DNA Center - PnP - What It Does To Your Devices

DNA Center is a management platform that enables users to bring automation to their network. It also offers an assurance feature that aids in troubleshooting and ensuring the network runs as it should using 360 views with health status of network, client, and apps. The latter will not be in focus for this post. Rather a closer look at what DNAC actually does to your devices in regards to configuration will be revealed.

DNA Center Password Recovery

DNAC is very cumbersome and time consuming to install. It can easily take an entire day to do the initial installation and deployment of packages. At the time of writing, Cisco has not published their documentation of how to perform password recovery of DNAC. If you forget or lose your maglev or admin password, your only option is to call your Cisco partner and hope they have a how-to, or create a TAC case.

Cisco PnP - Revisited

I’ve gone over the Cisco PnP feature before. This time I will revisit the feature with focus on other areas. Specifically these cases will be discussed: PnP with Non-Vlan1 (conditionally) Re-use DHCP-assigned IP address on another interface PnP with an EtherChannel PnP With Non-Vlan1 (Conditionally) I briefly discussed this in my original post, but I ran in to a case where I actually wanted both a startup-vlan and the default of Vlan1.

Cisco PnP

One of the main reasons to buy a DNA Center is to be able to harvest the benefits of automation. Many people associate DNAC with deploying an SD-Access network. SDA has a lot of focus these days and Cisco pushes hard to get it out there, but DNAC has many other uses cases besides SDA. SDA is actually just an application that you can install on a DNAC. It isn’t even installed by default when deploying a DNAC.


The DNAC is currently sold as an appliance (part number� DN1-HW-APL). It costs a whopping $80k list per box! So why do you need three of them when doing a HA setup? It is because of Quorum. The definition of quorum is: "The number of members of a group or organization required to be present to transact business legally, usually a majority." - source: dictionary.com Say you only have two hosts in a cluster.

DNAC – External Authentication with ISE Radius

You probably want to use an existing Identity Store such as Active Directory when managing your network infrastructure – including DNAC. Below is a guide on how to configure this functionality. When you enable external authentication in DNAC it will not exempt you from using the locally defined users on DNAC – at least not the built-in admin user. DNAC External Authentication Configuration Locate the “External Authentication” page in Settings -> System Settings -> Users

DNA Center – Reinstall

If you messed up your DNAC or just want to start over, you can do so by downloading the ISO for the appliance. Get the ISO on the below link: Download DNA Center ISO from CCO After downloading the ISO, you� must� create a USB installer by using� Etcher If you use Rufus or any other tools for the USB installer creation, it might not work due to insanely long file names in the ISO.

DNAC Integration with ISE using a self-signed Certificate

NOTE! Using ISE 2.3p3 is not an option due to CSCvi94778 If you’re deploying a DNAC and you want to integrate with ISE, you might have read the following documents: Perform Post-Installation Tasks Cisco ISE Integration Limitations I did and ended up with this error in DNAC when adding ISE: Clearly this is a certificate error. The thing is that Cisco mentions that SAN (Subject Alternate Name) is essential for the trust between DNAC and ISE.