Cisco DNA Center Second-Generation Appliance Installation Guide, Release 2.2.3
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
You can deploy the appliance in your network in one of the following two modes:
Standalone: As a single node offering all the functions. This option is usually preferred for initial or test deployments
and in smaller network environments. If you choose Standalone mode for your initial deployment, you can add more appliances
later to form a cluster. When configuring the standalone host, ensure that it is set it up as the first, or primary, node
in the cluster.
Cluster: As a node that belongs to a three-node cluster. In this mode, all the services and data are shared among the hosts.
This is the preferred option for large deployments. If you choose Cluster mode for your initial deployment, be sure to finish
configuring the primary node before configuring the secondary nodes.
The order in which Cisco DNA Center appliance interfaces are configured in the Maglev Configuration wizard differ between the first and second-generation appliance,
as illustrated in the following table. Refer to these Cisco part numbers to determine whether you have a first or second-generation
appliance:
First-generation 44-core appliance: DN1-HW-APL
Second-generation:
44-core appliance: DN2-HW-APL
44-core promotional appliance: DN2-HW-APL-U
56-core appliance: DN2-HW-APL-L
56-core promotional appliance: DN2-HW-APL-L-U
112-core appliance: DN2-HW-APL-XL
112-core promotional appliance: DN2-HW-APL-XL-U
Cisco DNA Center Appliance Interface and Function
Appliance Type
Configuration Order in the Maglev Wizard
Enterprise: Links the appliance to your enterprise network.
First-generation
Network Adapter #4
Second-generation
Network Adapter #1
Intracluster: Links the appliance to your cluster nodes.
First-generation
Network Adapter #1
Second-generation
Network Adapter #2
Management: Allows you to access the Cisco DNA Center GUI from your management network.
First-generation
Network Adapter #2
Second-generation
Network Adapter #3
Internet: Provides internet access when another interface is not available for this purpose.
First-generation
Network Adapter #3
Second-generation
Network Adapter #4
IPv4 and IPv6 Considerations
Keep these points in mind regarding Cisco DNA Center and IPv4/IPv6 addressing:
Cisco DNA Center does not support dual stack addressing—the simultaneous use of both IPv4 and IPv6 addressing.
Restoring the backup file for an appliance using IPv4 onto an appliance using IPv6 (and vice versa) is not supported.
If your appliance uses IPv6 addressing, see the "IPv6 Limitations" section in the Release Notes for Cisco Cisco DNA Center for a description of the features that are not supported.
Configure the Primary Node Using the Maglev Wizard
Perform the steps in this procedure to configure the first installed appliance as the primary node. You must always configure
the first appliance as the primary node, whether it will operate standalone or as part of a cluster.
If you are configuring the installed appliance as a secondary node for an existing cluster that already has a primary node,
follow the steps described in Configure a Secondary Node Using the Maglev Wizard instead.
Note
Ensure that all of the IP addresses you enter while completing this procedure are valid IPv4 addresses with valid IPv4 netmasks.
Also make sure that the addresses and their corresponding subnets do not overlap. Service communication issues can result
if they do.
Important
Before you configure the appliances in a three-node cluster, ensure that you have logged out of those appliances. Otherwise,
the Quick Start workflow (which you complete to discover your network's devices and enable telemetry) will not start after
you have configured your cluster's appliances and log in to Cisco DNA Center for the first time.
Checked that the primary node appliance's ports, and the switches they use, are properly configured, as described in Execute Preconfiguration Checks.
Confirmed that you are using a compatible browser. For a list of compatible browsers, see the Release Notes document for the version of Cisco DNA Center you are installing.
Enabled ICMP on the firewall between Cisco DNA Center and both the default gateway and the DNS server you specify in the following procedure. The Maglev Configuration wizard uses
ping to verify the gateway and DNS server you specify. This ping might get blocked if a firewall is in place and ICMP is not
enabled on that firewall. When this happens, you will not be able to complete the wizard.
After successful login, the appliance displays the Cisco Integrated Management Controller Chassis Summary window, with a hyperlinked menu at the top of the window, as shown below.
Step 2
From the hyperlinked menu, choose Launch KVM and then select either Java based KVM or HTML based KVM. If you select Java-based KVM, you will need to launch the Java startup file from your browser or file manager in order to view the KVM console in its
own window. If you select HMTL-based KVM, it launches the KVM console in a separate window or tab automatically.
Irrespective of the KVM type you choose, use the KVM console to monitor the progress of the configuration and respond to the
Maglev Configuration wizard prompts.
Step 3
With the KVM displayed, reboot the appliance by making one of the following selections:
In the main Cisco IMC GUI browser window: Choose Host Power > Power Cycle, and switch to the KVM console to continue.
In the KVM console: Choose Power > Power Cycle System (cold boot).
If you are asked to confirm your choice to reboot the appliance, click OK.
After displaying reboot messages, the KVM console displays the Maglev Configuration wizard welcome screen.
Step 4
Click Start a Cisco DNA Center Cluster to begin configuring the primary node.
Step 5
Choose one of the following options:
Start using DNAC pre manufactured cluster: Choose this option to configure an appliance with its default settings in place:
You will not be able to change any of these settings, so choose this option only if you want to use them.
Start configuration of DNAC in advanced mode: Choose this option to configure an appliance that doesn't use one or more of the default settings listed in the previous
bullet. Also choose this option if you want to use IPv6 addressing on your appliance.
Step 6
Specify whether the applications and services running on your Cisco DNA Center appliance will use IPv4 or IPv6 addressing. After making your selection, click next>> to proceed.
Important
In the next wizard screen, you can enable the VLAN mode feature, which creates a single bonded interface that connects to your network using both the primary and secondary instance
of your appliance's Enterprise interface. This feature is not commonly used, so only enable it if you know it's required by
your Cisco DNA Center deployment.
If this is the case, complete the next step.
Otherwise, click next>> in the next wizard screen without making any selections. You can enable the NIC bonding functionality that was described
previously in this guide in the wizard's Enterprise and Intracluster interface configuration screens.
Step 7
(Optional) Do the following to enable Layer 2 port channel mode (with VLAN tagging) for the appliance. After making your selections,
click next>> to proceed.
Choose the VLAN mode option to enable dot1q/VLAN trunking and convert your appliance's Enterprise, Cluster, Management, and Internet interfaces
into VLAN subinterfaces that reside on the bonded interface (as illustrated in the following figure). By default, this interface
operates in Active-Backup mode (which enables HA).
If you want this interface to operate in LACP mode instead (which enables load balancing and higher bandwidth), you must also
choose the LACP option.
When you enter the settings for your appliance's Enterprise and Cluster interfaces, ensure that you enter a unique VLAN ID
in the VLAN ID of Interface field for the subinterfaces you want to configure on the virtual bonded interface.
Important
Even though one physical appliance interface (the Enterprise interface) is connected, you can configure all of the subinterfaces
that reside on the virtual bonded interface.
The wizard discovers all of the ports on the appliance and presents them to you one by one, in separate screens, in the following
order:
(Optional) 1-Gbps/10-Gbps Internet Port—Network Adapter #4
If the wizard fails to display either or both of the Enterprise and Cluster ports during the course of configuration, it might
indicate that these ports are nonfunctional or disabled. These two ports are required for Cisco DNA Center functionality. If you discover that they are nonfunctional, choose cancel to exit the configuration wizard immediately. Be sure that you have completed all of the steps provided in Execute Preconfiguration Checks before resuming the configuration or contacting the Cisco Technical Assistance Center (for more information, see the "Get
Assistance from the Cisco TAC" topic in the Release Notes document).
Step 8
The wizard first presents the 10-Gbps Enterprise port as NETWORK ADAPTER #1. As explained in Interface Cable Connections, this is a required port used to link the appliance to the enterprise network. Apply the host IP address, netmask, and other
values that are appropriate for this purpose (see Required IP Addresses and Subnets and Required Configuration Information for the values to enter).
Enter the configuration values for NETWORK ADAPTER #1, as shown in the table below.
Table 1. Primary Node Entries for Network Adapter #1: 10-Gbps Enterprise Port
Host IPv4/IPv6 Address field
Enter the IP address for the Enterprise port. This is required.
IPv4 Netmask/IPv6 Prefix Length field
Do one of the following:
If you selected IPv4 addressing, enter the netmask for the port's IP address. This is required.
If you selected IPv6 addressing, enter the prefix length (in bits). Valid values range from 10 through 127.
Default Gateway IPv4/IPv6 Address field
Enter a default gateway IP address to use for the port.
Important
Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not
be able to complete the configuration wizard.
IPv4/IPv6 DNS Servers field
Enter the IP address of the preferred DNS server. If you are entering multiple DNS servers, separate the IP addresses in the
list with spaces.
Important
For each appliance in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than
three DNS servers for an appliance.
IPv4/IPv6 Static Routes field
Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>. This is usually required on the Cisco DNA Center Management port only.
Vlan Id of Interface field
Enter the VLAN ID that will be tagged over the LACP link to be created for the appliance you are configuring.
Note
This field is displayed only if you set Layer 2 LACP portchannel mode for the appliance by choosing both options in Step 7.
Cluster Link field
Leave this field blank. It is required on the Cluster port only.
LACP Mode field
Do one of the following:
Leave this field blank and the port will operate in Active-Backup mode. This mode provides fault tolerance by aggregating two Ethernet interfaces into a single logical channel. When the interface
that's currently active goes down, the other interface takes its place and becomes active.
Check the check box to enable LACP mode on this port. This mode aggregates two Ethernet interfaces that share the same speed and duplex settings into a single
logical channel. This provides load balancing and higher bandwidth.
For more information about Cisco DNA Center's implementation of NIC bonding, see NIC Bonding Overview.
Note
This field is displayed if you didn't choose any of the options in Step 7.
After you finish entering the configuration values, click next>> to proceed. The wizard validates the values you entered and issues an error message if any are incorrect. If you receive
an error message, check that the value you entered is correct, then reenter it. If needed, click <<back to reenter it.
Step 9
After successful validation of the Enterprise port values you entered, the wizard presents the 10-Gbps Cluster port and presents
it as NETWORK ADAPTER #2. As explained in Interface Cable Connections, this port is used to link the appliance to the cluster, so apply the host IP address, netmask, and other values that are
appropriate for this purpose (see Required IP Addresses and Subnets and Required Configuration Information for the values to enter).
Enter the configuration values for NETWORK ADAPTER #2, as shown in the table below.
Table 2. Primary Node Entries for Network Adapter #2: 10-Gbps Cluster Port
Host IPv4/IPv6 address field
Enter the IP address for the Cluster port. This is required. Note that you cannot change the address of the Cluster port later.
IPv4 Netmask/IPv6 Prefix Length field
Do one of the following:
If you selected IPv4 addressing, enter the netmask for the port's IP address. This is required.
If you selected IPv6 addressing, enter the prefix length (in bits). Valid values range from 10 through 127.
Default Gateway IPv4/IPv6 address field
Enter a default gateway IP address to use for the port.
Important
Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not
be able to complete the configuration wizard.
IPv4/IPv6 DNS Servers field
Enter the IP address of the preferred DNS server. If you are entering multiple DNS servers, separate the IP addresses in the
list with spaces.
Important
For each appliance in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than
three DNS servers for an appliance.
IPv4/IPv6 Static Routes field
Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>. This is usually required on the Management port only.
Vlan Id of Interface field
Enter the VLAN ID that will be tagged over the LACP link to be created for the appliance you are configuring.
Note
This field is displayed only if you set Layer 2 LACP portchannel mode for the appliance by choosing both options in Step 7.
Cluster Link field
Check the check box to set this port as the link to a Cisco DNA Center cluster. This is required on the Cluster port only.
LACP Mode field
Do one of the following:
Leave this field blank and the port will operate in Active-Backup mode. This mode provides fault tolerance by aggregating two Ethernet interfaces into a single logical channel. When the interface
that's currently active goes down, the other interface takes its place and becomes active.
Check the check box to enable LACP mode on this port. This mode aggregates two Ethernet interfaces that share the same speed and duplex settings into a single
logical channel. This provides load balancing and higher bandwidth.
For more information about Cisco DNA Center's implementation of NIC bonding, see NIC Bonding Overview.
Note
This field is displayed if you didn't choose any of the options in Step 7.
After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens. The wizard validates and applies your network
adapter configurations.
Step 10
After successful validation of the Cluster port values you entered, the wizard presents the 1-Gbps/10-Gbps Management port
and presents it as NETWORK ADAPTER #3. As explained in Interface Cable Connections, this port is used to access the Cisco DNA Center GUI from your management network. Apply the host IP address, netmask, and other values that are appropriate for this purpose
(see Required IP Addresses and Subnets and Required Configuration Information for the values to enter).
Enter the configuration values for NETWORK ADAPTER #3, as shown in the table below.
Table 3. Primary Node Entries for Network Adapter #3: 1-Gbps/10-Gbps Management Port
Host IPv4/IPv6 address field
Enter the IP address for the Management Port. This is required only if you are using this port to access the Cisco DNA Center GUI from your management network; otherwise, you can leave it blank.
IPv4 Netmask/IPv6 Prefix Length field
Do one of the following if you entered an IP address:
If you selected IPv4 addressing, enter the netmask for the port's IP address. This is required.
If you selected IPv6 addressing, enter the prefix length (in bits). Valid values range from 10 through 127.
Default Gateway IPv4/IPv6 address field
Enter a default gateway IP address to use for the port.
Important
Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not
be able to complete the configuration wizard.
IPv4/IPv6 DNS Servers field
Enter the IP address of the preferred DNS server. If you are entering multiple DNS servers, separate the IP addresses in the
list with spaces.
Important
For NTP, ensure port 123 (UDP) is open between Cisco DNA Center and your NTP server.
For each appliance in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than
three DNS servers for an appliance.
IPv4/IPv6 Static Routes field
Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>.
Cluster Link field
Leave this field blank. It is required on the Cluster port only.
After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens. The wizard validates and applies your network
adapter configurations.
Step 11
After successful validation of the Management port values you entered, the wizard presents the 1-Gbps/10-Gbps Internet port
as NETWORK ADAPTER #4. As explained in Interface Cable Connections, this is an optional port used to link the appliance to the Internet when you cannot do so through the 10-Gbps Enterprise
port. Apply the host IP address, netmask, and other values that are appropriate for this purpose (see Required IP Addresses and Subnets and Required Configuration Information for the values to enter).
Enter the configuration values for NETWORK ADAPTER #4, as shown in the table below.
Table 4. Primary Node Entries for Network Adapter #4: 1-Gbps/10-Gbps Internet Port
Host IPv4/IPv6 address field
Enter the IP address for the Internet port. This is required only if you are using the Internet port for internet connection;
otherwise, you can leave it blank.
IPv4 Netmask/IPv6 Prefix Length field
Do one of the following if you entered an IP address:
If you selected IPv4 addressing, enter the netmask for the port's IP address. This is required.
If you selected IPv6 addressing, enter the prefix length (in bits). Valid values range from 10 through 127.
Default Gateway IPv4/IPv6 address field
Enter a default gateway IP address to use for the Internet port.
Important
Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not
be able to complete the configuration wizard.
IPv4/IPv6 DNS Servers field
Enter the IP address of the preferred DNS server. If you are entering multiple DNS servers, separate the IP addresses in the
list with spaces.
Important
For each appliance in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than
three DNS servers for an appliance.
IPv4/IPv6 Static Routes field
Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>. This is usually required on the Management port only.
Cluster Link field
Leave this field blank. It is required on the Cluster port only.
After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens. The wizard validates and applies your network
adapter configurations.
Step 12
After the network adapter configuration is complete, the wizard prompts you to enter configuration values for the NETWORK PROXY that you are using, as shown below.
Enter the configuration values for the NETWORK PROXY, as shown in the table below.
Table 5. Primary Node Entries for Network Proxy
HTTPS Proxy field
Enter the URL or host name of an HTTPS network proxy used to access the Internet.
Note
Connection from Cisco DNA Center to the HTTPS proxy is supported only through HTTP in this release.
If you enter an IPv6 URL that contains a port number, enclose the IP address portion of the URL in square brackets. In this
example, 443 is the port number: http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443/
HTTPS Proxy Username field
Enter the user name used to access the network proxy. If no proxy login is required, leave this field blank.
HTTPS Proxy Password field
Enter the password used to access the network proxy. If no proxy login is required, leave this field blank.
After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.
Step 13
After network proxy configuration completes, the wizard prompts you to enter virtual IP addresses for the primary node, in
MAGLEV CLUSTER DETAILS (as shown below).
Enter a space-separated list of the virtual IP addresses used for traffic between the cluster and your network. This is required
for both three-node clusters and single-node clusters that will be converted into a three-node cluster in the future. If you
have a single-node cluster setup and plan to stick with it, skip this step and proceed to the next step.
Important
You must enter one virtual IP address for each configured network interface. You will not be able to complete the wizard unless
you do so. These addresses are tied to the cluster link's status, which must be in the UP state.
You also have the option to specify the fully qualified domain name (FQDN) for your cluster. Cisco DNA Center uses this domain name to do the following:
It uses this hostname to access your cluster’s web interface and the Representational State Transfer (REST) APIs used by devices
in the enterprise network that Cisco DNA Center manages.
In the Subject Alternative Name (SAN) field of Cisco DNA Center certificates, it uses the FQDN to the define the Plug and Play server that should be used for device provisioning.
After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.
Step 14
After you have entered the cluster details, the wizard prompts you to enter USER ACCOUNT SETTINGS values, as shown below.
Enter the values for USER ACCOUNT SETTINGS, as shown in the table below.
Table 6. Primary Node Entries for User Account Settings
Linux Password field
Enter a Linux password for the maglev user.
Re-enter Linux Password field
Confirm the Linux password by entering it a second time.
Password Generation Seed field
If you do not want to create the Linux password yourself, enter a seed phrase in this field and then press <Generate Password> to generate the password.
Auto Generated Password field
(Optional) The seed phrase appears as part of a random and secure password. If desired, you can either use this password "as
is", or you can further edit this auto-generated password.
Press <Use Generated Password> to save the password.
Administrator Password field
Enter a password for the default admin superuser, used to log in to Cisco DNA Center for the first time.
Note
If you chose the Start using DNAC pre manufactured cluster option in Step 5, the default password (maglev1@3) has already been set for the appliance and cannot be changed in the configuration wizard. As a result, this and the following
field are not displayed in this screen.
Re-enter Administrator Password field
Confirm the administrator password by entering it a second time.
After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.
Step 15
After you have entered the user account details, the wizard prompts you to enter NTP SERVER SETTINGS values, as shown below.
Enter one or more NTP server addresses or hostnames, separated by spaces. At least one NTP address or hostname is required.
For a production deployment, we recommend that you configure a minimum of three NTP servers.
After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens. The wizard validates and applies your NTP
server configuration.
Step 16
After you have specified the appropriate NTP servers, the wizard prompts you to enter MAGLEV ADVANCED SETTINGS values, as shown below.
Note
If you chose the Start using DNAC pre manufactured cluster option in Step 5, the default Container and Cluster subnets have already been set for the appliance and cannot be changed
in the configuration wizard. As a result, you will not see the following wizard screen. Proceed to Step 17.
Enter the configuration values for MAGLEV ADVANCED SETTINGS, as shown in the table below.
Table 7. Primary Node Entries for Maglev Advanced Settings
Container Subnet field
A dedicated, non-routed IP subnet that Cisco DNA Center uses to manage internal services. By default, this is already set to 169.254.32.0/20, and we recommend that you use this subnet. If you choose to enter another subnet, ensure that it does not conflict with
or overlap any other subnet used by the Cisco DNA Center internal network or an external network. For more information, see the Container Subnet description in Required IP Addresses and Subnets.
Cluster Subnet field
A dedicated, non-routed IP subnet that Cisco DNA Center uses to manage internal cluster services. By default, this is already set to 169.254.48.0/20, and we recommend that you use this subnet. If you choose to enter another subnet, ensure that it does not conflict with
or overlap any other subnet used by the Cisco DNA Center internal network or an external network. For more information, see the Cluster Subnet description in Required IP Addresses and Subnets.
When you are finished, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.
Step 17
After you have entered the Maglev advanced settings, a final message appears, stating that the wizard is ready to apply the
configuration (as shown below).
Click proceed>> to complete the configuration wizard.
The host will reboot automatically and display messages on the KVM console as it applies your settings and brings up services.
This process can take several hours. You can monitor its progress via the KVM console.
At the end of the configuration process, the appliance power-cycles again, then displays a CONFIGURATION SUCCEEDED! message.
What to do next
If you are deploying this appliance in standalone mode only, perform the first-time setup: First-Time Setup Workflow.
Configure a Secondary Node Using the Maglev Wizard
Perform the steps in this procedure to configure the second and third appliances in the cluster.
Important
In order to build a three-node cluster, the same version of the System package must be installed on your three Cisco DNA Center appliances. Otherwise, unexpected behavior and possible downtime can occur.
Note
Ensure that all of the IP addresses you enter while completing this procedure are valid IPv4 addresses with valid IPv4 netmasks.
Also make sure that the addresses and their corresponding subnets do not overlap. Service communication issues can result
if they do.
Important
Before you configure the appliances in a three-node cluster, ensure that you have logged out of those appliances. Otherwise,
the Quick Start workflow (which you complete to discover your network's devices and enable telemetry) will not start after
you have configured your cluster's appliances and log in to Cisco DNA Center for the first time.
When joining each new secondary node to the cluster, you must specify the first host in the cluster as the primary node. Note
the following when joining secondary nodes to a cluster:
Be sure to join only a single node to the cluster at a time. Do not attempt to add multiple nodes at the same time, because
this results in unpredictable behavior.
Before adding a new node to the cluster, be sure that all installed packages are deployed on the primary node. You can check
this by using Secure Shell to log in to the primary node's Cisco DNA Center Management port as the Linux User (maglev) and then running the command maglev package status. All installed packages should appear in the command output as DEPLOYED. In the following example, a few packages were not installed, such as the application-policy and sd-access packages. They
are the only packages whose status is NOT_DEPLOYED. Your package status should look similar to this before configuring a secondary node.
Expect some service downtime during the cluster attachment process for each secondary node. Services will need to be redistributed
across the nodes and the cluster will be down for periods of time during that process.
Ran the maglev package status command on the first appliance.
You can also access this information from the Cisco DNA Center GUI by clicking the Help icon () and choosing About > Packages.
Contacted the Cisco TAC, gave them the output of this command, and asked them to point you to the ISO that you should install
on your second and third appliances.
Checked that both the secondary appliances' ports and the switches they use are properly configured (as described in Execute Preconfiguration Checks).
Confirmed that you are using a compatible browser. For a list of compatible browsers, see the Release Notes document for the version of Cisco DNA Center you are installing.
Enabled ICMP on the firewall between Cisco DNA Center and both the default gateway and the DNS server you specify in the following procedure. The Maglev Configuration wizard uses
ping to verify the gateway and DNS server you specify. This ping might get blocked if a firewall is in place and ICMP is not
enabled on that firewall. When this happens, you will not be able to complete the wizard.
After successful login, the appliance displays the Cisco Integrated Management Controller Chassis Summary window, with a hyperlinked menu at the top of the window, as shown below.
Step 2
From the hyperlinked menu, choose Launch KVM and then select either Java based KVM or HTML based KVM. If you select Java-based KVM, you will need to launch the Java startup file from your browser or file manager in order to view the KVM console in its
own window. If you select HMTL-based KVM, it launches the KVM console in a separate window or tab automatically.
Irrespective of the KVM type you choose, use the KVM console to monitor the progress of the configuration and respond to the
Maglev Configuration wizard prompts.
Step 3
With the KVM displayed, reboot the appliance by choosing one of the following options:
In the main Cisco IMC GUI browser window: Choose Host Power > Power Cycle, and switch to the KVM console to continue.
In the KVM console: Choose Power > Power Cycle System (cold boot).
If you are asked to confirm your choice to reboot the appliance, click OK.
After displaying reboot messages, the KVM console displays the Maglev Configuration wizard welcome screen.
Step 4
Click Join a Cisco DNA Center Cluster to begin configuring the secondary node.
Step 5
Specify whether the applications and services running on your Cisco DNA Center appliance will use IPv4 or IPv6 addressing. After making your selection, click next>> to proceed.
Important
In the next wizard screen, you can enable the VLAN mode feature, which creates a single bonded interface that connects to your network using both the primary and secondary instance
of your appliance's Enterprise interface. This feature is not commonly used, so only enable it if you know it's required by
your Cisco DNA Center deployment.
If this is the case, complete the next step.
Otherwise, click next>> in the next wizard screen without making any selections. You can enable the NIC bonding functionality that was described
previously in this guide in the wizard's Enterprise and Intracluster interface configuration screens.
Step 6
(Optional) Do the following to enable Layer 2 port channel mode (with VLAN tagging) for the appliance. After making your selections,
click next>> to proceed.
Choose the VLAN mode option to enable dot1q/VLAN trunking and convert your appliance's Enterprise, Cluster, Management, and Internet interfaces
into VLAN subinterfaces that reside on the bonded interface (as illustrated in the following figure). By default, this interface
operates in Active-Backup mode (which enables HA).
If you want this interface to operate in LACP mode instead (which enables load balancing and higher bandwidth), you must also
choose the LACP option.
When you enter the settings for your appliance's Enterprise and Cluster interfaces, ensure that you enter a unique VLAN ID
in the VLAN ID of Interface field for the subinterfaces you want to configure on the virtual bonded interface.
Important
Even though one physical appliance interface (the Enterprise interface) is connected, you can configure all of the subinterfaces
that reside on the virtual bonded interface.
The wizard discovers all of the ports on the appliance and presents them to you one by one, in separate screens, in the following
order:
(Optional) 1-Gbps/10-Gbps Internet Port—Network Adapter #4
If the wizard fails to display either or both of the Enterprise and Cluster ports during the course of configuration, it might
indicate that these ports are nonfunctional or disabled. These two ports are required for Cisco DNA Center functionality. If you discover that they are nonfunctional, choose cancel to exit the configuration wizard immediately. Be sure that you have completed all of the steps provided in Execute Preconfiguration Checks before resuming the configuration or contacting the Cisco Technical Assistance Center (for more information, see the "Get
Assistance from the Cisco TAC" topic in the Release Notes document).
Step 7
The wizard first presents the 10-Gbps Enterprise port as NETWORK ADAPTER #1. As explained in Interface Cable Connections, this is a required port used to link the appliance to the enterprise network. Apply the host IP address, netmask, and other
values that are appropriate for this purpose (see Required IP Addresses and Subnets and Required Configuration Information for the values to enter).
Enter the configuration values for NETWORK ADAPTER #1, as shown in the table below.
Table 8. Secondary Node Entries for Network Adapter #1: 10-Gbps Enterprise Port
Host IPv4/IPv6 Address field
Enter the IP address for the Enterprise port. This is required.
IPv4 Netmask/IPv6 Prefix Length field
Do one of the following if you entered an IP address:
If you selected IPv4 addressing, enter the netmask for the port's IP address. This is required.
If you selected IPv6 addressing, enter the prefix length (in bits). Valid values range from 10 through 127.
Default Gateway IPv4/IPv6 address field
Enter a default gateway IP address to use for the port.
Important
Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not
be able to complete the configuration wizard.
IPv4/IPv6 DNS Servers field
Enter the IP address of the preferred DNS server. If you are entering multiple DNS servers, separate the IP addresses in the
list with spaces.
Important
For each appliance in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than
three DNS servers for an appliance.
IPv4/IPv6 Static Routes field
Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>. This is usually required on the Cisco DNA Center Management port only.
Vlan Id of Interface field
Enter the VLAN ID that will be tagged over the LACP link to be created for the appliance you are configuring.
Note
This field is displayed only if you set Layer 2 LACP portchannel mode for the appliance by choosing both options in Step 6.
Cluster Link field
Leave this field blank. It is required on the Cluster port only.
LACP Mode field
Do one of the following:
Leave this field blank and the port will operate in Active-Backup mode. This mode provides fault tolerance by aggregating two Ethernet interfaces into a single logical channel. When the interface
that's currently active goes down, the other interface takes its place and becomes active.
Check the check box to enable LACP mode on this port. This mode aggregates two Ethernet interfaces that share the same speed and duplex settings into a single
logical channel. This provides load balancing and higher bandwidth.
For more information about Cisco DNA Center's implementation of NIC bonding, see NIC Bonding Overview.
Note
This field is displayed if you didn't choose any of the options in Step 6.
After you finish entering the configuration values, click next>> to proceed. The wizard validates the values you entered and issues an error message if any are incorrect. If you receive
an error message, check that the value you entered is correct, then reenter it. If needed, click <<back to reenter it.
Step 8
After successful validation of the Enterprise port values you entered, the wizard presents the 10-Gbps Cluster port and presents
it as NETWORK ADAPTER #2. As explained in Interface Cable Connections, this port is used to link the appliance to the cluster, so apply the host IP address, netmask, and other values that are
appropriate for this purpose (see Required IP Addresses and Subnets and Required Configuration Information for the values to enter).
Enter the configuration values for NETWORK ADAPTER #2, as shown in the table below.
Table 9. Secondary Node Entries for Network Adapter #2: 10-Gbps Cluster Port
Host IPv4/IPv6 address field
Enter the IP address for the Cluster port. This is required. Note that you cannot change the address of the Cluster port later.
IPv4 Netmask/IPv6 Prefix Length field
Do one of the following if you entered an IP address:
If you selected IPv4 addressing, enter the netmask for the port's IP address. This is required.
If you selected IPv6 addressing, enter the prefix length (in bits). Valid values range from 10 through 127.
Default Gateway IPv4/IPv6 address field
Enter a default gateway IP address to use for the port.
Important
Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not
be able to complete the configuration wizard.
IPv4/IPv6 DNS Servers field
Enter the IP address of the preferred DNS server. If you are entering multiple DNS servers, separate the IP addresses in the
list with spaces.
Important
For each appliance in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than
three DNS servers for an appliance.
IPv4/IPv6 Static Routes field
Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>. This is usually required on the Management port only.
Vlan Id of Interface field
Enter the VLAN ID that will be tagged over the LACP link to be created for the appliance you are configuring.
Note
This field is displayed only if you set Layer 2 LACP portchannel mode for the appliance by choosing both options in Step 6.
Cluster Link field
Check the check box to set this port as the link to a Cisco DNA Center cluster. This is required on the Cluster port only.
LACP Mode field
Do one of the following:
Leave this field blank and the port will operate in Active-Backup mode. This mode provides fault tolerance by aggregating two Ethernet interfaces into a single logical channel. When the interface
that's currently active goes down, the other interface takes its place and becomes active.
Check the check box to enable LACP mode on this port. This mode aggregates two Ethernet interfaces that share the same speed and duplex settings into a single
logical channel. This provides load balancing and higher bandwidth.
For more information about Cisco DNA Center's implementation of NIC bonding, see NIC Bonding Overview.
Note
This field is displayed if you didn't choose any of the options in Step 6.
After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens. The wizard validates and applies your network
adapter configurations.
Step 9
After successful validation of the Cluster port values you entered, the wizard presents the 1-Gbps/10-Gbps Management port
and presents it as NETWORK ADAPTER #3. As explained in Interface Cable Connections, this port is used to access the Cisco DNA Center GUI from your management network. Apply the host IP address, netmask, and other values that are appropriate for this purpose
(see Required IP Addresses and Subnets and Required Configuration Information for the values to enter).
Enter the configuration values for NETWORK ADAPTER #3, as shown in the table below.
Table 10. Secondary Node Entries for Network Adapter #3: 1-Gbps/10-Gbps Management Port
Host IPv4/IPv6 address field
Enter the IP address for the Management Port. This is required only if you are using this port to access the Cisco DNA Center GUI from your management network; otherwise, you can leave it blank.
IPv4 Netmask/IPv6 Prefix Length field
Do one of the following:
If you selected IPv4 addressing, enter the netmask for the port's IP address. This is required.
If you selected IPv6 addressing, enter the prefix length (in bits). Valid values range from 10 through 127.
Default Gateway IPv4/IPv6 address field
Enter a default gateway IP address to use for the port.
Important
Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not
be able to complete the configuration wizard.
IPv4/IPv6 DNS Servers field
Enter the IP address of the preferred DNS server. If you are entering multiple DNS servers, separate the IP addresses in the
list with spaces.
Important
For NTP, ensure port 123 (UDP) is open between Cisco DNA Center and your NTP server.
For each appliance in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than
three DNS servers for an appliance.
IPv4/IPv6 Static Routes field
Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>.
Cluster Link field
Leave this field blank. It is required on the Cluster port only.
After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens. The wizard validates and applies your network
adapter configurations.
Step 10
After successful validation of the Management port values you entered, the wizard presents the 1-Gbps/10-Gbps Internet port
as NETWORK ADAPTER #4. As explained in Interface Cable Connections, this is an optional port used to link the appliance to the Internet when you cannot do so through the 10-Gbps Enterprise
port. Apply the host IP address, netmask, and other values that are appropriate for this purpose (see Required IP Addresses and Subnets and Required Configuration Information for the values to enter).
Enter the configuration values for NETWORK ADAPTER #4, as shown in the table below.
Table 11. Secondary Node Entries for Network Adapter #4: 1-Gbps/10-Gbps Internet Port
Host IPv4/IPv6 address field
Enter the IP address for the Internet port. This is required only if you are using the Internet port for internet connection;
otherwise, you can leave it blank.
IPv4 Netmask/IPv6 Prefix Length field
Do one of the following:
If you selected IPv4 addressing, enter the netmask for the port's IP address. This is required.
If you selected IPv6 addressing, enter the prefix length (in bits). Valid values range from 10 through 127.
Default Gateway IPv4/IPv6 address field
Enter a default gateway IP address to use for the Internet port.
Important
Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not
be able to complete the configuration wizard.
IPv4/IPv6 DNS Servers field
Enter the IP address of the preferred DNS server. If you are entering multiple DNS servers, separate the IP addresses in the
list with spaces.
Important
For each appliance in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than
three DNS servers for an appliance.
IPv4/IPv6 Static Routes field
Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>. This is usually required on the Management port only.
Cluster Link field
Leave this field blank. It is required on the Cluster port only.
After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens. The wizard validates and applies your network
adapter configurations.
Step 11
After the network adapter configuration is complete, the wizard prompts you to enter configuration values for the NETWORK PROXY that you are using, as shown below.
Enter the configuration values for the NETWORK PROXY, as shown in the table below.
Table 12. Secondary Node Entries for Network Proxy
HTTPS Proxy field
Enter the URL or host name of an HTTPS network proxy used to access the Internet.
Note
Connection from Cisco DNA Center to the HTTPS proxy is supported only through HTTP in this release.
If you enter an IPv6 URL that contains a port number, enclose the IP address portion of the URL in square brackets. In this
example, 443 is the port number: http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443/
HTTPS Proxy Username field
Enter the user name used to access the network proxy. If no proxy login is required, leave this field blank.
HTTPS Proxy Password field
Enter the password used to access the network proxy. If no proxy login is required, leave this field blank.
After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.
Step 12
After network proxy configuration completes, the wizard prompts you to identify the Cluster port on the primary node and primary
node login details, in MAGLEV CLUSTER DETAILS (as shown below).
Enter the values for MAGLEV CLUSTER DETAILS, as shown in the table below.
Table 13. Secondary Node Entries for Maglev Cluster Details
Maglev Primary Node field
Enter the IP address of the Cluster port on the primary node in the cluster. If you have followed the recommendations for
port assignment, this will be the IP address of Network Adapter #2 on the primary node.
Username field
Enter maglev.
Password field
Enter the Linux password you configured on the primary node.
After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.
Step 13
After you have entered the cluster details, the wizard prompts you to enter USER ACCOUNT SETTINGS values, as shown below.
Enter the values for USER ACCOUNT SETTINGS, as shown in the table below.
Table 14. Secondary Node Entries for User Account Settings
Linux Password field
Enter a Linux password for the maglev user.
Re-enter Linux Password field
Confirm the Linux password by entering it a second time.
Password Generation Seed field
If you do not want to create the Linux password yourself, enter a seed phrase in this field and then press <Generate Password> to generate the password.
Auto Generated Password field
(Optional) The seed phrase appears as part of a random and secure password. If required, you can either use this password
as is, or you can further edit this auto-generated password.
Click <Use Generated Password> to save the password.
Administrator Password field
Enter a password for the default admin superuser, used to log in to Cisco DNA Center for the first time.
Re-enter Administrator Password field
Confirm the administrator password by entering it a second time.
After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.
Step 14
After you have entered the user account details, the wizard prompts you to enter NTP SERVER SETTINGS values, as shown below.
Enter one or more NTP server addresses or hostnames, separated by spaces. At least one NTP address or hostname is required.
They should be the same NTP servers that you specified for the primary node.
After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens. The wizard validates and applies your NTP
server configuration.
Step 15
When you are finished entering the NTP server settings, a final message appears, stating that the wizard is ready to apply
the configuration (as shown below).
Click proceed>> to complete the configuration wizard.
The host will reboot automatically and display messages on the KVM console as it applies your settings and brings up services.
This process can take several hours. You can monitor its progress via the KVM console.
At the end of the configuration process, the appliance power-cycles again, then displays a CONFIGURATION SUCCEEDED! message.
What to do next
If you have an additional appliance to deploy as the third and final node in the cluster, repeat this procedure.
If you have finished adding hosts to the cluster, perform the first-time setup: First-Time Setup Workflow.