18. DNA Workflow & Assurance
In four six we have to learn about DNA Center workflow. Mostly it is focused on that how we are going to use a DNA Center assurance feature to provide troubleshooting, to provide actually fast troubleshooting. Do we have full visibility, can we do the monitoring, management, et cetera? One of the key feature that we have in DNS Center is that we have capability to do the proactive troubleshooting. Proactive troubleshooting means that at the moment the issue will come. You have insight that what are the four or five steps that you have to do? So suppose depending upon suppose if you have label one and label two engineers or even label one engineers and they don’t have broad knowledge of how wireless is working, routing, switching, working, other application experience related issues, client related issues, etc. Etc. Etc.
Everything is properly categorized inside the DNA that you can go to the dashboard, you have to reach out to that particular client or network device or application. You have to do few of the clicks and then you will reach up to the label one plus label two troubleshooting. Now again, if you have not figured out how to do the troubleshooting, how to resolve this issue, then option is there that we can raise the tack case and proceed. All right, so here you can see the DNS Center workflow. It has design, policy provisioning and assurance. This assurance is again very important. So once we have the network appended running and setup is ready, then we have the assurance feature that will provide us the quick remediation options and we have very high level of telemetry.
So we are collecting all the information. We have intent based networking as well. So we are getting the information from a policy plane. We are getting the network health and the device health will see that in the lab. I will log into the DNS Center and I will walk you through all the options that we have in the assurance. Now in the workflow again, the design means you’re going to do the standardized network architecture, site building flow. Again, it’s like hierarchical model that when you’re doing the design. Suppose if you want to add one AP, then you can go to the site, then you can go to the area, then you can go to the floor, then you can add it like that. All options are there related to design. So is it a border leaf, it’s a control node, it’s a WLC, it’s an AP, it’s an edge, et cetera.
Everything as per design. You can go and implement. Then we have the policy plan. Remember, we have different types of planes in Ice, we have data plane. Mostly the edge nodes or edge devices, they are working as a data plane but the underlying technology is VXLAN. Then we have the control plane. Again your control routers or control plane routers can work for that. So for that we have list protocol where you have the Ms and Mr where you are putting all those information related to endpoint and then it is working as a route reflector. We can say that if some client, they don’t have information about the other end point that can be reflected to the other side. And then finally, obviously we have the policy plan that is nothing but the Ice integration now because we have the Ice integration and we know that how robust the Ice is.
And Ice can have all the information and then it can take tissue. And as for the Ice policy, nice thing here that the Ice is integrated with DNA and then in the DNA I can go and create the policies and then I can push it. So no need to go and log into the Ice and then check all this policy rather than from single dashboard we can go and check who gets in, who talks, how, an application treatment, so who can talk to who. Obviously there are much more information. These are just the high points that you are seeing here. Finally we have the provisioning, we have automatic deployment of site profile, compliances management, inventory, lifecycle management so in short that with help of DNA center we have full capabilities or we can track the experience related to network, experience related to services, experience related to client.
So what are the key component we have in the network? Or what are the key component we have in a broader picture with respect to enterprise network, nowadays this term is not used network but people are telling about infrastructure. So now the companies and the MNCs, they are looking for the infrastructure engineers. So what does it mean? It means that not only, you know, the router switches, firewall, WLCS, Ice etc. T, but you are knowing some other vendors say knowledge as well. So for example, you know, parallel to as a firewall, maybe it is one of the best firewall, then some other services from other vendors that is the best, maybe some data center technologies that is very good, et cetera. Okay, so the Ice from Cisco, they are integrated with DNA and with that integration, again if you go and read more you’ll find the DNA has been integrated or can be integrated with ACI as well, it can be integrated with SDWAN as well.
So that means in future you have one dashboard and from that dashboard not only you can manage the campus area network, but you can go and manage the ACI, you can go and manage the SDWAN as well. Okay, so now we are going to discuss about the assurance feature. Here you can see that you can go and pick to the assurance feature. Here you can see that you have in the workflow design policy provisioning assurance. So you have the design policy provisioning assurance. Obviously you have the platform option as well, but you can go to the assurance, you can go to the health. Now, what type of health you can have? You have overall health, you have client health, application, health, network health. Apart from that, at this point of time, if you go and click here, you’ll find that you can go and check the census information as well.
So I’m going to log in and not only here you can see that you can go and check the health of the devices. You can log into the devices, you have the tickets as well. And if you have the integration of your DNA with the monitoring tool, say for example service now. So here you can see that this ticket will go and automatically P One will raise. And suppose you have the P one ticket, obviously you want to go and troubleshoot. So for the basic level troubleshooting, it will tell you that you can check the Ice is up and running. You can check the do you have route related to Ice? If not, you can run this command so it will go and show IP route for the Ice server. Do you have IGP? Do you have EIGRP or other protocol running or not? So these things by default will be there.
Okay, so you’ll get four or five options, troubleshooting options that if this is the case, this is the thing that you should check. I suppose if you are not able to resolve it, then you will find fourth or fifth option that open the case with TAC and you’ll get the TAC numbers as well. Okay, so in the assurance again you can see that you have the health option. You have the dashboard. If you have any customization for the dashboard, you can do that. Then you have issues. If you want, you can see all the issues with single shot. Again in the health, you can see overall health, network health, client health and application. And it’s a big thing, it’s a huge thing because what is happening, that’s the truth.
At the moment in the organization, someone who is managing the client, they don’t know the application, how it is working. Someone is working in the network, they don’t know the client side of things like Ad integration or maybe Ad plus Ice integration, how it is working. So network simply means at this point of time again that has been changed now. So router and switch and firewall configuration or maybe some other network devices like Fi, et cetera, et cetera. But now the area of network or scope of network has been increased. So we should go and learn about the application behavior as well. So when a client for client, what is important, client want to access the application. But in between we have network. So here you can see all three points are connected. So client is using application with the help of network everything you can go and check. So what is the status health, everything related to application, status, health, everything related to client status, health, everything related to network and that’s the power we have with the DNA assurance. So you can go and check not only the wired but the wireless. Again you can go and check the user and the user behavior, what the user can do and what type of issue whose that user can have. All those things you can go and check. So what I’m going to do next that I’m going and login to the device and then in the DNA and then I will walk you through all these options that you are seeing here. All right, so let’s stop now.
19. DNA Assurance Lab
Now we have lab related to DNA assurance feature. You can log into the DNA dashboard and once you log in, you will find that you have this nice dashboard where you have options related to design, policy, provisioning, assurance and platform. Now, once you go inside the assurance again you can see that you have the dashboard where you are getting think the overall health. So if I go here and scroll down, you can go and check first of all the network devices, the wired client. Again, this is the summary for the network that I have. Apart from that, you can go and check what are the top priority cases like P one, P two and if you have the integration with service now, obviously we’ll get those information there as well. Now we have options that we can go and check the geographical location of these devices as well. So these options we have the nice thing about this place, once we reach to this particular place, then here in the dashboard you can see that you have options related to health, wireless sensor, row management and the dashboard library inside health.
And this thing is big. All the time we used to discuss about this that what exactly we are looking for to do the troubleshooting. So what we want that we have the client and client, they’re using the application and this application is used by the It infrastructure. In between you have network. So not only that, you can go and check the overall health of client, you can go and check the overall health of network, you can go and check overall health of application as well. And that’s the assurance we have in the DNA. So we have full application visibility as well. So by default it will be overall health. But if you want to go and check the network health, you can go and click here you have network. You can see the latest and the trend. Now here you can see that we have the category of all the network.
So the fabric control plane, the fabric border, the edge and wireless devices, everything is showing green, means everything is good 100%, everything is good up and running. Now, suppose if you have issue, obviously it will show you the health poor, fair and good as per the diagram. And you have the other options as well. So let me show you that what you can do. Suppose one of the device in the fabric and node is down what you can do or suppose if it has any issue, you can go and one by one you can go and check those devices. So you can see here that from this dashboard again, if you go and click on new pop up welcome and you can see that God is eight. And if you want to check the information about all those eight devices, here it is showing that you have these switches. You can see in the pie chart that what are the devices in different different color code.
You can go and check the device model as well. You can go and check the device OS as well. So networking devices, model and OS. It is telling. Now if you scroll down, you can go and have the list of all the eight devices. And in these eight devices you can see that still you can go inside those devices. So here you can see the device name, the model, the OS IP address, overall health and remember this health score that you are seeing here. This health score is nothing, but sometimes it is referred as a quality of experience. But you may have different color code. So here you can see that good is if the score is 8910, fair is in between. Say for example seven, six, seven, bad is less than 501-2345. Like that you have your health scores. But remember, if it is 8910, it’s good, it will show you green.
So, overall health, you can see here the memory utilization, the CPU utilization, the data plane, the control plane and from CM dashboard that means single place you can go and get all this information. Correct. That’s the power we have with these. Now we have the export option that we can export this output and then we can further check. Suppose if I’m interested about this campus score, I can go and click, then what will happen? This campus score page will come and open and then we can go and further check their device 360 health. Still you can go and check more and much more information about this. Here you can see the graph on top, you can see that events and health. And once I go and click there and if I scroll so we have the time range.
And with that time range, what is the memory utilization, the CPU utilization, the link, each and everything it is showing, correct? So we can go back and forth into the time and we can go and check that. So overall this device is showing the correct behavior, correct? All right, so once we can do this again, you can see that with that particular device if you have any issue. So it is showing that zero issue reported. Let me scroll up. What is your neighbor? Typically if you want to do the trace route, what is the application experience, the device info, interface, fabric, event, each and everything we have at the single place. So here you can see this is the topology.
And if you want to do trace, you can go and do the trace as well. So this is your source IP and if you have any destination IP, you can go and start the trace. You can see that how it is going, where the ACL is blocking with the source, with the destination, where you have the capital app tunnel. Each and everything we are getting from this path trace means how actually the packet movement inside over the path, over the network application experience will see separately this application experience but we have all those information graphical information we have. But still, if you want to run the CLI command so we have this run command option where we can go and check various things. Say, for example, if I can run a few of the commands, then IP route, et cetera, et cetera.
So we have this option of the command runner as well, where we can go and run that command again. If you want to check more information, you have this option, you can go and check more information. So this is this all information was related to one thing. That is the assurance and the health and the network health. Then you can go and check the client health as well. So client means that how many clients we have connected at the place. In our topology, all the clients are connected. You can see the 90% of them over the wireless and 98%. This is just a Hillary score, but in our case, mostly. The clients are connected with the wireless network. So let me show you a few of the clients, and then I will move on. So if I scroll down here, you can see that I have clients and I can export those clients wireless and client let me do wired as well. Let me apply this filter so on top you can see that you have filter as well. And few of the clients are over the IoT. Few of the clients are in premises as well it is showing wired so let me go back to the wireless and nice thing here you can see that when you are doing the filter with wired versus wireless the wireless clients, they are showing you this type of wireless icon, correct? So we have most of the client over wireless network in this scenario and even you can see the health score as well. So let’s see the health score with poor rating. Poor health score. So one of the score one of the client has poor rating I can go click and open and then we can analyze.
So now you can see the status the RSSI, the Snr, the AP, the failure reauthorization so what’s the issue? Why this health score is less. For that you can go and check that there are issues with him. And here you can go. This is the iPad with this particular client. The device info, the Mac, the SSID, those things are there. Then the RF, the connectivity. So here you can see the Txrs, the DNS request response. And then here we can see clearly, you can see that how easy it is to find at least where is the problem. So now if I scroll down, you can see this. You have the event viewer and event viewer it is telling that, okay, the status is failure. This is the username. And when you try to log in, there may be a chance that it is not able to authenticate. Maybe with the Ice service that we have.
So here you can see the onboarding. So let me show you the full picture reauthentication. You can go and scroll if time out is there broadcast ricky always try to establish a connection, but there is problems every day there is a problem with the authentication correct. So we can understand this thing. Still if you want to do the trace for this particular client and if you know that where is your Ice server? Are you able to reach to the Ice server or not? If you have that IP, so you can go and give that IP and you can start that. So here you can see the querys route. And this is a source port, not as specified. Obviously we haven’t just specified. So it has reached here over the Cap web tunnel. And again we can go and check more and more about this.
So let me show you this. The Capab tunnel, the laptops etc etc. Here. So let’s see more about this. That why exactly we have the issue. But here you can see the issue is related to authentication failure with this particular WLC. And we have the EP timeout, client is deauthenticated, authentication is done and here we have the issue correct. So clearly we come to know what is the issue. And then we should go and check the WLC configuration. We can go and check the Ice configuration to overcome this with client. Again no need to check the application experience. Because again we have a separate application experience option or tap. But still if this client is using some of the application here you can see that Ms update and outlook update. The health is five. So again you can go inside this and this place you will reach with the application assurance application health as well.
But related to this particular client you have this particular health score that you can go and verify. So you can see that how deep we can go inside the client and we can check various parameters related to client. Correct. Now finally go and let’s check the health of the application. Now you will get the list of the application. Obviously we have much more application. And here we can see if I scroll down so application and whoever application has low health score it is showing here and you can see that bad is one to three, fear is four to seven and 8910 is good. You can see this much of data has been used. And again this business application or application uses in percentages you can go and check still we have this option, we can go and check view details for those applications.
So business applications 62%, this application this much, how much of the percentage Kbps bandwidth used? Each and everything. We are getting at one place. So once we are reaching out to application health and if you want to see the uses of the application here you can see the ratings means the health score and again if you go and click inside any of them you will go and get much more visibility and the information about the uses of that particular application. Okay? The thing is that if you go start working on this and if you spend fewer hours we will be very much in a position to find the issue and then we can go and set the issue as well. Now even there is no need to find the issue. Why? Because automatically the platform will tell you that what issues you have.
So suppose if you have this issue it will come here but if I scroll down here you can see that you have p one issue related to Ice server with the border router. So now if you go and click here you will see that you have open issue what is the issue? So again if you go and click it will show you that the fabric edge van cannot reach to the I server. Okay, so what type of test should I do? Now you can see that’s the power of DNA we have so it is telling that verify your I serve is up or not then verify that do we have route to the I server. So you can go and click run and it will do show IP route for the I server and all green means that you have the reachability with the I server then verify do have the IGP running, you have your IGP neighbors are up and working so here you can see they are up and working.
Then finally if you have done all these basic troubleshooting means configuration is correct, reachability is there no issue with the physical interfaces, no issue with the hardware level et cetera, et cetera then we can go and raise the taxes to work on that. So they have given the number to raise that case and check on that. You can see that all three things has been covered nicely here inside the health network, client and application you can go and check the wireless sensors, health and scores as well. So you have the separate category for wireless. You can go and check the onboard is the network test, application test et cetera, et cetera. All right, so this is the nice and very useful capability we have inside the DNA assurance.
