Cisco CCIE Security 350-701 – Cisco DNA Center
1. Cisco DNA Center
So now in this section we’ll start with something called Cisco DNA Center, where we’ll try to understand a basic overview of the Cisco DNA Center, what exactly it does and what is the actual job of the Cisco DNA Center. And then we’ll try to get into some other details like the appliance, probably what is appliance and the specifications and what are the things we can do. We’ll try to get into overview of the different kind of jobs. With the Cisco DNA Center, you can go with like managing the network, plenty of things.
So DevNet certification is something I’ll try to talk in this section, probably just wanted to know some options relating to DevNet and the DevNet sandbox where you can simulate or where you can log in and you can practice the labs for Cisco DNA Center. And then finally I’ll try to get into some other options like Cisco DNA Center components, like the actual components inside and what exactly they do. So let’s get started here. So cisco DNA center. DNS stands for digital network architecture. That’s for DNA. And the DNA center. We call it as. So it is simply as an appliance. So it’s an appliance provided by Cisco. And this appliance is going to provide you multiple things like provide a centralized graphical interface.
Now, so what is graphical interface? Again, if you want to manage your devices, like these are your network devices and I want to manage them remotely or monitor them, there are plenty of things we can do. We’ll go a little bit next. So probably what we are going to do is we are going to manage from the DNS Center here. So probably it’s an appliance, as I said. And this appliance is going to provide you the graphical interface using graphic interface. You can do plenty of things. So we can say this is like a new approach to manage your devices.
You can manage, you can configure, you can troubleshoot the devices from a single pin. So single pane of glass we call it, as a single place we can say, so the devices can be like routers features or any specific servers, probably your firewalls, it can be anything. Now we call it as centralized. Now why we call that centralized and how it is going to be different. Because if you go back, if you know some of the older ways to manage your devices, we can go with the CLI where I can log into the command line of each and every device and I can do some basic changes like you can do console, you can do SSH, you have tenant options.
So that is like one method. You manage your device, you log into the device from there. And also you have a separate SNMP server in your network, like somewhere you can say this is your network, you have something like dedicated SNMP server. And this SNP server is responsible for monitoring your network and also to some extent you can push some configurations. We have seen that in the SNP topics. And then we have other ways. Like you have something called Cisco Network Assistant that’s a kind of GUI interface to manage your switches. Probably a separate and for routers. Also Cisco introduced something called CCP Cisco Configuration Professional for managing the GUI for the routers, separate GUI for the routers. And then you have a separate GUI for something like ASDM for ASAP Firewalls. And those devices, like every product or every device have their own way you manage. So if that particular device supports graphical, you have a separate software or a separate option which is generally used to manage. There are plenty like even earlier we have something called Cisco Prime Infrastructure. You can say this is like an older version of the Cisco DNA. Like Cisco DNA replaces the Cisco Prime infrastructure now, so there are different options to manage. But the main issue is these are like more like a separate GUI interfaces. So you log into the device separately, you log in and access separately. So there’s no relation mostly. So you cannot go and say I’ll go to the Cisco Network Assistant where I’m going to manage the switches, I can still log into the router or the ASA. It’s not like that. So which means you’ll be using a separate GUI and a separate software or separate option to manage each and every device, whether it is a command line or whether it is graphical interface. Now, probably with Cisco DNA, what we are going to do is so these all are centralized at one place. So that’s what the meaning of centralized geo.
Now venezuela centralized means now if you want to manage your router, probably you can still do that from the DNA. You can initiate a telenet session via command line or you can also get into the GUI means you can manage via GUI. You can push the configurations from the GUI interface itself. Means you don’t need to have a separate GUI interface. Of course the routers may not have but still you can push the configurations more in a gai format. But at the end, like templates will create some templates in a Gui and these templates are going to be executed in the form of CLI, just like you type in the commands. So that’s what again the programming interface. So it’s going to provide you something called a programming interface where you can build some kind of templates and those templates can be deployed back on the devices in the form of just like a normal CLI command. Okay, so there are plenty of things it will do that’s what basic overview of the DNA, what exactly it will do. And with DNA you can do a lot of things.
So I’m going to just give a basic options here, but probably in the next presentations I’ll be covering a little bit more detail with a graphical interface I’ll show you a little bit options later on. These are all the things we do in our production network. The same thing we are going to do. We design the network now with DNS center we can design it via GUI, we can actually see the physical topology, how it looks and then we can also see the maps depending upon the locations. Like let’s say you have one side in us and inside the US again you have one side in California, probably one side in a different location. I’ll just view the names as ABC so probably you can see the map of those devices. So I’ll show you the interface as well in the later on.
But here as I said, I don’t want to jump into that part right now. So that will just cover the basic overview. And in that map again, we can build a topology. Like we can build a site or area, we call it as in that site, we can add specific areas or buildings. We can add building one and then building two, building three. And in that building again, we can have a logical separation of the floors like that. So it’s more like a graphical view. And in that floor we can have a four plan. So there are different options and we can drag and drop the devices probably from one side to another side.
Let’s say you want to move a specific devices. Of course physically you have to move the devices but later on you can also push the configurations directly onto the site like the common configurations when you apply to the site it will automatically apply to all the devices. Also you can allocate the IP addresses from here to specific devices. We call it as IP address allocations and there are different options you can configure from here. Now apart from that you can also add the devices. Now adding the devices includes like there is an option called discovery option. Now with help of discovery option now this DNS Center can go and use different options like CDPR. You can also define an IP range option so where it is going to discover all the devices and automatically all the discover devices will be added in some list call inventory and from there you can actually see all the you can actually figure out all the devices present in your network. Of course there should be some kind of reachability or the prerequisite for that and probably once the devices are listed in the inventory now you can designate these devices to specific sites or in a specific floor.
You can deploy an access point and see the range in a graphical interface, how far that access point is going to cover, depending upon the model, depending upon the type of the anti Knight uses. You can also configure customize the settings like you can configure the DSCP settings, triple A settings or DNS server settings and you can deploy this to all the devices means you don’t need to go to each and every device to do that. Whatever the settings you apply on the DNS Center, you can push those things into the individual devices on that particular site or to all the sites like global settings options are there. So you can devise from a single place, you can design from a single place and you can add and configure the devices, you can monitor the devices. Now monitoring is more like in the job of SNMP kind of SNMP as well. So probably with the DNS Center, it is going to show you the graphical interface, the GUI display of your devices, of your topology, how it looks and all the applications, whatever the applications you are using and also the health status of those devices and all the devices you have all this information on a single click. You just click on the device.
You get all the device information from a single plane. Means you don’t need to go to each and every device to monitor like even if you want to say let’s say I want to see the CPU utilization of this device. Now you don’t need to go there, you just need to select the device and then issue the command here like show process CPU and it’s going to send that CLI commands to the device and get the output displayed here where you don’t need to log into the router. So it’s like normally if you want to monitor the seat utilization you need to go and execute the command over there or you need some kind of SNMP software running in your network to get the information. So we have those options in built here. Of course you can do troubleshooting as well from this single place. Now, troubleshooting wise, with a DNS center it is going to display all the information in the graphs like the utilization or the link status those kind of information which are easy to read and also, as I said it is going to show you the health status of the devices.
And with the help of these options, we can identify the specific patterns or specific problems can be identified. And if they identify any problem in this genius center is going to provide you some kind of possible solutions. Just like whenever you have some issue with the network interface card you just click on that then probably you have some kind of diagnostic option. Similar way you can get here now just like this. Let’s say if I have some issue with here so you have an option of diagnosis in the windows where it is going to detect the possible problems or similar way you have some kind of this DNS software is going to get some details. And based on the details, it is going to provide you the possible solutions the same way what you see here. Okay, so this is one more thing you can troubleshoot your networks and it’s going to show the options like whether the let’s say a simple example.
If you take a PC here and this PC is the user is experiencing some connectivity issues, not able to access some resources. Now the DNS Center is going to collect the statistics like check the interface connection or check the DSCP IP address whether it gets or not, check whether the DSCP server is reachable or not. Like that. It is going to collect some statistics and it’s going to display with some options and with those options we can easily figure out that okay, let’s check this, let’s try this. Something like that. So these are specific options. And one more thing I can add like the DNS Center supports something called Path Trace option and with the help of Path thread option, let’s say you got your network something like this and the user, the PC one sitting here is unable to access the server on the other side. And what you can do is you can visualize the packet flow which means when the packet is going from here and here to reach. So instead of sending a packet, the DNS Center is going to visualize as if you are sending a packet and it’s going to go through the network and then it is going to check where exactly is going to stop and what might be the possible problem over there.
Like maybe the ACL issue or the routing issue. It can be anything, right? So probably it can visualize and give you the exact point or the place where might be the problem and also can provide you the possible solutions to fix that problem. So it’s more like troubleshooting your network with all the possible options and it can automatically fix some issues depending upon how you configure the things. You can also say that okay, if this problem comes you automatically go in and execute this or run this command or do this particular task so that can also be automated based on the programming interface. And then finally you can also configure some specific policies. Now these access policies are like exactly what you want or how your network to behave. Now in simple words we can say it allows you to build some kind of virtual networks. Just like virtual land, you have a separate land separation. Similar way we can build some virtual networks and within that virtual network let’s say I don’t want some traffic should be denied or some traffic should be permitted more like an ACL job.
We can configure some kind of policies and this policy is going to define what traffic will be allowed between the virtual networks or within the virtual networks. So we can say it’s going to control the access within your network or between the networks. Like we can also say something like the security policy which is going to define what traffic is allowed. Apart from that we can also configure some kind of quality of service policies where you can prioritize specific traffic like BYP traffic should be at this much of bandwidth there should not be any delays, something like that. You can also configure some quality of service policies as.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »