Cisco CCIE Security 350-701 – Cisco DNA Center Part 3

4. DNA Center- What can do – PART 2

Apart from that, with the DNS Center, we can also design the network hierarchy and the settings. Now this design network hierarchy represents your network in different geographical locations. Now to get into this option, again, you go to the Home page and you can directly jump into the design option here. Now from here you can see the hierarchy of your network. Like the hierarchy is like you have a global option. Now in this global, it is going to display all the devices and in that again, you have something like subcategories, like you have something like headquarters here.

If you just select the headquarters, it is going to display the headquarters and then the different buildings in the headquarters. And even you can see there is a specific sandos site. And again in that Sandy’s, again there is a building and if you click on that, you’ll get the exact details, like the address details. Now depending upon this and of course you can add specific sites from here.

So I don’t have an option here in this rack. But again, if you are going with a DNS Center reserve option where you can now even you can import the topology or even you have an option of Upload where you already have an existing network hierarchy in your old infrastructure. You can also upload the existing network hierarchy from your Cisco Prime infrastructure as well. Now the other things like you can also run the diagnostic commands on the devices. Now, inside the DNS center, we have something called command Runner. Let me show you that option here. If you go to the Home page and if you scroll down, you’ll find the option, something called Command Runner. Now this tool allows you to send some select commands to the selected devices. Like here you can specifically select any device. Let’s say I’m going to select one Cisco catalyst switch.

Of course you can also select multiple devices. This one. Now these two devices are being selected and select the commands like I want to execute something like show IP route. That’s the command. So you can just simply say run the command. And once you run the command now if you want to verify the output, you can verify from here. So if you remember in the beginning I said you don’t need to go to the command line of individual device to monitor. You can select the device from here and you can run the commands here. So this is a Command Runner tool where you can run the diagnostic commands of any specific device. From here you don’t need to go to the CLI or telnet to that particular device. Of course you can also configure some templates that I’ll cover.

Next, if you want to make any changes, we just verify the commands here. So we can also select multiple devices as I said here. So next thing you can also create templates, templates to automate the device configuration changes. Now inside the DNS center. If I go to the home page we have an option, something called template editor. That’s what here you can see. Now this template editor provides you the centralized CLI management tool. And with the help of this tool, we can design a set of configurations that needed to be applied on selected devices. Like, let’s say you want to do some kind of configurations and this configuration should be applied to multiple devices like switch one, switch to switch three, switch four. So all have the same configuration except the IP address is slightly different or the host name is slightly different and the rest of the conflation remains the same. So what I can do is I can create some kind of template here and I can push this configurations to the multiple devices directly or specific sites.

Maybe you want to apply to all the switches on the specific sites. We can select that particular site and we can apply the setup configurations which are more similar. Okay, so we can use this template editor to build the configurations and apply to one or more devices. Like here you can see there are some options here you can find description, there are many options. Like if you want to change the host name, probably you can simply say this symbol and the name and again this symbol with interface name that will change interface name automatically and then description. So there are options, I’m not getting into the scripting options here, but if you know that once you get an idea about that scripting options, then we can use those scripts here to build the templates and then apply these templates to the selected devices over there.

Okay, so with the help of this template editor, we can create, edit and delete the templates and also we can add interactive commands, specific commands. Also we can add and also I can validate those scripts because there’s a possibility that before you go ahead and apply you just wanted to check or validate those particular scripts. You can validate if there are any errors. You can also fix them before you apply to the end devices. So even we can simulate this template as well. So before you send we can also simulate the behavior of that particular template on those end devices. We can also do that. The next thing, we can also configure something called telemetry profiles. Now these options you’ll find inside the home page. If you go to tools you have an option of network telemetry. Now this telemetry tool allows you to configure and apply specific profiles on the devices.

And you can see there are some pre configured profiles here and these profiles are responsible for some kind of monitoring, the monitoring and accessing the health condition of those devices. Like if you try to see here, this profile is specifically providing some debugging capabilities or this profile is going to provide you some kind of syslog warning messages. So like that we can enable a specific telemetry profiles which allows you to provide what type of data you want to capture, like you want to capture the syslog or NetFlow where you want to collect some traffic. Those kind of things we can configure here. So network telemetry profiles allows you to kind of monitoring and accessing the health condition of the devices or your network. Now the other thing we can do with the Cisco DNA Center is like identifying the network security advisories.

Now there is a specific tool called Network Advisory. Network security advisory tool. Now this is going to scan the inventories, all the devices in the inventory list within the DNA center and then it is going to find the devices with vulnerabilities. And then once it finds the vulnerabilities it is going to provide you some kind of recommended solutions to fix them. So this is kind of rotating the vulnerabilities inside the devices and providing some possible advisory options to fix them. But again, this option is not available in this I cannot show you here because for this you must install, there is a prerequisite called machine reasoning package. There is something called machine reasoning package that needs to be installed on the devices and this is only available for the routers and switches that is going to comply with minimum software support. Again, there is a specific prerequisite image must be running on the routers and the switches to run this tool.

Now the next thing we can also configure some kind of policies. Now policies, we call them as group based policies. Now basically these policies are going to control what type of traffic is going to be permitted or denied. Like, take an example, I got an engineering department and I got an HR department. What traffic should be allowed or denied between these two departments. So more like an ACL kind of thing. So we create something called virtual networks. Here the virtual networks are like a separate separation of your networks or segmentation of your networks. We call it as. And then within the virtual networks we can also say within that virtual network what traffic should be allowed or denied in the form of some kind of policies. So those policies are like group based or IP based normally. So you’ll find this option if you go to the home page and then you have an option of policy and as I don’t have any permissions to change them.

So here you can find this policy here. So we have IP based policies we can apply based on specific IPS or network based policies as well as Access contract. Now, Access contract is going to define the rules like combination of both the previous ones, these two options. Now the next thing, once we configure the policies, so the next thing is we are going to provision your network. Now the provision network means now in the previous step we have configured the policies now these policies are going to define what traffic or exactly how the network should behave, so how the network should look or how it should behave. And once you confirm the policies we need to apply those policies onto the devices and that’s what we are going to do in the provisioning of your network. So here we are going to deploy the policies across the network, across your network. So this includes like you might be adding your sites, you may want to add a specific site or you want to deploy some specific settings like server settings or some kind of policies you can apply here listed in the inventory and also we can install and manage those device softwares as well.

So you’ll find this option in the home page where you can see the provision option and the provision option. You’ll find the different options here and where we are going to deploy the policies here in the provision option. And finally we have something called DNA assurance and troubleshooting. So with DNA Center we have an option called DNA assurance. Let’s go to the home page and see the option here you can see there is an option of assurance here. Now this assurance includes the options to monitor your network and troubleshoot like monitoring the status the health status of the devices. Like here you can see the health status of the different devices listed here indicated in a graphs here the diagrams which will help you to easily identify and also the health status of the wireless client, the clients as well as applications. Also now again it is going to enable the NetFlow to collect the information about the network traffic and provide that information in the real time. And once it gathers the information, it is going to compare that information and then correlate with the data and then provide you the visualization of the health status of the devices and also possible actions. Like if there is some kind of issue. You can find the issues here.

And also you can also take an action to fix those issues like troubleshooting the solutions. So most of these options comes under assurance. You can find the different options here to manage those assurance settings and also we have specific tools like troubleshooting tools which can help in monitoring as well as troubleshooting with a DNA Center application. With the help of this assurance and the trouble ruleshooting tools we can identify the specific patterns like patterns or the problems like if this is a problem then it’s going to provide you some guid options and going to tell them.

• Category: Uncategorized