《思科 DNA 中心成功的七个习惯.pdf》由会员分享,可在线阅读,更多相关《思科 DNA 中心成功的七个习惯.pdf(102页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLiveAdam Radford,Distinguished Architect adamradford123Lila Rousseaux,Principal Architect lila_rousseauxBRKOPS-24167 Habits for success with Cisco DNA Center 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHabit Habit a thing that you do often and almost wi
2、thout thinking,especially something that is hard to stop doing.BRKOPS-24163 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco
3、Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12344https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKOPS-24164Agen
4、da 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicHabit#1-Understanding and embracing Device ControllabilityHabit#2-Find issues before your users with telemetryHabit#3-Leverage Compliance and Configuration managementHabit#4-Keep your infrastructure code up to date with software ima
5、ge managementHabit#5-Explore Proactive insights with AI/MLHabit#6-Secure Devices and Users(AAA&ISE)Habit#7-Up your automation game with APIs and other integrationsBRKOPS-24165Habit#1 Understanding(and embracing)device controllability 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#
6、CiscoLiveDevice Controllability TrustTelemetryMonitoringSettingsBRKOPS-24167 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBrownfield device on-boarding and config automation process into DNA CenterDiscoveredDiscoveredAdded to InventoryAdded to InventoryAssigned to Assig
7、ned to SiteSiteEnabled for Enabled for TelemetryTelemetryProvisionedProvisionedDevice Controllability happens hereBRKOPS-24168 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAdding a switchswitch to DNA Center Assign to SiteAssign to SiteBRKOPS-24169 2023 Cisco and/or its
8、 affiliates.All rights reserved.Cisco Public#CiscoLiveAdding a switchswitch to DNA Center Assign to SiteAssign to SiteBRKOPS-241610 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDevice ControllabilitySite-level customizationTelemetry Configuration:SYSLOG ServerSNMP Trap
9、ServerSNMP PollingNetFlowWired Client Data CollectionCisco DNA Center is configured as Syslog server,SNMP Trap Serverand Netflow collector serverby defaultBRKOPS-241611 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDevice ControllabilitySite-level customizationBRKOPS-241
10、612 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBrownfield device on-boarding and config automation process into DNA Center13DiscoverAdd to InventoryAssign to SiteEnable for TelemetryGreen steps can be done in a single discovery workflowBRKOPS-2416 2023 Cisco and/or it
11、s affiliates.All rights reserved.Cisco Public#CiscoLive14Discovery WorkflowDiscoveryCredentialsAssign to SiteFor your referenceBRKOPS-2416 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDevice Controllability allows devices to interact with DNA Center devices to interact
12、with DNA Center efficientlyefficientlyRecommended to keep Device Controllability enabled keep Device Controllability enabled and send configs to DNA CenterTrustTelemetryMonitoringSettingsControllability is safe and safe and easy to troubleshooteasy to troubleshootCisco DNA Center now provides compre
13、hensive comprehensive visibility and visibility and customizations customizations into Device Controllability configurationsBRKOPS-241615Habit#2 Find issues beforeyour users with telemetry 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBenefits of Telemetry data captured
14、via DNA CenterSyslog,SNMP Traps,Streaming TelemetryPKI,IPDT,SNMP credentials,SNMP traps,Netconf-yang,streaming telemetry,Syslog(*)Network Network and Client HealthApplication HealthNetwork Services(AAA,DHCP,DNS)View and Manage Issues Visibility into Wi-Fi 6/6E Readiness Monitor Power over EthernetEo
15、X InsightsInventory InsightsNetwork Trends and InsightsBRKOPS-241617 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInventory Device View13Detailed port information:port Detailed port information:port status,PoE,VLANs,Last Input/OutputBRKOPS-2416182 2023 Cisco and/or its
16、affiliates.All rights reserved.Cisco Public#CiscoLiveInventory Device-Port Configuration1Change port VLAN VLAN and descriptiondescription2BRKOPS-241619 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInventory Device-Port Actions12Quickly and easily shut down a port or Cle
17、ar Mac TableBRKOPS-241620 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInventory Device-Stack12Stack View-Active/StandbyActive/Standby,StackStackNumberNumberand StackStack ViewView 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInventory Insi
18、ghts12Find configuration configuration inconsistencies inconsistencies and misconfigurationsmisconfigurationsBRKOPS-241622 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWiWi-Fi 6 Fi 6 Readiness DashboardKey Use Cases:Understanding Wi-Fi 6 and Wi-Fi 6E readiness of client
19、s&network infrastructure.BRKOPS-241623 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWiWi-Fi 6 Fi 6 Readiness DashboardKey Use Cases:Understanding Wi-Fi 6 and Wi-Fi 6E readiness of clients&network infrastructure.Visualizing the benefits of an existing Wi-Fi 6 and Wi-Fi 6
20、E Network.BRKOPS-241624 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWiWi-Fi 6 Fi 6 Readiness DashboardPercentage of APs Wi-Fi 6 capableWi-Fi 6 clients associated with Wi-Fi 6 networkPercentage of APs Wi-Fi 6 enabledWi-Fi version distributionFor your referenceBRKOPS-241
21、625 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePower over Ethernet Power over Ethernet AnalyticsKey Use Cases:Full Visibility on PoE infrastructureDedicated PoE Issue TypesBRKOPS-241626 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePower o
22、ver Ethernet Power over Ethernet AnalyticsPercentage of the devices using PoE and configured with:Perpetual PoE,Fast PoE,IEEE Compliant or UPOE+Type type of devices and their power consumption.Allocated&Remaining PowerUninterrupted PoE power during control plane rebootBypasses Cisco IOS controlplane
23、 boot Restores power to Powered Device(PD)within 30 secondsof power resumptionPerpetual Perpetual PoEPoEFast Fast PoEPoEBRKOPS-241627 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePower over Ethernet AnalyticsBRKOPS-241628 2023 Cisco and/or its affiliates.All rights rese
24、rved.Cisco Public#CiscoLivePower over Ethernet Power over Ethernet AnalyticsPower allocated vs power consumptionBRKOPS-241629 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePower over Ethernet Power over Ethernet AnalyticsAP Power Save Mode Distribution&AP Savings on Powe
25、r ConsumedBRKOPS-241630Coming soon!2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePoE AnalyticsUnder the Hood!telemetry ietf subscription 500encoding encode-tdlfilter tdl-uri/services;serviceName=ios_oper/poe_port_detailreceiver-type protocolsource-address 10.85.54.24stre
26、am nativeupdate-policy periodic 60000receiver name DNAC_ASSURANCE_RECEIVERtelemetry ietf subscription 501encoding encode-tdlfilter tdl-uri/services;serviceName=ios_oper/poe_modulereceiver-type protocolsource-address 10.85.54.24stream nativeupdate-policy periodic 60000receiver name DNAC_ASSURANCE_REC
27、EIVERtelemetry ietf subscription 502encoding encode-tdlfilter tdl-uri/services;serviceName=ios_oper/poe_stackreceiver-type protocolsource-address 10.85.54.24stream nativeupdate-policy periodic 60000receiver name DNAC_ASSURANCE_RECEIVERtelemetry ietf subscription 503encoding encode-tdlfilter tdl-uri/
28、services;serviceName=ios_oper/poe_switchreceiver-type protocolsource-address 10.85.54.24stream nativeupdate-policy periodic 60000receiver name DNAC_ASSURANCE_RECEIVERSubscriptions automatically configured as part of“Device Controllability”For your referenceBRKOPS-241631 2023 Cisco and/or its affilia
29、tes.All rights reserved.Cisco Public#CiscoLivePower over Ethernet Power over Ethernet AnalyticsCount of devices based on whether they are being supplied with PoE or not.I not,a reason is providedDistribution of fully powered vs partially powered APs.Number of ports available based on their power loa
30、d for PoE.Power Allocation load and insightsFor your referenceBRKOPS-241632 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNetwork Services AnalyticsHelp improve user Onboarding experience Identify sites with potential AAA/DHCP issuesBRKOPS-241633 2023 Cisco and/or its af
31、filiates.All rights reserved.Cisco Public#CiscoLiveNetwork Services AnalyticsDashlets details for highest latency and highest number of transaction failuresBRKOPS-241634 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAAA ServersAAA Server LatencyAAA Server TransactionsAAA
32、 Transaction Failures%Top Sites by Transaction FailuresTop Sites by Highest LatencyAAA Servers by WLCTracked by Network Services AnalyticsDHCP ServersDHCP Server LatencyDHCP Server TransactionsDHCP Transaction Failures%Top Sites by Transaction FailuresTop Sites by Highest LatencyAAADHCPFor your refe
33、renceBRKOPS-241635 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNetwork Services AnalyticsMapping of WLCs to corresponding AAA/DHCP serversBRKOPS-241636 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNetwork Services AnalyticsSupported for wi
34、reless onlyIOS-XE 17.6.1 version or higher Not supported for AireOscontrollersLocal DHCP on 9800 not supportedAll transaction and server information is provided by the WLC directlyWLC TDL subscriptions:AAA-4321DHCP-4322BRKOPS-241637 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#C
35、iscoLiveNetwork Services Analytics-DNSNew in 2.3.5View success and failed transactions in timelineInsights into DNS performance View Top DNS failure reasonsFind servers with highest DNS latencyFind server with most failure transactionsBRKOPS-241638 2023 Cisco and/or its affiliates.All rights reserve
36、d.Cisco Public#CiscoLiveNetwork Services DNSCount of DNS servers and average latency(in ms)of your network.DNS Summary information#of servers,average latency,total transactionsTop DNS server transaction failure types,servers,and sitesAverage DNS latency for each DNS server.The chart displays the ave
37、rage DNS server transactions status for each DNS server reported by wireless controllers.Timeline displays failed and succeeded transactionsFor your referenceBRKOPS-241639 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNetwork Services DNS DashboardFind DNS servers by dev
38、ice Displays total transactions,failures and average latency per serverBRKOPS-241640 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNetwork Services Analytics-DNSNew in 2.3.5Supported in switches,routers and eWLCs.No support on AireOS WLCMinimum version IOS-XE 17.10Enable
39、d via Application TelemetryBRKOPS-241641 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNetwork Services DNS Dashboardflow record dnacrecord_dnsmatch ipv4 versionmatch ipv4 protocolmatch connection client ipv4 addressmatch connection server ipv4 addressmatch flow observat
40、ion pointmatch application dns qtypematch application dns rcodecollect datalink mac source address inputcollect timestamp absolute firstcollect timestamp absolute lastcollect connection client counter packets longcollect connection client counter bytes network longcollect connection server counter p
41、ackets longcollect connection server counter bytes network longcollect application dns requestscollect application dns delay response sum!flow monitor dnacmonitor_dnsexporter dnacexportercache timeout inactive 10cache timeout active 60record dnacrecord_dns!interface GigabitEthernet1/0/8description D
42、escription pushed by DNAC Template-lanswitchport access vlan 420switchport mode accessdevice-tracking attach-policy IPDT_POLICYip flow monitor dnacmonitor inputip flow monitor dnacmonitor_dns inputip flow monitor dnacmonitor outputip flow monitor dnacmonitor_dns outputservice-policy input DNA-MARKIN
43、G_INservice-policy output DNA-dscp#APIC_QOS_Q_OUTip nbar protocol-discoveryFor your referenceC9200L-24T-4GC9300-24PIOS-XE:17.11.01BRKOPS-241642 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplication Visibility12 Metrics on application usage and health Identify issues
44、with applicationsBRKOPS-241643 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplication Visibility vs Application ExperienceHow Much=quantitative(usage)How Much=quantitative(usage)Supported on C9K switches17.3.1 supported with ETAAirOS WLCHow Good=qualitative(health)How
45、 Good=qualitative(health)Supported on routers IOS-XE9800 WLC local9800 WLC-flex(*),fabric(*)(*)New with DNA Center 2.3.5 and IOS-XE 17.10.1 or later with C91xx APsBRKOPS-241644 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive45Application Health Dashboard:ThousandEyes Inte
46、grationTECOPS-2823View agent,test,View agent,test,and alert data and alert data on the DNA Center Application dashboard 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive46Application Health Dashboard:ThousandEyes IntegrationTECOPS-2823CrossCross-linklink to test in Thousand
47、Eyes dashboard.Habit#3-LeverageCompliance and Configuration management 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco DNA Center Compliance LandscapeIdentify whether the startup and running configurations of a device are in sync.See if the tagged golden image is run
48、ning on the device.Violation of application visibility intent provisioned to a device through CBAR and NBARCheck whether the devices are running without critical security vulnerabilities.End of Sale&End of Life alertsDifference in network settings compared to“Network Settings”in DesignViolation of i
49、ntent provisioned to a device through DNA CenterBRKOPS-241648 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCompliance:Software Image-SwitchesStack SW version mismatchDetect SW version mismatch among switch stackCompare image version between master and membersBRKOPS-2416
50、49 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCompliance:Network Profiles-SwitchesBRKOPS-241650 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCompliance:Network Profiles-SwitchesConfig pushed by DNA Center via templates:interface GigabitEt
51、hernet1/0/7description Description pushed by DNAC Template-lan!interface GigabitEthernet1/0/8description Description pushed by DNAC Template-lanOut of band changes:C9K-BRANCH-STACK#conf tEnter configuration commands,one per line.End with CNTL/Z.C9K-BRANCH-STACK(config)#int gig 1/0/8C9K-BRANCH-STACK(
52、config-if)#no descriptionBRKOPS-241651 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConfig DriftBRKOPS-241652 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCompliance:Network Profiles-WirelessBRKOPS-241653 2023 Cisco and/or its affiliates.Al
53、l rights reserved.Cisco Public#CiscoLiveCompliance:Network Profiles-WirelessBRKOPS-241654 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCompliance:Network Profiles-WirelessBRKOPS-241655 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCompliance
54、:Network Profiles-WirelessBRKOPS-241656 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNew in DNA Center 2.3.5Network Setting ComplianceBRKOPS-241657 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNew in 2.3.5Fix Config Compliance IssuesBRKOPS-
55、241658 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCompliance TipsEvent-based archive takes at least 5 minutes to update after traps are received.For accurate results,we recommend that you wait for at least 5 minutes before running compliance manually after a configura
56、tion change.Network Profile and Network SettingsDevice must be provisioned by Cisco DNA CenterBRKOPS-241659 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDevice Configuration ManagementDNA Center stores device configurations in the DNAC DBDevice configurations are availa
57、ble via the UIFor security reasons,sensitive data is maskedCLI output can be exported from this same window,but it will be done using the masked config as well.What this means is that we dont expose sensitive data via the UI or UI export.But it also means that we cant directly used this device confi
58、g to restore a device.BRKOPS-241660 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDevice Configuration ManagementAPIs to retrieve device configurationThe APIs available in DNAC allows you to retrieve raw startup,running configs and VLAN DB.API details:POST/network-device
59、-archive/cleartextA zip file is generated which contains raw running-config,startup-config and VLAN DBBRKOPS-241661 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDevice Configuration ManagementConfiguration ArchiveSFTP server can be configured to export raw configs to an
60、 external repositoryBRKOPS-241662 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDevice Configuration ManagementConfiguration ArchiveBRKOPS-241663 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDevice Configuration ManagementConfiguration Archi
61、veBRKOPS-241664Habit#4-Keep your infrastructure code up to date with software image managementSWIM Demo 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat you need to know about SWIMIntent Based Intent Based Network UpgradesNetwork UpgradesTrustworthiness Trustworthiness
62、 IntegrationIntegrationCommon WorkflowCommon WorkflowUpgrade ChecksUpgrade ChecksGolden-image driven to automate process and drive consistencyAssures that device images are not compromised in any way.Upgrade base image,patches,ROMMON in one single flow.ISSU supportedPre/Post check ensures updates do
63、 not have adverse effects on networkBRKOPS-241667 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSoftware Upgrade RecommendationsTo reduce the network downtime,its recommended to perform distribution and activation job separatelyMaintenance window is required for activati
64、onWirelessStart with ISSU,AP Pre-Image Download,Staggered UpgradeUse Rolling AP upgrades where ISSU not availableConsider external file servers for remote sitesInstall Mode is recommended mode“Bundle”/”Install”mode conversion is not supportedBRKOPS-241668 2023 Cisco and/or its affiliates.All rights
65、reserved.Cisco Public#CiscoLiveISSU supports both Wired&Wireless devicesISSU support for C9800 controller starting 17.3Helps reduce downtime for wireless InfrastructureISSU requires controllers in HA SSO or N+1Control over SWIM-ISSUBRKOPS-241669 2023 Cisco and/or its affiliates.All rights reserved.C
66、isco Public#CiscoLive70Ready to go ISSUBRKOPS-2416 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveControl SWIM-AP Pre-Image Download/Rolling AP UpgradeISSU together with AP Pre-Image Download and Rolling AP Upgrade helps reduce network downtimeControllers needs to be prov
67、isioned for Rolling Ap UpgradeAP Pre-image download by default available starting DNAC 2.3.3.xBRKOPS-241671 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveActivation for normal wireless vs ISSU wireless72BRKOPS-2416Normal ActivationISSU Activation 2023 Cisco and/or its af
68、filiates.All rights reserved.Cisco Public#CiscoLive73Staggered UpgradeBRKOPS-2416pnp-9800#show ap upgradeStatus:In progressFrom version:17.9.2.52To version:17.9.3.50Started at:05/30/2023 04:56:51 UTCConfigured percentage:15Percentage complete:0Expected time of completion:05/30/2023 05:04:51 UTCClien
69、t steering:EnabledAccounting percentage:90%Iteration expiry time:9 minutesProgress Report-Iterations-IterationStart timeEnd timeAP count-005/30/2023 04:56:51 UTC 05/30/2023 04:56:51 UTC 0Upgraded-Number of APs:0AP NameRadio MAC Iteration Status Site-In Progress-Number of APs:1AP NameRadio MAC-thirdw
70、heel_9100f4bd.9e9f.3f00 Remaining-Number of APs:0AP NameRadio MAC-APs not handled by Rolling AP Upgrade-AP NameRadio MAC StatusReason for not handling by Rolling AP Upgrade-For your referenceHabit#5-Explore Proactive insights with AI/ML 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publ
71、ic#CiscoLiveAnomalies and InsightsAnonymized DataWSAStrong AnonymizationCloudAgentNetwork InfrastructureCisco AI CloudCisco DNAC ApplianceCisco AI Network Analytics ArchitectureCisco DNA CenterAutomationAssurancePrivacyBRKOPS-241675 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#C
72、iscoLiveAI Driven Baseline IssuesView Dynamic baselines and deviations for 12(onboarding+throughput)KPIs Key Benefits:Accelerated troubleshooting with end-2-end workflow complete with impact and potential root cause detailsActive feedback loop(thumps up/down)to integrate SME expertise to further ref
73、ine baselines over period of timeUse case:What are the expected KPI performance across APs and SSIDs?How can I effectively identify,isolate and mitigate deviations from the baseline performance.BRKOPS-241676 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAI Analytics AP F
74、amily&Endpoint ComparisonCompare AP performance across traffic classes.Key Benefits:Flexibility to compare both on-boarding and throughput KPIsUse case:View and evaluate AP and client performance across different sites through dynamic performance clusters identified based on selected KPIView and com
75、pare dynamic performance clusters for a selected KPI and AP families.View and compare onboarding KPIs for specific device types for days of a week.BRKOPS-241677 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveML AnalyticsML AnalyticsEndpointEndpointProfilingProfilingDataDa
76、taAggregationAggregationNetwork Telemetry ProbesEasy Onboarding ToolsDPI-based Fingerprint/BehaviorCMDB ConnectorAI Endpoint Analytics on Cisco DNA CenterRapidly reducing the unknowns by aggregating data from different sources?CMDB:Configuration Management DatabaseBRKOPS-241678 2023 Cisco and/or its
77、 affiliates.All rights reserved.Cisco Public#CiscoLiveClassification based on Deep Packet Inspection(DPI)DHCPClass-ID:MSFTMSFTProbesProbesGlobex UltimaCT scanner(Windows 7)L7L7L6L6DICOM:DICOM:GE CT540 GE CT540 Deep packet Deep packet inspectioninspectionCisco Catalyst 9000 Cisco Catalyst 9000 Series
78、 Switch Series Switch-powered by powered by NBARNBAREndpoint type:CT scannerCT scannerOperating system:MS Windows 7MS Windows 7Manufacturer:Globex Corp.Globex Corp.Model:UltimaUltimaMultifactor classificationMultifactor classificationEAEAML analyticsML analyticsDPIDPICMDBCMDBconnectorconnectorOption
79、s to support non-Cisco devices available.BRKOPS-241679 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCreatesCreatesrulesrulesML analyticsML analyticsDPIDPICMDBCMDBconnectorconnectorML groups ML groups endpointsendpointsKnownIPhonesDevice data lakeUnknownAttribute BAttrib
80、ute ACluster 2Cluster 1=done in cloudAdmin labels Admin labels endpointsendpointsThese are Bosch Coffee MachinesThese are Apple Watches.AI learns AI learns from new from new labelslabelsNew labelsNew labelsBosch Coffee Machine=Apple Watch=Reducing Unknowns with Machine LearningEndpoint AnalyticsFor
81、your referenceBRKOPS-241680 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTrust Scores and RemediationAdaptive Network Control-ANCRemediate the host via Identity Services Engine-ISEBRKOPS-241681 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveW
82、hy radio resource management10min worth of dataNo busy hour(s)No building segmentationNo visibilityLots of tuning knobsNo simulation mode*BRKOPS-241682 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDashboardBRKOPS-241683Habit#6-SecureDevices and Users(AAA&ISE)2023 Cisco
83、and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIdentity Services EngineOnly one ISE integration can be done per DNA Center.Other AAA servers can be added,but as an AAA server only(even if they are ISE servers)BRKOPS-241685 2023 Cisco and/or its affiliates.All rights reserved.Cisco P
84、ublic#CiscoLiveDifference between ISE and AAA integrationAAACisco DNA CenterAAAISEDNA Center discovers the PSN nodesAAA config pushed to devices during site assignmentPnP will add network device as a NAD to ISEPxGrid:Provides Username for wired devicesDevice attributes for AI endpoint analyticsMicro
85、-segmentation for SDAAAA config pushed to devicesBRKOPS-241686 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePre-requisites for ISE integrationISE API needs to be enabled ERS read writeNo proxy server between ISE and DNA CenterPxGrid needs to be enabled on ISEFQDN is req
86、uired for the integration,not just an IP address(certificate)If using Enterprise issued Certificate,need VIP+real IP for DNA Center ClusterCLI credentials on ISE no longer used for integration.API onlyIP reachability requiredBRKOPS-241687 2023 Cisco and/or its affiliates.All rights reserved.Cisco Pu
87、blic#CiscoLiveSite Settings for AAABRKOPS-241688 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSample Configauthentication convert-to new-styleip radius source-interface GigabitEthernet1/0/23aaa new-modelaaa session-id commonaaa group server radius dnac-client-radius-gro
88、upserver name dnac-radius_10.10.10.127ip radius source-interface GigabitEthernet1/0/23exitaaa group server radius dnac-network-radius-groupserver name dnac-radius_10.10.10.127ip radius source-interface GigabitEthernet1/0/23exitaaa accounting identity default start-stop group dnac-client-radius-group
89、aaa accounting update newinfo periodic 2880aaa accounting exec default start-stop group dnac-network-radius-groupaaa authorization exec default localaaa authorization network default group dnac-client-radius-groupaaa authorization network dnac-cts-list group dnac-client-radius-groupaaa authorization
90、 exec VTY_author group dnac-network-radius-group local if-authenticatedaaa authentication login default localaaa authentication dot1x default group dnac-client-radius-groupaaa authentication login dnac-cts-list group dnac-client-radius-group localaaa authentication login VTY_authen group dnac-networ
91、k-radius-group localdot1x system-auth-controlauthentication radius server dnac-radius_10.10.10.127address ipv4 10.10.10.127 auth-port 1812 acct-port 1813pac key*retransmit 3timeout 4automate-tester username dummy ignore-acct-port probe-onexitradius-server vsa send authenticationradius-server vsa sen
92、d accountingradius-server dead-criteria time 5 tries 3radius-server deadtime 3radius-server attribute 31 send nas-port-detail mac-onlyradius-server attribute 31 mac format ietf upper-caseradius-server attribute 25 access-request includeradius-server attribute 8 include-in-access-reqradius-server att
93、ribute 6 on-for-login-authradius-server attribute 6 support-multiplects authorization list dnac-cts-listline vty 0 15login authentication VTY_authenauthorization exec VTY_authoraaa server radius dynamic-authorclient 10.10.10.127 server-key*client 10.66.104.67 server-key*exitBRKOPS-241689 2023 Cisco
94、and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDevice AAA and Site AAA interaction90BRKOPS-2416Device has AAA configuredDevice has AAA configuredSite has AAA definedSite has AAA definedProvisioning Workflow SuccessProvisioning Workflow SuccessNote:If just client/device AAA,then all
95、will work.Network AAA is the issue due to lockout concerns(NAD entry in ISE)Habit#7-Up your automation game with APIs and other integrations 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveGUIAPI BRKOPS-241692 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publ
96、ic#CiscoLiveWhy API?AUTOMATIONINTEGRATIONINNOVATIONBRKOPS-241693 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSDKBRKOPS-241694 from dnacentersdk import DNACenterAPI api=DNACenterAPI()2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveGo/Ansible/T
97、erraformBRKOPS-241695https:/registry.terraform.io/providers/cisco-en-programmability/dnacenter/latesthttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNative Webex Issue IntegrationBRKOPS-241696 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoL
98、iveTake awaysDevice Controllability to maximize valueTelemetry for network/application/user insights Software Image management to keep code up to dateCompliance and Configuration management for NetOpsAI/ML for AIOpsISE and AAA for network and device securityAPI for automation/integration/innovationB
99、RKOPS-241697 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!98BRKOPS-2416These points help you get on
100、 the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in theCisco Live Challenge for every survey completed.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook
101、 your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive101Gamify your Cisco Live experi
102、ence!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:1234101 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKOPS-2416#CiscoLive