Debunking the Top Cisco DNA Center Misconceptions
It’s been almost 4.5 years since I first wrote about Cisco’s DNA Center. You can still read it here. By this point, everyone should have DNA-C deployed and running their networks, and if you haven’t, you’re late to the game, right? No, not quite.
As a refresher, I often compare DNA Center to a wireless controller. Ten years ago, we used to configure access points (APs) one at a time. Today, we wouldn’t think about deploying even a small wireless network without a controller for configuration and management (even if the controller function resides on one of the APs). Think about how many routers and switches are in a network, traditionally configured one by one. DNA Center can be the “controller” or single pane of glass for deploying and managing on-premises Cisco networks including routing, switching, Software Defined Wireless Area Network (SD-WAN), and security devices like Cisco Identity Services Engine (ISE) and Firepower.In 2017, DNA Center was on version 1.0 and new features were on the horizon. Today, on version 2.2.3.x, Cisco has added many more features and the platform itself is more stable. Cisco’s data shows that DNA Center has been deployed in most of their customer base. However, while most Cisco Catalyst customers have purchased some form of “DNA”—be it wireless DNA licenses or a DNA appliance for a lab— the reality is that few have truly leveraged DNA Center’s capabilities.
DNA offers many advantages, so what’s holding back most license holders from harnessing all the benefits?
If you are among the majority not taking advantage of all that Cisco DNA offers, it could be due to one of the following misconceptions.
- DNA is too complex for me or my staff
- Licensing is too confusing
- DNA is too expensive
Let’s debunk each of these more in depth below. I want you to get the most out of your tech investment!
Misconception #1: Cisco DNA is too Complex
*Image provided by Cisco
The slide above breaks the functionality of DNA-C into 3 sections, Automation, Assurance, and Software Defined Access (or SDA). What most don’t understand is that you don’t need to use every feature when deploying DNA Center. In fact, most who have deployed DNA-C in production have only deployed Assurance. I’m somewhat surprised that more people are not using Automation. Even the lower tier licensing entitles you to Automation (think of it like the next-generation Prime), so it would make sense to use it.
SDA is the controller-like functionality mentioned above, and while SDA offers the most benefits, it consequently takes more time and planning to implement. To be frank, many small to mid-size customers don’t need to deploy SDA. If your engineering team isn’t comfortable or excited about it; just stick with IOS-XE.
If you are curious, here are some benefits of SDA:
- Reduce human error though automation
- Reduce time spent on upgrading/patching
- Speed troubleshooting efforts with artificial intelligence and guided remediation
- Secure the network, particularly for Internet of Things (IoT) and advanced security threats
- Simplify compliance with dashboards and reports
Hopefully, this breakdown makes the Cisco DNA components a bit more digestible. Leveraging the benefits of Cisco DNA can ultimately simplify your environment and security practices if deployed properly. If you’re still having trouble determining what your environment needs, please contact us and we can walk you through the setup.
Misconception #2: Cisco DNA Licensing is Confusing *Image provided by Cisco
There are only 2 levels of licensing for DNA, Essentials and Advantage. The slide above breaks out the major benefits of each level. The “Expansion Packs” in the slide are separate solutions that have been around a while but can integrate with Cisco DNA Center. All new Catalyst equipment requires a DNA subscription, Essentials or Advantage. In general, if you’re in the camp that you don’t want to use SDA or Assurance, choose Essentials. Though sometimes you may need Advantage to unlock user features like L3 routing. If you are unsure, contact IE! Our Customer Experience team can walk you through it and manage your licenses for you. You can learn more about IE’s Customer Experience team here.
Misconception #3: Cisco DNA is too Expense
Recurring subscriptions are king right now in just about every market. Cisco, of course, knows this. You might ask why you should pay for DNA licenses if you will not use them. In a way, you’re not really paying more for them. To promote subscriptions, Cisco reduced the cost of the hardware on the new Catalyst devices, but then requires a minimum 3-year DNA subscription, which brings the price to almost the same as the earlier generation. For instance, a layer 2 (L2) Catalyst 9200L switch is slightly cheaper (with DNA licensing) than an equivalently configured, older-generation Cat 2900X without DNA.
The less-known secret is that a Catalyst 9K switch will continue to work without renewing the subscription. Of course, the hope is that you will find value and continue the subscription beyond the first 3 years.
If you want to use any of the DNA features from the slide above, you will need a DNA appliance(s) in addition to the subscriptions. A single appliance is needed to start, and three are required for redundancy. DNA appliances are massive compute boxes with 44 to 112 cores + memory + disk space! They need to be this big to store historical data and crunch numbers for Artificial Intelligence (AI) calculations, and compute resources at that level are not cheap.
Pro Budget Tip: Cisco DNA supports more than just the Catalyst 9K series! But keep in mind, anything that is legacy gear will be a little bit more expensive.
As mentioned above, the catalyst 9K series hardware is discounted with DNA in mind. Legacy devices have the original higher hardware price tag + the DNA license on top. As an example, a Catalyst 3850 switch is “supported” on Cisco’s DNA Center.
As of right now (March 2022), the license for just the essential management is $1,200 (list price) for 3 years. To enable troubleshooting analytics and advanced features, the price goes to over $4,000 list. Compare that to 3 years of Prime Infrastructure for $179. Of course, you get more with DNA, but you see the point.
Cisco DNA Feature Timeline
*Image provided by Cisco
Cisco continually makes updates and enhancements to DNA Center. The timeline above lists a few of the highlights. I have personally been watching the wireless enhancements. Cisco has considered sunsetting Prime, which is still the go-to wireless management tool. It hasn’t happened yet, but DNA center is the projected replacement. With that in mind, it’s more reason to harness what Cisco DNA Center has to offer.
How you can use Cisco DNA to the greatest advantage with the right tech partner
IE was one of the first Cisco implementation partners to install DNA Center and has done many deployments from kicking-the-tires to full-blown Software Defined Access. Additionally, Cisco licensing can be very confusing. We recommend you find a Cisco partner, like ourselves, who not only understands the tech but has a track record of successful implementation and deployment. If you’re interested in discussing the best approach for your needs, we can help navigate the full technology lifecycle around DNA and its most recent licensing and subscription promotions.