LernIX Solutions

Course Overview

This 4-day course is designed to teach network engineers and architects how to configure, manage, and troubleshoot Session Smart Routers.

Juniper Session Smart SD-WAN will teach students how to configure and use a Session Smart Router and Session Smart Conductor.

It starts with an introduction to and then moves on to an introduction to the PCLI and GUI. After that, the students use the GUI to deploy and configure their Session Smart Routers.

They will go from servers with just CentOS installed to a fully deployed network with multiple paths and three Session Smart Routers and one Session Smart Conductor.

Students will then learn how to enable and configure advanced features on their Session Smart Routers. These are features that are not necessary for a Session Smart Routing deployment, but when activated, can be very powerful.

Students will then learn the tools they can use within their Session Smart Conductors and routers to monitor and troubleshoot issues they may be facing.

The students will learn useful commands and options in the GUI and the class will test the students’ abilities to troubleshoot real-life Session Smart Routers issues.

Juniper Session Smart SD-WAN (JSSS) is an intermediate level course.

Course Objectives

Install a Session Smart Router and Session Smart Conductor

• Access Session Smart Routers with both the PCLI and the GUI

• Describe how traffic flows through a Session Smart Router

• Use the PCLI and GUI to operate and maintain their Session Smart Routers

• Route traffic to a datacenter using Session Smart Routers

• Configure an HA pair of Session Smart Routers

• Configure Session Smart Router to interoperate with BGP Peers

• Learn how the Session Smart Router can perform Traffic Engineering

• Know the useful commands and tools to troubleshoot Session Smart Routers

• Know where to go to find more information on APIs

• Know where to go for further resources

Course Content

DAY 1

Course Introduction

• Introduction to the course

Intro to Session Smart Routing

• Introduction to Session Smart Routing

• Review of the Session Smart Routing Data Model

Intro to the PCLI

• Navigating the Session Smart Router with the PCLI

Lab 1: Introduction to the PCLI

Intro to the GUI

• Navigating the Session Smart Router with the GUI

Lab 2: Introduction to the GUI

Backups

• Types of Configuration (Candidate vs. Running)

• Validate and Commit

• Exporting and Importing configurations

Lab 3: Configuration Backup and Restore

DAY 2

Conductor

• Introduction to the Conductor

• Install Conductor using the Session Smart Routing installer

• Authority

• Services

• Tenants

Lab 4: Conductor

Data Center Router

• Deploy a data center router using Zero Touch Provisioning (ZTP)

• Router

• Node

• Device Interface

• Network Interface

Lab 5: Data Center Router

Branch Router

• Deploy a branch router using Zero Touch Provisioning (ZTP)

• Peer

• Adjacency

• Neighborhood

Lab 6: Branch Router

Routing

• Service routes

Lab 7: Routing

Security Policies

• Security Policies

Lab 8: Security Policies

DAY 3

Upgrades

• Upgrades

Multiple WAN

• Service Policies

• Vectors

• Configure and apply multiple paths from branch to data center

Lab 9: Multiple WAN Links

High Availability

• Theory of HA

• Dual-Node HA

• Redundancy groups

Lab 10: High Availability

Traditional Routing

• BGP

• BGP over SVR

• Appendix: Route Filters and Policies

Lab 11: Traditional Routing

DAY 4

Notification Interfaces

• Alarms and Events

• SNMP

• API

Lab 12: Notification Interfaces

Investigative Interfaces

• Monitoring Agent

• Troubleshooting using the PCLI

• Troubleshooting using the GUI

• Packet Captures

• Logs and Architectural Design

Lab 13: Investigative Interfaces

Course Overview

Configuring BGP on Cisco Routers provides students with an in-depth knowledge of Border Gateway Protocol (BGP), a routing protocol that is one of the foundations of the Internet and New World technologies such as Multiprotocol Label Switching (MPLS).

This course focuses on the theory of BGP, the configuration and troubleshooting of BGP on Cisco IOS routers. Extensive use of hands on labs has been incoporated into this curriculum to ensure learners have the skills required to configure and troublshoot BGP networks in customer environments.

Each student will have their own virtual pod of equipment with access to the labs 24×7 for 90 days.

This course is worth 40 Credits in the Continuing Education Program

Course Objectives

After you complete this course you will be able to:

Describe how to configure, monitor and troubleshoot basic BGP to enable interdomain routing in a network scenario with multiple domains.
Describe how to use BGP policy controls to influence the route selection process in a network scenario where you must support connections to multiple ISPs.
Describe how to use BGP attributes to influence the route selection process in a network scenario where you must support multiple connections.
Describe how to successfully connect the customer network to the Internet in a network scenario in which multiple connections must be implemented.
Describe how to configure the service provider network to behave as a transit AS in a typical implementation with multiple BGP connections to other autonomous systems.
Enable route reflection and confederations as possible solutions to BGP scaling issues in a typical service provider network with multiple BGP connections to other autonomous systems.
Describe the available BGP tools and features to optimize the scalability of the BGP routing protocol in a typical BGP network.

Course Content

Introducing BGP

Interdomain Routing
Why External Routing Protocols?
BGP Characteristics
BGP Development Considerations
Single-Homed Customers
Multihomed Customers
Transit Autonomous Systems

Exploring BGP Path Attributes

BGP Path Attributes
Well-Known BGP Attributes
Optional BGP Attributes
AS-Path Attribute
Next-Hop Attribute

Establishing BGP Sessions

BGP Neighbor Discovery
Establishing a BGP Session
BGP Keepalives
MD5 Authentication

Processing BGP Routes

Receiving Routing Updates
Building the BGP Table
BGP Route Selection Criteria
BGP Route Propagation
Building the IP Routing Table
Advertising Local Networks
Automatic Summarization

Configuring Basic BGP

BGP Routing Process
Configuring External Neighbors
Announcing Networks in BGP
Redistributing Routes into BGP
BGP Conditional Route Injection
BGP Support for TTL Security Check
Multihomed Customer Problem

Monitoring and Troubleshooting BGP

Monitoring Overall BGP Routing
Monitoring BGP Neighbors
Monitoring the BGP Table
Debugging BGP
BGP Session Startup Problems
BGP Neighbor Not Reachable
BGP Neighbor not Configured
BGP AS Number Mismatch

Working with Transit AS

Transit AS Tasks
External Route Propagation
Internal Route Propagation
Packet Forwarding in an AS
Core Router IBGP Requirements in a Transit AS

Interacting with IBGP and EBGP in a Transit AS

AS Path Processing in IBGP
Multipath Load Sharing in BGP
BGP Split Horizon
IBGP Full Mesh
IBGP Neighbors
IBGP Next-Hope Processing
Transit Network Using edge Routers as Next Hops Example
Differences Between EBGP and IBGP
Scalability Limitations of IBGP-Based Transit Backbones

Forwarding Packets in a Transit AS

Packet Forwarding in a Transit AS
Recursive Lookup in Cisco IOS Software
Routing Protocols in a Transit AS
BGP and IGP Interaction
Problems with BGP and IGP Interaction

Monitoring and Troubleshooting IBGP in a Transit AS

Monitoring IBGP
Common IBGP Problems
Troubleshooting IBGP Session Start-Up Issues
Troubleshooting IBGP Route Selection Issues
Troubleshooting IBGP Sychronization Issues

Using Multihomed BGP Networks

Business Requirements for Multihomed BGP Networks
Technical Requirements for Multihomed BGP Networks
BGP Route Selection
Multihomed Customer Routing Policies
Influencing BGP Route Selection
Transit Traffic Issue
Routing Update Reliability Issue
Return Traffic Issue

Employing AS Path Filters

AS Path Filtering Services
AS Path Regular Expressions
String Matching
Applying AS Path Filters
Configuring BGP AS Path Filters
Monitoring AS Path Filters

Filtering with Prefix Lists

Requirements for Prefix-Based Filters
Prefix Lists vs IP Access Lists
Configuring Prefix Lists
BGP Filters Implementation
Implementing Prefix Lists in the BGP Process
Modifying Prefix Lists
Monitoring Prefix Lists

Using Outbound Route Filtering

Outbound Route Filtering
Inbound vs Outbound Filtering Example
BGP Prefix-Based Outbound Route Filtering
Outbound Route Filter Message
Configuring Outbound Route Filtering
Using Outbound Route Filtering

Applying Route Maps as BGP Filters

Route Map Overview
BGP Route Map Policy List Support
BGP Route Map Continue
Prefix List Use in Route Maps
BGP Filters
Using Route Maps as BGP Filters

Implementing Changes in BGP Policy

Traditional Filtering Limitations
BGP Soft Reset Enhancement
Route Refresh
Configuring Route Refresh
Monitoring Route Refresh

Influencing BGP Route Selection with Weights

BGP Route Selection Criteria
Influencing BGP Route Selection
Configuring Per-Neighbor Weights
Changing Weights with Route Maps
BGP Route Selection and Filtering Tools Summary

Setting BGP Local Preference

Consistent Route Selection Within the AS
BGP Local Preference
Configuring Default Local Preference
Monitoring Local Preference
Configuring Local Preference with Route Maps

Using AS Path Prepending

Return Path Selection in a Multhomed AS
AS Path Prepending
AS Path Prepending Design Considerations
BGP Hide Local-Autonoumous System

Exploring the BGP MED

Selecting the Proper Return Path
MED Progression in a BGP Network
Changing the MED
Troubleshooting the MED
Advanced MED Considerations

Addressing BGP Communities

Selecting the Proper Return Path
BGP Communities Overview
Using Communities
Configuring BGP Communities
BGP Named Community Lists
BGP Cost Community
BGP Link Bandwidth Feature
BGP Support for Sequenced Entries in Extended Community Lists

Exploring Customer-to-Provider Connectivity Requirements

Customer-to-Provider Connectivity Types
Customer Redundant Connectivity
Customer-to-Provider Routing Schemes
Customer Routing Schemes
Customer Addressing Schemes
Customer Addressing Requirements
Customer AS Number Allocation

Implementing Customer Connectivity Using Static Routing

When to Use Static Routing ?
Characteristics of Static Routing
Designing Static Route Propagation in a Service Provider Network
BGP Backup with Static Routes
Floating Static Routes with BGP
Load Sharing with Static Routes

Connecting a Customer to a Single Service Provider

BGP Configuration on Customer Routes
Conditional BGP Advertising in Customer Networks
BGP Configuration on Service Provider Routers
Removing Private AS Numbers
BGP Support for Dual AS Configuration for Network AS Migrations
Backup Solutions with BGP
Load Sharing
Load Sharing with BGP Multipath
Load Sharing wth EBGP Multihop

Connecting a Multihomed Customer to Multiple Service Providers

BGP Configuration for Multihomed Customers
Multihomed Customer Address Space Selection
Multihomed Customer AS Number Selection
AS Number Translation
Primary and Backup Link Selection
BGP Incoming Link Selection
Load Sharing with Multiple Providers

Scaling IGP and BGP in Service Provider Networks

Common Service Provider Network
Route Propagation in Service Provider Networks
Scaling Service Provider Routing Protocols
Scaling Service Provider Addressing

Introducing Route Reflectors

IBGP Scalability Issues in a Transit AS
Route Reflector Split-Horizon Rules
Redundant Route Reflectors
Route Reflectors Clusters
Additional Route Reflector Loop-Prevention Mechanisms
Network Design with Route Reflectors
Potential Network Issues
Hierachical Route Reflectors
Route Reflector Backbone Migration
Configuring Route Reflectors

Improving BGP Convergence

BGP Convergence
BGP Processes
CPU Effects of BGP Processes
Improving BGP Convergence
PMTU Discovery
Increasing Input Queue Depth
BGP Prefix Independent Convergence
BFD for BGP
BGP Nonstop Forwarding Awareness
BGP Scan Time
BGP Advertisement Interval
BGP Keepalive and Hold-Down Timers

Optimizing BGP Scalability

BGP Route Limiting
Configuring BGP Route Limiting
BGP Peer Groups Overview
BGP Peer Groups as a Performance Tool
BGP Peer Group Limitations
Configuring BGP Peer Groups
BGP Peer Group Configuration Examples
BGP Dynamic Update Peer Groups Feature
BGP Peer Templates Overview
BGP Peer Templates Inheritance
BGP Peer Templates Configuration
BGP Route Dampening
BGP Route Dampening Operation
Configuring BGP Route Dampening

Labs

Discovery 1: Configure Basic BGP
Discovery 2: Announce Networks in BGP
Discovery 3: Implement the BGP Support for TTL Security Check Feature
Discovery 4: Configure a Basic BGP Network
Discovery 5: BGP Route Propagation
Discovery 6: IBGP Full Mesh
Discovery 7: BGP Administrative Distance
Discovery 8: Configure a Transit AS
Discovery 9: Configure Non-Transit Autonomous System
Discovery 10: Filter Customer Prefixes
Discovery 11: Prefix-Based Outbound Route Filtering
Discovery 12: Configure Route Maps as BGP Filters
Discovery 13: Configure BGP Using BGP Filtering
Discovery 14: Configure Per-Neighbor Weights
Discovery 15: Configure and Monitor Local Preference
Discovery 16: Configure Local Preference Using Route Maps
Discovery 17: Configure AS Path Prepending
Discovery 18: Configure the MED
Discovery 19: Configure Local Preference Using the Communities
Discovery 20: Configure BGP Route Selection Using BGP Attributes
Discovery 21: Configure Route Reflector
Discovery 22: Implement Route Reflector Configurations
Discovery 23: Configure BGP Route Limiting
Discovery 24: Configure BGP Peer Groups
Discovery 25: Configure BGP Route Dampening

Course Overview

The Configuring and Operating Cisco EPN Manager (EPNM100) v4.0 course shows you how to create efficient and agile network management through automated device operations, fast provisioning install, network configuration, dashboard management, and device management using Cisco© Evolved Programmable Network (EPN) Manager. Through a combination of lessons and hands-on labs, you will learn to maximize the benefits of the Cisco EPN Manager as a simplified, flexible, and cost-effective end-to-end lifecycle management solution for network provisioning, and network assurance management for today’s converging packet and optical multilayer networks.

Course Objectives

After taking this course, you should be able to:

Describe Cisco EPN Manager’s features and navigate the Cisco EPN Manager’s user interface
Understand the network inventory, topologies, and circuits
Manage dashboards, alarms, and events
Create and interpret reports
Distinguish the system requirements for Cisco EPN Manager, and procedures for new installations, upgrades, licensing, and high availability
Manage device groups and virtual domains
Establish user accounts and their role-based access to EPN Manager’s features and devices
Configure and combine devices
Perform backups and restores
Manage data retention, purging, and software updates
Monitor system health and performance
Update and manage software images
Archive, review, and restore configuration files
Configure Quality of Service (QoS) actions and policies
Configure devices using templates
Perform compliance audits
Configure monitoring policies
Provision Carrier Ethernet services
Provision Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) services
Provision Circuit Emulation (CEM) services
Provision an Optical Channel Network Connection (OCHNC) circuit
Provision an Optical Channel Client Connection (OCHCC) circuit
Provision an optical Media Channel Group with an OCHCC circuit
Describe how Cisco EPN Manager can work with Cisco Network Services Orchestrator (NSO) to provide automated service provisioning

Course Content

Exploring Cisco EPN Manager

Cisco EPN Manager Overview
Cisco EPN Manager Key Features

Viewing Devices and Inventory

Device Types
View Devices

Viewing Network Topologies and Circuits

Topology Map Basics
Change Information Displayed

Using Dashboards

Dashboards Overview
Customize Dashboards

Managing Alarms and Events

Alarms and Events Overview
View Alarms and Events

Generating Reports

Report Fundamentals
Create and Schedule Reports

Performing Basic Administration

Installation Basics
Perform Server Setup

Adding Devices

Device Management Fundamentals
Add a Device Manually
Add User-Defined Fields

Backup and Restoring

Backup Fundamentals
Schedule a Backup

Performing System Maintenance

Software Updates
Data Retention and Purging

Software Image Management (SWIM)

Software Image Management Fundamentals
Setting Up Software Image Management

Configuration Management

Configuration Management Fundamentals
Archive Setup

Configuring QoS

QoS Basics
Create a Classification Profile

Configuring Devices with Templates

Device Configuration Methods
Template Basics

Performing Compliance Management

Compliance Audit Basics
Compliance Policy Basics

Monitoring with Policies

Monitoring Policy Fundamentals
Edit a Monitoring Policy

Circuit and Video Conferencing (VC) Fundamentals

Circuit Provisioning Basics
Supported Service Types

Provisioning Carrier Ethernet Services

Provision a Carrier Ethernet Service
Verify a Service

Provisioning Cisco MPLS Traffic Engineering Services

Cisco MPLS TE Service Basics
Provision a Cisco MPLS TE Service

Provisioning Circuit Emulation Services

Circuit Emulation Services Basics
Provision a CEM Service

Provisioning an OCHNC Circuit

OCHNC Circuit Basics
Set Up Devices for Circuit

Provisioning an Optical OCHCC Circuit

OCHCC Circuit Basics
Set Up Devices for Circuit

Provisioning a Media Channel Group with an OCHCC Circuit

Media Channel Group with OCHCC Basics
Provision a Media Channel Group

Introducing Cisco EPN Manager with Cisco NSO

Cisco EPN Manager with Cisco NSO Basics
For More Information

Lab outline

Access and Navigation
View Devices and Device Details
View Maps, Topologies, and Circuits
View and Customize Dashboards
Manage Alarms and Events
Generate Reports
Basic Administration
Add Devices to the Inventory
Backups
Basic Maintenance
Software Image Management
Configuration Management
Configure QoS
Configure Devices with Templates
Compliance Management
Monitor with Policies
Provision a Carrier Ethernet Service
Provision and MPLS Traffic Engineering Service
Provision a Circuit Emulation Service
Set Up, Provision, and Monitor an OCHNC Circuit
Set Up, Provision, and Monitor a Media Channel with OCHCC

Course Overview

The Official CompTIA IT Fundamentals (ITF+) (Exam FC0-U61) will provide students with the fundamental IT skills and concepts required to identify and explain the basics of computing, IT infrastructure, software development, and database use.

In addition, students will acquire the essential skills and information they need to set up, configure, maintain, troubleshoot, and perform preventative maintenance of the hardware and software components of a basic personal computer workstation and basic wireless devices.

Students will also learn to implement basic security measures and implement basic computer and user support practices as well as prepare candidates to take the CompTIA IT Fundamentals (ITF+) certification exam.

Course Objectives

After completing this course you should be able to:

Install software
Establish basic network connectivity
Identify/prevent basic security risks
Explain troubleshooting theory and preventative maintenance of devices

Course Content

Module 1: Using Computors

Common Computing Devices
Using a Workstation
Using an OS
Managing and OS
Troubleshooting and Support

Module 2: Using Apps and Databases

Using Data Types and Units
Using Apps
Programming and App Development
Using Databases

Module 3: Using Computer Hardware

System Components
Using Device Interfaces
Using Peripheral Devices
Using Storage Devices
Using File Systems

Module 4: Using Networks

Networking Concepts
Connecting to a Network
Secure Web Browsing
Using Shared Storage
Using Mobile Devices

Module 5: Security Concepts

Security Concerns
Using Best Practices
Using Access Controls
Behavioural Security Concepts

Course Overview

The ClearPass Essentials 6.5 instructor led course provides participants with a foundation in Network Access Control using the ClearPass product portfolio. This 5-day classroom session includes both modules and labs covering major features of the ClearPass portfolio. Students will learn how to set up ClearPass as a AAA server and configure the Policy Manager, Guest, OnGuard, and OnBoard feature sets. In addition, the content will cover integration with external Active Directory servers, Monitoring, and Reporting, as well as deployment best practices.

Course Content

Module 1: Introduction to ClearPass

Module 2: ClearPass for AAA

Module 3: External Authenitification

Module 4: Guest

Module 5: OnBoard

Module 6: Endpoint Analysis

Module 7: Posture

Module 8: Operations and Admin Users

Module 9: Clustering and Redundancy

Course Overview

This 5-day training course explores the capabilities of the Cisco Software Defined Access (SDA) solution. Students will learn how to implement SDA for different solution verticals. It also addresses the details of how to operate and troubleshoot the different capabilities of the underlying solution components.

Virtual Learning

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

Course Objectives

Upon completion of this course, the student should be able to meet these overall objectives:

Articulate the value of Cisco SDA Use Cases including, for example: saving operational and management cost to maintain and support ever growing network infrastructure; central security policy to comply to regional or global regulatory requirements and enterprise security policy; deliver best-in-class services to end-users; leveraging networking insights and trends to optimize business process and workflows. Some real scenarios such as supporting multi-mode collaboration within shared workspaces in life sciences; accelerating the deployment of “pop-up” sites for emergency medical purposes; creating integrated building management solutions; zero-touch day 0 network turn-up of additional sites, rapid response to network threat and vulnerabilities, and similar.
Describe the technical capabilities of Cisco DNA Center and how they are applied in SDA Use Cases. This includes the lifecycle stages of network device discovery, assigning network devices to sites, network design options, provisioning, software image management, building a fabric, segmentation design, assurance, application policy, etc.
Set up an SDA environment, integrating Cisco Identity Services Engine (ISE) and other solution components as required.
Apply troubleshooting methods, processes, tips to resolve implementation and maintenance issues of the following aspects of the technical solution:
- Device Onboarding, including device discovery, Plug-and-Play and LAN Automation
- Network design settings, including sites, AAA, SNMP, Syslog, IP address pools, image management, network profiles, and authentication templates
- Policies for access control, applications and virtual networks
- Provisioning, including template-based provisioning for day 0 and day N Operations
- Network Segmentation, including the application of Cisco TrustSec security with Scalable Group Tags (SGTs) and Virtual Networks
- Assurance to monitor network, endpoint, and applications to ensure best user Experience
- Integration of ServiceNow for an integrated IT service management lifecycle
- Integration of InfoBlox for integrated IPAM

Course Content

Module 1: Introduction to Cisco’s Software Defined Access (SD-Access)

Understanding Cisco Intent-Based Networking
Understanding Cisco SDA Use Cases customer’s benefits including business and technical outcomes and capabilities
Cisco DNA Center Introduction
SD-Access Overview
SD-Access Benefits
SD-Access Key Concepts
SD-Access Main Components:
- Fabric Control Plane Node
- Fabric Border Node
- Fabric Edge Node
- Fabric Wireless LAN Controller and Fabric Enabled Access Points
Cisco DNA Center Automation
Cisco ISE (Policy)
Cisco StealthWatch (Traffic Analysis)
DNA Center Assurance

Module 2: Deployment and Initial setup for the Cisco DNA-Center

Cisco DNA-Center Appliances
Cisco DNA-Center Deployment Models
- Single Node Deployment
- Clustered Deployment
Installation Procedure
Initial Setup and Configuration
GUI Navigation

Module 3: SDA – Design

Network design options
Sites
Creating Enterprise and Sites Hierarchy
Configuring General Network Settings
Loading maps into the GUI
IP Address Management
Software Image Management
Network Device Profiles
AAA
SNMP
Syslog
IP address pools
Image management
Creating Enterprise and Guest SSIDs
- Creating the wireless RF Profile
- Cresting the Guest Portal for the Guest SSIDs
Network profiles
Authentication templates

Module 4: SDA – Policy

2-level Hierarchy
- Macro Level: Virtual Network (VN)
- Micro Level: Scalable Group (SG)
Policy
- Policy in SD-Access
- Access Policy: Authentication and Authorization
- Access Control Policy
- Application Policy
- Extending Policy across domains
- Preserving Group Metadata across Campus, WAN and DC
- Enforcing policy in Firewall domains
- Cross Domain Policies

Module 5: SDA – Provision

Devices Onboarding
- Lifecycle stages of network device discovery
- Discovering Devices
- Assigning Devices to a site
- Provisioning device with profiles
- Plug-and-Play
- LAN Automation
Templates
- Templates for day 0
- Templates for day N operations
IP Transits
- How to connect the Fabric Sites to the external network
- Creating the IP Transit
- Considerations for a SD-Access Border Node Design
- BGP Hand-Off Between Border and Fusion
Fabric Domains
- Understanding Fabric Domains and Sites
- Using Default LAN Fabric Domain
- Creating Additional Fabric Domains and Sites
Adding Nodes
- Adding Fabric Edge Nodes
- Adding Control Plane Nodes
- Adding Border Nodes

Module 6: SDA – Assurance

Overview of DNA Assurance
Cisco DNA Center Assurance- Use Cases Examples
Network Health & Device 360
Client Health & Client 360
Application Health & Application 360
Cisco SD- Application Visibility Control (AVC) on DNA-Center
Proactive troubleshooting using Sensors

Module 7: Cisco SD-Access Distributed Campus Design

Introduction to Cisco SD-Access Distributed Campus Design – The Advantage?
Fabric Domain vs Fabric Site
SD-Access Transits:
- IP-Based Transit
- Cisco SD-Access Transit
- Cisco SD-WAN Transit
Deploying the Cisco Distributed Campus with SD-Access Transit
- Site considerations
- Internet connectivity considerations
- Segmentation considerations
- Role of a Cisco Transit Control Plane
Cisco SD-Access Fabric in a Box
- The need for FiaB
- Deploying the FiaB

Module 8: Cisco SD-Access Brownfield Migration

Cisco SD-Access Migration Tools and Strategies
Two Basic Approaches:
- Parallel Deployment Approach
- Incremental Deployment Approach
Integration with existing Cisco ISE in the network – Things to watch out for!
Choosing the correct Fusion Device
- Existing Core as Fusion
- Firewall as Fusion
When do you need the SD-Access Layer-2 Border?
- L2 Border – Understanding the requirement
- Designing and Configuring the L2 Border
- L2 Border – Not a permanent solution

Module 9: Cisco DNA Center Automation- Use Cases Examples

DAY0: Onboarding new devices using Zero Touch Deployment
DAY1: Configurations using Templates
DAYN: Security Advisories based on Machine Reasoning Engine
DAYN: Simplified Software Management based on Golden Images
DAYN: Defective Device Replacement – RMA

Module 10: 3rd Party Integrations

ServiceNow
- Integration
- Management
InfoBlox IPAM
- Integration
- Management

Module 11: Specific Use Cases

Use Case: STACK LAN Automation
Use Case: Silent Hosts
Use Case: Wake on LAN
Use Case: The need for L2 flooding
Use Case: Multicast in the SD-Access Fabric

Module 12: Cisco SD-Access Multi-Domain Integrations

Cisco SD-Access to ACI Integrations
- Phase-1: Policy Plane Integration
- Phase-2: Data Plane Integration
Cisco SD-Access to Cisco SD-WAN Integrations
- What is possible today? SD-WAN Transit setup.
- Phase-1: The one box solution
- Phase-2: The two box solution

Module 13: Troubleshooting

Fabric
Layer 3 forwarding
Layer 2 forwarding
Multicast Forwarding
Security in the Fabric
Troubleshooting Multi-Site Deployments

Course Overview

SDWSEC is a 3-day Cisco SD-WAN training targeted to engineers and technical personnel involved in designing, deploying, operating, and securing SD-WAN solutions both in enterprise and Service Provider environments. This training is specifically designed for partners and customers implementing secure Cisco SD-WAN integrated with the complete feature set of Cisco Umbrella including DNS Security, Cloud Based Firewall and Secure Internet Gateway. The course walks you through how each integration works and how to design and implement it step-by-step.

Virtual Learning

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

Course Objectives

After completing this course you should be able to:

Describe SD-WAN Architecture
Design Cisco SD-WAN Branch Security
Implement Cisco SD-WAN Secure Internet and Cloud Access
Integrate and Troubleshoot Cisco SD-WAN with a SASE Solution

Course Content

Module 1: Cisco SD-WAN Introduction

High-level Cisco SD-WAN Deployment models
Application-level SD-WAN solution
Cisco SDWAN plan for HA and Scalability
Cisco SD-WAN solution components: vManage NMS, vSmart Controller, vBond Orchestrator
Edge Routers (cEdge, vEdge, and Catalyst 8K)
Cloud Based Deployment vs On-Premises Deployment

Module 2: Zero Touch Provisioning

Overview
User Input Required for the ZTP Automatic Authentication Process
Authentication between the vBond Orchestrator and WAN Edges
Authentication between the Edge Routers and the vManage NMS
Authentication between the vSmart Controller and the Edge Routers

Module 3: Cisco SD-WAN Solution

Overlay Management Protocol (OMP)
Cisco SDWAN Circuit Aggregation Capabilities
Secure Connectivity in Cisco SD-WAN
Performance Tracking Mechanisms
Application Discovery
Dynamic Path Selection
Performance Based Routing
Direct Internet Access
Advanced Routing (OSPF, BGP, LISP, VXLAN, MPLS)
Application Aware Routing
Localized and Centralized Policies (Data and Control)
Cisco SD-WAN In-built Security features: App Aware FW, Talos IPS, URL Filtering, Umbrella Integration, and Advanced Malware Protection.
Dynamic Cloud Access: Cloud On-Ramp for SaaS and IaaS (AWS, Azure & GPC)
API and Programmatic Interaction via Python

Module 4: Deeper Insight into Cisco SD-WAN Security

Designing Security Requirements within Cisco SD-WAN
DIA Security
Direct Cloud Access Security
Guest User Security
Compliance Requirements
Security Implementation at the Branch Site
Implementing Zone Based Firewalls on Cisco WAN Edge
Implementing UTD on Cisco WAN Edge
Configuring URL Filtering
Configuring Snort IPS
Best Practices for UTD setup (Based on production deployment experiences)
Implementing Advanced Malware Protection
Configuring AMP
Overview of integration with Threat Grid

Module 5: Designing and Implementing DNS Security

Pre-requisite check before integrating Umbrella with Cisco SD-WAN
Making sure you have the correct licensing
Platform support check
Internet Connectivity check
Walking through the Umbrella Dashboard
Dashboard Overview
DNS Policy GUI Overview
Firewall Policy GUI Overview
Web Policy GUI Overview
Umbrella AD/SAML Integration Overview (optional)
Integrating Cisco Umbrella for DNS Security
Umbrella API Integration
Configuring the DNS Encryption
Excluding the local domains
Configuring the Security Policy in vManage
Implementing the policy at the DIA Sites
Verification
Checking the logs on Umbrella Dashboard
Checking the vManage Security Dashboard

Module 6: Cisco SD-WAN and Cisco Umbrella SIG Integration

SIG Integration Overview
Configuring Cisco vManage Templates for SIG Tunnel Creation

– Using the pre-configured Feature Templates in vManage 20.X

Adding the SD-WAN Routers and Sites in Umbrella Identities

– Validate that the routers show up from the Umbrella Dashboard

Designing and Configuring Policy for SIG Redirection

– Setting up the vSmart Centralized Policies for SIG Redirection on DIA Traffic

Verification

– Checking the logs on Umbrella Dashboard

– Checking the vManage Security Dashboard

Module 7: Cisco SD-WAN and Cisco Umbrella Cloud Firewall Integration

Umbrella Cloud Firewall Integration Overview
Configuring Cisco vManage Templates for Firewall Tunnel Creation

– Using the pre-configured Feature Templates in vManage 20.X

Adding the SD-WAN Routers and Sites in Umbrella Identities

– Validate that the routers show up from the Umbrella Dashboard

Designing and Configuring Policy for Firewall Redirection

– Setting up the vSmart Centralized Policies for Umbrella FW Redirection on DIA Traffic

Verification

– Checking the logs on Umbrella Dashboard

– Checking the vManage Security Dashboard

Module 8: Troubleshooting Umbrella Integration

Troubleshooting DNS Security

– API Integration not working

– DNS for local domain failing

– No redirection to Cisco Umbrella for external domains

Troubleshooting SIG and Firewall

– Making sure the IPSec Tunnels to Umbrella are operational

– Troubleshooting the vManage policies for redirection

– Load balancing using vManage policies

– Reviewing logs in Umbrella

Checking Alarms and Notifications

– Checking Alarms on vManage

– Checking Alarms on Cisco Umbrella

Course Overview

SD-WAN: Advanced Operations & Troubleshooting Bootcamp focuses on the Cisco Software-Defined WAN (SD-WAN) solution. It is an overlay architecture that overcomes the biggest drawbacks of a traditional WAN. Students will be able to operate a Cisco SD-WAN over any transport (MPLS, Broadband, LTE, VSAT etc.) and provide troubleshooting, management, policy control and application visibility across the enterprise. This hands-on Course covers the Cisco SD-WAN product and contains extensive labs to reinforce the knowledge learned.

Virtual Learning

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

Course Objectives

After completing this course you should be able to :

Describe how to deploy SD-WAN
Configure a SD-WAN environment
Deploy Zero-Touch provisioning
Implement SD-WAN security
Configure SD-WAN policies
Operate SD-WAN devices and software
Troubleshoot a SD-WAN environment

Course Content

Cisco SD-WAN Introduction

High-level Cisco SD-WAN Deployment models
Application level SD-WAN solution
Cisco SDWAN high availability solution
Cisco SD-WAN Scalability
Cisco SD-WAN Solution Benefits

Cisco SD-WAN Orchestration

Introduction
vManage NMS
vSmart Controller
vBond Orchestrator
Controller Resiliency Architecture

Site Architecture and Deployment Models

Site Capabilities
vEdge Router
vEdge form factors

Zero Touch Provisioning

Overview
User Input Required for the ZTP Automatic Authentication Process
Authentication between the vBond Orchestrator and a vEdge Router
Authentication between the vEdge Router and the vManage NMS
Authentication between the vSmart Controller and the vEdge Router

Cisco SD-WAN Solution

Overlay Management Protocol (OMP)
Cisco SDWAN Circuit Aggregation Capabilities
Secure Connectivity in Cisco SD-WAN
Performance Tracking Mechanisms
Application Discovery
Dynamic Path Selection
Performance Based Routing
Dynamic Cloud Access

Operations Best Practices

Config: Test Configuration Changes Before Committing
NAT: Secure Routers Acting as NATs
vEdge Routers: Connect to the Console Port
vEdge Routers: Use the Poweroff Command
Viptela Devices: Site ID Naming Conventions
Viptela Devices: Using the System IP Address
vManage NMS: Disaster Recovery

Application Monitoring

vManage
vAnalytics
Ecosystem Partner Solutions

Troubleshooting Methods

Remote Access
Console Access
LAN Interfaces
WAN Interfaces
Control Connections

General Troubleshooting

Check Application-Aware Routing Traffic
Collect Device Data To Send to Customer Support
Monitor Alarms and Events
Monitor TCP Optimization
Ping a Viptela Device
Run a Traceroute
Simulate Flows
Troubleshoot Cellular Interfaces
Troubleshoot Device Bringup
Troubleshoot WiFi Connnections
Use Syslog Messages
Tunnel Health

Troubleshooting: Data Plane Issues

BFD Session Information
Cflowd Information
Data Policies
DPI Information
Symptom: Site Cannot Reach Applications in Datacenter
Symptom: vManage Showing vEdge or Interface Down
Symptom: Site-Wide Loss of Connectivity (Blackout)
Symptom: Poor Application Performance (Brownout)
Issue Severity Assessment

Troubleshooting: Routing Issues

BGP Information
Multicast Information
OMP Information
OSPF Information
PIM Information
Symptom: Some or All Routes Missing from vEdge Routing table
Symptom: Data Traffic Using Suboptimal Path
Symptom: Data Traffic Not Using All Transports

Application-Aware Routing

Application Performance with CloudExpress Service
Tunnel Latency Statistics
Tunnel Loss Statistics

Interface Troubleshooting

Reset an Interface
All Interfaces
ARP Table Entries
Cellular Interface Information
DHCP Server and Interface Information
Interface MTU Information
Management Interfaces
VRRP Information
WAN Interfaces

Network Operations

Check Alarms and Events
Check User Accounts and Permissions
Deploy the Viptela Overlay Network
Determine the Status of Network Sites
Control Connections
Data Connections
Network Performance with vAnalytics Platform
OMP Status

Security Certificate Troubleshooting

Generate a Certificate
Upload the vEdge Serial Number File
Certificate
CSR

Viptela Devices Maintenance

Decommission a vEdge Cloud Router
Determine the Status of a Network Device
Locate a Viptela Device
Migrate a Controller’s Virtual Machine Using vMotion
Reboot a Device
Remove a vEdge Router’s Serial Number from the vManage NMS
Replace a vEdge Router
Restore the vManage NMS
Set Up User Accounts to Access Viptela Devices
Validate or Invalidate a vEdge Router
Software Versions Installed on a Device
Status of a vBond Orchestrator
Status of a vEdge Router
Status of a vSmart Controller

Viptela Device Operation and Troubleshooting

Determine Changes to a Configuration Template
Determine Why a Device Rejects a Template
Alarm Severity Levels
Hardware Alarms
Checking Alarms and Notifications
LEDs
Additional Information
Restore a vEdge Router
Remove vEdge Router Components

Working With Viptela Support

Case Priority Levels and Response Times
Information for Opening Cases
Viptela Customer Support Portal
Other Ways to Contact Support

Labs:

Introduction to the Cisco SD-WAN
Add vEdge to vManage Inventory
Control-Plane Connectivity
Overlay Network
Zero-Touch Provisioning
vManage Templates
vManage Basic Policies
Application Aware Policies
Advanced Policies
Analytics
MultiTenant Mode and Tenants
Troubleshooting Methods
Troubleshooting Data Plane Issues
Troubleshooting Routing Issues
Best Practices

Course Overview

The Cisco SD-WAN Operation and Deployment(SDWFND) course provides a comprehensive overview of the Cisco® Software-Defined WAN (SD-WAN) solution and Cisco SD-WAN components such as vManage, vSmart and vBond.

You will learn how to deploy, manage, and operate a secure, programmable, and scalable SD-WAN fabric using IOS XE Cisco SD-WAN products. The course also covers how to configure, operate, and monitor overlay routing across the Cisco SD-WAN network. In addition, you will learn about data and control policies, and how to deploy Quality of Service (QoS) and Direct Internet Access (DIA) in the SD-WAN overlay network.

Course Objectives

After completing this course you should be able to:

Identify the various components and architecture of the Cisco SD-WAN solution.
Deploy WAN Edge routers.
Create templates to aide in the deployment and operation of the secure extensible network.
Configure and verify Cisco SW-WAN overlay routing.
Create simple policies to control traffic flow through the Cisco SD-WAN fabric.

Course Content

SD-WAN Solution Components

SD-WAN Solution Overview
SD-WAN Components
Managing SD-WAN Components

Secure Extensible Network Deployment

Secure Control Plane Operation
Secure Control Plane Deployment
Secure Data Plane Operation
Cloud Deployments and Redundancy

SD-WAN Configuration Management

Templates Overview
Feature Templates
Device Templates
Attaching Devices to Templates

SD-WAN Overlay Routing

Overlay Routing Overview
OMP Route Advertisements
OMP Route Redistribution and Network Segmentation
Configuring and Verifying Overlay Routing

SD-WAN Policies

Policy Overview and Framework
Smart Policy Operation and Construction
Forwarding and QoS Overview
Configuring and Monitoring QoS Forwarding

Labs

Lab 1: Manage and Monitor SD-WAN Components
Lab 2: Deploy and Verify SD-WAN vEdge Routers
Lab 3: Deploy SD-WAN Templates
Lab 4: SD-WAN Overlay Routing
Lab 5: SD-WAN Policies

Course Overview

This 3-day course covers Cisco Software-Defined WAN (SD-WAN) which is an overlay architecture that overcomes the biggest drawbacks of traditional WAN. Students will be able to describe Cisco SD-WAN options over any transport (MPLS, Broadband, LTE, VSAT, etc.), describe and discuss different designs along with deployment scenarios and decide what troubleshooting, management, policy control and application visibility elements to apply across the enterprise. This hands-on course covers the Cisco SD-WAN solution and contains extensive practices and design workshop to reinforce the knowledge learned.

Course Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

Describe how to deploy SD-WAN
Describe how SD-WAN orchestration works
Configure SD-WAN environment
Describe and deploy Zero-Touch Provisioning
Describe and deploy service insertion in SD-WAN
Describe and deploy Cloud On Ramp options
Describe and deploy SD-WAN Multitenancy
Describe Cisco SD-WAN vAnalytics uses and how it helps to improve the design or redesign process
Discuss and apply greenfield and brownfield design best practices in several environments and with different technologies
Describe Smart Licenses and their uses in SD-WAN

Course Content

Module 1: Cisco SD-WAN Solution Review

High-level Cisco SD-WAN Deployment models
Cisco SD-WAN high availability solution
Cisco SD-WAN Scalability
Cisco SD-WAN Solution Benefits

Module 2: Cisco SD-WAN Orchestration and Operations Essentials

Introduction
vManage NMS
vSmart Controller
vBond Orchestrator
Controller Resiliency Architecture
Overlay Management Protocol (OMP)
Cisco SD-WAN Circuit Aggregation Capabilities
Secure Connectivity in Cisco SD-WAN
Performance Tracking Mechanisms
Application Discovery
Dynamic Path Selection
Performance Based Routing
Dynamic Cloud Access
Control Plane value

Module 3: Zero Touch Provisioning

Overview
User Input Required for the ZTP Automatic
Authentication Process
Authentication between the vBond Orchestrator and an Edge Router
Authentication between the Edge Router and the vManage NMS
Authentication between the vSmart Controller and the vEdge Router

Module 4: Cloud on Ramp

Overview
Deployment modes and requirements
Cloud on Ramp configuration and monitoring

Module 5: Service Insertion

Overview
Service insertion configuration and monitoring
Deploying SD-WAN Firewall Zone Based Firewall
How to enable Zone Based Firewall
How to protect your network using Zones and Policies
Deploy ZBF through vManage GUI
Allowing Different VPn’s to have communication

Module 6: Multi-Tenancy

Multi-Tenant Mode
Creating Tenants
Adding Controller
Adding Vedges
RBAC

Module 7: Analytics and REST API

Dashboard
Data Analytics
vManage REST API
vAnalytics
Importance and uses of monitoring data
Benefits of Analytics in the design or redesign process

Module 8: Site Architecture and Deployment Models

Site Capabilities
Capacity Planning
Scalability and High Availability considerations
Application types and Topologies which support them
vEdge Router / ISR SD-WAN Features and Capabilities
vEdge form factors
Greenfield and Brownfield projects
Migration Considerations and Planning
Control Plane value in deployment models

Module 9: Use Cases

Guest Wi-Fi
Bandwidth Augmentation
CloudExpress
Cloud on Ramp for IaaS and SaaS
Critical Applications SLA
Regional Secure Perimeter
Direct Internet Access (DIA)
Solution Redundancy
IWAN with SD-WAN use cases
Meraki with Cisco SD-WAN Viptela use cases
Legacy technologies and SD-WAN
Traditional transport technologies with SD-WAN solution integration

Module 10: Designing Cisco SD-WAN

Design principles and Workflow
Cisco Validated Models
Zscaler Internet Access (ZIA) and Cisco SD-WAN Deployment Guide
SD-WAN: Cloud onRamp for SaaS Deployment Guide
Capacity and Capabilities
Deployment Scenarios
Advanced features and license support
Case Study analysis
Design documentation

Module 11: Appendix: Smart Licensing Support

Smart Licenses overview
Account creation
Account integration and synchronization with vManage
License Downloading and installing
ISR / SDWAN vEdge licensing options
Demo

Lab Outline:

Lab 1: Set the SD-WAN environment

Lab 2: Configure and Deploy Control-Plane and Data Plane Connectivity

Lab 3: Configure and Deploy an Overlay Network

Lab 4: Provision and Deploy vManage advanced Policies

Lab 5: Deploy Edge Router using ZTP

Lab 6: Deploy Cloud on Ramp

Lab 7: Deploy Service Insertion

Lab 8: Deploy Multi-Tenant vManage

Lab 9: Manage and Monitor vAnalytics

Lab 10: Design Workshop Part 1: Validated Models

Lab 11: Design Workshop Part 2: Deployment Scenarios

Lab 12: Design Workshop Part 3: Requirements and Proposals

Lab 13: Design Workshop Part 4: Device features and Placement on the Network

Lab 14: Design Workshop Part 5: Case Study Discussion

Lab 15: Smart Licensing Demo