cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
141256
Views
50
Helpful
21
Comments
erazvi
Cisco Employee
Cisco Employee
image.png Announcement! New SD-WAN Case Studies for Small Branch and Large Global WAN!

header.jpg

 

What are Validated Design & Deployment Guides?

Simple, modular, use-case based design and deployment guidance to provide you with Validated designs and best practices,  Prescriptive, easy-to-follow deployment guides all with the intent to give you Confidence as you transform your network to meet your business goals.

 

SD-Access

SD-WAN

Security, Policy & Access

Infrastructure

 

Solution Design Guides (CVD)

Architecture-based guidance to design a technical solution.  Target audience are Network & Security Architects, Sr. Network Engineering and Security Analysts. Design guides provide Solution Recommendations and Design Considerations.  These guides are NOT Release-based and do not contain Screen Shots and/or Configurations

Case Studies

SD-WAN design case studies are deep-dives into the methodologies and technical solutions of how Cisco customers have leveraged SD-WAN use cases to achieve business outcomes.  Although the companies covered in these case studies are fictitious, the designs, features, and configurations represent best practices and lessons learned from actual customer deployments across multiple industries.

Prescriptive Deployment Guides (PDG)

Prescriptive, technical step-by-step guidance to solve a Use Case required in your network. Target Audience are Network & Security Engineering and Operations.  Deployment guides provide an easy template (DEFINE, DESIGN, DEPLOY & OPERATE) to provide step-by-step validated guidance complete with screenshots and configuration

Cisco Validated Profile (CVP) Guides

Cisco Validated Profile (CVP) guides provide validated configuration and testing details for profile topologies.Target Audience are Network & Security Engineering & Operations.  CVPs contain hardware and software features for end to end use cases. 

_____________________________________________________________________________________________

SD-Access

Design Guides

Software-Defined Access - Solution Design Guide

First Published June 2020 |  Author:  Jonathan Cuthbert

In this guide, you will learn deployment models, approaches and considerations along with recommended design practices for SD-Access fabric sites ranging from very small to very large in size that can be single independent sites or part of a larger, multi-site deployment

Software-Defined Access Segmentation Design Guide

First Published August 2018 / Last Reviewed April 2019 | Author: Mike Jessup

In this design guide, you will find background information around the need for segmentation in today’s networks to reduce the network attack surface. This document briefly looks at the history of segmentation and provides guidance around the use of macro-segmentation (VRFs/VNs) and/or micro-segmentation (SGTs) and how to determine which strategy is most applicable in different scenarios. Through several simple use cases in verticals such as education, healthcare, retail, manufacturing, and utilities, the reader will see how a combination of micro and macro-segmentation can be implemented to group network devices while minimizing the attack surface

Prescriptive Deployment Guides

Cisco DNA Center & ISE Management Infrastructure Deployment Guide

First Published May 2020  | Author:  Sum Nguyen

In this guide, you will learn how to install and bootstrap the management infrastructure for the Cisco Digital Network Architecture which includes Cisco DNA Center and ISE.

Catalyst 9800 Non-Fabric Deployment using Cisco DNA Center Deployment Guide

First Published October 2019 | Author: Roland Saville

In this guide, you will learn how to deploy a wireless local area network (WLAN) within a campus network, using Catalyst 9800 Series WLAN controllers (WLCs) with access points (APs) in centralized (local mode) operation, using Cisco DNA Center

Catalyst 9800 Non-Fabric FlexConnect Deployment using Cisco DNA Center

First Published October 2019 | Author:  Roland Saville

This guide focuses on how to deploy a wireless local area network (WLAN) within a branch network, using Catalyst 9800 Series WLAN controllers (WLCs) with access points (APs) in FlexConnect mode operation, using Cisco DNA Center.

Network Device Onboarding Using Cisco DNA Center Deployment Guide

First Published October 2019 | Last Reviewed June 2020 | Author: Esrar Razvi

In this guide, you will learn how to automate Day-0 on-boarding of a single switch at branch/campus with Cisco DNA Center to reduce the overall cost and time by leveraging built-in PnP functionality and an on-boarding template.

Campus Software Image Management Using Cisco DNA Center Deployment Guide

Last Reviewed March 2020 | Author: Esrar Razvi

In this guide, you will learn how to leverage Cisco DNA Center to manage software images according to image type and version. You can view, import, and delete software images in the repository as well as standardize images per device family type by marking them as golden. The software images can then be pushed to target devices in your network for day 0-N use cases.

Enabling Cisco DNA Assurance on Existing Network Deployment Guide

First Published October 2019 | Author: Sum Nguyen

In this guide, you will learn how to leverage Cisco DNA Center to deploy Assurance in an existing brownfield network. This document covers both network and clients assurance.

Cisco DNA Application Assurance Deployment Guide

First Published October 2019 / Last Reviewed January 2020 | Author: Roland Saville

In this guide, you will learn how to deploy Cisco DNA Application Assurance within an enterprise network; and how to monitor and troubleshoot applications and their performance when the application traffic crosses the WAN, through Cisco DNA Application Assurance.

Software-Defined Access Medium and Large Site Fabric Provisioning Deployment Guide

First Published August 2018 / Last Reviewed October 2019 | Author: Jonathan Cuthbert

In this guide you will learn how to deploy medium and large fabric sites consisting of a multi-tier Hierarchical network model with dedicated shared services block and physical WLCs.

Software-Defined Access for Distributed Campus Deployment Guide

First Published May 2019  / Last Reviewed October 2019 | Author: Jonathan Cuthbert

This guide will show you how to deploy unified and consistent policy across a metro area SD-Access deployment consisting of multiple, independent fabric sites.  Both IP-based transits with fusion routers and SDA transits are discussed and deployed along with methods to provide Internet access to the deployment.  Finally, important considerations and recommended practices for the deployment of the key architecture component–transit control plane nodes–are discussed and deployed.  

Software-Defined Access Macro Segmentation Deployment Guide

First Published August 2020 | Author:  Mahesh Nagireddy

This guide is intended to provide technical guidance to design, deploy and operate Macro Segmentation across Software-Defined Access Fabric. It focuses on the steps to enable device level Segmentation across the SD-Access Fabric and Fusion device configuration to handle communication between separate VN’s or VRF or from VN/VRF to Shared services residing at the Data Center.

External Layer 2 Domain Connected to an SD-Access Fabric Edge Node - Best Practice Guide

First Published: July 2021 | Author:  Jonathan Cuthbert

This document captures the recommended practices that should be implemented on Fabric Edge Nodes when connecting an External Layer 2 Switching Domain to them.

_____________________________________________________________________________________________

SD-WAN

Design Guides

SD-WAN Design Guide

First Published October 2018 / Updated:  May 2020 | Author:  Gina Cornett

In this guide, you will learn about the architecture and different aspects of the Cisco SD-WAN solution. A high-level discussion of components, on-boarding of WAN devices, controller connections, configuration templates, and policies is covered, in addition to deployment planning considerations.

SD-WAN Security Policy Design Guide for Cisco IOS-XE SD-WAN Devices

First Published  May 2020 | Author:  Priyanka Sayinath

This design guide focuses on the design components, considerations, working and best practices of each of the security features listed in Table 1 for IOS-XE SD-WAN WAN Edge devices. However, the document is not meant to exhaustively cover all options.

Case Studies

Cisco SD-WAN Small Branch Design Case Study 

First Published June 2022 / Last Reviewed June 2022 | Authors: Tom Kunath and Gina Cornett

This design case study focuses on an SD-WAN deployment for an enterprise small branch.  Examples of the small branch category include gas stations, convenience stores, small banks, and fast-food restaurants.  This guide follows a fictitious company, American GasCo, through several planning and design phases and considerations they addressed during their journey to SD-WAN.

Cisco SD-WAN Large Global WAN Design Case Study

First Published November 2022 / Last Reviewed November 2022 | Authors: Abhishek Kumar and Roland Saville

The designs discussed within this document are presented in the form of a case study for a fictional large global WAN customer - Bank of the Earth.  Although Bank of the Earth is not a real company, the designs presented within this guide are based  on actual customer deployments.  The purpose of this document is to present some of the considerations that a network engineer will need to focus attention upon and address when designing and implementing a large Cisco SD-WAN deployment.

Prescriptive Deployment Guides

SD-WAN End-to-End Deployment Guide

First Published October 2018 / Last Reviewed April 2019 | Author: Gina Cornett

In this guide, you will learn how to deploy the Cisco SD-WAN solution from end to end. You will learn how to configure and deploy feature and device templates, how to onboard WAN Edge devices, and how to configure localized and centralized policies, QoS, and application-aware routing.

Cisco SD-WAN: Application-Aware Routing Deployment Guide

First Published May 2020 | Author: Prashanth Davanager Honneshappa

This guide is intended to provide design and deployment guidance to deploy Application-Aware Routing on the Cisco SD-WAN solution providing Service Level Agreement (SLA) based routing for business-critical applications to optimize application performance. The guide focuses on the step-by-step procedures for defining the network characteristics requirements for an application and leveraging the calculated path liveness and quality measurement to influence the traffic path dynamically, providing the best experience for the applications at all times.

Cisco SD-WAN: WAN Edge Onboarding Deployment Guide

First Published December 2019 / Last Reviewed January 2020 | Author: Prashanth Davanager Honneshappa

This guide is intended to provide design and deployment guidance to onboard Cisco SD-WAN WAN Edge devices into the enterprise SD-WAN Infrastructure. The guide focuses on the step-by-step procedures to configure each of the onboarding options available, along with the use cases specific to WAN Edge deployment using default pre-installed certificates or enterprise root-ca certificates. The physical or virtual WAN Edge onboard options include manual, bootstrap or the automated deployment process, which is referred to as Zero Touch Provisioning (ZTP) for vEdge devices and Plug-and-Play (PnP) for IOS XE SD-WAN devices.

SD-WAN: Controller Certificates and Authorized Serial Number File Deployment Guide

First Published October 2019 | Last Reviewed December 2021 | Author: Gina Cornett

This document provides technical guidance on the steps needed to successfully install certificates on on-premise Cisco SD-WAN controllers or in a Cisco-hosted or provider-hosted cloud solution. It includes different methods for obtaining signed controller certificates and how to configure and load the authorized serial number file. The certificate renewal process is also covered. 

SD-WAN: Enabling Direct Internet Access Deployment Guide

First Published July 2019 | Last Reviewed August 2020 | Author: Priyanka Sayinath

In this guide, you will learn to design and deploy direct internet access on both vEdge and SD-WAN XE platforms. The guide includes design considerations, configuration and troubleshooting steps to be adopted while deploying features such as NAT DIA route and Centralized Data Policy within your branch WAN Edge device to establish local internet exit.

SD-WAN: Administrator-Triggered Cluster Failover Deployment Guide

First Published July 2020 | Authors: Priyanka Sayinath and Deepesh Deepesh Kumar

This document provides design and deployment information for vManage disaster recovery. It covers the different types of disaster recovery methods and reviews the steps for configuring disaster recovery and how to perform disaster recovery at the time of network disruption. Note that the first iteration of this guide covers only one use case, the administrator-triggered failover use case for a vManage cluster.

IWAN to Cisco SD-WAN Migration Guide:  A Customer Journey

First Published December 2020  | Authors: Tahir Ali and William Allison

This guide provides recommended best practices in the architecture, planning, design and implementation of migrating Intelligent WAN (IWAN) to Cisco SD-WAN.

SD-Access | SD-WAN Independent Domain Guide Deployment Guide

First Published: July 2021  | Author: Prashanth Davanager Honneshappa

This document is a Prescriptive Deployment Guide that utilizes both Cisco SD-Access and Cisco SD-WAN for end-to-end segmentation using the Independent Domains (two-box) deployment option.

SD-Access | SD-WAN Integrated Domain Guide Deployment Guide

First Published: October 2021  | Author: Prashanth Davanager Honneshappa

This document is a Prescriptive Deployment Guide that utilizes both Cisco SD-Access and Cisco SD-WAN for end-to-end segmentation using the Integrated Domains (one-box) deployment option.

SASE

SD-WAN: Secure Direct Cloud Access for Cisco IOS-XE SD-WAN Device Deployment Guide

First Published May 2020  | Author: Priyanka Sayinath

This document provides the design and deployment of the Cisco SD-WAN security policy specific to secure Direct Cloud Access (DCA) within remote sites running IOS-XE SD-WAN WAN Edge platforms. The security features leveraged within this guide include Enterprise Firewall with Application Awareness, Intrusion Prevention System (IPS), Advanced Malware Protection (AMP) and DNS/Web-layer Security with Umbrella Integration.

SD-WAN: Secure Direct Internet Access for Cisco IOS-XE SD-WAN Devices Deployment Guide

First Published May 2020  | Author: Priyanka Sayinath

This document provides the design and deployment of the Cisco SD-WAN security policy specific to secure Direct Internet Access (DIA) within remote sites running IOS-XE SD-WAN WAN Edge platforms. The security features leveraged within this guide include Enterprise Firewall with Application Awareness, Intrusion Prevention System (IPS), URL Filtering (URLF), Advanced Malware Protection (AMP) and DNS/Web-layer Security with Umbrella Integration.

SD-WAN: Secure Guest Access for Cisco IOS-XE SD-WAN Devices Deployment Guide

First Published May 2020  | Author: Priyanka Sayinath

This document provides the design and deployment of the Cisco SD-WAN security policy specific to secure guest access within remote sites running IOS-XE SD-WAN WAN Edge platforms. The security features leveraged within this guide include Enterprise Firewall with Application Awareness and URL Filtering (URLF).

Zscaler Internet Access (ZIA) and Cisco SD-WAN Deployment Guide 20.6/17.6

First Published November 2021 | Author: Gina Cornett

This document provides technical and configuration guidance for integrating Zscaler Internet Access (ZIA) and Cisco SD-WAN successfully using the capabilities provided by Cisco SDWAN vManage version 20.6, vEdge version 20.6, and IOS XE SDWAN WAN Edge version 17.6. It includes examples to show how to provision a new service to integrate ZIA and Cisco SD-WAN IPsec tunnels. 

Zscaler Internet Access (ZIA) and Cisco SD-WAN Deployment Guide

First Published March 2020 | Author: Gina Cornett

This Deployment Guide document provides configuration guidance for integrating Zscaler Internet Access (ZIA) and Cisco SD-WAN successfully. There are examples to show how to provision a new service with ZIA and Cisco SD-WAN using GRE or IPsec tunnels. For Cisco SD-WAN, configurations that use feature templates through vManage and CLI are both shown. All examples in this guide presumes the reader has a basic comprehension of IP Networking.

Cisco SD-WAN: Enabling Firewall and IPS for Compliance

First Published November 2019 | Author: Priyanka Sayinath

This document provides the design and deployment of the Cisco SD-WAN security infrastructure specific to the compliance use case within remote sites running IOS-XE SD-WAN WAN Edge platforms. The security features leveraged within this guide include Enterprise Firewall with Application Awareness and Intrusion Prevention System (IPS).

Cloud

Extending the Cisco SD-WAN Fabric into Azure with Cisco Cloud onRamp for Multi-Cloud 

Updated March 2022  | Author: Roland Saville

This guide is intended to provide technical guidance to design, deploy, and operate Cisco Cloud onRamp for Multi-Cloud with Azure. Cisco Cloud onRamp for Multi-Cloud with Azure supports the instantiation of a single pair of Cisco Catalyst 8000v routers functioning as Network Virtualization Appliances (NVAs) within a virtual hub (vHub) within an Azure virtual WAN (vWAN).

Cisco SD-WAN Cloud onRamp for Multicloud using Google Cloud Platform 

First Published November 2021  | Author: Priyanka Sayinath

This document discusses the design and deployment of Cisco SD-WAN Cloud onRamp for Multicloud using Google Cloud Platform (GCP). This guide focuses on the design and configuration of the Site to Google Cloud connectivity and the site-to-site connectivity through Google global network. The document includes some of the best practices and steps to instantiate a pair of Cisco Catalyst 8000v instances within a Google cloud gateway(s), association of Google Host VPCs within tags, establishment of Intra-tag communication, mapping of tags to service side VPN along with necessary design and steps to allow the site-to-site communication via the Google Global Network.

Cisco SD-WAN Cloud onRamp for IaaS using Azure Deployment Guide

First Published November 2020  | Author: Priyanka Sayinath

In this guide, you will learn how to deploy secure network connectivity from private network campus and branch locations to one or more Azure VNets using Cisco SD-WAN Cloud onRamp for IaaS.

Extending Cisco SD-WAN into AWS with Cisco Cloud onRamp for IaaS and TGW Interconnection

First Published January  2019 / Updated October 2020 | Author: Roland Saville

In this guide, you will learn how to deploy secure network connectivity from private network campus and branch locations to one or more AWS VPCs using Cisco SD-WAN Cloud onRamp for IaaS.

SD-WAN: Cloud onRamp for SaaS Deployment Guide

First Published January 2019 / Last Reviewed July 2019 | Author: Gina Cornett

In this guide, you will learn about how Cisco SD-WAN Cloud onRamp for SaaS operates and how to deploy it successfully.

SD-WAN Validated Profiles

CVP- Enterprise SD-WAN Financial Profile

First Published October 2018

CVP - Enterprise Cisco SD-WAN Retail Profile

First Published October 2018

For additional SD-WAN resources, refer to the SD-WAN Community Resources page: http://cs.co/sdwan-resources

_____________________________________________________________________________________________

Campus / Branch Infrastructure

Design Guides

Campus LAN and Wireless LAN Design Guide

First Published August 2018 / Last Reviewed May  2020| Author:  Roland Saville and Bryan Brzezinski

In this guide, you will learn how to design Campus LAN and Wireless LAN for High-density, Medium-Density and Small Site campuses.  Design fundamentals for each layer in a campus (Access, Distribution and Core) for wired are discussed along with best practices.  Campus WLAN design fundamentals such as controllers, deployment models and key features are discussed along with a best practices check list.  In addition, management, ISE and QoS guidance is given.

Prescriptive Deployment Guides

Campus LAN L2 Access with Simplified Distribution Deployment Guide

First Published October 2015 / Last Reviewed January 2019 | Author: Stephenie Chastain

In this guide, guidance is given around Layer 2 Access layer wiring closets of varying port sizes along with platform configurations for this layer.  Simplified Layer 2 distribution layer deployment guidance along with platform configurations are discussed.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Pink Vector Social Media Technology Presentation.jpg

 

Comments
erazvi
Cisco Employee
Cisco Employee

If you have any feedback or question regarding any of the above guides, please kindly leave your comment here, and we will get back to you as soon as possible.

pmerlitt
Cisco Employee
Cisco Employee

Somebody please correct the SWIM deployment guide for DNAC here (top of page 6):

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Campus/dnac-swim-deployment-guide-2019oct.pdf

It suggests that ISE has to be installed before doing SWIM.  I'm 99.999% sure that SWIM can be done without DNAC-ISE integration.  Please correct me if I'm wrong. 

erazvi
Cisco Employee
Cisco Employee

@pmerlitt Thanks for your feedback. We will review the doc and fix it asap.

jamari
Cisco Employee
Cisco Employee

Are there any translated versions of this content?

erazvi
Cisco Employee
Cisco Employee

@jamari Sorry we do not have these translated except for just one or two that were done in Chinese. What language are you looking for?

Moadmin
Level 1
Level 1

Hi Guys,

 

I am on process to build the SD_WAN home lab hosted on my EVE-NG home server. My question is, how to add cEdge and vedge routers in the vMange without having licenses, and if this process require me to have licenses how can I get them? Please help me out to address this issue.

pdavanag
Cisco Employee
Cisco Employee

@Moadmin

Please refer to the  WAN Edge onboarding guide for steps to add cEdge and vEdge to vManage.

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/sd-wan-wan-edge-onboarding-deploy-guide-2020jan.pdf

Moadmin
Level 1
Level 1

@ pdavanag

 

Thank you for taking time to read my question, I have read this document WAN Edge onboarding guide before, but this is not my question, my question was how can I get provisioning file just for testing purposes from Cisco without having smart account. I need just to LAB SD-WAN nothing else.

 

pdavanag
Cisco Employee
Cisco Employee

@Moadmin 

I don't think there is any other way to add the devices in vManage other than leveraging the provisioning file from the Network Plug-and-Play portal, which requires a smart account. 

Moadmin
Level 1
Level 1

@ pdavanag

 

 So in this case I am not able to learn SD-WAN, because I do not have provisioning file. That is really very sad news.

pdavanag
Cisco Employee
Cisco Employee
You can request a smart/virtual account and add the device to the Network Plug-and-Play portal and get the provisioning file to play in the lab.
Log into the Cisco Software Central > Administration and request Manage Smart Account.
ahengst
Cisco Employee
Cisco Employee

Hello, I have a questions around the guide: "Encrypted Traffic Analytics Design Guide"

 

The guide seems to indicate that ETA is able to be enabled on a L2 (trunk/access) interface. However, the template (IDP) captures IP addresses. I know that with NetFlow if it is applied to a L2 interface, it cannot capture those field elements that would be read in the L3 PDU. Can you clarify what information is captured on a L2 interface? Is it somehow able to read the information from the L3 portion of the packet?

mjessup
Cisco Employee
Cisco Employee

@ahengst So Flexible NetFlow (NetFlow v9) which is what ETA is based on can match IP Addresses on L2 interfaces. As a matter of fact, the recommendation for ETA is to configure it on the switch access port.

Great Source

Adam Austin
Cisco Employee
Cisco Employee

There's a Tech Tip in the "Cisco DNA Center & ISE Management Infrastructure Deployment Guide" that needs to be changed.  The first sentence, while possible, is not in compliance with Cisco best practices and is not a supported design.  Both Network adapter 1 & network adapter 2 are required interfaces.  Please reference any of the official install guides from the Cisco DNA Center Documentation page.

 

Tech tip

Connecting Cisco DNA Center to your network using a single network interface (enterprise network infrastructure, PORT1) simplifies the configuration by requiring only a default gateway and by avoiding the need to maintain a list of static routes for any additional interfaces connected. When you use additional interfaces (for example, to separate the managed enterprise network for infrastructure provisioning and management network for administrative access to Cisco DNA Center), subsequent network route changes may require that you reconfigure the appliance. To update static routes in Cisco DNA Center after the installation, follow the procedure to reconfigure the appliance in the Cisco Digital Network Architecture Center Appliance Installation Guide associated with your installed version.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: