Securing Cisco Digital Network Architecture - Certification Training with Guaranteed Results!

Many challenges exist managing modern networks on a day to day basis. The problems are intensified when manual configuration changes using fragmented tool offerings result in non-centralized change and configuration management which leads to various naming, configuration, backup and security compliance issues. Manual configuration changes when compared to automated, policy-based approaches are slow and error-prone. Break and fix, new network builds and change requests in dynamic environments where user requirements, devices and applications are evolving at ever increasing rates fueled in many cases by the big data of IoT. The networks of today face deployment, support and security challenges mitigated with modern tools such as Digital Network Architecture Centre (DNAC), Cisco Identity Services Engine (ISE) and Stealthwatch. In this course, you use these tools to build a centrally managed, authenticated, authorized, monitored and security-policy compliant solution

Company Events

These events can be delivered exclusively for your company at our locations or yours, specifically for your delegates and your needs. The Company Events can be tailored or standard course deliveries.

Module 1: Introduction to Cisco's Software Defined Access (SD-Access)

DNA Introduction
SD-Access Overview
SD-Access Benefits
SD-Access Key Concepts
SD-Access Main Components, Campus Frabric, Wired, Wireless
Nodes - Edge, Border, Control Plane
DNA Center (Controller)
ISE (Policy)
StealthWatch (Policy)
NDP (Analytics and Assurance)

Module 2: SD-Access Campus Fabric

The concept of Fabric
Node types - Fabric Edge, Control Plane, Border
LISP as protocol for Control Plane
Configure LISP for Control Plane
VXLAN as protocol for Data Plane
Configure VXLAN for Data Plane
Virtual Networks (VN)
Fabric-enabled WLAN, WLC and AP's
SDA-ready Cisco Catalyst LAN Switches
Role of Cat9k in Cisco SD-Access solution and deployment models as border, control and edge nodes

Module 3: DNA Center and Workflow for SD-Access

Introduction to DNA Center
Workflow for SD-Access in DNA Center - Design, Policy, Provision, Assurance
Integration with Cisco ISE for Policy Enforcement
Integration with Cisco StealthWatch for Policy Enforcement
Integration with Cisco NDP for Analytics and Assurance

Module 4: Deployment and initial setup for DNA Center

Requirements
Deployment Procedure
Initial Setup
GUI Navigation

Module 5: Deployment and initial setup for ISE and Integrate with DNA Center

Introduction to Cisco ISE
Cisco ISE Deployment Models
Integration with DNA Center

Module 6: Deploy Netflow Collector and StealthWatch Management Center (SMC)

Introduction to Netflow and SMC
Integration with DNA Center / SD Access

Module 7: Implementing Policy Plane using Cisco TrustSec for Segmentation

Cisco TrustSec phases - Classification, Propagation, Enforcement
Configuring Classification
Configuring SGT tag propagation
Configure Enforcement
Introducing Cisco TrustSec in ISE
Cisco ISE as controller for Software-defined segmentation (groups and policies)
Configuring ISE for Dynamic SGT assignment
Configuring ISE for Static SGT assignment
Configuring Policy Enforcement

Module 8: Cisco StealthWatch Management Console (SMC)

Configuring Host Groups in the SMC
Configuring Flexible NetFlow on Cisco Devices
Verify Netflow Data Collection on SMC
Configuring Cisco StealthWatch and ISE Integration

Module 9: DNA Center Workflow First Step - Design

Creating Enterprise and Sites Hierarchy
Configuring General Network Settings
Loading maps into the GUI
IP Address Management
Software Image Management
Network Device Profiles

Module 10: DNA Center Workflow Second Step - Policy

2-level Hierarchy
Macro Level: Virtual Network (VN)
Micro Level: Scalable Group (SG)
Policy Types - Access Policy, Access Control Policy, Traffic Copy Policy
Cross Domain Policies

Module 11: DNA Center Workflow Third Step - Provision

Devices Onboarding
Discovering Devices
Assigning Devices to a site
Provisioning device with profiles
Fabric Domains
Understanding Fabric Domains
Using Default LAN Fabric Domain
Creating Additional Fabric Domains
Adding Nodes
Adding Fabric Edge Nodes
Adding Control Plane Nodes
Adding Border Nodes

Module 12: DNA Center Workflow Fourth Step – Assurance

Introduction to Analytics
NDP Fundamentals
Overview of DNA Assurance
Components of DNA Assurance
DNA Center Assurance Dashboard

Module 13: Implementing WLAN in SD-Access Solution

WLAN Integration Strategies in SD-Access Fabric
CUWN Wireless Over The Top (OTT)
SD-Access Wireless (Fabric enabled WLC and AP)
SD-Access Wireless Architecture
Control Plane: LISP and WLC
Data Plane: VXLAN
Policy Plane and Segmentation: VN and SGT

Module 14: Implementing Campus Fabric External Connectivity for SD-Access

Role of Border Nodes
Types of Border Nodes - Border, Default Border
Single Border vs. Multiple Border Designs
Collocated Border and Control Plane Nodes
Distributed (separated) Border and Control Plane Nodes
Configuring Border Nodes

Module 15: SDA Migration Strategies

Migrate to SD-Access using a quality-assured process, state-of-the-art tools and proven methodologies
The need for additional planning
Typical considerations
Primary Approaches for migration
Building SD-Access network in parallel and then integrate
Do incremental migrations of access switches into an SD-Access fabric

Labs

Lab 1: Deploy and Setup DNA Center
Lab 2: Deploy and Setup ISE
Lab 3: Deploy and Setup StealthWatch
Lab 4: Integrate ISE with DNA Center
Lab 5: Integrate StealthWatch with SD-Access infrastructure
Lab 6: Performing SD-Access Design Step in DNA Center
Lab 7: Performing SD-Access Policy Step in DNA Center and ISE
Lab 8: Performing SD-Access Provision Step in DNA Center
Lab 9: Integrating WLAN services through SD-Wireless architecture
Lab 10: Deploy and Setup Border Node
Lab 11: Monitoring SDA Operations
Lab 12: Troubleshooting SDA Operations

Cisco Securing Cisco Digital Network Architecture (DNA) DNASEC