In a traditional way of network administration in an enterprise network, adding a new network device like routers, access point, switches are quite a burden as you need to plan and schedule the implementation as it might cause a network outage. Not only that, configuring it one-by-one using CLI or GUI will be a hassle as well.
In an enterprise network, user and device management mobility should be put into consideration. In a traditional enterprise network, users are expected to always connect to the same physical port where the VLAN or IP subnet is configured. To solve this problem, Cisco released an SD-access which is complete automation of your enterprise network by using Cisco DNA Center.
What is Software-Defined Access?
Cisco Software-Defined Access (SD-Access) is a solution within Cisco Digital Network Architecture (Cisco DNA). It is a newer method of network access control in an enterprise network that is built on intent-based networking technology that solves the implementation and administration of the traditional network.
SD-Access provides a transformational shift in building, managing, and securing the entire network, making it faster and easier to operate and improving efficiency.
Decoupling network functions from hardware creates a virtual overlay (tunnel) over the underlying physical networking infrastructure like routers and switches. Users can access anywhere in the organization’s network as traffic flow is based on user identity, not on a specific port or specific LAN subnet.
Users are authenticated by Identity Service Engine (ISE), and the security policy is configured in Cisco DNA. SD-Access helps ensure policy consistency by defining and enforcing policies, preventing unauthorized access, and user mobility.
Four components are needed when implementing SD-Access:
1. Cisco DNA Center
Cisco DNA Center (also called Cisco Digital Network Architecture) is a powerful SDN controller and management dashboard that allows you to control your network, optimize your network, and secure your remote workforce. It is an appliance that provides a centralized graphical interface to design your network, add and configure devices, monitor your network and devices, and troubleshoot your network.
2. Cisco Identity Service Engine (ISE)
Cisco ISE provides the creation and enforcement of security and access policies for endpoint devices connected to the organization’s router. ISE helps Cisco DNA Center to learn about connected devices and authenticate users.
3. Cisco Network Data Platform (NDP)
NDP is an analytical engine that collects information about networks via NETFLOW, HTTPS, and logging. It also supports artificial intelligence and machine learning to identify the problem and troubleshoot it.
4. Network Infrastructure
It is commonly known as Fabric in Intent-Based Networking principles. It composes of the network devices we commonly see on an enterprise network like routers, switches, firewalls, access points, and wireless LAN controllers.
How SD-Access Works?
There are three components we need to learn to understand the concepts of SD-Access, and these are Fabric, Underlay Network, and Overlay Network. Underlay network is the underlying physical network that provides a physical connection for any logical connections.
It is composed of physical devices that are available in the network infrastructure like routers, switches, and access points. Within the underlay, the control plane is responsible for forwarding the traffic within the network.
An underlay network is the actual physical network that provides connectivity for the overlay network (logical connections/tunnel). With an overlay network, a virtual network is built by using an SDN controller (Cisco DNA). SDN controller decides a path that will be used based on policies, and the path from end to end is the overlay network.
By using Cisco DNA as an SDN controller, we can implement the concept of underlay and overlay network to provide user mobility, enhanced security, granular segmentation of the network, network scalability, and network automation which is the goal of Software-Defined Access (SD-Access).
The below diagram shows the differences between the underlay network and the overlay network. The underlay network is the whole network infrastructure, while the overlay network is the logical tunnel created after establishing the connection from PC0 to PC1. The routers will inquire to the controller, which is Router 10, the route from PC0 to PC1, then create a logical tunnel going directly from PC0 to PC1.
Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.
We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: