Manuals+

Campus Software Image Management Using Cisco DNA Center Deployment Guide

Prescriptive Deployment Guide | March, 2020

Introduction

Audience

This document is for network administrators who wish to automate the upgrade of a Catalyst 9000 series switch at a branch or campus using the Cisco DNA Center software image management (SWIM) solution.

About The Solution

Cisco DNA Center stores unique software images by type and version for devices in your network. It allows viewing, importing, and deleting software images, as well as pushing them to devices. Software upgrades can also be scheduled.

About This Guide

This guide demonstrates the value of the Cisco DNA Center software image management (SWIM) solution using a specific combination of equipment, OS version, and configuration. The procedure can be applied to any Catalyst 9000 series switch, but this guide focuses on the Catalyst 9300 switch.

Reader tip: For information on Cisco DNA Center supported devices, refer to the compatibility matrix: https://www.cisco.com/c/en/us/support/cloud-systems-management/dna-center/products-device-support-tables-list.html

Use Cases

Standardize software images for your network devices with software image management (SWIM).

Implementation Flow

Diagram Description: A circular diagram illustrating the four key stages of software image management: STEP 1 DEFINE, STEP 2 DESIGN, STEP 3 DEPLOY, and STEP 4 OPERATE.

Document Structure

This document contains four major sections:

Define

Solution Overview

Cisco DNA Center assists with non-fabric wired deployments through network discovery, network inventory, return merchandise authorization, and software image management (SWIM).

Reader tip: This guide focuses on SWIM. For day-zero onboarding and RMA, refer to the 'Network Device Onboarding for Cisco DNA Center Deployment Guide'.

Campus Topology

Diagram Description: A network topology illustrating software image standardization. It shows Cisco DNA Center and its Image Repository in the Data Center, distributing images via SCP/HTTPS to campus network layers (Core, Distribution, Access). Cisco.com (CCO) is the source, with DHCP/AD/DNS also indicated. A 'Golden Image' is highlighted within the repository.

Cisco DNA Center is designed for intent-based networking (IBN), streamlining processes into Day 0 and Day N for enterprise networks (routers, switches, wireless) with a near zero-touch deployment experience.

Benefits of SWIM

Zero-touch device connectivity and Software Image Management (SWIM) reduce installation and upgrade times from hours to minutes, enabling easy onboarding of new remote offices with off-the-shelf Cisco devices. SWIM manages software upgrades and ensures consistent image versions across the network.

Design

Ensure Cisco DNA Center is installed on your network before proceeding.

Reader tip: Refer to the Cisco DNA Center Installation resources page for installation details.

Prerequisites for Image Upgrade

  1. Minimum Software Releases: Devices must meet the Minimum Supported Software Version requirements listed in the Cisco supported devices spreadsheet. https://www.cisco.com/c/en/us/support/cloud-systems-management/dna-center/products-device-support-tables-list.html
  2. Device Credentials: Devices must have CLI/SNMP or HTTPS/SCP credentials and be in a managed state for Cisco DNA Center to discover and upgrade them (for Day N scenarios).
  3. CCO Credentials: While not mandatory for SWIM, CCO credentials are highly recommended for features like ROMMON upgrades and viewing suggested/latest image lists. They are also needed to download KGV files for Integrity Verification.
  4. Integrity Verification: This application monitors software images for unexpected changes. During import, the system compares the image's checksum with the value in the Known Good Values (KVG) file to ensure integrity.

Process 1: Connect to Cisco and Access Software Images

Cisco DNA Center requires connection to Cisco Connection Online (CCO) to display and select Cisco-recommended software images for managed devices.

Tech tip: During Cisco DNA Center installation, you'll set up initial credentials. If needed, follow these steps to re-enter or change them.

Procedure 1: Verify Cisco Credentials

  1. Log in to Cisco DNA Center.
  2. Click the gear icon ⚙️, then select System Settings.
  3. Select Settings and then Cisco Credentials from the left-hand menu.
  4. Under Cisco Credentials, select CCO.
  5. Enter your Cisco Connection Online (CCO) username and password.
  6. Select 'Use Cisco.com user ID' and click Apply.

Tech tip: The entered credentials must have SUPER-ADMIN-ROLE or NETWORK-ADMIN-ROLE privileges.

Deploy

This section details how to standardize an image by marking it as a 'golden image' and use the update workflow to distribute and activate it on network devices (e.g., Catalyst 9300 Series Switch).

Process 2: Upgrade Workflow

This process involves importing and uploading the latest software images for a network device into the Cisco DNA Center software image repository.

Tech tip: Major code updates (e.g., 16.9.1 to 16.11.1) may have additional delays due to ROMMON code upgrades.

Table 1: Software Images for Catalyst 9300 Series Switches

PlatformSoftware VersionSoftware Image Name
Cisco Catalyst 9300 SwitchIOS XE Release 16.9.1 (Current)Install Mode (16.9.1)
Cisco Catalyst 9300 SwitchIOS XE Release 16.9.3 (Upgrade image)Install Mode (16.9.3)

Required Procedures

Procedure 1: Standardize the Image by Marking a Golden Image

Images can be imported automatically via Cisco Connection Online (CCO) or manually uploaded. Cisco DNA Center performs:

For this guide, manual upload will be used. Cisco DNA Center displays suggested and latest images for discovered device families.

Tech tip: CCO credentials are required for Cisco DNA Center to automatically fetch and display suggested image lists. Refer to Process 1 (Option 1).

Option 1 – (AUTO) Recommended Software Image

It is highly recommended to mark a software image as golden from the list provided by Cisco-recommended images.

  1. Log in to Cisco DNA Center.
  2. Navigate to Design > Image Repository.
  3. Expand to view the full list of available Cisco-recommended images.
  4. Mark the Cisco-recommended image as golden (using the star icon ).

Tech tip: After marking an image as golden, Cisco DNA Center automatically downloads it from cisco.com.

Tech tip: Select non-LDPE software images. Avoid Licensed Data Payload Encryption (LDPE) versions, as they have export control limitations affecting IPSEC capabilities (e.g., cat9k_iosxeldpe.X.X.X.SPA.bin vs. non-LDPE cat9k_iosxe.X.X.X.SPA.bin).

Option 2 – (Manually) Upload Software Image

If the desired software image is not available, you can upload it manually.

  1. Log in to Cisco DNA Center.
  2. Go to Design > Image Repository.
  3. Click +Import.
  4. In the Import Image/Add-On dialog, choose a file location and click Import.
  5. Under Image Repository, click Show Tasks to verify the import status.
  6. Under Image Repository, click Imported Images to view pending images for device family assignment.
  7. Click Assign next to the image name to be assigned.
  8. In the slide-out panel, check the box next to the desired Device Series and click Assign.
  9. Go to the assigned Device Family, click the expand icon, and verify the imported image is available to mark as golden.
  10. Mark the manually uploaded image as golden (using the star icon ).
  11. (Optional) Click the pencil icon to select the appropriate role and mark a Golden Image for a specific device role (e.g., ACCESS).
  12. Verify the image is marked as golden and the ACCESS tag is selected.

Procedure 2: Provision and Activate the Software Image

Once the image is in the repository, it can be distributed and activated on network devices. It is recommended to schedule activation for a specific date and time to align with network change windows.

Before pushing an image, Cisco DNA Center performs a compliance check against golden images. Devices not compliant are marked 'Need Update'. If no golden image is designated, the device image cannot be updated.

Cisco DNA Center also conducts pre-checks (CPU health, disk space, route summary) and post-checks to ensure network state remains unchanged after the image push.

Steps for distributing software images to Catalyst 9300 switches or other network devices:

  1. From the Cisco DNA Center dashboard, navigate to Provision > Devices.
  2. Select the Inventory focus and then Software Images.
  3. Locate the target switch (e.g., AD1-9300.cisco.local) in the list.
  4. Click 'Needs Update'.

Tech tip: If an incorrect Golden Image is displayed after refreshing or rechecking, the non-golden image must be deleted from the repository for the 'Need Update' option to become available.

Image Update Readiness Check: Verify the correct Golden Image is displayed.

Tech tip: Ensure all check statuses are green (success) or yellow (warning). Red indicates failure and prevents upgrade. Correct issues or click 'Recheck' to re-run the assessment.

Under the Actions drop-down menu, select Software Image > Update Image.

Update Image Workflow (3 Steps):

  1. Distribute: Select 'Now' or 'Later' (recommended for production) and click Next.
  2. Activate: Check 'Schedule Activation after Distribution is completed' and click Next.
  3. Confirm: Review the summary and click Confirm.

A notification will appear stating the image update has initiated. Check Update Status for results.

Tech tip: Scheduled tasks can be viewed to track future distribution and activation.

Verify that the 'Software Image' column shows 'In Progress' for the 'Need Update' status.

Monitor the Update Status:

Tech tip: The device may reboot and become unreachable for 15-30 minutes during the process.

The switch's software image (e.g., AD1-9300.cisco.local) is now updated to the golden image (e.g., 16.9.3).

Operate

Known Caveats

Appendix A: Hardware and Software Used for Validation

Table 2: Hardware and Software

Functional AreaProductSoftware Version
Controller (PnP Server)Cisco DNA Center1.3.1.2
Device to Onboard (PnP Agent)Catalyst 9300 Switch Series16.09.03

Appendix B: Glossary

Feedback

For comments and suggestions about this guide and related materials, join the discussion on Cisco Community.

Americas Headquarters: Cisco Systems, Inc., San Jose, CA

Asia Pacific Headquarters: Cisco Systems (USA) Pte. Ltd., Singapore

Europe Headquarters: Cisco Systems International BV Amsterdam, The Netherlands

Cisco has over 200 global offices. Addresses and contact information are available at https://www.cisco.com/go/offices.

Cisco and the Cisco logo are trademarks of Cisco and/or its affiliates. For a list of Cisco trademarks, visit https://www.cisco.com/go/trademarks. Third-party trademarks are the property of their respective owners. The term 'partner' does not imply a partnership relationship.

PDF preview unavailable. Download the PDF instead.

dnac-swim-deployment-guide-2020mar iText 2.1.7 by 1T3XT

Related Documents

Preview Cisco FlexConnect Bonjour Deployment Guide for Cisco DNA Service
A comprehensive guide detailing the deployment of Cisco DNA Service for Bonjour with Cisco FlexConnect wireless networks, enabling seamless service discovery and distribution across wired and wireless environments.
Preview Cisco DNA Center on AWS Deployment Guide
Deploy Cisco DNA Center on AWS with this comprehensive guide covering automated deployment via Cisco DNA Center VA Launchpad, manual deployment using AWS CloudFormation, and AWS Marketplace, including prerequisites and troubleshooting.
Preview Cisco Catalyst 9136 Series Access Points Deployment Guide
A comprehensive deployment guide for Cisco Catalyst 9136 Series Access Points, covering Wi-Fi 6E technology, hexa-radio architecture, installation, configuration, and advanced features like IoT integration and AI/ML-driven scanning.
Preview Cisco DNA Center for Industrial Automation Design Guide
This design guide provides essential guidelines for integrating Cisco DNA Center into industrial automation networks, addressing common challenges and leveraging advanced capabilities for enhanced visibility, automation, and security.
Preview Cisco DNA Center Cloud User Guide for EFT
User guide for Cisco DNA Center Cloud for EFT, providing comprehensive instructions on network management, device onboarding, site configuration, monitoring, and troubleshooting for Cisco networking solutions.
Preview Deploying Cisco IOx Applications on Cisco Catalyst IE9300 Rugged Series Switches
A comprehensive guide from Cisco detailing the deployment, configuration, and management of Cisco IOx applications on Cisco Catalyst IE9300 Rugged Series Switches, covering CLI and Local Manager methods for network setup, application installation, and lifecycle management.
Preview SWIM Closed Loop Automation: A Guide to Cisco Catalyst Center and ServiceNow Integration
This document outlines the SWIM Closed Loop Automation process, detailing the integration between Cisco Catalyst Center and ServiceNow for software image management. It covers requirements, workflow, and steps for automated device software updates.
Preview Cisco Catalyst 9300 Series: Understanding and Configuring Licenses
A comprehensive guide to managing licenses for Cisco Catalyst 9300 Series Switches, including Network Essentials, Network Advantage, DNA Essentials, DNA Advantage, and the HSECK9 export control key. Learn about installation, configuration, and best practices.