Quién debería asistir:

Individuals interested in desigining or implementing a SD-Access solution


Attendees should meet the following prerequisites:

    • Knowledge level equivalent to Cisco CCNA Routing & Switching
    • Basic knowledge of Software Defined Networks
    • Basic knowledge of network security including AAA, Access Control and ISE
    • Basic knowledge and experience with Cisco IOS, IOS XE and CLI

Objetivo del curso:

After completing this course you should be able to: :

    • Know and understand Cisco’s SD-Access concepts, features, benefits, terminology and the way this approach innovates common administrative tasks on today’s networks.
    • Differentiate and explain each of the building blocks of SD-Access Solution
    • Explain the concept of “Fabric” and the different node types that conform it (Fabric Edge Nodes, Control Plane Nodes, Border Nodes)
    • Describe the role of LISP in Control Plane and VXLAN in Data Plane for SD-Access Solution
    • Understand TrustSec concepts, deployment details and the way it is used as part of SD-Access Solution for segmentation and Policy Enforcement
    • Understand the role of DNA Center as solution orchestrator and Intelligent GUI
    • Be familiar with workflow approach in DNA Center and its 4 Steps: Design, Policy, Provision and Assurance
    • Explain the role that ISE and NDP play as part of the solution
    • Use AAA services and TrustSec Policy in ISE
    • Integrate ISE with DNA Center for Policy enforcement

Contenido del curso:

Module 1: Introduction to Cisco’s Software Defined Access (SD-Access)

    • SD-Access Overview
    • SD-Access Benefits
    • SD-Access Key Concepts
    • SD-Access Main Components
    • Campus Fabric
        • Wired
        • Wireless
    • Nodes
        • Edge
        • Border
        • Control Plane
    • ISE (Policy)
    • Introduction to DNA Center
    • DNA Controller (APIC-EM Controller)
    • Overview of DNA Assurance

Module 2: SD-Access Campus Fabric

    • The concept of Fabric
    • Node types (Breakdown)
    • LISP as protocol for Control Plane
    • VXLAN as protocol for Data Plane

Module 3: Campus Fabric External Connectivity for SD-Access

    • Enterprise Sample Topology for SD-Access
    • Role of Border Nodes
    • Types of Border
        • Border
        • Default Border
    • Single Border vs. Multiple Border Designs
    • Collocated Border and Control Plane Nodes
    • Distributed (separated) Border and Control Plane Nodes

Module 4: Implementing WLAN in SD-Access Solution

    • WLAN Integration Strategies in SD-Access Fabric
        • CUWN Wireless Over The Top (OTT)
        • SD-Access Wireless (Fabric enabled WLC and AP)
    • SD-Access Wireless Architecture
        • Control Plane: LISP and WLC
        • Data Plane: VXLAN
        • Policy Plane and Segmentation: VN and SGT
    • Sample Design for SD-Access Wireless

Module 5: Using Cisco ISE for SD Access

    • Introduction to Cisco ISE
    • Using Cisco ISE as a Network Access Policy Engine
    • Introducing Cisco ISE Deployment Models
    • Introducing 802.1x and MAB Access: Wired and Wireless
    • Introducing Identity Management
    • Using Certificate Service
    • Introducing Cisco ISE Policy
    • Using Cisco ISE Policy Sets
    • Introducing Cisco ISE 2.x pxGrid
    • Preparing ISE for Integration with DNA Center for SD-Access

Module 6: Implementing Policy Plane using Cisco TrustSec for Segmentation – Part 1

    • Need for users and groups Segmentation on SD-Access
    • Limitations of traditional segmentation methods
    • Introduction to Cisco TrustSec for segmentation
    • The Concept of Security Group (SG) and Security Group Tag (SGT)
    • Cisco TrustSec phases
        • Classification
        • Propagation
        • Enforcement
    • Methods for Classification
        • Static Classification
        • Dynamic Classification
    • Methods for SGT tag propagation
        • Inline Tagging
        • SGT Exchange Protocol (SXP)
    • Enforcement

Module 6: Implementing Policy Plane using Cisco TrustSec for Segmentation – Part 2

    • Cisco ISE as controller for Software-defined segmentation (groups and policies)
        • Baseline ISE Configuration for TrustSec
        • Sample devices configuration for Policy Acquisition (downloading policies from ISE)
        • Using ISE for Dynamic SGT assignment
        • Using ISE for Static SGT assignment
        • Using Policy Enforcement
            • Defining SGACL
            • Defining Egress Policy

Module 7: DNA Center Workflow First Step – Design

    • DNA Center Refresher
    • Creating Enterprise and Sites Hierarchy
    • Using General Network Settings
    • Loading maps into the GUI
    • IP Address Administration
    • Administering Software Images
    • Network Device Profiles

Module 8: DNA Center Workflow Second Step – Policy

    • 2-level Hierarchy
        • Macro Level: Virtual Network (VN)
        • Micro Level: Scalable Group (SG)
    • Policy Types
        • Access Policy
        • Access Control Policy
        • Traffic Copy Policy
    • ISE Integration with DNA Center
    • Cross Domain Policies

Module 9: DNA Center Workflow Third Step – Provision

    • Devices Onboarding
        • Discovering Devices
        • Assigning Devices to a site
        • Provisioning device with profiles
    • Fabric Domains
        • Understanding Fabric Domains
        • Using Default LAN Fabric Domain
        • Creating Additional Fabric Domains
    • Adding Nodes
        • Adding Fabric Edge Nodes
        • Adding Control Plane Nodes
        • Adding Border Nodes

Module 10: DNA Center Workflow Fourth Step – Assurance

    • Introduction to Analytics
    • NDP Fundamentals
    • Overview of DNA Assurance
    • Components of DNA Assurance
    • DNA Center Assurance Dashboard


    • Lab 1: ISE basic setup and Navigating GUI
    • Lab 2: Using TrustSec in ISE
    • Lab 3: Connecting and getting familiar with DNA Center GUI
    • Lab 4: Performing SD-Access Design Step in DNA Center
    • Lab 5: Integrating ISE and DNA Center for Policy Deployment and Enforcement
    • Lab 6: Performing SD-Access Policy Step in DNA Center and ISE
    • Lab 7: Performing SD-Access Provision Step in DNA Center
    • Lab 8: Performing SD-Access Assurance Step in DNA Center
    • Lab 9 :Integrating WLAN services through SD-Wireless architecture
    • Lab 10: Achieving External Connectivity to remote locations through Border Node

Duración: 3 días

Precio: A consultar

Cisco Learning Credits: A consultar



Skill level



Parents, students and community members are invited to attend this meeting, which discusses educational issues at the high school and its middle and elementary schools. Schools in the Kerrington cluster are: Aldiger, Caramba, Chesterfield, Cutterey, Fraiser, Johnson, Antonio, Lorney Winston, Ramos, and Westford secondary schools

Download pdf Download doc
Apúntate al curso AHORA

Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies.

Aviso de cookies