#CLMEL

How to setup SD-

Access from scratch
Ramses Smeyers, Principal Engineer
Simone Arena, Principal TME
BRKEWN-2021

#CLMEL
 Cisco Webex Teams

Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session

How
1 Open the Cisco Events Mobile App
2 Find your desired session in the “Session Scheduler”
3 Click “Join the Discussion”
4 Install Webex Teams or go directly to the team space
5 Enter messages/questions in the team space
cs.co/ciscolivebot#BRKEWN-2021

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Session objective
We are going to take all network devices (switches, routers, WLC, Cisco
DNAC, etc) and "write erase" all before your very eyes. We will then rebuild
SD-Access Fabric completely together step by step and bring it all to its fully
working state, with wired and wireless clients!
It’s all live! It’s a slide free session!

#CLMEL BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
 Getting started: Lab setup and use case
 What’s needed to build the SD-Access Fabric?
 Design the Network
 Design the Policy
 Deploy SD-Access Fabric with Wireless
 Deploy end-2-end Policy
 Key takeaways

#CLMEL BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
The setup Wireless clients

Wired clients

#CLMEL BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Building this from scratch…
WLC (.202)
Jump Host (.206)

Service block
Fusion router
172.16.201/24

Service switch
B C

Cisco DNA Center ISE (.205) DHCP/DNS/NTP (.201)

(.204)

Fabric Overlay

E E

#CLMEL BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Hospital use case
WLC (.202)
Jump Host (.206)

Deploying Policy across wired and wireless users

Service block
Fusion router
172.16.201/24

Service switch
B C

Cisco DNAC (.204) ISE (.205) DHCP/DNS/NTP (.201)

Fabric Overlay
SGT1
Doctors
E E

Nurses SGT2

Patients SGT3

#CLMEL BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Lab Pre-requisites
• Cisco DNA Center
• #4 routable IPs for DNA Centre setup: Cisco Integrated Management Controller (CIMC),
interface to Access to network devices (Enterprise interface), OOB Management. You need
also a Virtual IP address
• Monitor and keyboard for initial CIMC setup
• Internet connectivity from DNA Centre appliance, so it can reach the package catalogue server
running in the cloud (directly or through proxy);
• #2 /21 private networks for DNAC setup

• NTP server
• A NTP server is mandatory. If a server is not available, you can use a switch/router in the lab
• All devices including DNAC, ISE, WLC, etc. need to be synched to NTP

• Terminal server for CLI access to the network devices

#CLMEL BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
 1/0/23
MLOM2
Fusion 0/0/2 1/0/1 1/0/24 C240M4-01
Router
DC switch
(.199) FEX 1/17
0/0/0 1/0/21 1/0/13
DHCP (.201) UCS
Lab physical 172.16.201.x/24 NTP DNS ….

topology
VLAN 3653
1/0/3 Jump01
B C (.206)
port 1
ISE (.205)
Border

1/0/1 1/0/2
DNA Centre
WLC-01 (.202)
(.204)

1/0/1 1/0/1
E E
Software Releases

1/14 1/14 1/13 DNAC: 1.2.8

1/13
ISE 2.3 patch 3
VM A VM B Switches: 16.9.2
wired wired WLC: 8.5.141

Refer to DNA compatibility matrix

VM B VM A
Wireless Wireless

#CLMEL BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
IP pools and Virtual Networks
POOL name Subnet VRF

Overlay
User01 192.168.1.0 / 24 gw .1 Internal03
User02 192.168.2.0 / 24 gw .1 Internal03
Guest 192.168.3.0 /24 gw .1 Guest03

AP-Pool 172.16.3.0 / 24 gw .1 Global Routing Table

Underlay
Underlay_Automation 172.16.2.0 / 24 gw .1 Global Routing Table
Border_Automation 172.16.4.0 / 24 gw .1 Global Routing Table

#CLMEL BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
The secret weapon…

#CLMEL BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Let the fun begin…

#CLMEL BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Key Takeaways
#CLMEL BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Key takeaways
Software Defined Access Networking at the Speed of Software!
Cisco DNA Center SD-Access brings you…
Identity-based
Policy Automation Analytics
Policy and Segmentation
Decoupled security policy definition
from VLAN and IP Address

Automated
Network Fabric
Single Fabric for Wired and Wireless
with Workflow-based Automation

Insights
and Telemetry
Analytics and insights into
SDA-Extension user and application behaviour
User Mobility

…for both wired and wireless!!

Policy stays
with user

IoT Network Employee Network #CLMEL BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Don’t miss the SD-Access book…

It’s an e-book and you can download it from here

https://www.cisco.com/c/dam/en/us/products/se/2018/1/Collateral/software-define-access.pdf

#CLMEL BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Q&A

#CLMEL
#CLMEL BRKEWN-2021 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
 Complete Your Online Session Evaluation
• Give us your feedback and receive a
complimentary Cisco Live 2019 Power
Bank after completing the overall event
evaluation and 5 session evaluations.
• All evaluations can be completed via
the Cisco Live Melbourne Mobile App.
• Don’t forget: Cisco Live sessions will be
available for viewing on demand after
the event at:
https://ciscolive.cisco.com/on-demand-library/

#CLMEL © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Thank you

#CLMEL
#CLMEL