Introduction:

DNA Center and SD-Access offer Cisco’s next-generation programmable digital network to help automate common network access security features and streamline the redundant, complex configuration required to allow different groups of users access to the network infrastructure.
It allows Network Administrators to quickly allow differentiated access for end users on the network while allowing the network to react automatically to day zero and other types of attacks.

Objectives:

The Introduction to SD-Access and DNA Center course gives the learner a solid overview of Cisco’s latest features to automate common administrative tasks on security focused programmable network infrastructures. This course explains the concepts of a “Network Fabric” and the different node types that form it (Fabric Edge Nodes, Control Plane Nodes, Border Nodes).  It describes the roles of LISP in the Control Plane and VXLAN in the Data Plane for SD-Access Solutions and how DNA Center uses them to automate security and network access.

Course Outline:

Module 1: Introduction to Cisco’s Software Defined Access (SD-Access)

  • SD-Access Overview
  • SD-Access Benefits
  • SD-Access Key Concepts
  • SD-Access Main Components
  • Campus Fabric
  • Wired
  • Wireless
  • Nodes
  • Edge
  • Border
  • Control Plane
  • DNA Controller
  • ISE (Policy)
  • NDP (Analytics and Assurance)

Module 2: SD-Access Campus Fabric

  • The concept of Fabric
  • Node types
  • Fabric Edge Nodes
  • Control Plane Nodes
  • Border Nodes
  • LISP as protocol for Control Plane
  • VXLAN as protocol for Data Plane
  • Concept of Virtual Network
  • Fabric-enabled WLAN
  • Fabric Enabled WLC
  • Fabric Enabled AP’s

Module 3: DNA Center and Workflow for SD-Access

  • Introduction to DNA Center
  • Workflow for SD-Access in DNA Center
  • Design Step overview
  • Policy Step overview
  • Provision Step overview
  • Assurance Step overview
  • Integration with Cisco ISE for Policy Enforcement
  • Integration with Cisco NDP for Analytics and Assurance
  • Relationship with APIC-EM controller

Module 4: DNA Center Workflow First Step – Design

  • Creating Enterprise and Sites Hierarchy
  • Discuss and Demonstrate General Network Settings
  • Loading maps into the GUI
  • IP Address Administration
  • Administering Software Images
  • Network Device Profiles

Module 5: DNA Center Workflow Second Step – Policy

  • 2-level Hierarchy
  • Macro Level: Virtual Network (VN)
  • Micro Level: Scalable Group (SG)
  • Policy Types
  • Access Policy
  • Access Control Policy
  • Traffic Copy Policy
  • ISE Integration with DNA Center
  • Cross Domain Policies

Module 6: DNA Center Workflow Third Step – Provision

Devices Onboarding

  • Discovering Devices
  • Assigning Devices to a site
  • Provisioning device with profiles

Fabric Domains

  • Understanding Fabric Domains
  • Using Default LAN Fabric Domain
  • Creating Additional Fabric Domains

Adding Nodes

  • Adding Fabric Edge Nodes
  • Adding Control Plane Nodes
  • Adding Border Nodes

Module 7: DNA Center Workflow Fourth Step – Assurance

  • Introduction to Analytics
  • NDP Fundamentals
  • Overview of DNA Assurance
  • Components of DNA Assurance
  • DNA Center Assurance Dashboard

Module 8: Implementing WLAN in SD-Access Solution

WLAN Integration Strategies in SD-Access Fabric

  • CUWN Wireless Over The Top (OTT)
  • SD-Access Wireless (Fabric enabled WLC and AP)

SD-Access Wireless Architecture

  • Control Plane: LISP and WLC
  • Data Plane: VXLAN
  • Policy Plane and Segmentation: VN and SGT

Sample Design for SD-Access Wireless

Module 9: Campus Fabric External Connectivity for SD-Access

  • Enterprise Sample Topology for SD-Access
  • Role of Border Nodes
  • Types of Border Nodes
  • Border
  • Default Border
  • Single Border vs. Multiple Border Designs
  • Collocated Border and Control Plane Nodes
  • Distributed (separated) Border and Control Plane Nodes