Introduction to SD-Access

This topic is to discuss the following lesson:

Hello Rene,
First, i want to thank you once again for explaining technologies in plain english. This is so much fun reading your posts after all the articles in the internet which poses more confusion.
However i have a question. According to Cisco APIC-EM is end of life ( and the replacement product is DNA Center Appliance.

If i understand it right the picture should look like:

Could you please confirm or correct me if i am wrong ?

Thanks again for your great posts.

Hello Oliver

Yes, your updated diagram looks correct. It corresponds with the high level description at the following Cisco web site as well:

I will let Rene know to see if he can update this information, or if he has a new lesson planned for this.

Thanks again!


Thank you Oliver, I’m going to fix this!


Also in addition to the above (which isn’t fixed yet :smile: ) could you maybe do a lesson on how SD-Access interoperates with traditional campus networks?

It’s on the ENCOR blueprint.

DNA center seems to do the same thing as Vmanage. SD-ACCESS seems to have a lot of overlap with SD-WAN. Is the difference that you don’t use SD-ACCESS to connect remote sites?

Hello Justin

Yes, these products are very similar as far as what they do. They are indeed products that conform to the Software Defined Infrastructure model where network management is implemented using a centralized Network Management System (NMS). Of course vManage is used for Viptela devices while DNA is used for Cisco.

Both SD-Access and SD-WAN are related in that they are technologies that use software as a method of centralized network management. One deals with the Access layer of a network while the other deals with the WAN. SD-anything is an umbrella term under which both SD-Access and SD-WAN fall under. Just like networking is an umbrella term under which access and WAN networks fall under. It’s the same relation but under different architectures.

So simply put, yes, the difference is that you don’t use SD-access to connect to remote sites, but SD-WAN instead.

I hope this has been helpful!


Same observation here.

Hello Rene,

I am still not be able to clear myself on LISP role in control plane in SD-Access. Is it only to facilitate routing ?
VXLAN need VTEP IP and VNID to encapsulate data from source and send to destination. Is LISP will facilitate on mapping destination IP to VTEP IP? with the LISP , it need to send IP packet to RLOC and encapsulate original IP packets in the source and destination of RLOC IPs whereas in VXLAN it uses VTEP IP.

Are those VTEP IP considered as RLOC IP addresses while integrating LISP in SD access network? If there is an example on how it works , it would be easy to understand.

I am not able to understand how LISP work with VXLAN. Please help on this.

Hello Rupak

The combination of LISP and VXLAN within an SD-Access fabric can get quite involved. The lesson’s purpose was to give a general overview of the concepts involved. I suggest you take a look at this excellent content from a Cisco Live presentation:

Take a look starting from slide 39 which explains in detail the role of LISP in the control plane, and the role of VXLAN on the data plane.

I hope this has been helpful!


Hi, in the Cisco ENCOR 350-401 course, Unit 7.3.1 Cisco DNA, Introduction to SD-Access, you provide a username/password to access the Cisco sandbox that contains the DNA Center GUI.

Unfortunately, Cisco now requires an email address.

Please advise.

Hello Andrew

It is true that the login method has changed. You can choose to use several options including Google, Facebook, Github, or your Cisco ID if you have one. The access is stil free, but you simply must register to use the service. I will let @ReneMolenaar know to make the update to the lesson.

I hope this has been helpful!


Can I test SDA in a devnet sandbox?
I couldn’t find anything related to SDA in the sandbox.

Hello YongHun

SD-Access is implemented using several components as stated in the lesson. If you take a look at the following DevNet Sandbox list you will see an option called Cisco DNA Center with ISE. That option is essentially SD-Access in action.

I hope this has been helpful!