This 5-day deep dive training course explores the capabilities of the Cisco Software-Defined Access (SDA) solution. Students will learn how to implement SDA for different solution verticals. It also addresses the details of how to operate and troubleshoot the different capabilities of the underlying solution components.


* Actual course outline may vary depending on offering center. Contact your sales representative for more information.

Learning Objectives

Upon completing this course, the learner will be able to meet these overall objectives:
Articulate the value of Cisco SDA Use Cases including, for example: saving operational and management cost to maintain and support ever growing network infrastructure; central security policy to comply to regional or global regulatory requirements and enterprise security policy; deliver best-in-class services to end-users; leveraging networking insights and trends to optimize business process and workflows. Some real scenarios such as supporting multi-mode collaboration within shared workspaces in life sciences; accelerating the deployment of “pop-up” sites for emergency medical purposes; creating integrated building management solutions; zero-touch day 0 network turn-up of additional sites, rapid response to network threat and vulnerabilities, and similar.
Describe the technical capabilities of Cisco DNA Center and how they are applied in SDA Use Cases. This includes the lifecycle stages of network device discovery, assigning network devices to sites, network design options, provisioning, software image management, building a fabric, segmentation design, assurance, application policy, etc.
Set up an SDA environment, integrating Cisco Identity Services Engine (ISE) and other solution components as required.
Apply troubleshooting methods, processes, tips to resolve implementation and maintenance issues of the following aspects of the technical solution:
Device Onboarding, including device discovery, Plug-and-Play and LAN Automation
Network design settings, including sites, AAA, SNMP, Syslog, IP address pools, image management, network profiles, and authentication templates
Policies for access control, applications and virtual networks
Provisioning, including template-based provisioning for day 0 and day N operations
Network Segmentation, including the application of Cisco TrustSec security with Scalable Group Tags (SGTs) and Virtual Networks
Assurance to monitor network, endpoint, and applications to ensure best user experience
Integration of ServiceNow for an integrated IT service management lifecycle
Integration of InfoBlox for integrated IPAM

  • Introduction to Cisco's Software Defined Access (SD-Access)

  • Understanding Cisco Intent-Based Networking
    Understanding Cisco SDA Use Cases customer's benefits including business and technical outcomes and capabilities
    Cisco DNA Center Introduction
    SD-Access Overview
    SD-Access Benefits
    SD-Access Key Concepts
    SD-Access Main Components
    Fabric Control Plane Node
    Fabric Border Node
    Fabric Edge Node
    Fabric Wireless LAN Controller and Fabric Enabled Access Points
    Cisco DNA Center Automation
    Cisco ISE (Policy)
    Cisco StealthWatch (Traffic Analysis)
    DNA Center Assurance

  • Deployment and Initial setup for the Cisco DNA-Center

  • Cisco DNA-Center Appliances
    Cisco DNA-Center Deployment Models
    Single Node Deployment
    Clustered Deployment
    Installation Procedure
    Initial Setup and Configuration
    GUI Navigation

  • Design

  • Network design options
    Creating Enterprise and Sites Hierarchy
    Configuring General Network Settings
    Loading maps into the GUI
    IP Address Management
    Software Image Management
    Network Device Profiles
    IP address pools
    Image management
    Creating Enterprise and Guest SSIDs
    Creating the wireless RF Profile
    Cresting the Guest Portal for the Guest SSIDs
    Network profiles
    Authentication templates

  • Policy

  • 2-level Hierarchy
    Macro Level- Virtual Network (VN)
    Micro Level- Scalable Group (SG)
    Policy in SD-Access
    Access Policy- Authentication and Authorization
    Access Control Policy
    Application Policy
    Extending Policy across domains
    Preserving Group Metadata across Campus, WAN and DC
    Enforcing policy in Firewall domains
    Cross Domain Policies

  • SDA - Provision

  • Devices Onboarding
    IP Transits
    Fabric Domains
    Adding Nodes

  • SDA - Assurance

  • Overview of DNA Assurance
    Cisco DNA Center Assurance- Use Cases Examples
    Network Health & Device 360
    Client Health & Client 360
    Application Health & Application 360
    Cisco SD- Application Visibility Control (AVC) on DNA-Center
    Proactive troubleshooting using Sensors

  • Cisco SD-Access Distributed Campus Design

  • Introduction to Cisco SD-Access Distributed Campus Design - The Advantage?
    Fabric Domain vs Fabric Site
    SD-Access Transits-
    IP-Based Transit
    Cisco SD-Access Transit
    Cisco SD-WAN Transit
    Deploying the Cisco Distributed Campus with SD-Access Transit
    Site considerations
    Internet connectivity considerations
    Segmentation considerations
    Role of a Cisco Transit Control Plane
    Cisco SD-Access Fabric in a Box
    The need for FiaB
    Deploying the FiaB

  • Cisco SD-Access Brownfield Migration

  • Cisco SD-Access Migration Tools and Strategies
    Two Basic Approaches-
    Parallel Deployment Approach
    Incremental Deployment Approach
    Integration with existing Cisco ISE in the network - Things to watch out for!
    Choosing the correct Fusion Device
    Existing Core as Fusion
    Firewall as Fusion
    When do you need the SD-Access Layer-2 Border?
    L2 Border - Understanding the requirement
    Designing and Configuring the L2 Border
    L2 Border - Not a permanent solution

  • Cisco DNA Center Automation- Use Cases Examples

  • DAY0- Onboarding new devices using Zero Touch Deployment
    DAY1- Configurations using Templates
    DAYN- Security Advisories based on Machine Reasoning Engine
    DAYN- Simplified Software Management based on Golden Images
    DAYN- Defective Device Replacement - RMA

  • 3rd Party Integrations

  • ServiceNow
    InfoBlox IPAM

  • Specific Use Cases

  • Use Case- STACK LAN Automation
    Use Case- Silent Hosts
    Use Case- Wake on LAN
    Use Case- The need for L2 flooding
    Use Case- Multicast in the SD-Access Fabric

  • Cisco SD-Access Multi-Domain Integrations

  • Cisco SD-Access to ACI Integrations
    Phase-1- Policy Plane Integration
    Phase-2- Data Plane Integration
    Cisco SD-Access to Cisco SD-WAN Integrations
    What is possible today? SD-WAN Transit setup.
    Phase-1- The one box solution
    Phase-2- The two box solution

  • Troubleshooting

  • Fabric
    Layer 3 forwarding
    Layer 2 forwarding
    Multicast Forwarding
    Security in the Fabric
    Troubleshooting Multi-Site Deployments


The primary audience for this course are those in IT management, to understand how to address key business requirements with greater efficiency and flexibility in network service delivery; IT solution architects, to understand the role that SDA plays in enabling such efficiency and flexibility for network services in the context of IT solution delivery; IT and network security architects, to understand how the integrated capabilities of the SDA solution are used to design and implement network segmentation-based security; IT operations engineers, integrating network and application visibility and root cause analysis into integrated IT case handling workflows; Networking Admin and Operations installing, integrating, configuring and operating Cisco DNA Center, Cisco Identity Services Engine (ISE), and other solution components, in the context of Cisco SDA based network services.




The knowledge and skills that the learner should have before attending this course are as follows: Implementation of Enterprise LAN networks Basic understanding of Enterprise switching, and wireless connectivity Basic understanding of Enterprise routing connectivity Basic understanding of AAA (authentication, authorization, and accounting) process and workflow Programming knowledge such as Python, RestAPI is useful


Length: 5.0 days (40 hours)


Not Your Location? Change

Course Schedule:

Schedule select
10:00 AM ET -
6:00 PM ET
Filling Fast
Schedule select
10:00 AM ET -
6:00 PM ET
Filling Fast
Schedule select
10:00 AM ET -
6:00 PM ET
Filling Fast