Cisco DNA Center Review

Robust, zero-day configuration with wireless assurance and telemetry, with outstanding support


What is our primary use case?

We use this solution for network assurance and automation, network segmentation with ISE integration, and LAN automation deploying new devices out into the switching estate.

This was for a TSA project that we were doing for a client.

How has it helped my organization?

It relieved some of the operational burdens on the IT staff. It makes troubleshooting a lot of issues much quicker from a central single pane of glass, whether it's a switch issue or authentication issue with ISE, or a wireless connectivity issue. 

DNA center is very capable of being able to address well, identify the issue, suggest remediation steps, run remediation, run commands against a switch to check the proper connectivity for example, and also address all our remediation steps that the IT person could take.

Rather than having to log into the individual switch DNA center, you can basically run your commands, run your troubleshooting, all from DNA and attempt to remediate the problem.

What is most valuable?

I think that their LAN automation is a very good feature. It takes advantage of the plug-and-play capability from the catalyst switches. 

We'll do a zero-day configuration, which is a good feature. 

Also, wired and wireless assurance, client health, and network health are valuable, especially with the wireless sensors deployed. It can give you a good idea of what's going on in the RF environments.

The template feature is really good, you have free templates and then associate those templates to a tag, tag a device with a certain role, and just program devices that way rapidly.

It's pretty robust. The wireless assurance and telemetry, as well as the security and the segmentation capabilities, are outstanding.

They deploy rapidly. They are scalable throughout the entire organization. With just a few clicks, it really removes a lot of the human error that you would normally have with access control lists.

It takes a lot of the human element out of configuration.

You can create VRS and VNS and deploy those system-wide, application policies with a few clicks and segmentation with a few clicks.

What needs improvement?

With their provisioning status, if there's a failure in provisioning or in some type of task that DNA is trying to push out to a switch or whatever device, sometimes the task status errors or the provision errors are a little bit big. 

I think they could provide a little more detail to someone when a task fails. It's an error code that tells you that this task has failed, but it doesn't get too deep into why it failed. The task failure reporting or provisioning failure reporting could be a little bit better in the UI, with more information given to the user.

From the CLI you can get much more information from MagLevs.

Also, the UI could use a little bit of improvement. I know that things have gotten a lot better in version 2, but I haven't worked with version 2 yet.

A feature that I would like to have seen is the true debt disaster recovery, which is now available in the 2.2.1 version.

More detailed information would be helpful, but you can get that information from the CLI but not everyone is comfortable working in the Linux shell.

For how long have I used the solution?

I have been using Cisco DNA Center for approximately two years.

The last version that I worked with was Version 1.3.3.6.

Currently, the latest is version 2.X.

What do I think about the stability of the solution?

It is very stable. I would rate the stability an 8.5 out of 10. 

We had an issue with the DNA center database. 

With the DNA center, you have to be a little patient. 

We may have been trying to ask it to do too much at one time, and it created a problem with the database that escalated to the business unit to get cleaned up.

That was really not so much an issue with the DNA sensors, it was because we had spooled up a lot of tasks and you have to be a little patient with DNA.

What do I think about the scalability of the solution?

My impression of the scalability is all positive. 

It's highly scalable. DNA itself is deployed as either a single node or a three-node cluster.

We were deploying it in a single node state, but my impression of it is quite positive. I like it a lot.

DNAC itself is an orchestrator and its collecting audit assurance, and telemetry. The entire IT staff of the end organization will be using the DNA center. It's probably a staff of 15 to 20 people. 

In terms of endpoint end-users, that DNA is collecting assurance and telemetry from several thousand. It's being fully utilized.

How are customer service and technical support?

I have had a fair amount of interaction with technical support. I would rate them outstanding. Their DNA team is solid.

Which solution did I use previously and why did I switch?

I didn't use any other solution previously.

How was the initial setup?

Standing up the DNAC appliance itself is pretty straightforward.

The deployment was a phased approach. We did three DNAC appliances across three regions globally. 

To stand up the appliance itself doesn't take long at all. It takes a few hours, but it was a phased migration strategy, one site at a time over a period of several months, we would do one or two site migrations a week.

There were an existing network infrastructure and a new network infrastructure that we were standing up in parallel to the old and then cutting it over on a weekend.

We have a handful of people who have access to the regional appliance made up of network admins and help desk personnel.

Once it's deployed and built out, it runs on its own. There is not much to with it unless you need to do a package or a software upgrade for the appliance itself.

There is no further deployment unless they are going to stand up a new site and integrate that into the DNA architecture. As it is now, everything is already up, which is what we did.

We did the deployment, the integration, and the site migration from start to finish. Then we do a low-level design and handover and workshops.

We have approximately 10 users that would have some type of operational role in DNA.

It's being highly utilized and leveraged in the organization.

What about the implementation team?

We did not use a consultant or an integrator. I completed it myself. We are Cisco Partners.

What's my experience with pricing, setup cost, and licensing?

This is taken care of before I am involved. It's handled by our presales engineer, and I work on the project delivery.

I do know that Cisco does offer some really good promotions for DNA Center to bring the costs down. But again, I don't really know the details of those promotions. I just hear about them and I know they're out there, but I don't have specifics on that.

What other advice do I have?

Cisco DNA does not have a Cloud solution. It's an on-premises appliance.

They may stand up if they bring in another heritage. They may have some heritage or legacy sites that they may bring over to the new network.

We are multi-national. Our organization is based in London, New York, and Sydney. Our clients are all multi-national global clients.

We do have some regional clients as well, but we are well-positioned to serve multi-nationals across three regions.

My advice is to read the release notes thoroughly. Understand how to deploy, in a single or three-node cluster. Most importantly be aware of release notes and read the documentation.

Do your homework, read the manual, it's there for a reason.

Be patient when standing up a new fabric site. Don't do too many tasks at one time.

The biggest lesson that I have learned is to be patient. When you have a series of tasks that you need to do, don't initiate too many at one time, initiate three or four, allow those to finish, and then continue on.

From when I first started working with DNA, it's come a very long way.

From a programmability standpoint, it really is quite solid. I really like the LAN automation capabilities.

In terms of software-defined networking, I think it's an outstanding product. I would rate Cisco DNA Center a nine out of ten.

Which deployment model are you using for this solution?

On-premises
**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
More Cisco DNA Center reviews from users
...who compared it with Fortinet FortiManager
Learn what your peers think about Cisco DNA Center. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
534,299 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest