Tech Update Oktober Rene Andersen / Ib Hansen
|
|
- Christiana Harrington
- 6 years ago
- Views:
Transcription
1 Tech Update Oktober 2017 Rene Andersen / Ib Hansen
2 DNA Solution Cisco Enterprise Portfolio DNA Center Simple Workflows DESIGN PROVISION POLICY ASSURANCE Identity Services Engine DNA Center APIC-EM Network Data Platform Routers Switches Wireless Controllers Wireless APs
3 Key Concepts What is Software Defined Access?
4 4
5 What is SD-Access? Campus Fabric + DNA Center (Automation & Assurance) ISE APIC-EM 1.X 2.0 DNA Center NDP SD-Access Available Aug 2017 GUI approach provides automation & assurance of all Fabric configuration, management and group-based policy. Leverages DNA Center to integrate external Service Apps, to orchestrate your entire LAN, Wireless LAN and WAN access network. B B Campus Fabric Shipping Now Campus Fabric C CLI or API form of the new overlay Fabric solution for your enterprise Campus access networks. CLI approach provides backwards compatibility and customization, Box-by-Box. API approach provides automation via NETCONF / YANG. APIC-EM, ISE, NDP are all separate. 5
6 Roles & Terminology What is Software Defined Access? 1. High-Level View 2. Roles & Platforms 3. Fabric Constructs
7 What is SD-Access? Fabric Roles & Terminology Identity Services Fabric Border Nodes Intermediate Nodes (Underlay) Fabric Edge Nodes ISE B APIC-EM B Campus Fabric NDP C DNA Controller Analytics Engine Fabric Wireless Controller Control-Plane Nodes DNA Controller Enterprise SDN Controller (e.g. DNA Center) provides GUI management and abstraction via Apps that share context Identity Services External ID System(s) (e.g. ISE) are leveraged for dynamic Endpoint to Group mapping and Policy definition Analytics Engine External Data Collector(s) (e.g. NDP) are leveraged to analyze Endpoint to App flows and monitor fabric status Control-Plane Nodes Map System that manages Endpoint to Device relationships Fabric Border Nodes A Fabric device (e.g. Core) that connects External L3 network(s) to the SDA Fabric Fabric Edge Nodes A Fabric device (e.g. Access or Distribution) that connects Wired Endpoints to the SDA Fabric Fabric Wireless Controller A Fabric device (WLC) that connects Wireless Endpoints to the SDA Fabric 7
8 Roles & Terminology What is Software Defined Access? 1. High-Level View 2. Roles & Platforms 3. Fabric Constructs
9 SD-Access Fabric Control-Plane Nodes A Closer Look Control-Plane Node runs a Host Tracking Database to map location information A simple Host Database that maps Endpoint IDs to a current Location, along with other attributes Host Database supports multiple types of Endpoint ID lookup types (IPv4, IPv6 or MAC) Known Networks C Unknown Networks Receives Endpoint ID map registrations from Edge and/or Border Nodes for known IP prefixes Resolves lookup requests from Edge and/or Border Nodes, to locate destination Endpoint IDs 9 9
10 SD-Access Control-Plane Platform Support Catalyst 3K Catalyst 9500 NEW Catalyst 6K ASR1K, ISR4K & CSRv Catalyst /10G SFP 10/40G NM Cards IOS-XE Catalyst /40G SFP/QSFP 10/40G NM Cards IOS-XE Catalyst 6800 Sup2T/6T 6880-X or 6840-X IOS SY+ CSRv ASR 1000-X/HX ISR 4430/4450 IOS-XE
11 SD-Access Fabric Edge Nodes A Closer Look Edge Node provides first-hop services for Users / Devices connected to the Fabric Responsible for Identifying and Authenticating Endpoints (e.g. Static, 802.1X, Active Directory) Register the specific Endpoint ID info (e.g. /32 or /128) with the Control-Plane Node(s) Known Networks C Unknown Networks Provide an Anycast L3 Gateway for connected Endpoints (same IP address on all Edge nodes) Performs encapsulation / de-encapsulation of data traffic to and from all connected Endpoints 11 11
12 SD-Access Edge Node Platform Support NEW Catalyst 9300 Catalyst 3K Catalyst 3650/3850 1/MGIG RJ45 10/40G NM Cards IOS-XE NEW Catalyst /MGIG RJ45 10/40/mG NM Cards IOS-XE Catalyst 4K Catalyst 4500 Sup8E/9E (Uplinks) 4700 Cards (Down) IOS-XE Catalyst 9400 Catalyst 9400 Sup1E 9400 Cards IOS-XE
13 SD-Access Fabric Border Nodes A Closer Look Border Node is an Entry / Exit point for all data traffic going In / Out of the Fabric There are 2 Types of Border Node! Fabric Border Used for Known Routes in your company! C? Known Networks B B Unknown Networks Default Border Used for Unknown Routes outside your company 13 13
14 SD-Access Fabric Border Nodes A Closer Look Fabric Border advertises Endpoints to outside, and known Subnets to inside Connects to any known IP subnets attached to the outside network (e.g. DC, WLC, FW, etc.) Exports all internal IP Pools to outside (as aggregate), using a traditional IP routing protocol(s). Known Networks B C B Unknown Networks Imports and registers (known) IP subnets from outside, into the Control-Plane Map System Hand-off requires mapping the context (VRF & SGT) from one domain to another
15 SD-Access Fabric Border Nodes A Closer Look Default Border is a Gateway of Last Resort for unknown destinations Connects to any unknown IP subnets (e.g. Internet) Exports all internal IP Pools outside (as aggregate) into traditional IP routing protocol(s). Known Networks B C B Unknown Networks Does NOT import unknown routes. It is a default exit, if no other entry available in Control-Plane. Hand-off requires mapping the context (VRF & SGT) from one domain to another
16 SD-Access Border Node Platform Support Catalyst 3K Catalyst 9500 NEW Catalyst 6K ASR1K & ISR4K Nexus 7K Catalyst /10G SFP+ 10/40G NM Cards IOS-XE Catalyst G QSFP 10/40G NM Cards IOS-XE Catalyst 6800 Sup2T/6T 6880-X or 6840-X IOS SY+ ASR 1000-X/HX ISR 4430/4450 1/10G/40G IOS-XE Nexus 7700 Sup2E M3 Cards NXOS
17 Roles & Terminology What is Software Defined Access? 1. High-Level View 2. Roles & Platforms 3. Fabric Constructs
18 SD-Access Fabric Virtual Network A Closer Look Virtual Network maintains a separate Routing & Switching instance for each VN Control-Plane uses Instance ID to maintain separate VRF topologies ( Default VRF is Instance ID 4097 ) Nodes add VNID to the Fabric encapsulation Known Networks Unknown Networks Endpoint ID prefixes (Host Pools) are advertised within one (or more) Virtual Networks Uses standard vrf definition configuration, along with RD & RT for remote advertisement (Border Node) VN A VN B VN C 18 18
19 SD-Access Fabric Scalable Groups A Closer Look Scalable Group is a logical ID object to group Users and/or Devices CTS uses Scalable Groups to ID and assign a unique Scalable Group Tag (SGT) to Host Pools Nodes add SGT to the Fabric encapsulation Known Networks Unknown Networks CTS SGTs used to manage address-independent Group-Based Policies SG 1 SG 4 SG 7 Edge or Border Nodes use SGT to enforce local Scalable Group ACLs (SGACLs) SG 2 SG 3 SG 5 SG 6 SG 8 SG
20 SD-Access Fabric Host Pools A Closer Look Host Pool provides basic IP functions necessary for attached Endpoints Edge Nodes use a Switch Virtual Interface (SVI), with IP Address /Mask, etc. per Host Pool Fabric uses Dynamic EID mapping to advertise each Host Pool (per Instance ID) Known Networks Unknown Networks Fabric Dynamic EID allows Host-specific (/32, /128, MAC) advertisement and mobility Pool 2 Pool 1 Pool 3 Pool 5 Pool 4 Pool 6 Pool 8 Pool 7 Pool 9 Host Pools can be assigned Dynamically (via Host Authentication) and/or Statically (per port) 3420
21 Campus Fabric Virtual Network A Closer Look Anycast GW provides a single L3 Default Gateway for IP capable endpoints Similar principles and behavior as HSRP / VRRP with a shared Virtual IP and MAC address The same Switch Virtual Interface (SVI) is present on EVERY Edge, with the same Virtual IP and MAC Known Networks Unknown Networks Control-Plane with Fabric Dynamic EID mapping creates a Host (Endpoint) to Edge relationship If (when) a Host moves from Edge 1 to Edge 2, it does not need to change it s IP Default Gateway! GW GW GW 2121
22 Fabric Fundamentals What is Campus Fabric? 1. Fabric Basics 2. Control-Plane 3. Data-Plane 4. Policy-Plane
23 SD-Access What exactly is a Fabric? A Fabric is an Overlay An Overlay network is a logical topology used to virtually connect devices, built on top of some arbitrary physical Underlay topology. An Overlay network network often uses alternate forwarding attributes to provide additional services, not provided by the Underlay. Examples of Network Overlays GRE or mgre LISP MPLS or VPLS OTV IPSec or DMVPN DFA CAPWAP ACI 23 15
24 SD-Access Fabric Terminology Overlay Network Overlay Control Plane Encapsulation Edge Device Edge Device Hosts (End-Points) Underlay Network Underlay Control Plane 24
25 SD-Access Fabric Underlay Manual vs. Automated Manual Underlay You can reuse your existing IP network as the Fabric Underlay! Key Requirements IP reach from Edge to Edge/Border/CP Can be L2 or L3 We recommend L3 Can be any IGP We recommend ISIS Key Considerations MTU (Fabric Header adds 50B) Latency (RTT of =/< 100ms) Automated Underlay Prescriptive fully automated Global and IP Underlay Provisioning! Key Requirements Leverages standard PNP for Bootstrap Assumes New / Erased Configuration Uses a Global Underlay Address Pool Key Considerations PNP pre-setup is required 100% Prescriptive (No Custom) 25
26 Fabric Fundamentals What is Campus Fabric? 1. Fabric Basics 2. Control-Plane 3. Data-Plane 4. Policy-Plane
27 SD-Access Campus Fabric - Key Components 1. Control-Plane based on LISP 2. Data-Plane based on VXLAN 3. Policy-Plane based on CTS Key Differences L2 + L3 Overlay -vs- L2 or L3 Only Host Mobility with Anycast Gateway Adds VRF + SGT into Data-Plane Virtual Tunnel Endpoints (Automatic) NO Topology Limitations (Basic IP) 2727
28 SD-Access Fabric Key Components LISP 1. Control-Plane based on LISP Host Mobility Routing Protocols = Big Tables & More CPU with Local L3 Gateway LISP DB + Cache = Small Tables & Less CPU with Anycast L3 Gateway BEFORE IP Address = Location + Identity Prefix Next-hop Prefix Next-hop Endpoint Routes are Consolidated to LISP DB AFTER Separate Identity from Location Prefix Next-hop Prefix RLOC Mapping Database Prefix Next-hop Prefix Next-hop Prefix Next-hop Topology + Endpoint Routes Only Local Routes Topology Routes Endpoint Routes 2828
29 Fabric Fundamentals What is Campus Fabric? 1. Fabric Basics 2. Control-Plane 3. Data-Plane 4. Policy-Plane
30 SD-Access Fabric Key Components VXLAN 1. Control-Plane based on LISP 2. Data-Plane based on VXLAN ETHERNET IP PAYLOAD ORIGINAL PACKET Supports L3 Overlay ETHERNET ETHERNET IP IP UDP UDP VXLAN LISP ETHERNET IP IP PAYLOAD PAYLOAD PACKET IN LISP PACKET IN VXLAN Supports L2 & L3 Overlay 3030
31 VXLAN-GPO Header MAC-in-IP with VN ID & Group ID Dest. MAC 48 Source MAC 48 Next-Hop MAC Address Src VTEP MAC Address VLAN Type 0x Bytes (4 Bytes Optional) IP Header Misc. Data 72 VLAN ID 16 Protocol 0x11 (UDP) 8 Underlay Outer MAC Header Outer IP Header Ether Type 0x Source Port 16 Header Checksum Source IP Dest. IP Bytes Src RLOC IP Address Dst RLOC IP Address UDP Header VXLAN Header Dest Port UDP Length Checksum 0x Bytes Hash of inner L2/L3/L4 headers of original frame. Enables entropy for ECMP load balancing. UDP 4789 Inner (Original) MAC Header Inner (Original) IP Header VXLAN Flags RRRRIRRR 8 Allows 64K possible SGTs Overlay Original Payload Segment ID VN ID Reserved Bytes Allows 16M possible VRFs 31
32 Fabric Fundamentals What is Campus Fabric? 1. Fabric Basics 2. Control-Plane 3. Data-Plane 4. Policy-Plane
33 SD-Access Fabric Key Components CTS 1. Control-Plane based on LISP 2. Data-Plane based on VXLAN 3. Policy-Plane based on CTS VRF + SGT Virtual Routing & Forwarding Scalable Group Tagging ETHERNET IP UDP VXLAN ETHERNET IP PAYLOAD 3333
34 Cisco TrustSec Simplified access control with Group Based Policy Enforcement Group Based Policies ACLs, Firewall Rules Shared Services Application Servers Propagation Carry Group context through the network using only SGT Enforcement Enterprise Backbone DC Switch or Firewall ISE Classification Static or Dynamic SGT assignments Campus Switch Campus Switch DC switch receives policy for only what is connected Employee Tag Supplier Tag Non-Compliant Employee Voice Voice Employee Supplier Non-Compliant Non-Compliant Tag VLAN A VLAN B 34
35 Packet Flow in SD-Access Fabric VN & SGT in VXLAN-GPO Encapsulation Encapsulation IP Network Decapsulation Edge Node 1 Edge Node 2 VXLAN VXLAN VN ID SGT ID VN ID SGT ID Classification Static or Dynamic VN and SGT assignments Propagation Carry VN and Group context across the network Enforcement Group Based Policies ACLs, Firewall Rules 35
36 Controller Fundamentals What is DNA Center? 1. DNAC Architecture 2. DNAC User Interface 3. DNAC Workflows
37 SD-Access DNA Center Service Components API DNA Center 1.0 API DNA Center Appliance Design Policy Provision Assurance API Cisco ISE 2.3 Identity Services Engine API Cisco APIC-EM 2.0 App Policy Infra Controller EN Module API Cisco NDP 1.0 Network Data Platform NETCONF SNMP SSH AAA RADIUS EAPoL Campus Fabric HTTPS NetFlow Syslogs Cisco Switches Cisco Routers Cisco Wireless 37
38 SD-Access Wireless: why would you care?
39 CUWN Architecture - Centralized Overview Policy Definition Single point of Ingress Enforcement Point to wired network Client keeps for same Wi-Fi IP clients Wireless VLANs are address while roaming centrally defined WLC WLC AAA AD LDAP MDM IPAM DNS NTP SMTP DHCP Anchor WLC Internet Architecture Benefits: Overlay: works on any wired network Simplified Access switch configuration Single point of Ingress for wireless traffic Easy seamless mobility Simplified IP addressing for wireless Centralized Management Easy wireless Guest tunneling solution SW DMZ Policy Definition and Enforcement Point for wired clients Traditional Campus Switch 1 Switch 2 AP1 Traditional switches Customers may NOT like: Limited scalability for East-West traffic Separated policies for wired and wireless Different enforcement point for wired and wireless Lack of visibility between WLC and APs SSID Employee SSID Guest Local mode AP Packet to wired CAPWAP Control & Data EoIP Tunnel 39
40 CUWN Architecture - FlexConnect Overview Data Center Centralized Management for all branches WLC AAA AD LDAP MDM IPAM DNS NTP SMTP DHCP Architecture Benefits: Overlay: works on any wired network Centralized Management / Lean IT Branch cookie cutter configuration Distributed data plane Reduced hardware footprint at the branch Built-in resiliency (WAN survivability for locally switched traffic) SW DMZ Distributed Data plane Traditional switches WAN Internet No Controller at the branch Customers may NOT like: Separated policies for wired and wireless Different enforcement point for wired and wireless No Layer 3 roaming support Limited seamless roaming scope (FlexConnect Group) Additional configuration on the access switch (trunk and allowed VLANs) Flex mode AP CAPWAP Control & Data dot1q trunk Branch 40
41 Converged Access Architecture Overview MC WLC MA Guest Tunnel through the MC WLC AAA AD LDAP MDM IPAM DNS NTP SMTP DHCP Anchor WLC Internet Architecture Benefits Distributed Data Plane: scalability One Policy enforcement point for wired Reduced HW footprint and less devices to manage (branch is the sweet spot) One common software Policies enforced at the edge Wireless traffic visibility at the edge SW DMZ Easy wireless Guest tunneling solution Switch is the Policy Enforcement for wired and wireless SSID Employee CA Network Switch 1 Switch 2 Packet to wired For roaming, traffic is anchored back to the original switch SSID Guest MA Switch with Mobility Agent Local mode AP CAPWAP Control & Data MA to MA tunnels EoIP tunnel Customers may NOT like: Distributed Management plane Multiple wireless touch points Wired and wireless software dependencies Anchoring solutions for seamless mobility Support for Local mode AP only Lack of feature parity with CUWN 41
42 What is the Problem? Policy Model Today Network Policy Enterprise Network QoS Security Redirect/copy Traffic engineering etc. SRC DST PAYLOAD DATA DSCP PROT IP SRC IP DST PORT PORT Policy is based on 5 Tuple Only Transitive information Survives end to end 42
43 What is the Problem? Policy Model Today Network Policy access-list 102 deny udp gt eq 2165 access-list 102 deny udp lt gt 428 access-list 102 permit ip eq gt 1511 access-list 102 deny tcp gt gt 1945 access-list 102 permit icmp lt eq 116 access-list 102 deny udp eq eq 959 access-list 102 deny tcp eq lt 4993 access-list 102 deny tcp eq lt 848 access-list 102 deny ip eq gt 4878 access-list 102 permit icmp lt eq 1216 access-list 102 deny icmp gt gt 1111 access-list 102 deny ip eq eq 4175 access-list 102 permit tcp lt gt 1462 Enterprise Network access-list 102 permit tcp gt lt 4384 SRC DST PAYLOAD DATA DSCP PROT IP SRC IP DST PORT PORT IP ADDRESSES Locate you Identify you Drive treatment Constrain you IP Address meaning OVERLOAD VLAN 20 VLAN 30 SSID D SSID C User/device info? SSID A VLAN 10 VLAN 40 SSID B 43
44 What is the Problem? User Group policy rollout - Today 1. Define Groups in AD Production Servers Developer Servers Multiple Steps and Touch Points LAN Core L3 Switch Trunk WLAN 4. Implement Policy What Trunks if You Need to Add Another Define Group ACLs & Policy? Apply ACLs L2 Switch One SSID AAA DHCP AD 2. Define Policies VLAN/subnet based 3. Implement VLANs/Subnets Create VLANs Define DHCP scope Create subnets and L3 interfaces Routing for new subnets Map SSID to Interface/VLAN 5. Many different User Interfaces. AAA WLC Devices CLI BYOD Employee Contractor 44
45 What is the Problem? User Group policy rollout - Today Production Servers Developer Servers LAN Core AAA DHCP AD Customer requirements Three user Groups One single SSID Differentiated policies per Group Guest segmentation (wired and wireless) Network Touch Points L3 Switch L2 Switch Trunks Trunk One SSID WLC Customer Policy Customer Policy requirements: Employee BYOD Contractor Production Serv. Developer Serv. BYOD Employee Contractor 45
46 SD-Access Wireless Architecture
47 SD-Access Fabric Architecture Roles and Terminology Group Repository Fabric Border Intermediate Nodes (Underlay) ISE / AD B B C DNA Controller Fabric Mode WLC Control-Plane Nodes DNA Controller Enterprise SDN Controller provides GUI management abstraction via multiple Service Apps, which share information Group Repository External ID Services (e.g.. ISE) is leveraged for dynamic User or Device to Group mapping and policy definition Control-Plane (CP) Node Map System that manages Endpoint ID to Location relationships. Also known as Host Tracking DB (HTDB) Border Nodes A Fabric device (e.g.. Core) that connects External L3 network(s) to the SDA Fabric Edge Nodes A Fabric device (e.g.. Access or Distribution) that connects wired endpoints to the SDA Fabric Fabric Edge Nodes SD-Access Fabric Fabric Mode APs Fabric Wireless Controller Wireless Controller (WLC) fabric-enabled, participate in LISP control plane Fabric Mode APs Access Points that are fabric-enabled. Wireless traffic is VXLAN encapsulated at AP 47
48 SD-Access Wireless Architecture Bringing the best of both architectures by... 1 Simplifying the Control & Management Plane 2 Optimizing the Data Plane 3 Integrating Policy & Segmentation E2E 48
49 SD-Access Wireless Architecture Simplifying the Control Plane CAPWAP Cntrl plane LISP Cntrl plane ISE / AD B DNAC B Policy Abstraction and Configuration Automation WLC Fabric enabled WLC: WLC is part of LISP control plane 1 Automation DNAC simplifies the Fabric deployment, Including the wireless integration component Centralized Wireless Control Plane WLC still provides client session management AP Mgmt, Mobility, RRM, etc. Same operational advantages of CUWN SD-Access Fabric C LISP control plane Management WLC integrates with LISP control plane WLC updates the CP for wireless clients Mobility is integrated in Fabric thanks to LISP CP 49
50 SD-Access Wireless Architecture Optimizing the Data Plane CAPWAP Cntrl plane LISP Cntrl plane VXLAN Data plane ISE / AD B DNAC B SD-Access Fabric Policy Abstraction and Configuration Automation C VXLAN (Data Plane) WLC Fabric enabled WLC: WLC is part of LISP control plane Fabric enabled AP: AP encapsulates Fabric SSID traffic in VXLAN 2 Automation DNAC simplifies the Fabric deployment, Including the wireless integration component Centralized Wireless Control Plane WLC still provides client session management AP Mgmt, Mobility, RRM, etc. Same operational advantages of CUWN LISP control plane Management WLC integrates with LISP control plane WLC updates the CP for wireless clients Mobility is integrated in Fabric thanks to LISP CP Optimized Distributed Data Plane Fabric overlay with Anycast GW + Stretched subnet VLAN extension with no complications All roaming are Layer 2 VXLAN from the AP Carrying hierarchical policy segmentation starting from the edge of the network 50
51 SD-Access Wireless Architecture Optimizing the Data Plane: Stretched subnets A Closer Look 2 Fabric Mode AP integrates with the VXLAN Data Plane Wireless Data Plane is distributed across APs Fabric mode AP is a local mode AP and needs to be directly connected to FE CAPWAP control plane goes to the WLC using Fabric Fabric is enabled per SSID: For Fabric enabled SSID, AP converts traffic to and encapsulates it into VXLAN encoding VNI and SGT info of the client Forwards client traffic based on forwarding table as programmed by the WLC. Usually VXLAN DST is first hop switch. AP applies all wireless specific feature like SSID policies, AVC, QoS, etc. VXLAN (Data) CAPWAP Control plane 51
52 SD-Access Wireless Architecture Simplifying policy and Segmentation 3 VXLAN (Data) FE A C B SD Fabric FE B IP payload IP AP removes the header EID IP payload IP VXLAN UDP underlay IP 2 AP adds the 802.3/VXLAN/underlay IP header 52
53 SD-Access Wireless Architecture Simplifying policy and Segmentation 3 VXLAN (Data) FE A C B SD Fabric FE B R Client SGT Client VRF R EID IP payload IP VXLAN UDP underlay IP Hierarchical Segmentation: 1. Virtual Network (VN) == VRF - isolated Control Plane + Data Plane 2. Scalable Group Tag (SGT) User Group identifier 2 APs embed the Policy information in the VXLAN header and forwards it 53
54 SD-Access Wireless Architecture Simplifying policy and Segmentation 3 VXLAN (Data) FE A C B SD Fabric FE B Client is placed in the right VRF EID IP payload IP VXLAN UDP underlay IP 3 FE removes the outer IP header, looks at the L2 VNID and maps it to the VLAN and L2 LISP instance. Then encapsulates to the destination FE 54
55 SD-Access Wireless Architecture Simplifying policy and Segmentation 3 VXLAN (Data) FE A C B SD Fabric FE B SGT policy is applied Client Policy is carried end to end in the overlay EID IP payload IP VXLAN UDP underlay IP 4 FE removes the outer IP header, looks at the L2 VNID maps it to the VLAN. Also looks at the SGT and apply the policy before forwarding the packet 55
56 SD-Access Wireless Benefits User Group policy rollout Production Servers Developer Servers DNA Center LAN core AAA DHCP AD 1. Define Groups in AD 2. Design and Deploy in DNA-C Create Virtual Network for Corporate Define Policies Role/Group based Apply Policies SGT based L3 Switch Trunk WLC Production Serv. SGT 10 Developer Serv. SGT 20 VN ID Contractor BYOD Employee SGT VXN HDR Fabric SRC Fabric DST Employee SGT 100 Corporate VN L3 Switch BYOD SGT 200 Touch Point Original packet One SSID BYOD Employee Contractor Contractor SGT Upon user authentication, Policy is automatically applied and carried end to end 56
57 SD-Access Wireless Benefits User Group policy rollout Production Servers Developer Servers IoT/HVAC Virtual Network L3 Switch Guest Virtual Network Corporate VN L3 Switch DNA Center LAN core Trunk AAA DHCP AD WLC 1. Define Groups in AD 2. Design and Deploy in DNA-C Create Virtual Network for Corporate Define Policies Role/Group based Apply Policies SGT based Employee SGT 100 BYOD SGT 200 Production Serv. SGT 10 One Touch Point Developer Serv. SGT 20 Touch Point One SSID BYOD Employee Contractor Contractor SGT Upon user authentication, Policy is automatically applied and carried end to end 57
58 What products make this Architecture?
59 SD-Access Fabric Wireless Platform Support 3504 WLC NEW 5520 WLC 8540 WLC Wave 2 APs *with Caveats Wave 1 APs AIR-CT3504 1G/mGig AireOS 8.5+ AIR-CT5520 No G/10G SFP+ AireOS 8.5+ AIR-CT supported 1G/10G SFP+ AireOS /2800/ ac Wave2 APs 1G/MGIG RJ45 AireOS /2700/ ac Wave1 APs* 1G RJ45 AireOS
60 SD-Access Wireless Design Considerations
61 Wireless Integration in SDA Fabric CUWN wireless Over The Top (OTT) SD-Access Wireless ISE / AD APIC-EM ISE / AD APIC-EM B B Non-Fabric WLC CAPWAP Cntrl plane B B Fabric enabled WLC CAPWAP Cntrl & Data SD-Access Fabric C VS. VXLAN Data plane SD-Access Fabric C Non-Fabric APs Fabric enabled APs CAPWAP for Control Plane and Data Plane SDA Fabric is just a transport Supported on any WLC/AP software and hardware Migration step to full SDA CAPWAP Control Plane, VXLAN Data plane WLC/APs integrated in Fabric, SD-Access advantages Requires software upgrade (8.5+) Optimized for ac Wave 2 APs
62 CUWN Over the Top (OTT) Definition: Wireless OTT: this CAPWAP wireless overlay to Fabric: traditional CAPWAP deployment connected to Fabric overlay. Fabric is a transport for CAPWAP Why wireless OTT? Migration step: customers wants/need to first migrate wired (different Ops teams managing wired and wireless, get familiar with Fabric, different buying cycles, etc.) Longer term solution: customer doesn t want/cannot migrate to Fabric (new software, no n, wireless too critical to make changes) CAPWAP tunnel SD-Access Fabric Non Fabric AP Non Fabric WLC
63 Key Takeaways
64 SDA for Mobility Innovate Faster with Fabric-Enabled Wireless DNA Center Software Defined Wireless Centralized management across wired-wireless Seamless L2 roam across Campus Consistent Policy for Wired/Wireless Secure Policy based Automation Optimized distributed traffic flows for future scalability Simplified enablement of Wi-Fi Services Policy stays with user Simplified Provisioning Optimized data plane with Campus-Wide Roaming Easy end to end Virtualization Wired and Wireless and Segmentation Policy Consistency 64
65 SD-Access Wireless NDP and Assurance
66 Network quality is a complex, end-to-end problem Affects Join/Roam Affects Quality/Throughput Client firmware Affects Both* WAN Uplink usage Affects Both*... Affects Quality/Throughput End-User services Affects Both* Configuration AP coverage Client density Affects Both* WLC Capacity Affects Both* Affects Quality/Throughput Affects Join/Roam WAN QoS, Routing,... Authentication RF Noise/Interf. Affects Join/Roam Addressing CUCM ISE WAN DHCP Mobile clients APs Office site Network services DC Cisco Prime Local WLCs * Both = Join/roam and quality/throughput
67
68 Predict performance in wireless Components of DNA Assurance Test your network anywhere at any time Synthetic tests on both network and application performance across wired and wireless network provide proactive monitoring capability - Various options: AP as a sensor, XOR radio, dedicated sensor (AP1800) Access point - Intelligent algorithm identifies excessive radios and transparently converts those into sensor mode without client effect R1 AP as a sensor Dedicated Sensor Flexible Radio Sensors act as clients Real clients
69 Wi-Fi analytics building the network intuitive Crowdsource device telemetry to enable of network Automatically correlate client and network data to provide insights Deliver resolution of issues and faster
70 Client as a sensor (IOS 10)
71 Client as a sensor (IOS 11) Sendt fra IOS 11 Device
72 Client as a sensor (IOS 11)
73 Key Takeaways
74 Software-Defined Access Summary Manage Business Outcomes Instead of Managing the Network Policy Automation Use policy-based automated provisioning from edge to cloud. Services Enablement Quickly enable network services across a complete ecosystem Network Analytics Look at the entire network as a single entity and find problems before your users do. Lower OpEx DNAC automates the Design, Policy and Provision Brownfield Integration for investment protection Policy-based Automation Complete Network Visibility Fast, Easy Service Enablement 74
75 Thank you
SD-Access Wireless: why would you care?
SD-Access Wireless: why would you care? CUWN Architecture - Centralized Overview Policy Definition Enforcement Point for Wi-Fi clients Client keeps same IP address while roaming WLC Single point of Ingress
More informationVeč kot SDN - SDA arhitektura v uporabniških omrežjih
Več kot SDN - SDA arhitektura v uporabniških omrežjih Aleksander Kocelj SE Cisco Agenda - Introduction to Software Defined Access - Brief description on SDA - Cisco SDA Assurance - DEMO 2 New Requirements
More informationCisco Campus Fabric Introduction. Vedran Hafner Systems engineer Cisco
Cisco Campus Fabric Introduction Vedran Hafner Systems engineer Cisco Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching VLANs) Network
More informationEvolving your Campus Network with. Campus Fabric. Shawn Wargo. Technical Marketing Engineer BRKCRS-3800
Evolving your Campus Network with Campus Fabric Shawn Wargo Technical Marketing Engineer BRKCRS-3800 Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility
More informationSoftware-Defined Access 1.0
Software-Defined Access 1.0 What is Cisco Software-Defined Access? The Cisco Software-Defined Access (SD-Access) solution uses Cisco DNA Center to provide intent-based policy, automation, and assurance
More informationCisco.Network.Intuitive FastLane IT Forum. Andreas Korn Systems Engineer
Cisco.Network.Intuitive FastLane IT Forum Andreas Korn Systems Engineer 12.10.2017 Ziele dieser Session New Era of Networking - Was ist darunter zu verstehen? Software Defined Access Wie revolutioniert
More informationCampus Fabric. How To Integrate With Your Existing Networks. Kedar Karmarkar - Technical Leader BRKCRS-2801
Campus Fabric How To Integrate With Your Existing Networks Kedar Karmarkar - Technical Leader Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o
More informationCisco Software Defined Access (SDA)
Cisco Software Defined Access (SDA) Transformational Approach to Network Design & Provisioning Sanjay Kumar Regional Manager- ASEAN, Cisco Systems What is network about? Source: google.de images Security
More informationCisco Software-Defined Access
Migration Guide Cisco Software-Defined Access 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 31 Contents Cisco SD-Access... 3 Evolution of Networking
More informationSoftware-Defined Access 1.0
White Paper Software-Defined Access 1.0 Solution White Paper Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA https://www.cisco.com/ Tel: 408 526-4000 800 553-NETS
More informationSoftware-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Enabling SD-Access Wireless (GUI), page 8 Configuring SD-Access Wireless VNID (GUI), page 9 Configuring SD-Access Wireless WLAN (GUI),
More informationDNA Campus Fabric. How to Migrate The Existing Network. Kedar Karmarkar - Technical Leader BRKCRS-2801
DNA Campus Fabric How to Migrate The Existing Network Kedar Karmarkar - Technical Leader Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching
More informationSD-Access Wireless Design and Deployment Guide
SD-Access Wireless Design and Deployment Guide Executive Summary 2 Software Defined Access 2 SD Access Wireless 3 SD Access Wireless Architecture 4 Setting up SD-Access Wireless with DNAC 13 SD Access
More informationSoftware-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Enabling SD-Access Wireless (GUI), page 8 Configuring SD-Access Wireless VNID (GUI), page 9 Configuring SD-Access Wireless WLAN (GUI),
More informationSoftware-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Introduction to The Enterprise Fabric provides end-to-end enterprise-wide segmentation, flexible subnet addressing, and controller-based
More informationSoftware-Defined Access Design Guide
Cisco Validated design Software-Defined Access Design Guide December 2017 Solution 1.1 Table of Contents Table of Contents Cisco Digital Network Architecture and Software-Defined Access Introduction...
More informationCampus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)
Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches) First Published: 2017-07-31 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706
More informationCampus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 3650 Switches)
Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 3650 Switches) First Published: 2017-07-31 Last Modified: 2017-11-03 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive
More informationP ART 3. Configuring the Infrastructure
P ART 3 Configuring the Infrastructure CHAPTER 8 Summary of Configuring the Infrastructure Revised: August 7, 2013 This part of the CVD section discusses the different infrastructure components that are
More informationCisco SD-Access Policy Driven Manageability
BRKCRS-3811 Cisco SD-Access Policy Driven Manageability Victor Moreno, Distinguished Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationCisco SD-Access Hands-on Lab
LTRCRS-2810 Cisco SD-Access Hands-on Lab Larissa Overbey - Technical Marketing Engineer, Cisco Derek Huckaby - Technical Marketing Engineer, Cisco https://cisco.box.com/v/ltrcrs-2810-bcn2018 Password:
More informationImplementing VXLAN. Prerequisites for implementing VXLANs. Information about Implementing VXLAN
This module provides conceptual information for VXLAN in general and configuration information for layer 2 VXLAN on Cisco ASR 9000 Series Router. For configuration information of layer 3 VXLAN, see Implementing
More informationTHE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017
THE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017 The Network. Intuitive. Constantly learning, adapting and protecting. L E A R
More informationCisco Software-Defined Access
Cisco Software-Defined Access Introducing an entirely new era in networking. What if you could give time back to IT? Provide network access in minutes for any user or device to any application-without
More informationP ART 2. BYOD Design Overview
P ART 2 BYOD Design Overview CHAPTER 2 Summary of Design Overview Revised: August 7, 2013 This part of the CVD describes design considerations to implement a successful BYOD solution and different deployment
More informationConfigure Devices Using Converged Access Deployment Templates for Campus and Branch Networks
Configure Devices Using Converged Access Deployment Templates for Campus and Branch Networks What Are Converged Access Workflows?, on page 1 Supported Cisco IOS-XE Platforms, on page 3 Prerequisites for
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationCisco SD-Access Building the Routed Underlay
Cisco SD-Access Building the Routed Underlay Rahul Kachalia Sr. Technical Leader Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
More informationRouting Underlay and NFV Automation with DNA Center
BRKRST-1888 Routing Underlay and NFV Automation with DNA Center Prakash Rajamani, Director, Product Management Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationEnterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.
2 CHAPTER Cisco's Disaster Recovery as a Service (DRaaS) architecture supports virtual data centers that consist of a collection of geographically-dispersed data center locations. Since data centers are
More informationDNA SA Border Node Support
Digital Network Architecture (DNA) Security Access (SA) is an Enterprise architecture that brings together multiple building blocks needed for a programmable, secure, and highly automated fabric. Secure
More informationNext Gen Enterprise Management and Operations with Cisco DNA
Next Gen Enterprise Management and Operations with Cisco DNA Ramit Kanda Director PM, Enterprise Network Transformation Prakash Rajamani Director PM, Enterprise Network Transformation BRKNMS 1601 Cisco
More informationCertKiller q
CertKiller.500-451.28q Number: 500-451 Passing Score: 800 Time Limit: 120 min File Version: 5.3 500-451 Cisco Unified Access Systems Engineer Exam I just passed today with 89%. My sole focus was the VCE.
More informationNetwork as an Enforcer (NaaE) Cisco Services. Network as an Enforcer Cisco and/or its affiliates. All rights reserved.
Network as an Enforcer (NaaE) Cisco Services INTRODUCTION... 6 Overview of Network as an Enforcer... 6 Key Benefits... 6 Audience... 6 Scope... 6... 8 Guidelines and Limitations... 8 Configuring SGACL
More informationImplementing VXLAN in DataCenter
Implementing VXLAN in DataCenter LTRDCT-1223 Lilian Quan Technical Marketing Engineering, INSBU Erum Frahim Technical Leader, ecats John Weston Technical Leader, ecats Why Overlays? Robust Underlay/Fabric
More informationCisco Enterprise Silicon
Cisco Enterprise Silicon Delivering Innovation for Advanced Routing and Switching Dave Zacks Peter Jones BRKARC-3467 Distinguished System Engineer Principal Engineer @DaveZacks @petergjones #HighBitRate
More informationCisco SD-Access: Enterprise Networking Made Fast and Flexible. November 2017
Cisco SD-Access: Enterprise Networking Made Fast and Flexible November 2017 Executive Summary Enterprise networking remains a lot harder than it needs to be. For far too long, enterprises have wrestled
More informationData Center Configuration. 1. Configuring VXLAN
Data Center Configuration 1. 1 1.1 Overview Virtual Extensible Local Area Network (VXLAN) is a virtual Ethernet based on the physical IP (overlay) network. It is a technology that encapsulates layer 2
More informationINTRODUCTION 2 DOCUMENT USE PREREQUISITES 2
Table of Contents INTRODUCTION 2 DOCUMENT USE PREREQUISITES 2 LISP MOBILITY MODES OF OPERATION/CONSUMPTION SCENARIOS 3 LISP SINGLE HOP SCENARIO 3 LISP MULTI- HOP SCENARIO 3 LISP IGP ASSIT MODE 4 LISP INTEGRATION
More informationIntelligent WAN Multiple VRFs Deployment Guide
Cisco Validated design Intelligent WAN Multiple VRFs Deployment Guide September 2017 Table of Contents Table of Contents Deploying the Cisco Intelligent WAN... 1 Deploying the Cisco IWAN Multiple VRFs...
More informationMulti-site Datacenter Network Infrastructures
Multi-site Datacenter Network Infrastructures Petr Grygárek rek 2009 Petr Grygarek, Advanced Computer Networks Technologies 1 Why Multisite Datacenters? Resiliency against large-scale site failures (geodiversity)
More informationCisco Virtual Networking Solution for OpenStack
Data Sheet Cisco Virtual Networking Solution for OpenStack Product Overview Extend enterprise-class networking features to OpenStack cloud environments. A reliable virtual network infrastructure that provides
More informationVXLAN Overview: Cisco Nexus 9000 Series Switches
White Paper VXLAN Overview: Cisco Nexus 9000 Series Switches What You Will Learn Traditional network segmentation has been provided by VLANs that are standardized under the IEEE 802.1Q group. VLANs provide
More informationSupported Platforms for Cisco Path Trace, Release x. This document describes the supported platforms for the Cisco Path Trace, Release x.
Cisco Path Trace Application for APIC-EM Supported Platforms, Release 1.5.0.x First Published: 2017-06-23, Release 1.5.0.x This document describes the supported platforms for the Cisco Path Trace, Release
More informationIdentity Based Network Access
Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor
More informationSecuring BYOD with Cisco TrustSec Security Group Firewalling
White Paper Securing BYOD with Cisco TrustSec Security Group Firewalling Getting Started with TrustSec What You Will Learn The bring-your-own-device (BYOD) trend can spur greater enterprise productivity
More informationTransforming the Network for the Digital Business
Transforming the Network for the Digital Business Driven by Software Defined Platforms Hugo Padilla Prad Enterprise Networks Digital Acceleration Team CCIE Emeritus #12444 Cisco Forum Kiev, November 14
More informationCisco Exam Questions & Answers
Cisco 648-375 Exam Questions & Answers Number: 648-375 Passing Score: 800 Time Limit: 120 min File Version: 22.1 http://www.gratisexam.com/ Cisco 648-375 Exam Questions & Answers Exam Name: Cisco Express
More informationCVP Enterprise Cisco SD-WAN Retail Profile (Hybrid WAN, Segmentation, Zone-Based Firewall, Quality of Service, and Centralized Policies)
CVP CVP Enterprise Cisco SD-WAN Retail Profile (Hybrid WAN, Segmentation, Zone-Based Firewall, Quality of Service, and Centralized Policies) 2018 Cisco and/or its affiliates. All rights reserved. This
More informationIP Mobility Design Considerations
CHAPTER 4 The Cisco Locator/ID Separation Protocol Technology in extended subnet mode with OTV L2 extension on the Cloud Services Router (CSR1000V) will be utilized in this DRaaS 2.0 System. This provides
More informationTrustSec (NaaS / NaaE)
TrustSec (NaaS / NaaE) per@cisco.com Security on top of the mind for our customers 60% 85% 54% of data is stolen in HOURS of point-of-sale intrusions aren t discovered for WEEKS of breaches remain undiscovered
More informationCisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13
Q&A Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13 Q. What is the Cisco Cloud Services Router 1000V? A. The Cisco Cloud Services Router 1000V (CSR 1000V) is a router in virtual
More informationCisco TrustSec Software-Defined Segmentation Platform and Capability Matrix Release 6.3
TrustSec Software-Defined Segmentation Platform and Capability Matrix Release 6.3 TrustSec uniquely builds upon your existing identity-aware infrastructure by enforcing segmentation and access control
More informationNetwork Automation and Branch Agility The Network Helps Enable Digital Business. Rajinder Singh Product Sales Specialist June 2016
Network Automation and Branch Agility The Network Helps Enable Digital Business Rajinder Singh Product Sales Specialist June 2016 Agenda WAN Market Drivers Cisco Intelligent WAN (IWAN) Cisco Intelligent
More informationCisco TrustSec 4.0:How to Create Campus and Branch-Office Segmentation
Ordering Guide TrustSec 4.0:How to Create Campus and Branch-Office Segmentation Ordering Guide November 2013 2013 and/or its affiliates. All rights reserved. This document is Public Information. Page 1
More information2012 Cisco and/or its affiliates. All rights reserved. 1
2012 Cisco and/or its affiliates. All rights reserved. 1 Policy Access Control: Challenges and Architecture UA with Cisco ISE Onboarding demo (BYOD) Cisco Access Devices and Identity Security Group Access
More informationCisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003
Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003 Agenda ACI Introduction and Multi-Fabric Use Cases ACI Multi-Fabric Design Options ACI Stretched Fabric Overview
More informationDeploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC)
Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC) COURSE OVERVIEW: Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent
More informationCCIE Wireless v3 Lab Video Series 1 Table of Contents
CCIE Wireless v3 Lab Video Series 1 Table of Contents Section 1: Network Infrastructure Layer 2 Technologies VLANs VTP Layer 2 Interfaces DTP Spanning Tree- Root Election Spanning Tree- Path Control Spanning
More informationPerforming Path Traces
About Path Trace, page 1 Performing a Path Trace, page 13 Collecting QoS and Interface Statistics in a Path Trace, page 15 About Path Trace With Path Trace, the controller reviews and collects network
More informationOptimizing Layer 2 DCI with OTV between Multiple VXLAN EVPN Fabrics (Multifabric)
White Paper Optimizing Layer 2 DCI with OTV between Multiple VXLAN EVPN Fabrics (Multifabric) What You Will Learn This document describes how to achieve a VXLAN EVPN multifabric design by integrating Virtual
More informationAPIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks
APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks Saurav Prasad Technical Marketing Engineer CTHNMS-1002 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after
More informationVXLAN Design with Cisco Nexus 9300 Platform Switches
Guide VXLAN Design with Cisco Nexus 9300 Platform Switches Guide October 2014 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 39 Contents What
More informationCisco Group Based Policy Platform and Capability Matrix Release 6.4
Group d Policy Platform and Capability Matrix Release 6.4 (inclusive of TrustSec Software-Defined Segmentation) Group d Policy (also known as TrustSec Software-Defined Segmentation) uniquely builds upon
More informationAutomatisierung im LAN Der Start in eine neue Ära des Networkings
Automatisierung im LAN Der Start in eine neue Ära des Networkings Thomas Spiegel Consulting Systems Engineer September 2017 Cisco Disclaimer Cisco Roadmap Disclaimer. Some of the products and features
More informationPassTorrent. Pass your actual test with our latest and valid practice torrent at once
PassTorrent http://www.passtorrent.com Pass your actual test with our latest and valid practice torrent at once Exam : 352-011 Title : Cisco Certified Design Expert Practical Exam Vendor : Cisco Version
More informationCiprian Stroe Senior Presales Consultant, CCIE# Cisco and/or its affiliates. All rights reserved.
Ciprian Stroe Senior Presales Consultant, CCIE#45766 2015 Cisco and/or its affiliates. All rights reserved. Complete cloud-managed networking solution Wireless, switching, security, MDM Integrated hardware,
More informationCisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide
Cisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide Introduction This is the first of a series of documents on the design and implementation of a wireless
More informationPorts and Interfaces. Ports. Information About Ports. Ports, page 1 Link Aggregation, page 5 Interfaces, page 10
Ports, page 1 Link Aggregation, page 5 Interfaces, page 10 Ports Information About Ports A port is a physical entity that is used for connections on the Cisco WLC platform. Cisco WLCs have two types of
More informationOpenFlow: What s it Good for?
OpenFlow: What s it Good for? Apricot 2016 Pete Moyer pmoyer@brocade.com Principal Solutions Architect Agenda SDN & OpenFlow Refresher How we got here SDN/OF Deployment Examples Other practical use cases
More informationCisco Software-Defined Access. Enabling Intent-based Networking
Cisco Software-Defined Access Enabling Intent-based Networking Table of contents Preface Authors Acknowledgments Organization of this book Intended Audience Book Writing Methodology 6 7 8 9 10 11 Introduction
More informationExam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.
Exam Code: 700-303 Number: 700-303 Passing Score: 800 Time Limit: 120 min File Version: 41.2 http://www.gratisexam.com/ Exam Code: 700-303 Exam Name: Advanced Borderless Network Architecture Systems Engineer
More informationSegmentation. Threat Defense. Visibility
Segmentation Threat Defense Visibility Establish boundaries: network, compute, virtual Enforce policy by functions, devices, organizations, compliance Control and prevent unauthorized access to networks,
More informationDeploying LISP Host Mobility with an Extended Subnet
CHAPTER 4 Deploying LISP Host Mobility with an Extended Subnet Figure 4-1 shows the Enterprise datacenter deployment topology where the 10.17.1.0/24 subnet in VLAN 1301 is extended between the West and
More informationCisco SD-WAN and DNA-C
Cisco SD-WAN and DNA-C SD-WAN Cisco SD-WAN Intent-based networking for the branch and WAN 4x Improved application experience Better user experience Deploy applications in minutes on any platform with consistent
More informationCisco 440X Series Wireless LAN Controllers Deployment Guide
Cisco 440X Series Wireless LAN Controllers Deployment Guide Cisco customers are rapidly adopting the Cisco Unified Wireless Network architecture for next generation wireless LAN performance and advanced
More informationIntroduction to External Connectivity
Before you begin Ensure you know about Programmable Fabric. Conceptual information is covered in the Introduction to Cisco Programmable Fabric and Introducing Cisco Programmable Fabric (VXLAN/EVPN) chapters.
More informationTestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE. Modified
TestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE Modified 2017-07-10 TestOut Routing and Switching Pro Outline- English 6.0.x Videos: 133 (15:42:34) Demonstrations: 78 (7:22:19) Simulations:
More informationIntelligent WAN : CVU update
Intelligent WAN : CVU update Deliver enhanced mobile experience at the branch with Intelligent WAN Soren D. Andreasen (sandreas@cisco.com) Technical Solution Architect CCIE# 3252 Agenda IWAN 2.0/2.1 overview
More informationVXLAN Deployment Use Cases and Best Practices
VXLAN Deployment Use Cases and Best Practices Azeem Suleman Solutions Architect Cisco Advanced Services Contributions Thanks to the team: Abhishek Saxena Mehak Mahajan Lilian Quan Bradley Wong Mike Herbert
More informationCisco Integrated Services Virtual Router
Data Sheet Cisco Integrated Services Virtual Router The Cisco Integrated Services Virtual Router (ISRv) is a virtual form-factor Cisco IOS XE Software router that delivers comprehensive WAN gateway and
More informationProblem: Traditional network management tools are limited and do not address network needs
Data Sheet Cisco DNA Center 1.1 Closing the loop with context Cisco DNA Center is the foundational controller and analytics platform at the heart of Cisco s intent-based network. DNA Center 1.0 supported
More informationUniversal Wireless Controller Configuration for Cisco Identity Services Engine. Secure Access How-To Guide Series
Universal Wireless Controller Configuration for Cisco Identity Services Engine Secure Access How-To Guide Series Author: Hosuk Won Date: November 2015 Table of Contents Introduction... 3 What Is Cisco
More informationMP-BGP VxLAN, ACI & Demo. Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017
MP-BGP VxLAN, ACI & Demo Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017 Datacenter solutions Programmable Fabric Classic Ethernet VxLAN-BGP EVPN standard-based Cisco DCNM Automation Modern
More informationAutomating Enterprise Networks with Cisco DNA Center
White Paper Automating Enterprise Networks with Cisco DNA Center 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 30 Contents Introduction...
More informationChoice of Segmentation and Group Based Policies for Enterprise Networks
Choice of Segmentation and Group Based Policies for Enterprise Networks Hari Holla Technical Marketing Engineer, Cisco ISE BRKCRS-2893 hari_holla /in/hariholla Cisco Spark How Questions? Use Cisco Spark
More informationLicenses & Networking for everybody: DNA
Licenses & Networking for everybody: DNA René Andersen Cisco DK June 8, 2018 2017 Cisco and/or its affiliates. All rights reserved. Cisco. Driving DNA subscriptions across EN DNA subscriptions available
More informationTrustSec Configuration Guides. TrustSec Capabilities on Wireless 8.4 Software-Defined Segmentation through SGACL Enforcement on Wireless Access Points
TrustSec Configuration Guides TrustSec Capabilities on Wireless 8.4 Software-Defined Segmentation through SGACL Enforcement on Wireless Access Points Table of Contents TrustSec Capabilities on Wireless
More informationConfiguring Application Visibility and Control
Information About Application Visibility and Control, page 1 Restrictions for Application Visibility and Control, page 2 (GUI), page 3 (CLI), page 4 Configuring NetFlow, page 5 Information About Application
More informationDeploying Cisco Wireless Enterprise Networks
300-365 Deploying Cisco Wireless Enterprise Networks NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 300-365 Exam on Deploying Cisco Wireless
More informationNetwork Virtualization
Network Virtualization Petr Grygárek 1 Traditional Virtualization Techniques Network Virtualization Implementation of separate logical network environments (Virtual Networks, VNs) for multiple groups on
More informationMobility Groups. Information About Mobility
Information About Mobility, page 1 Information About, page 5 Prerequisites for Configuring, page 10 Configuring (GUI), page 12 Configuring (CLI), page 13 Information About Mobility Mobility, or roaming,
More informationCisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller
Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table
More informationPolicy Defined Segmentation with Cisco TrustSec
Policy Defined Segmentation with Cisco TrustSec Session ID 18PT Rob Bleeker Consulting System Engineer CCIE #: 2926 Abstract This session will explain how TrustSec Security Group Tagging can be used to
More informationExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you
ExamTorrent http://www.examtorrent.com Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you Exam : 400-251 Title : CCIE Security Written Exam (v5.0) Vendor : Cisco Version
More informationEnterprise SD-WAN Financial Profile (Hybrid WAN, Segmentation, Quality of Service, Centralized Policies)
CVP CVP Enterprise SD-WAN Financial Profile (Hybrid WAN, Segmentation, Quality of Service, Centralized Policies) 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
More informationCisco Certified Network Associate ( )
Cisco Certified Network Associate (200-125) Exam Description: The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment that
More informationExam Questions Demo Cisco. Exam Questions
Cisco Exam Questions 300-208 SISAS Implementing Cisco Secure Access Solutions (SISAS) Version:Demo 1. Which functionality does the Cisco ISE self-provisioning flow provide? A. It provides support for native
More informationConverged Access CT 5760 AVC Deployment Guide, Cisco IOS XE Release 3.3
Converged Access CT 5760 AVC Deployment Guide, Cisco IOS XE Release 3.3 Last Updated: November, 2013 Introduction This guide is designed to help you deploy and monitor new features introduced in the IOS
More informationArchitecting Network for Branch Offices with Cisco Unified Wireless
Architecting Network for Branch Offices with Cisco Unified Wireless Karan Sheth - Sr. Technical Marketing Engineer Objective Design & Deploy Branch Network That Increases Business Resiliency 2 Agenda Learn
More information