SDA

SDA Components

DNAC (Digital Network Architecture Center)
Border Node/Control Node
Edge Node
Wireless
ISE
Fusion Router

Edge Node

Wired endpoint connectivitiy into the fabric
Default gateway
Security Enforcement

Wireless

Wireless endpoint connectivity into the fabric

ISE (Identity Service Engine)

AAA
Trustsec
Security Policy

Fusion Router

Routing traffic in and out of the fabric

Overlay Networks

Runs on top of an underlay network
Virtualizes network communication
Control Plane uses LISP routing
- Highly scalable
- Network Virtualization
- Subnet Stretching
Data plane uses VXLAN encapsulation
- Security Group Tags (SGT)
- Virtual Network Identifier (VNI)

Anycast Gateways

Common default gateway on edge nodes

Configuration Example

Fusion Router

fusion-router(config)# interface g0/0/1.2530
fusion-router(config-subif)# description B|CP
fusion-router(config-subif)# encapsution dot1q 2530
fusion-router(config-subif)# ip address 10.0.253.10 255.255.255.240
fusion-router(config-subif)# exit
fusion-router(config)# ip route 10.0.248.0/21 10.0.253.1 name SDA-NETWORKS

Fabric Seed Devices

Interface Configuration

Node 1
cp-border-node-1(config)# interface tw1/0/1
cp-border-node-1(config-if)# description Fusion-Transit
cp-border-node-1(config-if)# switchport mode trunk
cp-border-node-1(config-if)# exit
cp-border-node-1(config# vlan 2530
cp-border-node-1(config-vlan)# exit
cp-border-node-1(config)# interface vlan 2530
cp-border-node-1(config-if)# description FUSION-GLOBAL-TRANSIT
cp-border-node-1(config-if)# ip address 10.0.253.2 255.255.255.240
cp-border-node-1(config-if)# standby version 2
cp-border-node-1(config-if)# standby 2530 ip 10.0.253.1
cp-border-node-1(config-if)# standby 2530 preempt
cp-border-node-1(config-if)# standby 2530 priority 105
cp-border-node-1(config-if)# exit
cp-border-node-1(config)# ip route 0.0.0.0 0.0.0.0 10.0.253.10 name FUSION-DEFAULT


Node 2
cp-border-node-2(config)# interface tw1/0/1
cp-border-node-2(config-if)# description Fusion-Transit
cp-border-node-2(config-if)# switchport mode trunk
cp-border-node-2(config-if)# exit
cp-border-node-2(config# vlan 2530
cp-border-node-2(config-vlan)# exit
cp-border-node-2(config)# interface vlan 2530
cp-border-node-2(config-if)# description FUSION-GLOBAL-TRANSIT
cp-border-node-2(config-if)# ip address 10.0.253.3 255.255.255.242
cp-border-node-2(config-if)# standby version 2
cp-border-node-2(config-if)# standby 2530 ip 10.0.253.1
cp-border-node-2(config)# ip route 0.0.0.0 0.0.0.0 10.0.253.10 name FUSION-DEFAULT

ISIS Configuration

Node 1
ip routing
system mtu 9100
interface Te1/1/1
  no switchport
  dampening
  ip address 10.0.254.1 255.255.255.252
  ip lisp source-locator loopback0
  ip router isis
  logging event link-status
  load-interval 30
  bdf interval 500 min_rx 50 multiplier 3
  no bfd echo
  isis network point-to-point

router isis
  net 49.0001.0000.0255.0001.00
  is-type level-2-only
  domain-password cisco
  metric-style wide
  log-adjacency-changes
  nsf ietf
  default-information originate
  bfd all-interfaces


Node 2
ip routing
system mtu 9100
interface Te1/1/1
  no switchport
  dampening
  ip address 10.0.254.2 255.255.255.252
  ip lisp source-locator loopback0
  ip router isis
  logging event link-status
  load-interval 30
  bdf interval 500 min_rx 50 multiplier 3
  no bfd echo
  isis network point-to-point

router isis
  net 49.0001.0000.0255.0002.00
  is-type level-2-only
  domain-password cisco
  metric-style wide
  log-adjacency-changes
  nsf ietf
  default-information originate
  bfd all-interfaces

Configuring SSH for DNAC to communicate with Seed device

Node 1
ip domain-name cisco.com
ip ssh version 22
aaa new-model
aaa authentication login default loca
aaa authorization exec default local

username dnac privilege 15 secret cisco
snmp-server community DNAC ro

interface loopback 0
  description SDA-Loopback
  ip address 10.0.255.1 255.255.255.255
  ip router isis

line vty 0 15
  transport input ssh


Node 2
ip domain-name cisco.com
ip ssh version 22
aaa new-model
aaa authentication login default loca
aaa authorization exec default local

username dnac privilege 15 secret cisco
snmp-server community DNAC ro

interface loopback 0
  description SDA-Loopback
  ip address 10.0.255.2 255.255.255.255
  ip router isis

line vty 0 15
  transport input ssh

Cisco WLC

Configure SNMP access on WLC
Configure local account for initial discovery and fallback purposes

Cisco ISE Integration Prerequisite

Administration > Deployment (Under System), enable pxGrid
Administration > Settings > ERS Settings, enable ERS for Read/Write

DNAC interfaces

10 Gbps Enterprise port
- Fabric device communication
- GUI management
10 Gbps Clutser port: cluster communication
1Gbps CIMC port: out of band management
1Gbps DNAC GUI port: GUI management
1Gbps Cloud port: internet connectivity

Resource

PreviousDNAC NextF5

Last updated 1 year ago

hashtagSDA Components

hashtagEdge Node

hashtagWireless

hashtagISE (Identity Service Engine)

hashtagFusion Router

hashtagOverlay Networks

hashtagAnycast Gateways

hashtagConfiguration Example

hashtagFusion Router

hashtagFabric Seed Devices

hashtagInterface Configuration

hashtagISIS Configuration

hashtagConfiguring SSH for DNAC to communicate with Seed device

hashtagCisco WLC

hashtagCisco ISE Integration Prerequisite

hashtagDNAC interfaces

hashtagResource

SDA Components

Edge Node

Wireless

ISE (Identity Service Engine)

Fusion Router

Overlay Networks

Anycast Gateways

Configuration Example

Fusion Router

Fabric Seed Devices

Interface Configuration

ISIS Configuration

Configuring SSH for DNAC to communicate with Seed device

Cisco WLC

Cisco ISE Integration Prerequisite

DNAC interfaces

Resource