Techrunner
asked on
Cisco DNAC Roll Out
Our network infrastructure is 100% Cisco. We are planning to deploy DNA Center into our infrastructure without SD-Access for now.
So what value will it add to the existing network? Will it worth to us anything? Need any suggestions and recommendations before presenting solution to the senior ICT management.
So what value will it add to the existing network? Will it worth to us anything? Need any suggestions and recommendations before presenting solution to the senior ICT management.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help.
1. Does DNAC (without SDA) pushes the configuration to devices ?
2. What will be the needed WAN bandwidth requirements ( main and remote site) considering each remote site with 70 devices ( mainly switches and access points)
1. Does DNAC (without SDA) pushes the configuration to devices ?
2. What will be the needed WAN bandwidth requirements ( main and remote site) considering each remote site with 70 devices ( mainly switches and access points)
Yes you can push config without fabric configuration.
Suggested RTT is no more than 100ms between DNA Center and remote sites. There's no bandwidth specification as such.
Suggested RTT is no more than 100ms between DNA Center and remote sites. There's no bandwidth specification as such.
ASKER
We need Smart DNA licensing for each device ( Cisco 2960X & 3850) ?
Thanks
Thanks
Depends on the version of code on each device.
ASKER
If I had a ISE with DNAC, what features and use cases I can have ( without sd-access)?
Thanks
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
We always got the best and straight to the point answers from you unlike Cisco itself
Now talking about the deployment, we have total 5 medical centers and each center having 50-60 switches with 600-700 users.
Servers and services (AD,DNS, DHCP) are decentralized.
Sites are interconnected over IPSec. One of our site is considered as HQ.
Thus, what best deployment strategy we could approach in our case.
Appreciate your support.
We always got the best and straight to the point answers from you unlike Cisco itself
Now talking about the deployment, we have total 5 medical centers and each center having 50-60 switches with 600-700 users.
Servers and services (AD,DNS, DHCP) are decentralized.
Sites are interconnected over IPSec. One of our site is considered as HQ.
Thus, what best deployment strategy we could approach in our case.
Appreciate your support.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Sir,
Just for the info our remote site are connected over IPSec VPN, however, within the coming few months we will deploy Meraki SD-WAN with Full Mesh.
I am fan of centralizing the administration though it depends on the given infrastructure. We will be using ISE 802.1x (wired/wireless), BYOD, Posture Assessment, and MDM ( with Meraki Cloud).
In addition , we have a wireless controller on every site.
So keeping the consideration of the above points, what would be the best deployment for ISE?
For DNAC, I got it now to host at the HQ site.
Thanks
Just for the info our remote site are connected over IPSec VPN, however, within the coming few months we will deploy Meraki SD-WAN with Full Mesh.
I am fan of centralizing the administration though it depends on the given infrastructure. We will be using ISE 802.1x (wired/wireless), BYOD, Posture Assessment, and MDM ( with Meraki Cloud).
In addition , we have a wireless controller on every site.
So keeping the consideration of the above points, what would be the best deployment for ISE?
For DNAC, I got it now to host at the HQ site.
Thanks
Is there a reason you have a WLC at each site? You could centralise them if all traffic needs to go to HQ first, using Flexconnect.
If you use 802.1x on the wire I'd put an ISE PSN at each (or important) sites as long as latency is within 300ms between PAN and PSN.
If you use 802.1x on the wire I'd put an ISE PSN at each (or important) sites as long as latency is within 300ms between PAN and PSN.
ASKER
Just to clarify, all the sites route their traffic locally. Each site has Collapsed Core and Access Switches.
We will be using ISE 802.1x (wired/wireless), BYOD, Posture Assessment, and MDM ( with Meraki Cloud).
Remote site connect to central location just to access some servers and AD sync.
We will be using ISE 802.1x (wired/wireless), BYOD, Posture Assessment, and MDM ( with Meraki Cloud).
Remote site connect to central location just to access some servers and AD sync.
ASKER
2. What assurance features does DNAC provide ?
3. We have multiple site, can we manage all device from central DNAC or there are any limitations ?
4. Can we considered the DNAC solution as Network Operations Center ?
Please advise.