Back to Dashboard
Module 50
Cisco DNA Center and SD-Access
β Previous Module
Next Module β
# π CCNA 200-301 - Video 50: Cisco DNA Center and SD-Access ## Deep Study Notes --- ## π Learning Objectives By the end of this video, you should understand: - What Cisco DNA Center is and its role - Intent-Based Networking (IBN) concepts - Cisco DNA Center architecture and components - SD-Access (Software-Defined Access) architecture - Fabric concepts (underlay, overlay, fabric roles) - DNA Center automation and assurance - Network segmentation with SD-Access --- ## π§ Core Concepts ### 1. What is Cisco DNA Center? **Definition:** Cisco Digital Network Architecture (DNA) Center is a centralized network management platform that provides automation, assurance, and security for enterprise networks using intent-based networking principles. **Analogy:** Think of Cisco DNA Center like a smart building management system. Instead of manually adjusting each light, thermostat, and door lock (individual devices), you tell the system "I want the building to be comfortable, secure, and energy-efficient" (intent). The system figures out how to achieve that across all devices. ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β CISCO DNA CENTER CAPABILITIES β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β AUTOMATION β β β β β’ Day 0/1/2 provisioning β β β β β’ Zero-touch deployment (ZTP) β β β β β’ Template-based configuration β β β β β’ Software image management (SWIM) β β β β β’ Network Plug and Play (PnP) β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β ASSURANCE β β β β β’ Network health monitoring β β β β β’ Client health (wired/wireless) β β β β β’ Application health (SaaS, on-prem) β β β β β’ AI/ML anomaly detection β β β β β’ Sensor-based testing β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β SECURITY β β β β β’ Segmentation (SD-Access) β β β β β’ Policy-based access control β β β β β’ Encrypted Traffic Analytics (ETA) β β β β β’ Threat detection and response β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β PLATFORM β β β β β’ REST APIs for integration β β β β β’ Workflow automation β β β β β’ App hosting β β β β β’ Multi-vendor support β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ### 2. Intent-Based Networking (IBN) **Definition:** Intent-Based Networking is a paradigm where network administrators define "what" they want to achieve (intent), and the network automatically determines "how" to achieve it. ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β INTENT-BASED NETWORKING CYCLE β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β INTENT β β β β "What do you want to achieve?" β β β β Example: "All employees should have secure access to β β β β corporate resources from any location" β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β TRANSLATION β β β β Convert intent into network policy β β β β β’ Security policies β β β β β’ QoS policies β β β β β’ Segmentation rules β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β ACTIVATION β β β β Deploy policies across network devices β β β β β’ Zero-touch provisioning β β β β β’ Automated configuration β β β β β’ Software updates β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β ASSURANCE β β β β Monitor and verify intent is satisfied β β β β β’ Network health β β β β β’ Client experience β β β β β’ Application performance β β β β β’ Anomaly detection β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β (Feedback loop) β β βΌ β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β REMEDIATION β β β β Automatically fix issues or notify administrators β β β β β’ Self-healing network β β β β β’ Automated troubleshooting β β β β β’ Root cause analysis β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β β ββββββββββββββββββββββββββββββββββββββββββ β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ### 3. Cisco DNA Center Architecture ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β CISCO DNA CENTER ARCHITECTURE β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β NORTHBOUND APIs β β β β (REST, Python, Ansible) β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β CISCO DNA CENTER β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β Automation β Assurance β Security β Platformβ β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β Data Platform (Analytics) β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β Multivendor Support (Third-party) β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β SOUTHBOUND (NETCONF, RESTCONF, CLI) β β βΌ β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β NETWORK DEVICES β β β β βββββββββββ βββββββββββ βββββββββββ βββββββββββ β β β β β Router β β Switch β β Wirelessβ β Firewallβ β β β β βββββββββββ βββββββββββ βββββββββββ βββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ### 4. SD-Access (Software-Defined Access) **Definition:** SD-Access is Cisco's enterprise network architecture that uses fabric technology to automate and simplify network operations, providing consistent policy enforcement regardless of user location. ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β SD-ACCESS ARCHITECTURE β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β CONTROL PLANE β β β β (LISP - Locator/ID Separation Protocol) β β β β β β β β β’ Map Server (MS) - Maintains EID-to-RLOC mappings β β β β β’ Map Resolver (MR) - Resolves EID-to-RLOC queries β β β β β’ Control Plane Node β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β DATA PLANE β β β β (VXLAN - Virtual Extensible LAN) β β β β β β β β β’ Overlay network (VXLAN tunnels) β β β β β’ Encapsulates traffic between fabric nodes β β β β β’ Provides segmentation (VNIs) β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β POLICY PLANE β β β β (Cisco TrustSec - SGT/CTS) β β β β β β β β β’ Security Group Tags (SGT) β β β β β’ Policy-based segmentation β β β β β’ Consistent policy across fabric β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ### 5. SD-Access Fabric Roles | Role | Description | Functions | |------|-------------|-----------| | **Control Plane Node** | Maintains endpoint mappings | LISP map server, map resolver | | **Border Node** | Connects fabric to external networks | Gateway to outside, policy enforcement | | **Edge Node** | Connects endpoints to fabric | Serves wired endpoints, policy enforcement | | **Fabric WLC** | Wireless controller integrated with fabric | Manages wireless endpoints | ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β SD-ACCESS FABRIC ROLES β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β βββββββββββββββββββ β β β Control Planeβ β β β Node β β β β (CP Node) β β β ββββββββββ¬βββββββββ β β β β β ββββββββββββββββββββΌβββββββββββββββββββ β β β β β β β βΌ βΌ βΌ β β βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ β β β Border Node β β Edge Node β β Edge Node β β β β (External) β β (Internal) β β (Internal) β β β ββββββββββ¬βββββββββ ββββββββββ¬βββββββββ ββββββββββ¬βββββββββ β β β β β β β β β β β β ββββββββββΌβββββββββ ββββββββββΌβββββββββ ββββββββββΌβββββββββ β β β External β β Wired β β Wireless β β β β Network β β Endpoints β β Endpoints β β β β (Internet) β β (PCs) β β (APs) β β β βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ β β β β Fabric Nodes communicate via VXLAN overlay β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ### 6. Underlay vs. Overlay ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β UNDERLAY vs. OVERLAY β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β UNDERLAY (Physical Network): β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β βββββββ βββββββ βββββββ βββββββ β β β β βSwitchββββββSwitchββββββSwitchββββββSwitchβ β β β β βββββββ βββββββ βββββββ βββββββ β β β β β β β β β’ Physical network infrastructure β β β β β’ IP routing (OSPF, IS-IS) β β β β β’ Provides connectivity between fabric nodes β β β β β’ Simple, scalable design β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β OVERLAY (Virtual Network): β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β VXLAN Tunnel 1 (VNI 10001 - Engineering) β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β VXLAN Tunnel 2 (VNI 10002 - Sales) β β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β β β VXLAN Tunnel 3 (VNI 10003 - HR) β β β β β β β β β β β β β β β β β β β β Logical networks over physical underlay β β β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β β β’ Virtual network overlays β β β β β’ VXLAN encapsulation β β β β β’ Independent of physical topology β β β β β’ Enables network virtualization β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ### 7. Fabric Encapsulation (VXLAN) **VXLAN (Virtual Extensible LAN):** Encapsulates Layer 2 frames in UDP packets for transport across Layer 3 networks. ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β VXLAN ENCAPSULATION β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β Original Ethernet Frame: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β MAC Header β IP Header β Payload β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β VXLAN Encapsulation: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β Outer MAC β Outer IP β UDP β VXLAN Header β Original Frame β β β β Header β Header β (4789)β (VNI) β (Encapsulated) β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β VXLAN Components: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ VNI (VXLAN Network Identifier): 24-bit ID (up to 16M segments) β β β β β’ VTEP (VXLAN Tunnel Endpoint): Device that encapsulates/decapsulatesβ β β β β’ UDP Port: 4789 β β β β β’ Outer IP: Underlay network β β β β β’ Inner MAC/IP: Overlay network β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ### 8. LISP (Locator/ID Separation Protocol) **LISP** separates endpoint identity (EID) from location (RLOC), enabling mobility and policy. ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β LISP ARCHITECTURE β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β LISP Terminology: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ EID (Endpoint Identifier): Identity of endpoint (IP address) β β β β β’ RLOC (Routing Locator): Location of endpoint (underlay IP) β β β β β’ Map Server (MS): Maintains EID-to-RLOC mappings β β β β β’ Map Resolver (MR): Resolves EID-to-RLOC queries β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β LISP Operation: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β Host A (EID: 10.1.1.10) wants to talk to Host B β β β β β β β β 1. Edge Node receives packet from Host A β β β β 2. Edge Node queries Map Server for Host B's location β β β β 3. Map Server returns RLOC (underlay IP) of Host B's Edge Node β β β β 4. Edge Node encapsulates packet in VXLAN β β β β 5. Packet forwarded through underlay to Host B's Edge Node β β β β 6. Edge Node decapsulates and delivers to Host B β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ### 9. SD-Access Segmentation **Macro-segmentation:** Isolates entire networks (Virtual Networks - VNs) **Micro-segmentation:** Isolates groups within a Virtual Network (SGT-based policies) ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β SD-ACCESS SEGMENTATION β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β MACRO-SEGMENTATION (Virtual Networks): β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β Virtual Network: Engineering (VN 1001) β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β’ All Engineering devices β β β β β β β’ Can communicate within VN β β β β β β β’ Cannot communicate with other VNs (unless policy allows) β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β β Virtual Network: Sales (VN 1002) β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β’ All Sales devices β β β β β β β’ Can communicate within VN β β β β β β β’ Cannot communicate with other VNs (unless policy allows) β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β MICRO-SEGMENTATION (Security Groups): β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β Engineering Virtual Network β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β β β β β SGT 10: Engineers (Full access) β β β β β β SGT 20: Contractors (Limited access) β β β β β β SGT 30: Guests (Internet only) β β β β β β β β β β β β Policy: Engineers can access servers β β β β β β Contractors cannot access servers β β β β β β Guests cannot access internal resources β β β β β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ### 10. DNA Center Automation **Zero-Touch Provisioning (ZTP):** ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β ZERO-TOUCH PROVISIONING β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β Step 1: Plug in new switch β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β New Switch: DHCP request β β β β DHCP Server: Option 43 (DNA Center IP) β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β Step 2: Switch contacts DNA Center β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β Switch: "I need a configuration" β β β β DNA Center: "Here's your config and image" β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β Step 3: Switch is fully provisioned β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β β β β’ Image downloaded and installed β β β β β’ Configuration applied β β β β β’ Added to inventory β β β β β’ Ready for production β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **Software Image Management (SWIM):** ```cisco ! DNA Center can manage software images across devices ! Features: ! β’ Image repository ! β’ Compliance checking ! β’ Automated upgrades ! β’ Distribution to devices ``` --- ### 11. DNA Center Assurance **Assurance Capabilities:** | Feature | Description | |---------|-------------| | **Network Health** | Overall network health score (1-10) | | **Client Health** | Wired and wireless client experience | | **Application Health** | Performance of business-critical apps | | **Sensor Health** | Synthetic testing from sensor devices | | **AI/ML Anomalies** | Automated detection of unusual behavior | | **Issues** | Identified problems with recommended fixes | ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β DNA CENTER ASSURANCE DASHBOARD β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β Network Health: 9.2/10 β β β β β β β β βββββββββββββββ βββββββββββββββ βββββββββββββββ β β β β β Wired β β Wireless β β SD-WAN β β β β β β 9.5/10 β β 8.8/10 β β 9.0/10 β β β β β βββββββββββββββ βββββββββββββββ βββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β Top Issues β β β β β β β β β’ High latency on AP-23 (Resolved) β β β β β’ Authentication failures on switch-12 (Open) β β β β β’ Application performance: Salesforce (Degraded) β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β Client Health β β β β β β β β Top 5 Clients by issues: β β β β 1. User: jdoe (MAC: aa:bb:cc) - Poor Wi-Fi β β β β 2. User: msmith (MAC: dd:ee:ff) - DHCP timeout β β β β β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ### 12. DNA Center APIs **REST API Examples:** ```python # Example: Get list of devices from DNA Center import requests url = "https://dna-center.example.com/api/v1/device" headers = { "X-Auth-Token": "your-token", "Content-Type": "application/json" } response = requests.get(url, headers=headers, verify=False) devices = response.json() for device in devices["response"]: print(f"{device['hostname']} - {device['managementIpAddress']}") ``` ```python # Example: Provision a new site payload = { "site": { "name": "Branch-Office", "parent": "Global" }, "devices": [ { "deviceId": "device-uuid", "roles": ["border-node", "edge-node"] } ] } response = requests.post(url, json=payload, headers=headers) ``` --- ## π§ Complete Configuration Examples ### Lab 1: DNA Center Discovery ```python # Python script to discover devices via DNA Center API import requests import json # DNA Center credentials DNAC_URL = "https://dna-center.example.com" USERNAME = "admin" PASSWORD = "Cisco123" # Get authentication token auth_url = f"{DNAC_URL}/dna/system/api/v1/auth/token" response = requests.post(auth_url, auth=(USERNAME, PASSWORD), verify=False) token = response.json()["Token"] # Get devices headers = {"X-Auth-Token": token} devices_url = f"{DNAC_URL}/dna/intent/api/v1/network-device" response = requests.get(devices_url, headers=headers, verify=False) # Print devices devices = response.json()["response"] for device in devices: print(f"{device['hostname']} - {device['managementIpAddress']}") ``` --- ### Lab 2: SD-Access Fabric Configuration (via DNA Center) **Note:** SD-Access configuration is typically done via GUI, not CLI. ``` 1. Create Underlay Network: - Configure IP addressing - Configure routing (OSPF/IS-IS) 2. Create Fabric: - Define fabric name - Add control plane nodes - Add border nodes - Add edge nodes 3. Create Virtual Networks: - Engineering VN - Sales VN - HR VN 4. Configure Security Policies: - Define SGTs - Create policy contracts 5. Onboard Devices: - Use ZTP or manual addition - Assign device roles ``` --- ## β Exam Tips (For CCNA 200-301) | Topic | What Cisco Tests | |-------|------------------| | **DNA Center** | Centralized management, automation, assurance | | **Intent-Based Networking** | Define intent, network translates and activates | | **SD-Access** | Fabric-based architecture, segmentation | | **Fabric Roles** | Control Plane, Border, Edge, Wireless | | **VXLAN** | Overlay encapsulation, UDP 4789, VNI | | **LISP** | EID/RLOC separation, mapping system | | **Segmentation** | Macro (VN), Micro (SGT) | ### Common Exam Scenarios: **Scenario 1:** "What is the purpose of Cisco DNA Center?" - **Answer:** Centralized network management platform for automation, assurance, and security **Scenario 2:** "Which protocol does SD-Access use for overlay encapsulation?" - **Answer:** VXLAN (Virtual Extensible LAN) **Scenario 3:** "What is the difference between macro and micro segmentation in SD-Access?" - **Answer:** Macro segmentation isolates entire Virtual Networks; micro segmentation isolates groups within a Virtual Network using SGTs ### Mnemonics: **SD-Access Fabric Roles:** **"C.B.E.W." - Control, Border, Edge, Wireless** - **C**ontrol Plane Node: Maintains mappings - **B**order Node: Connects to external - **E**dge Node: Connects endpoints - **W**ireless Controller: Wireless integration **SD-Access Planes:** **"C.D.P." - Control, Data, Policy** - **C**ontrol Plane: LISP - **D**ata Plane: VXLAN - **P**olicy Plane: TrustSec --- ## π Summary (1-Minute Revision) ``` CISCO DNA CENTER: PURPOSE: βββ Centralized network management βββ Automation (ZTP, SWIM, templates) βββ Assurance (health monitoring) βββ Security (segmentation, policy) INTENT-BASED NETWORKING: βββ Intent: What you want to achieve βββ Translation: Convert to policy βββ Activation: Deploy to network βββ Assurance: Verify and monitor βββ Remediation: Auto-fix issues SD-ACCESS: ARCHITECTURE: βββ Underlay: Physical network (IP routing) βββ Overlay: Virtual networks (VXLAN) βββ Fabric: Combined underlay + overlay FABRIC ROLES: βββ Control Plane Node: LISP map server βββ Border Node: External connectivity βββ Edge Node: Endpoint connectivity βββ Fabric WLC: Wireless integration ENCAPSULATION: βββ VXLAN (UDP 4789) βββ VNI (24-bit, up to 16M segments) βββ VTEP (encapsulation endpoint) SEGMENTATION: βββ Macro: Virtual Networks (VNs) βββ Micro: Security Group Tags (SGTs) DNA CENTER CAPABILITIES: βββ Automation: Day 0/1/2 operations βββ Assurance: Health scores, issues βββ Security: Policy-based access βββ Platform: REST APIs ``` --- ## π§ͺ Practice Questions **1. What is the primary purpose of Cisco DNA Center?** - A) Routing and switching - B) Centralized network automation and assurance - C) Firewall security - D) Wireless access <details> <summary>Answer</summary> <b>B) Centralized network automation and assurance</b> - DNA Center provides automation, assurance, and security. </details> **2. Which protocol does SD-Access use for overlay encapsulation?** - A) GRE - B) IPsec - C) VXLAN - D) MPLS <details> <summary>Answer</summary> <b>C) VXLAN</b> - VXLAN (Virtual Extensible LAN) is used for overlay encapsulation in SD-Access. </details> **3. What is the role of a Control Plane Node in SD-Access?** - A) Forward packets between endpoints - B) Maintain endpoint-to-location mappings - C) Connect fabric to external networks - D) Manage wireless access <details> <summary>Answer</summary> <b>B) Maintain endpoint-to-location mappings</b> - Control Plane Node runs LISP for mapping. </details> **4. What does LISP separate in SD-Access?** - A) MAC and IP addresses - B) EID (Endpoint ID) and RLOC (Routing Locator) - C) IPv4 and IPv6 - D) Control and data planes <details> <summary>Answer</summary> <b>B) EID (Endpoint ID) and RLOC (Routing Locator)</b> - LISP separates identity from location. </details> **5. Which UDP port does VXLAN use?** - A) UDP 4789 - B) UDP 5246 - C) UDP 5247 - D) UDP 2055 <details> <summary>Answer</summary> <b>A) UDP 4789</b> - VXLAN uses UDP port 4789. </details> **6. What is the purpose of micro-segmentation in SD-Access?** - A) Isolate entire departments - B) Isolate groups within a Virtual Network - C) Connect to external networks - D) Manage wireless clients <details> <summary>Answer</summary> <b>B) Isolate groups within a Virtual Network</b> - Micro-segmentation uses SGTs to isolate groups. </details> **7. What does VNI stand for?** - A) Virtual Network Interface - B) VXLAN Network Identifier - C) Virtual Network Identifier - D) VLAN Network Interface <details> <summary>Answer</summary> <b>B) VXLAN Network Identifier</b> - VNI identifies VXLAN segments (24-bit). </details> **8. Which component connects SD-Access fabric to external networks?** - A) Edge Node - B) Control Plane Node - C) Border Node - D) Fabric WLC <details> <summary>Answer</summary> <b>C) Border Node</b> - Border Node provides connectivity to external networks. </details> **9. What is the IBN cycle?** - A) Intent, Business, Network - B) Intent, Translation, Activation, Assurance, Remediation - C) Identify, Build, Navigate - D) Install, Boot, Network <details> <summary>Answer</summary> <b>B) Intent, Translation, Activation, Assurance, Remediation</b> - The intent-based networking cycle. </details> **10. What is the purpose of DNA Center Assurance?** - A) Deploy configurations - B) Monitor network and client health - C) Manage software images - D) Create virtual networks <details> <summary>Answer</summary> <b>B) Monitor network and client health</b> - Assurance provides health monitoring and issue detection. </details> **11. Which protocol is used for SD-Access control plane?** - A) VXLAN - B) LISP - C) OSPF - D) BGP <details> <summary>Answer</summary> <b>B) LISP</b> - LISP (Locator/ID Separation Protocol) is used for the control plane. </details> **12. What is the maximum number of VXLAN segments (VNI)?** - A) 4096 - B) 16,777,216 - C) 1,000,000 - D) 65,536 <details> <summary>Answer</summary> <b>B) 16,777,216</b> - VNI is 24-bit, supporting up to 16 million segments. </details> --- ## π Next Steps After completing Video 50, you should be ready for: - **Video 51:** Troubleshooting Methodology - **Video 52:** Troubleshooting Switching Issues **Lab Practice:** 1. Explore DNA Center GUI (if available) 2. Understand SD-Access architecture 3. Review LISP and VXLAN concepts 4. Practice DNA Center API calls 5. Understand fabric roles and segmentation --- **Ready for Video 51?** Share the link or say "next" and I'll continue with Troubleshooting Methodology. I'll continue with **Video 51: Troubleshooting Methodology** based on the standard CCNA 200-301 curriculum. ---