—
|
ICMP
|
Devices use ICMP messages to communicate network connectivity issues.
|
Enable ICMP.
|
TCP 22, 80, 443
|
HTTPS, SFTP, HTTP
|
Software image download from Cisco DNA Center through HTTPS:443, SFTP:22, HTTP:80.
Certificate download from Cisco DNA Center through HTTPS:443, HTTP:80 (Cisco 9800 Wireless Controller, PnP), Sensor/Telemetry.
Note
|
Block port 80 if you don't use Plug and Play (PnP), Software Image Management (SWIM), Embedded Event Management (EEM), device
enrollment, or Cisco 9800 Wireless Controller.
|
|
Ensure that firewall rules limit the source IP of the hosts or network devices allowed to access Cisco DNA Center on these ports.
Note
|
We do not recommend the use of HTTP 80. Use HTTPS 443 wherever possible.
|
|
UDP 123
|
NTP
|
Devices use NTP for time synchronization.
|
Port must be open to allow devices to synchronize the time.
|
UDP 162
|
SNMP
|
Cisco DNA Center receives SNMP network telemetry from devices.
|
Port must be open for data analytics based on SNMP.
|
UDP 514
|
Syslog
|
Cisco DNA Center receives syslog messages from devices.
|
Port must be open for data analytics based on syslog.
|
UDP 6007
|
NetFlow
|
Cisco DNA Center receives NetFlow network telemetry from devices.
|
Port must be open for data analytics based on NetFlow.
|
TCP 9991
|
Wide Area Bonjour Service
|
Cisco DNA Center receives multicast Domain Name System (mDNS) traffic from the Service Discovery Gateway (SDG) agents using the Bonjour Control
Protocol.
|
Port must be open on Cisco DNA Center if the Bonjour application is installed.
|
UDP 21730
|
Application Visibility Service
|
Application Visibility Service CBAR device communication.
|
Port must be open when CBAR is enabled on a network device.
|
TCP 25103
|
Cisco 9800 Wireless Controller and Cisco Catalyst 9000 switches with streaming telemetry enabled
|
Used for telemetry.
|
Port must be open for telemetry connections between Cisco DNA Center and Catalyst 9000 devices.
|
TCP 32626
|
Intelligent Capture (gRPC) collector
|
Used for receiving traffic statistics and packet - capture data used by the Cisco DNA Assurance Intelligent Capture (gRPC) feature.
|
Port must be open if you are using the Cisco DNA Assurance Intelligent Capture (gRPC) feature.
|