Cisco DNA Center - LAN Automation

Cisco DNA Center has a feature known as 'LAN Automation' which is designed to automatically discover and configure your underlay network.

This post assumes that you already have your 'Site Hierarchy' and various settings configured such as AAA, NTP, ISE and DNS, as well as your credentials. An IP address pool for LAN automation also needs to be created, the type of pool should be 'LAN' and a minimum of a /25 subnet is expected, although you should choose a suitably size IP pool based on the number of devices you plan to discover. These IP addresses will be assigned for point to point (/30) and loopback (/32) interfaces as well as running a DHCP server on the seed device which we will cover next.

A manually configured 'seed device' is required to start LAN Automation, this will be your first hop device with IP reachability (use loopback0) to DNA Center. Once this seed device has been discovered and added into DNA Center manually it can then be provisioned for LAN Automation. To run LAN Automation on your seed device you will need to navigate to 'Provision' -> Choose your seed device -> 'Actions' -> 'Provision' -> 'LAN Automation' as seen in the below screenshot.

Within the LAN Automation configuration popup the following options are available:

  • Choose the site and devices to act as your primary and peer seeds.
  • Choose the downstream ports on your seed device's that are designated for LAN automation.
  • Choose what site, IP address pool and IS-IS password should be used for any newly discovered device's. There are also options to enable multicast, add a hostname prefix and to upload a CSV hostname to serial number mapping file.

Once complete and 'Start' has been clicked, DNA Center will configure your seed device with:

  • MTU 9100 - to accommodate for VXLAN.
  • SVI on VLAN 1 with associated DHCP server (including option 43 pointing to DNA Center).
  • IS-IS on VLAN 1.
  • IS-IS on loopback0.

Cisco switches run a PnP  (plug and play) agent out of the box which also acts as a DHCP client (option 60 is sent), with the new switch(s) connected to your seed device an IP address will be received from DHCP with option 43, option 43 contains the IP address of DNA Center. The device will contact DNA Center and DNA Center will add the device to the inventory.

Once DNA Center has discovered and added the new device(s) to its inventory, DNA Center will upgrade the IOS to the golden version and push a configuration file based on your policy and Cisco best practice. The initial configuration pushed to newly discovered devices configures:

  • Hostname.
  • Crypto key.
  • SSH version 2.
  • SCP server.
  • VTP (transparent).
  • RPVST with Edge node configured as STP root.
  • IP routing.
  • MTU to 9100.
  • SNMP RW string.
  • Local username and password.
  • loopback0 with a DHCP IP.
  • IS-IS.
  • Multicast (if enabled) PIM SSM and PIM RP
  • Archive logging.

Once LAN automation is 'Stopped' any configuration pushed to the seed device will be removed, such as the DHCP server. Any interfaces now connecting to newly discovered devices will be configured as layer 3 interfaces, IS-IS and BFD (bi-directional forwarding detection.

Sources: Building the Routed Underlay — BRKCRS-2816