Overblog
Edit post Follow this blog Administration + Create my blog
Cisco & Cisco Network Hardware News and Technology

What SD-Access Services Can Do for You?

September 20 2017 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #Cisco Technology - IT News, #IT, #Technology, #Cisco Certification - CCNA - CCNP - CCIE, #Data Center

What the Cisco Software-Defined Access (SD-Access) Services can do for you? Accelerate your journey to the new network with SD-Access Services

By automating day-to-day tasks such as configuration, provisioning, and troubleshooting, SD-Access reduces the time it takes to adapt the network, improves issue resolution, and reduces the impact of security breaches. This results in significantly simpler operations and lower costs.

The core components that make up the SD-Access solution are:

● Cisco DNA Center

● Cisco Identity Services Engine (ISE)

● Network platforms: See the following Table

SD-Access Use Cases: Building on the foundation of industry-leading capabilities, SD-Access can now deliver key business-driven use cases that truly realize the promise of a digital enterprise while reducing total cost of ownership.

Use case

Details

Benefits

Security and segmentation

● Onboard users with 802.1X, Active Directory, and static authentication

● Group users with Cisco TrustSec (security group tags)

● Automate VRF configuration (lines of business, departments, etc.)

● Traffic analysis using AVC and NetFlow is further enhanced using Encrypted Traffic Analytics (ETA)

● Reduced time to provision network segmentation and user groups

● Foundation to enforce network security policies

● Ability to detect and intercept threats at line rate (not samples) from the center to the last mile, including all devices on the network edge

User mobility

● Single point of definition for wired and wireless users ● Seamless roaming between wired and wireless

● Distributed data plane for wireless access

● Simplified guest provisioning for wired and wireless

● Management of wired and wireless networks and users from a single interface (Cisco DNA Center)

● Ability to offload wireless data path to network switches (reduce load on controller)

● Scalable fabric-enabled wireless with seamless roaming across campus

Guest access

● Define specific groups for guest users

● Create policy for guest users’ resource access (such as Internet access)

● Simplified policy provisioning

● Time savings when provisioning policies

IoT integration

● Segment and group IoT devices

● Define policies for IoT group access and management

● Device profiling with flexible authentication options

● Simplify deployment of IoT devices

● Reduce network attack surface with device segmentation

Monitoring and troubleshooting

● Multiple data points on network behavior (syslog, stats, etc.)

● Contextual data available per user and device

● Significantly reduce troubleshooting time

● Use rich context and analytics for decision making

Cloud/data center integration

● Identity federation allows exchange of identity between campus and data center policy controllers

● Administrator can define user-to-application access policy from a single interface

● End-to-end policy management for the enterprise

● Identity-based policy enforcement for optimized ACL utilization

● Flexibility when enforcing policy at campus or data center

Branch integration

● Create a single fabric across multiple regional branch locations

● Use Cisco routers as fabric border nodes

● Simplified provisioning and management of branch locations

● Enterprisewide policy provisioning and enforcement

 

SD-Access 1.0 Hardware and Software Compatibility Matrix

Fabric edge

Catalyst 9300 Series Switches

Catalyst 9400 Series Switches (Sup1)

Catalyst 3850 and 3650 Series Switches

Catalyst 4500E Series Switches (Sup8E, Sup9E)

IOS XE 16.6.1

IOS XE 16.6.1

IOS XE 16.6.1

IOS XE 3.10.0E

Fabric border and control plane

Catalyst 9500 Series Switches

Catalyst 3850 Series Fiber Module

Catalyst 6807-XL Switch (Sup6T, Sup2T)

Catalyst 6500 Series Switches

Catalyst 6880-X Switch

Catalyst 6840-X Switch

Nexus 7700 Switch (Sup 2E, M3 line cards only)

4000 Series Integrated Services Routers

ASR 1000 Series Aggregation Services

Cloud Services Router (CSR) 1000V (control plane only)

IOS XE 16.6.1

IOS XE 16.6.1

IOS 15.4(1)SY2 IOS 15.4(1)SY2 IOS 15.4(1)SY2 IOS 15.4(1)SY2 NxOS 8.2(1)

IOS XE 16.6.1

IOS XE 16.6.1

IOS XE 16.6.1

Subtended node

Catalyst 3560-CX Series

Catalyst Digital Building Series

IOS 15.2(6)E

IOS 15.2(6)E

SD-Access wireless

802.11 Wave 2 access points: Aironet 1800, 2800 and 3800 Series

802.11 Wave 1 access points: Aironet 1700, 2700 and 3700 Series

Cisco 3504, 5520 and 8540 Series Wireless Controllers

AireOS 8.5.103.0 AireOS 8.5.103.0 AireOS 8.5.103.0

Note:

● Wave 1 access points won’t support the following functions when deployed for SD-Access: IPv6, Application Visibility and Control (AVC), NetFlow.

● A device cannot act as fabric edge and fabric border at the same time.

● A device can act as fabric border and fabric control plane at the same time

More info about the Cisco Software-Defined Access you can read here:

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/software-defined-access/solution-overview-c22-739012.pdf

More Related

The Business Benefits of Cisco SD-Access

Why Migrate to Cisco Catalyst 9300 Switches?

Why Migrate to the Cisco Catalyst 9400 Series Switches?

Why Migrate to Cisco Catalyst 9500 Switches?

The New Catalyst 9000 Switches Simplify IoT & Cloud Requirements

 

Share this post
Repost0
To be informed of the latest articles, subscribe:
Comment on this post