Course outline

Cisco Software Defined Access and ISE Integration for Policy Deployment and Enforcement-ISE_SDA

Categories: Cisco, Guaranteed To Run™

Duration: 3 day

The SDA-ISE course focuses on Cisco’s primary security policy software and is the backbone of Cisco’s enterprise security architecture. This course will focus on network access control for next generation fabric based networks. Learners will deep dive on the protocols and features that make up SD Access such as LISP and VXLAN and understand how to configure, troubleshoot and optimize this new technology. You will focus on Trustsec and how it is enforced on the network from the policies you create in the Identity Services Engine. Additionally learners will look at automating the tasks via Cisco’s DNA Center management tool and verify Cisco Validated Designs are deployed on your network.

Upon completing this course, the learner will be able to meet these overall objectives:

  • Know and understand Cisco’s SD-Access concepts, features, benefits, terminology and the way this approach innovates common administrative tasks on today’s networks.
  • Differentiate and explain each of the building blocks of SD-Access Solution
  • Explain the concept of “Fabric” and the different node types that conform it (Fabric Edge Nodes, Control Plane Nodes, Border Nodes)
  • Describe the role of LISP in Control Plane and VXLAN in Data Plane for SD-Access Solution
  • Understand TrustSec concepts, deployment details and the way it is used as part of SD-Access Solution for segmentation and Policy Enforcement
  • Understand the role of DNA Center as solution orchestrator and Intelligent GUI
  • Become familiar with the workflow approach in DNA Center and its 4 Steps: Design, Policy, Provision and Assurance
  • Explain the role that ISE and NDP play as part of the solution Configure AAA services and TrustSec Policy in ISE Integrate ISE with DNA Center for Policy enforcement
  • Security Administrators
  • Network Administrators
  • Network Architects
  • Network Engineers

Module 1: Introduction to Cisco’s Software Defined Access (SD-Access)

  • SD-Access Overview
  • SD-Access Benefits
  • SD-Access Key Concepts
  • SD-Access Main Components
  • Campus Fabric
  • Wired
  • Wireless
  • Nodes
  • Edge
  • Border
  • Control Plane
  • ISE (Policy)
  • Introduction to DNA Center
  • DNA Controller (APIC-EM Controller)
  • Overview of DNA Assurance

Module 2: SD-Access Campus Fabric

  • The concept of Fabric
  • Node types (Breakdown)
  • LISP as protocol for Control Plane
  • VXLAN as protocol for Data Plane

Module 3: Campus Fabric External Connectivity for SD-Access

  • Enterprise Sample Topology for SD-Access
  • Role of Border Nodes
  • Types of Border Nodes
  • Border
  • Default Border
  • Single Border vs. Multiple Border Designs
  • Collocated Border and Control Plane Nodes
  • Distributed (separated) Border and Control Plane Nodes

Module 4: Implementing WLAN in SD-Access Solution

  • WLAN Integration Strategies in SD-Access Fabric
  • CUWN Wireless Over The Top (OTT)
  • SD-Access Wireless (Fabric enabled WLC and AP)
  • SD-Access Wireless Architecture
  • Control Plane: LISP and WLC
  • Data Plane: VXLAN
  • Policy Plane and Segmentation: VN and SGT
  • Sample Design for SD-Access Wireless

Module 5: Using Cisco ISE for SD Access

  • Introduction to Cisco ISE
  • Using Cisco ISE as a Network Access Policy Engine
  • Introducing Cisco ISE Deployment Models
  • Introducing 802.1x and MAB Access: Wired and Wireless
  • Introducing Identity Management
  • Configuring Certificate Service
  • Introducing Cisco ISE Policy
  • Configuring Cisco ISE Policy Sets
  • Introducing Cisco ISE 2.x pxGrid
  • Preparing ISE for Integration with DNA Center for SD-Access

Module 6: Implementing Policy Plane using Cisco TrustSec for Segmentation

  • Need for users and groups Segmentation on SD-Access
  • Limitations of traditional segmentation methods
  • Introduction to Cisco Tru

Feel free to contact us, if you want to know the price and location of this course. A Digital Revolver representative will contact you shortly to help you with your inquiry.
Please fill out the form below

  • Guaranteed to Run™. This ensures you will attend the instructor led class or live online class you want as scheduled without any disruptive cancellations*. You book the training you need, get back to focusing on your job and are sure your training requirements will be met saving time, money and ensuring peace of mind.
  • This schedule icon the schedule indicates that this date/time will be conducted as Instructor Led Training (ILT) or a Virtual Instructor Led Training (VILT) depending on the indicated class availablity.
Privacy and Cookies

This website stores cookies on your computer which help us make the website work better for you.

Learn moreAccept and Close
Social media & sharing icons powered by UltimatelySocial