Securing Cisco Digital Network Architecture (DNA) (DNASEC)

Detailed Course Outline

Module 1: Introduction to Cisco’s Software Defined Access (SD-Access)

  • DNA Introduction
  • SD-Access Overview
  • SD-Access Benefits
  • SD-Access Key Concepts
  • SD-Access Main Components
    • Campus Fabric
      • Wired
      • Wireless
    • Nodes
      • Edge
      • Border
      • Control Plane
  • DNA Center (Controller)
  • ISE (Policy)
  • StealthWatch (Policy)
  • NDP (Analytics and Assurance)

Module 2: SD-Access Campus Fabric

  • The concept of Fabric
  • Node types
    • Fabric Edge Nodes
    • Control Plane Nodes
    • Border Nodes
  • LISP as protocol for Control Plane
  • Configure LISP for Control Plane
  • VXLAN as protocol for Data Plane
  • Configure VXLAN for Data Plane
  • Virtual Networks (VN)
  • Fabric-enabled WLAN
    • Fabric Enabled WLC
    • Fabric Enabled AP’s
  • SDA-ready Cisco Catalyst LAN Switches
  • Role of Cat9k in Cisco SD-Access solution and deployment models as border, control and edge nodes

Module 3: DNA Center and Workflow for SD-Access

  • Introduction to DNA Center
  • Workflow for SD-Access in DNA Center
    • Design Step overview
    • Policy Step overview
    • Provision Step overview
    • Assurance Step overview
  • Integration with Cisco ISE for Policy Enforcement
  • Integration with Cisco StealthWatch for Policy Enforcement
  • Integration with Cisco NDP for Analytics and Assurance

Module 4: Deployment and initial setup for DNA Center

  • Requirements
  • Deployment Procedure
  • Initial Setup
  • GUI Navigation

Module 5: Deployment and initial setup for ISE and Integrate with DNA Center

  • Introduction to Cisco ISE
  • Requirements
  • Cisco ISE Deployment Models
  • Deployment Procedure
  • Initial Setup
  • GUI Navigation
  • Integration with DNA Center

Module 6: Deploy Netflow Collector and StealthWatch Management Center (SMC)

  • Introduction to Netflow and SMC
  • Requirements
  • Deployment Procedure
  • Initial Setup
  • GUI Navigation
  • Integration with DNA Center / SD Access

Module 7: Implementing Policy Plane using Cisco TrustSec for Segmentation

  • Cisco TrustSec phases
    • Classification
    • Propagation
    • Enforcement
  • Configuring Classification
  • Configuring SGT tag propagation
  • Configure Enforcement
  • Introducing Cisco TrustSec in ISE
  • Cisco ISE as controller for Software-defined segmentation (groups and policies)
    • Configuring ISE for Dynamic SGT assignment
    • Configuring ISE for Static SGT assignment
    • Configuring Policy Enforcement

Module 8: Cisco StealthWatch Management Console (SMC)

  • Configuring Host Groups in the SMC
  • Configuring Flexible NetFlow on Cisco Devices
  • Verify Netflow Data Collection on SMC
  • Configuring Cisco StealthWatch and ISE Integration

Module 9: DNA Center Workflow First Step - Design

  • Creating Enterprise and Sites Hierarchy
  • Configuring General Network Settings
  • Loading maps into the GUI
  • IP Address Management
  • Software Image Management
  • Network Device Profiles

Module 10: DNA Center Workflow Second Step - Policy

  • 2-level Hierarchy
    • Macro Level: Virtual Network (VN)
    • Micro Level: Scalable Group (SG)
  • Policy Types
    • Access Policy
    • Access Control Policy
    • Traffic Copy Policy
  • Cross Domain Policies

Module 11: DNA Center Workflow Third Step - Provision

  • Devices Onboarding
    • Discovering Devices
    • Assigning Devices to a site
    • Provisioning device with profiles
  • Fabric Domains
    • Understanding Fabric Domains
    • Using Default LAN Fabric Domain
    • Creating Additional Fabric Domains
  • Adding Nodes
    • Adding Fabric Edge Nodes
    • Adding Control Plane Nodes
    • Adding Border Nodes

Module 12: DNA Center Workflow Fourth Step – Assurance

  • Introduction to Analytics
  • NDP Fundamentals
  • Overview of DNA Assurance
  • Components of DNA Assurance
  • DNA Center Assurance Dashboard

Module 13: Implementing WLAN in SD-Access Solution

  • WLAN Integration Strategies in SD-Access Fabric
    • CUWN Wireless Over The Top (OTT)
    • SD-Access Wireless (Fabric enabled WLC and AP)
  • SD-Access Wireless Architecture
    • Control Plane: LISP and WLC
    • Data Plane: VXLAN
    • Policy Plane and Segmentation: VN and SGT

Module 14: Implementing Campus Fabric External Connectivity for SD-Access

  • Role of Border Nodes
  • Types of Border Nodes
    • Border
    • Default Border
  • Single Border vs. Multiple Border Designs
  • Collocated Border and Control Plane Nodes
  • Distributed (separated) Border and Control Plane Nodes
  • Configuring Border Nodes

Module 15: SDA Migration Strategies

  • Migrate to SD-Access using a quality-assured process, state-of-the-art tools and proven methodologies
  • The need for additional planning
    • Typical considerations
    • Primary Approaches for migration
      • Building SD-Access network in parallel and then integrate
      • Do incremental migrations of access switches into an SD-Access fabric