Quién debería asistir:

Individuals interested in desigining or implementing a SD-Access solution

Pre-requisitos:

Attendees should meet the following prerequisites:

• Knowledge level equivalent to Cisco CCNA Routing & Switching

• Basic knowledge of Software Defined Networks

• Basic knowledge of network security including AAA, Access Control and ISE

• Basic knowledge and experience with Cisco IOS, IOS XE and CLI

Objetivo del curso:

After completing this course you should be able to: :

• Know and understand Cisco’s SD-Access concepts, features, benefits, terminology and the way this approach innovates common administrative tasks on today’s networks.

• Differentiate and explain each of the building blocks of SD-Access Solution

• Explain the concept of “Fabric” and the different node types that conform it (Fabric Edge Nodes, Control Plane Nodes, Border Nodes)

• Describe the role of LISP in Control Plane and VXLAN in Data Plane for SD-Access Solution

• Understand TrustSec concepts, deployment details and the way it is used as part of SD-Access Solution for segmentation and Policy Enforcement

• Understand the role of DNA Center as solution orchestrator and Intelligent GUI

• Be familiar with workflow approach in DNA Center and its 4 Steps: Design, Policy, Provision and Assurance

• Explain the role that ISE and NDP play as part of the solution

• Use AAA services and TrustSec Policy in ISE

• Integrate ISE with DNA Center for Policy enforcement

Contenido del curso:

Module 1: Introduction to Cisco’s Software Defined Access (SD-Access)

• SD-Access Overview

• SD-Access Benefits

• SD-Access Key Concepts

• SD-Access Main Components

• Campus Fabric
  • Wired
  • Wireless

• Nodes
  • Edge
  • Border
  • Control Plane

• ISE (Policy)

• Introduction to DNA Center

• DNA Controller (APIC-EM Controller)

• Overview of DNA Assurance

Module 2: SD-Access Campus Fabric

• The concept of Fabric

• Node types (Breakdown)

• LISP as protocol for Control Plane

• VXLAN as protocol for Data Plane

Module 3: Campus Fabric External Connectivity for SD-Access

• Enterprise Sample Topology for SD-Access

• Role of Border Nodes

• Types of Border
  • Border
  • Default Border

• Single Border vs. Multiple Border Designs

• Collocated Border and Control Plane Nodes

• Distributed (separated) Border and Control Plane Nodes

Module 4: Implementing WLAN in SD-Access Solution

• WLAN Integration Strategies in SD-Access Fabric
  • CUWN Wireless Over The Top (OTT)
  • SD-Access Wireless (Fabric enabled WLC and AP)

• SD-Access Wireless Architecture
  • Control Plane: LISP and WLC
  • Data Plane: VXLAN
  • Policy Plane and Segmentation: VN and SGT

• Sample Design for SD-Access Wireless

Module 5: Using Cisco ISE for SD Access

• Introduction to Cisco ISE

• Using Cisco ISE as a Network Access Policy Engine

• Introducing Cisco ISE Deployment Models

• Introducing 802.1x and MAB Access: Wired and Wireless

• Introducing Identity Management

• Using Certificate Service

• Introducing Cisco ISE Policy

• Using Cisco ISE Policy Sets

• Introducing Cisco ISE 2.x pxGrid

• Preparing ISE for Integration with DNA Center for SD-Access

Module 6: Implementing Policy Plane using Cisco TrustSec for Segmentation – Part 1

• Need for users and groups Segmentation on SD-Access

• Limitations of traditional segmentation methods

• Introduction to Cisco TrustSec for segmentation

• The Concept of Security Group (SG) and Security Group Tag (SGT)

• Cisco TrustSec phases
  • Classification
  • Propagation
  • Enforcement

• Methods for Classification
  • Static Classification
  • Dynamic Classification

• Methods for SGT tag propagation
  • Inline Tagging
  • SGT Exchange Protocol (SXP)

• Enforcement

Module 6: Implementing Policy Plane using Cisco TrustSec for Segmentation – Part 2

• Cisco ISE as controller for Software-defined segmentation (groups and policies)
  • Baseline ISE Configuration for TrustSec
  • Sample devices configuration for Policy Acquisition (downloading policies from ISE)
  • Using ISE for Dynamic SGT assignment
  • Using ISE for Static SGT assignment
  • Using Policy Enforcement
    • Defining SGACL
    • Defining Egress Policy

Module 7: DNA Center Workflow First Step – Design

• DNA Center Refresher

• Creating Enterprise and Sites Hierarchy

• Using General Network Settings

• Loading maps into the GUI

• IP Address Administration

• Administering Software Images

• Network Device Profiles

Module 8: DNA Center Workflow Second Step – Policy

• 2-level Hierarchy
  • Macro Level: Virtual Network (VN)
  • Micro Level: Scalable Group (SG)

• Policy Types
  • Access Policy
  • Access Control Policy
  • Traffic Copy Policy

• ISE Integration with DNA Center

• Cross Domain Policies

Module 9: DNA Center Workflow Third Step – Provision

• Devices Onboarding
  • Discovering Devices
  • Assigning Devices to a site
  • Provisioning device with profiles

• Fabric Domains
  • Understanding Fabric Domains
  • Using Default LAN Fabric Domain
  • Creating Additional Fabric Domains

• Adding Nodes
  • Adding Fabric Edge Nodes
  • Adding Control Plane Nodes
  • Adding Border Nodes

Module 10: DNA Center Workflow Fourth Step – Assurance

• Introduction to Analytics

• NDP Fundamentals

• Overview of DNA Assurance

• Components of DNA Assurance

• DNA Center Assurance Dashboard

Labs

• Lab 1: ISE basic setup and Navigating GUI

• Lab 2: Using TrustSec in ISE

• Lab 3: Connecting and getting familiar with DNA Center GUI

• Lab 4: Performing SD-Access Design Step in DNA Center

• Lab 5: Integrating ISE and DNA Center for Policy Deployment and Enforcement

• Lab 6: Performing SD-Access Policy Step in DNA Center and ISE

• Lab 7: Performing SD-Access Provision Step in DNA Center

• Lab 8: Performing SD-Access Assurance Step in DNA Center

• Lab 9 :Integrating WLAN services through SD-Wireless architecture

• Lab 10: Achieving External Connectivity to remote locations through Border Node

Duración: 3 días

Precio: A consultar

Cisco Learning Credits: A consultar