-
The Software-Defined Access by Cisco is marked by a well-structured and therefore easy-to-learn management interface, which is provided via the DNA Center Controller. It is automated to a large extent. Features like LISP and VXLAN can be operated on the network infrastructure. The implementation of security policies and scalable groups by means of the Identity Services Engine (ISE) and DNA Center can also be accomplished easily. If troubleshooting during the operation of the SD Access solution is required, however, a thorough knowledge of the contexts will be necessary. For this reason, the course at hand focuses on the Locator/ID Separation Protocol (LISP), which takes over the control plane tasks in the SD Access Fabric. In addition, a closer look will be taken on the functions which provide the ISE in the SD Access solution. Another focus will be on a detailed analysis of the interaction of the components. Hands-on exercises in the test network with configuration and troubleshooting complement the know-how acquired.
-
Course Contents
-
- High Availability via the DNA Center Cluster
- Authentication and Authorization with the ISE
- Logging and Monitoring on the ISE
- Scalable Group Access
- Functional Components of LISP
- LISP Signaling
- Scalable VPNs with LISP
- Host Mobility
- Troubleshooting of LISP
- LAN Automation
- Multi-Site Fabric Interconnect
- Fusion Router
- WLAN Integration
- Assurance
You will receive the comprehensive documentation package from ExperTeach – printed documentation, e-book, and personalized PDF! As online participant, you will receive the e-book and the personalized PDF.
-
Target Group
-
The course is offered for administrators and operators, who wish to operate an SD Access solution in their Cisco Enterprise networks or want to implement this solution.
-
Knowledge Prerequisites
-
The students must be well-versed in the handling of the Cisco IOS-XE and should have a good routing know-how. Basic knowledge on the DNA Center and ISE are also required. The Cisco DNA Center—SDN-based Network Infrastructures course is well-suited to prepare the students for the course at hand.
| 1 Configuration of the DNA Center |
| 1.1 Commissioning of the DNA Center |
| 1.1. 1 Demands Made on the Network |
| 1.1. 2 Setting a BIOS Password |
| 1.1.3 Configuration of the CIMC |
| 1.2 Basic Setup with the Configuration Wizard |
| 1.3 First Steps after the Installation |
| 1.3.1 Connection to the Web Server |
| 1.3.2 Integration with the ISE |
| 1.3.3 Configuration of an IP Address Manager |
| 1.3.4 Other AAA Servers |
| 1.4 Network Discovery |
| 1.4.1 Creation of a Discovery Job |
| 1.4.2 Credentials |
| 1.4.3 Working with Discovery Jobs |
| 1.5 Host Onboarding |
| 1.5.1 Authentication |
| 1.5.2 Capture of the End Systems |
| 1.6 Backup and Restore |
| 1.6.1 Prerequisite for Backup Servers |
| 1.6.2 Configuration of the DNAC Core System Backup Server |
| 1.6.3 Configuration of the Assurance Data Backup Server |
| 1.6.4 Management of Backup Data |
| 1.7 High Availability for the DNA Center |
| 1.7.1 Prerequisites for a DNAC Cluster |
| 1.7.2 Setting up a DNA Center Cluster |
| 2 Identity Services Engine (ISE) |
| 2.1 Basic Configuration of the ISE |
| 2.1.1 Installation of the ISE (1/3) |
| 2.1.2 ISE Access |
| 2.1.3 ISE Maintenance |
| 2.1.4 Basic Settings of the ISE |
| 2.1.5 Deployments |
| 2.1.6 Network Device |
| 2.2 Authentication and Authorization with ISE |
| 2.2.1 Policy Sets |
| 2.2.2 Authentication Policy |
| 2.2.3 User Stores |
| 2.2.4 Authorization Policy |
| 2.2.5 Machines and User Authentication |
| 2.2.6 pxGrid |
| 2.3 Logging and Monitoring on the ISE |
| 2.3.1 Radius Live Authentications |
| 2.3.2 Radius Reports |
| 2.3.3 Troubleshooting—Authentication |
| 2.3.4 Alarms |
| 2.4 Security Group Access |
| 2.4.1 SGT Configuration on the ISE |
| 2.4.2 Allocation of SGTs |
| 2.4.3 Access Control with SGTs |
| 3 LISP in Detail |
| 3.1 What is LISP? |
| 3.1.1 LISP Overview |
| 3.1.2 Application Scenarios for LISP |
| 3.2 LISP Name Spaces |
| 3.2.1 Endpoint Identifier (EID) |
| 3.2.2 Routing Locator (RLOC) |
| 3.3 Functional Components of LISP |
| 3.3.1 Ingress Tunnel Router (ITR) |
| 3.3.2 Egress Tunnel Router (ETR) |
| 3.3.3 Map Server (MS) |
| 3.3.4 Map Resolver (MR) |
| 3.4 LISP Signaling |
| 3.4.1 LISP Encapsulation |
| 3.4.2 LISP Messages |
| 3.4.3 LISP Procedures |
| 3.5 LISP in IOS |
| 3.5.1 Control Plane |
| 3.5.2 Data Plane |
| 3.5.3 Configuration of the LISP Components |
| 3.5.4 Configuration of the LISP Alternate Topology |
| 3.5.5 LISP Sites and the Rest of the World |
| 3.6 Scalable VPNs with LISP |
| 3.6.1 Instance ID |
| 3.6.2 LISP Canonical Address Format |
| 3.6.3 Virtualization of the LISP Encapsulation |
| 3.6.4 Configuration |
| 3.7 Host Mobility in the Data Center |
| 3.8 LISP Troubleshooting |
| 3.8.1 Debugging on the xTR |
| 3.8.2 Map Resolver Packet Flow |
| 3.8.3 Map Server Packet Flow |
| 3.8.4 Packet Flow between xTR |
| 3.8.5 Packet Captures |
| 4 Advanced Topics in SD Access |
| 4.1 SD Access in an Overview |
| 4.1.1 The Reference Model |
| 4.1.2 Network Topologies for the Campus Fabric |
| 4.2 LAN Automation |
| 4.2.1 Prerequisites for LAN Automation |
| 4.2.2 LAN Automation Workflow |
| 4.2.3 Allocation of a New Switch to the LAN Automation Stack |
| 4.2.4 Allocation of an Existing Switch to the LAN Automation Stack |
| 4.2.5 Allocation of Additional Links to the LAN Automation Stack |
| 4.3 Migration to SDA |
| 4.3.1 Segmentation and Cross Domain Security |
| 4.3.2 Assignment of Fabric Roles |
| 4.3.3 Routing on the Border Node |
| 4.3.4 Wireless Migration |
| 4.4 SD Access Policies |
| 4.4.1 Segmentation via Endpoint ID Groups (EIGs) |
| 4.4.2 Creating Scalable Groups |
| 4.4.3 The Function of the Identity Services Engine (ISE) |
| 4.4.4 Communication Policies between the EIGs |
| 4.5 Multi-Site Fabric Interconnect |
| 4.5.1 MPLS as IP Transit |
| 4.5.2 Cisco SD Access Transit |
| 4.5.3 Configuration of a Transit |
| 4.6 Fusion Router in SD Access |
| 4.6.1 Function of the Fusion Router |
| 4.6.2 Principle of Route Leaking |
| 4.6.3 Configuration of the Border Node |
| 4.6.4 Configuration of the Fusion Router |
| 4.7 WLAN Integration |
| 4.7.1 SD Access Embedded Wireless |
| 4.8 SD Access Wireless Design |
| 4.9 DNA Assurance |
| 4.9.1 Preparatory Steps |
| 4.9. 2 Overall Enterprise Health |
| 4.9.3 Network Health |
| 4.9.4 Path Trace |
| 4.9.5 Client Health |
| 4.9.6 Application Health |
| 4.9. 7 Sensor-Driven Tests |
| 4.9.8 Intelligent Captures |
| 4.9. 9 Creation of Reports |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
You can find the complete description of this course with dates and prices ready for download at as PDF.-
The Software-Defined Access by Cisco is marked by a well-structured and therefore easy-to-learn management interface, which is provided via the DNA Center Controller. It is automated to a large extent. Features like LISP and VXLAN can be operated on the network infrastructure. The implementation of security policies and scalable groups by means of the Identity Services Engine (ISE) and DNA Center can also be accomplished easily. If troubleshooting during the operation of the SD Access solution is required, however, a thorough knowledge of the contexts will be necessary. For this reason, the course at hand focuses on the Locator/ID Separation Protocol (LISP), which takes over the control plane tasks in the SD Access Fabric. In addition, a closer look will be taken on the functions which provide the ISE in the SD Access solution. Another focus will be on a detailed analysis of the interaction of the components. Hands-on exercises in the test network with configuration and troubleshooting complement the know-how acquired.
-
Course Contents
-
- High Availability via the DNA Center Cluster
- Authentication and Authorization with the ISE
- Logging and Monitoring on the ISE
- Scalable Group Access
- Functional Components of LISP
- LISP Signaling
- Scalable VPNs with LISP
- Host Mobility
- Troubleshooting of LISP
- LAN Automation
- Multi-Site Fabric Interconnect
- Fusion Router
- WLAN Integration
- Assurance
You will receive the comprehensive documentation package from ExperTeach – printed documentation, e-book, and personalized PDF! As online participant, you will receive the e-book and the personalized PDF.
-
Target Group
-
The course is offered for administrators and operators, who wish to operate an SD Access solution in their Cisco Enterprise networks or want to implement this solution.
-
Knowledge Prerequisites
-
The students must be well-versed in the handling of the Cisco IOS-XE and should have a good routing know-how. Basic knowledge on the DNA Center and ISE are also required. The Cisco DNA Center—SDN-based Network Infrastructures course is well-suited to prepare the students for the course at hand.
| 1 Configuration of the DNA Center |
| 1.1 Commissioning of the DNA Center |
| 1.1. 1 Demands Made on the Network |
| 1.1. 2 Setting a BIOS Password |
| 1.1.3 Configuration of the CIMC |
| 1.2 Basic Setup with the Configuration Wizard |
| 1.3 First Steps after the Installation |
| 1.3.1 Connection to the Web Server |
| 1.3.2 Integration with the ISE |
| 1.3.3 Configuration of an IP Address Manager |
| 1.3.4 Other AAA Servers |
| 1.4 Network Discovery |
| 1.4.1 Creation of a Discovery Job |
| 1.4.2 Credentials |
| 1.4.3 Working with Discovery Jobs |
| 1.5 Host Onboarding |
| 1.5.1 Authentication |
| 1.5.2 Capture of the End Systems |
| 1.6 Backup and Restore |
| 1.6.1 Prerequisite for Backup Servers |
| 1.6.2 Configuration of the DNAC Core System Backup Server |
| 1.6.3 Configuration of the Assurance Data Backup Server |
| 1.6.4 Management of Backup Data |
| 1.7 High Availability for the DNA Center |
| 1.7.1 Prerequisites for a DNAC Cluster |
| 1.7.2 Setting up a DNA Center Cluster |
| 2 Identity Services Engine (ISE) |
| 2.1 Basic Configuration of the ISE |
| 2.1.1 Installation of the ISE (1/3) |
| 2.1.2 ISE Access |
| 2.1.3 ISE Maintenance |
| 2.1.4 Basic Settings of the ISE |
| 2.1.5 Deployments |
| 2.1.6 Network Device |
| 2.2 Authentication and Authorization with ISE |
| 2.2.1 Policy Sets |
| 2.2.2 Authentication Policy |
| 2.2.3 User Stores |
| 2.2.4 Authorization Policy |
| 2.2.5 Machines and User Authentication |
| 2.2.6 pxGrid |
| 2.3 Logging and Monitoring on the ISE |
| 2.3.1 Radius Live Authentications |
| 2.3.2 Radius Reports |
| 2.3.3 Troubleshooting—Authentication |
| 2.3.4 Alarms |
| 2.4 Security Group Access |
| 2.4.1 SGT Configuration on the ISE |
| 2.4.2 Allocation of SGTs |
| 2.4.3 Access Control with SGTs |
| 3 LISP in Detail |
| 3.1 What is LISP? |
| 3.1.1 LISP Overview |
| 3.1.2 Application Scenarios for LISP |
| 3.2 LISP Name Spaces |
| 3.2.1 Endpoint Identifier (EID) |
| 3.2.2 Routing Locator (RLOC) |
| 3.3 Functional Components of LISP |
| 3.3.1 Ingress Tunnel Router (ITR) |
| 3.3.2 Egress Tunnel Router (ETR) |
| 3.3.3 Map Server (MS) |
| 3.3.4 Map Resolver (MR) |
| 3.4 LISP Signaling |
| 3.4.1 LISP Encapsulation |
| 3.4.2 LISP Messages |
| 3.4.3 LISP Procedures |
| 3.5 LISP in IOS |
| 3.5.1 Control Plane |
| 3.5.2 Data Plane |
| 3.5.3 Configuration of the LISP Components |
| 3.5.4 Configuration of the LISP Alternate Topology |
| 3.5.5 LISP Sites and the Rest of the World |
| 3.6 Scalable VPNs with LISP |
| 3.6.1 Instance ID |
| 3.6.2 LISP Canonical Address Format |
| 3.6.3 Virtualization of the LISP Encapsulation |
| 3.6.4 Configuration |
| 3.7 Host Mobility in the Data Center |
| 3.8 LISP Troubleshooting |
| 3.8.1 Debugging on the xTR |
| 3.8.2 Map Resolver Packet Flow |
| 3.8.3 Map Server Packet Flow |
| 3.8.4 Packet Flow between xTR |
| 3.8.5 Packet Captures |
| 4 Advanced Topics in SD Access |
| 4.1 SD Access in an Overview |
| 4.1.1 The Reference Model |
| 4.1.2 Network Topologies for the Campus Fabric |
| 4.2 LAN Automation |
| 4.2.1 Prerequisites for LAN Automation |
| 4.2.2 LAN Automation Workflow |
| 4.2.3 Allocation of a New Switch to the LAN Automation Stack |
| 4.2.4 Allocation of an Existing Switch to the LAN Automation Stack |
| 4.2.5 Allocation of Additional Links to the LAN Automation Stack |
| 4.3 Migration to SDA |
| 4.3.1 Segmentation and Cross Domain Security |
| 4.3.2 Assignment of Fabric Roles |
| 4.3.3 Routing on the Border Node |
| 4.3.4 Wireless Migration |
| 4.4 SD Access Policies |
| 4.4.1 Segmentation via Endpoint ID Groups (EIGs) |
| 4.4.2 Creating Scalable Groups |
| 4.4.3 The Function of the Identity Services Engine (ISE) |
| 4.4.4 Communication Policies between the EIGs |
| 4.5 Multi-Site Fabric Interconnect |
| 4.5.1 MPLS as IP Transit |
| 4.5.2 Cisco SD Access Transit |
| 4.5.3 Configuration of a Transit |
| 4.6 Fusion Router in SD Access |
| 4.6.1 Function of the Fusion Router |
| 4.6.2 Principle of Route Leaking |
| 4.6.3 Configuration of the Border Node |
| 4.6.4 Configuration of the Fusion Router |
| 4.7 WLAN Integration |
| 4.7.1 SD Access Embedded Wireless |
| 4.8 SD Access Wireless Design |
| 4.9 DNA Assurance |
| 4.9.1 Preparatory Steps |
| 4.9. 2 Overall Enterprise Health |
| 4.9.3 Network Health |
| 4.9.4 Path Trace |
| 4.9.5 Client Health |
| 4.9.6 Application Health |
| 4.9. 7 Sensor-Driven Tests |
| 4.9.8 Intelligent Captures |
| 4.9. 9 Creation of Reports |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
You can find the complete description of this course with dates and prices ready for download at as PDF.