Muutke küpsiste eelistusi

Cisco Software-Defined Access [Pehme köide]

4.67/5 (6 hinnangut Goodreads-ist)
, ,
  • Formaat: Paperback / softback, 352 pages, kõrgus x laius x paksus: 230x185x18 mm, kaal: 588 g
  • Sari: Networking Technology
  • Ilmumisaeg: 11-Nov-2020
  • Kirjastus: Cisco Press
  • ISBN-10: 0136448380
  • ISBN-13: 9780136448389
Teised raamatud teemal:
Cisco Software-Defined AccessSuurem pilt
  • Formaat: Paperback / softback, 352 pages, kõrgus x laius x paksus: 230x185x18 mm, kaal: 588 g
  • Sari: Networking Technology
  • Ilmumisaeg: 11-Nov-2020
  • Kirjastus: Cisco Press
  • ISBN-10: 0136448380
  • ISBN-13: 9780136448389
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780136448389.html
Märksõnad:
The definitive Cisco SD-Access resource, from the architects who train Ciscos own engineers and partners



This comprehensive book guides you through all aspects of planning, implementing, and operating Cisco Software-Defined Access (SD-Access). Through practical use cases, youll learn how to use intent-based networking, Cisco ISE, and Cisco DNA Center to improve any campus networks security and simplify its management.

Drawing on their unsurpassed experience architecting solutions and training technical professionals inside and outside Cisco, the authors explain when and where to leverage Cisco SD-Access instead of a traditional legacy design. They illuminate the fundamental building blocks of a modern campus fabric architecture, show how to design a software-defined campus that delivers the most value in your environment, and introduce best practices for administration, support, and troubleshooting.

Case studies show how to use Cisco SD-Access to address secure segmentation, plug and play, software image management (SWIM), host mobility, and more. The authors also present full chapters on advanced Cisco SD-Access and Cisco DNA Center topics, plus detailed coverage of Cisco DNA monitoring and analytics.









Learn how Cisco SD-Access addresses key drivers for network change, including automation and security Explore how Cisco DNA Center improves network planning, deployment, evolution, and agility Master Cisco SD-Access essentials: design, components, best practices, and fabric construction Integrate Cisco DNA Center and Cisco ISE, and smoothly onboard diverse endpoints Efficiently operate Cisco SD-Access and troubleshoot common fabric problems, step by step Master advanced topics, including multicast flows, Layer 2 flooding, and the integration of IoT devices Extend campus network policies to WANs and data center networks Choose the right deployment options for Cisco DNA Center in your environment Master Cisco DNA Assurance analytics and tests for optimizing the health of clients, network devices, and applications
Introduction xvii
Chapter 1 Today's Networks and the Drivers for Change
1(20)
Networks of Today
1(3)
Common Business and IT Trends
4(1)
Common Desired Benefits
5(1)
High-Level Design Considerations
6(4)
Cisco Digital Network Architecture
10(2)
Past Solutions to Today's Problems
12(4)
Spanning-Tree and Layer 2-Based Networks
13(3)
Introduction to Multidomain
16(4)
Cloud Trends and Adoption
18(2)
Summary
20(1)
Chapter 2 Introduction to Cisco Software-Defined Access
21(38)
Challenges with Today's Networks
22(1)
Software-Defined Networking
22(1)
Cisco Software-Defined Access
23(7)
Cisco Campus Fabric Architecture
24(1)
Campus Fabric Fundamentals
25(2)
Cisco SD-Access Roles
27(3)
Network Access Control
30(2)
Why Network Access Control?
31(1)
Introduction to Cisco Identity Services Engine
32(18)
Overview of Cisco Identity Services Engine
32(2)
Cisco ISE Features
34(1)
Secure Access
34(3)
Device Administration
37(1)
Guest Access
38(2)
Profiling
40(5)
Bring Your Own Device
45(1)
Compliance
46(2)
Integrations with pxGrid
48(2)
Cisco ISE Design Considerations
50(4)
Cisco ISE Architecture
50(1)
Cisco ISE Deployment Options
51(1)
Standalone Deployment
51(1)
Distributed Deployment
51(1)
Dedicated Distributed Deployment
52(2)
Segmentation with Cisco TrustSec
54(4)
Cisco TrustSec Functions
54(1)
Classification
55(1)
Propagation
55(2)
Enforcement
57(1)
Summary
58(1)
Chapter 3 Introduction to Cisco DNA Center
59(22)
Network Planning and Deployment Trends
59(1)
History of Automation Tools
60(2)
Cisco DNA Center Overview
62(2)
Design and Visualization of the Network
64(8)
Site Design and Layout
64(5)
Network Settings
69(1)
Wireless Deployments
70(2)
Network Discovery and Inventory
72(5)
Discovery Tool
72(2)
Inventory
74(3)
Device Configuration and Provisioning
77(2)
Summary
79(2)
Chapter 4 Cisco Software-Defined Access Fundamentals
81(30)
Network Topologies
81(1)
Cisco Software-Defined Access Underlay
82(7)
Manual Underlay
83(1)
Automated Underlay: LAN Automation
84(5)
Wireless LAN Controllers and Access Points in Cisco Software-Defined Access
89(1)
Shared Services
90(1)
Transit Networks
91(1)
IP-Based Transit
91(1)
SD-Access Transit
92(1)
Fabric Creation
92(2)
Fabric Location
93(1)
Fabric VNs
94(1)
Fabric Device Roles
94(11)
Control Plane
95(1)
Fabric Borders
96(2)
Border Automation
98(1)
Border and Control Plane Collocation
99(1)
Fabric Edge Nodes
100(3)
Intermediate Nodes
103(1)
External Connectivity
104(1)
Fusion Router
104(1)
Host Onboarding
105(5)
Authentication Templates
105(1)
VN to IP Pool Mapping
106(2)
SSID to IP Pool Mapping
108(1)
Switchport Override
109(1)
Summary
110(1)
References in This
Chapter
110(1)
Chapter 5 Cisco Identity Services Engine with Cisco DNA Center
111(56)
Policy Management in Cisco DNA Center with Cisco ISE
112(10)
Integration of Cisco DNA Center and ISE
113(1)
Certificates in Cisco DNA Center
113(2)
Certificates on Cisco Identity Services Engine
115(1)
Cisco ISE and Cisco DNA Center Integration Process
116(6)
Group-Based Access Control
122(4)
Segmentation with Third-Party RADIUS Server
126(2)
Secure Host Onboarding in Enterprise Networks
128(2)
Endpoint Host Modes in 802.1X
128(1)
Single-Host Mode
128(1)
Multi-Host Mode
128(1)
Multi-Domain Mode
129(1)
Multi-Auth Mode
129(1)
802.1X Phased Deployment
130(6)
Why a Phased Approach?
131(1)
Phase I Monitor Mode (Visibility Mode)
132(1)
Phase II Low-Impact Mode
133(1)
Phase II Closed Mode
134(2)
Host Onboarding with Cisco DNA Center
136(8)
No Authentication Template
137(1)
Open Authentication Template
138(2)
Closed Authentication
140(1)
Easy Connect
141(3)
Security in Cisco Software-Defined Access Network
144(2)
Macro-Segmentation in Cisco SD-Access
144(1)
Micro-Segmentation in Cisco SD-Access
145(1)
Policy Set Overview in Cisco ISE
146(2)
Segmentation Policy Construction in Cisco SD-Access
148(16)
Corporate Network Access Use Case
149(10)
Guest Access Use Case
159(5)
Segmentation Outside the Fabric
164(1)
Summary
164(1)
References in This
Chapter
165(2)
Chapter 6 Cisco Software-Defined Access Operation and Troubleshooting
167(28)
Cisco SD-Access Under the Covers
167(5)
Fabric Encapsulation
167(1)
LISP
168(3)
VXLAN
171(1)
MTU Considerations
172(1)
Host Operation and Packet Flow in Cisco SD-Access
172(9)
DHCP in Cisco SD-Access
172(3)
Wired Host Onboarding and Registration
175(1)
Wired Host Operation
176(1)
Intra-Subnet Traffic in the Fabric
176(3)
Inter-Subnet Traffic in the Fabric
179(1)
Traffic to Destinations Outside of the Fabric
180(1)
Wireless Host Operation
180(1)
Initial Onboarding and Registration
180(1)
Cisco SD-Access Troubleshooting
181(7)
Fabric Edge
182(4)
Fabric Control Plane
186(2)
Authentication/Policy Troubleshooting
188(5)
Authentication
188(2)
Policy
190(1)
Scalable Group Tags
191(2)
Summary
193(1)
References in This
Chapter
193(2)
Chapter 7 Advanced Cisco Software-Defined Access Topics
195(60)
Cisco Software-Defined Access Extension to IoT
196(12)
Types of Extended Nodes
198(1)
Extended Nodes
198(1)
Policy Extended Nodes
198(2)
Configuration of Extended Nodes
200(3)
Onboarding the Extended Node
203(2)
Packet Walk of Extended Cisco SD-Access Use Cases
205(1)
Use Case: Hosts in Fabric Communicating with Hosts Connected Outside the Fabric
205(1)
Use Case: Traffic from a Client Connected to a Policy Extended Node
206(1)
Use Case: Traffic to a Client Connected to a Policy Extended Node
207(1)
Use Case: Traffic Flow Within a Policy Extended Node
207(1)
Multicast in Cisco SD-Access
208(2)
Multicast Overview
209(1)
IP Multicast Delivery Modes
210(1)
Multicast Flows in Cisco SD-Access
210(8)
Scenario 1 Multicast in PIM ASM with Head-End Replication (Fabric RP)
211(2)
Scenario 2 Multicast in PIM SSM with Head-End Replication
213(1)
Scenario 3 Cisco SD-Access Fabric Native Multicast
214(2)
Cisco SD-Access Multicast Configuration in Cisco DNA Center
216(2)
Layer 2 Flooding in Cisco SD-Access
218(3)
Layer 2 Flooding Operation
219(2)
Layer 2 Border in Cisco SD-Access
221(7)
Layer 2 Intersite
224(1)
Layer 2 Intersite Design and Traffic Flow
224(3)
Fabric in a Box in Cisco SD-Access
227(1)
Cisco SD-Access for Distributed Campus Deployments
228(12)
Types of Transit
229(1)
IP Transit
229(1)
Fabric Multisite or Multidomain with IP Transit
230(2)
Cisco SD-Access Transit
232(5)
Cisco SD-WAN Transit
237(1)
Policy Deployment Models in Cisco SD-Access Distributed Deployment
238(2)
Cisco SD-Access Design Considerations
240(12)
Latency Considerations
240(1)
Cisco SD-Access Design Approach
241(1)
Very Small Site
241(1)
Small Site
242(1)
Medium Site
243(1)
Large Site
243(1)
Single-Site Design Versus Multisite Design
244(1)
Cisco SD-Access Component Considerations
245(1)
Underlay Network
246(1)
Underlay Network Design Considerations
246(1)
Overlay Network
247(1)
Overlay Fabric Design Considerations
247(1)
Fabric Control Plane Node Design Considerations
248(1)
Fabric Border Node Design Considerations
248(1)
Infrastructure Services Design Considerations
249(1)
Fabric Wireless Integration Design Considerations
249(1)
Wireless Over-the-Top Centralized Wireless Option Design Considerations
250(1)
Mixed SD-Access Wireless and Centralized Wireless Option Design Considerations
250(1)
Wireless Guest Deployment Considerations
250(1)
Security Policy Design Considerations
251(1)
Cisco SD-Access Policy Extension to Cisco ACI
252(2)
Summary
254(1)
References in This
Chapter
254(1)
Chapter 8 Advanced Cisco DNA Center
255(30)
Cisco DNA Center Architecture and Connectivity
256(3)
Hardware and Scale
256(1)
Network Connectivity
256(2)
High Availability and Clustering with Cisco DNA Center
258(1)
Software Image Management
259(7)
Image Repository
261(1)
Golden Image
262(1)
Upgrading Devices
263(3)
Cisco DNA Center Templates
266(6)
Template Creation
267(2)
Template Assignment and Network Profiles
269(1)
Deploying Templates
270(2)
Plug and Play
272(8)
Onboarding Templates
273(2)
PnP Agent
275(1)
Claiming a Device
276(4)
Cisco DNA Center Tools
280(4)
Topology
280(1)
Command Runner
281(2)
Security Advisories
283(1)
Summary
284(1)
References in This
Chapter
284(1)
Chapter 9 Cisco DNA Assurance
285(22)
Assurance Benefits
285(2)
Challenges of Traditional Implementations
285(1)
Cisco DNA Analytics
286(1)
Cisco DNA Assurance Architecture
287(13)
Cisco DNA Assurance Data Collection Points
289(1)
Streaming Telemetry
290(2)
Network Time Travel
292(1)
Health Dashboards
292(1)
Overall Health Dashboard
293(1)
Network Health Dashboard
294(2)
Cisco SD-Access Fabric Network Health
296(1)
Client Health Dashboard
297(2)
Application Health Dashboard
299(1)
Cisco DNA Assurance Tools
300(6)
Intelligent Capture
300(1)
Anomaly Capture
301(2)
Path Trace
303(1)
Sensor Tests
303(1)
Cisco AI Network Analytics
304(2)
Summary
306(1)
References in This
Chapter
306(1)
Glossary 307(6)
Index 313
Jason Gooley, CCIE No. 38759 (RS and SP), is a very enthusiastic and spontaneous person who has more than 25 years of experience in the industry. Currently, Jason works as a technical evangelist for the Worldwide Enterprise Networking sales team at Cisco Systems. Jason is very passionate about helping others in the industry succeed. In addition to being a Cisco Press author, Jason is a distinguished speaker at CiscoLive, contributes to the development of the Cisco CCIE and DevNet exams, provides training for Learning@Cisco, is an active CCIE mentor, is a committee member for the Cisco Continuing Education Program (CE), and is a program committee member of the Chicago Network Operators Group (CHI-NOG), www.chinog.org. Jason also hosts a show called MetalDevOps. Jason can be found at www.MetalDevOps.com, @MetalDevOps, and @Jason_Gooley on all social media platforms.



Roddie Hasan, CCIE No. 7472 (RS), is a technical solutions architect for Cisco Systems and has 29 years of networking experience. He has been with Cisco for more than 12 years and is a subject matter expert on enterprise networks. His role is supporting customers and account teams globally, with a focus on Cisco DNA Center and Cisco Software-Defined Access. He also specializes in technologies such as MPLS, Enterprise BGP, and SD-WAN. Prior to joining Cisco, Roddie worked in the U.S. federal government and service provider verticals. Roddie blogs at www.ccie.tv and can be found on Twitter at @eiddor.

Srilatha Vemula, CCIE No. 33670 (SEC), is a technical solutions architect for the Worldwide Enterprise Networking Sales team at Cisco Systems. There, she works with account teams and systems engineers to help Cisco customers adopt Cisco DNA Center, Cisco SD-Access, Cisco Identity Services Engine, and Cisco TrustSec. Srilatha has served in multiple roles at Cisco, including technical consulting engineer and security solutions architect. She led the design and implementation of security projects using Cisco flagship security products for key U.S. financial customers.