Cisco Software-Defined Access - SDA Use Case Implementation, Operations, & Troubleshooting

Kursmaterialet är på engelska, med detta innehåll:

Introduction to Cisco’s Software Defined Access (SD-Access)

• Understanding Cisco Intent-Based Networking
• Understanding Cisco SDA Use Cases customer’s benefits including business and technical outcomes and capabilities
• Cisco DNA Center Introduction
• SD-Access Overview
• SD-Access Benefits
• SD-Access Key Concepts
• SD-Access Main Components
  • Fabric Control Plane Node
  • Fabric Border Node
  • Fabric Edge Node
  • Fabric Wireless LAN Controller and Fabric Enabled Access Points
• Cisco DNA Center Automation
• Cisco ISE (Policy)
• Cisco StealthWatch (Traffic Analysis)
• DNA Center Assurance

Deployment and Initial setup for the Cisco DNA-Center

• Cisco DNA-Center Appliances
• Cisco DNA-Center Deployment Models
  • Single Node Deployment
  • Clustered Deployment
• Installation Procedure
• Initial Setup and Configuration
• GUI Navigation

SDA - Design

• Network design options
• Sites
• Creating Enterprise and Sites Hierarchy
• Configuring General Network Settings
• Loading maps into the GUI
• IP Address Management
• Software Image Management
• Network Device Profiles
• AAA
• SNMP
• Syslog
• IP address pools
• Image management
• Creating Enterprise and Guest SSIDs
  • Creating the wireless RF Profile
  • Cresting the Guest Portal for the Guest SSIDs
• Network profiles
• Authentication templates

SDA - Policy

• 2-level Hierarchy
  • Macro Level: Virtual Network (VN)
  • Micro Level: Scalable Group (SG)
• Policy
  • Policy in SD-Access
  • Access Policy: Authentication and Authorization
  • Access Control Policy
  • Application Policy
  • Extending Policy across domains
  • Preserving Group Metadata across Campus, WAN and DC
  • Enforcing policy in Firewall domains
  • Cross Domain Policies

SDA - Provision

• Devices Onboarding
  • Lifecycle stages of network device discovery
  • Discovering Devices
  • Assigning Devices to a site
  • Provisioning device with profiles
  • Plug-and-Play
  • LAN Automation
• Templates
  • Templates for day 0
  • Templates for day N operations
• IP Transits
  • How to connect the Fabric Sites to the external network
  • Creating the IP Transit
  • Considerations for a SD-Access Border Node Design
  • BGP Hand-Off Between Border and Fusion
• Fabric Domains
  • Understanding Fabric Domains and Sites
  • Using Default LAN Fabric Domain
  • Creating Additional Fabric Domains and Sites
• Adding Nodes
  • Adding Fabric Edge Nodes
  • Adding Control Plane Nodes
  • Adding Border Nodes

SDA - Assurance

• Overview of DNA Assurance
• Cisco DNA Center Assurance- Use Cases Examples
• Network Health & Device 360
• Client Health & Client 360
• Application Health & Application 360
• Cisco SD- Application Visibility Control (AVC) on DNA-Center
• Proactive troubleshooting using Sensors

Cisco SD-Access Distributed Campus Design

• Introduction to Cisco SD-Access Distributed Campus Design – The Advantage?
• Fabric Domain vs Fabric Site
• SD-Access Transits:
  • IP-Based Transit
  • Cisco SD-Access Transit
  • Cisco SD-WAN Transit
• Deploying the Cisco Distributed Campus with SD-Access Transit
  • Site considerations
  • Internet connectivity considerations
  • Segmentation considerations
  • Role of a Cisco Transit Control Plane
• Cisco SD-Access Fabric in a Box
  • The need for FiaB
  • Deploying the FiaB

Cisco SD-Access Brownfield Migration

• Cisco SD-Access Migration Tools and Strategies
• Two Basic Approaches:
  • Parallel Deployment Approach
  • Incremental Deployment Approach
• Integration with existing Cisco ISE in the network – Things to watch out for!
• Choosing the correct Fusion Device
  • Existing Core as Fusion
  • Firewall as Fusion
• When do you need the SD-Access Layer-2 Border?
  • L2 Border – Understanding the requirement
  • Designing and Configuring the L2 Border
  • L2 Border – Not a permanent solution

Cisco DNA Center Automation- Use Cases Examples

• DAY0: Onboarding new devices using Zero Touch Deployment
• DAY1: Configurations using Templates
• DAYN: Security Advisories based on Machine Reasoning Engine
• DAYN: Simplified Software Management based on Golden Images
• DAYN: Defective Device Replacement - RMA

3rd Party Integrations

• ServiceNow
  • Integration
  • Management
• InfoBlox IPAM
  • Integration
  • Management

Specific Use Cases

• Use Case:  STACK LAN Automation
• Use Case:  Silent Hosts
• Use Case:  Wake on LAN
• Use Case: The need for L2 flooding
• Use Case: Multicast in the SD-Access Fabric

Cisco SD-Access Multi-Domain Integrations

• Cisco SD-Access to ACI Integrations
  • Phase-1: Policy Plane Integration
  • Phase-2: Data Plane Integration
• Cisco SD-Access to Cisco SD-WAN Integrations
  • What is possible today? SD-WAN Transit setup.
  • Phase-1: The one box solution
  • Phase-2: The two box solution

Troubleshooting

• Fabric
• Layer 3 forwarding
• Layer 2 forwarding
• Multicast Forwarding
• Security in the Fabric
• Troubleshooting Multi-Site Deployments