Software Defined Access (SD-ACCESS)

Overview

Software-Defined Access (SD-Access) is the industry's first intent-based networking solution for the Enterprise build on the principles of Cisco's Digital Network Architecture (DNA).  SD-Access provides automated end-to-end segmentation to separate user, device, and application traffic without redesigning the network.  SD-Access automates user access policy so organizations can make sure the right policies are established for any user or device with any application across the network.  This is accomplished with a single network fabric across LAN and WLAN which creates a consistent user experience anywhere without compromising on security.

Target Audience

  • Anyone interested in knowing about SD-Access
  • Personnel involved in SD-Access Design and Implementation
  • Network Operations teams with SD-Access solution

Prerequisites

  • Knowledge level equivalent to Cisco CCNA Routing & Switching
  • Basic knowledge of Software Defined Networks
  • Basic knowledge of network security including AAA, Access Control, and ISE
  • Basic knowledge and experience with Cisco IOS, IOS XE, and CLI

Course Objectives

  • Know and understand Cisco's SD-Access concepts, features, benefits, terminology along with the way this approach innovates common administrative tasks on today's networks
  • Differentiate and explain each of the building blocks of SD-Access Solution
  • Explain the concept of "Fabric" and the different node types that conform it (Fabric Edge Nodes, Control Plane Nodes, Border Nodes)
  • Describe the role of LISP in Control Plane and VXLAn in Data Plane for SD-Access Solution
  • Understand TrustSec concepts, deployment details and the way TrustSec is used as part of SD-Access Solution for segmentation and Policy Enforcement
  • Understand the role of DNA Center as solution orchestrator and Intelligent GUI
  • Be familiar with workflow approach in DNA Center and its Four Steps:  Design, Policy, Provision, and Assurance
  • Explain the role that ISE and NDP play as part of the solution
  • Configure AAA services and TrustSec Policy in ISE
  • Integrate ISE with DNA Center for Policy enforcement

Course Outline

1. Introduction to Cisco’s Software Defined Access (SD-Access)

  • SD-Access Overview
  • SD-Access Benefits
  • SD-Access Key Concepts
  • SD-Access Main Components

2. SD-Access Campus Fabric
  • The concept of Fabric
  • Node types
  • Fabric Edge Nodes
  • Control Plane Nodes
  • Border Nodes
  • LISP as protocol for Control Plane
  • VXLAN as protocol for Data Plane
  • Concept of Virtual Network
  • Fabric-enabled WLAN

3. DNA Center and Workflow for SD-Access
  • Introduction to DNA Center
  • Workflow for SD-Access in DNA Center
  • Integration with Cisco ISE for Policy Enforcement
  • Integration with Cisco NDP for Analytics and Assurance
  • Relationship with APIC-EM controller

4. Implementing Policy Plane using Cisco TrustSec for Segmentation
  • Need for users and groups Segmentation on SD-Access
  • Limitations of traditional segmentation methods
  • Introduction to Cisco TrustSec for segmentation
  • The Concept of Security Group (SG) and Security Group Tag (SGT)
  • Cisco TrustSec phases
  • Methods for Classification
  • Methods for SGT tag propagation
  • Enforcement

5. Using Cisco ISE for TrustSec and Policy Enforcement
  • Introduction to Cisco ISE
  • Using Cisco ISE as a Network Access Policy Engine
  • Introducing Cisco ISE Deployment Models
  • Introducing 802.1x and MAB Access: Wired and Wireless
  • Introducing Identity Management
  • Configuring Certificate Service
  • Introducing Cisco ISE Policy
  • Configuring Cisco ISE Policy Sets
  • Introducing Cisco TrustSec in ISE
  • Cisco ISE as controller for Software-defined segmentation (groups and policies)
  • Introducing Cisco ISE 2.x pxGrid
  • Preparing ISE for Integration with DNA Center for SD-Access

6. DNA Center Workflow First Step - Design
  • Creating Enterprise and Sites Hierarchy
  • Configuring General Network Settings
  • Loading maps into the GUI
  • IP Address Management
  • Software Image Management
  • Network Device Profiles

7. DNA Center Workflow Second Step - Policy
  • 2-level Hierarchy
  • Policy Types
  • ISE Integration with DNA Center
  • Cross Domain Policies

8. DNA Center Workflow Third Step - Provision
  • Devices Onboarding
  • Fabric Domains
  • Adding Nodes

9. DNA Center Workflow Fourth Step - Assurance
  • Introduction to Analytics
  • NDP Fundamentals
  • Overview of DNA Assurance
  • Components of DNA Assurance
  • DNA Center Assurance Dashboard

10. Implementing WLAN in SD-Access Solution
  • WLAN Integration Strategies in SD-Access Fabric
  • SD-Access Wireless Architecture
  • Sample Design for SD-Access Wireless

11. Campus Fabric External Connectivity for SD-Access
  • Enterprise Sample Topology for SD-Access
  • Role of Border Nodes
  • Types of Border Nodes
  • Single Border vs. Multiple Border Designs
  • Collocated Border and Control Plane Nodes
  • Distributed (separated) Border and Control Plane Nodes

SLI Main Menu