Research Hub > Cisco DNA Brings Intent-Based Networking to Your Org | CDW

September 10, 2018

3 min

Bring Intent-Based Networking to Your Organization with Cisco DNA

Intelligent networks make life easier for IT pros and harder for attackers.


IT departments usually have more work on their plates than they can handle, which explains the appeal of intent-based networking solutions that elevate manual tasks into smart, automated optimization that the network performs on its own. For example, Cisco’s Digital Network Architecture eliminates a lot of grunt work, such as manually provisioning network elements — no one’s dream job. Cisco DNA also lightens the security workload by giving the network the intelligence and capability to identify and mitigate threats, often more quickly than humans can.

Not surprisingly, benefits this big will likely require some infrastructure changes to support them. Here’s an overview of what you need to know about implementing Cisco DNA.

Can Your Existing Infrastructure Support Cisco DNA?

Our team here at CDW starts its implementation process by assessing an organization’s current infrastructure with Cisco DNA in mind: Which elements can support it and which ones need an upgrade? This step is an important one because it helps organizations avoid hidden costs and other surprises once the implementation begins.

Some examples of DNA-ready gear include Cisco Catalyst 9000 switches, Cisco 4300 and 4400 Integrated Services Routers and Aironet 4800 Wi-Fi access points. If you already have a Cisco Identity Services Engine, which lets admins enforce security policies for endpoint devices, it needs to be running v.2.3.

The command center of Cisco DNA is the DNA Center, which works with the aforementioned devices to coordinate and implement adjustments to the network. For instance, if certain wireless devices need to be moved from 2.4GHz to 5GHz to improve performance, DNA Center can use the 4800’s flexible radio assignment feature to migrate them automatically.

Maximize Your Security Footprint with Cisco ISE

Identity Services Manager (ISE) works with Cisco’s Software-Defined Access and TrustSec model to automate and simplify network segmentation and identity-based policy enforcement. With TrustSec, each application, Internet of Things node and employee device has a unique identity. SD-Access uses those identifiers to determine which networks and resources are accessible to each application, node and device.

This enforcement achieves two aims: maximizing security while eliminating manual tasks such as creating and managing lists of usernames, IP addresses and subnet zones. (For a deeper dive on this topic, see “TrustSec for Identity-Based Network Security: Why and How,” a blog by my colleagues Aaron Pratt and Dan Siebert.)

ISE also falls under CDW’s assessment process. For example, if you’re running Catalyst 2960 and 3750 switches, they’ll need to be replaced with models whose application-specific integrated circuits support Cisco’s Encrypted Traffic Analytics.

Centralized, Automated Changes Drive Consistency Across the Network

DNA Center automates tasks such as configurations, software upgrades and change management — even for large-scale networks and environments with a lot of branches or remote offices. For instance, if only part of your network is running the latest and greatest configuration, DNA Center will send an alert so admins can push that config out to the rest of the network.

Cisco is constantly enhancing these features. For example, in previous versions of DNA Center, a change to a wireless LAN controller would overwrite the environment and potentially bring down the wireless network. With v.1.2, that’s no longer a risk.

You can get a preview of many of these benefits even before implementation. This can be done because DNA Center can be inserted into your production environment to collect real-world data with almost no impact.

Finally, DNA Center’s Assurance capabilities provide end-to-end visibility that encompasses user experiences. For instance, Assurance can pull telemetry data and use application programming interfaces to view reports from third-party monitoring systems, which helps root out problems before they become noticeable to end users. When network congestion is affecting internal processes, the system can suggest adaptations. These are just two ways that Cisco DNA makes life easier for IT pros and the organizations they support — there are a lot more waiting to be discovered.

Learn more about Cisco’s intent-based networking.

This blog post brought to you by: