Securing Cisco Digital Network Architecture (DNA)

Securing Cisco Digital Network Architecture (DNA) Certification Training Course Overview

Enroll for 5-day Securing Cisco Digital Network Architecture (DNASEC) course from Koenig Solutions accredited by Cisco. In this course, the participants use the tools to build a centrally managed, authenticated, authorized, and monitored and security-policy compliant solution

Target Audience:

  • Who are involved in the designing of SD access solutions
  • Who are involved in implementing and operation SD access solutions

Learning Objectives:

After completing this course, you will be able to:

  • Know and understand Cisco’s DNA and SD-Access concepts, features, benefits, terminology and the way this approach innovates common administrative tasks on today’s networks.
  • Differentiate and explain each of the building blocks of SD-Access Solution
  • Be familiar with fabric and node types
  • Deploy and configure Fabric Edge Nodes, Control Plane nodes and Border Nodes
  • Configure LISP in Control Plane for SD-Access Solution
  • Configure VXLAN in Data Plane for SD-Access Solution
  • Configure TrustSec for segmentation and Policy Enforcement
  • Understand the role of DNA Centre as solution orchestrator and Intelligent GUI
  • Deploy DNA Centre and perform initial setup
  • Use workflow approach in DNA Centre and its 4 Steps: Design, Policy, Provision and Assurance
  • Deploy ISE and integrate it with DNA Centre and SD-Access Solution
  • Deploy StealthWatch and Integrate it with DNA Centre and SD-Access Solution
  • Monitor and Troubleshoot SDA operation
  • Know and understand the migration strategies from traditional networks to SD-Access Solution


Securing Cisco Digital Network Architecture (DNA) (40 Hours) Download Course Contents

Live Virtual Classroom Fee On Request
Group Training
01 - 05 Nov GTR 09:00 AM - 05:00 PM CST
(8 Hours/Day)

06 - 10 Dec 09:00 AM - 05:00 PM CST
(8 Hours/Day)

1-on-1 Training (GTR)
4 Hours
8 Hours
Week Days

Start Time : At any time

12 AM
12 PM

GTR=Guaranteed to Run
Classroom Training (Available: London, Dubai, India, Sydney, Vancouver)
Duration : On Request
Fee : On Request
On Request
Special Solutions for Corporate Clients! Click here
Hire Our Trainers! Click here

Course Modules

Module 1: Introduction to Cisco’s Software Defined Access (SD-Access)
  • DNA Introduction
  • SD-Access Overview
  • SD-Access Benefits
  • SD-Access Key Concepts
  • SD-Access Main Components, Campus Frabric, Wired, Wireless
  • Nodes - Edge, Border, Control Plane
  • DNA Centre (Controller)
  • ISE (Policy)
  • StealthWatch (Policy)
  • NDP (Analytics and Assurance)
Module 2: SD-Access Campus Fabric
  • The concept of Fabric
  • Node types - Fabric Edge, Control Plane, Border
  • LISP as protocol for Control Plane
  • Configure LISP for Control Plane
  • VXLAN as protocol for Data Plane
  • Configure VXLAN for Data Plane
  • Virtual Networks (VN)
  • Fabric-enabled WLAN, WLC and AP's
  • SDA-ready Cisco Catalyst LAN Switches
  • Role of Cat9k in Cisco SD-Access solution and deployment models as border, control and edge nodes
Module 3: DNA Centre and Workflow for SD-Access
  • Introduction to DNA Centre
  • Workflow for SD-Access in DNA Centre - Design, Policy, Provision, Assurance
  • Integration with Cisco ISE for Policy Enforcement
  • Integration with Cisco StealthWatch for Policy Enforcement
  • Integration with Cisco NDP for Analytics and Assurance
Module 4: Deployment and initial setup for DNA Centre
  • Requirements
  • Deployment Procedure
  • Initial Setup
  • GUI Navigation
Module 5: Deployment and initial setup for ISE and Integrate with DNA Centre
  • Introduction to Cisco ISE
  • Requirements
  • Cisco ISE Deployment Models
  • Deployment Procedure
  • Initial Setup
  • GUI Navigation
  • Integration with DNA Centre
Module 6: Deploy Netflow Collector and StealthWatch Management Centre (SMC)
  • Introduction to Netflow and SMC
  • Requirements
  • Deployment Procedure
  • Initial Setup
  • GUI Navigation
  • Integration with DNA Centre / SD Access
Module 7: Implementing Policy Plane using Cisco TrustSec for Segmentation
  • Cisco TrustSec phases - Classification, Propagation, Enforcement
  • Configuring Classification
  • Configuring SGT tag propagation
  • Configure Enforcement
  • Introducing Cisco TrustSec in ISE
  • Cisco ISE as controller for Software-defined segmentation (groups and policies)
  • Configuring ISE for Dynamic SGT assignment
  • Configuring ISE for Static SGT assignment
  • Configuring Policy Enforcement
Module 8: Cisco StealthWatch Management Console (SMC)
  • Configuring Host Groups in the SMC
  • Configuring Flexible NetFlow on Cisco Devices
  • Verify Netflow Data Collection on SMC
  • Configuring Cisco StealthWatch and ISE Integration
Module 9: DNA Centre Workflow First Step - Design
  • Creating Enterprise and Sites Hierarchy
  • Configuring General Network Settings
  • Loading maps into the GUI
  • IP Address Management
  • Software Image Management
  • Network Device Profiles
Module 10: DNA Centre Workflow Second Step - Policy
  • 2-level Hierarchy
  • Macro Level: Virtual Network (VN)
  • Micro Level: Scalable Group (SG)
  • Policy Types - Access Policy, Access Control Policy, Traffic Copy Policy
  • Cross Domain Policies
Module 11: DNA Centre Workflow Third Step - Provision
  • Devices Onboarding
  • Discovering Devices
  • Assigning Devices to a site
  • Provisioning device with profiles
  • Fabric Domains
  • Understanding Fabric Domains
  • Using Default LAN Fabric Domain
  • Creating Additional Fabric Domains
  • Adding Nodes
  • Adding Fabric Edge Nodes
  • Adding Control Plane Nodes
  • Adding Border Nodes
Module 12: DNA Centre Workflow Fourth Step – Assurance
  • Introduction to Analytics
  • NDP Fundamentals
  • Overview of DNA Assurance
  • Components of DNA Assurance
  • DNA Centre Assurance Dashboard
Module 13: Implementing WLAN in SD-Access Solution
  • WLAN Integration Strategies in SD-Access Fabric
  • CUWN Wireless Over The Top (OTT)
  • SD-Access Wireless (Fabric enabled WLC and AP)
  • SD-Access Wireless Architecture
  • Control Plane: LISP and WLC
  • Data Plane: VXLAN
  • Policy Plane and Segmentation: VN and SGT
Module 14: Implementing Campus Fabric External Connectivity for SD-Access
  • Role of Border Nodes
  • Types of Border Nodes - Border, Default Border
  • Single Border vs. Multiple Border Designs
  • Collocated Border and Control Plane Nodes
  • Distributed (separated) Border and Control Plane Nodes
  • Configuring Border Nodes
Module 15: SDA Migration Strategies
  • Migrate to SD-Access using a quality-assured process, state-of-the-art tools and proven methodologies
  • The need for additional planning
  • Typical considerations
  • Primary Approaches for migration
  • Building SD-Access network in parallel and then integrate
  • Do incremental migrations of access switches into an SD-Access fabric
Module 16: Lab
  • Deploy and Setup DNA Centre
  • Deploy and Setup ISE
  • Deploy and Setup StealthWatch
  • Integrate ISE with DNA Centre
  • Integrate StealthWatch with SD-Access infrastructure
  • Performing SD-Access Design Step in DNA Centre
  • Performing SD-Access Policy Step in DNA Centre and ISE
  • Performing SD-Access Provision Step in DNA Centre
  • Integrating WLAN services through SD-Wireless architecture
  • Deploy and Setup Border Node
  • Monitoring SDA Operations
  • Troubleshooting SDA Operations
Download Course Contents

Request More Information

Course Prerequisites
  • Cisco CCNA or Equivalent Experience
  • Basic Knowledge of Software Defined Networks
  • Basic Knowledge of network security including AAA, Access Control and ISE - IINS
  • Basic Knowledge and experience with Cisco IOS, IOS XE and CLI
  • Basic Knowledge of virtualization, Hypervisors and Virtual Machines