CX DNAC IpAddressWorksheet - v2

DNAC Configuration Planning IP Addressing Worksheet
CISCO SYSTEMS - CX HIGH TOUCH DELIVERY
DNAC IP Address Planning Worksheet

Prepared for: Cisco DNA Customer, Solutions Support
Prepared by: Tomas de Leon, Technical Leader
November 2, 2018
Document number: 11022018_v2
tdeleon@cisco.com ! of 17
1 !
DNAC & IP ADDRESSING FOR THE DNA SOLUTION
Objective
The objective of this document is to help you with planning for the different IP addresses and IP address pools that
may be needed when planning for the configuration of a DNAC appliance(s) and network devices in your fabric.
Goals
There are some external links that talk about all the different components of the fabric that require IP addressing
like the DNAC, Underlay, Overlay etc. Here are some examples but this worksheet will help with the planning if
even only for the DNAC.
DNAC - Required IP Addresses and Subnets

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/
dna-center/1-2/install/b_dnac_install_1_2/b_dnac_install_1_2_chapter_0101.html#id_71103
In order to use DNA Center to manage your network, you must connect the appliance interface ports to your
network, using switches to manage these connections.
While there are many possible alternative connection schemes, Cisco recommends that you make the following
port-to-switch connections:
NETWORK ADAPTER #1 (in STEP #4 of the install\configuration script)

10Gbps Cluster Port (Port 2, enp10so): This is the left-hand port on the VIC 1227 card in the appliance mLOM
slot. This port is intended for communications among the master and add-on nodes in a DNA Center cluster.
Cable this port to an access switch with connections to the other nodes in the cluster.

1Gbps Management Port (1, enp1s0f0): Connect this port to an access switch with connections to your
dedicated management network. Cisco strongly recommends that you create such a network if it does not already
exist.

1Gbps Cloud Port (2, enp1s0f1): This port is optional. Use it only if you cannot connect the appliance to the
Internet (including to your Internet proxy server) using the 10Gbps Enterprise Port (Port 1, enp9s0). If you need to
use the Cloud Port, connect it to an access switch with connections to your Internet proxy server.
2 !

10Gbps Enterprise Port (Port 1, enp9s0): This is the right-hand port on the VIC 1227 card in the appliance
mLOM slot. Connect this port to an access switch with connections to the enterprise network.
NOTE: If you are installing the appliance as a standalone master node, without add-on nodes to form a cluster,
Cisco recommends that you still configure the DNAC for a Cluster. A single DNAC appliance is a "Single" node
Cluster. As a best practice, you should still cable this Cluster port; configure its IP address; tag the interface as the
“Cluster Link”; and configure the Cluster VIP address.
Configuration changes to the Cluster Link are NOT supported at this time. Configuring a single DNAC appliance as
a "Single" node Cluster prepares the solution for adding more nodes to the DNAC Cluster in the future. This
configuration & preparation for future Cluster expansion avoids the need to completely rebuild the DNAC & fabric
devices in the future.
3 !
As noted earlier, connect & configure the “Cluster” Port for the DNAC even in a “Single” node cluster.
4 !
In addition to the IP addresses needed for each port per DNAC in the Cluster, you will need additional IP
addresses for required services for the DNAC and for DNA Fabric Infrastructure.
For Example:
• DNS Servers for the DNAC to use (Management & Enterprise Network Adapters).
• NTP Servers for the DNAC to use (Management & Enterprise Network Adapters).
• Default Gateway & Static Routes for the DNAC to use (Management, Cloud, & Enterprise Network Adapters).
• IP Address & FQDN for the Identity Service Engine (ISE)
• IP Address & FQDN for the IP Address Manager (IPAM) - Infoblox or Bluecat Server
• IP Address of the SFTP Server (with Username, Credentials, and Path)
• IP Address of the Primary AAA Server (with Shared Secret) if applicable.
• IP Address of the Backup\Restore Server (with Username, Credentials, and Path)
• IP Address of the Loopback Addresses or Management Addresses used for Fabric Network Devices. These
will be used for configuring DISCOVERY parameters for the devices on the DNAC.
• For the Onboarding Fabric Elements you will need some Network Settings that will be used during
Provisioning. For Example, IP addresses of:
๏ AAA Server for Network & Client/Endpoints
๏ DHCP Server(s)
๏ DNS Server(s)
๏ Syslog Server(s)
๏ NTP Server(s)
๏ Netflow Collector(s)
๏ IP Address Pools for APs, Fabric Endpoints, IP Phones, and other IP entities that need to be
onboarded. 
5 !
WORKSHEET
Template Worksheet
You can use the enclosed worksheet to fill out prior to configuring the DNAC(s) and configuring the Network
Settings for the Fabric Elements. The first steps are to configure the DNAC appliance network settings for each
node using the install \ setup script. The install \ setup script is run & configured on each DNAC appliance.
DNAC Network IP Address \  DNS  Default Gateway \  Cluster

Settings - Node 1 Netmask Server(s) Static Routes Link
NETWORK ADAPTER #1
(enp10s0)
NETWORK ADAPTER #2
(enp1s0f0)
NETWORK ADAPTER #3
(enp1s0f1)
NETWORK ADAPTER #4
(enp9s0)
NTP Servers
Cluster VIP Address (s)
Services Subnet 
/21 or greater
Cluster Services Subnet 

/21 or greater
NOTE: There are some changes in regards to VIP addresses start with DNAC version 1.2.5 & later.
Cluster Virtual IP Addresses (Required): One virtual IP address per configured network interface per cluster. This
requirement applies whether the cluster contains only one node or all three. You must supply a VIP for each
configured network interface, up to a maximum of four VIPs. Each VIP can be from the same subnet as the
IP on the corresponding configured interface. There are four interfaces on each appliance, and it is up to you to
decide which interfaces you want to configure for use. An interface is considered configured if you supply an IP for
that interface, along with a subnet mask and one or more associated default gateways or static routes. If you skip
an interface entirely during configuration, that interface is considered as not configured.
6 !

NETWORK ADAPTER #1
(enp10s0)
NETWORK ADAPTER #2
(enp1s0f0)
NETWORK ADAPTER #3
(enp1s0f1)
NETWORK ADAPTER #4
(enp9s0)
NTP Servers
Master Node IP Address

NETWORK ADAPTER #1
(enp10s0)
NETWORK ADAPTER #2
(enp1s0f0)
NETWORK ADAPTER #3
(enp1s0f1)
NETWORK ADAPTER #4
(enp9s0)
NTP Servers
Master Node IP Address
7 !
After Completing the DNAC install \ setup script, you will access the DNAC GUI interface to setup and configure
the services on the DNAC appliance. The first step will be to configure the DNAC System Settings.
DNAC Appliance IP Address FQDN Shared  Username \ Subscriber \ 

System Settings Secret Password Name
Identity Service Engine

(ISE)
IP Address Manager
(IPAM)
SFTP Server
Primary AAA Server
Backup\Restore Server
Note: For the SFTP Server & Backup\Restore Server make sure to record the appropriate “Path” locations for each
setting.
DESIGN—NETWORK SETTINGS
After configuring the DNAC’s Network and System Settings, you will need to configure the Network Settings & IP
Address Pools that will be used for Network Device & Client/Endpoint OnBoarding. Use the following tables to help
setup network properties like AAA, NTP, Syslog, Trap and NetFlow using the "Add Servers" link. Once devices are
discovered, DNA Center will deploy using these settings.
DESIGN   IP Address  IP Address  Port Doman Name

Network Settings (Primary) (Additional)
AAA Server (Network)
AAA Server (Client/Endpoint)
DHCP Server
SYSLOG Server
SNMP Server
NTP Server
NetFlow Collector Server
8 !
The configuration of IP address pools is different based on the DNAC Version that you are running. In DNAC
version 1.1.x, you configure IP address pools typically in the Global Hierarchy and all the sites use the configured
pools. In DNAC version 1.2.x, you configure IP address pools in the Global Hierarchy, but it is now required to
RESERVE an IP address pool or part of an IP address pool in the desired “site”.
DESIGN   Global \ IP Subnet \  Gateway DHCP  DNS 

IP Address Pools Site Netmask Server Server
Wired Clients (Global)
Wireless Clients (Global)
Wired Clients (Network1)
Wired Clients (Network2)
Wireless (Network1)
Wireless (Network2)
Router Loopbacks
L3 Transit Interfaces
Underlay Point to Point
SXP Interfaces
IBGP connections
IP Phones
Access Points
9 !
WORKSHEET - USE CASE EXAMPLE

 
The following is an example of how you can use this worksheet to gather the necessary IP Addressing information
before you begin the DNAC Install\Setup Script and the basic configuration of your DNAC & Fabric. 

NETWORK ADAPTER #1 10.0.0.1  X

(enp10s0) 255.255.255.0
NETWORK ADAPTER #2 172.18.217.121  64.102.6.247 172.18.217.1

(enp1s0f0) 255.255.255.0
NETWORK ADAPTER #3 < not used >

(enp1s0f1)
NETWORK ADAPTER #4 192.68.211.121  192.68.211.213  192.68.0.0/255.255.0.0/192.68.211.1 

(enp9s0) 255.255.255.0 192.68.211.215 172.48.0.0/255.255.0.0/192.68.211.1
NTP Servers 172.18.108.15 192.68.211.215 10.81.254.202
Cluster VIP Address (s) 10.0.0.124 172.18.217.129 192.68.211.124
Services Subnet  10.61.0.0/21

/21 or greater
Cluster Services Subnet  10.62.0.0/21

/21 or greater


(enp10s0) 255.255.255.0
NETWORK ADAPTER #2 172.18.217.122  64.102.6.247 172.18.217.1

(enp1s0f0) 255.255.255.0

(enp1s0f1)
NETWORK ADAPTER #4 192.68.211.122  192.68.211.213  192.68.0.0/255.255.0.0/192.68.211.1 

(enp9s0) 255.255.255.0 192.68.211.215 172.48.0.0/255.255.0.0/192.68.211.1
NTP Servers 172.18.108.15 192.68.211.215 10.81.254.202
Master Node IP Address 10.0.0.1
10 !


(enp10s0) 255.255.255.0
NETWORK ADAPTER #2 172.18.217.123  64.102.6.247 172.18.217.1

(enp1s0f0) 255.255.255.0

(enp1s0f1)
NETWORK ADAPTER #4 192.68.211.123  192.68.211.213  192.68.0.0/255.255.0.0/192.68.211.1 

(enp9s0) 255.255.255.0 192.68.211.215 172.48.0.0/255.255.0.0/192.68.211.1
NTP Servers 172.18.108.15 192.68.211.215 10.81.254.202
Master Node IP Address 10.0.0.1
** Using the worksheets during the Install\Setup Script for DNAC1, DNAC2, & DNAC3 configurations
11 !
12 !
** The DNAC Admin UI displays all DNACs operational in a 3 Node Cluster.
After Completing the DNAC install \ setup script, you will access the DNAC GUI interface to setup and configure
the services on the DNAC appliance. The first step will be to configure the DNAC System Settings.
DNAC Appliance IP Address FQDN  Shared  Username \ Subscriber \ 

System Settings .DNA.local Secret Password Name
Identity Service Engine 172.18.217.120 dna1-ise Cisco123 admin  dna1-dnac

(ISE) Cisco123
IP Address Manager 172.18.217.215 dna-infoblox1 admin  INFOBLOX

(IPAM) Cisco123
SFTP Server 172.18.217.125 ftpuser 

Cisco123
Primary AAA Server 192.68.211.120 admin 

Cisco123
Backup\Restore Server 172.18.217.125 admin 

Cisco123
Note: For the SFTP Server & Backup\Restore Server make sure to record the appropriate “Path” locations for each
setting.
13 !
14 !
DESIGN—NETWORK SETTINGS
After configuring the DNAC’s Network and System Settings, you will need to configure the Network Settings & IP
Address Pools that will be used for Network Device & Client/Endpoint OnBoarding. Use the following tables to help
setup network properties like AAA, NTP, Syslog, Trap and NetFlow using the "Add Servers" link. Once devices are
discovered, DNA Center will deploy using these settings.
DESIGN   IP Address  IP Address  Port Doman Name

Network Settings (Primary) (Additional)
AAA Server (Network) 192.68.211.120 172.18.217.120
AAA Server (Client/Endpoint) 192.68.211.120 172.18.217.120
DHCP Server 192.68.211.215 192.68.211.213
SYSLOG Server 192.68.211.213 192.68.211.124
SNMP Server 192.68.211.213 192.68.211.124
NTP Server 192.68.211.215
NetFlow Collector Server
15 !
The configuration of IP address pools is different based on the DNAC Version that you are running. In DNAC
version 1.1.x, you configure IP address pools typically in the Global Hierarchy and all the sites use the configured
pools. In DNAC version 1.2.x, you configure IP address pools in the Global Hierarchy, but it is now required to
RESERVE an IP address pool or part of an IP address pool in the desired “site”.
DESIGN   Global \ IP Subnet \  Gateway DHCP  DNS 

IP Address Pools Site Netmask Server Server
Fabric Clients (Global) Global 172.48.0.0/16
InfraStructure (Global) Global 192.68.0.0/16
Wired Clients (Network1) Site 172.48.101.0/24 172.48.101.1 192.68.211.215 192.68.211.213
Wired Clients (Network2) Site 172.48.102.0/24 172.48.102.1 192.68.211.215 192.68.211.213
Wireless (Network1) Site 172.48.111.0/24 172.48.111.1 192.68.211.215 192.68.211.213
Wireless (Network2) Site 172.48.112.0/24 172.48.112.1 192.68.211.215 192.68.211.213
Router Loopbacks Site 192.68.0.0/24
L3 Transit Interfaces Site 192.68.21.0/24
Underlay Point to Point Site 192.68.201.0/24
SXP Interfaces Site 192.68.23.0/24
IBGP connections Site 192.68.25.0/24
IP Phones Site 172.48.150.0/24 172.48.150.1 192.68.211.213 192.68.211.213
Access Points Site 172.48.254.0/24 172.48.254.1 192.68.211.215 192.68.211.213
16 !
** GLOBAL Hierarchy
** SITE Hierarchy
17 !

CX DNAC IpAddressWorksheet - v2

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CX DNAC IpAddressWorksheet - v2

Uploaded by

Copyright:

Available Formats

DNAC Configuration Planning IP Addressing Worksheet

CISCO SYSTEMS - CX HIGH TOUCH DELIVERY

DNAC IP Address Planning Worksheet

CISCO SYSTEMS - CX HIGH TOUCH DELIVERY

DNAC & IP ADDRESSING FOR THE DNA SOLUTION

DNAC - Required IP Addresses and Subnets

NETWORK ADAPTER #1 (in STEP #4 of the install\configuration script)

NETWORK ADAPTER #2 (in STEP #4 of the install\configuration script)

NETWORK ADAPTER #3 (in STEP #4 of the install\configuration script)

CISCO SYSTEMS - CX HIGH TOUCH DELIVERY

NETWORK ADAPTER #4 (in STEP #4 of the install\configuration script)

DNAC Network IP Address \ DNS Default Gateway \ Cluster

Cluster VIP Address (s)

Cluster Services Subnet

DNAC Network IP Address \ DNS Default Gateway \ Cluster

Master Node IP Address

DNAC Network IP Address \ DNS Default Gateway \ Cluster

Master Node IP Address

DNAC Appliance IP Address FQDN Shared Username \ Subscriber \

Identity Service Engine

Primary AAA Server

DESIGN IP Address IP Address Port Doman Name

AAA Server (Network)

AAA Server (Client/Endpoint)

NetFlow Collector Server

DESIGN Global \ IP Subnet \ Gateway DHCP DNS

Wired Clients (Global)

Wireless Clients (Global)

Wired Clients (Network1)

Wired Clients (Network2)

Underlay Point to Point

WORKSHEET - USE CASE EXAMPLE

DNAC Network IP Address \ DNS Default Gateway \ Cluster

NETWORK ADAPTER #1 10.0.0.1 X

NETWORK ADAPTER #2 172.18.217.121 64.102.6.247 172.18.217.1

NETWORK ADAPTER #3 < not used >

NETWORK ADAPTER #4 192.68.211.121 192.68.211.213 192.68.0.0/255.255.0.0/192.68.211.1

NTP Servers 172.18.108.15 192.68.211.215 10.81.254.202

Cluster VIP Address (s) 10.0.0.124 172.18.217.129 192.68.211.124

Services Subnet 10.61.0.0/21

Cluster Services Subnet 10.62.0.0/21

DNAC Network IP Address \ DNS Default Gateway \ Cluster

NETWORK ADAPTER #1 10.0.0.2 X

NETWORK ADAPTER #2 172.18.217.122 64.102.6.247 172.18.217.1

NETWORK ADAPTER #3 < not used >

NETWORK ADAPTER #4 192.68.211.122 192.68.211.213 192.68.0.0/255.255.0.0/192.68.211.1

NTP Servers 172.18.108.15 192.68.211.215 10.81.254.202

Master Node IP Address 10.0.0.1

DNAC Network IP Address \ DNS Default Gateway \ Cluster

NETWORK ADAPTER #1 10.0.0.3 X

NETWORK ADAPTER #2 172.18.217.123 64.102.6.247 172.18.217.1

NETWORK ADAPTER #3 < not used >

NETWORK ADAPTER #4 192.68.211.123 192.68.211.213 192.68.0.0/255.255.0.0/192.68.211.1

NTP Servers 172.18.108.15 192.68.211.215 10.81.254.202

Master Node IP Address 10.0.0.1

** The DNAC Admin UI displays all DNACs operational in a 3 Node Cluster.

DNAC Appliance IP Address FQDN Shared Username \ Subscriber \

Identity Service Engine 172.18.217.120 dna1-ise Cisco123 admin dna1-dnac

IP Address Manager 172.18.217.215 dna-infoblox1 admin INFOBLOX

SFTP Server 172.18.217.125 ftpuser

Primary AAA Server 192.68.211.120 admin

Backup\Restore Server 172.18.217.125 admin

DNAC Network IP Address \  DNS  Default Gateway \  Cluster

Cluster Services Subnet 

DNAC Network IP Address \  DNS  Default Gateway \  Cluster

DNAC Network IP Address \  DNS  Default Gateway \  Cluster

DNAC Appliance IP Address FQDN Shared  Username \ Subscriber \ 

DESIGN   IP Address  IP Address  Port Doman Name

DESIGN   Global \ IP Subnet \  Gateway DHCP  DNS 

DNAC Network IP Address \  DNS  Default Gateway \  Cluster

NETWORK ADAPTER #1 10.0.0.1  X

NETWORK ADAPTER #2 172.18.217.121  64.102.6.247 172.18.217.1

NETWORK ADAPTER #4 192.68.211.121  192.68.211.213  192.68.0.0/255.255.0.0/192.68.211.1 

Services Subnet  10.61.0.0/21

Cluster Services Subnet  10.62.0.0/21

DNAC Network IP Address \  DNS  Default Gateway \  Cluster

NETWORK ADAPTER #1 10.0.0.2  X

NETWORK ADAPTER #2 172.18.217.122  64.102.6.247 172.18.217.1

NETWORK ADAPTER #4 192.68.211.122  192.68.211.213  192.68.0.0/255.255.0.0/192.68.211.1 

DNAC Network IP Address \  DNS  Default Gateway \  Cluster

NETWORK ADAPTER #1 10.0.0.3  X

NETWORK ADAPTER #2 172.18.217.123  64.102.6.247 172.18.217.1

NETWORK ADAPTER #4 192.68.211.123  192.68.211.213  192.68.0.0/255.255.0.0/192.68.211.1 

DNAC Appliance IP Address FQDN  Shared  Username \ Subscriber \ 

Identity Service Engine 172.18.217.120 dna1-ise Cisco123 admin  dna1-dnac

IP Address Manager 172.18.217.215 dna-infoblox1 admin  INFOBLOX

SFTP Server 172.18.217.125 ftpuser 

Primary AAA Server 192.68.211.120 admin 

Backup\Restore Server 172.18.217.125 admin 

DESIGN   IP Address  IP Address  Port Doman Name

DESIGN   Global \ IP Subnet \  Gateway DHCP  DNS 