Cisco Software Defined Access (SDA)

Similar documents
THE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017

Transforming the Network for the Digital Business

Cisco.Network.Intuitive FastLane IT Forum. Andreas Korn Systems Engineer

Več kot SDN - SDA arhitektura v uporabniških omrežjih

SD-Access Wireless: why would you care?

Cisco SD-Access Hands-on Lab

Cisco SD-Access Building the Routed Underlay

Cisco Software-Defined Access

Borderless Networks. Tom Schepers, Director Systems Engineering

Tech Update Oktober Rene Andersen / Ib Hansen

P ART 3. Configuring the Infrastructure

Cisco Campus Fabric Introduction. Vedran Hafner Systems engineer Cisco

Securing BYOD with Cisco TrustSec Security Group Firewalling

Cisco Software-Defined Access

SWITCH Implementing Cisco IP Switched Networks

Cisco Software-Defined Access

Identity Based Network Access

Catalyst update & Local Manufactory. João Castanho, System Engineer Comstor

Routing Underlay and NFV Automation with DNA Center

Licenses & Networking for everybody: DNA

Migration Guide from Cisco Catalyst 3850 Series to 9300 Series

Network Automation and Branch Agility The Network Helps Enable Digital Business. Rajinder Singh Product Sales Specialist June 2016

Cisco ONE Software Overview. October 2017

Converged Access CT 5760 AVC Deployment Guide, Cisco IOS XE Release 3.3

TrustSec (NaaS / NaaE)

Next Gen Enterprise Management and Operations with Cisco DNA

Switching for Intent-Based Networking-Campus, Branch, and Data Center

CCNP SWITCH (22 Hours)

Digital Network Architecture

APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks

Configure Devices Using Converged Access Deployment Templates for Campus and Branch Networks

Cisco Exam Questions & Answers

Cisco ONE for Access Wireless

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

Cisco Digital Network Architecture The Network Helps Enable Digital Business. Aleksandar Stepancev, EN PSS Balkan October 2016

Troubleshooting and Maintaining Cisco IP Networks v2 ( )

SEVENMENTOR TRAINING PVT.LTD

Cisco Digital Network Architecture Center User Guide, Release 1.1

Automatisierung im LAN Der Start in eine neue Ära des Networkings

Software-Defined Access 1.0

Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller

Campus LAN and Wireless LAN Design Guide

CertKiller q

Implementing Cisco IP Switched Networks (SWITCH)

Supported Platforms for Cisco Path Trace, Release x. This document describes the supported platforms for the Cisco Path Trace, Release x.

Cisco ISR G2 Management Overview

Cisco Enterprise Networks

CCNA. The knowledge and skills that a learner must have before attending this course are as follows:

Simplify and automate your network with Cisco DNA

Chapter 3 Lab 3-1, Assembling Maintenance and Troubleshooting Tools

Delivering Enterprise SDN. Now. Simplify and Automate Your Network for Digital Transformation

Cisco DNA. Digital Network Architecture.

2012 Cisco and/or its affiliates. All rights reserved. 1

Software-Defined Access Design Guide

Cisco ONE Software BRKRST Dan Lohmeyer Senior Director, Software Strategy and Operations

Cisco APIC Enterprise Module Simplifies Network Operations

Fundamentals and Deployment of Cisco SD-WAN Duration: 3 Days (24 hours) Prerequisites

Cisco and Molex Digital Building Solution Implementation Guide. October 2018

What s New in Campus Switching

CCNP Switch Questions/Answers Cisco Enterprise Campus Architecture

Cisco Catalyst 9000 Switching Family

NETLOGIC TRAINING CENTER

Cisco ONE New Way Buying & Consuming Cisco NW Software! Thomas Latzer Enterprise Networking Lead Cisco Systems

Exam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.

Building Cisco Multilayer Switched Networks (BCMSN)

Assure the Health of Your Network

P ART 2. BYOD Design Overview

Cisco ONE Enterprise Cloud Suite

Cisco Configuration Assistant

Cisco SD-Access: Enterprise Networking Made Fast and Flexible. November 2017

Cisco Certified Network Professional (CCNP)

Enterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.

Campus Fabric. How To Integrate With Your Existing Networks. Kedar Karmarkar - Technical Leader BRKCRS-2801

IWAN APIC-EM Application Cisco Intelligent WAN

2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Software-Defined Access Wireless

The Next Opportunity in the Data Centre

WHITE PAPER ARUBA SD-BRANCH OVERVIEW

Ciprian Stroe Senior Presales Consultant, CCIE# Cisco and/or its affiliates. All rights reserved.

Software-Defined Access Wireless

Software-Defined Access 1.0

Cisco TrustSec 4.0:How to Create Campus and Branch-Office Segmentation

CAMPUS AND BRANCH RECAP. Ralph Wanders Consulting Systems Engineer

LAN design. Chapter 1

Implementing and Configuring Meraki Technologies (ICMT-CT)

Cisco Actualanswers Exam

Pass-Through Technology

Cisco Virtual Managed Services

One Management Realized, with Cisco Prime Infrastructure Manage Complexity. Manage Effectively. Manage Intelligently. Closing

Problem: Traditional network management tools are limited and do not address network needs

Networking Update. August 2017

Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC)

DCCS Business Breakfast. Walter Greiner Systems Engineer Sales März 2018

Cisco ONE for Access Wireless

Massimiliano Sbaraglia

Enterprise Network Compute System (ENCS)

CCNP (Routing & Switching and T.SHOOT)

Software-Defined Access Wireless

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

Interconnecting Cisco Network Devices: Accelerated

Transcription:

Cisco Software Defined Access (SDA) Transformational Approach to Network Design & Provisioning Sanjay Kumar Regional Manager- ASEAN, Cisco Systems

What is network about? Source: google.de images Security Video Cloud Voice Mobility IOT Data Source: google.de images In the past... Today... What really matters!!!

The Challenge. I want to design and deploy a network. Future ready On time Within budget Manageable Best practices Design options Platform choices

Typical Traditional Campus WAN/BRANCH Internet Data Centre Very powerful and feature rich but: - Complex to operate - Difficult to scale - Difficult to secure - Inflexible and closed architecture - And you manage it all with CLI Access Switches WLC HSRP AVC ETHERCHANNEL CLI ACL FNF L2/L3 Core Switches SPANNING TREE VLANS Aggregation Switches 802.1x Access Points

Traditional Network Design & Build Work Flow spanning-tree mode rapid-pvst spanning-tree portfast bpduguard default udld enable errdisable recovery cause all vtp mode transparent load-interval 30 Spanning Tree Protection across the LAN ntp server 10.4.48.17 ntp update-calendar! clock timezone PST -8 clock summer-time PDT recurring! service timestamps debug datetime msec localtime service timestamps log datetime msec localtime Global LAN Switch Configuration access-list 55 permit 10.4.48.0 0.0.0.255 line vty 0 15 access-class 55 in! snmp-server community [SNMP RO] RO 55 snmp-server community [SNMP RW] RW 55 SNMPv2c access vlan 10 name Data vlan 20 name Voice vlan 30 name Management Access Layer Virtual LANs Uplink Interfaces Mgmt VLAN 30 Voice VLAN 20 Data VLAN 10 Client Facing Interfaces

How we build Traditional Network ip domain-name cisco.local no ip http server ip http secure-server ip ssh version 2 ip scp server enable line vty 0 15 transport input ssh transport preferred none Manually Repetitive Steps Box by Box Manual Error Prone CLI Skill Time Effort

Key Challenges for Traditional Networks Difficult to Segment Complex to Manage Slower Issue Resolution Ever increasing number of users and endpoint types Ever increasing number of VLANs and IP Subnets Multiple steps, user credentials, complex interactions Multiple touch-points Traditional Networks Cannot Keep Up! Separate user policies for wired and wireless networks Unable to find users when troubleshooting

Software-Defined Access Networking at the speed of Software! Policy DNA Center Automation Analytics Identity-based Policy & Segmentation Decoupled security policy definition from VLAN and IP Address Automated Network Fabric Single Fabric for Wired & Wireless with Workflow-based Automation SDA-Extension IoT Network User Mobility Policy stays with user Employee Network Insights & Telemetry Analytics and insights into user and application behavior

What is SD-Access? Campus Fabric + DNA Center (Automation & Assurance) Policy ISE Automation APIC-EM 1.X DNA Center Assurance PI SD-Access GUI approach provides automation & assurance of all Fabric configuration, management and group-based policy B B Campus Fabric C DNA Center integrates multiple systems, to orchestrate your LAN, Wireless LAN and WAN access Campus Fabric An Overlay network is a logical topology used to virtually connect devices Separated management systems

Software-Defined Access Solution Components DNA Center: Simple Workflows DESIGN PROVISION POLICY ASSURANCE DNA Center Automation Assurance Policy Routers Switches Wireless AP WLC

SDA Network Design & Build Work Flow Assure Assure Design Network Hierarchy Network Settings Image Management Network Profiles Policy Virtual Networks Access Control Application Priority

SDA Network Design & Build Work Flow Provision Assure Assure Provision Device Onboarding Host Onboarding Device Inventory Fabric Administration Assurance Network Health Score Client 360 Device 360 Application 360

Network Segmentation Policy Rollout Today Production Servers Developer Servers LAN Core AAA DHCP AD 1. Define Groups in AD 2. Define Policies VLAN/subnet based 3. Implement VLANs/Subnets Create VLANs Define DHCP scope Create subnets and L3 interfaces Routing for new subnets Map SSID to Interface/VLAN L3 Switch Trunk WLAN What Trunks if You Need to Add Another 4. Implement Group Policy & Policy? Define ACLs L2 Switch Apply ACLs Multiple Steps and Touch Points 5. Many different User Interfaces One SSID. BYOD Employee Contractor AAA WLC Devices CLI

How SDA Simplifies Network Segmentation Traditional Segmentation Static ACL Routing Redundancy DHCP Scope Address VLAN Enterprise Backbone VACL Aggregation Layer Access Layer TrustSec Micro/Macro Segmentation Central Policy Provisioning No Topology Change No VLAN Change DC Servers Enterprise Backbone DC Firewall / Switch Policy Access Layer ISE Non-Compliant Voice Employee Supplier BYOD Voice Non-Compliant Employee Supplier BYOD Quarantine VLAN Voice VLAN Data VLAN Guest VLAN Security Policy based on Topology High cost and complex maintenance BYOD VLAN Employee Tag Supplier Tag Non-Compliant Tag Voice VLAN Data VLAN Use existing topology and automate security policy to reduce OpEx

SDA Segmentation Policy Automation FABRIC POLICIES Source Destination CISCO DNA CENTER Employees Contract PERMIT Production API Employees Contractors Production Development CISCO ISE POLICY DOWNLOAD FABRIC NODES

SDA Ready Platforms SWITCHING Catalyst 9400 Catalyst 9300 ROUTING ASR-1000-X WIRELESS AIR-CT5520 Catalyst 9500 ASR-1000-HX ISR 4430 AIR-CT8540 AIR-CT3504 Catalyst 4500E Catalyst 6K Nexus 7700 ISR 4450 Wave 2 APs (1800, 2800,3800) Catalyst 3850 and 3650 CSR 1000V Wave 1 APs* (1700, 2700,3700) *with Caveats

Catalyst 9000 Platform World s Most Advanced Enterprise Switches Catalyst 9400 Modular Access Programmable Mobile Ready Integrated Security Cloud Ready IoT Ready Catalyst 9300 Fixed Access Catalyst 9500 Fixed Core Design

Gaining Momentum with the Catalyst 9000! 4000 + Customers Wins

Some Early Recognitions

Catalyst 9300 Catalyst 9K Leadership New Generation of Fixed Access UADP 2.0 2.5G at the Price of 1G 40G at the Price of 10G Only Stackable Switch with 8X 10G Uplinks Highest 2.5G/mGig Density in the Industry 1G Data 1G UPOE/POE+ 24 Ports Open IOS-XE SD-Access X86 CPU & Containers Encrypted Traffic Analytics (ETA)* mgig UPOE 256 bit MACSEC* Trustworthy Systems 48 Ports StackWise Virtual* IEEE1588 & AVB* NBAR2 Modular Fans Modular Uplinks Modular Power Supplies Perpetual/Fast PoE Model Driven Programmability Patching/GIR 8x10G 2x40G 4x mgig 4x1G 350W 715W 1100W Streaming Telemetry

Catalyst 9400 New Generation of Modular Access Redundancy is now Table-stake 9Tbps System b/w Catalyst 9K Leadership UADP 2.0 Open IOS-XE SD-Access X86 CPU & Containers Industry s Highest PoE Scale Encrypted Traffic Analytics* 256 bit MACSEC* Trustworthy Systems StackWise Virtual* IEEE1588 & AVB* NBAR2 4-Slot* 7-Slot 10-Slot Supervisor Sup-1: 80G/Slot Access Optimized Sup-1XL*: 120G/Slot Core Optimized Access Linecards 24xmGig + 24xUPOE* 48xUPoE 48xPoE+* 48xData Core Linecards 24x 10G SFP+* 48x1G SFP* 24x1G SFP* Power Supply 3200W AC 3200W DC* 2400W AC* Perpetual PoE* Model Driven Programmability Patching/GIR Streaming Telemetry* *not available at FCS

Catalyst 9500 New Generation of Purpose Built Fixed Core/Aggregation Catalyst 9K Leadership UADP 2.0 Open IOS-XE SD-Access 40G at the Price of 10G 8X Buffering vs. Competition Industry s First 40G Enterprise Switch Catalyst 9500-40X X86 CPU & Containers Encrypted Traffic Analytics* 256 bit MACSEC* Trustworthy Systems StackWise Virtual Catalyst 9500-24Q IEEE1588 & AVB* NBAR2 Catalyst 9500-12Q Model Driven Programmability Patching/GIR Streaming Telemetry*

Catalyst 9500 Granular Port Densities to Address all Campus Sizes 12Px40G 24Px40G 40Px10G + 8Px10G / 2Px40G

The Journey to the Software Defined Access (SDA) Secure Foundation Rapid threat detection and mitigation Analytics for Assurance Predictive performance with machine learning Infrastructure Readiness Open and Programmable Policy Based Automation Simplify, scale network deployment for Cloud, Mobile, IoT Software-Driven Innovation Intent-based Network Constantly learning, adapting, protecting

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback