Many challenges exist managing modern networks on a day to day basis. The problems are intensified when manual configuration changes using fragmented tool offerings result in non-centralized change and configuration management which leads to various naming, configuration, backup and security compliance issues. Manual configuration changes when compared to automated, policy-based approaches are slow and error-prone. Break and fix, new network builds and change requests in dynamic environments where user requirements, devices and applications are evolving at ever increasing rates fueled in many cases by the big data of IoT. The networks of today face deployment, support and security challenges mitigated with modern tools such as Digital Network Architecture Centre (DNAC), Cisco Identity Services Engine (ISE) and Stealthwatch. In this course, you use these tools to build a centrally managed, authenticated, authorized, monitored and security-policy compliant solution.
Student Testimonials
Instructor did a great job, from experience this subject can be a bit dry to teach but he was able to keep it very engaging and made it much easier to focus.
Student
Excellent presentation skills, subject matter knowledge, and command of the environment.
Student
Instructor was outstanding. Knowledgeable, presented well, and class timing was perfect.
Student
Click here to print this page »
Prerequisites
The knowledge and skills that a learner must have before attending this course are as follows:
Cisco CCNA or Equivalent Experience
Basic Knowledge of Software Defined Networks
Basic Knowledge of network security including AAA, Access Control and ISE
Basic Knowledge and experience with Cisco IOS, IOS XE and CLI
Basic Knowledge of virtualization, Hypervisors and Virtual Machines
Detailed Class Syllabus
Module 1: Introduction to Cisco’s Software Defined Access (SD-Access)
DNA Introduction
SD-Access Overview
SD-Access Benefits
SD-Access Key Concepts
SD-Access Main Components
Campus Fabric
Wired
Wireless
Nodes
Edge
Border
Control Plane
DNA Center (Controller)
ISE (Policy)
StealthWatch (Policy)
NDP (Analytics and Assurance)
Module 2: SD-Access Campus Fabric
The concept of Fabric
Node types
Fabric Edge Nodes
Control Plane Nodes
Border Nodes
LISP as protocol for Control Plane
Configure LISP for Control Plane
VXLAN as protocol for Data Plane
Configure VXLAN for Data Plane
Virtual Networks (VN)
Fabric-enabled WLAN
Fabric Enabled WLC
Fabric Enabled AP’s
SDA-ready Cisco Catalyst LAN Switches
Role of Cat9k in Cisco SD-Access solution and deployment models as border, control and edge nodes
Module 3: DNA Center and Workflow for SD-Access
Introduction to DNA Center
Workflow for SD-Access in DNA Center
Design Step overview
Policy Step overview
Provision Step overview
Assurance Step overview
Integration with Cisco ISE for Policy Enforcement
Integration with Cisco StealthWatch for Policy Enforcement
Integration with Cisco NDP for Analytics and Assurance
Module 4: Deployment and initial setup for DNA Center
Requirements
Deployment Procedure
Initial Setup
GUI Navigation
Module 5: Deployment and initial setup for ISE and Integrate with DNA Center
Introduction to Cisco ISE
Requirements
Cisco ISE Deployment Models
Deployment Procedure
Initial Setup
GUI Navigation
Integration with DNA Center
Module 6: Deploy Netflow Collector and StealthWatch Management Center (SMC)
Introduction to Netflow and SMC
Requirements
Deployment Procedure
Initial Setup
GUI Navigation
Integration with DNA Center / SD Access
Module 7: Implementing Policy Plane using Cisco TrustSec for Segmentation
Cisco TrustSec phases
Classification
Propagation
Enforcement
Configuring Classification
Configuring SGT tag propagation
Configure Enforcement
Introducing Cisco TrustSec in ISE
Cisco ISE as controller for Software-defined segmentation (groups and policies)
Configuring ISE for Dynamic SGT assignment
Configuring ISE for Static SGT assignment
Configuring Policy Enforcement
Module 8: Cisco StealthWatch Management Console (SMC)
Configuring Host Groups in the SMC
Configuring Flexible NetFlow on Cisco Devices
Verify Netflow Data Collection on SMC
Configuring Cisco StealthWatch and ISE Integration
Module 9: DNA Center Workflow First Step - Design
Creating Enterprise and Sites Hierarchy
Configuring General Network Settings
Loading maps into the GUI
IP Address Management
Software Image Management
Network Device Profiles
Module 10: DNA Center Workflow Second Step - Policy
2-level Hierarchy
Macro Level: Virtual Network (VN)
Micro Level: Scalable Group (SG)
Policy Types
Access Policy
Access Control Policy
Traffic Copy Policy
Cross Domain Policies
Module 11: DNA Center Workflow Third Step - Provision
Devices Onboarding
Discovering Devices
Assigning Devices to a site
Provisioning device with profiles
Fabric Domains
Understanding Fabric Domains
Using Default LAN Fabric Domain
Creating Additional Fabric Domains
Adding Nodes
Adding Fabric Edge Nodes
Adding Control Plane Nodes
Adding Border Nodes
Module 12: DNA Center Workflow Fourth Step – Assurance
Introduction to Analytics
NDP Fundamentals
Overview of DNA Assurance
Components of DNA Assurance
DNA Center Assurance Dashboard
Module 13: Implementing WLAN in SD-Access Solution
WLAN Integration Strategies in SD-Access Fabric
CUWN Wireless Over The Top (OTT)
SD-Access Wireless (Fabric enabled WLC and AP)
SD-Access Wireless Architecture
Control Plane: LISP and WLC
Data Plane: VXLAN
Policy Plane and Segmentation: VN and SGT
Module 14: Implementing Campus Fabric External Connectivity for SD-Access
Role of Border Nodes
Types of Border Nodes
Border
Default Border
Single Border vs. Multiple Border Designs
Collocated Border and Control Plane Nodes
Distributed (separated) Border and Control Plane Nodes
Module 15: SDA Migration Strategies
Migrate to SD-Access using a quality-assured process, state-of-the-art tools and proven methodologies
The need for additional planning
Typical considerations
Primary Approaches for migration
Building SD-Access network in parallel and then integrate
Do incremental migrations of access switches into an SD-Access fabric