Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
10730
Views
45
Helpful
0
Comments

How to deploy SD-Access ( SDA ) Fabric from start to finish with Cisco DNAC 1.3.1?

pbagga
Cisco Employee
Cisco Employee

‎10-18-2019 12:17 AM - edited ‎10-23-2019 05:48 PM

SD-Access provides automated end-to-end services (such as segmentation, quality of service, and analytics) for user, device, and application traffic. SD-Access automates user policy so organizations can ensure the appropriate access control and application experience are set for any user or device to any application across the network. This is accomplished with a single network fabric across LAN and WLAN which creates a consistent user experience, anywhere, without compromising on security.

SD-Access benefits

  • Automation: Plug-and-play for simplified deployment of new network devices, along with consistent management of wired and wireless network configuration provisioning
  • Policy: Automated network segmentation and group-based policy
  • Assurance: Contextual insights for fast issue resolution and capacity planning
  • Integration: Open and programmable interfaces for integration with third-party solutions

To deploy SD-Access Fabric from End to End:

Step 1. Discovery of all devices

In Cisco DNA Center, the Discovery tool is used to find existing underlay devices using CDP or IP address ranges.  When defining a discovery profile, users will use ssh and snmp credentials. 

 

Step 2. Designing of Site, Configuring Network Settings, and IP Pools

Cisco DNA Center provides a robust Design application to allow customers of every size and scale to easily define their physical Sites and common network resources (DHCP, DNS, etc.).  This is implemented using a hierarchical format for intuitive use, while removing the need to redefine the same resource in multiple places when provisioning devices.

 

Step 3. Integrate Cisco DNAC with ISE

Identity Services Engine (ISE) is a key component with in Cisco DNA Center providing Intent Services like AAA (RADIUS and TACACS+), Visibility, On-boarding, Security, Macro and Micro Segmentation. To leverage these services we need to perform Cisco DNA Center ISE Integration to establish trust between the two entities and in the following guide we will provide the steps.

 

Step 4. Create Policy and Group Based Access List 

Security policies determine the types of network traffic permitted or denied between scalable groups.  Scalable groups are a critical component of the Cisco Software-Defined Access or SD-Access architecture, providing secure micro-segmentation for SD-Access infrastructure.

 

Step 5. Provision Devices to Site

When the provision step is executed, all the parameters which were set in the design for the site are provisioned on the device (based on Cisco best practices).

 

Step 6. Create a Fabric site

 A fabric site is a portion of the fabric which has its own set of control plane nodes, border nodes, and edge nodes.

 

Step 7. Host On-boarding 

Host on-boarding in SD-Access enables the attachment of endpoints to the fabric nodes. The host on-boarding workflow allows you to authenticate, classify and assign an endpoint to a scalable group, and then associate to an IP pool and virtual network.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents