Cisco SD-Access Workshop (SDAPW3)
-
Overview
Description, Pre requisites -
Content
Lessons, Course Structure
Cisco SD-Access Workshop (SDAPW3) workshop teaches you how to implement simple, single-site fabric networks through a combination of lectures and labs.
You will learn the benefits of leveraging Software-Defined Access in the Cisco-powered Enterprise Campus network. SDAFND will introduce the solution, its architecture and components, and guide you through labs to design and deploy simple Cisco SD-Access networks.
How you’ll benefit
This course will help you:
- Deploy Cisco SD-Access networks
- Explain Cisco Software-Designed Access
- Operate, manage, and integrate Cisco DNA Center™
Who should enroll
- Field engineers
- Network engineers
- Network administrators
- System engineers
Objectives
After taking this course, you should be able to:
- Describe Cisco SD-Access architecture and its components
- Explain Cisco DNA Center deployment models, scaling, and high availability
- Identify Cisco SD-Access fabric protocols and node roles
- Understand the Cisco SD-Access Wireless deployment models
- Automate Day 0 device onboarding with Cisco DNA Center LAN Automation and Network PnP
- Deploy simple Cisco SD-Access fabric networks
- Monitor health and performance of the network with Cisco DNA Center Assurance
- Interact with the Cisco DNA Center Platform Intent APIs
Prerequisites
To fully benefit from this course, you should have the following knowledge and skills:
- CCNP® level core networking knowledge
- Ability to use Windows and Linux CLI tools such as ping, SSH, or running scripts
These are the recommended Cisco offerings that may help you meet these prerequisites:
- Implementing and Administering Cisco Solutions (CCNA®) v1.0
- Implementing Cisco Enterprise Network Core Technologies (ENCOR) v1.1
Duration:
3 days
Module 1: Cisco ISE Integration for SD Access
- Introduction to Cisco ISE
- Using Cisco ISE as a Network Access Policy Engine
- Introducing Cisco ISE Deployment Models
- Introducing 802.1x and MAB Access: Wired and Wireless
- Introducing Identity Management
- Configuring Certificate Service
- Introducing Cisco ISE Policy
- Configuring Cisco ISE Policy Sets
- Introduction to Cisco TrustSec for segmentation
- The Concept of Security Group (SG) and Security Group Tag (SGT)
- Cisco TrustSec Phases
- Classification
- Propagation
- Enforcement
- Methods for Classification
- Static Classification
- Dynamic Classification
- Methods for SGT tag propagation
- Inline Tagging
- SGT Exchange Protocol (SXP)
Module 2: Introduction to Cisco’s Software Defined Access (SD-Access)
- SD-Access Overview
- SD-Access Benefits
- SD-Access Key Concepts
- SD-Access Main Components
- Campus Fabric
- Wired
- Wireless
- Nodes
- Edge
- Border
- Control Plane
- DNA Controller (APIC-EM Controller)
- Introducing Cisco ISE 2.x px
- Campus Fabric
- 2-level Hierarchy
- Macro Level: Virtual Network (VN)
- Micro Level: Scalable Group (SG)
Module 3: DNA Center Workflow
- DNA Center Refresher
- Creating Enterprise and Sites Hierarchy
- Configuring General Network Settings
- Loading maps into the GUI
- IP Address Management
- Software Image Management
- Network Device Profiles
- Introduction to Analytics
- NDP Fundamentals
- Overview of DNA Assurance
Module 4: SD-Access Campus Fabric
- The concept of Fabric
- Node types (Breakdown)
- LISP as protocol for Control Plane
- VXLAN as protocol for Data Plane
Module 5: Campus Fabric External Connectivity for SD-Access
- Enterprise Sample Topology for SD-Access
- Role of Border Nodes
- Types of Border Nodes
- Border
- Default Border
- Single Border vs. Multiple Border Designs
- Collocated Border and Control Plane Nodes
- Distributed (separated) Border and Control Plane Nodes
Module 6: Implementing WLAN in SD-Access Solution
- WLAN Integration Strategies in SD-Access Fabric
- Fabric CUWN
- SD-Access Wireless (Fabric enabled WLC and AP)
- SD-Access Wireless Architecture
- Control Plane: LISP and WLC
- Data Plane: VXLAN
- Policy Plane and Segmentation: VN and SGT
- Sample Design for SD-Access Wireless
Lab Outline:
- ISE basic setup and Navigating GUI
- Configuring TrustSec in ISE
- Connecting and getting familiar with DNA Center GUI
- Performing SD-Access Design Step in DNA Center
- Integrating ISE and DNA Center for Policy Deployment and Enforcement
- Performing SD-Access Policy Step in DNA Center and ISE
- Performing SD-Access Provision Step in DNA Center
- Performing SD-Access Assurance Step in DNA Center
- Integrating WLAN services through SD-Wireless architecture
- Integrate ISE with Active Directory
- Achieving External Connectivity to remote locations through Border Node