Cantitate/Preț
Produs
Total produse
Vezi coșul
Cisco Software-Defined Access de Jason Gooley

Cisco Software-Defined Access

Autor Jason Gooley, Roddie Hasan, Srilatha Vemula
en Limba Engleză Paperback – 11 noi 2020
Direct from Cisco, this comprehensive book guides students through all aspects of planning, implementing, and operating Cisco Software Defined Access, helping them use intent-based networking, SD-Access, Cisco ISE, and Cisco DNA Center to harden campus network security and simplify its management.
Drawing on their unsurpassed experience architecting SD-Access solutions and training technical professionals inside and outside Cisco, the authors cover all facets of the product: its relevance, value, and use cases; its components and inner workings; planning and deployment; and day-to-day administration, support, and troubleshooting. Case studies demonstrate the use of Cisco SD-Access components to address Secure Segmentation, Plug and Play, Software Image Management (SWIM), Host Mobility, and more. Building on core concepts and techniques, the authors present full chapters on advanced SD-Access and Cisco DNA Center topics, as well as detailed coverage of fabric assurance.
Citește tot Restrânge

Preț: 31900 lei

Preț vechi: 39875 lei
-20% Nou

Puncte Express: 479
Preț estimativ în valută:
6106 6402$ 5045£

Carte disponibilă

Livrare economică 09-23 ianuarie 25
Livrare express 25-31 decembrie pentru 3607 lei

 Adaugă în coș

Wish list
Gift list
Am citit!
Adaugă în listă
Preluare comenzi: 021 569.72.76

Specificații

ISBN-13: 9780136448389
ISBN-10: 0136448380
Pagini: 352
Dimensiuni: 184 x 229 x 17 mm
Greutate: 0.59 kg
Editura: Pearson Education (US)

Notă biografică

Jason Gooley, CCIE No. 38759 (RS and SP), is a very enthusiastic and spontaneous person who has more than 25 years of experience in the industry. Currently, Jason works as a technical evangelist for the Worldwide Enterprise Networking sales team at Cisco Systems. Jason is very passionate about helping others in the industry succeed. In addition to being a Cisco Press author, Jason is a distinguished speaker at CiscoLive, contributes to the development of the Cisco CCIE and DevNet exams, provides training for Learning@Cisco, is an active CCIE mentor, is a committee member for the Cisco Continuing Education Program (CE), and is a program committee member of the Chicago Network Operators Group (CHI-NOG), www.chinog.org. Jason also hosts a show called MetalDevOps. Jason can be found at www.MetalDevOps.com, @MetalDevOps, and @Jason_Gooley on all social media platforms.
Roddie Hasan, CCIE No. 7472 (RS), is a technical solutions architect for Cisco Systems and has 29 years of networking experience. He has been with Cisco for more than 12 years and is a subject matter expert on enterprise networks. His role is supporting customers and account teams globally, with a focus on Cisco DNA Center and Cisco Software-Defined Access. He also specializes in technologies such as MPLS, Enterprise BGP, and SD-WAN. Prior to joining Cisco, Roddie worked in the U.S. federal government and service provider verticals. Roddie blogs at www.ccie.tv and can be found on Twitter at @eiddor.
Srilatha Vemula, CCIE No. 33670 (SEC), is a technical solutions architect for the Worldwide Enterprise Networking Sales team at Cisco Systems. There, she works with account teams and systems engineers to help Cisco customers adopt Cisco DNA Center, Cisco SD-Access, Cisco Identity Services Engine, and Cisco TrustSec. Srilatha has served in multiple roles at Cisco, including technical consulting engineer and security solutions architect. She led the design and implementation of security projects using Cisco flagship security products for key U.S. financial customers.

Cuprins

Introduction xvii Chapter 1 Todays Networks and the Drivers for Change 1 Networks of Today 1 Common Business and IT Trends 4 Common Desired Benefits 5 High-Level Design Considerations 6 Cisco Digital Network Architecture 10 Past Solutions to Todays Problems 12 Spanning-Tree and Layer 2Based Networks 13 Introduction to Multidomain 16 Cloud Trends and Adoption 18 Summary 20 Chapter 2 Introduction to Cisco Software-Defined Access 21 Challenges with Todays Networks 22 Software-Defined Networking 22 Cisco Software-Defined Access 23 Cisco Campus Fabric Architecture 24 Campus Fabric Fundamentals 25 Cisco SD-Access Roles 27 Network Access Control 30 Why Network Access Control? 31 Introduction to Cisco Identity Services Engine 32 Overview of Cisco Identity Services Engine 32 Cisco ISE Features 34 Secure Access 34 Device Administration 37 Guest Access 38 Profiling 40 Bring Your Own Device 45 Compliance 46 Integrations with pxGrid 48 Cisco ISE Design Considerations 50 Cisco ISE Architecture 50 Cisco ISE Deployment Options 51 Standalone Deployment 51 Distributed Deployment 51 Dedicated Distributed Deployment 52 Segmentation with Cisco TrustSec 54 Cisco TrustSec Functions 54 Classification 55 Propagation 55 Enforcement 57 Summary 58 Chapter 3 Introduction to Cisco DNA Center 59 Network Planning and Deployment Trends 59 History of Automation Tools 60 Cisco DNA Center Overview 62 Design and Visualization of the Network 64 Site Design and Layout 64 Network Settings 69 Wireless Deployments 70 Network Discovery and Inventory 72 Discovery Tool 72 Inventory 74 Device Configuration and Provisioning 77 Summary 79 Chapter 4 Cisco Software-Defined Access Fundamentals 81 Network Topologies 81 Cisco Software-Defined Access Underlay 82 Manual Underlay 83 Automated Underlay: LAN Automation 84 Wireless LAN Controllers and Access Points in Cisco Software-Defined Access 89 Shared Services 90 Transit Networks 91 IP-Based Transit 91 SD-Access Transit 92 Fabric Creation 92 Fabric Location 93 Fabric VNs 94 Fabric Device Roles 94 Control Plane 95 Fabric Borders 96 Border Automation 98 Border and Control Plane Collocation 99 Fabric Edge Nodes 100 Intermediate Nodes 103 External Connectivity 104 Fusion Router 104 Host Onboarding 105 Authentication Templates 105 VN to IP Pool Mapping 106 SSID to IP Pool Mapping 108 Switchport Override 109 Summary 110 References in This Chapter 110 Chapter 5 Cisco Identity Services Engine with Cisco DNA Center 111 Policy Management in Cisco DNA Center with Cisco ISE 112 Integration of Cisco DNA Center and ISE 113 Certificates in Cisco DNA Center 113 Certificates on Cisco Identity Services Engine 115 Cisco ISE and Cisco DNA Center Integration Process 116 Group-Based Access Control 122 Segmentation with Third-Party RADIUS Server 126 Secure Host Onboarding in Enterprise Networks 128 Endpoint Host Modes in 802.1X 128 Single-Host Mode 128 Multi-Host Mode 128 Multi-Domain Mode 129 Multi-Auth Mode 129 802.1X Phased Deployment 130 Why a Phased Approach? 131 Phase I: Monitor Mode (Visibility Mode) 132 Phase II: Low-Impact Mode 133 Phase II: Closed Mode 134 Host Onboarding with Cisco DNA Center 136 No Authentication Template 137 Open Authentication Template 138 Closed Authentication 140 Easy Connect 141 Security in Cisco Software-Defined Access Network 144 Macro-Segmentation in Cisco SD-Access 144 Micro-Segmentation in Cisco SD-Access 145 Policy Set Overview in Cisco ISE 146 Segmentation Policy Construction in Cisco SD-Access 148 Corporate Network Access Use Case 149 Guest Access Use Case 159 Segmentation Outside the Fabric 164 Summary 164 References in This Chapter 165 Chapter 6 Cisco Software-Defined Access Operation and Troubleshooting 167 Cisco SD-Access Under the Covers 167 Fabric Encapsulation 167 LISP 168 VXLAN 171 MTU Considerations 172 Host Operation and Packet Flow in Cisco SD-Access 172 DHCP in Cisco SD-Access 172 Wired Host Onboarding and Registration 175 Wired Host Operation 176 Intra-Subnet Traffic in the Fabric 176 Inter-Subnet Traffic in the Fabric 179 Traffic to Destinations Outside of the Fabric 180 Wireless Host Operation 180 Initial Onboarding and Registration 180 Cisco SD-Access Troubleshooting 181 Fabric Edge 182 Fabric Control Plane 186 Authentication/Policy Troubleshooting 188 Authentication 188 Policy 190 Scalable Group Tags 191 Summary 193 References in This Chapter 193 Chapter 7 Advanced Cisco Software-Defined Access Topics 195 Cisco Software-Defined Access Extension to IoT 196 Types of Extended Nodes 198 Extended Nodes 198 Policy Extended Nodes 198 Configuration of Extended Nodes 200 Onboarding the Extended Node 203 Packet Walk of Extended Cisco SD-Access Use Cases 205 Use Case: Hosts in Fabric Communicating with Hosts Connected Outside the Fabric 205 Use Case: Traffic from a Client Connected to a Policy Extended Node 206 Use Case: Traffic to a Client Connected to a Policy Extended Node 207 Use Case: Traffic Flow Within a Policy Extended Node 207 Multicast in Cisco SD-Access 208 Multicast Overview 209 IP Multicast Delivery Modes 210 Multicast Flows in Cisco SD-Access 210 Scenario 1: Multicast in PIM ASM with Head-End Replication (Fabric RP) 211 Scenario 2: Multicast in PIM SSM with Head-End Replication 213 Scenario 3: Cisco SD-Access Fabric Native Multicast 214 Cisco SD-Access Multicast Configuration in Cisco DNA Center 216 Layer 2 Flooding in Cisco SD-Access 218 Layer 2 Flooding Operation 219 Layer 2 Border in Cisco SD-Access 221 Layer 2 Intersite 224 Layer 2 Intersite Design and Traffic Flow 224 Fabric in a Box in Cisco SD-Access 227 Cisco SD-Access for Distributed Campus Deployments 228 Types of Transit 229 IP Transit 229 Fabric Multisite or Multidomain with IP Transit 230 Cisco SD-Access Transit 232 Cisco SD-WAN Transit 237 Policy Deployment Models in Cisco SD-Access Distributed Deployment 238 Cisco SD-Access Design Considerations 240 Latency Considerations 240 Cisco SD-Access Design Approach 241 Very Small Site 241 Small Site 242 Medium Site 243 Large Site 243 Single-Site Design Versus Multisite Design 244 Cisco SD-Access Component Considerations 245 Underlay Network 246 Underlay Network Design Considerations 246 Overlay Network 247 Overlay Fabric Design Considerations 247 Fabric Control Plane Node Design Considerations 248 Fabric Border Node Design Considerations 248 Infrastructure Services Design Considerations 249 Fabric Wireless Integration Design Considerations 249 Wireless Over-the-Top Centralized Wireless Option Design Considerations 250 Mixed SD-Access Wireless and Centralized Wireless Option Design Considerations 250 Wireless Guest Deployment Considerations 250 Security Policy Design Considerations 251 Cisco SD-Access Policy Extension to Cisco ACI 252 Summary 254 References in This Chapter 254 Chapter 8 Advanced Cisco DNA Center 255 Cisco DNA Center Architecture and Connectivity 256 Hardware and Scale 256 Network Connectivity 256 High Availability and Clustering with Cisco DNA Center 258 Software Image Management 259 Image Repository 261 Golden Image 262 Upgrading Devices 263 Cisco DNA Center Templates 266 Template Creation 267 Template Assignment and Network Profiles 269 Deploying Templates 270 Plug and Play 272 Onboarding Templates 273 PnP Agent 275 Claiming a Device 276 Cisco DNA Center Tools 280 Topology 280 Command Runner 281 Security Advisories 283 Summary 284 References in This Chapter 284 Chapter 9 Cisco DNA Assurance 285 Assurance Benefits 285 Challenges of Traditional Implementations 285 Cisco DNA Analytics 286 Cisco DNA Assurance Architecture 287 Cisco DNA Assurance Data Collection Points 289 Streaming Telemetry 290 Network Time Travel 292 Health Dashboards 292 Overall Health Dashboard 293 Network Health Dashboard 294 Cisco SD-Access Fabric Network Health 296 Client Health Dashboard 297 Application Health Dashboard 299 Cisco DNA Assurance Tools 300 Intelligent Capture 300 Anomaly Capture 301 Path Trace 303 Sensor Tests 303 Cisco AI Network Analytics 304 Summary 306 References in This Chapter 306 Glossary 307 9780136448389 TOC 6/24/2020