Lecture Notes: Cisco Software Defined Access (SD-Access)

Presented by Danny the Banter, Technical Marketing Engineer at Cisco

Enhances control of communications
Provides software-defined segmentation and policy enforcement based on endpoint characteristics

What is it?
- The first level of segmentation within the SD-Access fabric
- Achieved through Virtual Networks (VNs)
- Each VN is essentially a VRF (Virtual Routing and Forwarding)
- Provides isolated networks
Assigning Endpoints
- Endpoints are assigned to a VN during onboarding
- VN is bound to one or more IP address pools
Inter-VN Communication
- By default, VNs cannot communicate with each other
- Communication can be enabled using a fusion device (firewall or router)

Steps to Create a VN
1. Create the VN under the Policy section
2. Add the VN to the Fabric site
3. Bind an IP pool to the VN
4. Save changes to push the configuration to the fabric edge devices
Example Walkthrough
- Create VN in Cisco DNA Center dashboard under Policy > Virtual Network, e.g., VN 'HR'
- Move to Fabric site (pre-configured)
- Navigate to Host Onboarding, add the newly created VN
- Bind an IP pool (e.g., subnet HR:172.16.10.0/24) and update
- VN should now appear on the fabric edge device
- Verify creation: VLAN and VRF binding (e.g., VLAN 1031 for HR_VN)

What is it?
- The second level of segmentation within the VN
- Provides finer control over access between endpoints
Scalable Group Tags (SGTs)
- Used to manage access control between endpoints
- Also called 'micro segmentation'
Applying Micro Segmentation in Cisco DNA Center
1. Return to Policy section
2. Select the VN created (e.g., HR_VN)
3. Apply SGTs within the VN
4. Define access control between SGTs using Contracts

Check additional videos on the SDA YouTube channel for more content on software-defined topics and Identity Services Engine