Cisco Software-Defined Access (SDA): Use Case Implementation, Operations, & Troubleshooting

Module 1: Introduction to Ciscos Software Defined Access (SD-Access)

• Understanding Cisco Intent-Based Networking
• Understanding Cisco SDA Use Cases customers benefits including business and technical outcomes and capabilities
• Cisco Catalyst Center (formerly DNAC) Introduction
• SD-Access Overview
• SD-Access Benefits
• SD-Access Key Concepts
• SD-Access Main ComponentsFabric Control Plane NodeFabric Border NodeFabric Edge NodeFabric Wireless LAN Controller and Fabric Enabled Access Points
• Cisco Catalyst Center Automation
• Cisco ISE (Policy)
• Cisco StealthWatch (Traffic Analysis)
• DNA Center Assurance

Module 2: Deployment and Initial setup for the Cisco DNA-Center

• Cisco Catalyst Center Appliances
• Cisco Catalyst Center Deployment ModelsSingle Node DeploymentClustered Deployment
• Installation Procedure
• Initial Setup and Configuration
• GUI Navigation

Module 3: SDA - Design

• Network design options
• Sites
• Creating Enterprise and Sites Hierarchy
• Configuring General Network Settings
• Loading maps into the GUI
• IP Address Management
• Software Image Management
• Network Device Profiles
• AAA
• SNMP
• Syslog
• IP address pools
• Image management
• Creating Enterprise and Guest SSIDsCreating the wireless RF ProfileCresting the Guest Portal for the Guest SSIDs
• Network profiles
• Authentication templates

Module 4: SDA - Policy

• 2-level HierarchyMacro Level: Virtual Network (VN)Micro Level: Scalable Group (SG)
• PolicyPolicy in SD-AccessAccess Policy: Authentication and AuthorizationAccess Control PolicyApplication PolicyExtending Policy across domainsPreserving Group Metadata across Campus, WAN and DCEnforcing policy in Firewall domainsCross Domain Policies

Module 5: SDA - Provision

• Devices OnboardingLifecycle stages of network device discoveryDiscovering DevicesAssigning Devices to a siteProvisioning device with profilesPlug-and-PlayLAN Automation
• TemplatesTemplates for day 0Templates for day N operations
• IP TransitsHow to connect the Fabric Sites to the external networkCreating the IP TransitConsiderations for a SD-Access Border Node DesignBGP Hand-Off Between Border and Fusion
• Fabric DomainsUnderstanding Fabric Domains and SitesUsing Default LAN Fabric DomainCreating Additional Fabric Domains and Sites
• Adding NodesAdding Fabric Edge NodesAdding Control Plane NodesAdding Border Nodes

Module 6: SDA - Assurance

• Overview of DNA Assurance
• Cisco Catalyst Center Assurance- Use Cases Examples
• Network Health & Device 360
• Client Health & Client 360
• Application Health & Application 360
• Cisco SD- Application Visibility Control (AVC) on Catalyst Center
• Proactive troubleshooting using Sensors

Module 7: Cisco SD-Access Distributed Campus Design

• Introduction to Cisco SD-Access Distributed Campus Design The Advantage?
• Fabric Domain vs Fabric Site
• SD-Access Transits:IP-Based TransitCisco SD-Access TransitCisco SD-WAN Transit
• Deploying the Cisco Distributed Campus with SD-Access TransitSite considerationsInternet connectivity considerationsSegmentation considerationsRole of a Cisco Transit Control Plane
• Cisco SD-Access Fabric in a BoxThe need for FiaBDeploying the FiaB

Module 8: Cisco SD-Access Brownfield Migration

• Cisco SD-Access Migration Tools and Strategies
• Two Basic Approaches:Parallel Deployment ApproachIncremental Deployment Approach
• Integration with existing Cisco ISE in the network Things to watch out for!
• Choosing the correct Fusion DeviceExisting Core as FusionFirewall as Fusion
• When do you need the SD-Access Layer-2 Border?L2 Border Understanding the requirementDesigning and Configuring the L2 BorderL2 Border Not a permanent solution

Module 9: Cisco Catalyst Center Automation- Use Cases Examples

• DAY0: Onboarding new devices using Zero Touch Deployment
• DAY1: Configurations using Templates
• DAYN: Security Advisories based on Machine Reasoning Engine
• DAYN: Simplified Software Management based on Golden Images
• DAYN: Defective Device Replacement - RMA

Module 10: 3rd Party Integrations

• ServiceNowIntegrationManagement
• InfoBlox IPAMIntegrationManagement

Module 11: Specific Use Cases

• Use Case: STACK LAN Automation
• Use Case: Silent Hosts
• Use Case: Wake on LAN
• Use Case: The need for L2 flooding
• Use Case: Multicast in the SD-Access Fabric

Module 12: Cisco SD-Access Multi-Domain Integrations

• Cisco SD-Access to ACI IntegrationsPhase-1: Policy Plane IntegrationPhase-2: Data Plane Integration
• Cisco SD-Access to Cisco SD-WAN IntegrationsWhat is possible today? SD-WAN Transit setup.Phase-1: The one box solutionPhase-2: The two box solution

Module 13: Troubleshooting

• Fabric
• Layer 3 forwarding
• Layer 2 forwarding
• Multicast Forwarding
• Security in the Fabric
• Troubleshooting Multi-Site Deployments

Lab Outline:

• Lab 1: SDA Fundamentals
• Lab 2: Using the Catalyst Center Discovery Tool
• Lab 3: Using the Catalyst Center Inventory Tool
• Lab 4: ISE and Catalyst Center Integration
• Lab 5: Using the Catalyst Center Design Application
• Lab 6: Using the Catalyst Center Policy Application
• Lab 7: Fabric Provisioning
• Lab 8: Wired and Wireless Host and Access Point Onboarding Configuration
• Lab 9: Configuring External Connectivity Using Fusion Router
• Lab 10: Configuring Cisco ISE Policies for User Onboarding
• Lab 11: Onboarding and Provisioning Access Points
• Lab 12: Fabric and Segmentation Verification
• Lab 13: Layer-2 Border Fundamentals
• Lab 14: Configuring a Layer-2 Border to Extend the Same IP Pool
• Lab 15: Transitioning the Traditional User to the SDA Anycast Gateway
• Lab 16: Testing IP Connectivity between SDA User and Traditional User
• Lab 17: Introduction to SDA Distributed Campus
• Lab 18: Configuring an SDA-Transit and the Transit Control Plane (TCP)
• Lab 19: Designing a Second Fabric Site
• Lab 20: Deploying a Second Fabric Site Fabric in a Box
• Lab 21: Deploying a New Fabric Edge using LAN Automation
• Lab 22: Automate Network Devices Using Day-N Template
• Lab 23: Add as Edge Node to Fabric Site-2
• Lab 24: Host Onboarding at Fabric Site-2
• Lab 25: Connecting the two Fabric Sites Using the SDA-Transit
• Lab 26: Testing IP Connectivity and Micro-Segmentation between Fabric Site-1 and Fabric Site-2