Cisco SD Access (Software-Defined Access) Overview

In an enterprise network, user and device management mobility should be considered. In a traditional enterprise network, users must always connect to the same physical port where the VLAN or IP subnet is configured. To solve this problem, Cisco released an SD-access, which is complete automation of your enterprise network using Cisco DNA Center.


What is Software-Defined Access?

Cisco Software-Defined Access (SD-Access) is a Software Defined Networking (SDN) solution within Cisco Digital Network Architecture (Cisco DNA). It is a newer network access control method in an enterprise network built on intent-based networking technology that solves the implementation and administration of the traditional network.

The SD-Access solution provides a transformational shift in building, managing, and securing the entire network operations, making it faster and easier to operate and improving efficiency.

Decoupling network functions from hardware creates a virtual overlay (tunnel) over the underlying physical networking infrastructure, like routers and switches. Users can access the organization’s network anywhere as traffic flow is based on user identity, not on a specific port or LAN subnet.

Users are authenticated by Identity Service Engine (ISE), and the security policy is configured in Cisco DNA. SD-Access helps ensure policy consistency by defining and enforcing policies, preventing unauthorized access, and user mobility.


SD-Access Components

Four components are needed when implementing SD-Access:

1. Cisco DNA Center

Cisco DNA Center (also called Cisco Digital Network Architecture) is a powerful SDN controller and network management dashboard that allows you to control your network, optimize your network, and secure your remote workforce. It is an appliance that provides a centralized graphical interface to design your network, add and configure devices, monitor your network and devices, and troubleshoot your network.

2. Cisco Identity Service Engine (ISE)

Cisco ISE creates and enforces security and access policies for endpoint devices connected to the organization’s router. ISE helps Cisco DNA Center to learn about connected devices and authenticate users.

3. Cisco Network Data Platform (NDP)

NDP is an analytical engine that collects information about networks via NETFLOW, HTTPS, and logging. It also supports artificial intelligence and machine learning to identify and troubleshoot problems.

4. Network Infrastructure

It is commonly known as Fabric in Intent-Based Networking principles. It composes the network devices we commonly see on an enterprise network like routers, switches, firewalls, access points, and wireless LAN controllers.


How SD-Access Works?

We need to learn three components to understand the concepts of SD-Access: Fabric, Underlay Network, and Overlay Network. The Underlay network is the underlying physical network that provides a physical connection for any logical connections.

It comprises physical devices available in the network infrastructure, like routers, switches, and access points. Within the underlay, the control plane is responsible for forwarding the traffic within the network.

An underlay network is the actual physical network that provides connectivity for the overlay network (logical connections/tunnel). With an overlay network, a virtual network is built by using an SDN controller (Cisco DNA). SDN controller decides a path that will be used based on policies, and the path from end to end is the overlay network.

By using Cisco DNA as an SDN controller, we can implement the concept of underlay and overlay network to provide user mobility, enhanced security, granular segmentation of the network, network scalability, and network automation which is the goal of Software-Defined Access (SD-Access).

The diagram below shows the differences between the underlay and overlay networks. The underlay network is the whole network infrastructure, while the overlay network is the logical tunnel created after establishing the connection from PC0 to PC1. The routers will inquire to the controller, Router 10, the route from PC0 to PC1, then create a logical tunnel going directly from PC0 to PC1.

sd access

sd access overlay


Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: