SDA and ISE integration for Policy deployment and enforcement

These are the first tasks required to make any network engineer comfortable with ISE and DNA and the new ways of dealing with network orchestration and programmability.

The SDA-ISE course focuses on Cisco’s primary security policy software and is the backbone of Cisco’s enterprise security architecture. This course will focus on network access control for next generation fabric based networks. Learners will deep dive on the protocols and features that make up SD Access such as LISP and VXLAN and understand how to configure, troubleshoot and optimize this new technology. You will focus on Trustsec and how it is enforced on the network from the policies you create in the Identity Services Engine. Additionally learners will look at automating the tasks via Cisco’s DNA Center management tool and verify Cisco Validated Designs are deployed on your network.


Vi rekommenderar att du har gått steg 1 Cisco Introduction to SD-Access and DNA Center

Attendees should meet the following prerequisites:

  • Foundational understanding of network design, routing concepts, QoS, and network security including firewall operations (transparent mode).- IINS Recommended
  • Ability to configure OSPF and EIGRP routing protocols along with an understanding of Enterprise WAN and DMVPN technologies. - ROUTE Recommended 
  • Understanding of Wireless LAN parameters, Wireless LAN Controllers and Access Point capabilities. - WIFUND Recommended

Basic understanding of Cisco Prime Infrastructure, KVM Virtualization and programming concepts including; Northbound, Southbound and REST APIs.


Module 1: Introduction to Cisco’s Software Defined Access (SD-Access)

  • SD-Access Overview
  • SD-Access Benefits
  • SD-Access Key Concepts
  • SD-Access Main Components
  • Campus Fabric
  • Wired
  • Wireless
  • Nodes
  • Edge
  • Border
  • Control Plane
  • ISE (Policy)
  • Introduction to DNA Center
  • DNA Controller (APIC-EM Controller)
  • Overview of DNA Assurance

Module 2: SD-Access Campus Fabric

  • The concept of Fabric
  • Node types (Breakdown)
  • LISP as protocol for Control Plane
  • VXLAN as protocol for Data Plane

Module 3: Campus Fabric External Connectivity for SD-Access

  • Enterprise Sample Topology for SD-Access
  • Role of Border Nodes
  • Types of Border Nodes
  • Border
  • Default Border
  • Single Border vs. Multiple Border Designs
  • Collocated Border and Control Plane Nodes
  • Distributed (separated) Border and Control Plane Nodes

Module 4: Implementing WLAN in SD-Access Solution

  • WLAN Integration Strategies in SD-Access Fabric
  • CUWN Wireless Over The Top (OTT)
  • SD-Access Wireless (Fabric enabled WLC and AP)
  • SD-Access Wireless Architecture
  • Control Plane: LISP and WLC
  • Data Plane: VXLAN
  • Policy Plane and Segmentation: VN and SGT

Module 5: DNA Assurance and analytics

  • DNA Assurance & Analytics Overview
  • Model-Driven Telemetry Monitor and Troubleshoot the overall health of your enterprise
  • Monitor and troubleshoot the health of your network and devices Path tracing Sensor tests

Module 6: Using Cisco ISE for SD Access

  • Introduction to Cisco ISE
  • Using Cisco ISE as a Network Access Policy Engine
  • Introducing Cisco ISE Deployment Models
  • Introducing 802.1x and MAB Access: Wired and Wireless
  • Introducing Identity Management
  • Configuring Certificate Service
  • Introducing Cisco ISE Policy
  • Configuring Cisco ISE Policy Sets
  • Introducing Cisco ISE 2.x pxGrid
  • Preparing ISE for Integration with DNA Center for SD-Access

Module 7: Implementing Policy Plane using Cisco TrustSec for Segmentation

  • Need for users and groups Segmentation on SD-Access
  • Limitations of traditional segmentation methods
  • Introduction to Cisco Trustsec

Om kursen

Pris: 25 450,00 kr

exklusive moms

Längd 3 dagar
Kurskod GK-SIPDE

Kursen hålls på begäran

Kontakta oss för mer information.

Telefon: 08-562 557 50