PDF Dnac Sda

Skill and Knowledge
The knowledge and skills that students are expected to have before attending this
course:
• Students should be familiar with Cisco Catalyst 9000 series switches
• Students should understand Cisco Enterprise Architecture
• Students should be understanding the networking protocols, Routing and
Switching.
Course Goal
The Goal of this training program is to introduce learners to the

implementation, management and troubleshooting of the Solution
Cisco SD-Access compound of Catalyst 9300 series switches, DNA
Center, ISEv, Cisco WLC and AP.
Modules
• Module 1 Introduction to Cisco DNA Digital Network Architecture
• Module 2 Cisco SD Access
• Module 3 Describing Cisco SD-Access Architecture
• Module 4 Exploring the Cisco Digital Network Architecture Center
• Module 5 Configuring Underlay Automation
• Module 6 Cisco SD-Access Implementation
• Module 7 Integration of Cisco ISE with Cisco DNA-Center

• Module 8 LAN Automation&Fabric
• Module 9 Fusion Router
• Module 9 Wireless Design Workflows
• Module 10 Assurance
Module 1
Introduction to Cisco
DNA Digital Network
Architecture
Cisco Digital Network Architecture (DNA)
Digital Network Architecture (DNA) is a network architecture for digital
transformation, open, broad and extensible software architecture for digital
businesses.
Digital networks are the platform of the digital business. “Cisco DNA brings
together virtualization, automation, analytics, the cloud and programming
capacity to build that platform.
Cisco DNA completes Cisco Application Centric Infrastructure (ACI) technology for
the data center extending the policy-based and software-based approach to the
entire network: from headquarters to branches and from the core to the end of
the network either wired or wireless.
Key Principles
1. Virtualization
2. Designed for automation
3. Ubiquitous analytics
4. Services managed from the Cloud
5. Open, extensible and programmable architecture
Key Principles
1.Virtualize everything so that organizations have the freedom to implement any
service anywhere, regardless of the underlying platform (physical or virtual, on-
premise or in the cloud).
2.Designed for automation, so that networks and services are simple to deploy,
manage and maintain - significantly transforming the approach to network
management.
3.Ubiquitous analytics, providing greater visibility and knowledge about network

operations, IT infrastructure and business - information that only the network can
provide. Comprehensive analyzes that provide critical information about the
operation of the network, IT infrastructure and business;
Key Principles
4. Services managed from the Cloud to unify policies and orchestration through the
network - combining cloud agility with security and control of on-premise solutions.
5.Open, extensible and programmable architecture in all layers - integrating Cisco

and third-party technology, open APIs and a development platform to support a rich
application ecosystem.
Intent-Based Networking
• Networks are at the heart of the unstoppable evolution to a digital economy.
• Products and services can be customized, ordered and delivered at the click of a button
using web-based applications.
• Business data can be acquired, analyzed and exchanged in near-real time. Geographic
boundaries between enterprises and consumers are decreasing.
• Digitalization is changing the way enterprises, partners, employees, and consumers

interact at an unprecedented pace.
• Increasingly, traditional enterprise and data center network architectures are being
stressed to adapt quickly to these dynamic requirements.
• Applications are moving to public, private, and hybrid-cloud environments and are
now consumed as services (SaaS), blurring the well-defined boundaries between
the enterprise’s network and untrusted domains.
• Developers, empowered by the movements toward open-source software,

containers, microservices and agile development processes, can you give us
applications from concept to production in days rather than months or even years.
• Employees and customers expect connectivity from anywhere, on any device, to
access information at any time.
• And increasingly, sensors and autonomous devices are being connected as the
Internet of Things (IoT) expands.
• At the same time, cyber-threats across the network are becoming more
sophisticated and dangerous to the brand reputation and financial welfare of all
organizations.
Concept
The concept of intent-based networking is that the network team could simply
describe, in plain language, what they wanted to accomplish (the intent) and the
network would be able to translate the intent into the numerous policies that would
establish the appropriate configuration and settings changes across a complex and
heterogeneous environment leveraging automation.
Normally this activity would require a significant manual effort by highly skilled network
engineers to modify each device impacted by the desired change.
In addition to quickly implementing new services, intent-based networking will leverage

machine learning and artificial intelligence to ensure that any services deployed are
still meeting their intended service levels.
Three Key Elements of Intent-based Networking
1.- Intent: The first principle is intent, or the ability to apply business level objectives to
the network.
Essentially, your intent is “what you want to accomplish.” It is not related to the CLI
command, but rather is tied to an objective or outcome.
This intent is captured in some form by the system (potentially plain language GUI) and
then translated into policies that can be applied across the network regardless of the
specific infrastructure deployed.
For example, your intent could be: Connect to a specific cloud application, enable access
to remote office workers, or segment guest traffic from corporate traffic.
Examples
2.- Automation: Once you have defined your intent and created policies, it will be
critical to accelerate the time to provision.
Automation will enable network teams to dramatically reduce the time to implement
change. The same automation that will help accelerate initial provisioning cycles will
also aid in automating future changes.
As organizations continue to grow in size and complexity, adding cloud, IoT, and more
remote workers, automation may be the only way to aid network administrators that
are already unable to meet the service level and security demands of the users,
applications and business.
3.- Assurance: The “Assurance” function provides verification of network-wide

behaviors, predicts the results of changes, tracks compliance with the stated intent and
policies, and provides guidance on remediation when there is misalignment. The ability
to assure that the correct services have been put in place will be critical.
Visibility and context should not be limited to devices in each domain, they should also
cover the complex interactions between applications, users and machines, in any cloud
location or environment.
Based on the challenges related to network performance and security implementation

in large and complex environments, AI and machine learning are required.
3.- Assurance (cont…)

These technologies (AI, machine learning) need to be part of a closed-loop system that
is constantly checking network state, performance levels, and security status, providing
context based on locations and devices and realigning resources in order to meet
service levels or compliance regulations.
Ideally, organizations would decide what simple changes can be made in an automated
fashion. The machine learning will be important to employ in order to create a baseline
of performance and security so it can rapidly identify any deviation from “normal.” This
anomaly detection needs to occur in real time to mitigate risks.
Business Intent
Examples of Intention
The Network Intuitive
This is driving the IT industry’s growing interest in more intelligent

networks, commonly termed “Intent-based Networks”.
Intent-based networking (IBN) offers a significant paradigm shift in

how networks are planned, designed, and operated.
In the past, tools were not available to declare intent and translate it
into the device-level configurations required to realize a desired
outcome
Unprecedented Demands on the Network
The Intent-based Networking Model
The Intent-based Networking Model
•Translation: Is about the characterization of intent. It enables network operators

to express intent in a declarative and flexible manner, expressing what the
expected networking behavior is that will best support the business objectives,
rather than how the network elements should be configured.
•Activation: The intent then needs to be interpreted into policies that can be
applied across the network. The Activation function installs these policies into the
physical and virtual network infrastructure using network wide automation.
•Assurance: Continuously check that the expressed intent is honored by the

network at any point in time, maintains a continuous validation-and-verification
loop. Context derived from telemetry data is used to check alignment of operation
with intent.
Cisco's 2017 announcements pointed to several of these aspects:
Cisco Digital Network Architecture (Cisco DNA): launched two and a half years
ago, it was reinforced with important software and hardware innovations.
Cisco DNA Center: a centralized and intuitive management console to design and
implement policies, and to provision the entire network (LAN, WAN and WLAN).
This resource allows to make a design prior to the deployment and installation of
the equipment, then download configurations and policies as they are installed, in
an automated way. In this way, IT departments can manage the network in a self-
adapting way.
Software Defined Access: an innovative solution that allows defining the access
network through software.
Automate policy strengthening and network segmentation on a single fabric,
something that simplifies access for users of various types, devices and objects.
DNA Analytics and Assurance: It is an innovative analytical platform capable of

solving problems before they occur. From this capacity comes precisely the
"intuitive" feature of the new network.
All the data that pass through the network are analyzed and categorized so that
they can later be used for predictive analytics through machine learning.
Introduction to Cisco DNA Center
Cisco DNA Center Overview
Cisco DNA Center is at the heart of Cisco Digital Network Architecture (Cisco DNA), an
open, extensible, software-driven architecture that accelerates and simplifies your
enterprise network operations while helping you lower costs and reduce your risk.
Using intuitive workflows, easily design, provision, and apply policy across your
network.
DNS, DHCP, and IP address management (DDI)

The advantages of having all your core network tools integrated into a single
software platform are compelling:
●Multiple tools with multiple interfaces add complexity, which increases the
possibility of errors in configuration and management.
●Changing between program interfaces during network operations is time

consuming and can make even simple changes or troubleshooting tasks take much
longer to complete.
●Third-party platforms will never support the same levels of device management
and control as those that are integrated and designed to work together.
Network deployment time savings
Network deployment time savings
Workflows and profiles to Automation

Assurance
Assurance
• Automatic troubleshooting with guided remediation is extremely complex in today’s

virtualized networks. Third-party tools can often tell you if a problem is due to the
network or caused by an application, but they can’t offer guided remediation without
true integration between the tools that control virtualization, analytics, and
automation.
• Real intent-based networking requires extensive real-time data flow between the
operational tools that are core to the network. The management of network
configuration, security, analytics, and automation comes together to deliver the true
business intent of the operation.
Assurance - Issues

DNA Center is an open platform that provides:
Over 100 APIs that allow IT and business applications to constantly communicate their
performance, policy and compliance needs to the network.
Adapters and connectors for integrating with other IT and network systems (e.g. ITSM
and IPAM) so you can optimize IT workflows.
Adapters and connectors for integrating with other infrastructure domains (e.g.
datacenter, cloud and security).
An SDK for allowing the support of 3rd party network vendors’ devices, so you can
bring intent-based networking to multivendor environments.
IP Address Management (IPAM)

ITSM (IT Service Management)
Continuous innovation with Cisco DNA
Introduction to Cisco’s Software Defined Access
Objectives
•Know and understand the concepts, characteristics, benefits and terminology of

this new technological trend.
• Differentiate and explain each of the basic components of the SD Access solution.
• Become familiar with Border Node and Edge Node device types.
• Implement and configure Edge and Fabric nodes.
•Understand the role of the DNA Center as an orchestrator of solutions and
intelligent GUI
Cisco SD-Access
Definition
Cisco's Software-Defined Access (or SD-Access) solution is a programmable network
architecture that provides software-based policy and segmentation from the edge
of the network to the applications.
There is great reason to believe that as organizations look to increase network

flexibility and agility through automation, programmability, and single-platform
control of wired and wireless environments alongside WAN convergence, they will
look for SDN solutions oriented toward the campus and branch access network; in
other words,"software-defined access."
What is a SDN
Software-Defined Access Network?
What is a SDN
Software-Defined Access Network
SD-Access Overview
SD-Access Overview
SD Access Campus fabric provides the basic infrastructure to develop virtual
networks based on policy-based segmentation constructs. The Cisco SD-Access
solution is ideal for addressing the different challenges of the corporate campus
network:
• Host Mobility
• Network segmentation
• Access control based on user roles
The Cisco SD-Access with Campus Fabric works at the Cisco DNA center, the
place where Cisco delivers its intuitive network and where all automation and
data analytics tasks are performed.
Cisco SD-Access
Challenges of networks without SD-Access?
Network deployment challenges
• Setup or deployment of a single network switch can take several hours due to
scheduling requirements and the need to work with different infrastructure
groups. In some cases, deploying a batch of switches can take several weeks.
Network security challenges

• Security is a critical component of managing modern networks.
Organizations need to protect resources and make changes efficiently in
response to real-time needs. In traditional networks, it can be challenging to
track VLANs, access control lists (ACLs), and IP addresses to ensure optimal
policy and security compliance.
Cisco SD-Access
Challenges of networks without SD-Access?
Wireless and wired network challenges
• Disparate networks are common in many organizations, because different
systems are managed by different departments. Typically, the main IT network
is operated separately from building management systems, security systems,
and other production systems. This leads to duplication of network hardware
procurement and inconsistency in management practices.
Network operations challenges

• IT teams often have difficulties with outdated control tools as well as
difficulties in maintaining productivity and fast problem solving
Cisco SD-Access
What does SD-Access offer us?
Cisco SD-Access
Introduces several new concepts in enterprise network design:
1.- IP pools follow people, not locations.
• In a traditional design, a network architect allocates a pool of IP addresses (via
DHCP server), to be associated with a single physical location.
• This allows much greater mobility and flexibility in associating users and
policies, regardless of physical location.
• This is a significant change from the old practice of allocating IP address

blocks at each location, which made it much harder to grow or reallocate IP
address pools in response to changing business needs.
Cisco SD-Access
2.- Every edge device uses the same anycast gateway.
• A conventional network requires each edge device to define a gateway address,

with different gateway addresses in use even at the same location, such as
different buildings or floors within the same campus.
• In contrast, SD-Access uses IP anycast so that all edge devices within each IP pool
use the same gateway address.
This reduces not only configuration complexity but also the scale of IP routing
within an enterprise campus.
Cisco SD-Access
3.- Network and group segmentation can be applied at the fabric edge for both
wired and wireless users.
• SD-Access allows definition of VRF instances and access policies at each individual
edge switch and access point (AP).
• This allows an unprecendented level of granularity in routing and access control for
wired and wireless users and devices.
• There’s a common thread across these changes: SD-Access is a much more business-
and user-centric approach to network design, instead of the old device- and
network-centric approach.
Module 2
Cisco SD-Access
Solution
Cisco SD-Access Solution
What is Cisco SD-Access
Cisco DNA Enterprise Solution
Software Define Access
Cisco Digital Network Architecture
Cisco SD Access Platform
Cisco Catalyst 9600 Series Chassis
●Hardware ready to support up to 25.6 Tbps in wired

switching capacity, with up to 6.4 Tbps bandwidth per slot.
● Up to 9.6 Tbps in wired switching capacity, with 3 Bpps of
forwarding performance with Sup 1.
●Up to 48 nonblocking 100 Gigabit Ethernet QSPF28 ports
with Sup 1
●Up to 96 nonblocking 40 Gigabit Ethernet QSFP+ ports
with Sup 1
●Up to 192 nonblocking 25 Gigabit Ethernet /10 Gigabit
Ethernet SFP28/SFP+ ports with Sup 1.
●Up to 192 non blocking 10 Gigabit Ethernet / 5 Gigabit
Ethernet / 2.5 Gigabit Ethernet / 1 Gigabit Ethernet / 100
Megabit / 10 Megabit RJ45 copper ports with Sup 1.
● Platinum-rated AC and DC power supplies.
https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-9600-series-switches/nb-06-cat9600-series-data-sheet-cte-en.html
Fabric Edge
Fabric Edge
Fabric Edge
Fabric Border Node
Fabric Border Node
Fabric Border Node
Fabric Border Node
Fabric enabled Wireless
Extention IoT
Extention IoT
Cisco SD Access
Cisco SD Access
How Virtual Network works ?
Cisco SD Access
How Virtual Network works ?
Cisco SD Access
Cisco SD Access
Cisco SD Access
Cisco SD Access
Layer 3 Overlay
Cisco SD Access
Layer 2 Overlay
Cisco SD Access
Fabric Site
Cisco SD Access
Fabric Overlay
Cisco SD Access
Fabric Overlay and Underlay
Cisco SD Access
Fabric Overlay and Underlay
Cisco SD Access Components
Functions
Module 3
Describing Cisco
SD-Access Architecture
Cisco SD-Access Architecture
LISP Mapping System

LISP Map Database
LISP Operation from Branch
LISP Operation from Outside
LISP Host Mobility
LISP Host Mobility – Map Cache
Unique Control plane extensions compared to LISP
VXLAN
Fabric Header Encapsulation
VXLAN – GPO Header
VXLAN – GPO Header
Packet Flow in Fabric
Unique Data-Plane Extensions compared to VXLAN
Cisco SD-Access Policy
Key Components – Group Based Policy
Cisco TrustSec
SGT and SGT Exchange Protocol (SXP), is an IETF draft protocol (SXP-006) that provides
logical group-based policy creation and enforcement by separating the actual endpoint
“identity” (group) from its actual network address (IP) using a new ID known as a Scalable
[or security] Group Tag (SGT).
An SGT is a unique (16-bit) ID tag, separate from the network address. This allows the user
to create network policies (such as security, Quality of Service [QoS], Policy-Based Routing
[PBR], etc.) based solely on the SGT, regardless of the actual location.
Also, when SGTs and VNs are combined together, we can create a two-level hierarchical
policy model. SGTs
Two Level Hierarchy - Macro Level
Policy Types
Two ways to assign SGT
Policy Contracts
Policy Enforcement
Policy Enforcement
Policy Enforcement
Group Propagation
Group Propagation
Cisco SD-Access
Module 4
Exploring the Cisco

Digital Network
Architecture Center
Cisco DNA Center
Cisco DNA Center
Service Components of DNAC
Cisco DNA Center
Cisco DNA Center
Cisco DNA Center
Automated Provisioning and Telemetry Enrichment
Cisco DNA Center
ISE and DNA Center Integration
Cisco DNA Center
DNA Center Architecture
Cisco DNA Center
Application Policy Infrastructure Controller Enterprise Module (APIC-EM)
Cisco DNA Center
Automation-MagLev
DNA-Center is essentially based on the container-
based platform of APIC-EM.
In this platform, grapevine has been replaced with a
different container-based infrastructure platform
named maglev.
Maglev introduces the possiblilty to cluster multiple
DNA-C appliances for a HA solution. For HA you do
need three DNA-C appliances with the primary
reason that the integrity of the data (NDP) and
config can be validated as there are still two copies,
a common practice also seen in HyperFlex or vSAN
deployments.
Cisco DNA Center
Automation-MagLev
Cisco DNA Center
Automation-MagLev
Cisco DNA Center
Automation-MagLev
Cisco DNA Center
ISE-Architecture Overview
Cisco DNA Center
ISE-Architecture Overview
Cisco DNA Center
NDP Assurance
Cisco DNA Center
NDP Assurance
Cisco DNA Center
NDP Assurance
Cisco DNA Center
DNA Center Workflow
Cisco DNA Center
DNA Center Design
Cisco DNA Center
DNA Center Design
Cisco DNA Center
DNA Center Design
Cisco DNA Center
DNA Center Automation
DNA Center Automation can be categorized into:

▪ Network infrastructure automation
Concentrates on bringing up, connecting, and maintaining the routers, switches,
access points, and other network elements that make up the enterprise network.
It includes tasks such as provisioning a network element, loading an initial
configuration, updating device as new services are introduced, maintaining
software images, and managing licenses for the device.
Cisco DNA Center
• Cisco DNA services connect endpoints to applications or to each other.

• Cisco DNA service automation focuses on the services that the DNA Center
network delivers to endpoints and applications.
• Service automation instantiates policies that govern whether endpoints and
applications are granted access to the network, what communication
relationships they can establish with other endpoints or applications, and how the
traffic flows between endpoints or applications are to be treated by the network
infrastructure.
Cisco DNA Center
Cisco DNA Center
DNA Center Policy
Cisco DNA Center
DNA Center Policy
Cisco DNA Center
DNA Center Policy types
Cisco DNA Center
DNA Center Provision
Cisco DNA Center
DNA Center Provision
Cisco DNA Center
DNA Center Assurance
Cisco DNA Center
Cisco DNA Center
Module 5
Configuring Underlay
Automation
Configuring Underlay Automation
Traditional network
Overview
Procedure-4 Step Process
Network Planning
Underlay Device Role
A PnP solution has three main components
A PnP solution has three main components
Plan – Underlay Automation Boundary
Plan 1-Network Design Support
Plan 2-IP Address Plan
Plan 3-Seed Switch IP Routing Configuration
Plan Endpoints Connections
Plan 4-Seed Switch Feature Validation
Underlay Network Design
Design 1-Create Site (Area)
Design 1-Global Networks Settings
Design 2-Global Device Credential
Design 3- IP Address Pools
Design 4- Reserve IP Address Pools
Discovery of Network Devices
Discovery of Network Devices
Options Discovery
Tools - Discovery
Tools - Discovery
Tools - Discovery
Discovery 2 – Seed System Discovery
Discovery 3 – Run System Discovery
Discovery 3 – Seed System Inventory
Underlay Network Provisioning
Provisioning 1-Add Seed System to Site
Provisioning 1-Device Inventory View
Provisioning 2-Initial Discover Process
Provisioning 2-Start LAN Automation
Provisioning 3-Stop LAN Automation / Status
Provisioning 3-Stop LAN Automation
Provisioning 3-Global Network Services
Summary
Module 6
Cisco SD-Access
Implementation
Cisco SD-Access Implementation
Objectives
ISE Integration in DNA Center
ISE Integration in DNA Center
Integrating DNAC with ISE and pxGrid
ISE Provisioning
ISE Certificate Management
Enabling pxGrid on ISE
Enabling pxGrid on ISE
DNAC-to-ISE Integration
Policy Provisioning Basics
Explaining Provisioning Basics
Policy Menu
Policy Menu
Two-Level Hierarchy-Macro Level
Virtual Network
Two-Level Hierarchy-Macro Level
Scalable Group
Policy types
Access Policy
Access Policy – ISE Authentication Rules
Access Policy – ISE Authorization Rules
Access Control Policy
SGACL (Group-Based Policies) in DNAC
SGACL Matrix in ISE
Access Controls Based on Group-Based Policies
User and Device Groups and Virtual Networks
Cisco TrustSec Simplified Segmentation with Group-Based Policy
Summary
Module 7
SD Access – Fabric Site

SD Access – Fabric Domain
SD Access – Fabric Domain&Domain
SD Access for Distributed Campus
SD-Access Deployment Models
Fabric Border Node Deployment Models
Internal Border – Rest of the Company
External Border – Outside World
Anywhere Border – Internal & External
Traffic hair pinning with Anywhere Border
Dedicated Borders
Multiples Borders Options
Cisco SD-Access for Distributed Campus
SD-Access Deployment
Creating an IP-Based Transit
Border Design Options
Border Design Options
Fabric Border Design Considerations
Fabric Border Design Considerations
Border and Control Plane Colocated
Border with Distributed Control Plane Node
Guest Access Deployment Considerations
Fabric Border Connectivity Shared Services
BGP configuration on Fusion Router
1.Establish IP connectivity between Border and the Fusion router for the Virtual Networks.
DNA Center automated the Border interface configuration when the fabric was deployed.
2.Use BGP to extend Virtual Networks to the Fusion Router. DNAC Center automated the
Border side BGP configuration. The BGP configuration on Fusion Router needs to manually be
configured.
Configure router leaking to distribute Virtual Network and shared services routes within the
SD-Access fabric.
Fusion Router Configuration
1.- Create L3 connectivity between border and Fusion Router

The first task is to allow IP connectivity from the Border to the Fusion router, for each
Virtual Network that requires external connectivity.
Since DNA Center has automatically configured the Border, the first task is to view that
configuration and then configure the Fusion router to enable IP connectivity. To do this
we will use L3 sub-interface on Fusion router.
2.-Create the L3 sub-interfaces on the Fusion router

L3 sub-interface must be associated to VRFs, but the VRF do not exist as of yet on the
Fusion router. To simplify the configuration steps, we recommend defining the VRFs first
and then configure the L3 sub-interfaces.
Host Onboarding is a number of different steps under the Provision>Fabric>Host
Onboarding tab of DNAC.
It combines together all the previously configured items completed during the Design Stage.
Host Onboarding - IP Address Pool
Once the overlay (LISP) is provisioned, the routers and switches need to be made
aware of the IP Address Pools.
These pools enable hosts to communicate through the Fabric.
This is done by binding the previously created IP Address Pools with the previously
created VNs.
This is how LISP keeps track of hosts and their applicable VRFs, effectively segmenting
the network. SGTs further segments the VRFs.
Host Onboarding - IP Address Pool
By default, any network device or user within the Virtual Network is permitted to
communicate with other users and devices in the same Virtual Network.
Host Onboarding – Add Segments to VN
Host Onboarding – Authentication Templates
During Host Onboarding, DNAC will push down additional AAA (802.1x) configuration
to the EdgeNodes. This is done using Authentication Templates.
Authentication templates refer to the interface level configuration for network access
(801.x, MAB, etc) using the staged approach (closed mode, open mode).
Once the VNs are bound to the IP Address Pools, DNAC will push additional
configuration to the EdgeNodes.
Each EdgeNode will be provisioned with a SVI (Switched Virtual Interface) for each
defined Virtual Network. The IP address of that SVI will be the Gateway defined in the
IP Address Pool in Design.
Host Onboarding – Authentication Templates Types
• Closed Authentication: Any traffic prior to authentication is dropped, including DHCP,

DNS, and ARP.
•Easy Connect: Security is added by applying an ACL to the switch port, to allow very
limited network access prior to authentication. After a host has been successfully
authenticated, additional network access is granted.
• No Authentication
•Open Authentication: A host is allowed network access without having to go through

802.1X authentication.
Host Onboarding – Authentication Templates
Select the default host authentication template. This will be applied to all Fabric
Edge host ports, unless overridden by a static port assignment
Host Onboarding – Select Switch & Port Assignment
Host Onboarding – Select Switch & Port Assignment
Through this Port Assigments profile you

can select the interface, the type of
device, the network segment, SFT Group,
voice pool and the Authentication
Template.
Summary
Module 8
Integrating Wireless
with Cisco SD-Access
Solution
Integrating Wireless with the SD-Acces Solutionv
Integrating Wireless with the SD-Acces Solution
CUWN OTT
CUWN FlexConnect OTT
Wireless in SDA Fabric
Wireless with the SD-Acces Solution
SD-Acces Fabric Architecture
Simplifying Policy and Segmentation
Workflow of Cisco SD-Acces Wireless
Select the AP and clink on Action > Provision
Assign to the floor
Optional assign RF Profile

Click on Deploy to apply
AP´s will disconnect and reconnect
When the pool is assigned to the Virtual Network, the correspondent Fabric interface to VNID
mapping is pushed to the controller.
Module 9
Cisco SD-Access
Assurance
Cisco SD-Access Assurance
Provide an Overview of the Cisco Network Data Platform
Describe the role of assurance within Cisco SD-Acces
Discuss DNA Center assurance use cases
Module 10
Cisco SD-Access Migration

Strategies
Cisco SD-Access Migration Strategies
Migration considerations
Acces Layer Reconfiguration
IP addressing for Underlay and Overlay
Segmentation Default Schema
Location of Shared Services Infraestructure
Features Applied at Distribution Tier
Hardware platform considerations
Software Platforms considerations
Migration Approaches-Parallel vs Incremental
Types of Deployments
Parallel Installation for Branch Networks
SD-Access Brownfield
Brownfield Approach Step 1
Using New IP Subnets Optimized for SD-Acces
Connecting the First Fabric Border/Control Plane and Fabric Edge Switch
Using New IP Subnets Optimized for SD-Acces Fabric
Shared Services in Global Routing table
Services and Policy Migration

PDF Dnac Sda

Uploaded by

Copyright:

Available Formats

PDF Dnac Sda

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PDF Dnac Sda

Uploaded by

Copyright:

Available Formats

Skill and Knowledge

The Goal of this training program is to introduce learners to the

• Module 7 Integration of Cisco ISE with Cisco DNA-Center

3.Ubiquitous analytics, providing greater visibility and knowledge about network

5.Open, extensible and programmable architecture in all layers - integrating Cisco

• Networks are at the heart of the unstoppable evolution to a digital economy.

• Digitalization is changing the way enterprises, partners, employees, and consumers

• Developers, empowered by the movements toward open-source software,

In addition to quickly implementing new services, intent-based networking will leverage

3.- Assurance: The “Assurance” function provides verification of network-wide

Based on the challenges related to network performance and security implementation

3.- Assurance (cont…)

This is driving the IT industry’s growing interest in more intelligent

Intent-based networking (IBN) offers a significant paradigm shift in

•Translation: Is about the characterization of intent. It enables network operators

•Assurance: Continuously check that the expressed intent is honored by the

DNA Analytics and Assurance: It is an innovative analytical platform capable of

DNS, DHCP, and IP address management (DDI)

●Changing between program interfaces during network operations is time

DNS, DHCP, and IP address management (DDI)

• Automatic troubleshooting with guided remediation is extremely complex in today’s

DNS, DHCP, and IP address management (DDI)

IP Address Management (IPAM)

•Know and understand the concepts, characteristics, benefits and terminology of

There is great reason to believe that as organizations look to increase network

Network security challenges

Network operations challenges

• This is a significant change from the old practice of allocating IP address

• A conventional network requires each edge device to define a gateway address,

●Hardware ready to support up to 25.6 Tbps in wired

LISP Mapping System

Exploring the Cisco

DNA Center Automation can be categorized into:

• Cisco DNA services connect endpoints to applications or to each other.

SD Access – Fabric Site

1.- Create L3 connectivity between border and Fusion Router

2.-Create the L3 sub-interfaces on the Fusion router

These pools enable hosts to communicate through the Fabric.

• Closed Authentication: Any traffic prior to authentication is dropped, including DHCP,

•Open Authentication: A host is allowed network access without having to go through

Through this Port Assigments profile you

Optional assign RF Profile

Cisco SD-Access Migration

You might also like