Securing Cisco Digital Network Architecture (DNA)

Securing Cisco Digital Network Architecture (DNA) Certification Training Course Overview

Enroll for 5-day Securing Cisco Digital Network Architecture (DNASEC) course from Koenig Solutions accredited by Cisco. In this course, the participants use the tools to build a centrally managed, authenticated, authorized, and monitored and security-policy compliant solution

Target Audience:

  • Who are involved in the designing of SD access solutions
  • Who are involved in implementing and operation SD access solutions

Learning Objectives:

After completing this course, you will be able to:

  • Know and understand Cisco’s DNA and SD-Access concepts, features, benefits, terminology and the way this approach innovates common administrative tasks on today’s networks.
  • Differentiate and explain each of the building blocks of SD-Access Solution
  • Be familiar with fabric and node types
  • Deploy and configure Fabric Edge Nodes, Control Plane nodes and Border Nodes
  • Configure LISP in Control Plane for SD-Access Solution
  • Configure VXLAN in Data Plane for SD-Access Solution
  • Configure TrustSec for segmentation and Policy Enforcement
  • Understand the role of DNA Centre as solution orchestrator and Intelligent GUI
  • Deploy DNA Centre and perform initial setup
  • Use workflow approach in DNA Centre and its 4 Steps: Design, Policy, Provision and Assurance
  • Deploy ISE and integrate it with DNA Centre and SD-Access Solution
  • Deploy StealthWatch and Integrate it with DNA Centre and SD-Access Solution
  • Monitor and Troubleshoot SDA operation
  • Know and understand the migration strategies from traditional networks to SD-Access Solution

 

Securing Cisco Digital Network Architecture (DNA) (40 Hours) Download Course Contents

Live Virtual Classroom Fee For Both Group Training & 1-on-1 Training On Request
Group Training
02 - 06 Aug 09:00 AM - 05:00 PM CST
(8 Hours/Day)
06 - 10 Sep 09:00 AM - 05:00 PM CST
(8 Hours/Day)
1-on-1 Training (GTR)
4 Hours
8 Hours
Week Days
Week End

Start Time : At any time

12 AM
12 PM

GTR=Guaranteed to Run
Classroom Training (Available: London, Dubai, India, Sydney, Vancouver)
Duration : On Request
Fee : On Request
On Request
Special Solutions for Corporate Clients! Click here Hire Our Trainers! Click here

Customers who bought this course also bought

 Implementing Cisco Application Centric Infrastructure (DCACI) v1.0
 Cisco Certified Network Associate (200-301 CCNA)
 Implementing Cisco Enterprise Network Core Technologies (ENCOR)
 AUCCE1 -Administering Cisco Unified Contact CenterEnterprise, Part 1
 AUCCE2-Administering Cisco Unified Contact Center Enterprise, Part 2
 Implementing Cisco Data Center Core Technologies (DCCOR)
 Implementing and Operating Cisco Security Core Technologies (SCOR)
 Implementing and Configuring Cisco Identity Services Engine (SISE)
 Understanding Cisco Wireless Foundations (WLFNDU) v1.0
 Securing Networks with Cisco Firepower Threat Defense NGFW (FTD)

Course Modules

Module 1: Introduction to Cisco’s Software Defined Access (SD-Access)
  • DNA Introduction
  • SD-Access Overview
  • SD-Access Benefits
  • SD-Access Key Concepts
  • SD-Access Main Components, Campus Frabric, Wired, Wireless
  • Nodes - Edge, Border, Control Plane
  • DNA Centre (Controller)
  • ISE (Policy)
  • StealthWatch (Policy)
  • NDP (Analytics and Assurance)
Module 2: SD-Access Campus Fabric
  • The concept of Fabric
  • Node types - Fabric Edge, Control Plane, Border
  • LISP as protocol for Control Plane
  • Configure LISP for Control Plane
  • VXLAN as protocol for Data Plane
  • Configure VXLAN for Data Plane
  • Virtual Networks (VN)
  • Fabric-enabled WLAN, WLC and AP's
  • SDA-ready Cisco Catalyst LAN Switches
  • Role of Cat9k in Cisco SD-Access solution and deployment models as border, control and edge nodes
Module 3: DNA Centre and Workflow for SD-Access
  • Introduction to DNA Centre
  • Workflow for SD-Access in DNA Centre - Design, Policy, Provision, Assurance
  • Integration with Cisco ISE for Policy Enforcement
  • Integration with Cisco StealthWatch for Policy Enforcement
  • Integration with Cisco NDP for Analytics and Assurance
Module 4: Deployment and initial setup for DNA Centre
  • Requirements
  • Deployment Procedure
  • Initial Setup
  • GUI Navigation
Module 5: Deployment and initial setup for ISE and Integrate with DNA Centre
  • Introduction to Cisco ISE
  • Requirements
  • Cisco ISE Deployment Models
  • Deployment Procedure
  • Initial Setup
  • GUI Navigation
  • Integration with DNA Centre
Module 6: Deploy Netflow Collector and StealthWatch Management Centre (SMC)
  • Introduction to Netflow and SMC
  • Requirements
  • Deployment Procedure
  • Initial Setup
  • GUI Navigation
  • Integration with DNA Centre / SD Access
Module 7: Implementing Policy Plane using Cisco TrustSec for Segmentation
  • Cisco TrustSec phases - Classification, Propagation, Enforcement
  • Configuring Classification
  • Configuring SGT tag propagation
  • Configure Enforcement
  • Introducing Cisco TrustSec in ISE
  • Cisco ISE as controller for Software-defined segmentation (groups and policies)
  • Configuring ISE for Dynamic SGT assignment
  • Configuring ISE for Static SGT assignment
  • Configuring Policy Enforcement
Module 8: Cisco StealthWatch Management Console (SMC)
  • Configuring Host Groups in the SMC
  • Configuring Flexible NetFlow on Cisco Devices
  • Verify Netflow Data Collection on SMC
  • Configuring Cisco StealthWatch and ISE Integration
Module 9: DNA Centre Workflow First Step - Design
  • Creating Enterprise and Sites Hierarchy
  • Configuring General Network Settings
  • Loading maps into the GUI
  • IP Address Management
  • Software Image Management
  • Network Device Profiles
Module 10: DNA Centre Workflow Second Step - Policy
  • 2-level Hierarchy
  • Macro Level: Virtual Network (VN)
  • Micro Level: Scalable Group (SG)
  • Policy Types - Access Policy, Access Control Policy, Traffic Copy Policy
  • Cross Domain Policies
Module 11: DNA Centre Workflow Third Step - Provision
  • Devices Onboarding
  • Discovering Devices
  • Assigning Devices to a site
  • Provisioning device with profiles
  • Fabric Domains
  • Understanding Fabric Domains
  • Using Default LAN Fabric Domain
  • Creating Additional Fabric Domains
  • Adding Nodes
  • Adding Fabric Edge Nodes
  • Adding Control Plane Nodes
  • Adding Border Nodes
Module 12: DNA Centre Workflow Fourth Step – Assurance
  • Introduction to Analytics
  • NDP Fundamentals
  • Overview of DNA Assurance
  • Components of DNA Assurance
  • DNA Centre Assurance Dashboard
Module 13: Implementing WLAN in SD-Access Solution
  • WLAN Integration Strategies in SD-Access Fabric
  • CUWN Wireless Over The Top (OTT)
  • SD-Access Wireless (Fabric enabled WLC and AP)
  • SD-Access Wireless Architecture
  • Control Plane: LISP and WLC
  • Data Plane: VXLAN
  • Policy Plane and Segmentation: VN and SGT
Module 14: Implementing Campus Fabric External Connectivity for SD-Access
  • Role of Border Nodes
  • Types of Border Nodes - Border, Default Border
  • Single Border vs. Multiple Border Designs
  • Collocated Border and Control Plane Nodes
  • Distributed (separated) Border and Control Plane Nodes
  • Configuring Border Nodes
Module 15: SDA Migration Strategies
  • Migrate to SD-Access using a quality-assured process, state-of-the-art tools and proven methodologies
  • The need for additional planning
  • Typical considerations
  • Primary Approaches for migration
  • Building SD-Access network in parallel and then integrate
  • Do incremental migrations of access switches into an SD-Access fabric
Module 16: Lab
  • Deploy and Setup DNA Centre
  • Deploy and Setup ISE
  • Deploy and Setup StealthWatch
  • Integrate ISE with DNA Centre
  • Integrate StealthWatch with SD-Access infrastructure
  • Performing SD-Access Design Step in DNA Centre
  • Performing SD-Access Policy Step in DNA Centre and ISE
  • Performing SD-Access Provision Step in DNA Centre
  • Integrating WLAN services through SD-Wireless architecture
  • Deploy and Setup Border Node
  • Monitoring SDA Operations
  • Troubleshooting SDA Operations
Download Course Contents

Request More Information

Course Prerequisites
  • Cisco CCNA or Equivalent Experience
  • Basic Knowledge of Software Defined Networks
  • Basic Knowledge of network security including AAA, Access Control and ISE - IINS
  • Basic Knowledge and experience with Cisco IOS, IOS XE and CLI
  • Basic Knowledge of virtualization, Hypervisors and Virtual Machines