Cisco DNA Center on AWS Deployment Guide User Guide

For example:

$ docker run -d -p 90:80 -e CHOKIDAR_USEPOLLING=true -e REACT_APP_API_URL=http://localhost:9090 –name client dd50d550aa7c

Note

Make sure that the exposed server port number and the REACT_APP_API_URL port number

are the same. In Step 5 and Step 6, port number 9090 is used in both examples.

Use the docker ps -a command to verify that the server and client applications are running. The STATUS column should show that the applications are up.
For example:

Step 8 Step 9

Note

If you encounter an issue while running the server or client applications, see Troubleshoot Docker

Errors, on page 78.

Verify that the server application is accessible by entering the URL in the following format: http://:/api/valaunchpad/api- docs/
For example:
http://192.0.2.2:9090/api/valaunchpad/api-docs/
The application programming interfaces (APIs) being used for the Cisco DNA Center VA are displayed in the window.

Verify that the client application is accessible by entering the URL in the following format:

http://:/valaunchpad

For example:

http://192.0.2.1:90/valaunchpad

The Cisco DNA Center VA Launchpad login window is displayed.

Note

It can take a few minutes to load the Cisco DNA Center VA Launchpad login window while the

client and server applications load the artifacts.

Cisco DNA Center on AWS Deployment Guide 54

Deploy Using Cisco DNA Center VA Launchpad

Access Hosted Cisco DNA Center VA Launchpad

Access Hosted Cisco DNA Center VA Launchpad
You can access Cisco DNA Center VA Launchpad through Cisco DNA Portal. If you are new to Cisco DNA Portal, you must create a Cisco account and a Cisco DNA Portal account. Then you can log in to Cisco DNA Portal to access Cisco DNA Center VA Launchpad. If you are familiar with Cisco DNA Portal and have a Cisco account and a Cisco DNA Portal account, you can directly log in to Cisco DNA Portal to access Cisco DNA Center VA Launchpad.
Create a Cisco Account
To access Cisco DNA Center VA Launchpad through Cisco DNA Portal, you must create a Cisco account first.
Procedure

Step 1

In your browser, enter: dna.cisco.com The Cisco DNA Portal login window is displayed.

Step 2 Step 3

Click Create a new account. On the Cisco DNA Portal Welcome window, click Create a Cisco account.

Cisco DNA Center on AWS Deployment Guide 55

Create a Cisco Account

Deploy Using Cisco DNA Center VA Launchpad

Step 4 On the Create Account window, complete the required fields and then click Register.

Step 5 Verify your account by going to the email that you registered your account with and clicking Activate Account.
Cisco DNA Center on AWS Deployment Guide 56

Deploy Using Cisco DNA Center VA Launchpad

Create a Cisco DNA Portal Account

Create a Cisco DNA Portal Account
To access Cisco DNA Center VA Launchpad through Cisco DNA Portal, you must create a Cisco DNA Portal account.
Before you begin Make sure that you have a Cisco account. For more information, see Create a Cisco Account, on page 55.
Procedure

Step 1

In your browser, enter: dna.cisco.com The Cisco DNA Portal login window is displayed.

Cisco DNA Center on AWS Deployment Guide 57

Create a Cisco DNA Portal Account

Deploy Using Cisco DNA Center VA Launchpad

Step 2 Step 3

Click Log In With Cisco. Enter your Cisco account’s email in the Email field, and click Next.

Step 4 Enter your Cisco account’s password in the Password field.
Cisco DNA Center on AWS Deployment Guide 58

Deploy Using Cisco DNA Center VA Launchpad

Create a Cisco DNA Portal Account

Step 5 Step 6

Click Log in.
On the Cisco DNA Portal Welcome window, enter the name of your organization or team in the Name your account field. Then click Continue.

Step 7

On the Cisco DNA Portal Confirm CCO Profile window, do the following:
a) Verify the details are correct. b) After reading, acknowledging, and agreeing with the conditions, check the check box. c) Click Create Account.

Cisco DNA Center on AWS Deployment Guide 59

Log In to the Cisco DNA Portal with Cisco

Deploy Using Cisco DNA Center VA Launchpad

After successfully creating an account, the Cisco DNA Portal home page is displayed.
Log In to the Cisco DNA Portal with Cisco
To access Cisco DNA Center VA Launchpad through Cisco DNA Portal, you must log in to Cisco DNA Portal.
Cisco DNA Center on AWS Deployment Guide 60

Deploy Using Cisco DNA Center VA Launchpad

Log In to the Cisco DNA Portal with Cisco

Before you begin Make sure that you have a Cisco account and a Cisco DNA Portal account. For more information, see Create a Cisco Account, on page 55 and Create a Cisco DNA Portal Account, on page 57.
Procedure

Step 1

In your browser, enter: dna.cisco.com The Cisco DNA Portal login window is displayed.

Step 2 Step 3

Click Log In With Cisco. Enter your Cisco account’s email in the Email field, and click Next.

Cisco DNA Center on AWS Deployment Guide 61

Log In to the Cisco DNA Portal with Cisco

Deploy Using Cisco DNA Center VA Launchpad

Step 4 Enter your Cisco account’s password in the Password field.

Step 5 Step 6

Click Log in. If you only have one Cisco DNA Portal account, the Cisco DNA Portal home page is displayed.
(Optional) If you have multiple Cisco DNA Portal accounts, choose the account that you want to log in to by clicking the account’s adjacent Continue button.

The Cisco DNA Portal home page is displayed.
Cisco DNA Center on AWS Deployment Guide 62

Deploy Using Cisco DNA Center VA Launchpad

Create a New VA Pod

Create a New VA Pod
A VA pod is the AWS hosting environment for the Cisco DNA Center VA. The hosting environment includes AWS resources, such as the Cisco DNA Center VA EC2 instance, Amazon Elastic Block Storage (EBS), backup NFS server, security groups, routing tables, Amazon CloudWatch logs, Amazon Simple Notification System (SNS), VPN Gateway (VPN GW), TGW, and so on.
Using Cisco DNA Center VA Launchpad, you can create multiple VA pods–one VA pod for each Cisco DNA Center VA.

Note

· The AWS Super Administrator user can set a limit on the number of VA pods that can be created in each

region. The VPCs used for resources outside of the Cisco DNA Center VA Launchpad contribute to this

number as well. For example, if your AWS account has a limit of five VPCs and two are in use, you can

only create three more VA pods in the selected region.

· On some steps, all the resources must be set up successfully to proceed to the next step. If all the resources haven’t been set up successfully, the proceed button is disabled. If all the resources have been set up successfully and the proceed button is disabled, wait a few seconds because the resources are still loading. After all the configurations are complete, the button is enabled.

This procedure guides you through the steps to create a new VA pod.
Before you begin Your AWS account must have administrator access permission to perform this procedure. For information, see Prerequisites for Automated Deployment, on page 50.

Cisco DNA Center on AWS Deployment Guide 63

Create a New VA Pod

Deploy Using Cisco DNA Center VA Launchpad

Procedure

Step 1 Step 2

Log in to Cisco DNA Center VA Launchpad using one of the following methods:
· IAM Login: This method uses user roles to define user access privileges. Cisco DNA Center VA Launchpad supports multi-factor authentication (MFA) as an optional, additional form of authentication, if your company requires it. For more information, see “Log In to Cisco DNA Center VA Launchpad Using IAM” in the Cisco DNA Center VA Launchpad 1.5 Administrator Guide.
· Federated Login: This method uses one identity to gain access to networks or applications managed by other operators. For more information, see “Generate Federated User Credentials Using saml2aws” or “Generate Federated User Credentials Using AWS CLI” in the Cisco DNA Center VA Launchpad 1.5 Administrator Guide.
For information about how to get an Access Key ID and Secret Access Key, see the AWS Account and Access Keys topic in the AWS Tools for PowerShell User Guide on the AWS website.
If you encounter any login errors, you need to resolve them and log in again. For more information, see Troubleshoot the Deployment, on page 78.
If you are an admin user logging in for the first time, enter your email address in the Email ID field and click Submit. If you are a subuser, proceed to Step 3.

You can subscribe to the Amazon Simple Notification System (SNS) to receive alerts about deployed resources, changes, and resource over-utilization. Further, alarms can be set up to notify you if Amazon CloudWatch detects any unusual behavior in Cisco DNA Center VA Launchpad. In addition, AWS Config evaluates and assesses your configured resources and sends audit logs of the results as well. For more information, see “Subscribe to the Amazon SNS Email Subscription” and “View Amazon CloudWatch Alarms” in the Cisco DNA Center VA Launchpad 1.5 Administrator Guide. After you enter your email, several processes happen:
· The CiscoDNACenter user group is created in your AWS account with all the required policies attached. The admin user can add subusers to this group to allow subusers to log in to Cisco DNA Center VA Launchpad.
· An Amazon S3 bucket is automatically created to store the state of the deployment. We recommend that you do not delete this or any other bucket from the AWS account, either globally or for each region. Doing so could impact the Cisco DNA Center VA Launchpad deployment workflow.
· If you are logging in to a region for the first time, Cisco DNA Center VA Launchpad creates several resources in AWS. This process can take some time, depending on whether the region was previously
Cisco DNA Center on AWS Deployment Guide 64

Deploy Using Cisco DNA Center VA Launchpad

Create a New VA Pod

enabled or not. Until the process completes, you cannot create a new VA pod. During this time, the following message is displayed: “Setting up the initial region configuration. This might take a couple of minutes.”

After you log in successfully, the Dashboard pane is displayed.

Note

If you’re prompted to update the region version, follow the prompts to complete the update. For

more information, see “Update a Region Level” in the Cisco DNA Center VA Launchpad 1.5

Administrator Guide.

Step 3
Step 4 Step 5

(Optional) To create the new VA pod in a region other than the default (us- east-1), click the Region drop-down list and choose a region.

Note

If you’re prompted to update the region version, follow the prompts to complete the update. For

more information, see “Update a Region Level” in the Cisco DNA Center VA Launchpad 1.5

Administrator Guide.

Click + Create New VA Pod. Configure the AWS infrastructure, which includes the VPC, private subnet, routing table, security group, virtual gateway, and CGW, by completing the following steps: a) In the Environmental Details fields, configure the following fields:
· VA Pod Name: Assign a name to the new VA pod. The name must be unique across all regions and can include letters (A-Z and a-z), numbers (0-9), and dashes (-).
· Availability Zone: Click this drop-down list and choose an availability zone, which is an isolated location within your selected region.
· AWS VPC CIDR: Enter a unique VPC subnet to use to launch the AWS resources. Keep the following guidelines in mind:
· The recommended CIDR range is /25.
· In IPv4 CIDR notation, the last octet (the fourth octet) of the IP address can only have the values 0 or 128.

Cisco DNA Center on AWS Deployment Guide 65

Create a New VA Pod

Deploy Using Cisco DNA Center VA Launchpad

· This subnet should not overlap with your corporate subnet.

b) Under Transit Gateway (TGW), choose one of the following options:

· VPN GW: Choose this option if you have a single VA pod, and you want to use a VPN gateway. A VPN GW is the VPN endpoint on the Amazon side of your Site- to-Site VPN connection. It can be attached to only a single VPC.

· New VPN GW + New TGW: Choose this option if you have multiple VA pods or VPCs, and you want to use the TGW as a transit hub to interconnect multiple VPCs and on-premises networks. It can also be used as a VPN endpoint for the Amazon side of the Site-to-Site VPN connection.

Note

You can create only one TGW per region.

· Existing TGW: Choose this option if you have an existing TGW that you want to use to create a new VA pod, and then choose one of the following options:
· New VPN GW: Choose this option if you want to create a new VPN gateway for your existing TGW.
· Existing Attachment: Choose this option if you want to use an existing VPN or direct-connect attachment. From the Select Attachment ID, drop-down list, choose an attachment ID.
If you choose this option, you must also configure the routing on the existing TGW and CGW. For information, see Manually Configure Routing on Existing Transit and Customer Gateways, on page 72.

c) Do one of the following:
· If you selected Existing TGW and Existing Attachments as your preferred connectivity options, proceed to Step 5.
· If you selected VPN GW, New VPN GW + New TGW, or Existing TGW + New VPN GW, provide the following VPN details:
· Customer Gateway IP: Enter the IP address of your Enterprise firewall or router to form an IPsec tunnel with the AWS VPN gateway.
· VPN Vendor: From the drop-down list, choose a VPN vendor.
The following VPN vendors are not supported: Barracuda, Sophos, Vyatta, and Zyxel. For more information, see Troubleshoot VA Pod Configuration Errors, on page 80.
· Platform: From the drop-down list, choose a platform.
· Software: From the drop-down list, choose a software.

d) For the Customer Profile size, leave the default Medium setting.
The customer profile size applies to both the Cisco DNA Center VA instance and the backup instance. The Medium configures the instances as follows:
· Cisco DNA Center Instance: r5a.8xlarge, 32 vCPU, 256-GB RAM, and 4-TB storage.

Cisco DNA Center on AWS Deployment Guide 66

Deploy Using Cisco DNA Center VA Launchpad

Create a New VA Pod

Important

Cisco DNA Center supports only the r5a.8xlarge instance size. Any changes to this configuration aren’t supported. Additionally, the r5a.8xlarge instance size isn’t supported in specific availability zones. To view the list of unsupported availability zones, see the Release Notes for Cisco DNA Center VA Launchpad 1.5.0.

· Backup Instance: T3.micro, 2 vCPU, 500-GB storage, and 1-GB RAM

e) For the Backup Target, choose one of the following options as the destination for the backups of your Cisco DNA Center databases and files: · Enterprise Backup (NFS): Choose this option if you want the backup to be stored in the on-premises servers.
· Cloud Backup (NFS): Choose this option if you want the backup to be stored in AWS. Note the following backup details. You will use this information later to log in to the cloud backup server: · SSH IP Address:
· SSH Port: 22
· Server Path: /var/dnac-backup/
· Username: maglev
· Password: maglev1@3
· Passphrase: maglev1@
· Open Ports: 22, 2049, 873, and 111

f) Click Next. The Summary pane is displayed.

Cisco DNA Center on AWS Deployment Guide 67

Create a New VA Pod

Deploy Using Cisco DNA Center VA Launchpad

g) Review the environment and VPN details that you entered. If you are satisfied, click Start Configuring AWS Environment. Important This setup takes about 20 minutes to complete. Do not exit the application or close this window or tab. Otherwise, the setup will pause.
h) After the AWS infrastructure is successfully configured, the AWS Infrastructure Configured pane is displayed.
Cisco DNA Center on AWS Deployment Guide 68

Deploy Using Cisco DNA Center VA Launchpad

Create a New VA Pod

If the AWS infrastructure configuration fails, exit Cisco DNA Center VA Launchpad and see Troubleshoot the Deployment, on page 78 for information about possible causes and solutions.

Step 6

Download the on-premises configuration file by completing the following steps: a) After the AWS infrastructure is successfully configured, click Proceed to On-Prem Configuration. b) In the Configure On-premise pane, click Download Configuration File. Forward this file to your
network administrator to configure the on-premises-side IPsec tunnel.
Make sure your network administrator configures only one IPsec tunnel.

Cisco DNA Center on AWS Deployment Guide 69

Create a New VA Pod

Deploy Using Cisco DNA Center VA Launchpad

Note

· The network administrator can make the necessary changes to this configuration file

and apply it to your Enterprise firewall or router to bring up the IPsec tunnels.

The provided configuration file enables you to bring up two tunnels between AWS and the Enterprise router or firewall.

· Most virtual private gateway solutions have one tunnel up and the other down. You can have both tunnels up and use the Equal Cost Multiple Path (ECMP) networking feature. ECMP processing enables the firewall or router to use equal-cost routes to transmit traffic to the same destination. To do this, your router or firewall must support ECMP. Without ECMP, we recommend that you either keep one tunnel down and manually failover or use a solution, such as an IP SLA, to automatically bring up the tunnel in a failover scenario.

Step 7

c) Click Proceed to Network Connectivity Check button.
Check the status of your network configuration based on the on-premises connectivity preferences that you selected during the AWS infrastructure configuration by completing one of the following actions:
· If you selected VPN GW as your preferred on-premises connectivity option, the IPsec tunnel configuration status is displayed, as follows:
· If the network administrator hasn’t configured the IPsec tunnel yet, a padlock is displayed on the IPsec tunnel:

· Ask your network administrator to verify that the IPsec tunnel on the Enterprise firewall or router is up. After the IPsec tunnel comes up, the IPsec tunnel turns green:
Cisco DNA Center on AWS Deployment Guide 70

Deploy Using Cisco DNA Center VA Launchpad

Create a New VA Pod

· If you selected New VPN GW + New TGW or Existing TGW and New VPN GW as your preferred on-premises connectivity option, Cisco DNA Center VA Launchpad checks whether your VPC is connected to the TGW, which in turn is connected to your on-premises firewall or router.

Note

For the TGW-to-Enterprise firewall or router connection to succeed, your network

administrator must add the configuration to your on-premises firewall or router.

The connection status is displayed, as follows:
· If the connection from the TGW to your on-premises firewall or router isn’t connected yet, it’s grayed out:

· After TGW connectivity is successfully established, the TGW connection is green:

· If you selected Existing TGW and Existing Attachment as your preferred on- premises connectivity option, make sure that routing is configured between the existing TGW and the newly attached VPC, where Cisco DNA Center is launched. For information, see Manually Configure Routing on Existing Transit and Customer Gateways, on page 72. The connection status is displayed, as follows: · If your VPC is not attached to the TGW, the TGW connection is grayed out:
Cisco DNA Center on AWS Deployment Guide 71

Manually Configure Routing on Existing Transit and Customer Gateways

Deploy Using Cisco DNA Center VA Launchpad

· After TGW connectivity is successfully established, the TGW connection is green:

Step 8

Click Go to Dashboard to return to the Dashboard pane, where you can create more VA pods and manage your existing ones.

Manually Configure Routing on Existing Transit and Customer Gateways
If you selected Existing Transit Gateway and Existing Attachments as your preferred connectivity option while creating a new VA pod, Cisco DNA Center VA Launchpad creates a VPC to launch Cisco DNA Center and attaches this VPC to your existing TGW. For Cisco DNA Center VA Launchpad to establish the TGW connection, you must manually configure the TGW routing table on AWS and add the routing configuration to your existing CGW.
Procedure
Step 1 From the AWS console, go to VPC service.

Cisco DNA Center on AWS Deployment Guide 72

Deploy Using Cisco DNA Center VA Launchpad

Manually Configure Routing on Existing Transit and Customer Gateways

Step 2 Step 3

In the left navigation pane, under Transit Gateways, choose Transit gateway route tables and select the existing TGW route table.
In the Transit gateway route tables window, click the Associations tab and then click Create association.

Step 4 In the Transit gateway route tables window, click the Propagations tab and then click Create propagation.

Step 5 Step 6

To ensure that the static route between the respective VPC and VPN is active, click the Routes tab and then click Create static route. Ensure that your on- premises router configuration is updated to route the network traffic destined for the CIDR ranges that are allocated to your CGW in your AWS environment.
For example: route tunnel-int-vpn-0b57b508d80a07291-1 10.0.0.0 255.255.0.0 192.168.44.37 200

Cisco DNA Center on AWS Deployment Guide 73

Create a New Cisco DNA Center VA

Deploy Using Cisco DNA Center VA Launchpad

Create a New Cisco DNA Center VA
Use this procedure to configure a new Cisco DNA Center VA. Procedure

Step 1

On the Dashboard pane, locate one of the VA pods and, in the VA pod card, click Create/Manage Cisco DNA Center(s).

Step 2 On the Create/Manage Cisco DNA Center(s) pane, click + Create New Cisco DNA Center.

Step 3

Enter the following details:

· Cisco DNA Center Version: From the drop-down list, choose a Cisco DNA Center version.

· Enterprise DNS: Enter the IP address of your Enterprise DNS. Ensure that the Enterprise DNS is reachable from the VA pod in which you’re creating the Cisco DNA Center VA.

Note

Cisco DNA Center VA Launchpad checks the on-premises network connection using UDP

port 53 with the DNS server IP address that you entered.

· FQDN (Fully Qualified Domain Name): Enter the IP address of the Cisco DNA Center VA as configured on your DNS server.

Cisco DNA Center on AWS Deployment Guide 74

Deploy Using Cisco DNA Center VA Launchpad

Create a New Cisco DNA Center VA

· Proxy Details: Select one of the following HTTPS network proxy options: · No Proxy: No proxy server is used. · Unauthenticated: The proxy server does not require authentication. Enter the URL and port number of the proxy server. · Proxy Authentication: The proxy server requires authentication. Enter the URL, port number, username, and password details for the proxy server.
· Cisco DNA Center Virtual Appliance Credentials: Enter a CLI password to use to log in to the Cisco DNA Center VA. The password must: · Omit any tab or line breaks · Have a minimum of eight characters · Contain characters from at least three of the following categories: · Lowercase letters (a-z) · Uppercase letters (A-Z) · Numbers (0-9) · Special characters (for example, ! or #)

Save this password for future reference.

Note

The username is maglev.

Step 4

Click Validate to validate the Enterprise DNS server and FQDN configured on the DNS server.

Note

In Cisco DNA Center VA Launchpad, Release 1.5.0, if the DNS server, proxy server, or FQDN

checks fail, continue with your configuration as follows:

· If the DNS server validation fails, you cannot continue creating your Cisco DNA Center VA. Make sure that the entered DNS server IP address is reachable from the VA pod.

· If the proxy server validation fails, you can still continue with your configuration because even if the invalid proxy details aren’t fixed, the Cisco DNA Center VA works.

· If the FQDN validation fails, you can still continue with creating your Cisco DNA Center VA. However, for the Cisco DNA Center VA to work, you need to fix the FQDN configuration.

Step 5 Step 6 Step 7

Review the configuration details.
If you are satisfied with the configuration, click Start Cisco DNA Center Configuration. In the Download PEM key File dialog box, click Download PEM Key. If you click Cancel, you’re returned to the Summary window.
Important Because the PEM key isn’t stored in your AWS account, you need to download it. You need the PEM key to access the Cisco DNA Center VA that is being created.

Cisco DNA Center on AWS Deployment Guide 75

Create a New Cisco DNA Center VA

Deploy Using Cisco DNA Center VA Launchpad

After you downloaded the PEM file, the dialog box closes, and Cisco DNA Center VA Launchpad begins configuring the Cisco DNA Center environment.
After the environment is configured, Cisco DNA Center boots. Initially, Cisco DNA Center VA Launchpad displays the outer ring in gray. When Port 2222 is validated, the image turns amber. When Port 443 is validated, the image turns green.
Cisco DNA Center on AWS Deployment Guide 76

Deploy Using Cisco DNA Center VA Launchpad

Create a New Cisco DNA Center VA

Note

This process takes 45-60 minutes. Do not exit the application or close this window or tab.

Otherwise, the setup will pause.

After Cisco DNA Center is done booting, the configuration is complete. You can now view your Cisco DNA Center VA details.

If the Cisco DNA Center configuration fails, exit to the Create/Manage Cisco DNA Center(s) pane. For information, see Troubleshoot the Deployment, on page 78
Cisco DNA Center on AWS Deployment Guide 77

Troubleshoot the Deployment

Deploy Using Cisco DNA Center VA Launchpad

Step 8 To return to the Create/Manage Cisco DNA Center(s) pane, click Go to Manage Cisco DNA Center(s).
Troubleshoot the Deployment
Cisco DNA Center VA Launchpad is designed to help you seamlessly configure Cisco DNA Center on AWS with minimal intervention. This section shows you how to troubleshoot common issues during the deployment of Cisco DNA Center on AWS.
Note We recommend against making manual changes with Cisco DNA Center VA Launchpad through the AWS console, because it can lead to issues that Cisco DNA Center VA Launchpad cannot resolve.
If you have any issues that are not addressed in this section, contact Cisco TAC.
Troubleshoot Docker Errors
If the error, port is already in use, displays while running the docker images for Cisco DNA Center VA Launchpad, you can troubleshoot it with the following possible solutions:
Cisco DNA Center on AWS Deployment Guide 78

Deploy Using Cisco DNA Center VA Launchpad

Troubleshoot Login Errors

Error

Possible Solution

If you receive the following error while On Docker, run the server application:

running the server application:

docker run -d -p :8080 -e

port is already in use

SECRET_KEY= –name server –pull=always

dockerhub.cisco.com/maglev-docker/server:x.x.x-latest

Note

You can use any available server port.

While running the server application, run the client application:

docker run -d -p 90:80 -e REACT_APP_API_URL=http://localhost:<client-port- number> –name client –pull=always dockerhub.cisco.com/maglevdocker/client:x.x.x

Note

You must use the same port number that you used to run the server application.

If you receive the following error while On Docker, run the client application:

running the client application:

docker run -d -p :80 –name client –pull=always

port is already in use

dockerhub.cisco.com/maglev-docker/client:x.x.x

Note

You can use any available server port.

Troubleshoot Login Errors

When you log in to Cisco DNA Center VA Launchpad, you may encounter a login error. You can troubleshoot common login errors with the following possible solutions:

Error Invalid credentials.

Possible Solution Reenter your credentials and check that they’re entered correctly.

You don’t have enough access. For admin users, verify that your account has administrator access permission. For subusers, verify that your administrator added you to the CiscoDNACenter user group.

An operation to delete is in progress, please try again after some time.

If an admin user deletes the -cisco-dna-center global bucket from your AWS account and then tries to log in, this login error can occur. Wait 5 minutes for the deletion to complete.

Troubleshoot a Hosted Cisco DNA Center VA Launchpad Error
On hosted Cisco DNA Center VA Launchpad, when you trigger a root cause analysis (RCA), the Rate exceeded error can occur. If this error occurs, the following banner is displayed:

Cisco DNA Center on AWS Deployment Guide 79

Troubleshoot Region Issues

Deploy Using Cisco DNA Center VA Launchpad

This error banner displays when the maximum number of API requests (10,000 per second) are received for a region. To resolve this issue, increase the limit in AWS with the Service Quotas service, or retry the operation after a few seconds.

Troubleshoot Region Issues

You can troubleshoot region issues with the following possible solutions:

Issue

Possible Solution

While creating a new VA pod in a new Make sure that any manual process on the AWS console has completed successfully and try

region, Cisco DNA Center VA

this step again. If the problem persists, contact Cisco TAC.

Launchpad displays an error message or the screen freezes for more than 5

Note

minutes and does not display a

configuration-in-progress message.

To avoid such conflicts, we recommend that you don’t make any manual changes to the VA pods. Instead, use the Cisco DNA Center VA Launchpad for all actions.

Your region setup fails and Cisco DNA Open a case with AWS and ask that they delete the failed resources from the backend. Center VA Launchpad displays a Bucket [name] did not stabilize error similar to the following:

Troubleshoot VA Pod Configuration Errors
You can troubleshoot VA pod configuration errors with the following possible solutions:

Cisco DNA Center on AWS Deployment Guide 80

Deploy Using Cisco DNA Center VA Launchpad

Troubleshoot VA Pod Configuration Errors

Error + Create VA Pod button disabled

Possible Solution
Hover your cursor over the disabled button to learn more about why it’s disabled.
The following are likely reasons why you can’t create a new VA pod:
· You have reached the limit of VPC service quota: For every region, a limit is set by your AWS administrator for how many VPCs can be created. Typically, there are 5 VPCs per region, and each VPC can have only one VA pod. However, you may want to contact your AWS administrator for the exact number.
Note that any VPC used for resources outside of Cisco DNA Center VA Launchpad contribute to this limit. For example, if your AWS account has a limit of five VPCs and two are in use, you can only create three more VA pods in the selected region.
To create new VA pods, ask your AWS administrator to change the limit or delete some of your existing VA pods or VPCs on your AWS account.
· Pod deletion in progress: The deletion of the last VA pod in the region is in progress. Wait a few minutes, and then retry creating a new VA pod.

AMI ID for this region is not available for your account.

When you click + Create New VA Pod, Cisco DNA Center VA Launchpad validates the AMI ID for your selected region.
If you encounter this error, the validation has failed and you can’t create a new pod in this region. Contact Cisco TAC to help you resolve the issue.

Your VPN configuration is invalid. When configuring a VA pod, the following VPN vendors are not supported:

At this step you cannot update it so please delete the instance and create

· Barracuda

a new one.

· Sophos

· Vyatta

· Zyxel

If you are using an unsupported VPN vendor, Cisco DNA Center VA Launchpad displays the following error message:

CustomerGateway with type

You may encounter this error if you try to create more than one VA pod at a time.

“ipsec.1”, ip-address “xx.xx.xx.xx”, and bgp-asn “65000” already exists (RequestToken:

To resolve this error, delete the failed VA pod and recreate it. Ensure that you create only one VA pod at a time.

f78ad45d-b4f8-d02b-9040-f29e5f5f86cf,

HandlerErrorCode: AlreadyExists)

AWS Infrastructure Failed.

If the AWS configuration fails, return to the Dashboard pane and create a new VA pod. For more information, see Create a New VA Pod, on page 63.

Note

You can delete the VA pod that failed to configure.

Cisco DNA Center on AWS Deployment Guide 81

Troubleshoot a Network Connectivity Error

Deploy Using Cisco DNA Center VA Launchpad

Error
AWS Configuration fails when editing a VA Pod

Possible Solution

Make sure that any manual process on the AWS console has been completed successfully and try this step again. If the problem persists, contact Cisco TAC.

Note

To avoid such conflicts, we recommend that you do not make any manual

changes to the VA pods. Instead, use the Cisco DNA Center VA Launchpad

for all actions.

Deleting VA Pod has failed

Make sure that any manual process on the AWS console has been completed successfully and try this step again. If the problem persists, contact Cisco TAC.

Note

To avoid such conflicts, we recommend that you do not make any manual

changes to the VA pods. Instead, use the Cisco DNA Center VA Launchpad

for all actions.

The resource you are trying to delete If you encounter this error while deleting a VA pod, contact Cisco TAC. has been modified recently. Please refresh the page get the latest changes and try again.

Troubleshoot a Network Connectivity Error
While creating a VA pod, if the IPsec tunnel or TGW connection isn’t established, make sure that the tunnel is up on your on-premises firewall or router.
If the tunnel from the VA pod to TWG is green and the tunnel from the TWG to CGW is gray, make sure that:

· You forwarded the correct configuration file to your network administrator. · Your network administrator made the necessary changes to the configuration file. · Your network administrator finished applying this configuration to your Enterprise firewall or router. · If you chose Existing TGW and Existing Attachments as your network connectivity preference, make
sure that you correctly followed Manually Configure Routing on Existing Transit and Customer Gateways, on page 72.
Cisco DNA Center on AWS Deployment Guide 82

Deploy Using Cisco DNA Center VA Launchpad

Troubleshoot Cisco DNA Center VA Configuration Errors

Troubleshoot Cisco DNA Center VA Configuration Errors

You can troubleshoot errors that occur while configuring a Cisco DNA Center VA with the following possible solutions:

Error Environment Setup failed

Possible Solution 1. On Cisco DNA Center VA Launchpad, return to the Create/Manage Cisco DNA Center(s)
pane.
2. Delete the Cisco DNA Center VA.
3. Create a new Cisco DNA Center VA.

Delete Failed

If the Cisco DNA Center VA deletion fails, contact Cisco TAC.

Troubleshoot Concurrency Errors

You troubleshoot the concurrency errors with the following possible solutions:

Error

Possible Solution

Unable to delete a Pod You cannot delete a component, such as a VA pod or Cisco DNA Center VA, that another user has created

or a Cisco DNA Center while a different action is in progress on the component. After the action completes, you or any other

created by another user can delete the component.

user.

For example, you cannot delete a VA pod or Cisco DNA Center VA while it is in any of the following

processes or states:

· Another user is in the process of creating the Cisco DNA Center VA.

· Another user is in the process of deleting the Cisco DNA Center VA.

· The Cisco DNA Center VA is in a failed state after a deletion attempt.

The status of a Pod has If you tried to delete a VA pod, the original user account that created the VA pod may have performed a been changed recently. concurrent action. This concurrency issue changes the status of the selected VA pod.
To view the updated status of the VA pod, click Refresh.

Troubleshoot Other Deployment Issues
You can troubleshoot other issues that occur while deploying a Cisco DNA Center VA on AWS with the following possible solutions:

Cisco DNA Center on AWS Deployment Guide 83

Troubleshoot Other Deployment Issues

Deploy Using Cisco DNA Center VA Launchpad

Issue

Possible Reasons and Solutions

Resources are green, but the On some steps, you can only proceed if all the resources have been successfully set up. To ensure Proceed button is disabled. the integrity of the deployment, the Proceed button remains disabled until the setup is complete
and all the resources have been configured and loaded.

Sometimes, the screen shows that the resources have been successfully set up, but the Proceed button is still disabled. In this case, you need to wait a few more seconds for some resources to load. After all the resources have been configured and loaded, the Proceed button is enabled.

Failure when deploying multiple VA pods with the same CGW in single region.

Make sure that: · The CGW IP address is the IP address of your Enterprise firewall or router. · The CGW IP address is a valid public address.

· The CGW IP address hasn’t been used for another VA pod within the same region. Currently, in each region, multiple VA pods cannot have the same CGW IP address. To use the same CGW IP address for more than one VA pod, deploy each VA pod in a different region.

Unable to SSH or ping the Cisco DNA Center VA.
Session ended

You cannot connect via SSH or ping the Cisco DNA Center VA, although the tunnel is up and the application status is complete (green). This issue might occur if the on-premises CGW is configured incorrectly. Verify the CGW configuration and try again.
If your session times out while operations are in progress, such as triggering an RCA, the operations may abruptly end and display the following notification:

If your session times out, log back in and restart the operations.
Cisco DNA Center on AWS Deployment Guide 84

I I P A R T
Deploy Using AWS CloudFormation
· Deploy Cisco DNA Center 2.3.5.3 on AWS Using AWS CloudFormation, on page 87

4 C H A P T E R
Deploy Cisco DNA Center 2.3.5.3 on AWS Using AWS CloudFormation
· Deploy Cisco DNA Center on AWS Manually Using AWS CloudFormation, on page 87 · Manual Deployment Using AWS CloudFormation Workflow, on page 87 · Prerequisites for Manual Deployment Using AWS CloudFormation, on page 88 · Deploy Cisco DNA Center on AWS Manually Using AWS CloudFormation, on page 93 · Validate the Deployment, on page 98
Deploy Cisco DNA Center on AWS Manually Using AWS CloudFormation
If you’re familiar with AWS administration, you have the option of deploying the Cisco DNA Center AMI manually on your AWS account using AWS CloudFormation. With this method, you need to create the AWS infrastructure, establish a VPN tunnel, and deploy Cisco DNA Center.
Manual Deployment Using AWS CloudFormation Workflow
To deploy Cisco DNA Center on AWS using this method, follow these high-level steps: 1. Meet the prerequisites. See Prerequisites for Manual Deployment Using AWS CloudFormation, on page
88. 2. (Optional) Integrate Cisco ISE on AWS and your Cisco DNA Center VA together. See Guidelines for
Integrating Cisco ISE on AWS with Cisco DNA Center on AWS, on page 4. 3. Deploy Cisco DNA Center on AWS using AWS CloudFormation. See Deploy Cisco DNA Center on
AWS Manually Using AWS CloudFormation, on page 93. 4. Make sure that your environment setup and the Cisco DNA Center VA configuration are installed correctly
and working as expected. See Validate the Deployment, on page 98.
Cisco DNA Center on AWS Deployment Guide 87

Prerequisites for Manual Deployment Using AWS CloudFormation

Deploy Using AWS CloudFormation

Prerequisites for Manual Deployment Using AWS CloudFormation
Before you can begin to deploy Cisco DNA Center on AWS, make sure that the following network, AWS, and Cisco DNA Center requirements have been met:
Network Environment You must have the following information about your network environment on hand:
· Enterprise DNS server IP address · (Optional) HTTPS Network Proxy details
AWS Environment You must meet the following AWS environment requirements:
· You have valid credentials to access your AWS account.
Note We recommend that your AWS account be a subaccount (a child account) to maintain resource independence and isolation. A subaccount ensures that the Cisco DNA Center deployment does not impact your existing resources.
· Important: Your AWS account is subscribed to Cisco DNA Center Virtual Appliance – Bring Your Own License (BYOL) in AWS Marketplace.
· You must have administrator access permission for your AWS account. (In AWS, the policy name is displayed as AdministratorAccess.)

· The following resources and services must be set up in AWS:
Cisco DNA Center on AWS Deployment Guide 88

Deploy Using AWS CloudFormation

Prerequisites for Manual Deployment Using AWS CloudFormation

· VPC: The recommended CIDR range is /25. In IPv4 CIDR notation, the last octet (the fourth octet) of the IP address can only have the values 0 or 128. For example: x.x.x.0 or x.x.x.128.
· Subnets: The recommended subnet range is /28 and should not overlap with your corporate subnet.
· Route Tables: Make sure that your VPC subnet is allowed to communicate with your Enterprise network via your VPN GW or TGW.
· Security Groups: For communication between your Cisco DNA Center VA on AWS and the devices in your Enterprise network, the AWS security group that you attach to your Cisco DNA Center VA on AWS must allow the following ports:
· TCP 22, 80, 443, 9991, 25103, 32626
· UDP 123, 162, 514, 6007, 21730
You must also configure the inbound and outbound ports. To configure inbound ports, refer to the following figure:

To configure outbound ports, refer to the following figure:
Cisco DNA Center on AWS Deployment Guide 89

Prerequisites for Manual Deployment Using AWS CloudFormation

Deploy Using AWS CloudFormation

Port — TCP 22, 80, 443
UDP 123

The following table lists information about the ports that Cisco DNA Center uses, the services communicating over these ports, the appliance’s purpose in using them, and the recommended action.

Service Name ICMP

Purpose
Devices use ICMP messages to communicate network connectivity issues.

Recommended Action Enable ICMP.

HTTPS, SFTP, HTTP

Software image download from Cisco Ensure that firewall rules limit the

DNA Center through HTTPS:443, source IP of the hosts or network

SFTP:22, HTTP:80.

devices allowed to access Cisco DNA

Certificate download from Cisco DNA Center on these ports.

Center through HTTPS:443, HTTP:80 Note

We do not recommend

(Cisco 9800 Wireless Controller, PnP),

the use of HTTP 80. Use

Sensor/Telemetry.

HTTPS 443 wherever

Note

Block port 80 if you don’t

possible.

use Plug and Play (PnP),

Software Image

Management (SWIM),

Embedded Event

Management (EEM),

device enrollment, or

Cisco 9800 Wireless

Controller.

NTP

Devices use NTP for time

Port must be open to allow devices to

synchronization.

synchronize the time.

Cisco DNA Center on AWS Deployment Guide 90

Deploy Using AWS CloudFormation

Prerequisites for Manual Deployment Using AWS CloudFormation

Port UDP 162 UDP 514 UDP 6007 TCP 9991
UDP 21730 TCP 25103
TCP 32626

Service Name SNMP

Purpose
Cisco DNA Center receives SNMP network telemetry from devices.

Recommended Action
Port must be open for data analytics based on SNMP.

Syslog

Cisco DNA Center receives syslog Port must be open for data analytics

messages from devices.

based on syslog.

NetFlow

Cisco DNA Center receives NetFlow Port must be open for data analytics

network telemetry from devices.

based on NetFlow.

Wide Area Bonjour Service

Cisco DNA Center receives multicast Port must be open on Cisco DNA Domain Name System (mDNS) traffic Center if the Bonjour application is from the Service Discovery Gateway installed. (SDG) agents using the Bonjour Control Protocol.

Application Visibility Application Visibility Service CBAR Port must be open when CBAR is

Service

device communication.

enabled on a network device.

Cisco 9800 Wireless Used for telemetry. Controller and Cisco Catalyst 9000 switches with streaming telemetry enabled

Port must be open for telemetry connections between Cisco DNA Center and Catalyst 9000 devices.

Intelligent Capture (gRPC) collector

Used for receiving traffic statistics and Port must be open if you are using the packet – capture data used by the Cisco Cisco DNA Assurance Intelligent DNA Assurance Intelligent Capture Capture (gRPC) feature. (gRPC) feature.

· VPN Gateway (VPN GW) or Transit Gateway (TGW): You must have an existing connection to your Enterprise network, which is your Customer Gateway (CGW).
For your existing connection from the CGW to AWS, make sure that the correct ports are open for traffic flow to and from the Cisco DNA Center VA, whether you open them using the firewall settings or a proxy gateway. For more information about the well-known network service ports that the appliance uses, see “Required Network Ports” in the “Plan the Deployment” chapter of the Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.3.5.
· Site-to-Site VPN Connection: You can use TGW Attachments and TGW Route Tables.

· Your AWS environment must be configured with one of the following regions: · ap-northeast-1 (Tokyo) · ap-northeast-2 (Seoul) · ap-south-1 (Mumbai) · ap- southeast-1 (Singapore) · ap-southeast-2 (Sydney) · ca-central-1 (Canada)

Cisco DNA Center on AWS Deployment Guide 91

Prerequisites for Manual Deployment Using AWS CloudFormation

Deploy Using AWS CloudFormation

· eu-central-1 (Frankfurt) · eu-south-1 (Milan) · eu-west-1 (Ireland) · eu- west-2 (London) · eu-west-3 (Paris) · us-east-1 (Virginia) · us-east-2 (Ohio) · us-west-1 (N. California) · us-west-2 (Oregon)
· If you want to enable multiple IAM users with the ability to configure Cisco DNA Center using the same environment setup, you need to create a group with the following policies and then add the required users to that group: · IAMReadOnlyAccess · AmazonEC2FullAccess · AWSCloudFormationFullAccess
· The Cisco DNA Center instance size must meet the following minimum resource requirements: · r5a.8xlarge

Important

Cisco DNA Center supports only the r5a.8xlarge instance size. Any changes to this configuration aren’t supported. Additionally, the r5a.8xlarge instance size isn’t supported in specific availability zones. To view the list of unsupported availability zones, see the Release Notes for Cisco DNA Center VA Launchpad.

· 32 vCPU · 256-GB RAM · 4-TB storage · 2500 disk input/output operations per second (IOPS) · 180 MBps disk bandwidth

· You have the following AWS information on hand: · Subnet ID · Security Group ID · Keypair ID · Environment name

Cisco DNA Center on AWS Deployment Guide 92

Deploy Using AWS CloudFormation

Deploy Cisco DNA Center on AWS Manually Using AWS CloudFormation

· CIDR reservation
Cisco DNA Center Environment You must meet the following requirements for your Cisco DNA Center environment:
· You have access to the Cisco DNA Center GUI. · You have the following Cisco DNA Center information on hand:
· NTP setting · Default gateway setting · CLI password · UI username and password · Static IP · FQDN for the Cisco DNA Center VA IP address
Deploy Cisco DNA Center on AWS Manually Using AWS CloudFormation
You can manually deploy Cisco DNA Center on AWS using AWS CloudFormation. The provided AWS CloudFormation template contains the relevant details for all required parameters. As a part of the deployment process, the AWS CloudFormation template for the Cisco DNA Center instance automatically creates the following Amazon CloudWatch dashboard and alarms:
· DNACDashboard (VA_Instance_MonitoringBoard): This dashboard provides monitoring information about the Cisco DNA Center instance’s CPUUtilization, NetworkIn, NetworkOut, DiskReadOps, and DiskWriteOps.
· DnacCPUAlarm: When the CPU usage is greater than or equal to 80% for Cisco DNA Center instances, this alarm is triggered. The default threshold for CPU usage is 80%.
· DnacSystemStatusAlarm: If the system status check fails for a Cisco DNA Center instance, the recovery process is started. The default threshold for the system status check is 0.
Before you begin · You have the AWS environment set up with all the required components. For information, see Prerequisites for Manual Deployment Using AWS CloudFormation, on page 88. · The VPN tunnel is up.

Cisco DNA Center on AWS Deployment Guide 93

Deploy Cisco DNA Center on AWS Manually Using AWS CloudFormation

Deploy Using AWS CloudFormation

Step 1
Step 2 Step 3 Step 4

Procedure

Depending on which file you want to download, do one of the following: · Go to the Cisco Software Download site and download the following file:
DNA_Center_VA_InstanceLaunch_CFT-1.6.0.tar.gz
· Go to the Cisco Software Download site and download the following file:
DNA_Center_VA_InstanceLaunch_CFT-1.5.0.tar.gz

Both TAR files contain the AWS CloudFormation template that you use to create your Cisco DNA Center VA instance. The AWS CloudFormation template contains several AMIs, each having a different AMI ID based on a specific region. Use the appropriate AMI ID for your region:

Region ap-northeast-1 (Tokyo)

Cisco DNA Center AMI ID ami-0e15eb31bcb994472

ap-northeast-2 (Seoul)

ami-043e1b9f3ccace4b2

ap-south-1 (Mumbai)

ami-0bbdbd7bcc1445c5f

ap-southeast-1 (Singapore)

ami-0c365aa4cfb5121a9

ap-southeast-2 (Sydney)

ami-0d2d9e5ebb58de8f7

ca-central-1 (Canada)

ami-0485cfdbda5244c6e

eu-central-1 (Frankfurt)

ami-0677a8e229a930434

eu-south-1 (Milan)

ami-091f667a02427854d

eu-west-1 (Ireland)

ami-0a8a59b277dff9306

eu-west-2 (London)

ami-0cf5912937286b42e

eu-west-3 (Paris)

ami-0b12cfdd092ef754e

us-east-1 (Virginia)

ami-08ad555593196c1de

us-east-2 (Ohio)

ami-0c52ce38eb8974728

us-west-1 (Northern California)

ami-0b83a898072e12970

us-west-2 (Oregon)

ami-02b6cd5eee1f3b521

Verify that the TAR file is genuine and from Cisco. For detailed steps, see Verify the Cisco DNA Center VA TAR File, on page 6. Log in to the AWS console. The AWS console is displayed.
In the search bar, enter cloudformation.

Cisco DNA Center on AWS Deployment Guide 94

Deploy Using AWS CloudFormation

Deploy Cisco DNA Center on AWS Manually Using AWS CloudFormation

Step 5 Step 6

From the drop-down menu, choose CloudFormation. Click Create stack and choose With new resources (standard).

Step 7

Under Specify template, select Upload a template file, and choose the AWS CloudFormation template that you downloaded in Step 1.

Cisco DNA Center on AWS Deployment Guide 95

Deploy Cisco DNA Center on AWS Manually Using AWS CloudFormation

Deploy Using AWS CloudFormation

Step 8

Enter a stack name and review the following parameters: · EC2 Instance Configuration · Environment Name: Assign a unique environment name. The environment name is used to differentiate the deployment and is prepended to your AWS resource names. If you use the same environment name as a previous deployment, the current deployment will fail.
· Private Subnet ID: Enter the VPC subnet to be used for Cisco DNA Center.
· Security Group: Enter the security group to be attached to the Cisco DNA Center VA that you are deploying.
· Keypair: Enter the SSH keypair used to access the CLI of Cisco DNA Center VA that you are deploying.
· Cisco DNA Center Configuration: Enter the following information: · DnacInstanceIP: Cisco DNA Center IP address.
· DnacNetmask: Cisco DNA Center netmask.
· DnacGateway: Cisco DNA Center gateway address.
· DnacDnsServer: Enterprise DNS Server.
· DnacPassword: Cisco DNA Center password.

Cisco DNA Center on AWS Deployment Guide 96

Deploy Using AWS CloudFormation

Deploy Cisco DNA Center on AWS Manually Using AWS CloudFormation

Note

You can use the Cisco DNA Center password to access the Cisco DNA Center VA CLI

through the AWS EC2 Serial Console. The password must:

· Omit any tab or line breaks

· Have a minimum of eight characters

· Contain characters from at least three of the following categories:

· Lowercase letters (a-z)

· Uppercase letters (A-Z)

· Numbers (0-9)

· Special characters (for example, ! or #)

Step 9

· DnacFQDN: Cisco DNA Center FQDN. · DnacHttpsProxy: (Optional) Enterprise HTTPS proxy. · DnacHttpsProxyUsername: (Optional) HTTPS proxy username. · DnacHttpsProxyPassword: (Optional) HTTPS proxy password.
(Optional) Click Next to configure the stack options.

Step 10 Step 11

Click Next to review your stack information. If you are satisfied with the configuration, click Submit to finish.

Cisco DNA Center on AWS Deployment Guide 97

Validate the Deployment

Deploy Using AWS CloudFormation

The stack creation process usually takes from 45 to 60 minutes.

Validate the Deployment
To ensure that your environment setup and Cisco DNA Center VA configuration are working, perform the following validation checks.
Before you begin Ensure that your stack creation on AWS CloudFormation has no errors.
Procedure

Step 1
Step 2
Step 3 Step 4

From the Amazon EC2 console, validate the network and system configuration and verify that the Cisco DNA Center IP address is correct. Send a ping to the Cisco DNA Center IP address to ensure that your host details and network connection are valid. Establish an SSH connection with Cisco DNA Center to verify that Cisco DNA Center is authenticated. Test HTTPS accessibility to the Cisco DNA Center GUI using one of the following methods:
· Use a browser.
For more information about browser compatibility, see the Cisco DNA Center Release Notes.
· Use Telnet through the CLI.
· Use curl through the CLI.

Cisco DNA Center on AWS Deployment Guide 98

I I I PA R T
Deploy Using AWS Marketplace
· Deploy Cisco DNA Center 2.3.5.3 on AWS Using AWS Marketplace, on page 101

5 C H A P T E R
Deploy Cisco DNA Center 2.3.5.3 on AWS Using AWS Marketplace
· Deploy Cisco DNA Center on AWS Manually Using AWS Marketplace, on page 101 · Manual Deployment Using AWS Marketplace Workflow, on page 101 · Prerequisites for Manual Deployment Using AWS Marketplace, on page 101 · Deploy Cisco DNA Center on AWS Manually Using AWS Marketplace, on page 107 · Validate the Deployment, on page 107
Deploy Cisco DNA Center on AWS Manually Using AWS Marketplace
If you’re familiar with AWS administration, you have the option of deploying Cisco DNA Center manually on your AWS account using AWS Marketplace.
Manual Deployment Using AWS Marketplace Workflow
To deploy Cisco DNA Center on AWS using this method, follow these high-level steps: 1. Meet the prerequisites. See Prerequisites for Manual Deployment Using AWS Marketplace, on page 101. 2. (Optional) Integrate

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>