When does class start/end?
Class hours may vary, please reach out to contact@ascendientlearning.com if you have any questions.
Software Defined Access and ISE Integration for Policy Deployment and Enforcement
SD-Access is Ciscos Next Generation campus networking solution that simplifies management, automation, and improves security implications. Who (People), what (Devices), when (Time) and where...
Read More
$3,395 USD
Duration
3 days
Course Code
SDAISE-NTO
Available Formats
Virtual, Classroom
Overview
SD-Access is Ciscos Next Generation campus networking solution that simplifies management, automation, and improves security implications. Who (People), what (Devices), when (Time) and where (Location) are questions we would like answered when working with users and devices! These questions are answered within a single pane of glass known as the Cisco Identity Services Engine (ISE). Once users and devices are identified we often segment these groups for management purposes. Cisco's Catalyst Center (formerly DNA Center) is a means of configuring and maintaining that segmentation using software defined access. Catalyst Center is not limited to configuration changes.and provides a policy-based approach to services that support the network such as NTP, DNS, DHCP. In this course, you integrate ISE and Catalyst Center which gives you the ability to manage physical devices, logical segmentation, IP, transport rules as well as Authentication, Authorization and Accounting (AAA) of users and devices along with an overview and introduction to SD-Access and Catalyst Center.
Skills Gained
Upon completing this course, the learner will be able to meet these overall objectives:
- Explain the role that ISE plays as part of the solution
- Configure AAA services and TrustSec Policy in ISE
- Explain ISE Integration with Catalyst Center for Policy enforcement
- Know and understand Ciscos SD-Access concepts, features, benefits, terminology and the way this approach innovates common administrative tasks on todays networks.
- Differentiate and explain each of the building blocks of SD-Access Solution
- Explain the concept of Fabric and the different node types that conform it (Fabric Edge Nodes, Control Plane Nodes, Border Nodes)
- Describe the role of LISP in Control Plane and VXLAN in Data Plane for SD-Access Solution
- Understand TrustSec concepts, deployment details and the way it is used as part of SD-Access Solution for segmentation and Policy Enforcement
- Understand the role of Catalyst Center as solution orchestrator and Intelligent GUI
- Be familiar with workflow approach in Catalyst Center - Design, Policy, Provision and Assurance
Who Can Benefit
The primary audience for this course is as follows:
- Anyone interested in knowing about SD-Access
- Personnel involved in SD-Access Design and Implementation
- Network Operations team with SD-Access solution
Prerequisites
The knowledge and skills that a learner should have before attending this course are as follows:
- Knowledge level equivalent to Cisco CCNA Routing & Switching
- Basic knowledge of Software Defined Networks
- Basic knowledge of network security including AAA, Access Control and ISE
- Basic knowledge and experience with Cisco IOS, IOS XE and CLI
Course Details
Module 1: Cisco ISE Integration for SD Access
- Introduction to Cisco ISE
- Using Cisco ISE as a Network Access Policy Engine
- Introducing Cisco ISE Deployment Models
- Introducing 802.1x and MAB Access: Wired and Wireless
- Introducing Identity Management
- Configuring Certificate Service
- Introducing Cisco ISE Policy
- Configuring Cisco ISE Policy Sets
- Introduction to Cisco TrustSec for segmentation
- The Concept of Security Group (SG) and Security Group Tag (SGT)
- Cisco TrustSec PhasesClassificationPropagationEnforcement
- Methods for ClassificationStatic ClassificationDynamic Classification
- Methods for SGT tag propagationInline TaggingSGT Exchange Protocol (SXP)
Module 2: Introduction to Ciscos Software Defined Access (SD-Access)
- SD-Access Overview
- SD-Access Benefits
- SD-Access Key Concepts
- SD-Access Main ComponentsCampus FabricWiredWirelessNodesEdgeBorderControl PlaneCatalyst Controller (APIC-EM Controller)Introducing Cisco ISE 2.x px
- 2-level HierarchyMacro Level: Virtual Network (VN)Micro Level: Scalable Group (SG)
Module 3: Catalyst Center Workflow
- Catalyst Center Refresher
- Creating Enterprise and Sites Hierarchy
- Configuring General Network Settings
- Loading maps into the GUI
- IP Address Management
- Software Image Management
- Network Device Profiles
- Introduction to Analytics
- NDP Fundamentals
- Overview of Catalyst Assurance
Module 4: SD-Access Campus Fabric
- The concept of Fabric
- Node types (Breakdown)
- LISP as protocol for Control Plane
- VXLAN as protocol for Data Plane
Module 5: Campus Fabric External Connectivity for SD-Access
- Enterprise Sample Topology for SD-Access
- Role of Border Nodes
- Types of Border NodesBorderDefault Border
- Single Border vs. Multiple Border Designs
- Collocated Border and Control Plane Nodes
- Distributed (separated) Border and Control Plane Nodes
Module 6: Implementing WLAN in SD-Access Solution
- WLAN Integration Strategies in SD-Access FabricFabric CUWNSD-Access Wireless (Fabric enabled WLC and AP)
- SD-Access Wireless ArchitectureControl Plane: LISP and WLCData Plane: VXLANPolicy Plane and Segmentation: VN and SGT
- Sample Design for SD-Access Wireless
Lab Outline:
- ISE basic setup and Navigating GUI
- Configuring TrustSec in ISE
- Connecting and getting familiar with Catalyst / DNA Center GUI
- Performing SD-Access Design Step in Catalyst / DNA Center
- Integrating ISE and DNA Center for Policy Deployment and Enforcement
- Performing SD-Access Policy Step in Catalyst / DNA Center and ISE
- Performing SD-Access Provision Step in Catalyst / DNA Center
- Performing SD-Access Assurance Step in Catalyst /DNA Center
- Integrating WLAN services through SD-Wireless architecture
- Integrate ISE with Active Directory
- Achieving External Connectivity to remote locations through Border Node
Schedule
4 options available
-
Mar 17, 2025 - Mar 19, 2025 (3 days)
Virtual | 10:00 AM – 6:00 PM EDT Language English Select from 2 options below Virtual |10:00 AM – 6:00 PM EDT- Enroll
- Enroll Add to quote
-
Apr 21, 2025 - Apr 23, 2025 (3 days)
Virtual | 10:00 AM – 6:00 PM EDT Language English Select from 2 options below Virtual |10:00 AM – 6:00 PM EDT- Enroll
- Enroll Add to quote
FAQ
Does the course schedule include a Lunchbreak?
Classes typically include a 1-hour lunch break around midday. However, the exact break times and duration can vary depending on the specific class. Your instructor will provide detailed information at the start of the course.
What languages are used to deliver training?
Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.
What does GTR stand for?
GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.
How do I find an Ascendient Learning training location?
We have training locations across the United States and Canada - View a complete list of classroom training locations.
Which delivery formats are available?
At Ascendient Learning, we offer training that is Instructor-Led, Online, Virtual, and Self-Paced.
Does Ascendient Learning deliver group training?
Yes, we provide training for groups, individuals and private on sites. View our group training page for more information.
What does vendor-authorized training mean?
As a vendor-authorized training partner, we offer a curriculum that our partners have vetted. We use the same course materials and facilitate the same labs as our vendor-delivered training. These courses are considered the gold standard and, as such, are priced accordingly.
Is the training too basic, or will you go deep into technology?
It depends on your requirements, your role in your company, and your depth of knowledge. The good news about many of our learning paths, you can start from the fundamentals to highly specialized training.
How up-to-date are your courses and support materials?
We continuously work with our vendors to evaluate and refresh course material to reflect the latest training courses and best practices.
Are your instructors seasoned trainers who have deep knowledge of the training topic?
Ascendient Learning instructors have an average of 27 years of practical IT experience and have also served as consultants for an average of 15 years. To stay current, instructors spend at least 25 percent of their time learning new, emerging technologies and courses.
Do you provide hands-on training and exercises in an actual lab environment?
Lab access is dependent on the vendor and the type of training you sign up for. However, many of our top vendors will provide lab access to students to test and practice. The course description will specify lab access.
Will you customize the training for our company’s specific needs and goals?
We will work with you to identify training needs and areas of growth. We offer a variety of training methods, such as private group training, on-site of your choice, and virtually. We provide courses and certifications that are aligned with your business goals.
How do I get started with certification?
Getting started on a certification pathway depends on your goals and the vendor you choose to get certified in. Many vendors offer entry-level IT certification to advanced IT certification that can boost your career. To get access to certification vouchers and discounts, please contact info@ascendientlearning.com.
Will I get access to content after I complete a course?
You will get access to the PDF of course books and guides, but access to the recording and slides will depend on the vendor and type of training you receive.
How do I request a W9 for Ascendient Learning?
View our filing status and how to request a W9.
Reviews
The training was great . But i expected some of the Networking concepts would be covered in this certification .
Topics, material and specially instructor (Graham Godfrey) was beyond my expectations.
I thought the course was informative and the tools to go over the material were very nice.
Courseware was effective but would like to have some PDF material on BPML and XPATH
ExitCertified provided a very organized way to learn and provided materials to follow along.
