SDAISE - Software Defined Access & ISE Integration for Policy Deployment & Enforcement v1.0 Training in Switzerland

It is recommended that students have the following knowledge and skills prior to attending this course:

• Knowledge level equivalent to Cisco CCNA Routing & Switching
• Basic knowledge of Software Defined Networks
• Basic knowledge of network security including AAA, Access Control, and ISE
• Basic knowledge and experience with Cisco IOS, IOS XE, and CLI

Upon completion of this course, the learner will be able to meet these overall objectives:

• Explain the role that ISE plays as part of the solution
• Configure AAA services and TrustSec Policy in ISE
• Explain ISE Integration with DNA Center for Policy enforcement
• Know and understand Cisco’s SD-Access concepts, features, benefits, terminology and the way this approach innovates common administrative tasks on today’s networks.
• Differentiate and explain each of the building blocks of SD-Access Solution
• Explain the concept of “Fabric” and the different node types that conform it (Fabric Edge Nodes, Control Plane Nodes, Border Nodes)
• Describe the role of LISP in Control Plane and VXLAN in Data Plane for SD-Access Solution
• Understand TrustSec concepts, deployment details and the way it is used as part of SD-Access Solution for segmentation and Policy Enforcement
• Understand the role of DNA Center as solution orchestrator and Intelligent GUI
• Be familiar with workflow approach in DNA Center - Design, Policy, Provision and Assurance

Module 1: Cisco ISE Integration for SD Access

• Introduction to Cisco ISE
• Using Cisco ISE as a Network Access Policy Engine
• Introducing Cisco ISE Deployment Models
• Introducing 802.1x and MAB Access: Wired and Wireless
• Introducing Identity Management
• Configuring Certificate Service
• Introducing Cisco ISE Policy
• Configuring Cisco ISE Policy Sets
• Introduction to Cisco TrustSec for segmentation
• The Concept of Security Group (SG) and Security Group Tag (SGT)
• Cisco TrustSec Phases
• Classification
• Propagation
• Enforcement
• Methods for Classification
• Static Classification
• Dynamic Classification
• Methods for SGT tag propagation
• Inline Tagging
• SGT Exchange Protocol (SXP)

Module 2: Introduction to Cisco’s Software Defined Access (SD-Access)

• SD-Access Overview 
• SD-Access Benefits
• SD-Access Key Concepts
• SD-Access Main Components
• Campus Fabric
• Wired
• Wireless
• Nodes
• Edge
• Border
• Control Plane
• DNA Controller (APIC-EM Controller)
• Introducing Cisco ISE 2.x px
• 2-level Hierarchy
• Macro Level: Virtual Network (VN)
• Micro Level: Scalable Group (SG)

Module 3: DNA Center Workflow

• DNA Center Refresher
• Creating Enterprise and Sites Hierarchy
• Configuring General Network Settings
• Loading maps into the GUI
• IP Address Management
• Software Image Management
• Network Device Profiles
• Introduction to Analytics
• NDP Fundamentals
• Overview of DNA Assurance

Module 4: SD-Access Campus Fabric

• The concept of Fabric
• Node types (Breakdown)
• LISP as protocol for Control Plane
• VXLAN as protocol for Data Plane

Module 5: Campus Fabric External Connectivity for SD-Access

• Enterprise Sample Topology for SD-Access
• Role of Border Nodes
• Types of Border Nodes
• Border
• Default Border
• Single Border vs. Multiple Border Designs
• Collocated Border and Control Plane Nodes
• Distributed (separated) Border and Control Plane Nodes

Module 6: Implementing WLAN in SD-Access Solution

• WLAN Integration Strategies in SD-Access Fabric
• Fabric CUWN
• SD-Access Wireless (Fabric enabled WLC and AP)
• SD-Access Wireless Architecture
• Control Plane: LISP and WLC
• Data Plane: VXLAN
• Policy Plane and Segmentation: VN and SGT
• Sample Design for SD-Access Wireless