Skip to main Content

Integrating Cisco Multi-domain with SD-Access and ACI

  • Code training N1_SDAACI
  • Duur 4 dagen

Andere trainingsmethoden

Extra betaalopties

  • Cisco Learning Credits Bel: 030-6089300

Virtueel leren Prijs

op aanvraag

Vraag een groepstraining aan Schrijf je in

Ga naar:

Methode

Deze training is in de volgende formats beschikbaar:

  • Op locatie klant

    Op locatie klant

  • Virtueel leren

    Virtueel leren

Vraag deze training aan in een andere lesvorm.

Trainingsbeschrijving

Naar boven

SDAACI is a 4-day course that covers SD-Access and ACI fabric deployments and subsequent pairwise integration. The integration covers the policy plane synchronization between Cisco ISE, DNAC, and the Cisco APIC controller. This allows for a seamless Secure Group Tags (SGTs) to End Point Groups (EPG) mapping, thereby stretching the micro-segmentation from the user all the way to the hosted application.

Virtual Learning

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

Data

Naar boven

Neem contact met ons op voor data

Vraag een groepstraining aan Meer data in andere landen

Trainingsdoelstellingen

Naar boven

Upon completing this course, the learner will be able to meet these overall objectives:

  • Understand the role and use of Cisco DNA-Center for Campus Automation and Assurance
  • In-depth understanding of Cisco SD-Access Single and Multi-Fabric Site deployment
  • Understand the Macro and Micro (SGTs) Policy Plane used for network segmentation within the SD-Access Fabric
  • Fundamental knowledge of the Cisco ACI DC Overlay solution
  • Integration between the Cisco SD-Access and Cisco ACI Fabrics (Control and Policy plane Integration)
Meer…

Inhoud training

Naar boven

Module 1: Understanding the Cisco SDX Portfolio

Cisco Fabric Overlay Introduction:

  • Overview of Cisco SD-Access for the Campus
  • Overview of Cisco SD-WAN for the WAN
  • Overview of Cisco ACI for the Data Center

Understanding the Fabric Overlay Solutions

  • Underlay vs Overlay
  • The need for Fabric Overlay in the Campus, WAN and DC

Introduction to Cisco SD-Access

  • Cisco DNA-Center Overview
  • Cisco DNA-Center and ISE Integration – Requirement and Process
  • Cisco SD-Access components – Control Plane Node, Border Node, Fabric Edge Node
  • Cisco Fabric Enabled Wireless Network – Deploying FEW WLC and Access Points
  • Understanding Macro (Virtual Networks) and Micro (ISE SGTs & SGACLs) Segmentation in SD-Access

Introduction to Cisco ACI

  • Cisco APIC for DC Overview
  • Understanding the Cisco ACI Architecture – Spine and Leaf
  • Understanding Tenants, Bridge Domains, End Point Groups and Contracts
  • Understanding the Cisco ACI Fabric Operations and Forwarding
  • Connecting the ACI Fabric to the outside networks – L3 Outs

Module 2: Deploying Cisco SD-Access and Assurance using Cisco DNA-Center

Reviewing the Cisco DNA-Center GUI

  • Cisco DNA-Center Applications
  • Cisco DNA-Center Tools
  • Cisco DNA-Center System Settings
  • Integrating the Cisco DNA-Center with Cisco ISE (using pxGrid) – Comprehensive Steps

Using the Network Discovery and Inventory Application for Network Discovery

  • Understanding the Cisco SD-Access Workflow
  • Cisco DNA-Center Design Application
  • Cisco DNA-Center Policy Application – In Depth review of the ACA Application
  • Cisco DNA-Center Provision Application
  • Cisco DNA-Center Assurance Application

Reviewing the pre-deployed SD-Access HQ Fabric Site

  • Validating the Network Hierarchy, IP Address Pools, Device Credentials and Shared Services
  • Reviewing the Device Inventory
  • Reviewing the configured VNs, SGTs and Contracts
  • Reviewing the provisioned Fabric Site and IP Transit for the HQ Site
  • Reviewing the Extended VNs to the Traditional Network – SD-Access Border Configuration
  • Reviewing the SD-Access Control Node Configuration
  • Reviewing the SD-Access Fabric Edge Configuration – Host Onboarding

Deploying the SD-Access Remote/Branch Fabric Site

  • Cisco SD-Access Distributed Campus Overview
  • Discovering the Branch Site Devices
  • Reserving IP Pools for the new Branch
  • Provisioning the Branch devices to a Site in the DNA-C Hierarchy
  • Understanding and Provisioning the Cisco SD[1]Access Transit Control Plane Node
  • Creating a new Branch Fabric Site and Branch Site Transit
  • Adding devices to the Branch Fabric Site and Provisioning the Devices
  • Branch Control Plane and Border Node
  • Branch Fabric Edge
  • Configuring the Host-Onboarding for the Branch Fabric Site and testing user connectivity between HQ and Branch users

Module 3: Understanding and Reviewing the Cisco ACI Fabric Deployment

Overview of the Cisco APIC

Review the pre-configured ACI Fabric:

  • Single Tenant configuration review
  • Bridge Domain and Internal EPG review
  • Understanding the Application IP Pool and EPG assignment
  • Reviewing the 3 different application servers deployed – App, Web and DB

Configuring the L3 outs to communicate with

  • The Cisco SD-Access HQ site Fabric
  • The Cisco SD-WAN WAN Edge routers at the HQ site

Configuring the Tenant WAN SLA policies and mapping to EPGs

Module 4: Integrating the Cisco SD-Access and Cisco ACI Fabrics

Understanding the Cisco Multi-Domain Architecture

  • Declarative Intent based Automation
  • End-to-End Policy Context and Domain Borders
  • Cross Domain Policy Context

Overview of Cisco SD-Access and Cisco ACI Integration

  • Integrating the Control Plane – SDA Border to ACI Border L3 hand-off
  • Integrating the Policy Plane – SGT to EPG Mapping for continued micro segmentation

Configuring the Cisco SD-Access IP Transit

  • Automating the BGP configuration on the SD[1]Access Border node to communicate with the ACI Fabric
  • Leveraging the Cisco APIC to configure the L3 outs towards the Cisco SD-Access HQ Fabric site

Sharing SGT from DNA-Center to Cisco ISE

  • Using the DNA-Center Policy Application to create net-new SGTs in Cisco ISE
  • Using the DNA-Center ACA Application to create contracts between the SGTs and pushing to Cisco ISE

Integrating the Cisco ISE server with Cisco APIC

  • Overview of ISE to APIC Integration – The need to exchange SGTs and EPGs
  • Importing the Cisco APIC certificate into Cisco ISE
  • Cisco ISE Security Exchange Protocol (SXP) Overview
  • Learning the IP to EPG Mapping using Cisco SXP
  • Adding ACI Settings on Cisco ISE under the TrustSec configuration
  • Understanding the SXP Domain and configuring the SXP Propagation of IP-to-EPG mappings
  • Configuring the SD-Access Border at the HQ Fabric site as a SXP Peer – To share EPG-to-SGT context between APIC and ISE

Review Policy Configuration

  • Cisco APIC Internal EPG converted to Cisco ISE SGT and propagated to Cisco SD-Access devices
  • Cisco ISE SGTs converted to Cisco ACI External EPGs
  • Cisco ACI Internal Endpoints show up as Cisco ISE IP Mappings
  • Cisco ISE IP Mappings converted to External EPG Subnets
  • Create Policy between Campus SGT and DC EPG using the Cisco DNA-Center ACA Application
  • Verify Campus user to ACI hosted application connectivity
  • Cisco SD-Access HQ Campus user connects to application on a block port
  • Cisco SD-Access HQ Campus user connects to application on an allowed port

 

 

Meer…

Voorkennis

Naar boven

The knowledge and skills that the learner should have before attending this course are as follows:

  • The student is familiar with the Cisco Identity Services Engine features and functions
  • The student is familiar with DNA Center features and functions
  • The student is familiar with Scalable Group/SGT and SGACL functions
  • The student is familiar with ACI features and functions
Meer…