Intent-Based Networking (IBN)

An approach where engineers specify high-level business intent (who should access what, with what performance and security), and a controller automatically translates that intent into specific network configurations and continuously verifies that the network behaves as intended.

Design (DNA Center area)

The section where you define network sites, IP address pools, global settings (such as DHCP/DNS and AAA), and device roles that form the foundation for later policies and provisioning.

Policy (DNA Center area)

The section where you describe high-level access and segmentation rules between user groups, device types, and applications, instead of writing low-level ACLs on individual devices.

Provision (DNA Center area)

The section used to onboard devices, assign them to sites, and apply configuration templates and policies, often using Plug-and-Play and automation workflows.

A Representational State Transfer (REST) API is a web-based interface that uses HTTP methods and resource-oriented URIs to enable programmatic access to network devices and controllers.

Streaming or frequent sending of detailed operational data from devices to a controller or monitoring system for analytics and assurance.

What is Cisco DNA Center?

Cisco's on-premises controller and management platform for enterprise campus networks that centralizes automation, policy-based provisioning, and assurance for wired and wireless devices.

Cisco DNA Center and Intent-Based Networking at CCNA Level — CCNA 200-301 Deep-Dive Masterclass: Network Fundamentals, Security, and Automation

From SDN Theory to Cisco DNA Center

Connecting SDN to Cisco DNA Center

Cisco DNA Center (DNAC) is Cisco's main campus network controller and management platform, used for wired and wireless LANs in enterprise environments.

DNA Center as an SDN Controller

In SDN, the control plane is centralized. DNA Center fills this role for many Cisco enterprise devices, exposing a GUI and REST APIs to manage them as one system.

Intent-Based Networking in Practice

Intent-based networking means you state what you want (intent) and the controller figures out how to configure the network to achieve it.

Module Goals

You will learn DNA Center's role, how intent becomes configs, how it compares to CLI management, and its key features: automation, assurance, and policy.

Cisco DNA Center Architecture and Roles (CCNA View)

Where DNA Center Lives

DNA Center is an on-prem appliance or VM in your data center. It connects over IP to switches, routers, and wireless controllers to manage them.

Four Main Areas

The GUI is organized into Design, Policy, Provision, and Assurance. At CCNA, know what each area does conceptually.

Brain and Muscles Analogy

DNA Center is the brain that holds a model of the network and pushes configs. Devices are the muscles that still forward packets.

CCNA-Level Expectations

Expect conceptual questions about automation, assurance, and policy, not low-level deployment details or sizing.

Intent-Based Networking: From Intent to Configuration

What Is Intent?

Intent is a high-level description of what the network should do, such as restricting guest access or prioritizing voice, not a list of CLI commands.

Traditional Translation

Traditionally, engineers map intent to VLANs, ACLs, QoS, routing, and DHCP manually on each device, box by box.

DNA Center Flow

With DNA Center, you define intent in Design/Policy, it maps that to VLANs, VRFs, ACLs, QoS, and then pushes configs automatically.

Continuous Verification

Assurance features collect telemetry to verify that actual traffic behavior still matches the original intent over time.

Example: Translating a Simple Intent with DNA Center

Scenario Overview

Goal: employees can reach internal servers and internet; guests can reach only the internet, both over Wi-Fi in the same building.

Traditional High-Level Steps

You would manually create SSIDs, map them to VLANs, configure routing, ACLs, NAT, and DHCP scopes on multiple devices.

DNA Center: Design and Policy

In Design you define sites and IP pools. In Policy you create user groups and rules describing who can reach which resources.

DNA Center: Provision and Automation

In Provision you onboard devices and apply the design. DNA Center generates and pushes VLAN, SVI, ACL, and SSID configs automatically.

Cisco DNA Center Automation and Template-Based Provisioning

Automation Goal

DNA Center automation reduces manual CLI work by onboarding devices, applying base configs, and keeping images consistent.

Plug-and-Play Onboarding

New devices can auto-register with DNA Center, be assigned to a site, and receive an initial configuration without manual console access.

Template-Based Provisioning

Templates are reusable configs with variables. DNA Center fills them with device and site data, then pushes them to devices.

Bulk and Scheduled Changes

You can roll out QoS, AAA, or NTP changes to many devices at once and schedule them for maintenance windows.

Cisco DNA Center Assurance and Telemetry Concepts

What Is Assurance?

Assurance is DNA Center's analytics and monitoring system, using telemetry to track device, client, and application health.

Telemetry Inputs

Devices stream metrics like CPU, interface errors, client sessions, and app performance, giving near real-time visibility.

Health Scores and Views

Assurance shows health scores, topology maps, and time-series graphs to highlight where and when issues occur.

Closed-Loop Concept

Assurance closes the loop: you define intent, DNA Center implements it, and Assurance verifies and helps troubleshoot deviations.

Comparing Traditional Campus Management vs Cisco DNA Center

Traditional Management

Engineers log into each device, configure features manually via CLI, and rely on separate SNMP and syslog tools for monitoring.

DNA Center Management

DNA Center centralizes config and monitoring, using intent, templates, PnP, and unified wired and wireless visibility.

Change and Consistency

Box-by-box changes are slow and error-prone. DNA Center uses templates and bulk operations to keep configs consistent.

REST API Integration

DNA Center offers a REST API, letting tools and scripts manage the network via HTTP and JSON instead of manual CLI.

Thought Exercise: Mapping CCNA Concepts to DNA Center

Use this mental exercise to connect core CCNA topics to how Cisco DNA Center would handle them. You do not need to write commands; focus on concepts.

Task 1: VLANs and Segmentation

Remember: A Virtual Local Area Network (VLAN) is a logical subdivision of a Layer 2 network that groups devices into the same broadcast domain regardless of their physical location.

Imagine you are segmenting a campus into:

VLAN 10: Staff
VLAN 20: Students
VLAN 30: Guests

Questions to think through:

In a traditional network, where would you configure these VLANs and how would you keep them consistent across multiple access switches?
In DNA Center, which areas (Design, Policy, Provision, Assurance) would be involved in defining and enforcing this segmentation?

Task 2: ACLs and Policy

Recall: An Access Control List (ACL) is an ordered set of permit and deny statements that control which packets are allowed or blocked based on criteria such as source, destination, and protocol.

Suppose your policy is:

Staff can access servers and internet.
Students cannot access servers, but can access internet.

Reflect:

How would you implement this with ACLs on a traditional router or multilayer switch?
In DNA Center, how might that same idea appear as a higher-level policy between user groups and application groups?

Task 3: Monitoring Issues

Picture a complaint: "Wi-Fi is slow in Building B for students, but fine for staff."

How would you troubleshoot this using only CLI and basic monitoring tools?
How could DNA Center Assurance speed up identifying whether it is a client, AP, or backhaul issue?

Write down brief answers or talk them through. The goal is to see that DNA Center uses the same fundamental technologies you study for CCNA, but wraps them in higher-level abstractions and centralized workflows.

Quiz 1: Core Concepts of Cisco DNA Center

Answer this CCNA-style conceptual question about Cisco DNA Center.

Which statement best describes Cisco DNA Center's role in an enterprise campus network at a CCNA level?

It replaces all switches and routers with a single virtual device that forwards all traffic.
It is a centralized controller that uses automation, policy, and assurance to manage many wired and wireless devices.
It is a cloud-only monitoring tool that can read logs but cannot change device configurations.
It is a protocol that runs on access switches to prevent loops in a bridged network.

Show Answer

Answer: B) It is a centralized controller that uses automation, policy, and assurance to manage many wired and wireless devices.

Cisco DNA Center is a centralized controller and management platform for campus networks. It automates configuration, applies policy-based provisioning, and provides assurance using telemetry. It does not replace physical switches/routers, is not limited to monitoring, and is not a loop-prevention protocol (that is Spanning Tree Protocol).

Quiz 2: Automation, Templates, and Assurance

Test your understanding of DNA Center features and how they compare to traditional management.

Which combination correctly matches a Cisco DNA Center feature with what it primarily provides?

Design: streaming telemetry collection from devices
Provision: onboarding devices and applying configuration templates
Assurance: defining user groups and access policies
Policy: low-level CLI editing of individual interfaces