Roddie Hasan,
Srilatha Vemula,
Jason Gooley
Cisco Software-Defined Access
Paperback Engels 2020 9780136448389
Verwachte levertijd ongeveer 9 werkdagen
Samenvatting
This comprehensive book guides you through all aspects of planning, implementing, and operating Cisco Software-Defined Access (SD-Access). Through practical use cases, youll learn how to use intent-based networking, Cisco ISE, and Cisco DNA Center to improve any campus networks security and simplify its management.
Drawing on their unsurpassed experience architecting solutions and training technical professionals inside and outside Cisco, the authors explain when and where to leverage Cisco SD-Access instead of a traditional legacy design. They illuminate the fundamental building blocks of a modern campus fabric architecture, show how to design a software-defined campus that delivers the most value in your environment, and introduce best practices for administration, support, and troubleshooting.
Case studies show how to use Cisco SD-Access to address secure segmentation, plug and play, software image management (SWIM), host mobility, and more. The authors also present full chapters on advanced Cisco SD-Access and Cisco DNA Center topics, plus detailed coverage of Cisco DNA monitoring and analytics. Learn how Cisco SD-Access addresses key drivers for network change, including automation and security Explore how Cisco DNA Center improves network planning, deployment, evolution, and agility Master Cisco SD-Access essentials: design, components, best practices, and fabric construction Integrate Cisco DNA Center and Cisco ISE, and smoothly onboard diverse endpoints Efficiently operate Cisco SD-Access and troubleshoot common fabric problems, step by step Master advanced topics, including multicast flows, Layer 2 flooding, and the integration of IoT devices Extend campus network policies to WANs and data center networks Choose the right deployment options for Cisco DNA Center in your environment Master Cisco DNA Assurance analytics and tests for optimising the health of clients, network devices, and applications
Specificaties
ISBN13:9780136448389
Taal:Engels
Bindwijze:Paperback
Uitgever:Pearson Education
Serie:Networking Technology
Lezersrecensies
Wees de eerste die een lezersrecensie schrijft!
Inhoudsopgave
<p>Introduction xvii<br><strong>Chapter 1</strong> Today’s Networks and the Drivers for Change 1<br>Networks of Today 1<br>Common Business and IT Trends 4<br>Common Desired Benefits 5<br>High-Level Design Considerations 6<br>Cisco Digital Network Architecture 10<br>Past Solutions to Today’s Problems 12<br> Spanning-Tree and Layer 2–Based Networks 13<br>Introduction to Multidomain 16<br> Cloud Trends and Adoption 18<br>Summary 20<br><strong>Chapter 2</strong> Introduction to Cisco Software-Defined Access 21<br>Challenges with Today’s Networks 22<br>Software-Defined Networking 22<br>Cisco Software-Defined Access 23<br> Cisco Campus Fabric Architecture 24<br> Campus Fabric Fundamentals 25<br> Cisco SD-Access Roles 27<br>Network Access Control 30<br> Why Network Access Control? 31<br>Introduction to Cisco Identity Services Engine 32<br> Overview of Cisco Identity Services Engine 32<br> Cisco ISE Features 34<br> Secure Access 34<br> Device Administration 37<br> Guest Access 38<br> Profiling 40<br> Bring Your Own Device 45<br> Compliance 46<br> Integrations with pxGrid 48<br> Cisco ISE Design Considerations 50<br> Cisco ISE Architecture 50<br> Cisco ISE Deployment Options 51<br> Standalone Deployment 51<br> Distributed Deployment 51<br> Dedicated Distributed Deployment 52<br>Segmentation with Cisco TrustSec 54<br> Cisco TrustSec Functions 54<br> Classification 55<br> Propagation 55<br> Enforcement 57<br>Summary 58<br><strong>Chapter 3</strong> Introduction to Cisco DNA Center 59<br>Network Planning and Deployment Trends 59<br>History of Automation Tools 60<br>Cisco DNA Center Overview 62<br>Design and Visualization of the Network 64<br> Site Design and Layout 64<br> Network Settings 69<br> Wireless Deployments 70<br>Network Discovery and Inventory 72<br> Discovery Tool 72<br> Inventory 74<br>Device Configuration and Provisioning 77<br>Summary 79<br><strong>Chapter 4</strong> Cisco Software-Defined Access Fundamentals 81<br>Network Topologies 81<br>Cisco Software-Defined Access Underlay 82<br> Manual Underlay 83<br> Automated Underlay: LAN Automation 84<br>Wireless LAN Controllers and Access Points in Cisco Software-Defined Access 89<br>Shared Services 90<br>Transit Networks 91<br> IP-Based Transit 91<br> SD-Access Transit 92<br>Fabric Creation 92<br> Fabric Location 93<br> Fabric VNs 94<br>Fabric Device Roles 94<br> Control Plane 95<br> Fabric Borders 96<br> Border Automation 98<br> Border and Control Plane Collocation 99<br> Fabric Edge Nodes 100<br> Intermediate Nodes 103<br> External Connectivity 104<br> Fusion Router 104<br>Host Onboarding 105<br> Authentication Templates 105<br> VN to IP Pool Mapping 106<br> SSID to IP Pool Mapping 108<br> Switchport Override 109<br>Summary 110<br>References in This Chapter 110<br><strong>Chapter 5</strong> Cisco Identity Services Engine with Cisco DNA Center 111<br>Policy Management in Cisco DNA Center with Cisco ISE 112<br> Integration of Cisco DNA Center and ISE 113<br> Certificates in Cisco DNA Center 113<br> Certificates on Cisco Identity Services Engine 115<br> Cisco ISE and Cisco DNA Center Integration Process 116<br>Group-Based Access Control 122<br>Segmentation with Third-Party RADIUS Server 126<br>Secure Host Onboarding in Enterprise Networks 128<br> Endpoint Host Modes in 802.1X 128<br> Single-Host Mode 128<br> Multi-Host Mode 128<br> Multi-Domain Mode 129<br> Multi-Auth Mode 129<br>802.1X Phased Deployment 130<br> Why a Phased Approach? 131<br> Phase I: Monitor Mode (Visibility Mode) 132<br> Phase II: Low-Impact Mode 133<br> Phase II: Closed Mode 134<br>Host Onboarding with Cisco DNA Center 136<br> No Authentication Template 137<br> Open Authentication Template 138<br> Closed Authentication 140<br> Easy Connect 141<br>Security in Cisco Software-Defined Access Network 144<br> Macro-Segmentation in Cisco SD-Access 144<br> Micro-Segmentation in Cisco SD-Access 145<br>Policy Set Overview in Cisco ISE 146<br>Segmentation Policy Construction in Cisco SD-Access 148<br> Corporate Network Access Use Case 149<br> Guest Access Use Case 159<br>Segmentation Outside the Fabric 164<br>Summary 164<br>References in This Chapter 165<br><strong>Chapter 6</strong> Cisco Software-Defined Access Operation and Troubleshooting 167<br>Cisco SD-Access Under the Covers 167<br> Fabric Encapsulation 167<br> LISP 168<br> VXLAN 171<br> MTU Considerations 172<br>Host Operation and Packet Flow in Cisco SD-Access 172<br> DHCP in Cisco SD-Access 172<br> Wired Host Onboarding and Registration 175<br> Wired Host Operation 176<br> Intra-Subnet Traffic in the Fabric 176<br> Inter-Subnet Traffic in the Fabric 179<br> Traffic to Destinations Outside of the Fabric 180<br> Wireless Host Operation 180<br> Initial Onboarding and Registration 180<br>Cisco SD-Access Troubleshooting 181<br> Fabric Edge 182<br> Fabric Control Plane 186<br>Authentication/Policy Troubleshooting 188<br> Authentication 188<br> Policy 190<br> Scalable Group Tags 191<br>Summary 193<br>References in This Chapter 193<br><strong>Chapter 7</strong> Advanced Cisco Software-Defined Access Topics 195<br>Cisco Software-Defined Access Extension to IoT 196<br> Types of Extended Nodes 198<br> Extended Nodes 198<br> Policy Extended Nodes 198<br> Configuration of Extended Nodes 200<br> Onboarding the Extended Node 203<br> Packet Walk of Extended Cisco SD-Access Use Cases 205<br> Use Case: Hosts in Fabric Communicating with Hosts Connected Outside the Fabric 205<br> Use Case: Traffic from a Client Connected to a Policy Extended Node 206<br> Use Case: Traffic to a Client Connected to a Policy Extended Node 207<br> Use Case: Traffic Flow Within a Policy Extended Node 207<br>Multicast in Cisco SD-Access 208<br> Multicast Overview 209<br> IP Multicast Delivery Modes 210<br>Multicast Flows in Cisco SD-Access 210<br> Scenario 1: Multicast in PIM ASM with Head-End Replication (Fabric RP) 211<br> Scenario 2: Multicast in PIM SSM with Head-End Replication 213<br> Scenario 3: Cisco SD-Access Fabric Native Multicast 214<br> Cisco SD-Access Multicast Configuration in Cisco DNA Center 216<br>Layer 2 Flooding in Cisco SD-Access 218<br> Layer 2 Flooding Operation 219<br>Layer 2 Border in Cisco SD-Access 221<br> Layer 2 Intersite 224<br> Layer 2 Intersite Design and Traffic Flow 224<br> Fabric in a Box in Cisco SD-Access 227<br>Cisco SD-Access for Distributed Campus Deployments 228<br> Types of Transit 229<br> IP Transit 229<br> Fabric Multisite or Multidomain with IP Transit 230<br> Cisco SD-Access Transit 232<br> Cisco SD-WAN Transit 237<br> Policy Deployment Models in Cisco SD-Access Distributed Deployment 238<br>Cisco SD-Access Design Considerations 240<br> Latency Considerations 240<br> Cisco SD-Access Design Approach 241<br> Very Small Site 241<br> Small Site 242<br> Medium Site 243<br> Large Site 243<br> Single-Site Design Versus Multisite Design 244<br> Cisco SD-Access Component Considerations 245<br> Underlay Network 246<br> Underlay Network Design Considerations 246<br> Overlay Network 247<br> Overlay Fabric Design Considerations 247<br> Fabric Control Plane Node Design Considerations 248<br> Fabric Border Node Design Considerations 248<br> Infrastructure Services Design Considerations 249<br> Fabric Wireless Integration Design Considerations 249<br> Wireless Over-the-Top Centralized Wireless Option Design Considerations 250<br> Mixed SD-Access Wireless and Centralized Wireless Option Design Considerations 250<br> Wireless Guest Deployment Considerations 250<br> Security Policy Design Considerations 251<br>Cisco SD-Access Policy Extension to Cisco ACI 252<br>Summary 254<br>References in This Chapter 254<br><strong>Chapter 8</strong> Advanced Cisco DNA Center 255<br>Cisco DNA Center Architecture and Connectivity 256<br> Hardware and Scale 256<br> Network Connectivity 256<br> High Availability and Clustering with Cisco DNA Center 258<br>Software Image Management 259<br> Image Repository 261<br> Golden Image 262<br> Upgrading Devices 263<br>Cisco DNA Center Templates 266<br> Template Creation 267<br> Template Assignment and Network Profiles 269<br> Deploying Templates 270<br>Plug and Play 272<br> Onboarding Templates 273<br> PnP Agent 275<br> Claiming a Device 276<br>Cisco DNA Center Tools 280<br> Topology 280<br> Command Runner 281<br> Security Advisories 283<br>Summary 284<br>References in This Chapter 284<br><strong>Chapter 9</strong> Cisco DNA Assurance 285<br>Assurance Benefits 285<br> Challenges of Traditional Implementations 285<br> Cisco DNA Analytics 286<br>Cisco DNA Assurance Architecture 287<br> Cisco DNA Assurance Data Collection Points 289<br> Streaming Telemetry 290<br> Network Time Travel 292<br> Health Dashboards 292<br> Overall Health Dashboard 293<br> Network Health Dashboard 294<br> Cisco SD-Access Fabric Network Health 296<br> Client Health Dashboard 297<br> Application Health Dashboard 299<br>Cisco DNA Assurance Tools 300<br> Intelligent Capture 300<br> Anomaly Capture 301<br> Path Trace 303<br> Sensor Tests 303<br> Cisco AI Network Analytics 304<br>Summary 306<br>References in This Chapter 306<br><strong>Glossary</strong> 307<br>9780136448389 TOC 6/24/2020</p>
Rubrieken
- advisering
- algemeen management
- coaching en trainen
- communicatie en media
- economie
- financieel management
- inkoop en logistiek
- internet en social media
- it-management / ict
- juridisch
- leiderschap
- marketing
- mens en maatschappij
- non-profit
- ondernemen
- organisatiekunde
- personal finance
- personeelsmanagement
- persoonlijke effectiviteit
- projectmanagement
- psychologie
- reclame en verkoop
- strategisch management
- verandermanagement
- werk en loopbaan