Using Cisco's DNA Center to Deploy SD-Access
In this article
Deploying Software-Defined Access (SD-Access) to your network can provide consistent management of network provisioning, automate network segmentation and create open integration with third-party solutions. And deploying it just got easier.
Watch this demonstration for a step-by-step guide into how simple it is to design your network, define your policies and provision your infrastructure.
This step integrates the ISE node that controls your TrustSec policies with DNA Center. During this step, you will create several user groups and policies that dictate the access provided to the user groups.
Tell the network what to look like
Instead of configuring specific technologies, you want to build your network based on a workflow.
The first step is to create different geographic regions for your network and apply different settings based on those regions. For each region, you'll want to setup common services like DHCP, DNS and NTP and then apply them to all the devices that are a part of the different regions.
Next, you'll specify CLI credentials, which are used to communicate with existing or new network devices.
Lastly, you'll need to create IP address pools to assign to the user groups. These IP address pools will follow the user as they move throughout the network.
Tell the network what you want it to do
Policies provide access to different services based on groups of people or things. As a user connects to the network, they are associated with a specific segment with access to the appropriate resources. An example of this might be placing corporate employees in a segment that is separate from guest users, while not allowing the two to communicate with each other.
Associate devices with design and policies
Now that your network looks how you want it to and knows what you want it to do, the last step in this deployment is assigning what devices should follow the policies. In this example, this setup is being deployed to existing network devices.
Create new fabric
Next, we will create a "fabric" of devices that will be managed as a single entity, sharing services and policies. Creating the fabric is as simple as clicking on a device and telling it to be the controller or the access edge. The controller is the brains of the fabric and tells the edge devices how to forward traffic. The access edge devices are where the people and things connect.
Allow user connection
Finally, you need to tell the network to identify the people and things. This allows us to segment the users into the right groups and allow them access to the right network resources.
If you're looking to further explore SD-Access and how it can fit into your environment, consider our SD-Access Workshop.