What SD-Access Services Can Do for You?
What the Cisco Software-Defined Access (SD-Access) Services can do for you? Accelerate your journey to the new network with SD-Access Services
By automating day-to-day tasks such as configuration, provisioning, and troubleshooting, SD-Access reduces the time it takes to adapt the network, improves issue resolution, and reduces the impact of security breaches. This results in significantly simpler operations and lower costs.
The core components that make up the SD-Access solution are:
● Cisco DNA Center
● Cisco Identity Services Engine (ISE)
● Network platforms: See the following Table
SD-Access Use Cases: Building on the foundation of industry-leading capabilities, SD-Access can now deliver key business-driven use cases that truly realize the promise of a digital enterprise while reducing total cost of ownership.
Use case | Details | Benefits |
Security and segmentation | ● Onboard users with 802.1X, Active Directory, and static authentication ● Group users with Cisco TrustSec (security group tags) ● Automate VRF configuration (lines of business, departments, etc.) ● Traffic analysis using AVC and NetFlow is further enhanced using Encrypted Traffic Analytics (ETA) | ● Reduced time to provision network segmentation and user groups ● Foundation to enforce network security policies ● Ability to detect and intercept threats at line rate (not samples) from the center to the last mile, including all devices on the network edge |
User mobility | ● Single point of definition for wired and wireless users ● Seamless roaming between wired and wireless ● Distributed data plane for wireless access ● Simplified guest provisioning for wired and wireless | ● Management of wired and wireless networks and users from a single interface (Cisco DNA Center) ● Ability to offload wireless data path to network switches (reduce load on controller) ● Scalable fabric-enabled wireless with seamless roaming across campus |
Guest access | ● Define specific groups for guest users ● Create policy for guest users’ resource access (such as Internet access) | ● Simplified policy provisioning ● Time savings when provisioning policies |
IoT integration | ● Segment and group IoT devices ● Define policies for IoT group access and management ● Device profiling with flexible authentication options | ● Simplify deployment of IoT devices ● Reduce network attack surface with device segmentation |
Monitoring and troubleshooting | ● Multiple data points on network behavior (syslog, stats, etc.) ● Contextual data available per user and device | ● Significantly reduce troubleshooting time ● Use rich context and analytics for decision making |
Cloud/data center integration | ● Identity federation allows exchange of identity between campus and data center policy controllers | ● Administrator can define user-to-application access policy from a single interface ● End-to-end policy management for the enterprise ● Identity-based policy enforcement for optimized ACL utilization ● Flexibility when enforcing policy at campus or data center |
Branch integration | ● Create a single fabric across multiple regional branch locations ● Use Cisco routers as fabric border nodes | ● Simplified provisioning and management of branch locations ● Enterprisewide policy provisioning and enforcement |
SD-Access 1.0 Hardware and Software Compatibility Matrix
Fabric edge | Catalyst 9400 Series Switches (Sup1) Catalyst 3850 and 3650 Series Switches Catalyst 4500E Series Switches (Sup8E, Sup9E) | IOS XE 16.6.1 IOS XE 16.6.1 IOS XE 16.6.1 IOS XE 3.10.0E |
Fabric border and control plane | Catalyst 3850 Series Fiber Module Catalyst 6807-XL Switch (Sup6T, Sup2T) Catalyst 6500 Series Switches Catalyst 6880-X Switch Catalyst 6840-X Switch Nexus 7700 Switch (Sup 2E, M3 line cards only) 4000 Series Integrated Services Routers ASR 1000 Series Aggregation Services Cloud Services Router (CSR) 1000V (control plane only) | IOS XE 16.6.1 IOS XE 16.6.1 IOS 15.4(1)SY2 IOS 15.4(1)SY2 IOS 15.4(1)SY2 IOS 15.4(1)SY2 NxOS 8.2(1) IOS XE 16.6.1 IOS XE 16.6.1 IOS XE 16.6.1 |
Subtended node | Catalyst 3560-CX Series Catalyst Digital Building Series | IOS 15.2(6)E IOS 15.2(6)E |
SD-Access wireless | 802.11 Wave 2 access points: Aironet 1800, 2800 and 3800 Series 802.11 Wave 1 access points: Aironet 1700, 2700 and 3700 Series Cisco 3504, 5520 and 8540 Series Wireless Controllers | AireOS 8.5.103.0 AireOS 8.5.103.0 AireOS 8.5.103.0 |
Note:
● Wave 1 access points won’t support the following functions when deployed for SD-Access: IPv6, Application Visibility and Control (AVC), NetFlow.
● A device cannot act as fabric edge and fabric border at the same time.
● A device can act as fabric border and fabric control plane at the same time
More info about the Cisco Software-Defined Access you can read here:
More Related
The Business Benefits of Cisco SD-Access
Why Migrate to Cisco Catalyst 9300 Switches?
Why Migrate to the Cisco Catalyst 9400 Series Switches?
Why Migrate to Cisco Catalyst 9500 Switches?
The New Catalyst 9000 Switches Simplify IoT & Cloud Requirements