#CLUS

How to setup SD-

Access from scratch
Subtitle goes here

Ramses Smeyers, Principal Engineer

Simone Arena, Principal TME
BRKEWN-2021

#CLUS
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session

How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot# BRKEWN-2021

by the speaker until June 16, 2019.

#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Session objective
We are going to take all network devices (switches, routers, WLC, Cisco
DNAC, etc) and "write erase" all before your very eyes. We will then rebuild
SD-Access Fabric completely, step by step and bring it all to its fully working
state, with wired and wireless clients!
It’s all live! It’s a slide free session!

#CLUS BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Agenda
 Getting started: Lab setup and use case
 What’s needed to build the SD-Access Fabric?
 Design the Network
 Design the Policy
 Deploy SD-Access Fabric with Wireless
 Deploy end-to-end Policy
 Key takeaways

#CLUS BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
The setup Wireless clients

Wired clients

#CLUS BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
 c9800 (.216)

Building this from scratch… Jump Host (.206)

Service block
Fusion router
172.16.201/24

Service switch
B C

Cisco DNA Center ISE (.205) DHCP/DNS/NTP (.201)

(.204)

Fabric Overlay

E E

#CLUS BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
 c9800 (.216)

Hospital use case Jump Host (.206)

Deploying Policy across wired and wireless users

Service block
Fusion router
172.16.201/24

Service switch
B C

Cisco DNAC (.204) ISE (.205) DHCP/DNS/NTP (.201)

Fabric Overlay
SGT1
Doctors
E E

Nurses SGT2

SGT3
Patients

#CLUS BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Lab Pre-requisites
• Cisco DNA Center
• #4 routable IPs for DNA Center setup: Cisco Integrated Management Controller (CIMC),
interface to Access to network devices (Enterprise interface), OOB Management. You need
also a Virtual IP address
• Monitor and keyboard for initial CIMC setup
• Internet connectivity from DNA Center appliance, so it can reach the package catalogue server
running in the cloud (directly or through proxy);
• #2 /21 private networks for DNAC setup

• NTP server
• A NTP server is mandatory. If a server is not available, you can use a switch/router in the lab
• All devices including DNAC, ISE, WLC, etc. need to be synched to NTP

• Terminal server for CLI access to the network devices

#CLUS BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
 1/0/23
MLOM2
Fusion 0/0/2 1/0/1 1/0/24 C240M4-01
Router
DC switch
(.199) FEX 1/17
0/0/0 1/0/21 1/0/13
DHCP (.201) UCS
Lab physical topology 172.16.201.x/24 NTP DNS ….
VLAN 3653
1/0/3 Jump01
B C (.206)
port 1
ISE (.205)
Border

1/0/1 1/0/2
DNA Center
WLC-01 (.202)
(.204)

1/0/1 1/0/1
E E
Software Releases

1/14 1/14 1/13 DNAC: 1.2.10

1/13
ISE 2.3 patch 3
VM A VM B Switches: 16.9.3
wired wired WLC (9800): 16.10.1e

Refer to DNA compatibility matrix

VM B VM A
Wireless Wireless

#CLUS BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
IP pools and Virtual Networks
POOL name Subnet VRF

Overlay
User01 192.168.1.0 / 24 gw .1 Internal03
User02 192.168.2.0 / 24 gw .1 Internal03
Guest 192.168.3.0 /24 gw .1 Guest03

AP-Pool 172.16.3.0 / 24 gw .1 Global Routing Table

Underlay
Underlay_Automation 172.16.2.0 / 24 gw .1 Global Routing Table
Border_Automation 172.16.4.0 / 24 gw .1 Global Routing Table

#CLUS BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
The secret weapon…

#CLUS BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Let the fun begin…

#CLUS BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Key takeaways
#CLUS BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Key takeaways
Software Defined Access Networking at the Speed of Software!
Cisco DNA Center SD-Access brings you…
Identity-based
Policy Automation Analytics
Policy & Segmentation
Decoupled security policy definition
from VLAN and IP Address

Automated
Network Fabric
Single Fabric for Wired & Wireless
with Workflow-based Automation

Insights
& Telemetry
Analytics and insights into
SDA-Extension user and application behavior
User Mobility

…for both wired and wireless!!

Policy stays
with user

IoT Network Employee Network #CLUS BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Don’t miss the SD-Access book…

It’s an e-book and you can download it from here

https://www.cisco.com/c/dam/en/us/products/se/2018/1/Collateral/nb-06-software-defined-access-ebook-en.pdf

#CLUS BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Complete your
online session • Please complete your session survey
evaluation after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live water bottle.
• All surveys can be taken in the Cisco Live
Mobile App or by logging in to the Session
Catalog on ciscolive.cisco.com/us.
Cisco Live sessions will be available for viewing
on demand after the event at ciscolive.cisco.com.

#CLUS BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Continue your education

Demos in the
Walk-in labs
Cisco campus

Meet the engineer

Related sessions
1:1 meetings

#CLUS BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Thank you

#CLUS
#CLUS