EncartaLabs

Securing Cisco Digital Network Architecture (DNASEC)

( Duration: 5 Days )

In Securing Cisco Digital Network Architecture (DNASEC) training course, delegates will learn to build a centrally managed, authenticated, authorized, monitored and security-policy compliant solution.

By attending Securing Cisco Digital Network Architecture (DNASEC) workshop, delegates will learn to:

  • Know and understand Cisco's DNA and SD-Access concepts, features, benefits, terminology and the way this approach innovates common administrative tasks on today's networks.
  • Differentiate and explain each of the building blocks of SD-Access solutions
  • Be familiar with fabric and node types
  • Deploy and configure Fabric Edge Nodes, Control Plane nodes and Border nodes
  • Configure LISP in Control Plane for SD-Access solutions
  • Configure VXLAN in Data Plane for SD-Access solutions
  • Configure TrustSec for segmentation and Policy Enforcement
  • Understand the role of DNA Center as solution orchestrator and Intelligent GUI
  • Deploy DNA Center and perform initial setup
  • Use the workflow approach in DNA Center and its 4 Steps: Design, Policy, Provision and Assurance
  • Deploy ISE and integrate it with DNA Center and SD-Access solutions
  • Deploy StealthWatch and Integrate it with DNA Center and SD-Access solutions
  • Monitor and Troubleshoot SDA operations
  • Know and understand the migration strategies from traditional networks to SD-Access solutions

  • Cisco CCNA or Equivalent Experience
  • Basic Knowledge of Software Defined Networks
  • Basic Knowledge of network security including AAA, Access Control and ISE
  • Basic Knowledge and experience with Cisco IOS, IOS XE and CLI
  • Basic Knowledge of virtualization, Hypervisors and Virtual Machines

The Securing Cisco Digital Network Architecture (DNASEC) class is ideal for:

  • Anyone interested in knowing about DNA and SD-Access
  • Personnel involved in SD-Access Design and Implementation
  • Network Operations team with SD-Access solution

COURSE AGENDA

1

Introduction to Cisco’s Software Defined Access (SD-Access) DNA Introduction

  • SD-Access Overview
  • SD-Access Benefits
  • SD-Access Key Concepts
  • SD-Access Main Components
  • Campus Fabric
  • Wired
  • Wireless
  • Nodes
  • Edge
  • Border
  • Control Plane
  • DNA Center (Controller)
  • ISE (Policy)
  • StealthWatch (Policy)
  • NDP (Analytics and Assurance)
2

SD-Access Campus Fabric

  • The concept of Fabric
  • Node types
  • Fabric Edge Nodes
  • Control Plane Nodes
  • Border Nodes
  • LISP as protocol for Control Plane
  • Configure LISP for Control Plane
  • VXLAN as protocol for Data Plane
  • Configure VXLAN for Data Plane
  • Virtual Networks (VN)
  • Fabric-enabled WLAN
  • Fabric Enabled WLC
  • Fabric Enabled AP’s
  • SDA-ready Cisco Catalyst LAN Switches
  • Role of Cat9k in Cisco SD-Access solution and deployment models as border, control and edge nodes
3

DNA Center and Workflow for SD-Access

  • Introduction to DNA Center
  • Workflow for SD-Access in DNA Center
  • Design Step overview
  • Policy Step overview
  • Provision Step overview
  • Assurance Step overview
  • Integration with Cisco ISE for Policy Enforcement
  • Integration with Cisco StealthWatch for Policy Enforcement
  • Integration with Cisco NDP for Analytics and Assurance
4

Deployment and initial setup for DNA Center

  • Requirements
  • Deployment Procedure
  • Initial Setup
  • GUI Navigation
5

Deployment and initial setup for ISE and Integrate with DNA Center

  • Introduction to Cisco ISE
  • Requirements
  • Cisco ISE Deployment Models
  • Deployment Procedure
  • Initial Setup
  • GUI Navigation
  • Integration with DNA Center
6

Deploy Netflow Collector and StealthWatch Management Center (SMC)

  • Introduction to Netflow and SMC
  • Requirements
  • Deployment Procedure
  • Initial Setup
  • GUI Navigation
  • Integration with DNA Center / SD Access
7

Implementing Policy Plane using Cisco TrustSec for Segmentation

  • Cisco TrustSec phases
  • Classification
  • Propagation
  • Enforcement
  • Configuring Classification
  • Configuring SGT tag propagation
  • Configure Enforcement
  • Introducing Cisco TrustSec in ISE
  • Cisco ISE as controller for Software-defined segmentation (groups and policies)
  • Configuring ISE for Dynamic SGT assignment
  • Configuring ISE for Static SGT assignment
  • Configuring Policy Enforcement
8

Cisco StealthWatch Management Console (SMC)

  • Configuring Host Groups in the SMC
  • Configuring Flexible NetFlow on Cisco Devices
  • Verify Netflow Data Collection on SMC
  • Configuring Cisco StealthWatch and ISE Integration
9

DNA Center Workflow First Step - Design

  • Creating Enterprise and Sites Hierarchy
  • Configuring General Network Settings
  • Loading maps into the GUI
  • IP Address Management
  • Software Image Management
  • Network Device Profiles
10

DNA Center Workflow Second Step - Policy

  • 2-level Hierarchy
  • Macro Level: Virtual Network (VN)
  • Micro Level: Scalable Group (SG)
  • Policy Types
  • Access Policy
  • Access Control Policy
  • Traffic Copy Policy
  • Cross Domain Policies
11

DNA Center Workflow Third Step - Provision

  • Devices Onboarding
  • Discovering Devices
  • Assigning Devices to a site
  • Provisioning device with profiles
  • Fabric Domains
  • Understanding Fabric Domains
  • Using Default LAN Fabric Domain
  • Creating Additional Fabric Domains
  • Adding Nodes
  • Adding Fabric Edge Nodes
  • Adding Control Plane Nodes
  • Adding Border Nodes
12

DNA Center Workflow Fourth Step – Assurance

  • Introduction to Analytics
  • NDP Fundamentals
  • Overview of DNA Assurance
  • Components of DNA Assurance
  • DNA Center Assurance Dashboard
13

Implementing WLAN in SD-Access Solution

  • WLAN Integration Strategies in SD-Access Fabric
  • CUWN Wireless Over The Top (OTT)
  • SD-Access Wireless (Fabric enabled WLC and AP)
  • SD-Access Wireless Architecture
  • Control Plane: LISP and WLC
  • Data Plane: VXLAN
  • Policy Plane and Segmentation: VN and SGT
14

Implementing Campus Fabric External Connectivity for SD-Access

  • Role of Border Nodes
  • Types of Border Nodes
  • Border
  • Default Border
  • Single Border vs. Multiple Border Designs
  • Collocated Border and Control Plane Nodes
  • Distributed (separated) Border and Control Plane Nodes
  • Configuring Border Nodes
15

SDA Migration Strategies

  • Migrate to SD-Access using a quality-assured process, state-of-the-art tools and proven methodologies
  • The need for additional planning
  • Typical considerations
  • Primary Approaches for migration
  • Building SD-Access network in parallel and then integrate
  • Do incremental migrations of access switches into an SD-Access fabric

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 4,000 Modules on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting http://encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top