There are many challenges today in managing the network because of manual configuration and fragmented tool offerings. Manual operations are slow and error-prone and these issues will be exacerbated due to the constantly changing environment with more users, devices and applications. With the growth of users and different devices types coming into the network, it is more complex to configure user credentials and maintain a consistent policy across the network. If your policy is not consistent, there is the added complexity of maintaining separate policies between wired and wireless. As users move around the network, it also becomes difficult to locate users and troubleshoot issues. The bottom line is that the networks of today do not address today’s network needs. This SDA course addresses these issues.
Software-Defined Access (SD-Access) is the industry’s first intent-based networking solution for the Enterprise built on the principles of Cisco’s Digital Network Architecture (DNA). SD-Access provides automated end-to-end segmentation to separate user, device and application traffic without redesigning the network.SD-Access automates user access policy so organizations can make sure the right policies are established for any user or device with any application across the network. This is accomplished with a single network fabric across LAN and WLAN which creates a consistent user experience anywhere without compromising on security.
Anyone involved in the design or implementation of a SD-Access solution
Attendees should meet the following prerequisites:
After completing this course you should be able to:
Module 1: Cisco ISE Integration for SD Access
Introduction to Cisco ISE
Using Cisco ISE as a Network Access Policy Engine
Introducing Cisco ISE Deployment Models
Introducing 802.1x and MAB Access: Wired and Wireless
Introducing Identity Management
Configuring Certificate Service
Introducing Cisco ISE Policy
Configuring Cisco ISE Policy Sets
Introduction to Cisco TrustSec for segmentation
The Concept of Security Group (SG) and Security Group Tag (SGT)
Cisco TrustSec Phases - Classification, Propagation, Enforcement
Methods for Classification - Static Classification, Dynamic Classification
Methods for SGT tag propagation - Inline Tagging, SGT Exchange Protocol (SXP)
Module 2: Introduction to Cisco’s Software Defined Access (SD-Access)
SD-Access Overview
SD-Access Benefits
SD-Access Key Concepts
SD-Access Main Components - Campus Fabric wired and wireless
Nodes - Edge,Border,Control Plane
DNA Controller (APIC-EM Controller)
Introducing Cisco ISE 2.x px
2-level Hierarchy - Macro Level: Virtual Network (VN), Micro Level: Scalable Group (SG)
Module 3: DNA Center Workflow
DNA Center Refresher
Creating Enterprise and Sites Hierarchy
Configuring General Network Settings
Loading maps into the GUI
IP Address Management
Software Image Management
Network Device Profiles
Introduction to Analytics
NDP Fundamentals
Overview of DNA Assurance
Module 4: SD-Access Campus Fabric
The concept of Fabric
Node types (Breakdown)
LISP as protocol for Control Plane
VXLAN as protocol for Data Plane
Module 5: Campus Fabric External Connectivity for SD-Access
Enterprise Sample Topology for SD-Access
Role of Border Nodes
Types of Border Nodes - Border, Default Border
Single Border vs. Multiple Border Designs
Collocated Border and Control Plane Nodes
Distributed (separated) Border and Control Plane Nodes
Module 6: Implementing WLAN in SD-Access Solution
WLAN Integration Strategies in SD-Access Fabric - Fabric CUWN, SD-Access Wireless (Fabric enabled WLC and AP)
SD-Access Wireless Architecture - Control Plane: LISP and WLC, Data Plane: VXLAN, Policy Plane and Segmentation: VN and SGT
Sample Design for SD-Access Wireless
Labs
ISE basic setup and Navigating GUI
Configuring TrustSec in ISE
Connecting and getting familiar with DNA Center GUI
Performing SD-Access Design Step in DNA Center
Integrating ISE and DNA Center for Policy Deployment and Enforcement
Performing SD-Access Policy Step in DNA Center and ISE
Performing SD-Access Provision Step in DNA Center
Performing SD-Access Assurance Step in DNA Center
Integrating WLAN services through SD-Wireless architecture
Integrate ISE with Active Directory
Achieving External Connectivity to remote locations through Border Node
There is no exam related to this training