Cisco Software-Defined Access - SDA Use Case Implementation, Operations, & Troubleshooting
Denna kurs utforskar funktionaliteten Cisco Software-Defined Access (SDA) på djupet.
Boka utbildning
Som deltagare lär du dig mplementera SDA för olika behov. Kursen behandlar även detaljerna i hur du hanterar och felsöker de olika funktionerna hos underliggande komponenter.
För dig som önskar en utbildning som fokuserar mer på DNA Center rekommenerar vi vår kurs Implementing and Administering DNA Center for Assurance.
Kursen hålls i samarbete med NterOne.
Målgrupp och förkunskaper
Kursen är framtagen för tekniker i en Cisco-baserad nätveksmiljö som arbetar med DNA Center vill gå på djupet med SD-Access.
Som deltagare förutsätts du besitta grundläggande till goda kunskaper om Cisco-baserad routing och switching.
Du behöver även grundläggande kunskaper om mjukvarubaserade nätverk, vanliga säkerhetsbegrepp som AAA, Access Control och ISE, samt viss erfarenhet av Cisco IOS, XE och CLI. Programmeringskunskaper, såsom Python och RestAPI, är en fördel men inget krav.
För att alltid hålla en hög kvalitet på våra teknikkurser använder vi både engelsk- och svensktalande experter som kursledare.
Detaljerad information
Kursmaterialet är på engelska, med detta innehåll:
Introduction to Cisco’s Software Defined Access (SD-Access)
- Understanding Cisco Intent-Based Networking
- Understanding Cisco SDA Use Cases customer’s benefits including business and technical outcomes and capabilities
- Cisco DNA Center Introduction
- SD-Access Overview
- SD-Access Benefits
- SD-Access Key Concepts
- SD-Access Main Components
- Fabric Control Plane Node
- Fabric Border Node
- Fabric Edge Node
- Fabric Wireless LAN Controller and Fabric Enabled Access Points
- Cisco DNA Center Automation
- Cisco ISE (Policy)
- Cisco StealthWatch (Traffic Analysis)
- DNA Center Assurance
Deployment and Initial setup for the Cisco DNA-Center
- Cisco DNA-Center Appliances
- Cisco DNA-Center Deployment Models
- Single Node Deployment
- Clustered Deployment
- Installation Procedure
- Initial Setup and Configuration
- GUI Navigation
SDA - Design
- Network design options
- Sites
- Creating Enterprise and Sites Hierarchy
- Configuring General Network Settings
- Loading maps into the GUI
- IP Address Management
- Software Image Management
- Network Device Profiles
- AAA
- SNMP
- Syslog
- IP address pools
- Image management
- Creating Enterprise and Guest SSIDs
- Creating the wireless RF Profile
- Cresting the Guest Portal for the Guest SSIDs
- Network profiles
- Authentication templates
SDA - Policy
- 2-level Hierarchy
- Macro Level: Virtual Network (VN)
- Micro Level: Scalable Group (SG)
- Policy
- Policy in SD-Access
- Access Policy: Authentication and Authorization
- Access Control Policy
- Application Policy
- Extending Policy across domains
- Preserving Group Metadata across Campus, WAN and DC
- Enforcing policy in Firewall domains
- Cross Domain Policies
SDA - Provision
- Devices Onboarding
- Lifecycle stages of network device discovery
- Discovering Devices
- Assigning Devices to a site
- Provisioning device with profiles
- Plug-and-Play
- LAN Automation
- Templates
- Templates for day 0
- Templates for day N operations
- IP Transits
- How to connect the Fabric Sites to the external network
- Creating the IP Transit
- Considerations for a SD-Access Border Node Design
- BGP Hand-Off Between Border and Fusion
- Fabric Domains
- Understanding Fabric Domains and Sites
- Using Default LAN Fabric Domain
- Creating Additional Fabric Domains and Sites
- Adding Nodes
- Adding Fabric Edge Nodes
- Adding Control Plane Nodes
- Adding Border Nodes
SDA - Assurance
- Overview of DNA Assurance
- Cisco DNA Center Assurance- Use Cases Examples
- Network Health & Device 360
- Client Health & Client 360
- Application Health & Application 360
- Cisco SD- Application Visibility Control (AVC) on DNA-Center
- Proactive troubleshooting using Sensors
Cisco SD-Access Distributed Campus Design
- Introduction to Cisco SD-Access Distributed Campus Design – The Advantage?
- Fabric Domain vs Fabric Site
- SD-Access Transits:
- IP-Based Transit
- Cisco SD-Access Transit
- Cisco SD-WAN Transit
- Deploying the Cisco Distributed Campus with SD-Access Transit
- Site considerations
- Internet connectivity considerations
- Segmentation considerations
- Role of a Cisco Transit Control Plane
- Cisco SD-Access Fabric in a Box
- The need for FiaB
- Deploying the FiaB
Cisco SD-Access Brownfield Migration
- Cisco SD-Access Migration Tools and Strategies
- Two Basic Approaches:
- Parallel Deployment Approach
- Incremental Deployment Approach
- Integration with existing Cisco ISE in the network – Things to watch out for!
- Choosing the correct Fusion Device
- Existing Core as Fusion
- Firewall as Fusion
- When do you need the SD-Access Layer-2 Border?
- L2 Border – Understanding the requirement
- Designing and Configuring the L2 Border
- L2 Border – Not a permanent solution
Cisco DNA Center Automation- Use Cases Examples
- DAY0: Onboarding new devices using Zero Touch Deployment
- DAY1: Configurations using Templates
- DAYN: Security Advisories based on Machine Reasoning Engine
- DAYN: Simplified Software Management based on Golden Images
- DAYN: Defective Device Replacement - RMA
3rd Party Integrations
- ServiceNow
- Integration
- Management
- InfoBlox IPAM
- Integration
- Management
Specific Use Cases
- Use Case: STACK LAN Automation
- Use Case: Silent Hosts
- Use Case: Wake on LAN
- Use Case: The need for L2 flooding
- Use Case: Multicast in the SD-Access Fabric
Cisco SD-Access Multi-Domain Integrations
- Cisco SD-Access to ACI Integrations
- Phase-1: Policy Plane Integration
- Phase-2: Data Plane Integration
- Cisco SD-Access to Cisco SD-WAN Integrations
- What is possible today? SD-WAN Transit setup.
- Phase-1: The one box solution
- Phase-2: The two box solution
Troubleshooting
- Fabric
- Layer 3 forwarding
- Layer 2 forwarding
- Multicast Forwarding
- Security in the Fabric
- Troubleshooting Multi-Site Deployments