Configure the Appliance

Appliance Configuration Overview

You can deploy the appliance in your network in one of the following two modes:

Standalone: As a single node offering all the functions. This option is usually preferred for initial or test deployments and in smaller network environments.
Cluster: As a node that belongs to a three-node cluster. In this mode, all the services and data are shared among the hosts. This is the preferred option for large deployments.

If you choose the Standalone mode for your initial deployment, you can add more appliances later to form a cluster. When configuring the standalone host, ensure that it is set it up as the first, or primary, node in the cluster.

If you choose the Cluster mode for your initial deployment, be sure to finish configuring the primary node before configuring the secondary nodes.

To proceed, complete the following tasks:

Launch the Maglev Configuration wizard from Cisco IMC and configure the primary node in your cluster. See Configure the Primary Node.
If you have installed three appliances and want to add the second and third nodes to your cluster, see Configure a Secondary Node.

Maglev Wizard Interface Configuration Order

The order in which Cisco DNA Center appliance interfaces are configured in the Maglev Configuration wizard differ between the first and second-generation appliance, as illustrated in the following table. Refer to these Cisco part numbers to determine whether you have a first or second-generation appliance:

First-generation 44-core appliance: DN1-HW-APL
Second-generation:
- 44-core appliance: DN2-HW-APL
- 44-core promotional appliance: DN2-HW-APL-U
- 56-core appliance: DN2-HW-APL-L
- 56-core promotional appliance: DN2-HW-APL-L-U
- 112-core appliance: DN2-HW-APL-XL
- 112-core promotional appliance: DN2-HW-APL-XL-U


Cisco DNA Center Appliance Interface and Function	Appliance Type	Configuration Order in the Maglev Wizard
Cluster (enp10s0): Links the appliance to your cluster nodes.	First-generation	Network Adapter #1
	Second-generation	Network Adapter #2
Management (enp1s0f0): Allows you to access the Cisco DNA Center GUI from your management network.	First-generation	Network Adapter #2
	Second-generation	Network Adapter #3
Cloud (enp1s0f1): Provides internet access when another interface is not available for this purpose.	First-generation	Network Adapter #3
	Second-generation	Network Adapter #4
Enterprise (enp9s0): Links the appliance to your enterprise network.	First-generation	Network Adapter #4
	Second-generation	Network Adapter #1

Configure the Primary Node

Perform the steps in this procedure to configure the first installed appliance as the primary node. You must always configure the first appliance as the primary node, whether it will operate standalone or as part of a cluster.

If you are configuring the installed appliance as an secondary node for an existing cluster that already has a primary node, follow the steps described in Configure a Secondary Node instead.

Note

Ensure that all of the IP addresses you enter while completing this procedure are valid IPv4 addresses with valid IPv4 netmasks. Also make sure that the addresses and their corresponding subnets do not overlap. Service communication issues can result if they do.

Important

Before you configure the appliances in a three-node cluster, ensure that you have logged out of those appliances. Otherwise, the Quick Start workflow (which you complete to discover your network's devices and enable telemetry) will not start after you have configured your cluster's appliances and log in to Cisco DNA Center for the first time.

Before you begin

Ensure that you:

Collected all of the information specified in Required IP Addresses and Subnets and Required Configuration Information.
Installed the first appliance, as described in Appliance Installation Workflow.
Configured Cisco IMC browser access on the primary node, as described in Enable Browser Access to Cisco Integrated Management Controller.
Checked that the primary node appliance's ports, and the switches they use, are properly configured, as described in Execute Preconfiguration Checks.
Confirmed that you are using a compatible browser. For a list of compatible browsers, see the Release Notes document for the version of Cisco DNA Center you are installing.
Enabled ICMP on the firewall between Cisco DNA Center and both the default gateway and the DNS server you specify in the following procedure. The Maglev Configuration wizard uses ping to verify the gateway and DNS server you specify. This ping might get blocked if a firewall is in place and ICMP is not enabled on that firewall. When this happens, you will not be able to complete the wizard.

Procedure

Step 1

Point your browser to the Cisco IMC IP address you set during the Cisco IMC GUI configuration you performed, and log in to the Cisco IMC GUI as the Cisco IMC user (see Enable Browser Access to Cisco Integrated Management Controller).

After successful login, the appliance displays the Cisco Integrated Management Controller Chassis Summary window, with a hyperlinked menu at the top of the window, as shown below.

Step 2

From the hyperlinked menu, choose Launch KVM and then select either Java based KVM or HTML based KVM. If you select Java-based KVM, you will need to launch the Java startup file from your browser or file manager in order to view the KVM console in its own window. If you select HMTL-based KVM, it launches the KVM console in a separate window or tab automatically.

Irrespective of the KVM type you choose, use the KVM console to monitor the progress of the configuration and respond to the Maglev Configuration wizard prompts.

Step 3

With the KVM displayed, reboot the appliance by making one of the following selections:

In the main Cisco IMC GUI browser window: Choose Host Power > Power Cycle, and switch to the KVM console to continue.
In the KVM console: Choose Power > Power Cycle System (cold boot).

If you are asked to confirm your choice to reboot the appliance, click OK.

After displaying reboot messages, the KVM console displays the Maglev Configuration wizard welcome screen.

Step 4

Click Start a Cisco DNA Center Cluster to begin configuring the primary node.

The wizard discovers all of the ports on the appliance and presents them to you one by one, in separate screens, in the following order:

10-Gbps Cluster port (Port 2, enp10s0, Network Adapter #1)
1-Gbps Cisco DNA Center GUI port (1, enp1s0f0, Network Adapter #2)
1-Gbps Cloud port (2, enp1s0f1, Network Adapter #3)
10-Gbps Enterprise port (Port 1, enp9s0, Network Adapter #4)

Note

If the wizard fails to display either or both of the Enterprise and Cluster ports during the course of configuration, these ports may be non-functional or disabled. These two ports are required for Cisco DNA Center functionality. If you discover that they are non-functional, choose cancel to exit the configuration immediately. Be sure you have completed all of the steps provided in Execute Preconfiguration Checks before resuming configuration or contacting the Cisco Technical Assistance Center (TAC).

Step 5

The wizard discovers the 10-Gbps Cluster port (Port 2, enp10s0) first, and presents it as NETWORK ADAPTER #1. As explained in Interface Cable Connections, this port is used to link the appliance to the cluster, so apply the host IP address, netmask, and other values that are appropriate for this purpose (see Required IP Addresses and Subnets and Required Configuration Information for the values to enter).

Enter the configuration values for NETWORK ADAPTER #1, as shown in the table below.

Table 1. Primary Node Entries for Network Adapter #1: 10-Gbps Cluster Port (enp10s0)

Host IP address

Enter the IP address for the Cluster port. This is required. Note that you cannot change the address of the Cluster port later.

Netmask

Enter the netmask for the port's IP address. This is required.

Default Gateway IP address

Enter a default gateway IP address to use for the port.

Important

Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.

DNS Servers

Enter the IP address of the preferred DNS server. If you are entering multiple DNS servers, separate the IP addresses in the list with spaces.

Important

For each appliance in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for an appliance.

Static Routes

Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>. This is usually required on the GUI port only.

Cluster Link

Check the check box to indicate that this port will be the link to a cluster. This is required on the Cluster port only.

After you finish entering the configuration values, click next>> to proceed. The wizard validates the values you entered and issues an error message if any are incorrect. If you receive an error message, check that the value you entered is correct, then reenter it. If needed, click <<back to reenter it.

Step 6

After successful validation of the Cluster port values you entered, the wizard presents the 1-Gbps Cisco DNA Center GUI port (1, enp1s0f0) as NETWORK ADAPTER #2. As explained in Interface Cable Connections, this port is used to access the Cisco DNA Center GUI from your management network. Apply the host IP address, netmask, and other values that are appropriate for this purpose (see Required IP Addresses and Subnets and Required Configuration Information for the values to enter).

Enter the configuration values for NETWORK ADAPTER #2, as shown in the table below.

Table 2. Primary Node Entries for Network Adapter #2: 1-Gbps GUI Port (enp1s0f0)

Host IP address

Enter the IP address for the 1-Gbps GUI Port. This is required only if you are using the GUI Port to access the Cisco DNA Center GUI from your management network; otherwise, you can leave it blank.

Netmask

Enter the netmask for the port's IP address. This is required if you enter an IP address.

Default Gateway IP address

Enter a default gateway IP address to use for the port.

Important

Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.

DNS Servers

Enter the IP address of the preferred DNS server. If you are entering multiple DNS servers, separate the IP addresses in the list with spaces.

Important

For NTP, ensure port 123 (UDP) is open between Cisco DNA Center and your NTP server.
For each appliance in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for an appliance.

Static Routes

Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>.

Cluster Link

Leave this field blank. It is required on the Cluster port only.

After you provide the necessary information, click next>> to proceed. Correct any validation errors as you did in previous screens.

Step 7

After successful validation of the Cisco DNA Center GUI port values you entered, the wizard presents the 1-Gbps Cloud port (2, enp1s0f1) as NETWORK ADAPTER #3. As explained in Interface Cable Connections, this is an optional port used to link the appliance to the Internet when you cannot do so through the 10-Gbps Enterprise port (Port 1, enp9s0). Apply the host IP address, netmask, and other values that are appropriate for this purpose (see Required IP Addresses and Subnets and Required Configuration Information for the values to enter).

Enter the configuration values for NETWORK ADAPTER #3, as shown in the table below.

Table 3. Primary Node Entries for Network Adapter #3: 1-Gbps Cloud Port (enp1s0f1)

Host IP address

Enter the IP address for the Cloud port. This is required only if you are using the Cloud port for internet connection; otherwise, you can leave it blank.

Netmask

Enter the netmask for the port's IP address. This is required if you enter an IP address.

Default Gateway IP address

Enter a default gateway IP address to use for the Cloud port.

Important

Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.

DNS Servers

Enter the IP address of the preferred DNS server. If you are entering multiple DNS servers, separate the IP addresses in the list with spaces.

Important

For each appliance in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for an appliance.

Static Routes

Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>. This is usually required on the Cisco DNA Center GUI port only.

Cluster Link

Leave this field blank. It is required on the Cluster port only.

After you provide the necessary information, click next>> to proceed. Correct any validation errors as you did in previous screens.

Step 8

After successful validation of the Cloud port values you entered, the wizard presents the 10-Gbps Enterprise port (Port 1, enp9s0) as NETWORK ADAPTER #4. As explained in Interface Cable Connections, this port is required to link the appliance to the enterprise network. Apply the host IP address, netmask, and other values that are appropriate for this purpose, (see Required IP Addresses and Subnets and Required Configuration Information for the values to enter).

Enter the configuration values for NETWORK ADAPTER #4, as shown in the table below.

Table 4. Primary Node Entries for Network Adapter #4: 10-Gbps Enterprise Port (enp9s0)

Host IP address

Enter the IP address for the 10-Gbps Enterprise port. This is required.

Netmask

Enter the netmask for the port's IP address. This is required.

Default Gateway IP address

Enter a default gateway IP address to use for the port.

Important

Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.

DNS Servers

Enter the IP address of the preferred DNS server. If you are entering multiple DNS servers, separate the IP addresses in the list with spaces.

Important

For each appliance in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for an appliance.

Static Routes

Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>. This is usually required on the Cisco DNA Center GUI port only.

Cluster Link

Leave this field blank. It is required on the Cluster port only.

After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens. The wizard validates and applies your network adapter configurations.

Step 9

After the network adapter configuration is complete, the wizard prompts you to enter configuration values for the NETWORK PROXY you are using, as shown below.

Enter the configuration values for the NETWORK PROXY, as shown in the table below.

Table 5. Primary Node Entries for Network Proxy

HTTPS Proxy

Enter the URL or host name of an HTTPS network proxy used to access the Internet.

Note

Connection from Cisco DNA Center to the HTTPS proxy is supported only via HTTP in this release.

HTTPS Proxy Username

Enter the user name used to access the network proxy. If no proxy login is required, leave this field blank.

HTTPS Proxy Password

Enter the password used to access the network proxy. If no proxy login is required, leave this field blank.

After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.

Step 10

After network proxy configuration completes, the wizard prompts you to enter virtual IP addresses for the primary node, in MAGLEV CLUSTER DETAILS, as shown below.

Enter a space-separated list of the virtual IP addresses used for traffic between the cluster and your network. This is required for both three-node clusters and single-node clusters that will be converted into a three-node cluster in the future. If you have a single-node cluster setup and plan to stick with it, skip this step and proceed to Step 11.

Important

You must enter one virtual IP address for each configured network interface. You will not be able to complete the wizard unless you do so. These addresses are tied to the cluster link's status, which must be in the UP state.

You also have the option to specify the fully qualified domain name (FQDN) for your cluster. Cisco DNA Center uses this domain name to do the following:

It uses this hostname to access your cluster’s web interface and the Representational State Transfer (REST) APIs used by devices in the enterprise network that Cisco DNA Center manages.
In the Subject Alternative Name (SAN) field of Cisco DNA Center certificates, it uses the FQDN to the define the Plug and Play server that should be used for device provisioning.

After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.

Step 11

After you have entered the virtual IP addresses, the wizard prompts you to enter USER ACCOUNT SETTINGS values, as shown below.

Enter the values for USER ACCOUNT SETTINGS, as shown in the table below.

Table 6. Primary Node Entries for User Account Settings
Linux Password	Enter a Linux password for the maglev user.
Re-enter Linux Password	Confirm the Linux password by entering it a second time.
Password Generation Seed	If you do not want to create the Linux password yourself, enter a seed phrase in this field and then press <Generate Password> to generate the password.
Auto Generated Password	(Optional) The seed phrase appears as part of a random and secure password. If desired, you can either use this password "as is", or you can further edit this auto-generated password. Press <Use Generated Password> to save the password.
Administrator Passphrase	Enter a password for the default admin superuser, used to log in to Cisco DNA Center for the first time.
Re-enter Administrator Passphrase	Confirm the administrator passphrase by entering it a second time.

After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.

Step 12

After you have entered the user account details, the wizard prompts you to enter NTP SERVER SETTINGS values, as shown below.

Enter one or more NTP server addresses or hostnames, separated by spaces. At least one NTP address or hostname is required. For a production deployment, we recommend that you configure a minimum of three NTP servers.

After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens. The wizard validates and applies your NTP server configuration.

Step 13

After you have specified the appropriate NTP servers, the wizard prompts you to enter MAGLEV ADVANCED SETTINGS values, as shown below.

Enter the configuration values for MAGLEV ADVANCED SETTINGS, as shown in the table below.

Table 7. Primary Node Entries for Maglev Advanced Settings
Container Subnet	A dedicated, non-routed IP subnet that Cisco DNA Center uses to manage internal services. By default, this is already set to 169.254.32.0/20, and we recommend that you use this subnet. If you choose to enter another subnet, ensure that it does not conflict with or overlap any other subnet used by the Cisco DNA Center internal network or an external network. For more information, see the Container Subnet description in Required IP Addresses and Subnets.
Cluster Subnet	A dedicated, non-routed IP subnet that Cisco DNA Center uses to manage internal cluster services. By default, this is already set to 169.254.48.0/20, and we recommend that you use this subnet. If you choose to enter another subnet, ensure that it does not conflict with or overlap any other subnet used by the Cisco DNA Center internal network or an external network. For more information, see the Cluster Subnet description in Required IP Addresses and Subnets.

When you are finished, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.

Step 14

After you have entered the Maglev advanced settings, a final message appears, stating that the wizard is ready to apply the configuration (as shown below).

Click proceed>> to complete the configuration wizard.

The host will reboot automatically and display messages on the KVM console as it applies your settings and brings up services. This process can take several hours. You can monitor its progress via the KVM console.

At the end of the configuration process, the appliance power-cycles again, then displays a CONFIGURATION SUCCEEDED! message.

What to do next

If you are deploying this appliance in standalone mode only, perform the first-time setup: First-Time Setup Workflow.
If you are deploying this appliance as the primary node in a cluster, configure the second and third installed appliances in the cluster: Configure a Secondary Node.

Configure a Secondary Node

Perform the steps in this procedure to configure the second and third appliances in the cluster.

Important

In order to build a three-node cluster, the same version of the System package must be installed on your three Cisco DNA Center appliances. Otherwise, unexpected behavior and possible downtime can occur.

Note

Important

When joining each new secondary node to the cluster, you must specify the first host in the cluster as the primary node. Note the following when joining secondary nodes to a cluster:

Be sure to join only a single node to the cluster at a time. Do not attempt to add multiple nodes at the same time, because this results in unpredictable behavior.
Before adding a new node to the cluster, be sure that all installed packages are deployed on the primary node. You can check this by using Secure Shell to log in to the primary node's Cisco DNA Center Management port as the Linux User (maglev) and then running the command maglev package status. All installed packages should appear in the command output as DEPLOYED. In the following example, a few packages were not installed, such as the application-policy and sd-access packages. They are the only packages whose status is NOT_DEPLOYED. Your package status should look similar to this before configuring a secondary node.
Expect some service downtime during the cluster attachment process for each secondary node. Services will need to be redistributed across the nodes and the cluster will be down for periods of time during that process.