Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1139
Views
15
Helpful
6
Replies

Moving from traditional to SDA

Hisoma Sama
Level 1
Level 1

‎02-28-2021 12:20 AM - last edited on ‎03-02-2021 08:24 AM by Cisco Employee

Hello

 

we are currently upgrading our network all c9k series and we are installing only DNA

 

the network will be layer 3 routed access

 

my 1st question can i use DNA to auto config my switches , or better to configure my switches manually then attach DNA to it and make my discovery?

 

2nd Q: would my OSPF design for layer 3 routed access will be enough so once we move into SDA in phase 2 will be easy or there is another things to put in mind in this design that required once to move SDA

 

note: i have no pre-experience to SDA and requirements

thanks you  

Labels:
0 Helpful
6 Replies 6

jalejand
Cisco Employee
Cisco Employee

‎02-28-2021 12:54 AM

1. DNA Center can auto-configure switches depending on the automation task.

       To configure new switches (with no configuration at all) you can use PnP to automate specific CLI commands

       To configure new switches (with no configuration at all) for underlay routed-access you can use LAN Automation

       Fabric configuration is automated by DNA

 

2. Any underlay IGP is in theory supported by SDA as long as jumbo frame and no summarization exists between nodes (meaning that every node must have a loopback0 advertised as /32, known by all nodes). DNA Center uses IS-IS for underlay automation, if you run OSPF as underlay, you might need to think about redistribution tasks between the existing OSPF network and future IS-iS nodes in case you want to use LAN Automation

 

Migration from a traditional network to SDA techniques can be reviewed here:

https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html#Migration_Strategies

 

 

Hisoma Sama
Level 1
Level 1
In response to jalejand

‎02-28-2021 01:16 AM

Thanks jalejand for your reply

 

for LAN Automation do i need use ISE for this or DNA can handle from its own?

0 Helpful

jalejand
Cisco Employee
Cisco Employee

‎02-28-2021 01:28 AM - edited ‎02-28-2021 01:29 AM

No need for ISE, ISE in fabric is mainly used for:

  Cisco TrustSec SGT policies (microsegmentation in fabric, rules between endpoints based on their context/identity)

  Integration with assurance to include dot1x usernames on the client dashboard

  Guest Portal automation for Guest SSIDs (Portal creation and authentication rules)


Any vanilla AAA server could be used to deliver dot1x/MAB authentication for wired and wireless users, with limited support of course.


For LAN automation you don't rely on any ISE/AAA server coexistence.

balaji.bandi
Hall of Fame
Hall of Fame

‎02-28-2021 01:57 AM

I am in the process of deploying the same and reading many documents and understand head around this technology. but once you understand it is very simple steps :

 

my 1st question can i use DNA to auto config my switches , or better to configure my switches manually then attach DNA to it and make my discovery?

Take advantage of DNAC orchestration, that is the reason the tool brought in, So there are no human mistakes, so your basic configuration is simple to bring the device into the network with a standard template where on the next level it is easy to provision SD-Access later. using DNAC.

 

2nd Q: would my OSPF design for layer 3 routed access will be enough so once we move into SDA in phase 2 will be easy or there is another things to put in mind in this design that required once to move SDA

sure you can use any IGP (other than RIP) underlay reachability - make sure there is no summarisation required. - that is the reason cisco suggests ISIS makes the flat network. ( some use cases like migration it may not be possible we need to use exiting arrangements and migrate to SD-Access.

 

But this is a good journey towards Software Define Intenet-based networking.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hisoma Sama
Level 1
Level 1
In response to balaji.bandi

‎02-28-2021 02:48 AM

thanks balaji

 

any advise from where to start (since most Sw's would be stacking) and pre-configuration i make to the seed switch?

is it mandatory to create VRF's?

 

and for Jumbo frame wont cause an issue for some legacy applications?

since you have been through this any recommendations from your part

sorry for asking a lot I'm just new to this world.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Hisoma Sama

‎02-28-2021 03:04 AM

any advise from where to start (since most Sw's would be stacking) and pre-configuration i make to the seed switch?

 

You need only basic configuration for the DNAC to reach the device with point-to-point link IP address and Local username, then rest all done using DNAC, that is the reason Lan automation does the basic setup when the device comes onboard.

 

is it mandatory to create VRF's?

 

YES/ NO, the main reason for VN is segmentation, you want to be flat network all over, that is not the end goal of SD-Access and Security features you taking advantage. (by spending good amount of money for DNAC)

 

Jumbo frame wont cause an issue for some legacy applications?

 

This is an SD-Access requirement, your Legacy application still be in your DC and Border handoff will take care of this.

 

since you have been through this any recommendations from your part

 

below URL give all the information ( as I said I am not a wise expert but we all get there by learning things slowly and eventutally)

 

https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html#Transit_Control_Plane_Node

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents