BRKCRS 1501

#CLUS
Cisco SD-Access
Campus Wired and Wireless
Deployment using
Cisco Validated Designs
Prashanth Davanager Honneshappa

BRKCRS-1501
#CLUS
Agenda
• Introduction
• Cisco SD-Access Design
• Architecture and Components
• Cisco SD-Access Deployment
• Installation – Cisco DNA Center
• Integration – ISE, IPAM
• Network Infrastructure – Underlay
• Cisco SD-Access Deployment (Live Demonstration)
Design Policy Provision
• Summary
#CLUS BRKCRS-1501 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
Webex Teams will be moderated cs.co/ciscolivebot# BRKCRS-1501

by the speaker until June 16, 2019.
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Cisco’s Intent-Based Networking
Delivered by Software Defined Access
LEARNING
Cisco DNA Center
Policy Automation Analytics
INTENT CONTEXT
Intent-Based
Network Infrastructure
Switch Route Wireless
SECURITY
Simplified Operation Integrated Security Analytics and Insights
IT workflow Visibility into Network,

Scalable Policy Client and Application
Sessions are available Online @
Cisco Software-Defined Access CiscoLive.com
Cisco Live San Diego - Session Map You Are Here
Monday (June 10) Tuesday (June 11) Wednesday (June 12) Thursday (June 13)
08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00 08:00-11:00 11:00-13:00 13:00-15:00 15:00-18:00
BRKCRS-2818 BRKCRS-2821 BRKCRS-2825 BRKCRS-1501 BRKNMS-2814

Connect SDWAN Integration Scaling Validated Design Assurance
BRKARC-2020 BRKARC-2009
Troubleshoot Why SDA
BRKCRS-2810 BRKCRS-2811 BRKCRS-2815 BRKCRS-2816 BRKCRS-2817 BRKCRS-3810

Fundamentals Connect Outside Connect Sites Underlay Extension Deep Dive
BRKCRS-2812 BRKSEC-2025 BRKCRS-2819

Migration Security Cross-Domain
BRKCRS-3811
Policy
BRKEWN-2021 BRKEWN-2020
Live Setup Wireless
Cisco Validated Designs
…provide a framework for design and

deployment guidance based on common use cases.
Modular CVDs: Design Guides + Deployment Guides
Design Zone: cisco.com/go/cvd/campus

Cisco Community: https://cs.co/en-cvds
Agenda
• Introduction
• Design Policy Provision
• Summary
Cisco SD-Access Design – “What” and “Why”
Cisco SD-Access
Fabric Roles & Terminology
Cisco DNA  Cisco DNA Automation – provides simple
Automation GUI management and intent based
Identity automation (e.g. NCP) and context sharing
Services
ISE  Cisco DNA Assurance – Data Collectors
Cisco Cisco DNA (e.g. NDP) analyze Endpoint to App flows
DNA Center Assurance and monitor fabric status
 Identity Services – NAC & ID Systems
(e.g. ISE) for dynamic Endpoint to Group
Fabric Border Fabric Wireless mapping and Policy definition
Nodes Controller
B B  Control-Plane Nodes – Map System that
manages Endpoint to Device relationships
Intermediate Control-Plane  Fabric Border Nodes – A Fabric device
C Nodes
Nodes (Underlay) (e.g. Core) that connects External L3
network(s) to the SDA Fabric
 Fabric Edge Nodes – A Fabric device
(e.g. Access or Distribution) that connects
Fabric Edge Wired Endpoints to the SDA Fabric
Nodes
 Fabric Wireless Controller – A Fabric device
E E E E (WLC) that connects APs and Wireless
Endpoints to the SDA Fabric
SD-Access Hierarchical Network Segmentation
Virtual Network #1 Virtual Network #2 Virtual Network #N
Two levels of segmentation: Border Nodes

Enterprise wide:
• Macro Segmentation = VN • Client Mobility

(Isolated Control Plane + Data Plane) Intermediate Nodes (same host pools with Anycast SVI)
• Micro Segmentation = SGT Edge Nodes

• Consistent Policy
(VXLAN header carries SGT) (same policy for user group – wired or wireless)
Physical Fabric Topology
Cisco Software-Defined Access
Cisco DNA Center™:
Simple workflows
Design Provision Policy Assurance
DNA Center
Cisco® Identity Services Engine Cisco DNA™ Appliance
Routers Switches Wireless AP WLC
Cisco DNA Center Appliance
Hardware Appliance options
SKU Specs Scale and Performance SDA Design
DN1-HW-APL • Based on UCS M4 5000 Devices Small or

< End of Sale > • 44 cores Medium
1000 Switches/Routers/WLC + 4000 APs
(Cluster with same SKU and • 256GB RAM
DN2-HW-APL) • 12TB SSD 25,000 Clients
DN2-HW-APL • Based on UCS M5 5000 Devices Small or

(Cluster with same SKU and • 44 cores Medium
DN1-HW-APL) • 256GB RAM
• 16TB SSD 25,000 Clients
DN2-HW-APL-L • Based on UCS M5 8000 Devices Medium or

(Cluster with same SKU) • 56 cores Large
• 384GB RAM
• 16TB SSD 40,000 Clients
Identity Service Engine
Hardware / Virtual Appliance
• Small Secure Network Server for ISE Applications
• Medium Secure Network Server for ISE Applications
• Large Secure Network Server for ISE Applications
• Cisco ISE Virtual on VMware ESX/ESXi 5.x / 6.x and

KVM RedHat Enterprise Linux (RHEL) 7
SD-Access
SD- Access Support
For more details: cs.co/sda- compatibility- matrix
Support For more details: cs.co/sda-compatibility-matrix
Digital Platforms for your Cisco Digital Network Architecture

BETA
Catalyst 9600 Catalyst 9400 ASR- 1000- HX Catalyst 9800

NEW
NEW
ASR- 1000- X
NEW
Catalyst 9500 Catalyst 9300 Cisco Digital Building

Catalyst 9100 APs
Catalyst 9200
NEW AIR- CT8540
ISR 4451
ISR 4430 Catalyst 3560- CX

AIR- CT3504
AIR- CT5520
ISR 4330
NEW
NEW
Catalyst 4500E Catalyst 6800 Nexus 7700
Aironet Aironet
Catalyst 3850 & 3650 ENCS 5400 Wave 1 APs* Wave 2 APs Cisco IE 4K/5K
#CLUS
#CLUS BRKCRS- 1501 © 2019
2019 Cisco
Cisco and/or
and/or its
its affiliates.
affiliates. All
All rights
rights reserved.
reserved. Cisco
Cisco Public
Public 16
Connectivity Services
Where do I place Cisco DNA Center?
Local DC or Services Block Remote DC
ISE + AD/Other ISE + AD/Other
Cisco DNS/DHCP Cisco DNS/DHCP

DNA Center DNA Center
Internet Internet
DC
Metro
NOTE: Cisco DNA Center requires access to Internet.
Cisco Identity Services Engine
Standalone or Distributed deployment
1:1 redundancy
 Applies to both Physical and Virtual deployment

 Compatible with load balancers
Standalone Deployment Small HA Deployment Small Multi-node Deployment Large Deployment

1 x (PAN+MNT+PSN) 2 x (PAN+MNT+PSN) 2 x (PAN+MNT), <= 5 PSN 2 PAN, 2 MNT, <=50 PSN
100 Endpoints 20,000 Endpoints 500,000 Endpoints
Cisco SD-Access Design options
Recommended Guidelines For more details: cs.co/sda-compatibility-matrix
Small Site Medium Site Large Site

• < 2K Endpoints • < 10K Endpoints • < 25K Endpoints
• Single Fabric • Single Fabric • Single Fabric
• Local Area Underlay • Local Area Underlay
• Metro Area Underlay
• Local DC • Local / Remote DC
• Remote DC
• Fabric in a Box • 2-4 Distributed / Collocated
Borders, CP • 4+ Distributed Borders
[FE + Border + CP + eWLC]
& CP
• Switch Stacks for HA • Dedicated WLC / eWLC
• Distributed ISE – Local • WLC in DC
• Standalone ISE
Policy node per site • Distributed ISE - Local
ISE Local PSN
Policy node per site
CP | B | E Local PSN
CP | B E B CP
W W E
SD-Access Multi-site Design Options Cisco DNA Center
Traditional
Campus LAN
IP Transit SD-Access Transit

VxLAN to carry VN, SGT (higher MTU)
SD-Access
Small Site
E B C
SD-Access
SD-Access
Medium Site
Large Site
E B C E B C
Agenda
• Introduction
• Summary
Cisco SD-Access Deployment – “How”
Cisco DNA Center Appliance Connections
Physical Interface & Connections
PORT 2 MLOM PORT 1 MLOM M 1 2

DN1-HW-APL SFP+ 10Gb SFP+ 10Gb Integrated RJ45 Integrated RJ45 Integrated RJ45
Enp10s0 Enp9s0 — Enp1s0f0 Enp1s0f1
Wizard Name Intra-cluster Enterprise network CIMC out-of-band server CIMC out-of-band server Optional isolated
communications infrastructure appliance management appliance management enterprise network
Example Cluster
192.168.0.1 10.4.249.250 — 100.119.104.200 —
VIP Address
Example Interface 192.168.0.2 10.4.249.241 10.204.49.25 100.119.104.241

Unused in CVD
Address 255.255.255.248 255.255.255.0 255.255.255.0 255.255.255.0
• NTP, DNS is required • Service Subnet & Cluster Service Subnet is required (/21 subnet)
Cisco DNA Center Appliance Connections
Physical Interface & Connections
PORT 1 MLOM PORT 2 MLOM 1 2 M

DN2-HW-APL-L SFP+ 10Gb SFP+ 10Gb Integrated RJ45 Integrated RJ45 Integrated RJ45
—
Enp94s0f0 Enp94s0f1
eno1 eno2
Wizard Name Enterprise network Intra-cluster CIMC out-of-band
Management network optional Cloud network server appliance
infrastructure communications
management
Example Cluster
10.4.48.101 192.168.0.1 100.119.103.236 — —
VIP Address
Example Interface 10.4.48.102 192.168.0.2 100.119.103.237 100.119.103.235
Unused in CVD
Address 255.255.255.0 255.255.255.248 255.255.255.0 255.255.255.0
• NTP, DNS is required • Service Subnet & Cluster Service Subnet is required (/21 subnet)
Cisco DNA Center
Is the appliance is behind Firewall ?
• Cisco DNA-Center needs access to below URLs & FQDNs

Download System & Application package software *.ciscoconnectdna.com:443
Integrate with cisco.com and Cisco Smart Licensing *.cisco.com:443
Integrate with Cisco Meraki *.meraki.com:443
Render accurate information in site & location maps www.mapbox.com

*.tiles.mapbox.com/* :443
• Network Ports to allow for Incoming and Outgoing Traffic

Incoming Traffic Outing Traffic
SSH (TCP - 2222) NTP (UDP - 123) SSH (TCP - 22) Telnet (TCP - 23) HTTPS (TCP - 443)
HTTP (TCP - 80) SNMP (UDP - 162) DNS (UDP - 53) SNMP Agent (UDP - 161) ISE PxGrid (TCP - 5222)
HTTPS (TCP - 443) HTTP (TCP - 80) NTP (UDP - 123) ISE ERS API (TCP - 9060)
Note: Refer to the Cisco DNA Installation guide for more specific details
Cisco DNA Center
Is the appliance is behind proxy ?
Once Installation is complete. Login to

the Cisco DNA Center GUI. During this first
administrative login, you will be prompted to:
• Change the Admin Password (optional)
• Credentials for Smart Account (optional)
• Proxy Server (optional)
• IP Address Manager (optional)
Cisco DNA Center Installation
Step 1 - 2
Step 3 - 4
Step 5
Step 6 - 7
Step 8 - 9
Step 10 - 11
Step 12 – 13 (First Time Setup)
Step 14 - 15
Cisco DNAC Upgrade & Install Packages
Application: SD-Access
Identity Services Engine
Requirements for Integration
Enable pxGrid on ISE Enable ERS on ISE
Note: SSH should be enabled on ISE
Integrate ISE with Cisco DNA Center
Integrate ISE with Cisco DNA Center
Integrating IPAM with Cisco DNA Center
Optional
ISE Authentication and Authorization
Cisco SD-Access secure onboarding
Internal Identity Stores

 Internal Endpoints
 Internal Users External Identity Stores
802.1X
Active Directory
ENTERPRISE SQL Server
NETWORK LDAP / SQL
LDAP Servers
Authentication Methods Authorization Options

 MAC Authentication Bypass  Security Group Tags
Cisco DNA Center
 IEEE 802.1X  VLAN Assignment Policies - Micro Segmentation
Employee
 Easy Connect  URL-Redirection SGT - 5
 Web Authentication  Downloadable ACL
Contractors IP Phone
SGT - 6 SGT - 18
Lights
IP Camera SGT - 10
SGT - 14
Network Infrastructure – Underlay
Cisco SD-Access Underlay options
Manual Underlay Automated Underlay

• Routed Network • Design – Network Settings
• System MTU: 9100 • Design - IP Address Pool
• Loopback 0 with /32 subnet • Discover Seed Device
• Resiliency – BFD, ECMP, NSF

Seed Devices • LAN Automation
• Discover and Onboard network devices
• Multicast – SSM, sparse-mode
• Configure underlay
• CLI, SNMP credentials • Upgrade software (Install mode)
• Discover & Manage network device • Manage Device in Cisco DNA-Center
• Upgrade Software - SWIM

Note: Before initiating LAN Automation, Discover device should be running DNA-Advantage License
SD-Access Support
LAN Automation Platform
• Network Device should be enabled with Network Advantage + DNA Advantage License
• Catalyst 6800 Seed Device interface needs to be converted to Layer-2 Ports
Agenda
• Introduction
• Summary
Live
Demonstration
Demonstration Topology WLC
Cisco DNAC
Shared-Services
RTP Site – Cisco SD Access Network
DHCP
Scalable Group Virtual Network IP Address Pool DNS
NTP
Vending_Machine VN_IOT 10.4.217.0/24
Traditional Network ISE
IoT_Devices VN_IOT EIGRP
Guest VN_GUEST 10.4.215.0/24 3850-Fusion1
Employee VN_Campus 10.4.212.0/24

BGP
Contractors VN_Campus
IP_Phones VN_Campus 10.4.214.0/24 9500-1 9500-2
Infra_VN (Access Point) 10.4.211.0/24

SD-Access
10.4.219.0/24 IS-IS
Border Handoff – IP Transit
LAN Automation 10.4.218.0/24
9300-1 9300-2
Wireless Infrastructure SSID: RTP-Secure, RTP-PSK, RTP-Guest
SD-Access Workflow
Design – Policy workflow
Network Hierarchy Network Settings – Network Settings Network Settings - Address Pools
Policy – Micro Segmentation Policy – Macro Segmentation Network Settings - Wireless

Define Scalable Group and associate to VNs
SD-Access Workflow
LAN Automation workflow
Network Hierarchy Network Settings - Device Credentials Seed Devices – Discover

Address Pool Assign to site
Network Device - Onboarded
LAN Automation - Stop LAN Automation - Start
Cisco SD-Access
before Onboarding Endpoints – Fusion Configuration
Cisco DNA-Center
ISE
Traditional Network
GRT DHCP, DNS, AD
Fusion
Border Border
VN_Campus
10.4.212.0/24
10.4.214.0/24
VN_IoT
10.4.217.0/24
INFRA_VN
10.4.217.0/24 VN_Guest
10.4.215.0/24
DEFAULT_VN
Edge Edge
Fusion Configuration
connecting Fabric to Traditional Infrastructure
Extend eBGP Route Leak iBGP
• Configure VRF • eBGP neighbors • Route-leak shared-services • iBGP neighbors for each
• Interfaces for for each VN between subnets to each VN VN between Border nodes
each VN Fusion and Border • Route-leak VN subnets into
matching Border Global
configuration
Shared-Services Fusion-1 Fusion-2
Fusion
Fusion
Fusion
VN_Campus
VN_Guest
INFRA_VN
VN_Campus
VN_Campus
VN_IoT
VN_Guest
INFRA_VN
VN_Guest
INFRA_VN
VN_IoT
VN_IoT
Border
Border-1 Border-2
Border Border
• If Border / Fusion network device is Routing platform, L3 sub-interfaces will be used to extend Virtual Networks
• If Border / Fusion network device is Switching platform, VLANs & Trunk will be used to extend Virtual Networks
SD-Access Workflow
Fabric Infrastructure
Provision
Fabric Provision – Transit Site Fabric Provision Host Onboarding
Fabric Site Default Authentication Template
Address Pool Assignment
Fabric Provision Host On-boarding Fusion Configuration

Fabric Network Port Assignment
Step 1 - Extend
• Examine the below configs on the Fabric Border(s)
• show running-config | section vrf definition
• show running-config | section interface Vlan
• show running-config | section interface <interface>
(OR)
• Navigate to DNAC --> Provision --> Fabric --> Fabric Site.

Select Border Node -> View Device Info option and drill down on the interface information.
• On the Fusion Device

• Configure vrf matching Border Configuration.
• Configure sub-interface(s) / Vlan(s) matching Border Configuration.
Step 1: Extend - Fusion Node Configuration
• Step 1.1 – configure VRF • Step 1.2 – configure interface
Note: INFRA_VN on Border node maps to Shared_Services on Fusion node

Step 2: eBGP - Fusion Node Configuration
• Configure BGP configuration to form eBGP neighbor with Border.

Step 3: Route Leak - Fusion Node Configuration
• Controlled Route-leak between Global / Sahred_Services-vrf and Fabric-vrf
• Redistribute VN routes to Global / Shared_Services-vrf.
• Redistribute Shared_Services / Gloabal to VN.
Step 4: iBGP – Border(s) Node Configuration
• Create iBGP session for every VN between Border nodes
 Create Interface (vlan / sub-interface)
 Configure iBGP session between Border Node
Agenda
• Introduction
• Summary
Secure onboarding of users and devices
Segmentation and Access Control
Before SD-Access After SD-Access

Group 1 Group 2
• VLAN and IP address • No VLAN or subnet
Users
based Employee Virtual Network dependency for
• Create IP segmentation and
based ACLs for access control
access policy Devices Group 3 Group 4 • Define one
• Deal with policy consistent policy
violations and errors Drag policy IoT Virtual Network
• Policy follows Identity
manually
Apps
to apply
Group 5 Group 6
Guest Virtual Network
Completely Automated Group-Based Policy Policy follows Identity

#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Consistent wired and wireless management
A single network fabric
Before SDA After SDA

• Repeated policy • Consistent
work for wired- management across
wireless wired-wireless
• Roaming issues • Optimal traffic flows
across L3 domains with seamless
• Chase down IP roaming
addresses for • Seamless roaming in
troubleshooting Fabric and non-
Seamless Roam Policy stays Fabric domains
Roam is L2 with user
Wired and Wireless

Simplified Provisioning Campus-Wide Roaming
#CLUS
Consistency
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Provisioning Cisco SD-Access
Time Savings • Deploy & secure services faster!
• Policy-based automation
Challenges
Workgroups IoT devices Software-defined
segmentation
Automated policy
Mobile Applications
management
Single network fabric
Mergers
network changes
95% performed manually Routers Switches Wireless
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
SD-Access Resources
Would you like to know more?
cisco.com/go/dnacenter
cisco.com/go/sdaccess • Cisco DNA Center At-A-Glance
• SD-Access At-A-Glance • Cisco DNA ROI Calculator
• SD-Access Ordering Guide • Cisco DNA Center Data Sheet
• SD-Access Solution Data Sheet • Cisco DNA Center 'How To' Video
• SD-Access Solution White Paper Resources
cisco.com/go/dna
cisco.com/go/cvd
• SD-Access Design Guide
• SD-Access Deployment Guide
• SD-Access Segmentation Guide
• https://cs.co/en-cvds
Published design guides
It is very good for us to hear all of your
feedback!
Look for the feedback link in the guides:
Team members respond to feedback

requests. We appreciate your feedback and
have updated documents specifically to
address your questions.
Complete your
online session • Please complete your session survey
evaluation after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live water bottle.
• All surveys can be taken in the Cisco Live
Mobile App or by logging in to the Session
Catalog on ciscolive.cisco.com/us.
Cisco Live sessions will be available for viewing
on demand after the event at ciscolive.cisco.com.
Continue your education
Demos in the
Walk-in labs
Cisco campus
Meet the engineer

Related sessions
1:1 meetings
Thank you
#CLUS
#CLUS

BRKCRS 1501

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKCRS 1501

Uploaded by

Copyright:

Available Formats

#CLUS

Prashanth Davanager Honneshappa

Webex Teams will be moderated cs.co/ciscolivebot# BRKCRS-1501

Cisco DNA Center

Policy Automation Analytics

Switch Route Wireless

Simplified Operation Integrated Security Analytics and Insights

IT workflow Visibility into Network,

BRKCRS-2818 BRKCRS-2821 BRKCRS-2825 BRKCRS-1501 BRKNMS-2814

BRKCRS-2810 BRKCRS-2811 BRKCRS-2815 BRKCRS-2816 BRKCRS-2817 BRKCRS-3810

BRKCRS-2812 BRKSEC-2025 BRKCRS-2819

…provide a framework for design and

Design Zone: cisco.com/go/cvd/campus

Virtual Network #1 Virtual Network #2 Virtual Network #N

Two levels of segmentation: Border Nodes

• Macro Segmentation = VN • Client Mobility

• Micro Segmentation = SGT Edge Nodes

Design Provision Policy Assurance

Cisco® Identity Services Engine Cisco DNA™ Appliance

Routers Switches Wireless AP WLC

SKU Specs Scale and Performance SDA Design

DN1-HW-APL • Based on UCS M4 5000 Devices Small or

DN2-HW-APL • Based on UCS M5 5000 Devices Small or

DN2-HW-APL-L • Based on UCS M5 8000 Devices Medium or

• Small Secure Network Server for ISE Applications

• Medium Secure Network Server for ISE Applications

• Large Secure Network Server for ISE Applications

• Cisco ISE Virtual on VMware ESX/ESXi 5.x / 6.x and

Digital Platforms for your Cisco Digital Network Architecture

Catalyst 9600 Catalyst 9400 ASR- 1000- HX Catalyst 9800

Catalyst 9500 Catalyst 9300 Cisco Digital Building

ISR 4430 Catalyst 3560- CX

ISE + AD/Other ISE + AD/Other

Cisco DNS/DHCP Cisco DNS/DHCP

NOTE: Cisco DNA Center requires access to Internet.

 Applies to both Physical and Virtual deployment

Standalone Deployment Small HA Deployment Small Multi-node Deployment Large Deployment

100 Endpoints 20,000 Endpoints 500,000 Endpoints

Small Site Medium Site Large Site

IP Transit SD-Access Transit

PORT 2 MLOM PORT 1 MLOM M 1 2

Example Interface 192.168.0.2 10.4.249.241 10.204.49.25 100.119.104.241

PORT 1 MLOM PORT 2 MLOM 1 2 M

• Cisco DNA-Center needs access to below URLs & FQDNs

Integrate with cisco.com and Cisco Smart Licensing *.cisco.com:443

Integrate with Cisco Meraki *.meraki.com:443

Render accurate information in site & location maps www.mapbox.com

• Network Ports to allow for Incoming and Outgoing Traffic

Once Installation is complete. Login to

Note: SSH should be enabled on ISE

Internal Identity Stores

Authentication Methods Authorization Options

Manual Underlay Automated Underlay

• System MTU: 9100 • Design - IP Address Pool

• Loopback 0 with /32 subnet • Discover Seed Device

• Resiliency – BFD, ECMP, NSF

• Upgrade Software - SWIM

Guest VN_GUEST 10.4.215.0/24 3850-Fusion1

Employee VN_Campus 10.4.212.0/24

IP_Phones VN_Campus 10.4.214.0/24 9500-1 9500-2

Infra_VN (Access Point) 10.4.211.0/24

Wireless Infrastructure SSID: RTP-Secure, RTP-PSK, RTP-Guest

Policy – Micro Segmentation Policy – Macro Segmentation Network Settings - Wireless