Introduction to SD-Access

ReneMolenaar · December 30, 2019, 12:44pm

This topic is to discuss the following lesson:

olim26m · January 13, 2020, 3:06am

Hello Rene,
First, i want to thank you once again for explaining technologies in plain english. This is so much fun reading your posts after all the articles in the internet which poses more confusion.
However i have a question. According to Cisco APIC-EM is end of life (https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/eos-eol-notice-c51-741252.html) and the replacement product is DNA Center Appliance.

If i understand it right the picture should look like:

Could you please confirm or correct me if i am wrong ?

Thanks again for your great posts.
Oliver

lagapidis · January 13, 2020, 10:30am

Hello Oliver

Yes, your updated diagram looks correct. It corresponds with the high level description at the following Cisco web site as well:

I will let Rene know to see if he can update this information, or if he has a new lesson planned for this.

Thanks again!

Laz

ReneMolenaar · January 27, 2020, 1:04pm

Thank you Oliver, I’m going to fix this!

Rene

chrisnewnham17 · March 18, 2020, 1:07pm

Also in addition to the above (which isn’t fixed yet ) could you maybe do a lesson on how SD-Access interoperates with traditional campus networks?

It’s on the ENCOR blueprint.

jallen314 · August 17, 2020, 3:52am

DNA center seems to do the same thing as Vmanage. SD-ACCESS seems to have a lot of overlap with SD-WAN. Is the difference that you don’t use SD-ACCESS to connect remote sites?

lagapidis · August 18, 2020, 9:03am

Hello Justin

Yes, these products are very similar as far as what they do. They are indeed products that conform to the Software Defined Infrastructure model where network management is implemented using a centralized Network Management System (NMS). Of course vManage is used for Viptela devices while DNA is used for Cisco.

Both SD-Access and SD-WAN are related in that they are technologies that use software as a method of centralized network management. One deals with the Access layer of a network while the other deals with the WAN. SD-anything is an umbrella term under which both SD-Access and SD-WAN fall under. Just like networking is an umbrella term under which access and WAN networks fall under. It’s the same relation but under different architectures.

So simply put, yes, the difference is that you don’t use SD-access to connect to remote sites, but SD-WAN instead.

I hope this has been helpful!

Laz

alexandersoliz · September 30, 2020, 10:33pm

Same observation here.

neetikachhetri · March 11, 2021, 1:52am

Hello Rene,

I am still not be able to clear myself on LISP role in control plane in SD-Access. Is it only to facilitate routing ?
VXLAN need VTEP IP and VNID to encapsulate data from source and send to destination. Is LISP will facilitate on mapping destination IP to VTEP IP? with the LISP , it need to send IP packet to RLOC and encapsulate original IP packets in the source and destination of RLOC IPs whereas in VXLAN it uses VTEP IP.

Are those VTEP IP considered as RLOC IP addresses while integrating LISP in SD access network? If there is an example on how it works , it would be easy to understand.

I am not able to understand how LISP work with VXLAN. Please help on this.

lagapidis · March 12, 2021, 7:19am

Hello Rupak

The combination of LISP and VXLAN within an SD-Access fabric can get quite involved. The lesson’s purpose was to give a general overview of the concepts involved. I suggest you take a look at this excellent content from a Cisco Live presentation:

Take a look starting from slide 39 which explains in detail the role of LISP in the control plane, and the role of VXLAN on the data plane.

I hope this has been helpful!

Laz

adbose · May 2, 2021, 9:46pm

Hi, in the Cisco ENCOR 350-401 course, Unit 7.3.1 Cisco DNA, Introduction to SD-Access, you provide a username/password to access the Cisco sandbox that contains the DNA Center GUI.

Unfortunately, Cisco now requires an email address.

Please advise.

lagapidis · May 6, 2021, 7:48am

Hello Andrew

It is true that the login method has changed. You can choose to use several options including Google, Facebook, Github, or your Cisco ID if you have one. The access is stil free, but you simply must register to use the service. I will let @ReneMolenaar know to make the update to the lesson.

I hope this has been helpful!

Laz

musalyh · March 24, 2022, 8:33am

Can I test SDA in a devnet sandbox?
I couldn’t find anything related to SDA in the sandbox.

lagapidis · March 28, 2022, 3:42am

Hello YongHun

SD-Access is implemented using several components as stated in the lesson. If you take a look at the following DevNet Sandbox list you will see an option called Cisco DNA Center with ISE. That option is essentially SD-Access in action.

I hope this has been helpful!

Laz

hssnhmdn · January 28, 2023, 6:11pm

Why cisco recommends ISIS as the default underlay protocol in Cisco DNA Center ?

lagapidis · January 30, 2023, 12:00pm

Hello Hassan

According to this Cisco SDA Design Guide, IS-IS is recommended and is required when implementing LAN Automation. LAN Automation is a plug-and-play zero-touch automation of the underlay network, which automatically builds a solid error-free underlay network foundation. Cisco DNA center automatically finds and adds switches to the underlay routing network, which is provisioned with an IS-IS configuration.

Even so, both OSPF and EIGRP are also suitable for use with Cisco DNA as stated in this section of the document mentioned above.

I hope this has been helpful!

Laz

ingkonan · March 15, 2023, 10:41am

Hey there,

When installing a DNAC virtual appliance on ESX, is it mandatory to get a licence for SD -Access lab, preparing CCIE infra practice ?

Thanks for yr help

davidilles · December 14, 2023, 3:08pm

Hello Rene and Laz.

The numbering on this lesson is a little out of place, for ex:

Kind regards,
David

ReneMolenaar · December 18, 2023, 12:27pm

Thanks @davidilles it has been fixed.

castrojuanj · March 6, 2024, 1:55am

@lagapidis

which is the difference between :

4.ISE :

ISE is Cisco’s AAA product and has been out for a while now. ISE applies the policies you create through DNA center.

and

3.3 Provision

This is where we add new devices to the network and where we apply network policies to devices.

And also between :

3.4Assurance

Assurance is where you monitor the entire network. You can see an overview of all network devices, (wireless) clients, and applications. You can monitor the health status and an overview of all issues in the network.

5 NDP

This is a new Cisco product. NDP is the analytics engine that analyzes all your logging information, NetFlow, SNMP, etc. It collects metrics of everything in the fabric, including devices, users, and “things” (Internet of Things). You can monitor everything that NDP collects through DNA center.

I know by intuition that are subtle differences but i can’t differentiate roles/functions (remarked in bold) between them.

Thks in advance.