Course Overview

This 5-day training course explores the capabilities of the Cisco Software Defined Access (SDA) solution. Students will learn how to implement SDA for different solution verticals. It also addresses the details of how to operate and troubleshoot the different capabilities of the underlying solution components.

Virtual Learning

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

Course Objectives

Upon completion of this course, the student should be able to meet these overall objectives:

• Articulate the value of Cisco SDA Use Cases including, for example: saving operational and management cost to maintain and support ever growing network infrastructure; central security policy to comply to regional or global regulatory requirements and enterprise security policy; deliver best-in-class services to end-users; leveraging networking insights and trends to optimize business process and workflows. Some real scenarios such as supporting multi-mode collaboration within shared workspaces in life sciences; accelerating the deployment of “pop-up” sites for emergency medical purposes; creating integrated building management solutions; zero-touch day 0 network turn-up of additional sites, rapid response to network threat and vulnerabilities, and similar.
• Describe the technical capabilities of Cisco DNA Center and how they are applied in SDA Use Cases. This includes the lifecycle stages of network device discovery, assigning network devices to sites, network design options, provisioning, software image management, building a fabric, segmentation design, assurance, application policy, etc.
• Set up an SDA environment, integrating Cisco Identity Services Engine (ISE) and other solution components as required.
• Apply troubleshooting methods, processes, tips to resolve implementation and maintenance issues of the following aspects of the technical solution:
  • Device Onboarding, including device discovery, Plug-and-Play and LAN Automation
  • Network design settings, including sites, AAA, SNMP, Syslog, IP address pools, image management, network profiles, and authentication templates
  • Policies for access control, applications and virtual networks
  • Provisioning, including template-based provisioning for day 0 and day N Operations
  • Network Segmentation, including the application of Cisco TrustSec security with Scalable Group Tags (SGTs) and Virtual Networks
  • Assurance to monitor network, endpoint, and applications to ensure best user Experience
  • Integration of ServiceNow for an integrated IT service management lifecycle
  • Integration of InfoBlox for integrated IPAM

Course Content

Module 1: Introduction to Cisco’s Software Defined Access (SD-Access)

• Understanding Cisco Intent-Based Networking
• Understanding Cisco SDA Use Cases customer’s benefits including business and technical outcomes and capabilities
• Cisco DNA Center Introduction
• SD-Access Overview
• SD-Access Benefits
• SD-Access Key Concepts
• SD-Access Main Components:
  • Fabric Control Plane Node
  • Fabric Border Node
  • Fabric Edge Node
  • Fabric Wireless LAN Controller and Fabric Enabled Access Points
• Cisco DNA Center Automation
• Cisco ISE (Policy)
• Cisco StealthWatch (Traffic Analysis)
• DNA Center Assurance

Module 2: Deployment and Initial setup for the Cisco DNA-Center

• Cisco DNA-Center Appliances
• Cisco DNA-Center Deployment Models
  • Single Node Deployment
  • Clustered Deployment
• Installation Procedure
• Initial Setup and Configuration
• GUI Navigation

Module 3: SDA – Design

• Network design options
• Sites
• Creating Enterprise and Sites Hierarchy
• Configuring General Network Settings
• Loading maps into the GUI
• IP Address Management
• Software Image Management
• Network Device Profiles
• AAA
• SNMP
• Syslog
• IP address pools
• Image management
• Creating Enterprise and Guest SSIDs
  • Creating the wireless RF Profile
  • Cresting the Guest Portal for the Guest SSIDs
• Network profiles
• Authentication templates

Module 4: SDA – Policy

• 2-level Hierarchy
  • Macro Level: Virtual Network (VN)
  • Micro Level: Scalable Group (SG)
• Policy
  • Policy in SD-Access
  • Access Policy: Authentication and Authorization
  • Access Control Policy
  • Application Policy
  • Extending Policy across domains
  • Preserving Group Metadata across Campus, WAN and DC
  • Enforcing policy in Firewall domains
  • Cross Domain Policies

Module 5: SDA – Provision

• Devices Onboarding
  • Lifecycle stages of network device discovery
  • Discovering Devices
  • Assigning Devices to a site
  • Provisioning device with profiles
  • Plug-and-Play
  • LAN Automation
• Templates
  • Templates for day 0
  • Templates for day N operations
• IP Transits
  • How to connect the Fabric Sites to the external network
  • Creating the IP Transit
  • Considerations for a SD-Access Border Node Design
  • BGP Hand-Off Between Border and Fusion
• Fabric Domains
  • Understanding Fabric Domains and Sites
  • Using Default LAN Fabric Domain
  • Creating Additional Fabric Domains and Sites
• Adding Nodes
  • Adding Fabric Edge Nodes
  • Adding Control Plane Nodes
  • Adding Border Nodes

Module 6: SDA – Assurance

• Overview of DNA Assurance
• Cisco DNA Center Assurance- Use Cases Examples
• Network Health & Device 360
• Client Health & Client 360
• Application Health & Application 360
• Cisco SD- Application Visibility Control (AVC) on DNA-Center
• Proactive troubleshooting using Sensors

Module 7: Cisco SD-Access Distributed Campus Design

• Introduction to Cisco SD-Access Distributed Campus Design – The Advantage?
• Fabric Domain vs Fabric Site
• SD-Access Transits:
  • IP-Based Transit
  • Cisco SD-Access Transit
  • Cisco SD-WAN Transit
• Deploying the Cisco Distributed Campus with SD-Access Transit
  • Site considerations
  • Internet connectivity considerations
  • Segmentation considerations
  • Role of a Cisco Transit Control Plane
• Cisco SD-Access Fabric in a Box
  • The need for FiaB
  • Deploying the FiaB

Module 8: Cisco SD-Access Brownfield Migration

• Cisco SD-Access Migration Tools and Strategies
• Two Basic Approaches:
  • Parallel Deployment Approach
  • Incremental Deployment Approach
• Integration with existing Cisco ISE in the network – Things to watch out for!
• Choosing the correct Fusion Device
  • Existing Core as Fusion
  • Firewall as Fusion
• When do you need the SD-Access Layer-2 Border?
  • L2 Border – Understanding the requirement
  • Designing and Configuring the L2 Border
  • L2 Border – Not a permanent solution

Module 9: Cisco DNA Center Automation- Use Cases Examples

• DAY0: Onboarding new devices using Zero Touch Deployment
• DAY1: Configurations using Templates
• DAYN: Security Advisories based on Machine Reasoning Engine
• DAYN: Simplified Software Management based on Golden Images
• DAYN: Defective Device Replacement – RMA

Module 10: 3rd Party Integrations

• ServiceNow
  • Integration
  • Management
• InfoBlox IPAM
  • Integration
  • Management

Module 11: Specific Use Cases

• Use Case: STACK LAN Automation
• Use Case: Silent Hosts
• Use Case: Wake on LAN
• Use Case: The need for L2 flooding
• Use Case: Multicast in the SD-Access Fabric

Module 12: Cisco SD-Access Multi-Domain Integrations

• Cisco SD-Access to ACI Integrations
  • Phase-1: Policy Plane Integration
  • Phase-2: Data Plane Integration
• Cisco SD-Access to Cisco SD-WAN Integrations
  • What is possible today? SD-WAN Transit setup.
  • Phase-1: The one box solution
  • Phase-2: The two box solution

Module 13: Troubleshooting

• Fabric
• Layer 3 forwarding
• Layer 2 forwarding
• Multicast Forwarding
• Security in the Fabric
• Troubleshooting Multi-Site Deployments

Course Overview

SDWSEC is a 3-day Cisco SD-WAN training targeted to engineers and technical personnel involved in designing, deploying, operating, and securing SD-WAN solutions both in enterprise and Service Provider environments. This training is specifically designed for partners and customers implementing secure Cisco SD-WAN integrated with the complete feature set of Cisco Umbrella including DNS Security, Cloud Based Firewall and Secure Internet Gateway. The course walks you through how each integration works and how to design and implement it step-by-step.

Virtual Learning

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

Course Objectives

After completing this course you should be able to:

• Describe SD-WAN Architecture
• Design Cisco SD-WAN Branch Security
• Implement Cisco SD-WAN Secure Internet and Cloud Access
• Integrate and Troubleshoot Cisco SD-WAN with a SASE Solution

Course Content

Module 1: Cisco SD-WAN Introduction

• High-level Cisco SD-WAN Deployment models
• Application-level SD-WAN solution
• Cisco SDWAN plan for HA and Scalability
• Cisco SD-WAN solution components: vManage NMS, vSmart Controller, vBond Orchestrator
• Edge Routers (cEdge, vEdge, and Catalyst 8K)
• Cloud Based Deployment vs On-Premises Deployment

Module 2: Zero Touch Provisioning

• Overview
• User Input Required for the ZTP Automatic Authentication Process
• Authentication between the vBond Orchestrator and WAN Edges
• Authentication between the Edge Routers and the vManage NMS
• Authentication between the vSmart Controller and the Edge Routers

Module 3: Cisco SD-WAN Solution

• Overlay Management Protocol (OMP)
• Cisco SDWAN Circuit Aggregation Capabilities
• Secure Connectivity in Cisco SD-WAN
• Performance Tracking Mechanisms
• Application Discovery
• Dynamic Path Selection
• Performance Based Routing
• Direct Internet Access
• Advanced Routing (OSPF, BGP, LISP, VXLAN, MPLS)
• Application Aware Routing
• Localized and Centralized Policies (Data and Control)
• Cisco SD-WAN In-built Security features: App Aware FW, Talos IPS, URL Filtering, Umbrella Integration, and Advanced Malware Protection.
• Dynamic Cloud Access: Cloud On-Ramp for SaaS and IaaS (AWS, Azure & GPC)
• API and Programmatic Interaction via Python

Module 4: Deeper Insight into Cisco SD-WAN Security   

• Designing Security Requirements within Cisco SD-WAN
• DIA Security
• Direct Cloud Access Security
• Guest User Security
• Compliance Requirements
• Security Implementation at the Branch Site
• Implementing Zone Based Firewalls on Cisco WAN Edge
• Implementing UTD on Cisco WAN Edge
• Configuring URL Filtering
• Configuring Snort IPS
• Best Practices for UTD setup (Based on production deployment experiences)
• Implementing Advanced Malware Protection
• Configuring AMP
• Overview of integration with Threat Grid

Module 5: Designing and Implementing DNS Security

• Pre-requisite check before integrating Umbrella with Cisco SD-WAN
• Making sure you have the correct licensing
• Platform support check
• Internet Connectivity check
• Walking through the Umbrella Dashboard
• Dashboard Overview
• DNS Policy GUI Overview
• Firewall Policy GUI Overview
• Web Policy GUI Overview
• Umbrella AD/SAML Integration Overview (optional)
• Integrating Cisco Umbrella for DNS Security
• Umbrella API Integration
• Configuring the DNS Encryption
• Excluding the local domains
• Configuring the Security Policy in vManage
• Implementing the policy at the DIA Sites
• Verification
• Checking the logs on Umbrella Dashboard
• Checking the vManage Security Dashboard

Module 6: Cisco SD-WAN and Cisco Umbrella SIG Integration

• SIG Integration Overview
• Configuring Cisco vManage Templates for SIG Tunnel Creation

               – Using the pre-configured Feature Templates in vManage 20.X

• Adding the SD-WAN Routers and Sites in Umbrella Identities

               – Validate that the routers show up from the Umbrella Dashboard

• Designing and Configuring Policy for SIG Redirection

               – Setting up the vSmart Centralized Policies for SIG Redirection on DIA Traffic

• Verification

               – Checking the logs on Umbrella Dashboard

               – Checking the vManage Security Dashboard

Module 7: Cisco SD-WAN and Cisco Umbrella Cloud Firewall Integration

• Umbrella Cloud Firewall Integration Overview
• Configuring Cisco vManage Templates for Firewall Tunnel Creation

               – Using the pre-configured Feature Templates in vManage 20.X

• Adding the SD-WAN Routers and Sites in Umbrella Identities

               – Validate that the routers show up from the Umbrella Dashboard

• Designing and Configuring Policy for Firewall Redirection

               – Setting up the vSmart Centralized Policies for Umbrella FW Redirection on DIA Traffic

• Verification

               – Checking the logs on Umbrella Dashboard

               – Checking the vManage Security Dashboard

Module 8: Troubleshooting Umbrella Integration

• Troubleshooting DNS Security

               – API Integration not working

               – DNS for local domain failing

               – No redirection to Cisco Umbrella for external domains

• Troubleshooting SIG and Firewall

               – Making sure the IPSec Tunnels to Umbrella are operational

               – Troubleshooting the vManage policies for redirection

               – Load balancing using vManage policies

               – Reviewing logs in Umbrella

• Checking Alarms and Notifications

               – Checking Alarms on vManage

               – Checking Alarms on Cisco Umbrella

Course Overview

SD-WAN: Advanced Operations & Troubleshooting Bootcamp focuses on the Cisco Software-Defined WAN (SD-WAN) solution. It is an overlay architecture that overcomes the biggest drawbacks of a traditional WAN. Students will be able to operate a Cisco SD-WAN over any transport (MPLS, Broadband, LTE, VSAT etc.) and provide troubleshooting, management, policy control and application visibility across the enterprise. This hands-on Course covers the Cisco SD-WAN product and contains extensive labs to reinforce the knowledge learned.

Virtual Learning

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

Course Objectives

After completing this course you should be able to :

• Describe how to deploy SD-WAN
• Configure a SD-WAN environment
• Deploy Zero-Touch provisioning
• Implement SD-WAN security
• Configure SD-WAN policies
• Operate SD-WAN devices and software
• Troubleshoot a SD-WAN environment

Course Content

Cisco SD-WAN Introduction

• High-level Cisco SD-WAN Deployment models
• Application level SD-WAN solution
• Cisco SDWAN high availability solution
• Cisco SD-WAN Scalability
• Cisco SD-WAN Solution Benefits

Cisco SD-WAN Orchestration

• Introduction
• vManage NMS
• vSmart Controller
• vBond Orchestrator
• Controller Resiliency Architecture

Site Architecture and Deployment Models

• Site Capabilities
• vEdge Router
• vEdge form factors

Zero Touch Provisioning

• Overview
• User Input Required for the ZTP Automatic Authentication Process
• Authentication between the vBond Orchestrator and a vEdge Router
• Authentication between the vEdge Router and the vManage NMS
• Authentication between the vSmart Controller and the vEdge Router

Cisco SD-WAN Solution

• Overlay Management Protocol (OMP)
• Cisco SDWAN Circuit Aggregation Capabilities
• Secure Connectivity in Cisco SD-WAN
• Performance Tracking Mechanisms
• Application Discovery
• Dynamic Path Selection
• Performance Based Routing
• Dynamic Cloud Access

Operations Best Practices

• Config: Test Configuration Changes Before Committing
• NAT: Secure Routers Acting as NATs
• vEdge Routers: Connect to the Console Port
• vEdge Routers: Use the Poweroff Command
• Viptela Devices: Site ID Naming Conventions
• Viptela Devices: Using the System IP Address
• vManage NMS: Disaster Recovery

Application Monitoring

• vManage
• vAnalytics
• Ecosystem Partner Solutions

Troubleshooting Methods

• Remote Access
• Console Access
• LAN Interfaces
• WAN Interfaces
• Control Connections

General Troubleshooting

• Check Application-Aware Routing Traffic
• Collect Device Data To Send to Customer Support
• Monitor Alarms and Events
• Monitor TCP Optimization
• Ping a Viptela Device
• Run a Traceroute
• Simulate Flows
• Troubleshoot Cellular Interfaces
• Troubleshoot Device Bringup
• Troubleshoot WiFi Connnections
• Use Syslog Messages
• Tunnel Health

Troubleshooting: Data Plane Issues

• BFD Session Information
• Cflowd Information
• Data Policies
• DPI Information
• Symptom: Site Cannot Reach Applications in Datacenter
• Symptom: vManage Showing vEdge or Interface Down
• Symptom: Site-Wide Loss of Connectivity (Blackout)
• Symptom: Poor Application Performance (Brownout)
• Issue Severity Assessment

Troubleshooting: Routing Issues

• BGP Information
• Multicast Information
• OMP Information
• OSPF Information
• PIM Information
• Symptom: Some or All Routes Missing from vEdge Routing table
• Symptom: Data Traffic Using Suboptimal Path
• Symptom: Data Traffic Not Using All Transports

Application-Aware Routing

• Application Performance with CloudExpress Service
• Tunnel Latency Statistics
• Tunnel Loss Statistics

Interface Troubleshooting

• Reset an Interface
• All Interfaces
• ARP Table Entries
• Cellular Interface Information
• DHCP Server and Interface Information
• Interface MTU Information
• Management Interfaces
• VRRP Information
• WAN Interfaces

Network Operations

• Check Alarms and Events
• Check User Accounts and Permissions
• Deploy the Viptela Overlay Network
• Determine the Status of Network Sites
• Control Connections
• Data Connections
• Network Performance with vAnalytics Platform
• OMP Status

Security Certificate Troubleshooting

• Generate a Certificate
• Upload the vEdge Serial Number File
• Certificate
• CSR

Viptela Devices Maintenance

• Decommission a vEdge Cloud Router
• Determine the Status of a Network Device
• Locate a Viptela Device
• Migrate a Controller’s Virtual Machine Using vMotion
• Reboot a Device
• Remove a vEdge Router’s Serial Number from the vManage NMS
• Replace a vEdge Router
• Restore the vManage NMS
• Set Up User Accounts to Access Viptela Devices
• Validate or Invalidate a vEdge Router
• Software Versions Installed on a Device
• Status of a vBond Orchestrator
• Status of a vEdge Router
• Status of a vSmart Controller

Viptela Device Operation and Troubleshooting

• Determine Changes to a Configuration Template
• Determine Why a Device Rejects a Template
• Alarm Severity Levels
• Hardware Alarms
• Checking Alarms and Notifications
• LEDs
• Additional Information
• Restore a vEdge Router
• Remove vEdge Router Components

Working With Viptela Support

• Case Priority Levels and Response Times
• Information for Opening Cases
• Viptela Customer Support Portal
• Other Ways to Contact Support

Labs:

• Introduction to the Cisco SD-WAN
• Add vEdge to vManage Inventory
• Control-Plane Connectivity
• Overlay Network
• Zero-Touch Provisioning
• vManage Templates
• vManage Basic Policies
• Application Aware Policies
• Advanced Policies
• Analytics
• MultiTenant Mode and Tenants
• Troubleshooting Methods
• Troubleshooting Data Plane Issues
• Troubleshooting Routing Issues
• Best Practices

Course Overview

The Cisco SD-WAN Operation and Deployment(SDWFND) course provides a comprehensive overview of the Cisco® Software-Defined WAN (SD-WAN) solution and Cisco SD-WAN components such as vManage, vSmart and vBond.

You will learn how to deploy, manage, and operate a secure, programmable, and scalable SD-WAN fabric using IOS XE Cisco SD-WAN products. The course also covers how to configure, operate, and monitor overlay routing across the Cisco SD-WAN network. In addition, you will learn about data and control policies, and how to deploy Quality of Service (QoS) and Direct Internet Access (DIA) in the SD-WAN overlay network.

Course Objectives

After completing this course you should be able to:

• Identify the various components and architecture of the Cisco SD-WAN solution.
• Deploy WAN Edge routers.
• Create templates to aide in the deployment and operation of the secure extensible network.
• Configure and verify Cisco SW-WAN overlay routing.
• Create simple policies to control traffic flow through the Cisco SD-WAN fabric.

Course Content

SD-WAN Solution Components

• SD-WAN Solution Overview
• SD-WAN Components
• Managing SD-WAN Components

Secure Extensible Network Deployment

• Secure Control Plane Operation
• Secure Control Plane Deployment
• Secure Data Plane Operation
• Cloud Deployments and Redundancy

SD-WAN Configuration Management

• Templates Overview
• Feature Templates
• Device Templates
• Attaching Devices to Templates

SD-WAN Overlay Routing

• Overlay Routing Overview
• OMP Route Advertisements
• OMP Route Redistribution and Network Segmentation
• Configuring and Verifying Overlay Routing

SD-WAN Policies

• Policy Overview and Framework
• Smart Policy Operation and Construction
• Forwarding and QoS Overview
• Configuring and Monitoring QoS Forwarding

Labs

• Lab 1: Manage and Monitor SD-WAN Components
• Lab 2: Deploy and Verify SD-WAN vEdge Routers
• Lab 3: Deploy SD-WAN Templates
• Lab 4: SD-WAN Overlay Routing
• Lab 5: SD-WAN Policies

Course Overview

This 3-day course covers Cisco Software-Defined WAN (SD-WAN) which is an overlay architecture that overcomes the biggest drawbacks of traditional WAN. Students will be able to describe Cisco SD-WAN options over any transport (MPLS, Broadband, LTE, VSAT, etc.), describe and discuss different designs along with deployment scenarios and decide what troubleshooting, management, policy control and application visibility elements to apply across the enterprise. This hands-on course covers the Cisco SD-WAN solution and contains extensive practices and design workshop to reinforce the knowledge learned.

Course Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

• Describe how to deploy SD-WAN
• Describe how SD-WAN orchestration works
• Configure SD-WAN environment
• Describe and deploy Zero-Touch Provisioning
• Describe and deploy service insertion in SD-WAN
• Describe and deploy Cloud On Ramp options
• Describe and deploy SD-WAN Multitenancy
• Describe Cisco SD-WAN vAnalytics uses and how it helps to improve the design or redesign process
• Discuss and apply greenfield and brownfield design best practices in several environments and with different technologies
• Describe Smart Licenses and their uses in SD-WAN

Course Content

Module 1: Cisco SD-WAN Solution Review

• High-level Cisco SD-WAN Deployment models
• Cisco SD-WAN high availability solution
• Cisco SD-WAN Scalability
• Cisco SD-WAN Solution Benefits

Module 2: Cisco SD-WAN Orchestration and Operations Essentials

• Introduction
• vManage NMS
• vSmart Controller
• vBond Orchestrator
• Controller Resiliency Architecture
• Overlay Management Protocol (OMP)
• Cisco SD-WAN Circuit Aggregation Capabilities
• Secure Connectivity in Cisco SD-WAN
• Performance Tracking Mechanisms
• Application Discovery
• Dynamic Path Selection
• Performance Based Routing
• Dynamic Cloud Access
• Control Plane value

Module 3: Zero Touch Provisioning

• Overview
• User Input Required for the ZTP Automatic
• Authentication Process
• Authentication between the vBond Orchestrator and an Edge Router
• Authentication between the Edge Router and the vManage NMS
• Authentication between the vSmart Controller and the vEdge Router

Module 4: Cloud on Ramp

• Overview
• Deployment modes and requirements
• Cloud on Ramp configuration and monitoring

Module 5: Service Insertion

• Overview
• Service insertion configuration and monitoring
• Deploying SD-WAN Firewall Zone Based Firewall
• How to enable Zone Based Firewall
• How to protect your network using Zones and Policies
• Deploy ZBF through vManage GUI
• Allowing Different VPn’s to have communication

Module 6: Multi-Tenancy

• Multi-Tenant Mode
• Creating Tenants
• Adding Controller
• Adding Vedges
• RBAC

Module 7: Analytics and REST API

• Dashboard
• Data Analytics
• vManage REST API
• vAnalytics
• Importance and uses of monitoring data
• Benefits of Analytics in the design or redesign process

Module 8: Site Architecture and Deployment Models

• Site Capabilities
• Capacity Planning
• Scalability and High Availability considerations
• Application types and Topologies which support them
• vEdge Router / ISR SD-WAN Features and Capabilities
• vEdge form factors
• Greenfield and Brownfield projects
• Migration Considerations and Planning
• Control Plane value in deployment models

Module 9: Use Cases

• Guest Wi-Fi
• Bandwidth Augmentation
• CloudExpress
• Cloud on Ramp for IaaS and SaaS
• Critical Applications SLA
• Regional Secure Perimeter
• Direct Internet Access (DIA)
• Solution Redundancy
• IWAN with SD-WAN use cases
• Meraki with Cisco SD-WAN Viptela use cases
• Legacy technologies and SD-WAN
• Traditional transport technologies with SD-WAN solution integration

Module 10: Designing Cisco SD-WAN

• Design principles and Workflow
• Cisco Validated Models
• Zscaler Internet Access (ZIA) and Cisco SD-WAN Deployment Guide
• SD-WAN: Cloud onRamp for SaaS Deployment Guide
• Capacity and Capabilities
• Deployment Scenarios
• Advanced features and license support
• Case Study analysis
• Design documentation

Module 11: Appendix: Smart Licensing Support

• Smart Licenses overview
• Account creation
• Account integration and synchronization with vManage
• License Downloading and installing
• ISR / SDWAN vEdge licensing options
• Demo

Lab Outline:

Lab 1: Set the SD-WAN environment

Lab 2: Configure and Deploy Control-Plane and Data Plane Connectivity

Lab 3: Configure and Deploy an Overlay Network

Lab 4: Provision and Deploy vManage advanced Policies

Lab 5: Deploy Edge Router using ZTP

Lab 6: Deploy Cloud on Ramp

Lab 7: Deploy Service Insertion

Lab 8: Deploy Multi-Tenant vManage

Lab 9: Manage and Monitor vAnalytics

Lab 10: Design Workshop Part 1: Validated Models

Lab 11: Design Workshop Part 2: Deployment Scenarios

Lab 12: Design Workshop Part 3: Requirements and Proposals

Lab 13: Design Workshop Part 4: Device features and Placement on the Network

Lab 14: Design Workshop Part 5: Case Study Discussion

Lab 15: Smart Licensing Demo

Course Overview

The Cisco Optical Technology Intermediate (OPT200) training course teaches the skills necessary to deploy Cisco Optical Networking System (ONS) 15454 Multiservice Transport Platform (MSTP)and Cisco Network Convergence System (NCS) 2000 Series networks from installation to protection.

The Cisco Optical Technology Intermediate (OPT200) v3.0 course is designed to teach you the skills necessary to deploy the Cisco® Optical Networking System (ONS), 15454 Multiservice Transport Platform (MSTP), and Cisco Network Convergence System (NCS) 2000 Series Dense Wavelength-Division Multiplexing (DWDM) networks from installation to protection. Through a combination of lecture and hands-on experience, you will learn installation, configuration, circuit protection, maintenance, and basic troubleshooting using the Cisco Transport Controller for the Cisco ONS 15454 M6 and M12 shelves, and for the Cisco NCS 2016 shelf.

Additionally, in this course you will review DWDM terminology and components, explore available chassis and cards, and discuss hardware installation. You will learn to use the Cisco Transport Controller server software to connect to the nodes, perform network turn-up and circuit creation, and deploy linear and single-module ROADM (SMR) DWDM multishelf topologies. Using this software, you will also configure Raman amplifiers and Any Rate cards, and configure protected and unprotected circuits. The course covers a variety of card options: controllers, transponders, multiplexer-demultiplexer, add/drop, Raman amplifiers, and Cisco Any Rate muxponder cards. You will use the various cards to configure terminal, amplifier, mesh, split, Optical Service Channel (OSC) regenerator, and Reconfigurable Optical Add/Drop Multiplexing (ROADM) nodes. Finally, you will learn how to use many of the tools and features available with the Cisco Transport Controller to perform maintenance, testing, and basic troubleshooting of your optical network.

Course Objectives

This course will help you:

• Deploy, maintain, test, and troubleshoot your optical network
• Explain Cisco DWDM platform basics, DWDM network topologies, and the Cisco DWDM network management software
• Expand and deepen your knowledge of optical networks and their maintenance
• Identify the uses of the Cisco Transport Controller
• Describe and utilize various optical network technologies

After taking this course, you should be able to:

• Describe Cisco DWDM platform basics
• Describe DWDM network topologies
• Describe the management software used for managing Cisco DWDM networks
• List the different hardware components of the Cisco ONS and Cisco NCS DWDM systems
• Provision nodes and circuits in a Cisco DWDM network
• Perform node and multishelf configurations
• Implement SMR-based rings
• Provision optical circuit protection mechanisms
• Configure Any Rate cards
• Describe the function of Raman amplifiers
• Perform basic maintenance and troubleshooting of a Cisco DWDM network

Course Content

Course

• DWDM Optical Platform Foundation
• Chassis and Cards
• Hardware Installation
• Node Turn-Up and Circuit Creation
• Node and Multishelf Configurations
• SMR-Based Rings
• 10Gb Circuit Protection
• Any Rate Card Configuration
• Raman Amplifiers
• Maintenance and Basic Troubleshooting

Lab outline

• System Setup and Login
• Node Turn-Up
• Creating Direct Circuits (Optical Channel Network Connection [OCHNC])
• Creating Transponder Optical Client Circuits (Optical Channel Client Connection [OCHCC])
• Configuring an Amplified SMR Ring with Direct Circuits
• Installing 10Gb Transponder Cards with Y-Cable Protection
• Configuring Protection Switch Module (PSM) and Optical Transport Unit-2 (OTU-2) 10Gb Protection
• Configuring Any Rate Cards
• Configuring a Linear Topology with Raman Amplifiers
• Maintenance and Performance Monitoring
• MSTP Troubleshooting

Course Overview

The Cisco® NCS 2000 Deploying 96-Channel Flex Spectrum course v3.0 is an instructor-led, lab-based, hands-on course offered by Cisco Learning Services. It covers how to plan, configure, and control optical networks using the Cisco Network Convergence System (NCS) 2000 Series Flex Spectrum platform.

In this course, you will design Flex Spectrum networks with multidegree reconfigurable optical add-drop multiplexer (ROADM) multishelf nodes using the Cisco Transport Planner software, learn how to install and turn up the hardware, and use the Transport Planner output to configure an optical network and circuits using the Cisco Transport Controller software. You will learn which components and configurations take advantage of and/or are required for the Flex Spectrum 96-channel feature. Then you will learn how to configure more advanced networks with the colorless, contentionless, and omnidirectional features, and to configure mesh nodes with multifiber pushon (MPO) cross-connects. Finally, you will learn how to use the many tools and features available with Transport Controller to perform maintenance, testing, and basic troubleshooting of your optical network.

Course Objectives

Once you have completed the course you will be familiar with:

• Hardware and components required and used with the Flex Spectrum feature
• Designing optical networks in the Cisco Transport Planner software
• Installing the hardware, including multishelf nodes
• Performing node turn-up and create circuits using the Cisco Transport Controller software
• Configuring optical networks with multidegree ROADM multishelf nodes
• Configuring optical networks with colorless, contentionless, omnidirectional, and MPO cross-connect advanced features
• The features and documentation with Transport Controller to perform maintenance, testing, and basic troubleshooting

Course Content

Module 1: DWDM and Flex Spectrum Foundation

• Introducing DWDM Terminology and Components
• What Is DWDM? ◦ DWDM Shelf Common Components
• Multishelf Node Basics ◦ Exploring Flex Spectrum Features
• What Is Flex Spectrum?
• Additional Flex Spectrum Features Introducing Network Topologies and Nodes
• DWDM Topologies
• Five Common 96-Channel Node Types
• Introducing the Management Software and Documentation
• Software for Design, O&M, and Network Management
• NCS 2000 Series Documentation

Module 2: NCS 2000 Chassis and Cards

• Investigating the NCS 2000 Series Chassis and Common Equipment
• NCS 2000 Series Shelves for Flex Spectrum
• Common Equipment
• Investigating NCS 2000 Series Cards
• NCS 2000 Series Flex Spectrum Nodes and Cards
• Controller Cards ◦ Transponder, Muxponder, and Crossponder Cards
• Add/Drop (Multiplexer/Demultiplexer) Cards
• Amplifier Cards ◦ Miscellaneous Cards
• Passive Auxiliary Modules
• Flex Spectrum Chassis and Card Summary

Module 3: Design ROADM Networks with Transport Planner

• Getting Started with Transport Planner
• Transport Planner Fundamentals
• Perform Price Updates Before Network Design
• Network Design’s Five Main Steps
• Using Site Connection View
• Designing a 2-Degree ROADM Network
• ROADM Node Basics
• Designing the ROADM Network
• Examining the Connections

Module 4: Hardware Installation and Multishelf

• Installing NCS 2000 Series Hardware
• Equipment to Rack-Mount
• NCS 2015 and NCS 2006 Basic Installation Steps
• NCS 2002 Basic Installation Steps Configuring Multishelf Networks
• Multishelf Configuration Notes
• Provisioning 2015 Multishelf
• Provisioning 2006 Multishelf

Module 5: Node Turn-Up and Circuit Creation

• Performing Node Turn-Up in Transport Controller
• Four Phases of Multiservice Transport Platform (MSTP) Network Building
• Node Turn-Up Steps
• Creating Optical Channel Network Connection (OCHNC) Circuits
• OCHNC Basics and Prerequisites
• Create an OCHNC in a Wavelength Switched Optical Network (WSON)
• Post-Creation Verification
• Creating an Optical Channel Client Connection (OCHCC) Circuit
• OCHCC Creation Prerequisites
• OCHCC Circuit Results
• Install and Provision 10G Transponder Card
• Create Internal Connections/Patchcords
• Create an OCHCC Circuit

Module 6: Advanced Feature Networks and Circuits

• Creating Colorless and Contentionless Add/Drop Networks
• Colorless Port Basics
• Contentionless Port Basics
• Creating Colorless Demands
• Complex Colorless Designs
• Creating a Colorless OCHCC
• Creating Omnidirectional and Contentionless Add/Drop Networks
• Omnidirectional Add/Drop Basics
• Omnidirectional 4-, 8-, and 12-Degree Mesh
• 4-, 8-, and 12-Degree Omnidirectional and Colorless
• Contentionless Add/Drop
• Creating Mesh Nodes with MPO Cross-Connects
• Create a Mesh Node
• Create an 8-Degree Node
• Building Blocks for Mesh Nodes Verifying Installed Cabling Connections for 20-SMR-FS-CV Cards
• Connections Verification (CV) Feature
• Initial Setup for CV
• Install a Test Passive Unit
• Monitor a Loss Verification Test
• Power Levels in MF Modules

Module 7: Testing, Maintenance, and Basic Troubleshooting

• Testing Optical Time Domain Reflectometers (OTDRs)
• OTDR Fundamentals
• Running OTDR
• Maintaining the Network, Shelf, and Cards
• Network Maintenance Features
• Node Maintenance Features
• Shelf Maintenance Features
• Card Maintenance and Performance Features
• Performing Basic Troubleshooting
• Troubleshooting Guide Layout
• Hierarchy of Alarms
• Using Functional View

Lab Outline

• Lab 1: Cisco Transport Controller
• Lab 2: Cisco Transport Planner
• Lab 3: Node Turn-Up
• Lab 4: OCHNC Circuits
• Lab 5: OCHCC Circuits
• Lab 6: Colorless Ports and Circuits
• Lab 7: Contentionless Circuits
• Lab 8: Connection Verification
• Lab 9: OTDR Testing
• Lab 10: Maintenance and Performance Monitoring
• Lab 11: NCS 2000 Troubleshooting

Course Overview

The Cisco IOS XR Broadband Network Gateway Implementation and Verification course teaches you how to successfully deploy, configure, operate, maintain, and support a Cisco IOS XR Broadband Network Gateway (BNG) solution. This course will show you how to implement and verify BNG on a Cisco IOS XR device to manage subscriber access. You will learn how to implement and verify subscriber management functions, including authentication, authorization, accounting of subscriber sessions, address assignment, security, policy management and Quality of Service (QoS).

Course Objectives

After completing this course you should be able to:

• Describe the architecture and function of the Cisco IOS XR Broadband Network Gateway
• Configure and verify Authentication, Authorization, and Accounting (AAA) in a Broadband Network Gateway deployment
• Define policies to control subscriber traffic
• Establish and verify subscriber sessions
• Prioritize subscriber traffic using QoS
• Implement subscriber features
• Deploy redundancy for subscriber sessions

Course Content

Broadband Network Gateway Overview

• BNG Architecture
• BNG Software and Hardware Requirements

Configuring and Verifying Authentication, Authorization, and Accounting

• AAA Overview and Operation
• RADIUS Operation and Configuration
• DIAMETER Operation and Configuration

Activating Control Policy

• Control Policy Overview
• Creating and Activating Class Maps and Policy Maps
• Defining Dynamic Templates

Establishing Subscriber Sessions

• Subscriber Session Overview
• Establishing IPoE and PPPoE Sessions
• DHCP Operation
• Subscriber Interface Neighbor Discovery
• Static Session and Session Limits
• BGP Subscriber Support

Deploying Quality of Service

• Quality of Service Overview and QoS Feature Support
• RADIUS Based Policing
• Share Policy Instances and Merged Policy-Maps

Configuring Subscriber Features

• Managing Control Plane Traffic
• Controlling Packet Forwarding
• Providing Multicast Services
• Routing and Traffic Mirroring on Subscriber Sessions

BNG Geo Redundancy and XML Support

• Geo Redundancy Overview and Deployment Models
• Configuring and Verifying Geo Redundancy
• XML Support

Labs

• Lab 1: Configuring and Verifying Authentication, Authorization, and Accounting
• Lab 2: Activating Control Policy
• Lab 3: Establishing Subscriber Sessions
• Lab 4: Configuring QoS
• Lab 5: Configuring Subscriber Features
• Lab 6: Configuring BNG Geo Redundancy

Course Overview

The Cisco Aggregation Services Router 9000 Series Essentials course introduces you to the features and functions of the Cisco Aggregation Services Router (ASR) 9000 Series platforms. Through a combination of lecture and hands-on labs, you will gain an understanding of all major aspects of the platform, including hardware, Layer 2 and Layer 3 services, routing protocols including Segment Routing, Layer 2 and Layer 3 multicast, Quality of Service (QoS) features, and network virtualization. The course investigates Cisco Internetworking Operating System (IOS) XR 64-Bit Linux-based feature parity in the environment, as well as how to install Cisco IOS® XR 64-Bit software packages.

Course Objectives

After you complete this course you will be able to:

• List and describe the major features and benefits of a Cisco ASR 9000 Series router
• List and describe the major features and benefits of the Cisco 64-Bit IOS XR operating system
• Understand data flow through the Cisco ASR 9000 Series router
• Configure Cisco ASR 9000, back out of configuration changes, and restore older versions of the configuration
• Install the Cisco IOS XR 64-Bit Software operating system, package information envelopes and software maintenance updates
• Enable multicast routing on a Cisco ASR 9900 Series router
• Configure Layer 3 VPN services
• Configure Ethernet link bundles
• Configure local Ethernet Line (E-Line) Layer 2 VPN (L2VPN)
• Configure Ethernet over Multiprotocol Label Switching (EoMPLS) E-Line L2VPN
• Configure EoMPLS with pseudowire backup
• Configure local Ethernet LAN(E-LAN) L2VPN
• Describe Virtual Private LAN Service (VPLS) L2VPN
• Describe VPLS with Border Gateway Protocol (BGP) autodiscovery
• Configure service-based Connectivity Fault Management (CFM)
• Configure Layer 2 multicast features
• Describe basic QoS implementation
• Describe how to configure and verify network Virtualization (nV) on the ASR 9000 series

Course Content

Cisco ASR 9000 Series Hardware

• Examining the Cisco ASR 9000 Series Chassis
• Examining the Cisco ASR 9000 Series Architecture
• Examining the Route Switch Processor/ Route Processor (RSP/RP) Functions and Fabric Architecture
• Examining the Cisco ASR 9000 Series Line Card
• Examining the Cisco ASR 9000 Power Subsystems

Cisco IOS XR 64-Bit Software Architecture and Linux Fundamentals

• Cisco IOS XR 64-Bit Software Fundamentals
• Cisco ASR 9000 IOS XR 64-Bit vs. 32-Bit
• Exploring Linux Fundamentals

Cisco IOS XR 64-Bit Software Installation

• Examining Resource Allocations and Media Mappings
• Migrating to Cisco IOS XR 64-Bit Software
• Performing Disaster Recovery
• Installing Software Packages

Cisco IOS XR 64-Bit Software Configuration Basics

• Configuring Cisco IOS XR 64-Bit Basic Operations
• Cisco IOS XR 64-Bit Initial Configuration
• Reviewing the Configuration

Cisco IOS XR 64-Bit Software Routing Protocols

• Exploring Intermediate System to Intermediate System (IS-IS)
• Exploring OSPF
• Exploring BGP
• Exploring Routing Protocol for LLN

Multicast Routing

• Exploring Multicast Routing
• Exploring Protocol Independent Multicast (PIM)

Cisco Multiprotocol Label Switching

• Examining the MPLS Forwarding Infrastructure
• Implementing the MPLS Label Distribution Protocol (LDP)

Cisco IOS XR 64-Bit Segment Routing

• Segment Routing Concepts
• Interior Gateway Protocol Segment Routing (IGP SR) Control Plane Overview
• Prefix and Adjacency Segment IDs (SIDs)
• SR IS-IS Multi-Level and OSPF Multi-Area
• IS-IS SR Configuration and Verification
• OSPF SR Configuration and Verification

Layer 3 VPNs

• Examining L3VPNs
• Exploring L3VPN Control and Data Flow
• Configuring L3VPNs
• Verifying the L3VPN Operation

Cisco ASR 9000 Layer 2 Architecture

• Examining Carrier Ethernet and Flexible Ethernet Edge
• Comparing Layer 2 and Layer 3 VPNs
• Examining the ASR 9000 Layer 2 Infrastructure and Ethernet Flow Points (EFPs)
• Layers 2 and 3 Coexistence and VLAN Tag Manipulation
• Exploring the Layer 2 Network Infrastructure

Point-to-Point Layer 2 Services

• Point-to-Point Alternating Current-Alternating Current (AC-AC) and Attachment Circuit Redundancy
• Point-to-Point AC-Pseudowire (PW) Cross-Connect
• Examining Pseudowire Redundancy and Resiliency

Layer 2 Multicast

• Examining the Cisco ASR 9000 Series Multicast
• Implementing Multicast

Quality of Service

• QoS Basics and the Modular QoS CLI (MQC) Mode
• Layer 2 QoS Example

Labs:

• Lab 1: ASR 9904 Hardware Discovery Lab
• Lab 2: Device Discovery and Initial Configuration
• Lab 3: Installing Cisco IOS XR 64-Bit Software
• Lab 4: Cisco IOS XR 64-Bit Software Operations
• Lab 5: Configuring IS-IS Routing
• Lab 6: Configuring OSPF Routing
• Lab 7: Configuring Internal BGP (iBGP) Routing
• Lab 8: IPv4 Multicast Configuration
• Lab 9: Configuring Multiprotocol Label Switching
• Lab 10: Configuring and Verifying IGP Segment Routing
• Lab 11: Configuring Layer 3 Virtual Private Network
• Lab 12: Local E-Line Service
• Lab 13: EoMPLS Service

Course Overview

This two-day course is designed to provide detailed coverage of VLAN operations, Multiple Spanning Tree Protocol (MSTP) and VLAN Spanning Tree Protocol (VSTP), authentication and access control for Layer 2 networks, IP telephony features, class of service (CoS) and monitoring and troubleshooting tools and features supported on the EX Series Ethernet Switches. 

Through demonstrations and hands-on labs, students will gain experience in configuring and monitoring the Junos operating system (OS) and in monitoring device and protocol operations. 

This course uses Juniper Networks EX 4300 Series Ethernet switches for the hands-on component, but the lab environment does not preclude the course from being applicable to other Juniper hardware platforms running the Junos OS. 

This course is based on Junos OS Release 21.4R1.12. 

Course Objectives

Restrict traffic flow within a VLAN. 

• Manage dynamic VLAN registration. 

• Tunnel Layer 2 traffic through Ethernet networks. 

• Review the purpose and operations of a spanning tree. 

• Implement multiple spanning-tree instances in a network. 

• Implement one or more spanning-tree instances for a VLAN. 

• List the benefits of implementing end-user authentication. 

• Explain the operations of various access control features. 

• Configure and monitor various access control features. 

• Describe processing considerations when multiple authentication and access control features are enabled. 

• Describe some common IP telephony deployment scenarios. 

• Describe features that facilitate IP telephony deployments. 

• Configure and monitor features used in IP telephony deployments. 

• Explain the purpose and basic operations of CoS. 

• Describe CoS features used in Layer 2 networks. 

• Configure and monitor CoS in a Layer 2 network. 

• Describe a basic troubleshooting method. 

• List common issues that disrupt network operations. 

• Identify tools used in network troubleshooting. 

• Use available tools to resolve network issues.

Course Content

Day 1

Course Introduction 

VLAN Traffic Management 

• Assign user traffic to VLANs

• Explain how to restrict traffic flows within a VLAN 

Advanced Ethernet Switching 

• Configure dynamic VLAN registration using MVRP 

• Implement Layer 2 tunnel traffic through Ethernet networks 

Lab 1: Advanced Ethernet Switching

MSTP 

• Describe a spanning tree’s purpose and operations 

• Implement multiple spanning tree instances in a network 

• Overview of Authentication Processing 

VSTP 

• Describe spanning tree instances for a VLAN 

• Implement spanning tree instances for a VLAN 

Lab 2: Advanced Spanning Tree 

Authentication and Access Control 

• List the benefits of implementing end-user authentication 

• Describe the operations of 802.1X access control features 

Access Control Features—MAC RADIUS and Captive Portal 

• Configure and monitor MAC radius access control features 

• Configure and monitor captive portal access control features 

• Describe processing considerations when multiple authentication and access control features are enabled 

Lab 3: Authentication and Access Control

Day 2

IP Telephony Features—Power over Ethernet, Neighbor Discovery using LLDP 

• Describe some common IP telephony deployment scenarios 

• Explain power over Ethernet feature of IP telephony 

• Describe neighbor discovery feature of IP telephony 

IP Telephony Features—Voice LAN 

• Describe voice VLAN feature of IP telephony 

• Implement the IP telephony features 

Lab 4: Deploying IP Telephony Features

Class of Service Overview 

• Configure and monitor class of service in a Layer 2 network 

• Perform class of service troubleshooting 

Implement Class of Service 

• Configure and monitor class of service in a Layer 2 network 

• Perform class of service troubleshooting 

Lab 5: Class of Service 

Introduction to Monitoring and Troubleshooting Layer 2 Enterprise Networks 

• Explain basic troubleshooting flow 

• Evaluate troubleshooting steps 

Implement Monitoring and Troubleshooting Layer 2 Enterprise Networks 

• List common issues that disrupt network operations 

• Identify tools used in network troubleshooting 

• Use available tools to resolve network issues 

Lab 6: Monitoring and Troubleshooting 

Appendix A: Junos Space Network Director 

• Describe Junos Space Network Director 

• Configure Junos Space Network Director 

Appendix B: Introduction to Mist AI Integration 

• List the wired assurance options and the supported Juniper switching devices 

• Describe provisioning and deployment process 

Appendix C: Mist Wired Assurance 

• Describe the deployment options 

• Explain wired assurance SLE and their classifiers 

• Describe the role of Mist within campus and branch architecture 

Appendix D: ELS and Non-ELS Configuration Examples 

• Configure switch options 

• Describe IRB and VLAN Interfaces 

• Describe Q-in-Q Tagging