📘Cisco DevNet Associate (200-901 DEVASC)
Modern networks are large and complex. Managing each device manually is difficult and time-consuming. To solve this, network engineers use automation and centralized management systems.
Two common management approaches used in network infrastructure are:
- Device-Level Management
- Controller-Level Management
Understanding the difference between these two approaches is important for the Cisco DevNet Associate (200-901 DEVASC) exam because it relates directly to network automation, programmability, and software-defined networking (SDN).
1. Device-Level Management
Definition
Device-level management means that each network device (router, switch, firewall, etc.) is configured and managed individually.
In this approach, administrators communicate directly with the device to configure settings or retrieve information.
How Device-Level Management Works
A network administrator connects directly to a device and performs configuration or monitoring tasks.
Common methods include:
- CLI (Command Line Interface) access
- SSH or Telnet sessions
- Device-specific APIs
- Configuration management protocols
Each device is treated independently, meaning configuration must be applied device by device.
Example in an IT Environment
Consider an enterprise network with:
- 200 switches
- 100 routers
- Multiple firewalls
If the administrator needs to update an Access Control List (ACL) on every router:
- The administrator connects to Router 1
- Applies the configuration
- Connects to Router 2
- Applies the configuration again
- Repeats this for every router
Each device must be updated individually.
Characteristics of Device-Level Management
1. Direct Device Access
Administrators interact directly with network devices.
Example:
Admin → Router
Admin → Switch
Admin → Firewall
2. Independent Configuration
Every device stores its own configuration.
Changes must be repeated for multiple devices.
3. Device-Specific Commands
Different vendors may use different commands and configuration formats.
Example:
- Cisco devices use Cisco IOS commands
- Other vendors may use different CLI syntax
4. Limited Automation
Automation is possible but requires:
- Scripts
- Configuration tools
- API calls for each device
The automation logic must manage many individual connections.
Advantages of Device-Level Management
Simple Architecture
No additional management systems are required.
Administrators interact directly with devices.
Full Device Control
Network engineers can configure very detailed settings.
Works with Legacy Networks
Older networks that do not support controllers can still use device-level management.
Disadvantages of Device-Level Management
Poor Scalability
Managing hundreds or thousands of devices becomes very difficult.
Higher Risk of Configuration Errors
Manual configuration increases the chance of:
- Typos
- Missing settings
- Inconsistent configurations
Time Consuming
Applying the same change to many devices requires repeated work.
Difficult Automation
Automation scripts must manage each device individually.
2. Controller-Level Management
Definition
Controller-level management uses a centralized software controller that manages multiple network devices from a single location.
Instead of configuring each device directly, administrators interact with the controller, and the controller communicates with the devices.
How Controller-Level Management Works
The controller acts as a central management platform.
Workflow:
- Administrator sends configuration to the controller
- The controller processes the request
- The controller pushes the configuration to all relevant devices
Architecture:
Administrator
↓
Network Controller
↓
Switches / Routers / Firewalls
Example in an IT Environment
An organization uses a centralized network controller.
The administrator wants to update network segmentation policies.
Instead of configuring every switch manually:
- The administrator logs into the controller
- Creates a network policy
- The controller automatically deploys the policy to all switches
This allows a single change to update many devices simultaneously.
Common Network Controllers
Examples of controller-based systems include:
- Cisco DNA Center
- Cisco Application Policy Infrastructure Controller (APIC)
- Cisco SD-WAN vManage
These controllers manage large networks through centralized APIs and automation tools.
Characteristics of Controller-Level Management
1. Centralized Control
All network devices are managed from a single platform.
Administrators do not interact directly with each device.
2. Policy-Based Configuration
Instead of configuring devices individually, administrators define network policies.
The controller translates policies into device configurations.
Example policy:
- Allow application traffic between two network segments
- Apply security policies
- Configure routing policies
3. Programmable APIs
Controllers expose REST APIs that allow developers to automate network operations.
Example automation workflow:
Python Script → Controller API → Network Devices
This enables integration with:
- CI/CD pipelines
- Monitoring systems
- DevOps tools
4. Network Abstraction
Controllers hide the complexity of individual devices.
Administrators interact with logical network objects, such as:
- Networks
- Policies
- Applications
- Security groups
Advantages of Controller-Level Management
Centralized Management
All devices are managed through one platform.
Easier Automation
Automation scripts interact with one controller API instead of hundreds of devices.
Scalability
Controllers can manage thousands of devices.
Consistent Configuration
Policies ensure that all devices receive standardized configurations.
Faster Deployment
Large network changes can be applied in seconds.
Disadvantages of Controller-Level Management
Requires Additional Infrastructure
Controllers must be installed, maintained, and monitored.
Dependency on the Controller
If the controller becomes unavailable, management operations may be affected.
Learning Curve
Administrators must understand:
- Controller platforms
- APIs
- Policy-based networking
Controller-Level vs Device-Level Management
| Feature | Device-Level Management | Controller-Level Management |
|---|---|---|
| Management Type | Direct device configuration | Centralized management |
| Interaction | Admin connects to each device | Admin connects to controller |
| Automation | Harder to automate | Easier automation via APIs |
| Scalability | Limited for large networks | Highly scalable |
| Configuration | Per-device configuration | Policy-based configuration |
| Complexity | Simple but repetitive | More advanced architecture |
| Consistency | Risk of inconsistent configs | Standardized policies |
When Each Approach Is Used
Device-Level Management Is Used When
- Managing small networks
- Working with legacy infrastructure
- Performing low-level device troubleshooting
- Making device-specific configuration changes
Example tasks:
- Debugging routing issues
- Updating firmware
- Viewing device logs
Controller-Level Management Is Used When
- Managing large enterprise networks
- Deploying Software Defined Networking (SDN)
- Implementing network automation
- Applying policy-based networking
Example tasks:
- Deploying network segmentation policies
- Automating network provisioning
- Integrating network operations with DevOps pipelines
Why This Topic Matters for the DEVASC Exam
The Cisco DevNet Associate exam focuses on network programmability and automation.
Controller-based networking is important because it enables:
- Infrastructure automation
- Programmable networks
- Policy-based management
- API-driven network operations
Developers and network engineers interact with controllers instead of individual devices, which simplifies automation.
Key Exam Points to Remember
- Device-level management configures each network device individually.
- Controller-level management uses a centralized controller to manage multiple devices.
- Controllers enable automation, APIs, and policy-based networking.
- Controller-based architectures are commonly used in SDN environments.
- Device-level management is still used for direct device troubleshooting and small networks.
