Cisco introduced CCNA and CCNP in 1998. For the first 25 years of those certification tracks, Cisco updated the exams on average every 3–4 years. However, Cisco did not pre-announce the exam changes, so exam changes felt very sudden. Usually, a new exam would be announced, with new exam topics, giving you 3–6 months before… Read More »
Priority queuing (PQ) is a queuing method that establishes four interface output queues that serve different priority levels: high, medium, default, and low. Unfortunately, PQ can starve other queues if too much data is in one queue because higher-priority queues must be emptied before lower-priority queues. Custom Queuing Custom queuing (CQ) uses up to 16… Read More »
In very small sites, high availability and site survivability requirements are not common. Shared services are present in all reference designs for DHCP, DNS, WLC, and ISE. These services can be deployed in a remote data center and connected to the fabric through a fusion router, or they can be deployed locally with direct connections.… Read More »
Cisco ISE is a secure network access platform that enables control, visibility, and consistency for users and devices accessing the network. Within the SD-Access fabric, Cisco ISE provides all the identity and policy services. Cisco ISE is a critical component of SD-Access for policy enforcement; it allows for the dynamic mapping of users and endpoints… Read More »
When you’re designing an SD-Access solution, in addition to the typical business requirements, there are a number of key technical factors that need to be considered before you develop your final design. This list is not exhaustive but should give you some design guidance to keep in mind: Overlay Design The overlay network within the… Read More »
The database for identifying endpoints is the responsibility of the fabric control plane nodes in the SD-Access fabric. This is an important function for the fabric to operate well. If the control plane node were down for whatever reason, fabric endpoints would have to rely on the local database information for connectivity, which might or… Read More »
Unified policy was a major driver in the SD-Access solution to allow for the same policy to be applied to both wired and wireless networks enforced at the access layer. Segmentation adds to unified policy by enabling VRF instance/VN (macro) and SGT (micro) segmentation to be deployed in the SD-Access fabric. VRF instance/VN segmentation involves… Read More »
SD-WAN provides network/headend redundancy so that in the event of loss of connectivity via the primary network headend vEdge router at the data center, the vEdge router can connect to a redundant headend vEdge router (see Figure 11-6). Figure 11-6 Network/Headend Redundancy Controller Redundancy As mentioned previously, you can increase the number of vSmart controllers… Read More »
vEdge routers can be configured to provide DHCP server functionality to allow for host IP address assignments to be made directly from a vEdge device on a customer site. DHCP servers are configurable for the service side interface. DHCP relay (IP helper) functionality is also supported for forwarding requests from the service side network to… Read More »
Each VPN is independent of every other VPN. You might separate VPNs in order to separate business traffic from guest wireless traffic. Or you might want to separate manufacturing or extranet traffic. Some traffic might be site-to-site traffic, and other traffic might be site-to-data center traffic. VPNs can be configured with several different topologies: Figure… Read More »