Professional Documents
Culture Documents
Access
Solution Fundamentals
“A Look Under The Hood”
Shawn Wargo
Principal Engineer - Technical Marketing
BRKCRS-2810
Cisco Software-Defined
Access
Solution Fundamentals
“A Look Under The Hood”
Shawn Wargo
Principal Engineer - Technical Marketing
BRKCRS-2810
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
TUE WED THU FRI
IBN
Technology
Cisco SD-Access © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Agenda
Complex
3 4
1 2 5
Time
1 Key Benefits
Why do you care?
2 Key Concepts
What is SD-Access?
3 Fabric Fundamentals
How does it work?
4 Controller Fundamentals
How does it work?
5 Take Away
Where to get started?
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Complex
3 4
1 2 5
Time
Key Benefits
Cisco’s Intent-Based Network
Delivered by Cisco Software Defined Access SAAS
ACI
Data Center
LEARNING SD-Access
SD-Access
SECURITY
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Cisco Software Defined Access
The Foundation for Cisco’s Intent-Based Network
Cisco DNA Center
One Automated
Network Fabric
Policy Automation Assurance Single fabric for Wired and
Wireless with full automation
Outside
B B
Identity-Based
C
Policy and Segmentation
Policy definition decoupled
from VLAN and IP address
AI-Driven
Insights and Telemetry
SD-Access
Extension Client Mobility Analytics and visibility into
User and Application experience
Policy follows User
IoT Network Employee Network © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complex
3 4
1 2 5
Time
Key
Concepts
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is SD-Access?
Campus Fabric + Cisco DNA Center (Automation & Assurance)
APIC-EM
NCP ▪ SD-Access
1.X
ISE NDP
PI GUI approach provides automation &
assurance of all Fabric configuration,
Cisco DNA
Center management and group-based policy
B B
▪ Campus Fabric
C
CLI or API approach to build a LISP +
VXLAN + CTS Fabric overlay for your
enterprise Campus networks
Campus
CLI provides backward compatibility,
Fabric but management is box-by-box.
API provides some automation via
NETCONF/YANG, also box-by-box.
Roles &
Terminology
SD-Access
What exactly is a Fabric?
A Fabric is an Overlay
An Overlay network is a logical topology used to virtually connect devices,
built over an arbitrary physical Underlay topology.
An Overlay network often uses alternate forwarding attributes to provide
additional services, not provided by the Underlay.
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
SD-Access
Fabric Terminology
Encapsulation
Hosts
(End-Points)
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
SD-Access
Fabric Underlay – Manual vs. Automated
Underlay Network
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Cisco SD-Access
Fabric Roles & Terminology
▪ Network Automation – Simple GUI
Automation and APIs for intent-based Automation
Identity
Cisco ISE Cisco DNA Center of wired and wireless fabric devices
Services
▪ Network Assurance – Data Collectors
analyze Endpoint to Application flows
Assurance and monitor fabric device status
▪ Identity Services – NAC & ID Services
Fabric Border IP
(e.g. ISE) for dynamic Endpoint to Group
Fabric Wireless mapping and Policy definition
Nodes Controllers
B B ▪ Control-Plane Nodes – Map System that
manages Endpoint to Device relationships
Control-Plane
Intermediate
C Nodes ▪ Fabric Border Nodes – A fabric device
Nodes (Underlay)
(e.g. Core) that connects External L3
network(s) to the SD-Access fabric
Campus ▪ Fabric Edge Nodes – A fabric device
Fabric Edge (e.g. Access or Distribution) that connects
Nodes Fabric Fabric Wireless
Access Points
Wired Endpoints to the SD-Access fabric
▪ Fabric Wireless Controller – A fabric device
(WLC) that connects Fabric APs and
Wireless Endpoints to the SD-Access fabric
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
1. High-Level View
2. Roles & Platforms
3. Fabric Constructs
Roles &
Terminology
SD-Access Fabric
Control-Plane Nodes – A Closer Look
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
SD-Access Platforms
For more details: cs.co/sda-compatibility-matrix
The Channelco®
NEW
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
SD-Access Platforms
For more details: cs.co/sda-compatibility-matrix
NEW
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
SD-Access Fabric
Edge Nodes – A Closer Look
Edge Node provides first-hop services for Users / Devices connected to a Fabric
IP to RLOC MAC to RLOC Address Resolution
1.2.3.4 → FE1 AA:BB:CC:DD → FE1 1.2.3.4 → AA:BB:CC:DD
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
SD-Access Platforms
For more details: cs.co/sda-compatibility-matrix
The Channelco®
NEW NEW
Catalyst 9200 Catalyst 9300 Catalyst 9400 Catalyst 9500 Catalyst 9600
• Catalyst 9200/L* • Catalyst 9300 • Catalyst 9400 • Catalyst 9500 • Catalyst 9600
• 1/mG RJ45 • 1/mG RJ45 • Sup1/Sup1XL • 1/10/25G SFP • Sup1
• 1G SFP (Uplinks) • 10/25/40/mG NM • 9400 Cards • 40/100G QSFP • 9600 Cards
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
SD-Access Platforms
For more details: cs.co/sda-compatibility-matrix
NEW
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
SD-Access Fabric
Border Nodes
Border Node is an Entry & Exit point for data traffic going Into & Out of a Fabric
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
SD-Access Platforms
For more details: cs.co/sda-compatibility-matrix
The Channelco®
NEW
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
SD-Access Platforms
For more details: cs.co/sda-compatibility-matrix
• Catalyst 3650/3850 • Catalyst 6500/6800 • Nexus 7700 • ISR 4300/4400 • ASR 1000-X/HX
• 1/mG RJ45 • Sup2T/Sup6T • Sup2E • AppX (AX) • AppX (AX)
• 1/10G SFP • C6800 Cards • M3 Cards • 1/10G RJ45 • 1/10G ELC/EPA
• 1/10/40G NM Cards • C6880/6840-X • LAN1K9 + MPLS • 1/10G SFP • 40G ELC/EPA
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
SD-Access Fabric
Border Nodes - Internal
IP - 1.2.3.0/24
• Connects to any “known” IP subnets available from C
the outside network (e.g. DC, WLC, FW, etc.)
Known Unknown
Networks Networks
B B
• Exports all internal IP Pools to outside (as
aggregate), using a traditional IP routing protocol(s).
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
SD-Access Fabric
Border Nodes - External
IP - 0.0.0.0/0
• Connects to any “unknown” IP subnets, outside of C
the network (e.g. Internet, Public Cloud)
Known Unknown
Networks Networks
B B
• Exports all internal IP Pools outside (as aggregate)
into traditional IP routing protocol(s).
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
SD-Access Fabric
Fabric Enabled Wireless – A Closer Look
Fabric Enabled WLC is integrated into Fabric for SD-Access Wireless clients
Ctrl: CAPWAP
MAC – AA:BB:CC:DD
Data: VXLAN
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
SD-Access Platforms
For more details: cs.co/sda-compatibility-matrix
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
SD-Access Extension for IoT
Securely Consolidate IT and IOT
Beta in 1.2.5
DNA Center
Extended Node Portfolio
GA in 1.3.1
IE3300/3400 IE4000/4010 IE5000
Enterprise Campus
Roles &
Terminology
SD-Access Fabric
Virtual Network– A Closer Look
Virtual Network maintains a separate Routing & Switching table for each instance
B B
• Nodes add a VNID to the Fabric encapsulation
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
SD-Access Fabric
Scalable Groups – A Closer Look
B B
• Nodes add a SGT to the Fabric encapsulation
SGT
SGT SGT SGT
• SGTs are used to manage address-independent 17
4
SGT
8 25
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
SD-Access Fabric
Host Pools – A Closer Look
B B
• Fabric uses Dynamic EID mapping to advertise each
Host Pool (per Instance ID) Pool
Pool
Pool .4 Pool
.17 .8 .25
Pool
• Fabric Dynamic EID allows Host-specific (/32, /128 Pool Pool Pool .19 Pool
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
SD-Access Fabric
Anycast Gateway – A Closer Look
C
• Similar principle and behavior to HSRP / VRRP with Known Unknown
B B
• The same Switch Virtual Interface (SVI) is present
on EVERY Edge with the SAME Virtual IP and MAC
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
SD-Access Fabric
Layer 3 Overlay – A Closer Look
B B
• Fabric Dynamic EID mapping allows Host-specific
(/32, /128, MAC) advertisement and mobility
Dynamic
EID
• Host 1 connected to Edge A can now use the same
IP subnet to communicate with Host 2 on Edge B
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
SD-Access Fabric
Layer 2 Overlay – A Closer Look
B B
• Uses a pre-built Multicast Underlay to setup a P2MP
tunnel between all Fabric Nodes.
L2
Overlay
• L2 Broadcast and Multicast traffic will be distributed
to all connected Fabric Nodes.
VLAN VLAN VLAN
• Can be enabled for specific Host Pools that require
L2 services (use Stretched Subnets for L3)
NOTE: L3 Integrated Routing and Bridging (IRB) is not supported at this time.
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Complex
3 4
1. Control-Plane
1 2 5
Time 2. Data-Plane
3. Policy-Plane
Fabric
Fundamentals
SD-Access Fabric
Campus Fabric - Key Components
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
SD-Access Fabric
Key Components - LISP
Routing Protocols = Big Tables & More CPU LISP DB + Cache = Small Tables & Less CPU
with Local L3 Gateway with Anycast L3 Gateway
BEFORE AFTER
IP Address = Location + Identity Separate Identity from Location
Prefix RLOC
192.58.28.128 ….....171.68.228.121
Mapping
189.16.17.89 …....171.68.226.120 22.78.190.64 ….....171.68.226.121
189.16.17.89 ….....171.68.226.120
22.78.190.64 ….....171.68.226.121 172.16.19.90 ….....171.68.226.120
Endpoint
22.78.190.64 ….....171.68.226.121
172.16.19.90 …......171.68.226.120 192.58.28.128 ….....171.68.228.121
172.16.19.90 ….....171.68.226.120
192.58.28.128 ….....171.68.228.121
192.58.28.128 …....171.68.228.121
189.16.17.89 …....171.68.226.120
Database
22.78.190.64 ….....171.68.226.121
172.16.19.90 …......171.68.226.120
Routes are
192.58.28.128 …......171.68.228.121
189.16.17.89 ….....171.68.226.120
22.78.190.64 …......171.68.226.121
172.16.19.90 ….....171.68.226.120
192.58.28.128 ….....171.68.228.121
Consolidated
Prefix
189.16.17.89
22.78.190.64
Next-hop
…......171.68.226.120
….....171.68.226.121
to LISP DB
172.16.19.90 ….....171.68.226.120
192.58.28.128 …....171.68.228.121
189.16.17.89 …....171.68.226.120
22.78.190.64 ….....171.68.226.121 Prefix Next-hop
172.16.19.90 …......171.68.226.120 189.16.17.89 ….....171.68.226.120
192.58.28.128 ….....171.68.228.121 22.78.190.64 ….....171.68.226.121
189.16.17.89 …....171.68.226.120 172.16.19.90 ….....171.68.226.120
22.78.190.64 ….....171.68.226.121 192.58.28.128 …....171.68.228.121
172.16.19.90 …......171.68.226.120
192.58.28.128 ….....171.68.228.121
189.16.17.89 ….....171.68.226.120
22.78.190.64 …......171.68.226.121
172.16.19.90 ….....171.68.226.120
192.58.28.128 ….....171.68.228.121
Prefix Next-hop
Prefix Next-hop 189.16.17.89 ….....171.68.226.120
189.16.17.89 ….....171.68.226.120 22.78.190.64 ….....171.68.226.121
22.78.190.64 ….....171.68.226.121 172.16.19.90 ….....171.68.226.120
172.16.19.90 ….....171.68.226.120 192.58.28.128 …....171.68.228.121
192.58.28.128 …....171.68.228.121
189.16.17.89 …....171.68.226.120
22.78.190.64 ….....171.68.226.121
172.16.19.90 …......171.68.226.120
Topology Routes
192.58.28.128 ….....171.68.228.121
189.16.17.89 ….....171.68.226.120
22.78.190.64 …......171.68.226.121
172.16.19.90 ….....171.68.226.120
192.58.28.128 ….....171.68.228.121
Endpoint Routes
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Fabric Operation
Control-Plane Roles & Responsibilities Control-Plane EID RLOC
a.a.a.0/24 w.x.y.1
b.b.b.0/24 x.y.w.2
c.c.c.0/24 z.q.r.5
d.d.0.0/16 z.q.r.5
(Control-Plane) b.b.b.0/24
c.c.c.0/24
d.d.0.0/16
x.y.w.2
z.q.r.5
z.q.r.5
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Fabric Operation
Control Plane Register & Resolution
Branch
Where is 10.2.2.2?
Cache Entry (on ITR)
10.2.2.2/32 → (2.1.2.1)
Fabric Edge
Database Mapping Entry (on ETR) Fabric Edges Database Mapping Entry (on ETR)
10.2.2.4/32 → ( 3.1.2.1)
10.2.2.2/32 → ( 2.1.2.1)
3 EID-prefix: 10.2.2.2/32
Mapping Locator-set: Path Preference
Entry Controlled
2.1.2.1, priority: 1, weight:100
by Destination Site
1
DNS Entry:
Branch Non-Fabric Non-Fabric
D.abc.com A 10.2.2.2
10.1.0.0/24
Fabric Borders
S Fabric Edge
2
1.1.1.1
10.1.0.1 → 10.2.2.2 5.3.3.3
5 Fabric Edges
10.1.0.1 → 10.2.2.2
D
10.2.2.3/16 10.2.2.2/16 10.2.2.4/16 10.2.2.5/16
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Fabric Operation
Fabric Control Plane
Host Mobility – Dynamic EID Migration Map Register 10.10.0.0/16 – 12.0.0.1
EID: 10.17.1.10/32
Node: 12.1.1.1 10.2.1.10/32 – 12.1.1.1
D 10.2.1.10/32 – 12.2.2.1
10.10.10.0/24
2.1.1.1
DC1 3.1.1.1
Fabric Borders 1.1.1.1
Mapping
System
10.2.1.10/32 – LISP0
10.2.1.10/32 - Local
IP Network
Campus Campus
Bldg 1
S Fabric Edges
1 Bldg 2
10.2.1.10 10.2.1.10
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
SD-Access Fabric
Unique Control-Plane extensions compared to LISP
Virtual Networks Layer-3 VN (VRF) only Both Layer-3 and Layer-2 VN (VRF)
support (using VXLAN)
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
1. Control-Plane
2. Data-Plane
3. Policy-Plane
Fabric
Fundamentals
SD-Access Fabric
Key Components – VXLAN
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
VXLAN-GPO Header Next-Hop MAC Address
Source MAC 48
Checksum
Source IP 32
Src RLOC IP Address
Outer IP Header Dest. IP 32
Source Port 16 Dst RLOC IP Address
Segment ID 16
8 Bytes
Original Payload VN ID 24
Allows 16M
Reserved 8 possible VRFs
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Data-Plane Overview
Fabric Header Encapsulation
Inner
Fabric Data-Plane provides the following:
Outer
• Underlay address advertisement & mapping
• Automatic tunnel setup (Virtual Tunnel End-Points)
• Frame encapsulation between Routing Locators
Outer
• Nearly the same, with different fields & payload Encap
Inner
Inner
• LISP header carries IP payload (IP in IP)
• VXLAN header carries MAC payload (MAC in IP)
Decap
Triggered by LISP Control-Plane events
• ARP or NDP Learning on L3 Gateways
• Map-Reply or Cache on Routing Locators
Inner
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
SD-Access Fabric
Unique Data-Plane Extensions compared to VXLAN
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
1. Control-Plane
2. Data-Plane
3. Policy-Plane
Fabric
Fundamentals
SD-Access Fabric
Key Components – Group Based Policy
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
SD-Access Policy
Two Level Hierarchy - Macro Segmentation
Known Unknown
Networks Networks
SD-Access
VN VN VN
Fabric
Virtual Network (VN)
“A” “B” “C”
First level Segmentation ensures zero
communication between forwarding
domains. Ability to consolidate multiple
networks into one management plane.
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
SD-Access Policy
Two Level Hierarchy - Micro Segmentation
Known Unknown
Networks Networks
SG
1
SG
4
SG
7
SD-Access Scalable Group (SG)
SG
2
SG
3
SG
5
SG
6
SG
8
SG
9 Fabric
Second level Segmentation ensures
role based access control between
two groups within a Virtual Network.
Provides the ability to segment the
network into either line of businesses
or functional blocks.
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
SD-Access Policy
Policy Types
✓
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Group Assignment
Two ways to assign SGT
Campus
Access Distribution Core DC Core DC Access
MAB
Enterprise
Backbone
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
SD-Access Policy
Access Control Policies
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
Group Propagation
VN & SGT in VXLAN-GPO Encapsulation
Encapsulation Decapsulation
IP Network
VXLAN VXLAN
VN ID SGT ID VN ID SGT ID
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
SD-Access Fabric
Unique Policy-Plane Extensions compared to CTS
QoS (App) Policy Not Supported App based QoS policy, to optimize
application traffic priority
Traffic Copy Policy Not Supported SRC/DST based Copy policy (using
ERSPAN) to capture data traffic
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Complex
3 4
1. Architecture
1 2 5
Controller
Fundamentals
Cisco DNA Center
SD-Access – Key Components
API
Cisco ISE
Identity 2.3
& Policy Automation
NCP Assurance
NDP
API API
Identity Services Engine Network Control Platform Network Data Platform
NETCONF
SNMP
SSH
AAA
RADIUS
TACACS
Campus Fabric NetFlow
Syslog
HTTPS
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
www.cisco.com/c/en/us/products/cloud-systems-management/dna-center/datasheet-listing.html
Endpoints
25K 40K 100K DN2-HW-APL-L
(Wired + Wireless)
56 Core - UCS M5
Infrastructure
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Cisco DNA Center
High Availability Cluster
Single Appliance for Cisco DNA (Automation + Assurance) BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
Cisco DNA Center
Automated Provisioning and Telemetry Enrichment
Telemetry Intent
Alerts
Campus
Fabric
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
Cisco DNA Center and ISE integration
Identity and Policy Automation
PxGrid
Campus Fabric REST APIs
Fabric Policy
Management Authoring
Workflows
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Cisco DNA Center and ISE integration
ISE roles in SD-Access
Admin/Operate
Network
Devices
DNA-Center
Things
Config Sync Context
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
1. Architecture
2. User Interface
3. Workflows
Controller
Fundamentals
Cisco DNA Center
4 Step Workflow
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 131
Assure
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
How about a
LIVE DEMO?
• Design
• Policy
• Provision
• Assurance
Complex
3 4
1 2 5
Time
Take
Away
Things to Remember
Session Summary
B B
Campus
Fabric DESIGN PROVISION POLICY ASSURANCE
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 143
SD-Access Support
For more details: cs.co/sda-compatibility-matrix
NEW
ASR-1000-X
NEW
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 144
What’s New?
Cisco DNA Center 1.3
Optimized for Distribution Optimized for Extension Optimized for Policy
DNA Center 1.2.10, ISE 2.4 p6, DNA Center 1.3.0, ISE 2.6 p1, DNA Center 1.3.3, ISE 2.6 p2,
IOS-XE 16.9.2s, AireOS 8.8 IOS-XE 16.11.1s, AireOS 8.9 IOS-XE 16.12.2s, AireOS 8.10
• SD-Access Extension for IoT (Beta) • SD-Access Extension for IoT (FCS) • Group-Based Access Control App (ACA)
• 3 node DNAC HA for Automation • IPv6 overlay support for • Application Visibility on Switches & WLCs
• Catalyst 9800 Wireless Controller Wired + Wireless (AireOS) Endpoints • Stealthwatch Security Analytics Service
• Fabric in a Box with Embedded Wireless • Fabric Edge and Fabric in a Box • Cisco DNA Bonjour Service
on Catalyst 9300 on Catalyst 9500
• Firewall (ASA) support
• Nexus 7700 Series with M3 as Border, • Fabric in a Box with Embedded Wireless
• StackWise Virtual support
without MPLS license on C9400, C9500
• L2 and Multicast Enhancements
• SDA-ACI Integration Improvements • SD-Access Border Simplification
• FiaB and eWLC Enhancements
• LAN Automation Enhancements • LAN Automation Enhancements
• Intent APIs for SD-Access
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 146
SD-Access Resources
Would you like to know more?
cisco.com/go/dna
cisco.com/go/sdaccess cisco.com/go/dnacenter
• SD-Access At-A-Glance • Cisco DNA Center At-A-Glance
•
•
SD-Access
SD-Access
Ordering Guide
Solution Data Sheet
cisco.com/go/cvd •
•
Cisco
Cisco
DNA
DNA
ROI Calculator
Center Data Sheet
• SD-Access Solution White Paper • SD-Access Design Guide • Cisco DNA Center 'How To' Video Resources
• SD-Access Deployment Guide
• SD-Access Segmentation Guide
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 149
SD-Access Resources
Would you like to know more?
cs.co/sda-resources
cs.co/sda-community
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complete your
online session
survey • Please complete your session survey
after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events
Mobile App or by logging in to the Content
Catalog on ciscolive.com/emea.
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 152
Continue your education
Demos in the
Walk-in labs
Cisco campus
BRKCRS-2810 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 153
Thank you