Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
CiscoCanada
1,517 views
57 slides
Nov 27, 2018
Slide 1 of 57
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
About This Presentation
Infrastructures Réseaux : Dites adieu aux VLANs - Retirer la complexité de vos réseaux avec Cisco SD-Access
Slide Content
Cisco Connect Montréal
2018
Vision mondiale.Analyselocale.
2018
Vision mondiale.Analyselocale.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Infrastructures Réseaux -
Dites adieu aux VLANs:
Retirer la complexité de vos réseaux avec
Cisco SD-Access
Infrastructures Réseaux -
Dites adieu aux VLANs:
Retirer la complexité de vos réseaux avec
Cisco SD-Access
Cisco Connect Montreal
2018
Global vision.Local knowledge.
2018
Global vision.Local knowledge.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Enterprise Networks –
Say goodbyeto VLANs:
Removingthe complexityof yournetworks
withCisco SD-Access
Enterprise Networks –
Say goodbyeto VLANs:
Removingthe complexityof yournetworks
withCisco SD-Access
© 2018 Cisco and/or its affiliates. All rights reserved.
Agenda
Key Benefits
Why do I care?
Key Concepts
What is SD Access?
What’s new?
SDA Roadmap
Demonstration
Time for some action!
Take-away
Things to Remember
1
2
3
4
5
5
Agenda
Key Benefits
Why do I care?
Key Concepts
What is SD Access?
What’s new?
SDA Roadmap
Demonstration
Time for some action!
Take-away
Things to Remember
1
2
3
4
5
5
© 2018 Cisco and/or its affiliates. All rights reserved.
Key Benefits
Why do I care?
6
Key Benefits
Why do I care?
6
© 2018 Cisco and/or its affiliates. All rights reserved.
Powered by intent,
informed by context.
THE NETWORK.
INTUITIVE.
INTENTCONTEXT
SECURITY
LEARNING
Powered by intent,
informed by context.
THE NETWORK.
INTUITIVE.
INTENTCONTEXT
SECURITY
LEARNING
© 2018 Cisco and/or its affiliates. All rights reserved.
Tell your network
What you Want
and let it figure out
How to do That
Tell your network
What you Want
and let it figure out
How to do That
© 2018 Cisco and/or its affiliates. All rights reserved.
Correlate InformationfromMultiple Sensors
toprovideDeeper Insights andSuggest Actions
Context
Correlate InformationfromMultiple Sensors
toprovideDeeper Insights andSuggest Actions
Context
© 2018 Cisco and/or its affiliates. All rights reserved.
CBB
Cisco DNA & SD-Access
Networking at the Speed of Software!
Automated
Network Fabric
Single Fabric for Wired & Wireless
with simple Automation
Insights &
Telemetry
Analytics and Insights into
User and Application behavior
Identity-Based
Policy & Segmentation
Decouples Security & QoS
from VLAN and IP Address
IoT NetworkEmployee Network
User Mobility
Policy stays with User
Outside
DNA Center
AnalyticsAutomationPolicy
10
SDA
Extension
CBB
Cisco DNA & SD-Access
Networking at the Speed of Software!
Automated
Network Fabric
Single Fabric for Wired & Wireless
with simple Automation
Insights &
Telemetry
Analytics and Insights into
User and Application behavior
Identity-Based
Policy & Segmentation
Decouples Security & QoS
from VLAN and IP Address
IoT NetworkEmployee Network
User Mobility
Policy stays with User
Outside
DNA Center
AnalyticsAutomationPolicy
10
SDA
Extension
© 2018 Cisco and/or its affiliates. All rights reserved.
Key Concepts
What is SD-Access?
1.High-Level View
2.Roles & Platforms
3.Fabric Constructs
11
Key Concepts
What is SD-Access?
1.High-Level View
2.Roles & Platforms
3.Fabric Constructs
11
© 2018 Cisco and/or its affiliates. All rights reserved. 12
© 2018 Cisco and/or its affiliates. All rights reserved.
What is SD-Access?
Campus Fabric + DNA Center (Automation & Assurance)
13
§Campus Fabric
CLI or API approach to build a LISP +
VXLAN + CTS Fabric overlay for your
enterprise Campus networks
CLI provides backwards compatibility
but management is box-by-box.
API provides device automation via
NETCONF/YANG
Separated management systems
APIC-EM
1.X
§SD-Access
GUI approach provides automation &
assurance of all Fabric configuration,
management and group-based policy
DNA Center integrates multiple
systems, to orchestrate your LAN,
Wireless LAN and WAN access
Campus
Fabric
ISEPI
NCP
ISENDP
DNA Center
B
C
B
What is SD-Access?
Campus Fabric + DNA Center (Automation & Assurance)
13
§Campus Fabric
CLI or API approach to build a LISP +
VXLAN + CTS Fabric overlay for your
enterprise Campus networks
CLI provides backwards compatibility
but management is box-by-box.
API provides device automation via
NETCONF/YANG
Separated management systems
APIC-EM
1.X
§SD-Access
GUI approach provides automation &
assurance of all Fabric configuration,
management and group-based policy
DNA Center integrates multiple
systems, to orchestrate your LAN,
Wireless LAN and WAN access
Campus
Fabric
ISEPI
NCP
ISENDP
DNA Center
B
C
B
© 2018 Cisco and/or its affiliates. All rights reserved.
Assure
15
Assure
15
© 2018 Cisco and/or its affiliates. All rights reserved. 16
© 2018 Cisco and/or its affiliates. All rights reserved.
Assure
17
Assure
17
© 2018 Cisco and/or its affiliates. All rights reserved. 18
© 2018 Cisco and/or its affiliates. All rights reserved.
A Fabricis an Overlay
An Overlay network is a logical topologyused to virtually connect devices,
built on top of a simple physical Underlay network.
An Overlay network often uses alternate forwarding attributes to provide
additional services, not provided by the Underlay.
•GRE / mGRE
•MPLS / VPLS
•IPSec/ DMVPN
•CAPWAP
•LISP
•OTV
•DFA
•ACI
Examples of Network Overlays
SD-Access
What exactly is a Fabric?
19
A Fabricis an Overlay
An Overlay network is a logical topologyused to virtually connect devices,
built on top of a simple physical Underlay network.
An Overlay network often uses alternate forwarding attributes to provide
additional services, not provided by the Underlay.
•GRE / mGRE
•MPLS / VPLS
•IPSec/ DMVPN
•CAPWAP
•LISP
•OTV
•DFA
•ACI
Examples of Network Overlays
SD-Access
What exactly is a Fabric?
19
© 2018 Cisco and/or its affiliates. All rights reserved.
SD-Access
Fabric Terminology
Overlay Control Plane
Underlay Control PlaneUnderlay Network
Hosts
(End-Points)
Edge DeviceEdge Device
Overlay Network
Encapsulation
20
SD-Access
Fabric Terminology
Overlay Control Plane
Underlay Control PlaneUnderlay Network
Hosts
(End-Points)
Edge DeviceEdge Device
Overlay Network
Encapsulation
20
© 2018 Cisco and/or its affiliates. All rights reserved.
You can reuse your existing IP network
as the Fabric Underlay!
•Key Requirements
•IP reachfrom Edge to Edge/Border/CP
•Can be L2 or L3 –We recommend L3
•Can be any IGP–We recommend ISIS
•Key Considerations
•MTU (Fabric Header adds 50B)
•Latency (max RTT =/< 100ms)
Manual Underlay
Prescriptive fully automated Global
and IP Underlay Provisioning!
•Key Requirements
•Leverages standard PNP for Bootstrap
•Assumes New / Erased Configuration
•Uses a Global “Underlay” Address Pool
•Key Considerations
•PNP pre-setup is required
•100% Prescriptive (No Custom)
Automated Underlay
Underlay Network
SD-Access
Manual vs. Automated Underlay
21
You can reuse your existing IP network
as the Fabric Underlay!
•Key Requirements
•IP reachfrom Edge to Edge/Border/CP
•Can be L2 or L3 –We recommend L3
•Can be any IGP–We recommend ISIS
•Key Considerations
•MTU (Fabric Header adds 50B)
•Latency (max RTT =/< 100ms)
Manual Underlay
Prescriptive fully automated Global
and IP Underlay Provisioning!
•Key Requirements
•Leverages standard PNP for Bootstrap
•Assumes New / Erased Configuration
•Uses a Global “Underlay” Address Pool
•Key Considerations
•PNP pre-setup is required
•100% Prescriptive (No Custom)
Automated Underlay
Underlay Network
SD-Access
Manual vs. Automated Underlay
21
© 2018 Cisco and/or its affiliates. All rights reserved.
SD-Access
Campus Fabric -Key Components
1.Control-Plane basedon LISP
2.Data-Plane basedon VXLAN
3.Policy-Plane basedon CTS
Key Differences
•L2 + L3 Overlay -vs-L2 or L3 Only
•Host Mobility with AnycastGateway
•Adds VRF + SGT into Data-Plane
•Virtual Tunnel Endpoints (Automatic)
•NO Topology Limitations (Basic IP)
22
CBB
SD-Access
Campus Fabric -Key Components
1.Control-Plane basedon LISP
2.Data-Plane basedon VXLAN
3.Policy-Plane basedon CTS
Key Differences
•L2 + L3 Overlay -vs-L2 or L3 Only
•Host Mobility with AnycastGateway
•Adds VRF + SGT into Data-Plane
•Virtual Tunnel Endpoints (Automatic)
•NO Topology Limitations (Basic IP)
22
CBB
© 2018 Cisco and/or its affiliates. All rights reserved.
SD-Access Fabric
Campus Fabric -Key Components -LISP
Endpoint
Routes are
Consolidated
to LISP DB
Topology + Endpoint Routes
BEFORE
IP Address = Location + Identity
Prefix Next-hop
189.16.17.89 …......171.68.226.12022.78.190.64 ….....171.68.226.121
172.16.19.90 ….....171.68.226.120
192.58.28.128 …....171.68.228.121
189.16.17.89 …....171.68.226.120
22.78.190.64 ….....171.68.226.121172.16.19.90 …......171.68.226.120
192.58.28.128 ….....171.68.228.121
189.16.17.89 …....171.68.226.120
22.78.190.64 ….....171.68.226.121
172.16.19.90 …......171.68.226.120192.58.28.128 ….....171.68.228.121
189.16.17.89 ….....171.68.226.120
22.78.190.64 …......171.68.226.121
172.16.19.90 ….....171.68.226.120
192.58.28.128 ….....171.68.228.121
Prefix Next-hop
189.16.17.89 ….....171.68.226.120
22.78.190.64 ….....171.68.226.121172.16.19.90 ….....171.68.226.120
192.58.28.128 …....171.68.228.121
189.16.17.89 …....171.68.226.120
22.78.190.64 ….....171.68.226.121
172.16.19.90 …......171.68.226.120192.58.28.128 ….....171.68.228.121
189.16.17.89 …....171.68.226.120
22.78.190.64 ….....171.68.226.121
172.16.19.90 …......171.68.226.120
192.58.28.128 ….....171.68.228.121189.16.17.89 ….....171.68.226.120
22.78.190.64 …......171.68.226.121
172.16.19.90 ….....171.68.226.120
192.58.28.128 ….....171.68.228.121
Prefix Next-hop
189.16.17.89 ….....171.68.226.12022.78.190.64 ….....171.68.226.121172.16.19.90 ….....171.68.226.120
192.58.28.128 …....171.68.228.121189.16.17.89 …....171.68.226.120
22.78.190.64 ….....171.68.226.121172.16.19.90 …......171.68.226.120192.58.28.128 ….....171.68.228.121
189.16.17.89 …....171.68.226.12022.78.190.64 ….....171.68.226.121
172.16.19.90 …......171.68.226.120192.58.28.128 …......171.68.228.121189.16.17.89 ….....171.68.226.120
22.78.190.64 …......171.68.226.121172.16.19.90 ….....171.68.226.120
192.58.28.128 ….....171.68.228.121
Routing Protocols = Big Tables & More CPU
with Local L3 Gateway
Host
Mobility
Mapping
Database
Only Local Routes
Prefix RLOC
192.58.28.128 ….....171.68.228.121
189.16.17.89 ….....171.68.226.12022.78.190.64 ….....171.68.226.121
172.16.19.90 ….....171.68.226.120
192.58.28.128 ….....171.68.228.121
192.58.28.128 ….....171.68.228.121
189.16.17.89 ….....171.68.226.12022.78.190.64 ….....171.68.226.121
172.16.19.90 ….....171.68.226.120
192.58.28.128 ….....171.68.228.121
Prefix Next-hop
189.16.17.89 ….....171.68.226.120
22.78.190.64 ….....171.68.226.121172.16.19.90 ….....171.68.226.120
192.58.28.128 …....171.68.228.121
Prefix Next-hop
189.16.17.89 ….....171.68.226.120
22.78.190.64 ….....171.68.226.121172.16.19.90 ….....171.68.226.120
192.58.28.128 …....171.68.228.121
Prefix Next-hop
189.16.17.89 ….....171.68.226.12022.78.190.64 ….....171.68.226.121172.16.19.90 ….....171.68.226.120
192.58.28.128 …....171.68.228.121
AFTER
Separate Identity from Location
Topology Routes
Endpoint Routes
LISP DB + Cache = Small Tables & Less CPU
with Anycast L3 Gateway
1.Control-Planebased on LISP
23
SD-Access Fabric
Campus Fabric -Key Components -LISP
Endpoint
Routes are
Consolidated
to LISP DB
Topology + Endpoint Routes
BEFORE
IP Address = Location + Identity
Prefix Next-hop
189.16.17.89 …......171.68.226.12022.78.190.64 ….....171.68.226.121
172.16.19.90 ….....171.68.226.120
192.58.28.128 …....171.68.228.121
189.16.17.89 …....171.68.226.120
22.78.190.64 ….....171.68.226.121172.16.19.90 …......171.68.226.120
192.58.28.128 ….....171.68.228.121
189.16.17.89 …....171.68.226.120
22.78.190.64 ….....171.68.226.121
172.16.19.90 …......171.68.226.120192.58.28.128 ….....171.68.228.121
189.16.17.89 ….....171.68.226.120
22.78.190.64 …......171.68.226.121
172.16.19.90 ….....171.68.226.120
192.58.28.128 ….....171.68.228.121
Prefix Next-hop
189.16.17.89 ….....171.68.226.120
22.78.190.64 ….....171.68.226.121172.16.19.90 ….....171.68.226.120
192.58.28.128 …....171.68.228.121
189.16.17.89 …....171.68.226.120
22.78.190.64 ….....171.68.226.121
172.16.19.90 …......171.68.226.120192.58.28.128 ….....171.68.228.121
189.16.17.89 …....171.68.226.120
22.78.190.64 ….....171.68.226.121
172.16.19.90 …......171.68.226.120
192.58.28.128 ….....171.68.228.121189.16.17.89 ….....171.68.226.120
22.78.190.64 …......171.68.226.121
172.16.19.90 ….....171.68.226.120
192.58.28.128 ….....171.68.228.121
Prefix Next-hop
189.16.17.89 ….....171.68.226.12022.78.190.64 ….....171.68.226.121172.16.19.90 ….....171.68.226.120
192.58.28.128 …....171.68.228.121189.16.17.89 …....171.68.226.120
22.78.190.64 ….....171.68.226.121172.16.19.90 …......171.68.226.120192.58.28.128 ….....171.68.228.121
189.16.17.89 …....171.68.226.12022.78.190.64 ….....171.68.226.121
172.16.19.90 …......171.68.226.120192.58.28.128 …......171.68.228.121189.16.17.89 ….....171.68.226.120
22.78.190.64 …......171.68.226.121172.16.19.90 ….....171.68.226.120
192.58.28.128 ….....171.68.228.121
Routing Protocols = Big Tables & More CPU
with Local L3 Gateway
Host
Mobility
Mapping
Database
Only Local Routes
Prefix RLOC
192.58.28.128 ….....171.68.228.121
189.16.17.89 ….....171.68.226.12022.78.190.64 ….....171.68.226.121
172.16.19.90 ….....171.68.226.120
192.58.28.128 ….....171.68.228.121
192.58.28.128 ….....171.68.228.121
189.16.17.89 ….....171.68.226.12022.78.190.64 ….....171.68.226.121
172.16.19.90 ….....171.68.226.120
192.58.28.128 ….....171.68.228.121
Prefix Next-hop
189.16.17.89 ….....171.68.226.120
22.78.190.64 ….....171.68.226.121172.16.19.90 ….....171.68.226.120
192.58.28.128 …....171.68.228.121
Prefix Next-hop
189.16.17.89 ….....171.68.226.120
22.78.190.64 ….....171.68.226.121172.16.19.90 ….....171.68.226.120
192.58.28.128 …....171.68.228.121
Prefix Next-hop
189.16.17.89 ….....171.68.226.12022.78.190.64 ….....171.68.226.121172.16.19.90 ….....171.68.226.120
192.58.28.128 …....171.68.228.121
AFTER
Separate Identity from Location
Topology Routes
Endpoint Routes
LISP DB + Cache = Small Tables & Less CPU
with Anycast L3 Gateway
1.Control-Planebased on LISP
23
© 2018 Cisco and/or its affiliates. All rights reserved.
SD-Access Fabric
Key Components –VXLAN
ORIGINAL
PACKETPAYLOADETHERNETIP
PACKET IN
LISPPAYLOADIPLISPUDPIPETHERNET
PAYLOADETHERNETIPVXLANUDPIPETHERNET PACKET IN
VXLAN
Supports L2
& L3 Overlay
Supports L3
Overlay Only
1.Control-Plane based on LISP
2.Data-Plane based on VXLAN
24
SD-Access Fabric
Key Components –VXLAN
ORIGINAL
PACKETPAYLOADETHERNETIP
PACKET IN
LISPPAYLOADIPLISPUDPIPETHERNET
PAYLOADETHERNETIPVXLANUDPIPETHERNET PACKET IN
VXLAN
Supports L2
& L3 Overlay
Supports L3
Overlay Only
1.Control-Plane based on LISP
2.Data-Plane based on VXLAN
24
© 2018 Cisco and/or its affiliates. All rights reserved.
PAYLOADETHERNETIPVXLANUDPIPETHERNET
SD-Access Fabric
Key Components –CTS
VRF + SGT
1.Control-Plane based on LISP
2.Data-Plane based on VXLAN
3.Policy-Plane based on CTS
25
Virtual Routing & Forwarding
Scalable Group Tagging
PAYLOADETHERNETIPVXLANUDPIPETHERNET
SD-Access Fabric
Key Components –CTS
VRF + SGT
1.Control-Plane based on LISP
2.Data-Plane based on VXLAN
3.Policy-Plane based on CTS
25
Virtual Routing & Forwarding
Scalable Group Tagging
© 2018 Cisco and/or its affiliates. All rights reserved.
Key Concepts
What is SD-Access?
1.High-Level View
2.Roles & Platforms
3.Fabric Constructs
Key Concepts
What is SD-Access?
1.High-Level View
2.Roles & Platforms
3.Fabric Constructs
© 2018 Cisco and/or its affiliates. All rights reserved.
SD-Access
Fabric Roles & Terminology
27
NCP
ISENDP
§Control-Plane Nodes –Map System that
manages Endpoint to Device relationships
§Fabric Edge Nodes –A Fabric device
(e.g. Access or Distribution) that connects
Wired Endpoints to the SDA Fabric
§Identity Services –NAC & ID Systems
(e.g. ISE) for dynamic Endpoint to Group
mapping and Policy definition
§Fabric Border Nodes –A Fabric device
(e.g. Core) that connects External L3
network(s) to the SDA Fabric
Identity
Services
Intermediate
Nodes (Underlay)
Fabric Border
Nodes
Fabric Edge
Nodes
§DNA Center –provides simple GUI
management and intent based automation
(e.g. NCP) and context sharing
DNA
Center
§Analytics Engine –Data Collectors
(e.g. NDP) analyze Endpoint to App flows
and monitor fabric status
Analytics
Engine
Control-Plane
Nodes
§Fabric Wireless Controller –A Fabric device
(WLC) that connects APs and Wireless
Endpoints to the SDA Fabric
Fabric Wireless
Controller
Campus
Fabric
B
C
B
SD-Access
Fabric Roles & Terminology
27
NCP
ISENDP
§Control-Plane Nodes –Map System that
manages Endpoint to Device relationships
§Fabric Edge Nodes –A Fabric device
(e.g. Access or Distribution) that connects
Wired Endpoints to the SDA Fabric
§Identity Services –NAC & ID Systems
(e.g. ISE) for dynamic Endpoint to Group
mapping and Policy definition
§Fabric Border Nodes –A Fabric device
(e.g. Core) that connects External L3
network(s) to the SDA Fabric
Identity
Services
Intermediate
Nodes (Underlay)
Fabric Border
Nodes
Fabric Edge
Nodes
§DNA Center –provides simple GUI
management and intent based automation
(e.g. NCP) and context sharing
DNA
Center
§Analytics Engine –Data Collectors
(e.g. NDP) analyze Endpoint to App flows
and monitor fabric status
Analytics
Engine
Control-Plane
Nodes
§Fabric Wireless Controller –A Fabric device
(WLC) that connects APs and Wireless
Endpoints to the SDA Fabric
Fabric Wireless
Controller
Campus
Fabric
B
C
B
© 2018 Cisco and/or its affiliates. All rights reserved.
Control-Plane Node runs a Host Tracking Database to map location information
SD-Access Fabric
Control-Plane Nodes –A Closer Look
Unknown
Networks
Known
Networks
•A simple Host Database that maps Endpoint IDs to
a current Location, along with other attributes
•Host Database supports multiple types of Endpoint
ID lookup types (IPv4, IPv6 or MAC)
•Receives Endpoint ID map registrations from Edge
and/or Border Nodes for “known” IP prefixes
•Resolves lookup requests from Edge and/or Border
Nodes, to locate destination Endpoint IDs
28
B
C
B
Control-Plane Node runs a Host Tracking Database to map location information
SD-Access Fabric
Control-Plane Nodes –A Closer Look
Unknown
Networks
Known
Networks
•A simple Host Database that maps Endpoint IDs to
a current Location, along with other attributes
•Host Database supports multiple types of Endpoint
ID lookup types (IPv4, IPv6 or MAC)
•Receives Endpoint ID map registrations from Edge
and/or Border Nodes for “known” IP prefixes
•Resolves lookup requests from Edge and/or Border
Nodes, to locate destination Endpoint IDs
28
B
C
B
© 2018 Cisco and/or its affiliates. All rights reserved.
Edge Nodeprovides first-hop services for Users / Devices connected to a Fabric
SD-Access Fabric
Edge Nodes –A Closer Look
Unknown
Networks
Known
Networks
•Responsible for Identifying and Authenticating
Endpoints (e.g. Static, 802.1X, Active Directory)
•Register specific Endpoint ID info (e.g. /32 or /128)
with the Control-Plane Node(s)
•Provide an Anycast L3 Gateway for the connected
Endpoints (same IP address on all Edge nodes)
•Performs encapsulation / de-encapsulation of data
traffic to and from all connected Endpoints
30
B
C
B
Edge Nodeprovides first-hop services for Users / Devices connected to a Fabric
SD-Access Fabric
Edge Nodes –A Closer Look
Unknown
Networks
Known
Networks
•Responsible for Identifying and Authenticating
Endpoints (e.g. Static, 802.1X, Active Directory)
•Register specific Endpoint ID info (e.g. /32 or /128)
with the Control-Plane Node(s)
•Provide an Anycast L3 Gateway for the connected
Endpoints (same IP address on all Edge nodes)
•Performs encapsulation / de-encapsulation of data
traffic to and from all connected Endpoints
30
B
C
B
© 2018 Cisco and/or its affiliates. All rights reserved.
SD-Access Fabric
Border Nodes –A Closer Look
Unknown
Networks
Known
Networks
32
B
C
B
Border Nodeis an Entry & Exit point for data traffic going Into & Out of a Fabric
There are 2 Types of Border Node!
•Internal Border
•Used for “Known” Routes inside your company
•External Border (or Default)
•Used for “Unknown” Routes outside your company
SD-Access Fabric
Border Nodes –A Closer Look
Unknown
Networks
Known
Networks
32
B
C
B
Border Nodeis an Entry & Exit point for data traffic going Into & Out of a Fabric
There are 2 Types of Border Node!
•Internal Border
•Used for “Known” Routes inside your company
•External Border (or Default)
•Used for “Unknown” Routes outside your company
© 2018 Cisco and/or its affiliates. All rights reserved.
Fabric Enabled WLC is integrated into Fabric for SDA Wireless clients
SD-Access Fabric
Fabric Enabled Wireless –A Closer Look
Unknown
Networks
Known
Networks
•Connects to Fabric via Border (Underlay)
•Fabric Enabled APs connect to the WLC (CAPWAP)
using a dedicated Host Pool (Overlay)
•Fabric Enabled APs connect to the Edge via VXLAN
•Wireless Clients (SSIDs) use regular Host Pools for
data traffic and policy (same as Wired)
•Fabric Enabled WLC registers Clients with the
Control-Plane (as located on local Edge + AP)
Data: VXLAN
Ctrl: CAPWAP
36
B
C
B
Fabric Enabled WLC is integrated into Fabric for SDA Wireless clients
SD-Access Fabric
Fabric Enabled Wireless –A Closer Look
Unknown
Networks
Known
Networks
•Connects to Fabric via Border (Underlay)
•Fabric Enabled APs connect to the WLC (CAPWAP)
using a dedicated Host Pool (Overlay)
•Fabric Enabled APs connect to the Edge via VXLAN
•Wireless Clients (SSIDs) use regular Host Pools for
data traffic and policy (same as Wired)
•Fabric Enabled WLC registers Clients with the
Control-Plane (as located on local Edge + AP)
Data: VXLAN
Ctrl: CAPWAP
36
B
C
B
© 2018 Cisco and/or its affiliates. All rights reserved.
Key Concepts
What is SD-Access?
1.High-Level View
2.Roles & Platforms
3.Fabric Constructs
Key Concepts
What is SD-Access?
1.High-Level View
2.Roles & Platforms
3.Fabric Constructs
© 2018 Cisco and/or its affiliates. All rights reserved.
SD-Access Fabric
Virtual Network–A Closer Look
Virtual Network maintains a separate Routing & Switching table for each instance
•Control-Plane uses Instance ID to maintain separate
VRF topologies (“Default” VRF is Instance ID “4098”)
•Nodes add a VNID to the Fabric encapsulation
•Endpoint ID prefixes (Host Pools) are routed and
advertised within a Virtual Network
•Uses standard “vrf definition” configuration, along
with RD & RT for remote advertisement (Border Node)
VN
Campus
VN
IOT
VN
Guest
39
Unknown
Networks
Known
Networks
B
C
B
SD-Access Fabric
Virtual Network–A Closer Look
Virtual Network maintains a separate Routing & Switching table for each instance
•Control-Plane uses Instance ID to maintain separate
VRF topologies (“Default” VRF is Instance ID “4098”)
•Nodes add a VNID to the Fabric encapsulation
•Endpoint ID prefixes (Host Pools) are routed and
advertised within a Virtual Network
•Uses standard “vrf definition” configuration, along
with RD & RT for remote advertisement (Border Node)
VN
Campus
VN
IOT
VN
Guest
39
Unknown
Networks
Known
Networks
B
C
B
© 2018 Cisco and/or its affiliates. All rights reserved.
SD-Access Fabric
Scalable Groups –A Closer Look
Scalable Group is a logical policy object to “group” Users and/or Devices
•Nodes use “Scalable Groups” to ID and assign a
unique Scalable Group Tag (SGT) to Endpoints
•Nodes add a SGT to the Fabric encapsulation
•SGTs are used to manage address-independent
“Group-Based Policies”
•Edge or Border Nodes use SGT to enforce local
Scalable Group ACLs (SGACLs)
40
Unknown
Networks
Known
Networks
B
C
B
SGT
17
SGT
3SGT
23
SGT
4SGT
8
SGT
12
SGT
11
SGT
19
SGT
25
SD-Access Fabric
Scalable Groups –A Closer Look
Scalable Group is a logical policy object to “group” Users and/or Devices
•Nodes use “Scalable Groups” to ID and assign a
unique Scalable Group Tag (SGT) to Endpoints
•Nodes add a SGT to the Fabric encapsulation
•SGTs are used to manage address-independent
“Group-Based Policies”
•Edge or Border Nodes use SGT to enforce local
Scalable Group ACLs (SGACLs)
40
Unknown
Networks
Known
Networks
B
C
B
SGT
17
SGT
3SGT
23
SGT
4SGT
8
SGT
12
SGT
11
SGT
19
SGT
25
© 2018 Cisco and/or its affiliates. All rights reserved.
SD-Access Fabric
Host Pools –A Closer Look
Host Pool provides basic IP functions necessary for attached Endpoints
•Edge Nodes use a Switch Virtual Interface (SVI),
with IP Address /Mask, etc. per Host Pool
•Fabric uses Dynamic EID mapping to advertise each
Host Pool (per Instance ID)
•Fabric Dynamic EID allows Host-specific (/32, /128
or MAC) advertisement and mobility
•Host Pools can be assigned Dynamically (via Host
Authentication) and/or Statically (per port)
41
Unknown
Networks
Known
Networks
B
C
B
Pool
.17
Pool
.13Pool
.23
Pool
.4Pool
.8
Pool
.12
Pool
.11
Pool
.19
Pool
.25
SD-Access Fabric
Host Pools –A Closer Look
Host Pool provides basic IP functions necessary for attached Endpoints
•Edge Nodes use a Switch Virtual Interface (SVI),
with IP Address /Mask, etc. per Host Pool
•Fabric uses Dynamic EID mapping to advertise each
Host Pool (per Instance ID)
•Fabric Dynamic EID allows Host-specific (/32, /128
or MAC) advertisement and mobility
•Host Pools can be assigned Dynamically (via Host
Authentication) and/or Statically (per port)
41
Unknown
Networks
Known
Networks
B
C
B
Pool
.17
Pool
.13Pool
.23
Pool
.4Pool
.8
Pool
.12
Pool
.11
Pool
.19
Pool
.25
© 2018 Cisco and/or its affiliates. All rights reserved.
AnycastGW provides a single L3 Default Gateway for IP capable endpoints
SD-Access Fabric
Anycast Gateway–A Closer Look
•Similar principle and behavior as HSRP / VRRP with
a shared “Virtual” IP and MAC address
•The same Switch Virtual Interface (SVI) is present
on EVERY Edge, with the same Virtual IP and MAC
•Control-Plane with Fabric Dynamic EID mapping
maintains the Host to Edge relationship
•When a Host moves from Edge 1 to Edge 2, it does
not need to change it’s Default Gateway J
GWGWGW
42
Unknown
Networks
Known
Networks
B
C
B
GWGW
AnycastGW provides a single L3 Default Gateway for IP capable endpoints
SD-Access Fabric
Anycast Gateway–A Closer Look
•Similar principle and behavior as HSRP / VRRP with
a shared “Virtual” IP and MAC address
•The same Switch Virtual Interface (SVI) is present
on EVERY Edge, with the same Virtual IP and MAC
•Control-Plane with Fabric Dynamic EID mapping
maintains the Host to Edge relationship
•When a Host moves from Edge 1 to Edge 2, it does
not need to change it’s Default Gateway J
GWGWGW
42
Unknown
Networks
Known
Networks
B
C
B
GWGW
© 2018 Cisco and/or its affiliates. All rights reserved.
Stretched Subnets allow an IP subnet to be “stretched” via the Overlay
SD-Access Fabric
Layer 3 Overlay –A Closer Look
•Host IP based traffic arrives on the local Fabric Edge
SVI, and is then transferred by Fabric
•Fabric Dynamic EID mapping allows Host-specific
(/32, /128, MAC) advertisement and mobility
•Host 1 connected to Edge A can now use the same
IP subnet to communicate with Host 2 on Edge B
•No longer need a VLAN to connect Host 1 and 2 J
Dynamic
EID
43
Unknown
Networks
Known
Networks
B
C
B
GWGWGWGWGW
Stretched Subnets allow an IP subnet to be “stretched” via the Overlay
SD-Access Fabric
Layer 3 Overlay –A Closer Look
•Host IP based traffic arrives on the local Fabric Edge
SVI, and is then transferred by Fabric
•Fabric Dynamic EID mapping allows Host-specific
(/32, /128, MAC) advertisement and mobility
•Host 1 connected to Edge A can now use the same
IP subnet to communicate with Host 2 on Edge B
•No longer need a VLAN to connect Host 1 and 2 J
Dynamic
EID
43
Unknown
Networks
Known
Networks
B
C
B
GWGWGWGWGW
© 2018 Cisco and/or its affiliates. All rights reserved.
Layer 2 Overlay allows Non-IP endpoints to use Broadcast & L2 Multicast
SD-Access Fabric
Layer 2 Overlay –A Closer Look
•Similar principle and behavior as Virtual Private LAN
Services (VPLS) P2MP Overlay
•Uses a pre-built Multicast Underlay to setup a P2MP
tunnel between all Fabric Nodes.
•L2 Broadcast and Multicast traffic will be distributed
to all connected Fabric Nodes.
•Can be enabled for specific Host Pools that require
L2 services (use Stretched Subnets for L3)
VLANVLANVLAN
L2
Overlay
44
Unknown
Networks
Known
Networks
B
C
B
NOTE: L3 Integrated Routing and Bridging (IRB) is not support at this time.
Layer 2 Overlay allows Non-IP endpoints to use Broadcast & L2 Multicast
SD-Access Fabric
Layer 2 Overlay –A Closer Look
•Similar principle and behavior as Virtual Private LAN
Services (VPLS) P2MP Overlay
•Uses a pre-built Multicast Underlay to setup a P2MP
tunnel between all Fabric Nodes.
•L2 Broadcast and Multicast traffic will be distributed
to all connected Fabric Nodes.
•Can be enabled for specific Host Pools that require
L2 services (use Stretched Subnets for L3)
VLANVLANVLAN
L2
Overlay
44
Unknown
Networks
Known
Networks
B
C
B
NOTE: L3 Integrated Routing and Bridging (IRB) is not support at this time.
© 2018 Cisco and/or its affiliates. All rights reserved.
What’s new?
SDA Roadmap
45
What’s new?
SDA Roadmap
45
© 2018 Cisco and/or its affiliates. All rights reserved.
SD-Access Roadmap
SDA 1.1
December’17SDA 1.2
May’18
•Identity-based
Policy & Segmentation
•Automated Network Fabric
•Fabric-Enabled Wireless
DNA Center 1.1/1.1.1, ISE 2.3,
IOS-XE 16.6, AireOS8.5
DNA Center 1.2, ISE 2.4,
IOS-XE 16.8. AireOS8.7
•Wireless Assurance (DNAC 1.1.1)
•Network Health Monitoring
•SD-Access for Distributed Campus
(Beta)
•SD-Access Extension for IoT (Beta)
•IBNS 2.0
•Usability Enhancements
•Fabric Enabled Wireless
Enhancements
SDA 1.2.5/6
October’18
DNA Center 1.2, ISE 2.4,
IOS-XE 16.9. AireOS8.8
•SD-Access for Distributed Campus
(FCS)
•Layer 2 Flooding
•Layer 2 Hand off for Migration
purposes
•Native Multicast
•Fabric in a Box
•LAN Automation & Host On-
boarding Enhancements
•Fabric Control Plane Resiliency (six
control plane nodes)
•DNAC CLI Templates
SD-Access Roadmap
SDA 1.1
December’17SDA 1.2
May’18
•Identity-based
Policy & Segmentation
•Automated Network Fabric
•Fabric-Enabled Wireless
DNA Center 1.1/1.1.1, ISE 2.3,
IOS-XE 16.6, AireOS8.5
DNA Center 1.2, ISE 2.4,
IOS-XE 16.8. AireOS8.7
•Wireless Assurance (DNAC 1.1.1)
•Network Health Monitoring
•SD-Access for Distributed Campus
(Beta)
•SD-Access Extension for IoT (Beta)
•IBNS 2.0
•Usability Enhancements
•Fabric Enabled Wireless
Enhancements
SDA 1.2.5/6
October’18
DNA Center 1.2, ISE 2.4,
IOS-XE 16.9. AireOS8.8
•SD-Access for Distributed Campus
(FCS)
•Layer 2 Flooding
•Layer 2 Hand off for Migration
purposes
•Native Multicast
•Fabric in a Box
•LAN Automation & Host On-
boarding Enhancements
•Fabric Control Plane Resiliency (six
control plane nodes)
•DNAC CLI Templates
© 2018 Cisco and/or its affiliates. All rights reserved.
SD-Access forDistributed Campus
Connecting Multiple Fabric Sites
47
SD-Access forDistributed Campus
Connecting Multiple Fabric Sites
47
© 2018 Cisco and/or its affiliates. All rights reserved.
Fabric Sites & Domains
Connecting Multiple Fabrics
?
VRF-LITE
MPLS
Fabric
Site 2
B
C
B
*New in SDA 1.2
Fabric
Site 1
B
C
B
SD-Access*
First, you build a
single Fabric Site
Later, you build
another Fabric Site
How do you connect them together?
Metro Area
48
Fabric Sites & Domains
Connecting Multiple Fabrics
?
VRF-LITE
MPLS
Fabric
Site 2
B
C
B
*New in SDA 1.2
Fabric
Site 1
B
C
B
SD-Access*
First, you build a
single Fabric Site
Later, you build
another Fabric Site
How do you connect them together?
Metro Area
48
© 2018 Cisco and/or its affiliates. All rights reserved.
Inter-Connecting Fabric Sites
Multiple Fabric Domains with VRF-LITE Transit
Fabric
Site 2
B
C
B
Fabric
Site 1
B
C
B
VRF-LITE
SXP + ISESGT SGT
1
POLICY-PLANE
MP-BGPLISP LISP1 CONTROL-PLANE
VRF-LITEVXLAN VXLAN1 DATA-PLANE
SXP
SDA 1.0 -1.1
49
Inter-Connecting Fabric Sites
Multiple Fabric Domains with VRF-LITE Transit
Fabric
Site 2
B
C
B
Fabric
Site 1
B
C
B
VRF-LITE
SXP + ISESGT SGT
1
POLICY-PLANE
MP-BGPLISP LISP1 CONTROL-PLANE
VRF-LITEVXLAN VXLAN1 DATA-PLANE
SXP
SDA 1.0 -1.1
49
© 2018 Cisco and/or its affiliates. All rights reserved.
üAutomated Inter-Site Connectivity
üConsistent Enterprise-Wide Policy
üEnhanced Resiliency & Local Isolation
üDirect Internet Access per Site
§Individual Fabric Sites contain local Border
and Control Planes nodes
§Local Border nodes can hand-off to an
IP-based WAN or an SD-Access Transit
§Transit has a unique Control Plane node,
to connect local and remote Sites
§Transit does not have Fabric Edge nodes
Fabric Site 1
Fabric Site 2
Fabric Site 3
Transit
B
C
B
C
BBC
C
BB
Introducing Distributed Campus
Enhanced Resiliency and Scale for Large Deployments
50
üAutomated Inter-Site Connectivity
üConsistent Enterprise-Wide Policy
üEnhanced Resiliency & Local Isolation
üDirect Internet Access per Site
§Individual Fabric Sites contain local Border
and Control Planes nodes
§Local Border nodes can hand-off to an
IP-based WAN or an SD-Access Transit
§Transit has a unique Control Plane node,
to connect local and remote Sites
§Transit does not have Fabric Edge nodes
Fabric Site 1
Fabric Site 2
Fabric Site 3
Transit
B
C
B
C
BBC
C
BB
Introducing Distributed Campus
Enhanced Resiliency and Scale for Large Deployments
50
© 2018 Cisco and/or its affiliates. All rights reserved.
SDA
Inter-Connecting Fabric Sites
Multiple Fabric Domains with Native SDA Transit
Fabric
Site 2
B
C
B
Fabric
Site 1
B
C
B
LISPLISP LISP1 CONTROL PLANE
VXLAN-GPOVXLAN-GPO VXLAN-GPO1 DATA + POLICY PLANE
New in SDA 1.2
DNA Center
51
C
SDA
Inter-Connecting Fabric Sites
Multiple Fabric Domains with Native SDA Transit
Fabric
Site 2
B
C
B
Fabric
Site 1
B
C
B
LISPLISP LISP1 CONTROL PLANE
VXLAN-GPOVXLAN-GPO VXLAN-GPO1 DATA + POLICY PLANE
New in SDA 1.2
DNA Center
51
C
© 2018 Cisco and/or its affiliates. All rights reserved.
C
DNA Center
Surveillance Camera
Virtual Network
Outdoor Wireless
Virtual Network
Fabric Extended
Nodes
DUALMEDIA
CONSOLE
COMIN2REFIN1
EXPRESSSETUP-DC-A+!+ 12-54V3.4-3.0A-DC-B+
OUTIN2IN1SYSEXPUSB
ALARMSD CARD
SPEEDDUPLEXPoESYNCEHSR/PRPDISPLAYMODE1234
23
1
4
13141516
17181920
X
5678
9101112
X
SD-Access Capabilities
•Easy automated Device install and setup
•Stretched subnets for ease of endpoint connections
•Workflow based policy automation
•Segment Applications with separate Virtual Networks
DNA Center Solution Benefits
•Single pane of glass for management
•Inventory, Topology, Image management
•Automate Day 1 Installation
•Network Assurance –Device 360
SD-Access Extension
Key Benefits for IoTand Business
BB
56
New in SDA 1.2
C
DNA Center
Surveillance Camera
Virtual Network
Outdoor Wireless
Virtual Network
Fabric Extended
Nodes
DUALMEDIA
CONSOLE
COMIN2REFIN1
EXPRESSSETUP-DC-A+!+ 12-54V3.4-3.0A-DC-B+
OUTIN2IN1SYSEXPUSB
ALARMSD CARD
SPEEDDUPLEXPoESYNCEHSR/PRPDISPLAYMODE1234
23
1
4
13141516
17181920
X
5678
9101112
X
SD-Access Capabilities
•Easy automated Device install and setup
•Stretched subnets for ease of endpoint connections
•Workflow based policy automation
•Segment Applications with separate Virtual Networks
DNA Center Solution Benefits
•Single pane of glass for management
•Inventory, Topology, Image management
•Automate Day 1 Installation
•Network Assurance –Device 360
SD-Access Extension
Key Benefits for IoTand Business
BB
56
New in SDA 1.2
© 2018 Cisco and/or its affiliates. All rights reserved.
•Extended node connects to a singleEdge node
using an 802.1Q Trunk port (single or multiple
VLANs) using static assignment
•Switchportson the Extended node can then be
statically assigned to an appropriate IP Pool
(in DNA Center)
•SGT tagging (or mapping) is accomplished by
Pool to Group mapping (in DNA Center) on the
connected Edge node
•Traffic policy enforcement based on SGTs
(SGACLs) is performed at the Edge node
Fabric
Site
B
C
B
Fabric Edge *
AP
VXLAN
Extended
Node
SD-Access Extended Node
Point-to-Point Connections
57
New in SDA 1.2
* C9K Edge Only
•Extended node connects to a singleEdge node
using an 802.1Q Trunk port (single or multiple
VLANs) using static assignment
•Switchportson the Extended node can then be
statically assigned to an appropriate IP Pool
(in DNA Center)
•SGT tagging (or mapping) is accomplished by
Pool to Group mapping (in DNA Center) on the
connected Edge node
•Traffic policy enforcement based on SGTs
(SGACLs) is performed at the Edge node
Fabric
Site
B
C
B
Fabric Edge *
AP
VXLAN
Extended
Node
SD-Access Extended Node
Point-to-Point Connections
57
New in SDA 1.2
* C9K Edge Only
© 2018 Cisco and/or its affiliates. All rights reserved.
Layer 2 Flooding in SD-Access
Edge
Node1
Edge
Node3
Broadcast
or Link-
Local
Multicast
traffic
Broadcast or
Link-Local
Multicast
traffic
Edge
Node2
BB
Allows Layer 2 flooding within an
IP Subnet/vlan
Silent Host Support
Broadcast , Link Local Multicast and
ARP flooding support
Layer 2
Border
Layer 2
Border
Layer 2 Flooding in SD-Access
Edge
Node1
Edge
Node3
Broadcast
or Link-
Local
Multicast
traffic
Broadcast or
Link-Local
Multicast
traffic
Edge
Node2
BB
Allows Layer 2 flooding within an
IP Subnet/vlan
Silent Host Support
Broadcast , Link Local Multicast and
ARP flooding support
Layer 2
Border
Layer 2
Border
© 2018 Cisco and/or its affiliates. All rights reserved.
SDA Fabric
B
B
Host 1
IP: 10.1.1.0/24
Host 2
IP: 10.1.1.0/24
Hosts attached to SDA Fabric
Edge nodes in Address Pool (1024)
Host 3
IP: 10.1.1.0/24
Hosts attached to traditional
Access switches in VLAN (10)
Single or
port-channel*
Trunk Port
* Dual-Homing requires
L2 MEC to prevent L2 loops
DATA-PLANE VLANVXLAN
Layer 2 Hand off for Migration in SD-Access
Layer 2
Border
SDA Fabric
B
B
Host 1
IP: 10.1.1.0/24
Host 2
IP: 10.1.1.0/24
Hosts attached to SDA Fabric
Edge nodes in Address Pool (1024)
Host 3
IP: 10.1.1.0/24
Hosts attached to traditional
Access switches in VLAN (10)
Single or
port-channel*
Trunk Port
* Dual-Homing requires
L2 MEC to prevent L2 loops
DATA-PLANE VLANVXLAN
Layer 2 Hand off for Migration in SD-Access
Layer 2
Border
© 2018 Cisco and/or its affiliates. All rights reserved.
Native Multicast in SD-Access
Significantly reduces replication
load at the Head-End
Significantly improves overall scale
and reduces latencyPIM-SSM
FB
Multicast Source
non Fabric
UnderlayOverlay
Fabric RP
B
Client 1Client 2
FE1FE2
*DNAC 1.2.6
Native Multicast in SD-Access
Significantly reduces replication
load at the Head-End
Significantly improves overall scale
and reduces latencyPIM-SSM
FB
Multicast Source
non Fabric
UnderlayOverlay
Fabric RP
B
Client 1Client 2
FE1FE2
*DNAC 1.2.6
© 2018 Cisco and/or its affiliates. All rights reserved.
Fabric in a Box in SD-Access
FE+FB+CP on C9K
Reduces the cost to deploy SDA
for “mini” sites
FABRIC IN A BOX
B
C
Fabric in a Box in SD-Access
FE+FB+CP on C9K
Reduces the cost to deploy SDA
for “mini” sites
FABRIC IN A BOX
B
C
© 2018 Cisco and/or its affiliates. All rights reserved. 62
© 2018 Cisco and/or its affiliates. All rights reserved.
Take Away
Things to Remember
Take Away
Things to Remember
© 2018 Cisco and/or its affiliates. All rights reserved.
Summary
1.Control-Planebased on LISP
2.Data-Planebased on VXLAN
3.Policy-Planebased on CTS
Key Differences
•L2 + L3 Overlay -vs-L2 or L3 Only
•Host Mobility with Anycast Gateway
•Adds VRF + SGT into Data-Plane
•Virtual Tunnel Endpoints (Automatic)
•NO Topology Limitations (Basic IP)
64
CBB
Summary
1.Control-Planebased on LISP
2.Data-Planebased on VXLAN
3.Policy-Planebased on CTS
Key Differences
•L2 + L3 Overlay -vs-L2 or L3 Only
•Host Mobility with Anycast Gateway
•Adds VRF + SGT into Data-Plane
•Virtual Tunnel Endpoints (Automatic)
•NO Topology Limitations (Basic IP)
64
CBB
© 2018 Cisco and/or its affiliates. All rights reserved.
Summary
SD-Access= Campus Fabric + DNA Center
BB
Campus
Fabric
C
65
DESIGNPROVISIONPOLICYASSURANCE
DNA Center
Simple Workflows
Summary
SD-Access= Campus Fabric + DNA Center
BB
Campus
Fabric
C
65
DESIGNPROVISIONPOLICYASSURANCE
DNA Center
Simple Workflows
© 2018 Cisco and/or its affiliates. All rights reserved.
SD-Access Support
Fabric ready platforms for your digital ready network
ASR-1000-X
ASR-1000-HX
ISR 4430
ISR 4450
WirelessRoutingSwitching
AIR-CT5520
AIR-CT8540
Wave 2 APs (1800, 2800,3800)
Wave 1 APs*(1700, 2700,3700)
Catalyst 9400
Catalyst 9300
Catalyst 4500ECatalyst 6800Nexus 7700
Catalyst 3650 and 3850
AIR-CT3504
ISRv/CSRv
* with Caveats
Extended
Cisco Digital Building
Catalyst 3560-CX
NEW
NEW
NEW
NEW
66
IE Series (4K/5K)
NEW
Catalyst 9500NEW
SD-Access Support
Fabric ready platforms for your digital ready network
ASR-1000-X
ASR-1000-HX
ISR 4430
ISR 4450
WirelessRoutingSwitching
AIR-CT5520
AIR-CT8540
Wave 2 APs (1800, 2800,3800)
Wave 1 APs*(1700, 2700,3700)
Catalyst 9400
Catalyst 9300
Catalyst 4500ECatalyst 6800Nexus 7700
Catalyst 3650 and 3850
AIR-CT3504
ISRv/CSRv
* with Caveats
Extended
Cisco Digital Building
Catalyst 3560-CX
NEW
NEW
NEW
NEW
66
IE Series (4K/5K)
NEW
Catalyst 9500NEW
© 2018 Cisco and/or its affiliates. All rights reserved.
SD-Access Resources
Would you like to know more?
cisco.com/go/cvd
•SD-Access Design Guide -Dec 2017
•SD-Access Deploy Guide -Jan 2018
cisco.com/go/dnacenter
•DNA Center At-A-Glance
•DNA Center 'How To' Video Resources
•DNA Center Data Sheet
cisco.com/go/sdaccess
•SD-Access At-A-Glance
•SD-Access Design Guide
•SD-Access FAQs
•SD-Access Migration Guide
•SD-Access Solution Data Sheet
•SD-Access Solution White Paper
74
SD-Access Resources
Would you like to know more?
cisco.com/go/cvd
•SD-Access Design Guide -Dec 2017
•SD-Access Deploy Guide -Jan 2018
cisco.com/go/dnacenter
•DNA Center At-A-Glance
•DNA Center 'How To' Video Resources
•DNA Center Data Sheet
cisco.com/go/sdaccess
•SD-Access At-A-Glance
•SD-Access Design Guide
•SD-Access FAQs
•SD-Access Migration Guide
•SD-Access Solution Data Sheet
•SD-Access Solution White Paper
74
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1,517
- Slides 57
- Favorites 1
- Age 2564 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
49 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
48 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
21
Know for Certain
DaveSinNM
23 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views