Trust Certificate Handling

Previously, you had to manually import the trust certificate for IP Address Manager (IPAM) integration. With this release, when you add an IPAM to Cisco DNA Center, the trust certificate is automatically added to the Cisco DNA Center trustpool.

License Manager Supports FQDN Configuration in Smart Proxy and On-Prem SSM Modes

If a satellite is configured with a fully qualified domain name (FQDN), the call-home configuration of the satellite FQDN is pushed instead of the IP address.

Manage Device Credentials - Usability Enhancements

You can view the credential status of all the devices in a site in the Design > Network Settings > Device Credentials window.

New Device Support for Return Material Authorization

You can replace a failed device with a new device and use the Return Material Authorization (RMA) workflow to replace the image, license, and configuration on the new device.

Cisco DNA Center provides one-touch RMA support for the following switches:

• Switches that are discovered and configured using LAN automation, including the seed devices (LAN automation primary and peer devices)

• Devices configured as fabric in a box (standalone only)

New Model Config Design for AAA RADIUS Attributes

The AAA RADIUS Called-station-id parameter that is configured on Cisco AireOS Controllers and Cisco Catalyst 9800 Series Wireless Controllers is no longer restricted to be the ap-macaddress-ssid attribute value. You can now create a model configuration for AAA RADIUS attributes and choose from a list of several attribute values.

Port Actions

You can clear the MAC address of a port and shut it down. To activate an error-disabled port, clear the MAC address and then shut down the port.

RADIUS Profiling Configuration on Controllers

You can enable RADIUS client profiling on Enterprise service set identifiers (SSIDs).

Rebranding of Application Policy as Application QoS Policy

The menu navigation for Application Policies is changed from Policy > Application to Policy > Application QoS.

Replace Device Workflow

The workflow guides you step-by-step to replace a faulty device.

Retry Image Update Tasks

You can retry the image update for failed image update tasks.

Share Custom Topologies

You can mark a topology view as "shared." The shared custom topologies are viewable by other users irrespective of their role.

Smart License Policy Compliance

The Smart License Policy (SLP) compliance shows a timeline graph of the license usage reports sent from Cisco DNA Center to Cisco Smart Software Manager (CSSM). Devices that are a part of the license usage reporting process are shown in a table.

Support for a New Stadium (Large Public Venue) Antenna

Cisco DNA Center now supports the C-ANT9104 antenna, which integrates with the C9130AXE to provide dual 5-GHz 4x4 radios with high gain, steerable, and switchable functions. With Cisco DNA Center, you can select the beam steering (direction) for the antennae. The following modes are available:

• Wide beam

• Narrow beam

• Narrow beam with 10 degrees of tilt

• Narrow beam with 20 degrees of tilt

The beam steering configuration is available for antenna combinations ABCD (the left antennae) and EFGH (the right antennae). The antenna pattern names are set based on the selected beam. You can visualize the heatmaps on Cisco DNA Center floor maps.

Support for Cisco Wi-Fi 6 Wide Interface Pluggable Module

Cisco DNA Center now supports the Cisco Wi-Fi 6 Wide Interface Pluggable Module for Cisco Catalyst IR1800 Rugged Series Routers.

Template Editor

• The Simulation Editor option is available for composite templates to provide one integrated form for all the composite templates, which allows you to run a simulation for composite templates without having to go to multiple templates.

• When you provision a device, the Advanced Configuration window displays an integrated form to all member templates in the composite template.

• While creating a new template, in the Select Device Type (s) window, each device model in the device type hierarchy is sorted alphabetically. The Template Editor also allows you to mark a device model as a favorite to create a custom favorite list of device models.

Wireless Maps: View the KPIs of AP Neighbors

For wireless maps, you can hover your cursor over an AP to view the dBm values for the neighboring APs.

Cisco AI Network Analytics — Radio Insights Based on Client Experience

Cisco AI Network Analytics uses machine learning algorithms to identify wireless APs with a potentially poor client experience. APs are continually analyzed over long periods and those suspected of providing a suboptimal client experience are grouped by underlying root cause and suggested improvements.

Power over Ethernet (PoE) AP Power Mode Distribution Dashlet

You can display the distribution of fully- and partially-powered APs. To display this information, click the menu icon and choose Assurance > PoE. The PoE dashboard opens.

Trend View Enhancement for Wireless Clients in Client Dashboard

In the Client Health Summary, the trend view of wireless clients is enhanced. The radial bar chart provides the distribution of clients that failed to onboard, and the reason for the onboarding failure.

Virtual Network 360 Window

You can view details about a virtual network. To display this information, click the menu icon and choose Assurance > Health > SD-Access.

Webex Client 360

In the Webex Client 360, the client meetings table is enhanced with the following columns to indicate the overall health for each meeting:

• Application: Shows the health scores and KPIs reported by the Webex Control Hub.

• Network: Shows the health scores and KPIs reported by Cisco DNA Center through NetFlow exported from the managed network devices.

Site Hierarchy Support for Assurance

The Assurance > Health and Assurance > Issues dashboards are enhanced to show a Site hierarchy filter and Site table for the health tabs, such as Overall, Network, and Clients, and issues tabs, such as Open, Resolved, and Ignored.

AP 360 KPIs

The following AP details attributes are included in the Device Details area:

• General Information - Power Status

• Network Information - Connected Switch

Under the Connectivity tab, the following attributes are included:

• Connected Switch banner is added for Ethernet Interface KPIs.

• Current Channel and Extended Channel(s) are added for Radio Specific KPIs.

Under RF tab, Clean Air Status and Tx Power is added for Radio Specific KPIs.

Tx Power and Channel Information charts are newly added for Radio Specific KPIs.

Auto Refresh

The Cisco DNA Center Assurance health window supports Auto Refresh settings. This settings option allows you to enable the auto refresh capability for the assurance windows, such as Overall health, Network, Client, Application, Device 360, Client 360 and Wi-Fi 6.

Client 360 Onboarding Times

In Client 360, the timeline slider displays the client onboarding details, such as Association, Authentication, and DHCP time.

Dedicated SSID Filter Added in Application Health Dashboard

The SSID filter option is added to the Assurance > Health > Application dashboard. The SSID filter option allows you to choose the SSID. Depending on your selection, the information in the Application Health dashboard is refreshed.

IPv6 Support for Application Assurance and Telemetry

Monitors IPv6 traffic from the following devices and shows the monitored data in the Assurance dashboard:

• Cisco Catalyst 9300 Series and Catalyst 9400 Series switches running Cisco IOS-XE software version 17.2.1 or later.

• Routers running Cisco IOS-XE software version 17.3 or later.

• Cisco DNA Traffic Telemetry Appliance running Cisco IOS-XE software version 17.3 or later.

Neighbor and Rogue View for AP 360

For AP 360, the Neighbors and Rogues section is displayed under the RF tab, which contains filters, such as Band (2 GHz and 5 GHz), Type (All, Neighbor, and Rogue), and RSSI Range (0 to -100 dBm). Depending on your filter selection, the AP device and Wi-Fi analyzer graph is refreshed.

Network Heatmap Enhancements

The Network Heatmaps window supports Export of heatmap data to a CSV file.

Network Services

With this release, the Network Services tab is added to the Assurance > Health dashboard. The Network Services tab allows you to view and monitor all the transactions and latencies of AAA and DHCP servers reported by wireless controllers.

Network Services Dashlet

In the Overall Health dashboard, a new Network Services dashlet displays the total successful and failed transactions for all the AAA and DHCP servers reported by wireless controllers in your overall enterprise.

Path Trace Enhancements

Path Trace is enhanced with the Live Traffic to capture the network packets.

PoE Enhancements

In Assurance > Dashboards > PoE dashboard, a new PoE AP Power Mode Distribution dashlet displays the distribution of fully powered and partially powered APs.

In addition, Power over Ethernet (PoE) elements for APs are now displayed in device and client detail windows.

SD-Access Landing Window and Fabric View

With this release, the SD-Access tab is added to the Assurance > Health dashboard. Fabric-specific health information is provided in separate windows from the network health window. You can display the overall SD-Access fabric network health and drill down to view details about site-specific and device-specific fabric health information.

Server Latency for Client Onboardings

In the Client Onboarding Times dashlet, the detailed view of latest client onboardings chart displays Server and Latency time for Authentication and DHCP onboardings.

Webex Client 360 Enhancements

In Client 360, use the Webex 360 to view and monitor the client webex meetings.

Cisco AI Endpoint Analytics Enhancements

Cisco AI Endpoint Analytics assigns Trust Scores to endpoints based on the number and frequency with which the following anomalies are detected for an endpoint:

• AI Spoofing Detection

• Changes in Profile Labels

• NAT Mode Detection

• Concurrent MAC Addresses

Detect Endpoints that Use Random MAC Addresses

With Cisco AI Endpoint Analytics, you can detect endpoints that use random MAC addresses.

Cisco AI Endpoint Analytics enables you to handle the issue of random and changing MAC addresses by receiving from Cisco ISE a unique endpoint identifier called the DUID (also known as the GUID in Cisco ISE). Cisco AI Endpoint Analytics then uses the DUID as the identifier for an endpoint, instead of its MAC address.

Overlapping IP Address Configuration in FlexConnect Deployments

You can configure overlapping IP address in FlexConnect deployments on Cisco Catalyst 9800 Series Wireless Controller software version 17.4.x or later and Embedded Wireless Controller on Catalyst Access Point.

The overlapping IP address pools feature allows you to configure overlapping IP address pool groups to create different address spaces and concurrently use the same IP address in different address spaces.

Purge Endpoints After Inactivity

You can define an Endpoint Purge Policy to remove from your network the endpoints that have been inactive for a defined time. You can define the period of inactivity after which an endpoint must be removed. You can also customize a purge policy to act on a particular set of endpoints based on a profiling attribute.

Support for C-ANT9104 Antenna

The C-ANT9104 antenna supports the following configurations:

• You can configure the beam steering for the antennae under Design > Network Settings > Wireless > Antenna Radio Profile. The beam steering configuration is available for antenna combinations ABCD (left antennae) and EFGH (right antennae).

• You can configure radio antenna profiles on the antenna slots while provisioning the AP on the Provision Devices window. This configuration is supported on Cisco Catalyst 9130AXE Unified Access Points with Cisco Catalyst 9800 Series Wireless Controller software release 17.6 or later.

Support for Dual 4x4 Radios

In earlier releases, Cisco DNA Center leaves all Cisco Catalyst 9130 slot 2 radios in the default (disabled) mode. In this release, Cisco DNA Center enables slot 2.

Enabling slot 2 in a Cisco Catalyst 9130 configures dual 5-GHz mode (dual 4x4 radios). Disabling slot 2 configures single 5-GHz mode (one 8x8 radio).

Support for New Outdoor APs

This release introduces support for the following outdoor APs:

• Cisco Catalyst 9124AXE Series Unified Access Points

• Cisco Embedded Wireless Controller on Catalyst 9124AX Access Points

Wireless Maps Support for a New Stadium (Large Public Venue) Antenna

Cisco DNA Center supports the C-ANT9104 antenna, which integrates with the Cisco Catalyst 9130AXE Unified Access Point to provide dual 5-GHz 4x4 radios with high gain, steerable, and switchable functions.

The beam steering configuration is available for antenna combinations ABCD (the left antennae) and EFGH (the right antennae). The antenna pattern names are set based on the selected beam; you can visualize the heatmaps on Cisco DNA Center floor maps.

Wireless Maps Support for New APs

This release introduces wireless maps support for the following APs:

• Cisco Catalyst 9124AXE Series Unified Access Points

• Cisco Embedded Wireless Controller on Catalyst 9124AX Access Points

WLAN Security Type Override

The sites, buildings, and floors inherit settings from the Global hierarchy. You can now override the level of security at the site, building, or floor level.

Configure AAA Server

Cisco DNA Center lets you add and configure AAA servers for enterprise and guest wireless networks.

Cisco DNA Center lets you override the set of AAA server configurations for an SSID on the site level. You can configure a maximum of six AAA servers for an SSID of enterprise and guest wireless networks.

The configure AAA feature is supported on Cisco Catalyst 9800 Series wireless controllers and AireOS wireless controllers in Cisco DNA Center 2.2.1.x.

The configure AAA feature is supported on embedded wireless controllers on Catalyst 9000 Series Switches in Cisco DNA Center 2.2.3.x.

Dynamic Default Border

LISP Pub/Sub configuration automatically enables Dynamic Default Border.

With Dynamic Default Border, an external border node tracks the presence of the default route in its routing tables and registers itself with the control plane node as a default border node. A fabric edge node or an internal border node sends its unknown destination traffic to the default border by dynamically learning about the presence and absence of the default route on the default border.

If the external border node fails, loses its upstream connectivity, or otherwise no longer has the default route, its registration as a default border is withdrawn from the control plane node. This provides for an immediate convergence so that other fabric nodes cease sending traffic to that external border, thus minimizing the traffic loss.

In a multisite deployment where multiple fabric sites are connected to an SD-Access transit, border nodes register themselves as default border nodes with the transit control plane node as well. Fabric sites without direct internet access learn about the presence or absence of the default route available through other fabric sites which provides the Remote Internet functionality. Fabric sites with direct internet access learn about the presence or absence of the default route available through other fabric sites providing the Backup Internet functionality.

Locator/ID Separation Protocol Publish/Subscribe

Locator/ID Separation Protocol Publish/Subscribe (LISP Pub/Sub) provides native LISP support to handle the communication between the border nodes and the control plane nodes in an SD-Access fabric. LISP Pub/Sub uses the publication-subscription architecture in the control plane communications between the devices. The LISP mappings from the Mapping System are published to interested subscribers.

In a fabric site with multiple borders nodes, each border node subscribes to the LISP mapping information from the control plane node. The control plane node publishes any change in the map-cache entry. With this mechanism, the mapping changes are notified faster, and it brings down the border convergence time (see Dynamic Default Border). A fabric edge node dynamically learns about the presence or absence of the default route on the external border.

In a multisite deployment where multiple fabric sites are connected to an SD-Access transit, the transit site control plane node tracks the default route across all connected fabric sites. The border nodes of a fabric site are notified of the site-registration changes on each of the sites that they are connected to.

Here are some design considerations for a fabric using a LISP Pub/Sub control plane:

• In Cisco DNA Center 2.2.3, LISP Pub/Sub is supported only on newly created fabric sites. Existing fabric sites can't be upgraded to a LISP Pub/Sub control plane.

• Cisco IOS XE 17.6.1 is the minimum software version required to support LISP Pub/Sub. All fabric devices with the site (except Extended Nodes and Policy Extended Nodes) must be operating on Cisco IOS XE 17.6.1 and later releases.

• A LISP Pub/Sub architecture cannot coexist with a LISP/BGP architecture in the same fabric site.

• A fabric using a LISP/BGP control plane and a fabric using a LISP Pub/Sub control plane can’t interoperate through the same SD-Access Transit.

• A virtual network anchored to a multisite remote border with a LISP Pub/Sub control plane can only be extended to fabric sites that use a LISP Pub/Sub control plane. A virtual network anchored to a multisite remote border with a LISP/BGP control plane can only be extended to fabric sites that use a LISP/BGP control plane.

SD-Access Fabric UX 2.0: Automation

The GUI experience is enhanced, which integrates simplicity, flexibility, and a rich, intuitive context. Phase 1 of SD-Access UX 2.0 restructures, updates, and enhances workflows, views, and day-N management tasks for VNs. The new workflows focus on:

• Gateway creation

• Layer 2 VN creation

• Layer 3 VN creation

• Fabric site and fabric zone creation

You can use the GUI toggle on the Cisco DNA Center menu bar to switch between the old GUI and the new one.

SD-Access Fabric Zones

You can create smaller fabric zones within a fabric site. A fabric zone inherits all the properties of its parent site while helping you manage the network with a lesser number of segments and devices. A fabric zone falls back on its parent site for the control plane and border. But a fabric zone can have its own edge devices and extended node devices that are independent of the parent site. Zoning is useful in networks which require large scale deployment of edge and extended nodes in a single fabric site.

Here are some design considerations for a fabric zone:

• In a new deployment, when a fabric zone is created, all properties of the parent fabric site (like IP pools, virtual networks, authentication profiles, multicast settings, and so on) are inherited by the fabric zone.

• You can assign the required number of IP pools and virtual networks to a fabric zone. Ensure that these segments are already assigned to the parent site before assigning them to the fabric zone.

• You cannot add a control plane node, a border node, or a fabric wireless controller to a fabric zone. These nodes can only be present in the parent site. You can only add edge nodes and extended nodes to a fabric zone.

• If you upgrade to Cisco DNA Center 2.2.3 from an earlier release, you can create fabric zones on the existing fabric sites. All the edge nodes and extended nodes of the site are automatically added to a fabric zone when it’s created.

Fabric Access Point

Cisco Catalyst 9124AXI Series Unified Access Points

C9124AXI-B

A Cisco Catalyst 9124AXI Series Unified Access Point supports Wi-Fi 6 standard and multigigabit Ethernet, among other features. It’s supported in Cisco IOS XE 17.5.1 and later releases.

CSCvy24763

After successfully starting a report in Cisco DNA Center, the report may display the following error:

Sorry, data collection failed - this report failed because the operation timed out or the server not responding.
Please try again later or create a new report.

CSCvy30606

A wireless LAN controller stops sending telemetry data to Cisco DNA Center, so Assurance stops plotting health.

This problem occurs exactly one year from the date that the wireless LAN controller is added to the site in Cisco DNA Center. The following syslog message confirms the problem:

Aug 18 02:19:05.640: %PKI-3-KEY_CMP_MISMATCH:
Key in the certificate and stored key does not match for Trustpoint-sdn-network-infra-iwan.

Do the following to reconfigure the certificate:

1. In the Cisco DNA Center GUI, choose Provision > Network Devices > Inventory.

2. Choose the device and from the Actions drop-down list, choose Telemetry > Update Telemetry Settings.

3. In the Update Telemetry Settings window, do the following:

   1. Check the Force Configuration Push check box to push the configuration changes to the device.

   2. Click Next.

   3. Click the Now radio button.

   4. Click Apply.

CSCvy36848

The System Health monitoring of Cisco IMC checks only DN2 parameters. Errors are seen if the Cisco DNA Center is a DN1 hardware appliance.

CSCvy49033

During the upgrade of a three-node cluster, the precheck may not determine the status of a node being down.

CSCvy61817

During sensor provisioning, wireless LAN controller devices are not provisioned with the CiscoSensorProvisioning SSID.

CSCvy61888

For wireless-enabled Cisco Catalyst switches and Catalyst 9800 devices, when there is any update on the Cisco ISE ACL rule entries (such as DHCP, DNS, or SSID ISE PSNs), Cisco DNA Center replaces the ise-acl "DNAC_ACL_WEBAUTH_REDIRECT" completely on the controller, instead of updating only the changed rule-acl entries. This problem is due to a NETCONF framework limitation, where the NETCONF RPC must contain the final configuration to be present on the device. If the NETCONF RPC for DNAC_ACL_WEBAUTH_REDIRECT contains only the updated rule-acl entries, the device is added with only new rule-acl entries under DNAC_ACL_WEBAUTH_REDIRECT.

This problem occurs under the following conditions:

1. Device types: Catalyst 9300, 9400, 9500 with wireless enabled and Catalyst 9800.

2. Controller provisioned with guest Cisco ISE SSIDs.

3. Modify the SSID ISE Policy Service Nodes (PSNs) on the Cisco DNA Center wireless window, or modify the DHCP/DNS address on the Cisco DNA Center Network Settings window that is part of the ise-acl "DNAC_ACL_WEBAUTH_REDIRECT."

4. Reprovision the controller.

CSCvy62293

After APs in Local mode change to Bridge mode, they can no longer join the Cisco Catalyst 9800 Series Wireless Controller.

CSCvy62309

During the upgrade, the precheck does not validate the status of disaster recovery (DR) being in the PAUSED or NOT PAUSED state. This occurs because there is no specific validation for this part of the upgrade.

CSCvy63072

After a disaster recovery (DR) failover, when you perform a trust re-establishment operation within 15 to 20 minutes, Cisco ISE cannot reconnect the Reader role to Cisco DNA Center.

This problem applies only to Cisco DNA Center being brought back to a Reader role.

CSCvy80243

The AI Analytics package does not currently support IPv6, which implies that you cannot onboard to the AI Analytics cloud.

CSCvy80587

When an overall system upgrade is triggered and the upgrade results in a failure, no notification is sent.

CSCvy81930

If an SSID is moved to a different wireless policy profile via the wireless controller GUI and has already been learned by Cisco DNA Center, the Device Config Learn workflow does not recognize that the SSID is attached to a different profile, and ignores the SSID. The behavior, which is expected, is as follows:

1. SSID1 is mapped to PolicyProfileX and learning is triggered, which creates SSID1 in Cisco DNA Center.

2. Modify the SSID-to-profile mapping on the device so that SSID1 is mapped to PolicyProfileY.

3. Resynchronize the device, and trigger a relearn.

4. If the contents of PolicyProfileX and PolicyProfileY are the same, Cisco DNA Center marks SSID1 as a duplicate, not as a new SSID.

5. If the contents of PolicyProfileX and PolicyProfileY are different, Cisco DNA Center displays the SSID under CONFLICT. You can then choose either the device configuration or the Cisco DNA Center configuration for the SSID.

CSCvy82221

The IPAM Manager (Infoblox) is shown as Unavailable in the System 360 window. The System Health window shows the following error:

IPAM connection to Cisco DNA Center offline.

In addition, when you edit an existing IPAM integration or add a new IPAM Manager, the following error is shown:

NCIP10283: The remote server presented a certificate with an incorrect CN of the owner.

Disaster Recovery (DR) operations performance timing increases during the DR rejoin task.

CSCvy89609

When a restore operation performed on a Cisco DNA Center system gets canceled while in progress, you might not receive the "Restore initiated" and "Restore failed" notifications.

CSCvy94699

A fabric zone that doesn't have or doesn't inherit the Fabric Site Auth Mode settings is not pushed to edge nodes.

CSCvz05135

For an endpoint with only one trust score value, if you click Reset for any individual section, the check box to keep or remove the ANC policy is not displayed. (The check box is displayed for a global reset.)

CSCvz06121

The Flex IP overlap model config adds an extra flex profile for each floor.

CSCvz08017

Several system monitoring events, such as "SYSTEM_SCALE_DEVICES_WIRED" and SYSTEM_SCALE_PHYSICAL_PORTS," are not shown in the System Health window.

CSCvz10683

The Fabric Overall Health score is missing for some edge and extension nodes.

CSCvz14650

For a sensor RF assessment, the data rate test case fails for a sensor image that reports a data rate of 6 Mbps or lower. This problem causes overall issues with sensor test results.

This behavior is expected based on how the sensor and the AP choose data rates, and based on how Cisco DNA Center classifies data rate failures. The sensor and the AP use VHT rates (MCS0 to MCS9). When the sensor performs tests, it uses data rates higher than MCS6.

However, when there's network traffic or the RF environment is busy, the sensor and the AP use MCS0 (6 Mbps). When the sensor reports data rates of 6 Mbps to Cisco DNA Center, Cisco DNA Center marks the test as a failure, because Cisco DNA Center has a failure threshold of 6 Mbps.

CSCvz17135

After an Elasticsearch restore completes, NetFlow records are not processed.

CSCvz43990

SWIM operations or any other scheduled operations might fail, indicating that the request to the back-end service timed out.

CSCvz59350

Switch 360 window doesn't show the MAC address for a switch added with an FQDN address.

CSCwa19027

Cisco DNA Center pushes the command "automate-tester username dummy ignore-acct-port probe-on" as part of its standard Cisco SD-Access configuration. Cisco DNA Center pushes the "automate-tester" configuration so that the device sends periodic RADIUS requests to the RADIUS server. The server is marked as Up if the device receives a response; the server is marked as Down if the device doesn't receive a response.

It doesn't matter whether the user exists in Cisco ISE, because the device merely looks for a response from the RADIUS server, regardless of whether authentication succeeds or fails.

If the corresponding Cisco ISE authentication policy uses the "Drop" action instead of the default "Access-Reject" action when the user does not exist, the AAA server might get marked as Dead when Cisco ISE drops the packet (because the dummy user does not exist on Cisco ISE). This in turn could affect CTS operation, and the following log is generated every minute:

%CTS-3-AAA_NO_RADIUS_SERVER: No RADIUS servers available for CTS AAA request for CTS env-data SM

CSCwa30225

When you try to recover the Cisco DNA Center maglev CLI password, after selecting the Recovery mode image from the GRUB menu, the boot up hangs and never gets to the step where it prompts you to enter Rescue mode.

This problem occurs in Cisco DNA Center 2.2.3.x when you try to recover the password as described in the Cisco DNA Center Maglev CLI Password Recovery document.

To work around this problem, do the following:

1. Get into Recovery mode as described in the Cisco DNA Center Maglev CLI Password Recovery.

2. Enter the following command to SSH into the Cisco Integrated Management Controller (IMC):

   ssh admin@<cimc>

3. When your KVM console hangs in Recovery mode, enter the following command to connect to the host:

   connect host

4. After you connect to the host, you are prompted to change the password.

CSCwa56438

The device count is shown at the top of the Plug and Play window, but there is no device list.

This problem occurs when the sort is on the Index column, which is the default option for the Plug and Play device display in this release.

To work around this problem, simply click any column other than the Index column. The devices are then shown in the device list.

CSCwa86877

In an IPv6 environment, a Cisco DNA Center upgrade from 2.2.2.8 to 2.2.3.4 fails because the network-programmer service fails to start up.

To work around this problem, manually upgrade the IPv6 applications from the CLI to the expected release before upgrading the network-visibility package.

CSCwa88686

Cisco DNA Center 2.2.2.x and 2.2.3.x: KGV validation failure.

CSCwa88971

The services that startup post HA node reboot were impacted as they were unable to connect to RMQ for creating some queues.

CSCwa99062

After upgrading to Cisco DNA Center 2.2.3.4, glusterfs-hostagent goes to "OOMKilled" state.

CSCwb18801

If you use the special character '<' in the preshared key SSID for wireless controllers, and then configure and provision the same SSID in Cisco DNA Center, Cisco DNA Center flags the '<' character with the following error:

< is not allowed for security reasons.

For security reasons, Cisco DNA Center restricts the usage of certain special characters in various API payloads. Cisco DNA Center blocks the following characters:

<
%3C
&lt
&lt;
&LT
&LT;
&#60
&#060
&#0060
&#00060
&#000060
&#0000060
&#60;
&#060;
&#0060;
&#00060;
&#000060;
&#0000060;
&#x3c
&#x03c
&#x003c
&#x0003c
&#x00003c
&#x000003c
&#x3c;
&#x03c;
&#x003c;
&#x0003c;
&#x00003c;
&#x000003c;
&#X3c
&#X03c
&#X003c
&#X0003c
&#X00003c
&#X000003c
&#X3c;
&#X03c;
&#X003c;
&#X0003c;
&#X00003c;
&#X000003c;
&#x3C
&#x03C
&#x003C
&#x0003C
&#x00003C
&#x000003C
&#x3C;
&#x03C;
&#x003C;
&#x0003C;
&#x00003C;
&#x000003C;
&#X3C
&#X03C
&#X003C
&#X0003C
&#X00003C
&#X000003C
&#X3C;
&#X03C;
&#X003C;
&#X0003C;
&#X00003C;
&#X000003C;
\x3c
\x3C
\u003c
\u003C

CSCwb28540

Cisco DNA Center 2.2.2.8: A tag mismatch is seen between the primary and secondary controllers.

CSCwb78437

When you try to configure ServiceNow for the first time, Basic ITSM (ServiceNow) CMDB Sync fails to initiate RestClient processing.

CSCwb91384

In the Cisco DNA Center Schedule Report page, custom time range fields (From/To) may not accept some values when you schedule a report using a custom time range with the PM option in non-English mode UI.

CSCwb96420

Cisco DNA Center formats Syslog events with the IP address of the destination configured under the Destinations menu, which causes the Syslog messages to be originated from QRadar and Splunk instead of from Cisco DNA Center.

CSCwc09007

When you upgrade from Cisco DNA Center 2.2.3.4 or earlier to 2.2.3.5 or later, the System > System Health > Validation Tool shows the status of a validation run executed before the upgrade as Partial Success, even when there are validations with a status of Critical or Warning.

This problem occurs because the status of a validation run from 2.2.3.4 or earlier shows Partial Success if at least one of the validations is Success or Info. The status of a validation run from 2.2.3.5 and later shows Critical/Warning if at least one validation has a status of Critical/Warning.

Old validation runs (executed before the Cisco DNA Center upgrade) continue to show the validation run status as before.

CSCwc09546

When you try to integrate Cisco DNA Center 2.2.3.4 with Infloblox 8.5.0 as the IPAM manager, the integration fails with the following error:

NCIP10269: IPAM external sync failed: NCIP10264: Non-empty Cisco DNA Center parent pool x.x.x.x/8 exists in external ipam

In this scenario, IP pool x.x.x.x/8 is being used on Cisco DNA Center for fabric and on the IPAM server for different servers/clients. The integration fails because duplicate IP pools are in use for the Inflobox and IPAM integration.

CSCwe27538

LLDP packets aren’t forwarded to clients on Layer 2 flooding-enabled VLAN ports.

CSCwe28523

In a Cisco DNA Center disaster recovery setup, the MongoDB replication may fail with a conflict error.

The log from the dr-mongodb-replicator service displays an error similar to the following:

[23:22:44 UTC 2023/02/05] [EROR] (mongoshake/executor.(*BulkWriter).doUpdate:349) detail error info with index[0] 
msg[Updating the path 'lastProbeCollectionTimeStamp' would create a conflict at 'lastProbeCollectionTimeStamp'] dup[false]

Other data (such as wireless maps and SWIM images) is missing after the failover.

CSCvy30961

Cisco DNA Center - Smart Licensing "Error in loading data".

CSCwb02969

After provisioning a switch stack (9500) and a fabric configuration, the switch displays the following error message: "Managed Internal error".

CSCwb28540

[CFD]: Cisco DNA 2.2.2.8 tag mismatch between the primary and the secondary controller.

CSCwb90766

Missing 'map-cache ::/0 map-request' under service-ipv6.

CSCwb93305

AP refresh workflow fails: "AP already part of another AP refresh task 'null'".

CSCwc23153

Cisco DNA Center is trying to provision IOx interface.

CSCwc39642

Cisco DNA Center [2.3.x.x] Event Notification using Webex, REST, and email stop working after upgrade.

CSCwc53078

Connection between config archive and broker agent service is reset, and as a result, drift is not working.

CSCwc53593

Static port assignment failure - NCSO20013: Provisioning failed due to invalid request.

CSCwc59647

Cisco DNA Center - VM: Stale entries for RD remains in DB while adding back VN to Fabric.

CSCwc64081

Incorrect TLD length check for ISE FQDN.

CSCwc78766

Removing an IP address segment from a fabric site causes the site to report an error.

CSCwc79851

Device shows not ready for ThousandEyes integration in Cisco DNA Center.

CSCwc86109

Filesystem is showing 100% utilization; found Postgres to be over 230GB in size.

CSCwd00896

The APGroup config is removed in implicit provisioning, resulting in a wireless outage while resetting AAA inheritance.

CSCwd02734

Error when adding IP Pool to fabric zone - NCSP11108: Error occurred while processing the request.

CSCwd09391

Cisco DNA Center orchestrated app hosting gets disabled on the AP when the primary WLC is changed.

CSCwd24258

Generic Provisioning Error: NCS010011: Error in generating CFS due to internal error.

CSCwd25750

Scale: Under scale kafka pod not able to handle data and slows down with gaps in Assurance.

CSCwd32998

Fabric host onboarding provisioning failure.

CSCwd40306

Cisco DNA sends SNMP trap payload field snmpTrapAddress with the external SNMP collector IP.

CSCwd46164

SWIM upgrade of 3850 switch stack may only allow active switch to recover after reboot.

CSCwd48297

If at least one flex-SSID has been configured, it is not possible to create a non-flex APGroup.

CSCwd48939

Add WLC through API call failed when the control plane in fabric site is configured with PubSub.

CSCwd53101

Cisco DNA Center 2.3.3.5: WLC provisioning fails with NCSP11001 error.

CSCwd55811

In the Network Hierarchy page, the filter to add the sensor on the map floor is not working.

CSCwd59216

Prov 9800 fail with NCSP11108: Error occurred while processing the request DIV:I WirelessGrouping.

CSCwd62967

Cisco DNA Center Inventory telemetry - Compute resources running out on Cloud side.

CSCwd66051

Cisco DNA Ctr shows IOS telemetry subscription as successful, irrespective of device subscription status.

CSCwd75024

Functional [2.3.3.5]: WLC provision failed due for "Device Controllability and Telemetry".

CSCwd82722

NCSP11108: ERROR: Duplicate key value violates unique constraint "wlan_bk" (DIV) - Fiab eWLC.

CSCwd84123

SDA: Enabling Fabric Pool features provision failure with error "%No policy information".

CSCwd86638

Addition of node on 2.3.3.5 fails on upgraded cluster.

CSCwd86714

Sticky-scheduler service is down after upgrade to 2.3.3.5.

CSCwd89482

SWIM internal calls going to proxy-issues with Distribution / loading Image update WF / DNAC CA push.

CSCwd90641

[CFD]: Cisco DNA Center ERROR: Duplicate key value violates unique constraint "wirelessgrouping_bk".

CSCwd91440

Functional: Alpha Ghost 70586 - 9800 ewlc provisioning fails with error NCSP11108 after intra upgrade.

CSCwe04247

Error when applying critical fix for “Closed Authentication Mode Template Update”.

CSCwe10186

Wrong fabric zone is being assigned for multicast pools when bulk fabric zones are created.

CSCwe15942

Images not displayed under Image Families.

CSCwe17325

Cat3850/ 16.12.x / Base image getting deleted before SMU is copied to the switch.

CSCwe19750

Cisco DNA Center: AI RF Profile pushing 6GHz profile with non-Europe compliant channels.

CSCvw18193

The size of the PAC key increases on every migration.

CSCvx24461

After editing an SSID previously configured in Cisco DNA Center, provisioning the Cisco Wireless Controller with the new information may fail with the following NETCONF error:

Validation failed Process DBAL response failed.

CSCvz86051

Unable to see any devices in the Thousand Eyes Cisco DNA Center app hosting workflow window. The Manage tab shows already installed devices, but no devices are shown in the Install tab.

CSCwa21091

Cisco DNA Center may fail to provision a Cisco Catalyst 9800 Series Wireless Controller. The following error is displayed:

NCSP10001: User intent validation failed.

CSCwa29973

CTS credentials of the device are not in synch with the Cisco ISE NAD entry.

Cisco DNA Center system certificate accepts certificates that fail the domain validator.

CSCwa59438

The Meraki dashboard and Firepower Management Center (FMC) show an internal error.

CSCwa61489

Vulnerabilities for Cisco DNA Center 2.2.3.4.

CSCwa88686

Download of latest KGV files fails due to a certificate change on tools.cisco.com.

CSCwa90857

Template provisioning of SNMP commands may fail due to special characters.

CSCwa95316

Vulnerabilities for Cisco DNA Center 2.2.2.8.

CSCwa97774

Cisco Wireless Controller provisioning fails because the snapshot doesn't exist for the namespace.

CSCwb04206

PnP connect cannot delete a profile that is not present in the PnP cloud.

CSCwb08617

Cisco Wireless Controller provisioning fails with the following error:

NCSP10250: Error during persistence (modify) of CFS & SerializedSnapshot - RfProfileCfs.

CSCwb12382

Cisco Catalyst 9200 Switch application visibility is not seen in Cisco DNA Center because the tenant ID is SYS0 instead of a valid value.

CSCwb12514

Cisco DNA Center 2.2.3.3: The Application 360 window has gaps on the health chart.

CSCwb12871

When importing Ekahau project files, Cisco DNA Center may display the obstacle types and attenuation values as different from what is configured in the Ekahau project.

CSCwb13062

Cisco DNA Center 2.2.3.4: Unable to start LAN automation. The following error is displayed:

Error while reserving subnet : NCIP10288.

CSCwb13771

A QoS custom application is categorized as "Default" business relevance by the device.

CSCwb15711

Fabric edge provisioning fails if you use a single-digit VLAN ID with SGT during pool addition in a virtual network.

CSCwb23176

Cisco 1800S sensors become unreachable and fail to auto register with Cisco DNA Center through the PnP flow.

CSCwb25760

Unable to view a virtual network on the Add Virtual Network window under fabric host onboarding.

CSCwb27102

Cisco DNA Center pushes the configuration on fabric edge ports for BPDU guard on its own even after it was manually removed.

CSCwb27511

A wireless grouping entry cannot be deleted, which causes a Cisco Wireless Controller provisioning failure.

CSCwb29208

In the Cisco DNA Center, the Scheduler for the ServiceNow Asset fails to synchronise.

CSCwb32387

Cisco DNA Center 2.2.2.8: A recovery site cannot be deregistered.

CSCwb35644

While unsubscribing Cisco DNA Center platform events, the following error is displayed:

Subscription already exists.

CSCwb40106

Software image management (SWIM) does not show an activation task even after successful image transfer.

CSCwb42071

Switch provisioning fails with the following error:

Duplicate key value violates unique constraint "manageddcs_unique_key."

CSCwb43650

Evaluation for Spring4Shell vulnerability (CVE-2022-22965).

CSCwb44246

A few IP address pools in the virtual network may be removed from the LISP configuration of edge switches.

CSCwb48383

An HTTP request to the webhook site is initiated from Cisco DNA Center.

CSCwb50439

Cisco DNA Center generates false DHCP issues for wireless clients connecting to an anchor cloud SSID.

CSCwb57463

Provisioning a single RF profile causes all the APs in the site to disjoin/join.

CSCwb68947

Unable to delete the multiple devices table snmpgroupversionsettings.

CSCwb73178

Cisco DNA Center 2.2.3.4: Disaster recovery failover hangs after you click the Pause button.

CSCwc01177

When you configure KPIs for APs in 5 GHz and disable KPIs for 2.4 GHz, Assurance for APs displays incorrect Overall Health metrics.

CSCwc40316

The Cisco DNA Center upgrade appears to hang at 0%. After some time, the upgrade times out with the following error:

System update failed during DOWNLOADED_SYSTEMUPDATER.
Downloading systemUpdatePackage system-updater:1.6.711 failed.

CSCvz51440

The Switch 360 page shows the wrong interfaces from other devices.

CSCvz61877

Cisco DNA Center's neighbor topology map for an AP may show that the link status is down toward the connected device, when the link is actually up.

CSCwa03336

Cisco DNA Center does not push AAA method accounting for the accounting lists mentioned in the wireless profile policy.

CSCwa23879

When configuring integration of Cisco ISE with Cisco DNA Center, RADIUS is enabled by default, and the pxGrid connection to Cisco ISE is enabled. TACACS+ is not enabled by default.

If you choose to enable TACACS+ and to also disable RADIUS, you must manually disable the pxGrid connection. Otherwise, the Cisco DNA Center System 360 windows shows the pxGrid state as Unavailable.

CSCwa25291

The Resume/Cancel configure access points workflow fails.

CSCwa40727

Fabric deploy sends an incorrect RADIUS authentication server command. Provisioning fails for Cisco AireOS wireless controllers.

CSCwa45898

NAC is not enabled via advanced SSID model config when provisioning two wireless controllers at the same time.

CSCwa51827

LISP key banner push fails for wireless devices in Cisco DNA Center 2.2.2.x.

CSCwa52917

A null pointer exception occurs when you try to access Show Task from the Image Repository window.

CSCwa56990

Cisco DNA Center has issues with displaying scalable groups on the Host Onboarding > Wireless SSIDs window. When you choose Assign SGT, the following message appears, and no SGTs are displayed:

No options are available

CSCwa57728

Upgrading from Cisco DNA Center 2.1.2.7 to 2.2.2.x fails at 41%. The unit quagga service does not load.

CSCwa59366

For Cisco DNA Center 2.2.2.x, the following error occurs when running LAN automation for an already reserved pool for the site where the device is being provisioned through LAN automation:

NCND01134: Invalid IP Pool. IpPoolId xx-xx-xx is not a valid LAN IP pool for site yyy.

CSCwa61159

In the Cisco DNA Center event notification, when you try to unsubscribe previously configured subscriptions from the event, the following error appears:

subscriptionDetails are wrongly configured [Field 'webExTeamsBotAccessToken' value is required] !

CSCwa61993

A subnet is not released while removing L3 Handoff when external IPAM is integrated.

CSCwa68838

The spf-service-manager-service does not start after an upgrade to Cisco DNA Center 2.1.2.7.

CSCwa69002

Cisco AI Network Analytics stores large amounts of metadata in the credential manager, causing DR registration failure.

CSCwa69594

The Report Template for the AP report on Cisco DNA Center has the "Location (Max of 10 options allowed)" filter for Setup Report Scope in the AP report.

The issue is that some Site Hierarchy locations are left out of the filter list. If the you enter "Text" for the search filter, some AP site locations are not listed in the Search Filter results.

CSCwa70463

An IPAM integration failure deletes intermediate CAs from the trustpool and Cisco ISE integration breaks.

CSCwa72663

The Update banner with a warning for wireless controller provisioning must show success before attempting a LISP key change.

CSCwa73670

SWIM_API: NCSW90008: Unable to reach Cisco.com due to an internal error (GetEULAForm).

CSCwa73823

The Assurance Client Health window does not load when Client Data Rate dashlets are deleted.

CSCwa77904

Wireless controller provisioning fails with an NCSP10246 internal error while attempting to transform.

CSCwa78331

Multiple devices display an internal error after a Cisco DNA Center upgrade to 2.2.3.4.

CSCwa82661

Port assignment in Host Onboarding does not work correctly.

CSCwa88951

After upgrading to Cisco DNA Center 2.2.3.4, the provisioning service receives DEVICE_LINE_CARD_ADDITION events for nonfabric devices and provisions those devices automatically.

The auto provisioning request message in the spf-service-manager log contains the following parameter:

context={spf.corelationdata={"DEVICE_LINE_CARD_ADDITION":true}

Auto provisioning due to a DEVICE_LINE_CARD_ADDITION event is applicable for SDA deployments to be able to automatically push dot1x security configurations to the ports added to fabric devices. However, auto provisioning is not applicable for non-SDA deployment use cases.

CSCwa90595

Wireless controller provisioning fails due to an invalid $apMac configuration element.

CSCwb10620

When you try to run any inventory report under Reports > Reports Templates > Inventory Reports, the report fails intermittently with the following error:

Sorry, data collection failed - this report failed because the operation timed out or server not responding.
Please try again later or create a new report.

CSCvw99479

The pipelineadmin service goes down and fails to restart after high availability on a three-node cluster.

CSCvx24973

When you run a full inventory report, the Cisco DNA Center 2.2.2.x build may fail to generate the report for CSV and PDF with a timeout issue.

CSCvx52786

Cisco DNA Center may not display an IP address pool or subnet when a user tries to create a segment, citing the errors, "NCIP10071: pool name can contain only alphanumeric characters, underscores and hyphens" and "NCIP10288: There was a failure in the ipam-service."

CSCvz11143

When you upgrade to Cisco DNA Center 2.2.3.x, all the existing generated reports show 0B report size in the report GUI.

CSCvz11253

A system upgrade from Cisco DNA Center 2.2.2.x to 2.2.3.x fails with the error, "Failed to created k8s resource using file."

CSCvz24855

Fabric provisioning fails when a border device is removed.

CSCvz26522

Cisco DNA Center doesn't let you add an internal border to a fabric site when a guest border exists.

CSCvz33630

The clear port configuration succeeds from the GUI, but the configuration is still present on the device.

CSCvz36352

LAN automation doesn't release the DHCP subnet while LAN auto start fails.

CSCvz41723

Editing floor GPS markers and saving returns the error, "Error coordinates (xx, yy) of GPS marker are outside of building."

CSCvz43500

WLANs on the foreign wireless controller are disabled upon provisioning of the anchor wireless controller.

CSCvz43887

Cisco DNA Center upgrades to the desired version but the applications fail to upgrade. This results in the application upgrade failing and the device hanging at a stand still.

CSCvz48322

In the Cisco DNA Center Event window, the Subject name field in the GUI does not change for different events. When you define the Subject name field for an event, that defined subject name is used for all other events.

CSCvz48575

An upgrade to Cisco DNA Center removes the TACACS key to network devices from Cisco ISE.

CSCvz55757

The wrong L2 instance is pushed to the anchoring site if a different VLAN name is used.

CSCvz56988

Cisco DNA Center's Stealthwatch Security Analytics (SSA) integration should address route lookup gaps for interface selection.

CSCvz58650

While running the Smart License-Enabled workflow, usage reports are not retrieved.

CSCvz59187

The create or update floormaps API documentation does not include the payload request schema.

CSCvz59447

An empty loopbackinterface_id in the IP Address table causes a provisioning failure.

CSCvz61107

Cannot edit email parameters after the first entry in Destinations.

CSCvz62216

All WLANs are disabled when enabling application telemetry for AireOS controllers.

CSCvz62986

Allow an additional ACE in the redirect ACL and resolve all IP addresses for redirect ACLs based on URL.

CSCvz69786

The AAA configuration is removed from the wireless controller while adding a new edge node to the fabric.

CSCvz70561

While adding additional edge switches to an existing fabric, Cisco DNA Center may alter the AAA configuration of an existing wireless LAN controller from TACACS to RADIUS.

CSCvz71423

Cisco DNA Center's /dna/intent/api/v1/network-device REST API may return no more than 500 results. This impacts installations that have more than 500 managed devices.

CSCvz71424

Cisco DNA Center's GlusterFS-hostagent service may exhaust its allocated memory, causing multiple services to crash and restart.

CSCvz72857

Image import fails with the error, "File exists in Softwareimageinfo but unable to add to File Service."

CSCvz82009

Anchor controller provisioning fails.

CSCvz82017

Docker's /etc/maglev/docker-https-proxy.env gets deleted when deleting proxy settings.

CSCvz83869

Cisco DNA Center may fail to upgrade the system package due to a missing product ID (PID) for the DN1-HW-APL-U appliance in part of an upgrade hook.

CSCvz87778

Cisco DNA Center's LAN automation may fail while reserving the link subnet, citing the error, "NCIP10288: There was a failure in the ipam-service: NCIP10024: An ip pool named <UUID>_pool_dummy_31 already exists" when there are already more than 31 dummy /27 IP address pools (and more than 900 IP addresses used) from the LAN automation pool for loopbacks and L3 link configuration.

CSCvz88461

When the maps API calls Assurance APIs, the sensor API fails.

CSCvz88711

AP channel information is missing from the map view.

CSCvz89312

An interface selected from the drop-down (like GigabitEthernet0/0/0, 0/0/1) reverts to GigabitEthernet0.

CSCvz90821

Cannot enable Intelligent Capture from the AP 360 window. The wireless controller console shows APs are in Connecting state rather than in Ready state.

CSCvz98800

Cisco Aironet 1542 series APs are not listed while adding to a floor map.

CSCvz98644

Adding a segment on one new WLAN associated to one wireless controller triggers other wireless controller provisioning.

CSCvz98664

Adding and removing a fabric edge provisions wireless controllers randomly with different configurations.

CSCvz99700

Unable to delete a segment from the Host Onboarding window.

CSCwa01977

LAN automation must align to the Cisco DNA Center Security Best Practices Guide.

CSCwa08271

The management disaster recovery virtual IP is not reachable after a manual failover.

CSCwa16652

Manually generated reports in Cisco DNA Center result in blank pages.

CSCwa18877

Cisco DNA Center: Ekahau file import fails with the API error, "The specified group ID is null or empty."

CSCwa21212

Unable to start LAN automation due to the error, "NCND00050: An internal error occurred while processing the request."

CSCwa21789

EVENT_BASED_WIRED_WIRELESS_SYNC causes an internal error for the protocol endpoint.

CSCwa21979

Device discovery tasks remain stuck in RUNNING state for a long time, clogging up the inventory service, which in turn prevents global credentials from being displayed.

Because the global credentials don't load, new discovery tasks cannot start. The inventory service logs contain the following error logs:

ERROR | covery-Pingsweep-Thread-0 | | com.cisco.nm.discovery | 
ERROR: [Failed to process status of ping request]. | mid=10001, 
MSGNAME=ERROR, ch=com.cisco.nm.discovery, sev=error

CSCwa27606

Unable to claim a device due to a Plug and Play issue.

CSCwa39582

Unable to onboard Cisco Catalyst 3560CX running Cisco IOS 15.2(7)E4 via PnP.

CSCwa52396

CLI templates that use source binding are not able to resolve variables when provisioned on an N+1 wireless controller. An example of a template is as follows:

#foreach($wlanpname in $listofwlans)
wlan $wlanpname['policyProfiles'] $wlanpname['wlanId'] $wlanpname['designSsid']
 shutdown
#end

In the preceding example, the variable listofwlans is configured as follows:

Source = NetworkProfile
Entity = SSID
Attribute = wlanProfileName

Note that the test simulation resolves the variables correctly, but during the provisioning process of the N+1 controller, the variables do not resolve and you cannot continue with the provisioning.

CSCvq54768

Cisco DNA Center will silently push out Identity-Based Networking Services (IBNS) 2.0 "new-style" commands to any switch that is provisioned. If there is no Cisco ISE integration to replace these commands, some port security configurations might be removed.

CSCvw80355

AAA and Cisco ISE inheritance settings are not displayed correctly between Global and sites in certain flows.

CSCvx10782

A package upgrade fails because the lispmssiteeidprefix table violates a foreign key constraint.

CSCvy69934

After a Cisco DNA Center 2.1.2.6 upgrade, Cisco DNA Center doesn't configure policy tags for modified WLANs and policies.

CSCvy77016

Reserved child pools for Layer 3 handoff are not released after a failed fabric provision.

CSCvy85887

The Cisco DNA Center Application Experience feature might attempt to configure application experience commands on an interface that isn't available, but passes through an interface that is part of a port group.

CSCvy86513

Users who have modified the interface names of the interfaces in their Cisco DNA Center appliances may encounter issues when upgrading to later versions of Cisco DNA Center that support NIC bonding. The non-default interface names cannot be bonded, and the appliances may lose connectivity.

CSCvy89652

Cisco DNA Center fails to display an ROI report.

CSCvy94920

TLS v1.2 as the minimum supported version still shows TLS v1.1 for some ports.

CSCvy98355

The Layer 3 link between the PnP agent and peer seed may not be configured while the LAN automation service is stopped.

CSCvz01073

A Cisco DNA Center system package update from 2.1.2.7 to 2.2.2.3 may fail at 49%, with the kernel-upgrade Ansible task failing to remove the older kernel image.

CSCvz07929

NetFlow table updates are too aggressive for large scale deployments.

CSCvz08578

Maglev configuration wizard complains about a conflict with the DNS address.

CSCvz10208

Cisco DNA Center may create a duplicate site tag with the default-flex-profile linked to it when an existing wireless controller is reprovisioned.

CSCvz14636

Cisco DNA Center AVC needs to restrict pushing an NBAR configuration to only access switch port.

CSCvz18219

Cisco DNA Center may fail to provision a wireless controller that had previously been removed from a fabric and inventory, citing a null pointer exception.

CSCvz18421

The NAC RADIUS configuration on the WLAN profile is lost upon wireless controller reload.

CSCvz27424

Inventory overwrites the switched virtual interface (SVI) interface description to null.

CSCvz63164

In the 3D maps view, 3D heatmaps are not displayed by default due to a missing RF calibration model entry.

If no heatmap is displayed when you enter the 3D maps view, open the KPI section, confirm that Heatmap Type is not set to None, and confirm that 3D RF Model is not blank.

CSCvz76664

Under System > Settings, both the CCO ID and Device EULA acceptance are not set with fresh installations in an air gap environment.

CSCvs50772

Cisco DNA Center's threadmanagermonitor table should be pruned periodically, to keep the size of the database from growing too large.

CSCvw37064

Cisco DNA Center may incorrectly configure ACL_WEBAUTH_REDIRECT on multiple devices at the same site.

CSCvw43696

Cisco Catalyst 9800 Series Wireless Controller inventory collection fails when the AAA authorization method length is greater than 31 characters.

CSCvw47447

Custom provisioned RF profile is allowed to be deleted.

CSCvw49445

Wireless controller provisioning is blocked due to RF profile when deleted from Design, is not cleaned from database.

CSCvw53139

Cisco DNA Center's Task page doesn't load any data.

CSCvw59092

Cisco DNA Center Pkcs12 configuration failed due to internal Errors after discovery of Cisco Catalyst 9800 Series Wireless Controller in cluster.

CSCvw62170

Mismatch in Unassigned device count and what is seen in inventory after removal of the GPS Marker.

CSCvw62707

Updating many devices frequently could cause scheduler service restart. The updates could be multiple provisioning or updating telemetry settings.

CSCvw67480

Duplicate Flex profiles are found in a wireless controller after a Cisco DNA Center upgrade.

CSCvw72645

RBAC prevents network hierarchy maps from loading. "Error 11015" is generated.

CSCvw74679

A suboptimal closed authentication configuration is pushed when a critical VLAN/IP address pool isn't explicitly defined.

CSCvw76030

Cannot perform RMA because the field value exceeds the integer range.

CSCvw76745

Cisco Catalyst 9800 Series Wireless Controller provisioning doesn't work because FlexProfilePolicyAclConfig changes are not picked.

CSCvw95827

The default application policy configuration does not handle the IS-IS protocol correctly.

CSCvx02345

Cisco DNA Center may become unable to start a new LAN automation session, citing the error, "NCND00006: The input payload contains an invalid key."

CSCvx04343

While attempting to position APs on floor maps, Cisco DNA Center may not allow you to click on or select an AP to position it.

CSCvx04712

A fabric domain may not show in the GUI after upgrading from Cisco DNA Center 1.3.3.6 to 2.1.2.0.

CSCvx09990

Cisco DNA Center pushes additional flex profiles with an incorrect VLAN-name and VLAN-id mapping.

CSCvx10390

Application packages upgrade fails due to a constraint violation on the lispcomponent table.

CSCvx12639

A managed device's inventory status in Cisco DNA Center may change to "Internal Error" when a value returned by the device that should be an IP address is null. The logs show the error, "Null value was assigned to a property of primitive type setter of com.cisco.xmp.model.foundation.connectivity.ip.IpV4Properties.directedBroadcast."

CSCvx19665

After an upgrade, the cluster interface name is shown incorrectly on the DN1-HW-APL appliance.

CSCvx21215

A Guest SSID with the Fast Transition value configured as Adaptive in an earlier release of Cisco DNA Center causes wireless controller provisioning issues in 2.1.2.5.

CSCvx21853

Cisco DNA Center discovery fails to retrieve global credentials while trying to create new task.

CSCvx22746

Cisco DNA Center's SWIM activation job may report as failed after successfully activating a new image on all the members of a stack, citing the error, "NCSW10249: Software install command execution Failed: Connection timed-out while executing the command install add file flash:cat9k_iosxe.16.09.06.SPA.bin activate commit."

CSCvx25703

An incorrect policy profile is linked with new WLANs pushed by Cisco DNA Center while provisioning.

CSCvx27169

The Cisco DNA Center Inventory Service container crashes.

CSCvx30605

An extended node device is stuck in unreachable state after renewing the IP address.

CSCvx32185

The Task web page returns an error.

CSCvx34837

After performing an existing device learn on a Cisco Catalyst 9800 Series Wireless Controller, provisioning of the same controller with SSIDs fails due to "not a valid value" in the Server Timeout and Retry count.

CSCvx41602

SLR reservation for stacked switches is stuck at the Generating Authorization code.

CSCvx43231

A wireless controller partial collection failure occurs if pmipNai is more than 32 characters.

CSCvx47878

An incorrect web auth configuration may be pushed when a PSK SSID is added. This causes a conflict in the actual configuration push to the device through Cisco DNA Center provisioning.

CSCvx47887

After a failed wireless controller provisioning attempt, Cisco DNA Center may not roll back the configuration from the wireless controller, which may cause a network outage.

CSCvx56010

Cisco SD-Access: VRF specific name-servers are removed by Cisco DNA Center.

CSCvx56258

Cisco DNA Center inventory resync results in an internal error.

CSCvx62172

Cisco DNA Center support for the AP Location field.

CSCvx62887

Cisco DNA Center doesn't configure "bandwidth remaining percentage" correctly on switches.

CSCvx64681

Can't provision an ISR Transit control plane after provisioning with a routing template.

CSCvx66928

The Cisco DNA Center postgres standby instance crashes with an error that the server forked off from that timeline.

CSCvx68948

Reconfigure device provision may not determine configuration changes for the Dot1x Auth Template.

CSCvx73110

A managed AP may not show its operational details on the Assurance Device 360 window. Additionally, clients on the wireless controller, where this AP is joined, show a blank device location.

CSCvx74221

Provisioning fails when adding a AAA server using a port number greater than 32767 to Cisco DNA Center.

CSCvx75231

After an upgrade to Cisco DNA Center 2.1.2.4 or later, the following error is displayed after a modification of IP address pools for a VN on the fabric host onboarding page.

NCWL10004: L3 Only pools are not supported. Please delete and re-create the segment.

CSCvx76405

During an upgrade of Cisco DNA Center's application packages, the upgrade may appear to be stuck for hours at 20% with no obvious movement forward. The migration logs show a deadlock on the Postgres executionevent table.

CSCvx79755

Devices may be successfully added to Cisco DNA Center's inventory, and report being in the managed state after LAN automation. However, port information is not displayed when you click the device name in Inventory.

CSCvx86351

Device provision hangs in "In Progress" because the Cisco ISE integration is broken.

CSCvx88137

Heatmaps for the 5-Ghz band are not generated for a Cisco Catalyst 9800 Series Wireless Controller.

CSCvx88587

Image Distribution Servers won't allow a valid IP address.

CSCvx89052

When attempting to add an edge device to a fabric, Cisco DNA Center may return the error, "Provisioning failed due to invalid parameter. The interface does not exist in the device, select a valid interface."

CSCvx93717

Client Detail, Client Session, and AP Radio reports fail.

CSCvx99908

Unable to open a VN in L2 Handoff settings or click the Save button after an upgrade to Cisco DNA Center 2.1.2.6.

CSCvy00986

For Cisco Catalyst 9800 Series Wireless Controllers, the Remote Procedure Call (RPC) rfdca-removed-channel operation fails with a data missing error tag.

CSCvy06455

Nexus 7710 device provisioning may fail due to an octothorp "#" character in the login banner.

CSCvy10747

The messages in the dna.lan.common.service queue block subsequent LAN automation.

CSCvy12915

When importing an .esx file from an Ekahau project, the azimuth is always off by 90 degrees.

CSCvy16664

Device provisioning fails with a AAA update.

CSCvy19564

Cisco DNA Center's inventory service may crash when managed devices send large amounts of syslogs.

CSCvy20557

The Sensor link is missing for the 5-GHz view.

CSCvy23527

The Device 360 page takes a long time to load, or may time out due to WalkMe APIs.

CSCvy24764

Offline APs are shown as active on heatmaps.

CSCvy25460

While creating a webhook, Cisco DNA Center does not allow you to put a space in the webhook name.

CSCvy26789

When attempting to set up the integration between Cisco DNA Center and Cisco DNA Spaces, the integration may fail with the error message, "Unable to export hierarchy to the CMX DNA Spaces for one or more domain(s). An internal failure occurred while pushing an archive to the CMX."

CSCvy27260

Cisco DNA Center may fail to synchronize a Cisco Catalyst 9800 Series Wireless Controller that is configured with an access list associated to the netconfig-yang configuration.

CSCvy29574

When the appliance is configured for the first time using the express mode (install mode) of the browser-based wizard, the enterprise IP address, virtual IP address, hostname, and pnpserver.domain details are missing in the SAN field in the Cisco DNA Center certificate.

CSCvy31062

Wireless clients show the wrong SSID during onboarding.

CSCvy31186

You cannot add a second node to a Cisco DNA Center cluster installed with express mode. When using the browser-based expert mode (advanced install) to add a second node to an existing Cisco DNA Center cluster that was installed with the browser-based express mode (install mode), the process fails.

CSCvy37982

Cisco DNA Center pushes a different Anycast Gateway MAC address to some fabric edge nodes.

CSCvy42676

After a successful upgrade from Cisco DNA Center 2.1.2.3 to 2.2.2.1, all users except the user with the Admin role receive the error "Connectivity check failed" on the Software Updates window.

CSCvy43861

The config archive tries to capture data from unreachable devices.

CSCvy48594

The Assurance event notifications device parameter returns the device UUID, not the device IP address.

CSCvy53714

Wireless controller provisioning fails on IRCM version validation.

CSCvy55791

An upgrade fails due to an expired docker CA certificate.

CSCvy56987

Following a successful system upgrade of Cisco DNA Center to 2.1.2.x, the subsequent application package upgrade may fail with multiple applications.

CSCvy59061

Trend charts are empty in the Assurance Overview, Assurance Network Summary, and Assurance Client Summary windows.

CSCvy60496

NCSP10025 Provisioning failure: Unable to push the CLI command "timeout 0" to the device.

CSCvy63436

The scheduler-service gets restarted due to an out of memory error.

CSCvy63523

Cisco DNA Center Compliance flags configurations that are originally pushed by Cisco DNA Center but overridden by user templates.

CSCvy65690

Reserved child pools for Layer 3 handoff are not released after a failed fabric provision.

CSCvy66833

Cannot assign several Meraki APs to a site.

CSCvy72487

Unable to deploy SSA on a device that has more than 1000 entries in its routing table.

CSCvy73302

A heatmap is not generated for Internal-9120-Dual-2.4GHz.

CSCvy80252

Cisco ISE integration fails with the following error:

FQDN x doesn't match the common name contained in the system certificate.

CSCvy88667

Update or delete from the protocol endpoint violates the foreign key constraint on the vxlannvesettings table.

CSCvy91546

Cisco DNA Center may fail to provision a managed fabric device if an IP address pool from the virtual network was changed, and the site name was changed to a shorter name than before, while the device is offline.

CSCvy93346

Cisco DNA Center may be unable to remove a managed device from a fabric-in-a-box installation. The network programmer service's logs contain the following error:

ERROR: update or delete on table lisprtrlocatorset violates foreign key constraint 
"fk9d5ac9b056ea3464" on table lisprtrlocatorsetentry.

CSCvy94846

An appliance mismatch occurs between the main (DN2-HW-APL-XL) and the recovery (DN2-HW-APL-XL-U) appliance.

CSCvy97313

Cisco DNA Center may fail to collect the inventory from a switch that was upgraded from Cisco IOS-XE 17.3.3 to 17.5.1, because internal database entries may be missing.

CSCvy97508

While upgrading Cisco DNA Center to 2.1.2.7, the hook created to resolve defect CSCvy71772 waits indefinitely, causing the upgrade to fail.