Get best of the week

The Path to Network Innocence - Cisco DNA

Today's organizations want reliability, performance, and flexibility from their network. The network should allow you to quickly connect offices, users, introduce new services and applications and at the same time be uninterrupted and productive. However, modern networks do not always comply with these essentially contradictory requirements.

Who is to blame and what to do?

Architecture Cisco Digital Network Architecture uses the basic ideas of SDN - separation of management and transport levels and automation of tasks related to corporate network management. However, Cisco went beyond the SDN concept and implemented the Intent-Based Network, making it as adaptable as possible to the needs of today's organizations.

1. Connecting network devices


Connecting new network devices looks very clear. The device must be physically powered up, connected to the SPD and tackled with the settings. And so with everyone. As a result, the tasks of expanding the network, moving to a new office, making changes to the current network or replacing equipment require many routine operations. This manual labor is not only long, but also fraught with the appearance of errors.

Cisco DNA introduces the ability to use the Plug & Play principle to activate network devices. The design of the campus network and network factory is being created at the Cisco DNA Center. The roles of new network devices can be defined on-site when installed in DNAC itself, or planned in advance and received from the factory switches with preinstalled Plug & Play agents. It remains to turn them on and then the network factory will take on the configuration tasks. The process takes several minutes and minimizes the involvement of qualified personnel and field trips. According to Cisco estimates, the connection time of the new switch is reduced by 60%.

2. Campus software versioning


Aligning the level of compliance of software versions on a large-scale network is a routine and long task. The process includes identifying the necessary patches and updates, downloading them to the correct network devices, testing the result and issuing a report on the status of updates.

Why update regularly?

To ensure information security. New malicious codes are released daily. To combat them, patches and updates appear. Their rapid implementation directly affects the level of network security.

To improve the availability of network services through the use of consistent software versions.

There are also requirements for regular reconciliation of software versions, for example, in the requirements of PCI DSS, the data security standard of the payment card industry.



The Cisco DNA Center allows you to store a library of gold versions of software. The administrator determines the algorithm for its use - which network elements are updated and with what regularity. Further, the network will be automatically updated in accordance with the specified rules in certain technological windows, giving a report on the status of updates and possible errors.

3. Scalable access policies


Traditional approaches to managing access policies do not scale. As soon as something changes - new switches, clients, moving clients - the administrator must manually reflect these changes in the network settings. Access policies are implemented based on IP addresses and VLANs. Large pools of IP addresses create additional complexity.

Cisco DNA allows you to define access policies and automatically scale them to the entire network. The network will change - politicians will remain unchanged. Access policy changes are automatically reflected throughout the network. The network controls the application of policies. When transmitting information, a reconciliation occurs whether the requested communication is allowed.

Access policies are determined as close as possible to the user - by their role in the organization, and also include the context of the network connection, for example, is it known the device from which the network is logged in or what connection method is used - wire, WiFi and remote connection.

4. Campus network segmentation


Effective network design is based on the concept of segmentation - not all devices and users can interact with each other. Segmentation is a key tool for ensuring information security.

Organizations typically have many categories of users. In some segments of the network, confidential information is processed and stored - personal data or financial statements. It is important to isolate such segments and isolate, allowing access to a limited circle of users.

Modern networks require segmentation, taking into account many factors, including the user's location, type of connection (wired, wireless, remote), the user's role in the organization, and membership in groups. DNAC allows you to describe the access matrix of all categories of users among themselves, taking into account the context and determine the interaction - from the ban to partial or full resolution.

Such a segmentation system can significantly speed up the connection of new users. It is necessary to identify the device to the type and the appropriate access policies are automatically assigned to it. When you need to connect hundreds of sensors of the Internet of things, the ability to identify categories in minutes and get securely connected devices saves a lot of time. User segmentation will prevent malicious software from spreading over the network in the event of a successful attack.

With the increasing complexity of the network and the dynamics of change, such a system becomes an indispensable tool for managing the network.

Segmentation mechanisms in Cisco DNA networks allow information security managers to agree to the use of Wi-Fi in some organizations where this was previously not possible. Employees begin to move freely around the office, work in groups, and retire for tasks that require concentration. Their level of job satisfaction is increasing, and often this is a significant parameter for management.

5. Reliability of network services


Most of the day in the IT department is spent maintaining the existing network infrastructure and devices. This process is often referred to as troubleshooting and troubleshooting. This also includes work on network optimization.
According to Cisco statistics, such operations take about half of the IT service time.

DNAC Assurance constantly monitors the state of the wired and wireless network, users and applications, accumulates data, correlates and summarizes for the administrator. Such monitoring allows you to obtain information for further network optimization, as well as simplify and speed up the process of detecting fault sources. The 360-degree window about the user allows you to understand in seconds on what you need to focus the efforts of the IT service. As a result, we get a network, the source of the problem in which can be detected in seconds instead of hours.



Most relevant is the use of Cisco DNA Assurance with wireless networks, as they have a high level of uncertainty, are subject to external influences and have no control over user devices. User devices with manufacturers of which Cisco has a technological partnership send additional statistics directly to DNAC, as a result, information is enriched with data on how the device sees the network, how it was decided to connect or roam, what network indicators were at a particular point in the moment the application crashed.

What if the problem happened a couple of days ago? In the traditional version, the engineer will sit down to take logfiles, study them and try to recover events. Cisco DNA Assurance fully automates this creative process, allowing you to return to the past moment and see network statistics that are already correlated for analysis. Returning at that moment, we will be able to identify irregular problems that were not possible to repeat, study and solve. Of the recently discovered problems are electromagnetic interference from external equipment to the patch cord, which led to the switch disconnecting.

DNAC Assurance enables you to identify problem areas and carry out deliberate optimization of wireless networks, significantly improving their performance and stability.

Most importantly, the IT department moves to proactive troubleshooting, fixing problems before users begin to complain. See how this happens:


Cisco DNA Assurance Demo

More articles:


All Articles