Configure Network Profiles

Network Profiles Overview

Network profiles allow you to configure settings and apply them to a specific site or group of sites. You can create network profiles for various elements in Cisco DNA Center:

Create Network Profiles for Assurance

Creating a network profile for Assurance allows you to configure issue settings and apply them to a site or group of sites independently from the global issues settings. You can enable or disable an issue, and you can change its priority.

Notes:

  • In Assurance, synchronization to the network device health score is available only for global issue settings, not custom issue settings. For information, see the Cisco DNA Assurance User Guide.

  • Some global issues are not customizable. These issues are not displayed in the list of custom issues for you to modify.

  • To display modified issues at the top of the list, sort by Last Modified.

  • To delete custom settings, you must first unassign all the sites.

Procedure

Step 1

Click the menu icon () and choose Design > Network Profiles.

Step 2

Click +Add Profile and choose Assurance.

Step 3

In the Profile Name field, enter a valid profile name and click Next.

Cisco DNA Center adds the profile and the Edit Profile window appears.

Step 4

Set the DEVICE TYPE and CATEGORY filters to view the type of issues you want to configure.

Step 5

Click an issue in the Issue Name column to open a slide-in pane with the settings.

Note

 

For some issues, changes made to the settings are shared across multiple device types. In the slide-in pane, Cisco DNA Center displays a caution that indicates the affected device types.

Step 6

To enable or disable whether Cisco DNA Center monitors the issue, click the Enabled toggle button.

Step 7

To set the issue priority, click the Priority drop-down list and select the priority. The options are:

  • P1: A critical issue that needs immediate attention and can have a wide impact on network operations.

  • P2: A major issue that can potentially impact multiple devices or clients.

  • P3: A minor issue that has a localized or minimal impact.

  • P4: A warning issue that may not be an immediate problem but addressing it can optimize the network performance.

Step 8

(For certain issues) In the Trigger Condition area, you can change the threshold value for when the issue is reported.

Examples of a trigger condition:

No Activity on Radio(2.4 GHz) >= 60 minutes.
Memory Utilization of Access Points greater than 90%.

Step 9

(Optional) If there are any changes to the settings, you can hover your cursor over View Default Settings to display the default settings. Click Use Default to restore all the issue settings to the default values.

Step 10

Click Apply.

Step 11

(For certain issues) Click Manage Subscription to subscribe to external notifications for supported issues when they are triggered.

Step 12

To assign the profile to sites, click Assign Sites. Check the check box next to the sites that you want to associate with this profile and click Save.

The Edit Profile window appears.

Note

 

You can select a parent node or the individual sites. If you select a parent node, all the children under the parent node are also selected. You can uncheck the check box to deselect a site.

Step 13

Click Done.

The newly added profile appears on the Network Profiles window.

Create Network Profiles for Firewall

This workflow shows how to:

  1. Create custom configurations.

  2. Create Firepower Threat Defense (FTD) configurations.

  3. View the profile summary.

Procedure

Step 1

Click the menu icon () and choose Design > Network Profiles.

Step 2

Click +Add Profile and choose Firewall.

The Firewall Type page appears.

Step 3

To create custom configurations for regular firewalls like Adaptive Security Appliance (ASA) firewalls, do the following:

  1. In the Name field, enter the profile name.

  2. Choose the number of devices from the Devices drop-down list.

    Note

     

    You can choose up to 10 devices per profile.

  3. Choose the type of device from the Device Type drop-down list.

  4. (Optional) From the Device Tag drop-down list, choose the device tags.

  5. Click Next.

    The Custom Configuration page appears.

  6. From the Template drop-down list, choose a template.

    Note

     

    If there are no templates, you must create at least one template in Tools > Template Editor. For information, see Create Templates.

  7. Click Next.

    The Summary page appears. This page summarizes the custom configurations. Based on the selected device type, a hardware recommendation is provided.

  8. Click Save.

    The Network Profiles page appears.

  9. To assign a site to the network profile, click Assign Sites. For more information, see Create a Site in a Network Hierarchy.

Step 4

To create FTD configurations to configure the FTD devices, do the following:

  1. In the Name field, enter the profile name.

  2. From the Devices drop-down list, choose the number of devices.

    Note

     

    You can choose up to 10 devices per profile.

  3. To provision an FTD firewall, check the FTD check box.

  4. From the Device Type drop-down list, choose the type of device.

  5. (Optional) Choose the device tags from the Device Tag drop-down list.

  6. Click Next.

    The FTD Configuration page appears.

  7. Click the Routed Mode or Transparent Mode radio button.

  8. Click Next.

    The Summary page appears. This page summarizes the FTD configurations. Based on the selected device type, hardware recommendation is provided on this page.

  9. Click Save.

    The Network Profiles page appears.

  10. To assign a site to the network profile, click Assign Sites. For information, see Create a Site in a Network Hierarchy.

Create Network Profiles for Routing

This workflow shows how to:

  1. Configure the router WAN.

  2. Configure the router LAN.

  3. Configure the integrated switch configuration.

  4. Create custom configurations.

  5. View the profile summary.

Procedure

Step 1

Click the menu icon () and choose Design > Network Profiles.

Step 2

Click +Add Profile and choose Routing.

Step 3

The Router WAN Configuration window appears.

  • Enter the profile name in the Name text box.

  • Select the number of Service Providers and Devices from the drop-down list. Up to three service providers and ten devices are supported per profile.

  • Select the Service Provider Profile from the drop-down list. For more information, see Configure Service Provider Profiles.

  • Select the Device Type from the drop-down list.

  • Enter a unique string in the Device Tag to identify the different devices, or select an existing tag from the drop-down list. Use the device tag if two or more devices are of the same type. If all the devices are of a different type, the device tag is optional. Select the appropriate tag, because your selection is used as part of the matching criteria for Day-0 and Day-N templates applied to the network profile.

  • To enable at least one line link for each device to proceed, click O and check the check box next to Connect. Select the Line Type from the drop-down list. Click OK.

    If you select multiple service providers, you can select the primary interface as gigabit Ethernet and the secondary as cellular, or both the interfaces as gigabit Ethernet. You can also select the primary interface as cellular and the secondary interface as gigabit Ethernet.

    Note

     

    Only Cisco 1100 Series Integrated Services Routers, Cisco 4200 Series Integrated Services Routers, Cisco 4300 Series Integrated Services Routers, and Cisco 4400 Series Integrated Services Routers support the cellular interface.

  • Click Next.

Step 4

The Router LAN Configuration page appears.

  • Click the Configure Connection radio button and choose L2, L3, or both.

  • If you choose L2, select the Type from the drop-down list and enter the VLAN ID/Allowed VLAN and the Description.

  • If you choose L3, select the Protocol Routing from the drop-down list and enter the Protocol Qualifier.

You can click Skip to skip the configuration.

  • Click Next.

Step 5

The Integrated Switch Configuration page appears.

The integrated switch configuration allows you to add new VLANs or retain the previous configuration selected in the router LAN configuration.

  • To add one or more new VLANs, click +.

  • To delete a VLAN, click x.

  • Click Next.

Note

 

Switchport Interface support is available only for Cisco 1100 Series and Cisco 4000 series Integrated Services Routers.

Step 6

The Custom Configuration page appears.

The custom configurations are optional. You can skip this step and apply the configurations at any time in the Network Profiles page.

If you choose to add custom configurations:

  • Click the Onboarding Template(s) or Day-N Templates tab, as required.

  • Choose a template from the drop-down list. The templates are filtered by Device Type and Tag Name.

  • Click Next.

Step 7

On the Summary page, click Save.

This page summarizes the router configurations. Based on the devices and services selected, the hardware recommendation is provided.

Step 8

The Network Profiles page appears.

Click Assign Sites to assign a site to the network profile. For more information, see Create a Site in a Network Hierarchy.

Create Network Profiles for Switching

You can apply two types of configuration templates to a switching profile:

  • Onboarding template

  • Day N template

Before you begin

Define the Onboarding Configuration template that you want to apply to the devices. Such templates contain basic network configuration commands to onboard a device so that it can be managed on the network. See Create Templates to Automate Device Configuration Changes.

Procedure

Step 1

Click the menu icon () and choose Design > Network Profiles.

Step 2

Click +Add Profile and choose Switching.

Step 3

In the Switching profile window, enter the profile name in the Profile Name text box.

Depending on the type of template that you want to create, click OnBoarding Template(s) or Day-N Template(s).

  • Click +Add.

  • Select Switches and Hubs from the Device Type drop-down list.

  • Select the Tag Name from the drop-down list. This step is optional. If the tag that you selected has already been associated with a template, only that template is available in the Template drop-down list.

  • Select the Device Type from the drop-down list.

  • Select a Template from the drop-down list. You can select the Onboarding Configuration template that you have already created.

Step 4

Click Save.

The profile that is configured on the switch is applied when the switch is provisioned. Note that you must add the network profile to a site for it to be effective.

Create Network Profile for Cisco DNA Traffic Telemetry Appliance

Before you begin

Define the template that you want to apply to the telemetry appliances. See Create Templates to Automate Device Configuration Changes.

Procedure

Step 1

Click the menu icon () and choose Design > Network Profiles.

Step 2

Click +Add Profile and choose Telemetry Appliance.

Step 3

In the Telemetry Appliance Type window, complete the following:

  1. Enter the profile name in the Name text box.

  2. From the Devices drop-down list, choose the number of devices.

  3. From the Device Tag drop-down list, choose an existing device tag defined in Cisco DNA Center or enter a new tag. This step is optional. If the tag that you selected has already been associated with a template, only that template is available in the Template drop-down list.

  4. Click Next.

Step 4

In the Custom Configuration window, choose the template. The chosen template will be applied to the device once it is managed in Cisco DNA Center inventory.

Step 5

Click Next.

Step 6

In the Summary window, click Save.

Create Network Profiles for Wireless

Before you begin

Ensure that you have created wireless SSIDs under the Design > Network Settings > Wireless tab.

Procedure

Step 1

Click the menu icon () and choose Design > Network Profiles.

Step 2

Click +Add Profile and choose Wireless.

Step 3

Enter a valid profile name in the Profile Name field.

Step 4

To add sites to the profile, click Assign and do the following:

  1. In the Add Sites to Profile slide-in pane, check the check box next to the sites that you want to associate with this profile.

    You can select a parent node or the individual sites. If you select a parent site, all the children under the parent node are also selected. Note that you can uncheck the check box to deselect a site.

  2. Click Save.

Step 5

Configure the required settings in the following tabs:

Step 6

Click Save to add the network profile.

Cisco DNA Center displays the new network profile on the Design > Network Profiles window.

Add SSIDs to a Network Profile

Before you begin

Ensure that you have created wireless SSIDs under the Design > Network Settings > Wireless tab.

Procedure

Step 1

In the Add a Network Profile window, click the SSID tab.

Step 2

Click Add SSID.

Step 3

From the SSID drop-down list, choose the SSID that you have already created.

Step 4

Specify whether the SSID is fabric or nonfabric using the Yes or No radio buttons.

To create a nonfabric SSID, click No, and configure the following parameters:

  • To use an interface for traffic switching, click the Interface radio button. From the Interface Name drop-down list, choose an interface name for the SSID, or click + to create a wireless interface.

  • To use a VLAN group for traffic switching, click the VLAN Group radio button. From the VLAN Group Name drop-down list, choose a VLAN group name for the SSID, or click + to create a VLAN group.

  • In the Do you need Anchor for this SSID? area, click Yes to add an anchor to the SSID. By default, No is selected.

  • If you have clicked No, check the Flex Connect Local Switching check box to enable local switching for WLAN.

    If you have chosen to add an anchor to the SSID, you can't enable Flex Connect Local Switching.

    If you have enabled Flex Connect Local Switching for an SSID, all the APs on the floor where the network profile is mapped, switch to FlexConnect mode.

    The Flex Group option is enabled in the Advanced Settings tab. For more information, see Add AP Groups, Flex Groups, Site Tags, and Policy Tags to a Network Profile.

    When you enable local switching, any FlexConnect AP that advertises this WLAN can locally switch data packets.

  • If you have enabled the Flex Connect Local Switching check box, enter a value for the VLAN ID in the Local to VLAN field.

Step 5

(Optional) To add another SSID, click + and configure its parameters.

Add AP Zones to a Network Profile

An AP zone allows you to associate different SSIDs and RF profiles for a set of APs on the same site. You can use device tags to identify the APs for which you want to apply AP zone. From the AP Zones tab, you can create separate AP zones with a subset of SSIDs configured in the network profile for a device tag.

Cisco DNA Center applies the AP zone configurations to APs during AP provisioning.


Note

  • Cisco DNA Center doesn't apply AP zone configurations to the APs claimed from the Plug and Play (PnP) process.

  • If an AP zone is already provisioned on an AP and you update the AP zone configuration, you must reprovision the wireless controller. Reprovisioning the AP is not necessary.

During AP provisioning:

  • Based on the device tag and site of the AP, Cisco DNA Center selects the corresponding AP zone and automatically assigns the RF profile.

  • If two AP zones are configured for an AP, you can choose the required AP zone.

  • If there are no AP zones for an AP, you can choose the required RF profile.

Before you begin

Ensure that you have created wireless SSIDs under the Design > Network Settings > Wireless tab.

Procedure

Step 1

In the Add a Network Profile window, click the AP Zones tab.

Step 2

Click Add AP Zone.

Step 3

Enter a name for the AP zone.

Step 4

From the Device Tags drop-down list, check the check box next to the device tags that you want to choose.

Step 5

From the RF Profile drop-down list, choose an RF profile.

Step 6

From the SSID drop-down list, choose the SSIDs.

Step 7

(Optional) To add another AP zone, click + and configure its parameters.

What to do next

To apply the AP zone configuration to an AP:

  1. Reprovision the wireless controller. For more information, see Provision a Cisco AireOS Controller and Provision a Cisco Catalyst 9800 Series Wireless Controller.

  2. Provision the AP. For more information, see Provision a Cisco AP—Day 1 AP Provisioning.

Add Model Configurations to a Network Profile

You can attach model configuration designs to a network profile.

Procedure

Step 1

In the Add a Network Profile window, click the Model Configs tab.

Step 2

Click Add Model Config.

Step 3

In the Add Model Config slide-in pane, do the following:

  1. From the Device Type(s) drop-down list, choose a device type.

    You can either search for a device name by entering its name in the Search field, or expand Switches and Hubs or Wireless Controller and choose a device type.

  2. Expand Wireless and choose the model configuration designs that you want to attach to this wireless profile.

  3. From the Tags drop-down list under APPLICABILITY, choose the applicable tags.

  4. Click Add.

Add Templates to a Network Profile

You can associate a template with a network profile.

Procedure

Step 1

In the Add a Network Profile window, click the Templates tab.

Step 2

Click + Add Template.

Step 3

In the Add Template slide-in pane, do the following:

  1. From the Device Type(s) drop-down list, choose a device type.

    You can either search for a device name by entering its name in the Search field, or expand Wireless Controller and choose a device type.

  2. In the Template area, choose a template.

  3. From the Tags drop-down list, check the check box for the device tags that you want to choose.

    You can use tags on templates only when you have to push different templates for the same device type based on the device tag.

  4. Click Add.

Add AP Groups, Flex Groups, Site Tags, and Policy Tags to a Network Profile

Cisco DNA Center allows you to add AP groups, flex groups, site tags, and policy tags in a network profile. Preprovisioning the AP groups and flex groups saves time during AP provisioning by eliminating the need to make repetitive configuration changes and ensures consistency across your devices. You can define custom names for AP groups, site tags, and policy tags from the Advanced Settings tab.


Note

Flex group configuration is available only when the network profile has at least one associated flex-based SSID.

Cisco DNA Center configures and applies the newly added custom names specified in this tab to the APs during Cisco Wireless Controller provisioning. If you don't configure the custom names, Cisco DNA Center uses the auto-generated AP group names and tags for the APs.


Note

  • AP group and flex group configuration are applicable to Cisco AireOS Wireless Controller.

  • Site tag and policy tag configuration are applicable to Cisco Catalyst 9800 Series Wireless Controller.

    Newly added site tag and policy tag configurations are applied only when you provision the APs. Provisioning the wireless controller alone won’t configure the new custom tags on the APs. You must reprovision the wireless controller or the APs if there are any modifications to the tags after provisioning.

    Note the following scenarios while provisioning or reprovisioning the wireless controller and APs:

    • If there are no custom site or policy tags configured on the network profile, then Cisco DNA Center uses the auto-generated tags and configures it on the wireless controller and applies to the APs only during AP provisioning.

    • If there are custom site or policy tags configured on the network profile, then Cisco DNA Center configures the custom tags on the wireless controller and applies to the APs only during AP provisioning.

    • If the wireless controller and AP are already provisioned with auto-generated tags and if you create new custom tags in the network profile, then you must reprovision the wireless controller or the AP to apply the changes.

    • If the wireless controller and AP are already provisioned with custom tags and if you delete the custom tags from the network profile, then you must reprovision the wireless controller or the APs.

      Reprovisioning the wireless controller deletes the custom tag configurations and configures the auto-generated tags on the wireless controller and the associated APs.

      Reprovisioning the APs directly, without reprovisioning the wireless controller, configures the auto-generated tags on the APs but does not delete the custom tag configurations from the wireless controller. The tags are deleted during the next wireless controller reprovisioning.

    • If you've upgraded to Cisco DNA Center with FlexConnect Native VLAN override configured and having site tags that are mapped to the same custom Flex profile for all the floors in a site, then you must reconfigure the network profile with different site tags for each floor or else provisioning may fail.

Before you begin

  • Ensure that you have assigned a site (floor) to the network profile.

  • To create flex group names, under the SSIDs tab, ensure that you have checked the Flex Connect Local Switching check box and defined the VLAN ID in the Local to VLAN field to mark the nonfabric SSID as a flex-based SSID. For more information, see Add SSIDs to a Network Profile.

    If you have enabled Flex Connect Local Switching for an SSID, all the APs on the floor where the network profile is mapped, switch to FlexConnect mode.

Procedure

Step 1

In the Add a Network Profile window, click the Advanced Settings tab.

Step 2

To create an AP group in the network profile, expand AP Group and click Create AP Group.

In the Create an AP Group window, do the following:

  1. In the AP Group Name field, enter the AP group name.

  2. From the AP Zone drop-down list, choose an AP zone.

    To broadcast all the SSIDs associated with the network profile, choose Not Applicable.

    Note

     

    This drop-down list is enabled if you have added AP zones to the network profile in the AP Zones tab. For more information, see Add AP Zones to a Network Profile.

    If you choose an AP zone, the RF profile is inherited from the AP zone configuration.

  3. From the RF Profile drop-down list, choose an RF profile.

    Note

     

    This drop-down list is disabled if you choose an AP zone from the AP Zone drop-down list.

  4. In the Select Sites area, you can either search for a site by entering its name, or expand Global to choose a site.

  5. Click Save.

Step 3

To create a flex group in the network profile, expand Flex Group and click Create Flex Group.

In the Create Flex Group window, do the following:

  1. In the Flex Group Name field, enter the flex group name.

  2. In the Select Sites area, you can either search for a site by entering its name, or expand Global to choose a site.

  3. Click Save.

Step 4

To create a site tag in the network profile, expand Site Tag and click Create Site Tag.

In the Create a Site Tag window, do the following:

  1. In the Site Tag Name field, enter the site tag name.

  2. In the Flex Profile Name name field, enter the flex profile name.

    Note

     

    To enable the Flex Profile Name name field, check the Flex Connect Local Switching check box in the Edit Network Profile window.

  3. In the Select Sites area, you can either search for a site by entering its name, or expand Global to choose a site.

  4. Click Save.

Step 5

To create a policy tag in the network profile, expand Policy Tag and click Create Policy Tag.

In the Create Policy Tag window, do the following:

  1. In the Policy Tag Name field, enter the policy tag name.

  2. From the AP Zone drop-down list, choose an AP zone.

  3. In the Select Sites area, you can either search for a site by entering its name, or expand Global to choose a site.

  4. Click Save.