Scribd Logo
Upload

Welcome to Scribd!

  • O Campus Híbrido - Como Implantar Uma Solução Combinada Cisco SD-Access e Merak

    Uploaded by

    paulo_an7381
    32 views32 pages

    Original Title

    O campus híbrido - como implantar uma solução combinada Cisco SD-Access e Merak

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    32 views32 pages

    O Campus Híbrido - Como Implantar Uma Solução Combinada Cisco SD-Access e Merak

    Uploaded by

    paulo_an7381

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 32

    #CLUS

    The Hybrid Campus:


    How to effectively deploy a combined
    SD-Access and Meraki solution
    Alex Burger – Product Architect - CCIE 45253
    @aaburger85
    BRKCRS-2105

    #CLUS
    Agenda
    • Session Goals
    • When and Why Hybrid?
    • SD-Access High Level Architecture / Components
    • MR & SD-Access Demo Scenario
    • Configuration Demo
    • Q&A

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
    Cisco Webex Teams
    Questions?
    Use Cisco Webex Teams to chat
    with the speaker after the session

    How
    1 Find this session in the Cisco Live Mobile App
    2 Click “Join the Discussion”
    3 Install Webex Teams or go directly to the team space
    4 Enter messages/questions in the team space

    Webex Teams will be moderated cs.co/ciscolivebot#BRKCRS-2105


    by the speaker until June 16, 2019.

    #CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
    Session Goals
    • Know when hybrid SDA & Meraki makes sense
    • Understanding of the overall configuration process
    • Confidence to configure MR on fabric

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
    When/Why Hybrid?
    • Customer has standardized on Cisco Meraki for wireless
    • Already heavily invested in the 9k platform
    • Looking into software defined access for the wired infrastructure
    • Needs highest level of security and IP portability for wired access

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
    Summarized
    Fabric Technology
    Overview
    Fabric Underlay

    • Traditional IP routing
    • Just the carrier of the packet
    • Purely for transit of traffic between nodes that make up the fabric
    • Requires Jumbo frames to account for VxLAN overhead
    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
    Fabric Overlay Control Plane/Border
    Egress to external resources

    • Combination of many seasoned technologies


    • VxLAN for traffic encapsulation
    • LiSP for dynamic endpoint routing
    • Trustsec for secure tag-based segmentation

    Fabric Edge
    Access Layer

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
    What is VxLAN?

    • Encapsulation of data traffic between fabric nodes


    • Carries VN and SGT information

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
    What is ?
    Cisco Locator/ID Separation Protocol (LISP)
    • Separates Client location from IP address
    • Key LISP Terms:
    • RLOC – Routing Locator
    • Where the host is attached
    • example: Switch-01
    • EID – Endpoint ID
    • Information unique to host
    • example: MAC or IP Address

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
    What secures the fabric?

    • Fabric uses Cisco Trustsec for role-based enforcement


    • VLAN to SGT mapping is utilized unless ISE sends a tag back
    from a dot1x auth or a port is statically assigned
    • Within DNAC policies can be configured and / or imported from
    Cisco ISE

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
    What is a VN (Virtual Network)? Employee virtual network

    Group 1 Group 2

    IoT virtual network

    • A VRF that contains 1 or more address pools


    • Completely segmented from other VNs and fused
    outside of the fabric by a fusion router
    Group 3 Group 4
    • Macro level segmentation

    Guest virtual network

    Group 5 Group 6

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
    What is an address pool?

    • Device access subnet


    • At the switch level this is a VLAN
    • L2 segmentation
    • Security through scalable group tags at port or VLAN level

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
    What is an extended node?
    • Extended node connects to an Edge node using
    an 802.1Q Trunk port using static assignment

    • SGT tagging (or mapping) is accomplished by


    Pool to Group mapping on the connected Edge
    node
    • Traffic policy enforcement based on SGTs is
    performed at the Edge node

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
    Demo Topology
    Demo Topology

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
    Configuration
    Overview
    SD-Access + Meraki Checklist

     (optional) 1x Infrastructure Management VN (not INFRA_VN)


     >= 1x user Data VN and 2x Address Pools
     Cisco Identity Services Engine (Because its awesome)

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
    Onboarding of MR in to the Fabric & SSID
    Provisioning
    1. Fabric and address pool review
    2. Host onboarding configuration
    3. Port Configuration Templates
    4. VLAN mapping retrieval
    5. Applying the templates
    6. SSID configuration in Dashboard
    7. Group policy Configuration
    8. ISE
    9. Security Policy Configs
    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
    There is a white paper!
    Deploying Cisco Meraki Cloud APs on SDA - March 2019

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
    Live configuration walk-through
    Reviewing Traffic
    Flows Example
    Example IP Flow (Inside to Outside Fabric)

    Lo0: 10.255.255.102

    Lo0: 10.255.255.100 Lo0: 10.255.255.101

    Example of a client contacting


    Google’s DNS at 8.8.8.8 using ICMP
    captured between AP and switch

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
    Example IP Flow (Inside to Outside Fabric)

    Lo0: 10.255.255.102

    Lo0: 10.255.255.100 Lo0: 10.255.255.101

    Same traffic encapsulated in VxLAN


    between fabric nodes
    172.20.0.13

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
    Example IP Flow (fabric client to fabric client)

    Lo0: 10.255.255.102

    Lo0: 10.255.255.100 Lo0: 10.255.255.101

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
    Example IP Flow (fabric client to fabric client)

    Lo0: 10.255.255.102

    Lo0: 10.255.255.100 Lo0: 10.255.255.101

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
    Q&A
    Complete your
    online session • Please complete your session survey
    evaluation after each session. Your feedback
    is very important.
    • Complete a minimum of 4 session
    surveys and the Overall Conference
    survey (starting on Thursday) to
    receive your Cisco Live water bottle.
    • All surveys can be taken in the Cisco Live
    Mobile App or by logging in to the Session
    Catalog on ciscolive.cisco.com/us.
    Cisco Live sessions will be available for viewing
    on demand after the event at ciscolive.cisco.com.

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
    Continue your education

    Demos in the
    Walk-in labs
    Cisco campus

    Meet the engineer


    Related sessions
    1:1 meetings

    #CLUS BRKCRS-2105 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
    Thank you

    #CLUS
    #CLUS

    You might also like