Search

Cisco SD-Access Workshop (SDAPW3)

  • Overview

    Description, Pre requisites

  • Content

    Lessons, Course Structure

Cisco SD-Access Workshop (SDAPW3) workshop teaches you how to implement simple, single-site fabric networks through a combination of lectures and labs.

You will learn the benefits of leveraging Software-Defined Access in the Cisco-powered Enterprise Campus network. SDAFND will introduce the solution, its architecture and components, and guide you through labs to design and deploy simple Cisco SD-Access networks.

How you’ll benefit

This course will help you:

  • Deploy Cisco SD-Access networks
  • Explain Cisco Software-Designed Access
  • Operate, manage, and integrate Cisco DNA Center™

Who should enroll

  • Field engineers
  • Network engineers
  • Network administrators
  • System engineers

Objectives

After taking this course, you should be able to:

  • Describe Cisco SD-Access architecture and its components
  • Explain Cisco DNA Center deployment models, scaling, and high availability
  • Identify Cisco SD-Access fabric protocols and node roles
  • Understand the Cisco SD-Access Wireless deployment models
  • Automate Day 0 device onboarding with Cisco DNA Center LAN Automation and Network PnP
  • Deploy simple Cisco SD-Access fabric networks
  • Monitor health and performance of the network with Cisco DNA Center Assurance
  • Interact with the Cisco DNA Center Platform Intent APIs

Prerequisites

To fully benefit from this course, you should have the following knowledge and skills:

  • CCNP® level core networking knowledge
  • Ability to use Windows and Linux CLI tools such as ping, SSH, or running scripts

These are the recommended Cisco offerings that may help you meet these prerequisites:

  • Implementing and Administering Cisco Solutions (CCNA®) v1.0
  • Implementing Cisco Enterprise Network Core Technologies (ENCOR) v1.1

Duration:

3 days

 

Module 1: Cisco ISE Integration for SD Access

  • Introduction to Cisco ISE
  • Using Cisco ISE as a Network Access Policy Engine
  • Introducing Cisco ISE Deployment Models
  • Introducing 802.1x and MAB Access: Wired and Wireless
  • Introducing Identity Management
  • Configuring Certificate Service
  • Introducing Cisco ISE Policy
  • Configuring Cisco ISE Policy Sets
  • Introduction to Cisco TrustSec for segmentation
  • The Concept of Security Group (SG) and Security Group Tag (SGT)
  • Cisco TrustSec Phases
    • Classification
    • Propagation
    • Enforcement
  • Methods for Classification
    • Static Classification
    • Dynamic Classification
  • Methods for SGT tag propagation
    • Inline Tagging
    • SGT Exchange Protocol (SXP)

Module 2: Introduction to Cisco’s Software Defined Access (SD-Access)

  • SD-Access Overview
  • SD-Access Benefits
  • SD-Access Key Concepts
  • SD-Access Main Components
    • Campus Fabric
      • Wired
      • Wireless
    • Nodes
      • Edge
      • Border
      • Control Plane
    • DNA Controller (APIC-EM Controller)
    • Introducing Cisco ISE 2.x px
  • 2-level Hierarchy
    • Macro Level: Virtual Network (VN)
    • Micro Level: Scalable Group (SG)

Module 3: DNA Center Workflow

  • DNA Center Refresher
  • Creating Enterprise and Sites Hierarchy
  • Configuring General Network Settings
  • Loading maps into the GUI
  • IP Address Management
  • Software Image Management
  • Network Device Profiles
  • Introduction to Analytics
  • NDP Fundamentals
  • Overview of DNA Assurance

Module 4: SD-Access Campus Fabric

  • The concept of Fabric
  • Node types (Breakdown)
  • LISP as protocol for Control Plane
  • VXLAN as protocol for Data Plane

Module 5: Campus Fabric External Connectivity for SD-Access

  • Enterprise Sample Topology for SD-Access
  • Role of Border Nodes
  • Types of Border Nodes
    • Border
    • Default Border
  • Single Border vs. Multiple Border Designs
  • Collocated Border and Control Plane Nodes
  • Distributed (separated) Border and Control Plane Nodes

Module 6: Implementing WLAN in SD-Access Solution

  • WLAN Integration Strategies in SD-Access Fabric
    • Fabric CUWN
    • SD-Access Wireless (Fabric enabled WLC and AP)
  • SD-Access Wireless Architecture
    • Control Plane: LISP and WLC
    • Data Plane: VXLAN
    • Policy Plane and Segmentation: VN and SGT
  • Sample Design for SD-Access Wireless

Lab Outline:

  • ISE basic setup and Navigating GUI
  • Configuring TrustSec in ISE
  • Connecting and getting familiar with DNA Center GUI
  • Performing SD-Access Design Step in DNA Center
  • Integrating ISE and DNA Center for Policy Deployment and Enforcement
  • Performing SD-Access Policy Step in DNA Center and ISE
  • Performing SD-Access Provision Step in DNA Center
  • Performing SD-Access Assurance Step in DNA Center
  • Integrating WLAN services through SD-Wireless architecture
  • Integrate ISE with Active Directory
  • Achieving External Connectivity to remote locations through Border Node