Instructorctclc admin
TypeOnline Course
Duration
5 Days
Methods of Delivery
ILT, VIRTUAL, On-Site
Price$4795.00 or 48 CLCs
Buy NowBook Now

In this Implementation and Configuration SDWAN Course, students will deploy and configure SD-WAN Controllers, vEdge Devices, and Cisco IOS-XE Devices. Students will create Multiple Device and CLI Templates that will allow Hundreds of devices to be deployed using only a few Centralized Templates. Students will create Security Policies to enable the Enterprise Firewall, IDS/IPS, URL Filtering, and Web Layer Security to protect and allow Enterprises to deploy Cloud applications as well as Direct Internet Access (DIA).  Students will also create Local and Central Policies that enable a Centralized Policy control of WAN Routing and device QOS configuration and enforcement. Students will also learn how Cisco SD-WAN allows Enterprises to deploy an effective Cloud Solutions such as Amazon AWS, Microsoft Azure, and Google Cloud. Students will also learn how to Monitor and Troubleshoot the SD-WAN Solution.

Why Attend With Current Technologies CLC

  • Our Instructors are the top 10% rated by Cisco
  • Our Lab has a dedicated 500 Mbps Fiber Connection
  • Our Lab Run up to Date version of Code on our Servers

Who Should Attend

Objectives

Prerequisites

Course Outline

Download Outline

  • Introduction to Cisco Spark
  • Setting up Spark Service
  • Spark UC Features
  • Audio/Video Meeting Features
  • Spark Security
  • Integrating Spark with Cisco Unified Communications Manager
  • Management of the Spark Services

The primary audience for this course is as follows:

  • Network Technicians / Administrators

  • NA

 

Module 1: SDWAN Overview

  • Describe what a Software-Defined Wide Area Network (SD-WAN) is.
  • Describe the secure extensible network
  • Describe the function of the virtual IP fabric created in the SD-WAN solution
  • What is SDWAN
  • Cisco Cloud vs On-premises vs private cloud management
  • Cisco IWAN vs Viptela SDWAN
  • IWAN Migration to SDWAN
  • SDWAN Integration with Cisco
  • Cisco SDWAN Licensing
    • DNA Essentials
    • DNS Advantage
    • DNA Premier

Module 2: Cisco SDWAN Edge Devices

  • vEdge Appliances
    • vEdge 100
    • vEdge 1000
    • vEdge 2000
    • vEdge 5000
  • vEdge Cloud
    • ESXI
    • KVM
    • AWS
    • Microsoft Azure
  • Cisco IOS-XE Platforms
    • Cisco ISR 1100 Series Routers
    • Cisco ISR 4300 Series Routers
    • Cisco ISR 4400 Series Routers
    • Cisco ASR 10XX Routers
  • Cisco CSR 1000V Router
  • Cisco 54xx Enterprise Network Compute System (ENCS)

Module 3: Cisco SDWAN Certificates and Whitelists

  • On-Prem vs Cloud Certificate deployment
  • Controller Certificates
  • Hardware Device Certificates
  • Software Device Certificates
  • Certificates
    • Export Device Data in CSV Format
    • Check the vEdge Router Certificate Statue
    • Validate a vEdge Router
    • Stage a vEdge Router
    • Invalidate a vEdge Route
    • Send the Controller Serial Numbers to vBond Orchestrator
    • Install Signed Certificate
    • View the CSR
    • View the Certificate
    • Generate the CSR
    • Reset the RSA Key Pair
    • Invalidate a Device
    • View Log of Certificate Activities
  • Device Whitelists
  • Controller Whitelists

Module 4: Deploying Cisco SDWAN Controllers

  • On-Prem vs Cloud deployment
  • vManage NMS
    • Deploy the vManage NMS
    • Configure the vManage NMS
    • Configure the vManage NMS Cluster
    • Configure Multitenant vManage NMS
    • Configure Certificate Settings
    • Generate vManage NMS Certificate
  • vBond Orchestrator
    • Deploy vBond VM Instance
    • Configure the vBond Orchestrator
    • Add the vBond Orchestrator to the Overlay Network
    • NAT Traversal
    • Start the Enterprise ZTP Server
  • Deploy the vSmart Controller
    • Deploying vSmart Controller on ESXi
    • Deploying vSmart Controller on KVM
    • Configure the vSmart Controller
    • Add the vSmart Controller to the Overlay Network
  • Controller High Availability
  • Cluster Management
    • Change the IP Address of the Current vManage NMS
    • Add a vManage NMS
    • Configure the Statistics Database
    • View Statistics Database Space Usage

Module 5: Cisco SDWAN Fabric and Overview

  • Virtual Fabric Overview
  • Overlay Management Protocol
  • Transport Locators (TLOCs)
    • TLOC Extensions
    • TLOC Colors
  • Multicast
  • TCP Optimization
  • Opening Firewall Ports
  • Software Installation and Upgrade
    • Software Version Compatibility
    • Add New Software Images to the Repository
    • Software Upgrades Best Practices
    • Activate a New Software Image
    • Redundant Software Images
  • vEdge Routers
    • Deploy vEdge Cloud router
    • Deploy a  vEdge 100 VM on Azure
    • Deploy vEdge Cloud VM on ESXi
    • Deploy vEdge Cloud VM on KVM
    • Deploying vEdge 100 Routers
    • Deploying vEdge 1000 Routers
    • Deploying vEdge 2000 Routers
    • Device configuration using C
    • Install Signed Certificates on vEdge Cloud Routers
  • Migrating IOS-XE Devices to Cisco SD-WAN
  • Zero Touch Provisioning
    • Using ZTP on Non-Wireless Routers
    • Using ZTP on Wireless Routers
  • Deploy AWS Gateway using the AWS Wizard

Module 6: Cisco SD-WAN Security

  • Solution Security
  • SDWAN IOS-XE Security
    • Application Firewall
    • IDS/IPS (Snort)
    • URL Filtering
    • Web Layer Security (Umbrella/Open DNS)
  • SDWAN vEdge Security
    • Application Firewall
    • Web Layer Security (Umbrella/Open DNS)
  • Firewall Ports
  • Control Plane Security
    • DTLS
    • TLS
  •  Data Plane Security
    • IPSEC
    • GRE
  • Traffic Segmentation
    • VPN
    • Policies
  • Service Chaining
    • Firewalls
    • IDS
  • Cloud Security
    • Umbrella
    • Z-Scaler
  • Enterprise Firewall

Module 7: Quality of Service

  • Application Visibility and Recognition
  • Differentiated Services – Quality of Service
  • Critical Applications SLA
  • Path MTU Discovery
  • TCP Performance Optimization
  • Bidirectional Forwarding Detection (BFD)
    • BFD Hello Timer and Multiplier
    • BFD Measurements
  • vEdge Router Queuing
    • Marking
    • Remarking
    • Shaping
    • Policing

Module 8: Configuring vManage

  • Using the vManage Interface
  • Using the vManage Dashboard
    • Device Pane
    • Reboot Pane
    • Certificates Pane
    • Control Status Pane
    • Site Health View Pane
    • Transport Interface Distribution
    • vEdge Inventory Pane
    • vEdge Health Pane
    • Transport Health Pane
    • Top Applications Pane
    • Application-Aware Routing Pane
    • Web Server Certificate Expiration Date Notification
    • Maintenance Window Alert Notification
  • Administration
    • Setting
      • Configure Organization Name
      • Configure vBond DNS Name or IP Address
      • Configure Certificate Authorization Settings
      • Configure vEdge Cloud Certificate Authorization Settings
      • Generate Web Server Certificate
      • View Web Server Certificate Expiration Date
      • Enforce Software Version on vEdge Routers
      • Create a Custom Banner
      • Collect Device Statistics
      • Enable CloudExpress Service
      • Enable vAnalytics Platform
      • Enable vManage Client Session Timeout
      • Enable Data Stream Collection
      • Set the Tenancy Mode
      • Set Interval to Collect Device Statistics
      • Configure a Maintenance Window
    • Manage Users
      • Add a User
      • Delete a User
      • Edit User Details
      • Change User Password
      • Add a User Group
      • Delete a User Group
      • Edit User Group Privileges
      • View vManage Service Details
      • View Devices Connected to a vManage NMS
      • Edit a vManage NMS
      • Remove a vManage NMS from the Cluster
      • View Available Cluster Services
    • Tenant Management
      • Add a Tenant
      • View All Tenants
      • View a Single Tenant
      • Edit a Tenant
      • Remove a Tenant
  •  Configuration
    • Devices
      • Change Configuration Modes
      • Upload vEdge Authorized Serial Number File
      • Generate Bootstrap Configuration for a vEdge Cloud Router
      • Export Device Data in CSV Format
      • View a Device’s Running Configuration
      • View a Device’s Configuration
      • Delete a vEdge Router
      • Copy a vEdge Router’s Configuration
      • Decommission a vEdge Cloud Router
      • View Log of Template Activities
      • Add a vBond Orchestrator
      • Add a vSmart Controller
      • Edit Controller Details
      • Delete a Controller
      • Change Variable Values for a Device

Module 9: SD-WAN Templates

  • Templates
    • Devices Configuration
    • Describe what vManage templates are used for
    • List the parameter types that are used in vManage templates
    • Explain the use of the Template Variable Spreadsheet
    • Summarize the configuration elements of a device
    • Create a Device Template
      • Create a Device Template from Feature Templates
      • Create a Device Template from the CLI
    • Describe what the system feature template is used for
    • Explain how to configure logging using the logging feature template
    • Describe how OMP can be configured using the OMP feature template
    • Describe the function of the Security feature template
    • Explain how the BFD feature can be configured using the BFD feature template
    • List the other feature templates that can be configured
      o Edit a Template
      o View a Template
      o Delete a Template
      o View Device Templates Attached to a Feature Template
      o View Devices Attached to a Device Template
      o Perform Parallel Template Operations
      o Attach Devices to a Device Template
      o Copy a Template
      o Edit a CLI Device Template
      o Export a Variables Spreadsheet in CSV Format for a Template
      o Change the Device Rollback Time and View Configuration Differences
      o Configuration Rollback
  • Wide Area Application Server (WAAS)
    • WAAS Integration with SDWAN
    • Service Chaining with WAAS
    • Application Optimization
    • TCP Optimization
    • Data Redundancy Elimination (DRE)
    • LZ Compression
    • Akamai Connect
  • Maintenance
    • Device Reboot
    • Software Upgrade
  • Configure Cisco Umbrella
  • Quality of Service (QoS)

Module 10: SD-WAN Policies

• Local Policies vs Central Policies
• Policies
o Policy Construction
• Lists
• Policy Definition
• Policy Application
o Configure Centralized Policy
o Configure Localized Policy
o View a Policy
o Copy a Policy
o Edit a Policy
o Edit or Create a Policy Component
o Delete a Policy
o Activate a Policy on vSmart Controllers
• Smart policies (Control, Data, AppRoute, cflowd)
o Control Policy
• Service Chaining
• Traffic Engineering
• Extranet VPNs
• Service path affinity
• Arbitrary VPN Topologies
• Fabric Policies
o Application Aware Routing Policy
• Application SLA
 Latency
 Loss
 Jitter
• Path Determination
o Data Policy to manipulate different traffic types
• Shaping Policies
• QoS Policies
• Service Chaining
• Traffic Engineering
• Extranet VPNs
• Service path affinity
• NAT Policies
o cFlowd Policy
• Cflowd-template for configuring flow cache behavior and flow export
• Data-policy for selection of traffic subject to flow data collection
o Multi-VPN and multi-topology policy
o Hub Mesh Policies
• Create a VPN Membership Policy
• Create an Application SLA Policy

o Local Control Policy
o Local Data Policy

  • Access Control List
  • QoS Policy
  • Mirroring

Module 11: SD-WAN Cloud
• OnRamp SAAS
o View Application Performance
o View Details about an Application
o Manage OnRamp Applications
o Manage OnRamp Client Sites
o Manage OnRamp Gateways
o Manage OnRamp DIA Sites
• Cloud OnRamp IAAS
o Create a Cloud Instance
o Display Host VPCs
o Map Host VPCs to a Gateway VPC
o Unmap Host VPCs
o Display Gateway VPCs
o Add a Gateway VPC
o Delete a Gateway VPC

Module 12: vAnalytics

• Applications
o Display Bandwidth Utilization
o Display vQoE Values
o Display Deviations from Baseline Utilization
• Network Availability
o Display Downtime by Site
o Display Downtime by Time
• Network Health
o Display Latency, Loss, and Jitter on Circuits
o Display Application Performance by Carrier
• vAnalytics Dashboard
o Network Availability Pane
o Applications Pane
• Least Performing Applications
• Applications Consuming Most Bandwidth
• Anomalous Application Families
o WAN Performance Pane
• Carrier Performance
• Tunnel Performance

Module 13: Monitoring vManage

• Network
o View List of Devices
o Export Device Data in CSV Format
o View Information about a Device
o View Device Status Summary
o View DPI Flows
o View Cflowd Flows
o View Interfaces
o View TCP Optimization Information
o View TLOC Loss, Latency, and Jitter Information
o View Tunnel Connections
o View Wi-Fi Configuration
• View Client Details
• View Client Usage
o View Control Connections
o View System Status
o View Events
o View ACL Logs
o Troubleshoot a Device
• Check Device Connectivity
• Check Device Bringup
• Ping a Device
• Run a Traceroute
• View Control Connections in Real Time
o Check Traffic Health
• View Tunnel Health
• Check Application-Aware Routing Traffic
• Simulate Flows
• Check Device Syslog Files
o  View Real-Time Data
• ACL Log
o Set ACL Log Filters
• Alarms
o Set Alarm Filters
o Export Alarm Data in CSV Format
o View Alarm Details
o Alarms Generated on vManage NMS
• Audit Log
o Set Audit Log Filters
o Export Audit Log Data in CSV Format
o View Audit Log Details
o View Changes to a Configuration Template
• Events
o Set Event Filters
o Export Event Data in CSV Format
o View Device Details
• Geography
o Set Map Filters
• View Device Information
• View Link Information
• Configure Geographic Coordinates for a Device

Module 14: Troubleshooting Tools for vManage

• Using vManage to Troubleshoot the environment
• Operational Commands
o Admin Tech Command
o Interface Reset Command
• Rediscover Network
o Rediscover the Network
o Synchronize Device Data
• CLI Command to troubleshoot the environment.
• SSH Terminal
o Establish an SSH Session to a Device

Labs
Lab 1: Deploy the vManage NMS
• Create vManage VM Instance on ESXi
• Configure Certificate Settings
• Create a vManage Cluster

Lab 2: Deploy the vBond Orchestrator
• Create vBond VM Instance on ESXi
• Configure the vBond Orchestrator
• Add the vBond Orchestrator to the Overlay Network
• Start the Enterprise ZTP Server

 

Lab 3: Deploy the vSmart Controller
• Create vSmart Controller VM Instance on ESXi
• Configure the vSmart Controller
• Add the vSmart Controller to the Overlay Network

Lab 4: Deploy the vEdge Routers
• Create vEdge Cloud VM Instance on ESXi
• Install Signed Certificates on vEdge Cloud Routers
• Send vEdge Serial Numbers to the Controller Devices
• Configure the vEdge Routers
• Prepare vEdge Routers for ZTP

Lab 5: Deploy the vEdge Routers
• Create vEdge Cloud VM Instance on ESXi
• Install Signed Certificates on vEdge Cloud Routers
• Send vEdge Serial Numbers to the Controller Devices
• Configure the vEdge Routers
• Prepare vEdge Routers for ZTP

Lab 6: vManage Configuration
• Explore the Interface
• Add Controllers to the Whitelist
• Add vEdge whitelist
• BFD Tuning
• Create and Update Users
• Manage the Fabric

Lab 7: Creating Device Templates
• Create CLI Policy Template
• Create Feature Policy Template
o System Feature Template
o BFD Feature Template
o OMP Feature Template
o VPN Feature Template
o MPLS-TLOC Feature Template
o Internet-TLOC Feature Template
o OSPF Feature Template
o VPN 10 Hub and Spoke Feature Template
o VPN 20 Full Mesh Feature Template
o VPN 40 Guest Feature Template
• Create vSmart Device CLI Template
• Create DC1 vEdges Device Feature Template
• Attach DC1 Devices to Template
• Create DC2 IOS-XE CSRs Device Feature Template
• Attach DC2 Devices to Template
• Create BR1 vEdges Device CLI Template using TLOC Extensions
• Attach BR1 Devices to Template
• Create BR2 IOS-XE CSRs Device Feature Template using TLOC Extensions
• Attach BR2 Devices to Template
• Create BR3 IOS-XE ISR4K Device Feature Template
• Attach BR3 Devices to Template
• Create REG-HUB vEdges Cloud Device CLI Template using TLOC Extensions
• Attach REG-HUB  Devices to Template
• Configuration Rollback

Lab 8: Create Policies
• List types of policies that can be implemented in the SD-WAN solution
• Describe how policies can be implemented that affect the control plane
• Describe what affect policies can have on data traffic forwarding
• Identify the various components of the vSmart policy architecture
• Describe how different policies are enabled in different devices
• Detail how policies are processed and applied
• Control Policy Lab
o Configure a Vpn-membership-policy
o Configure Site-list Selection Policies
o Configure a Service Chaining Policy
o Configure an Extranet VPN Policy
o Configure a Service path affinity Policy
o Configure Fabric Policies
o Configure Security Zones
• Data Policy Lab
o Configure Shaping Policies
o Configure QoS Policies
o Configure a Service Chaining
o Configure a Extranet VPN Policy
o Configure Service path affinity Policy
o Configure a NAT Policies for DIA
o Configure a OSPF BGP Routing Policy
• Application Aware Routing Policy Lab
o SLA Classes
o Path Selection using Application Policies
• Create a cFlowd Policy

• Create a Local Control Policy
• Configure OSPF and BGP
• Create a Local Data Policy
• Create Firewall Policy
• Configure QOS
Lab 9: Application Visibility
• Create a Centralized Policy for Application-Aware Routing
• Identify Application Groups (FTP/Office 365/Voice)
• Create Lists
• Site Lists
• Application Lists
• Data Prefix Lists
• VPN Lists
• Create a SLA Classes
• Create Traffic Rules
• Apply Policies to Sites and VPNs

Lab 10: Monitoring the Solution
• Explore vManage Dashboard analytics
• Monitor Applications
• Monitor Loss, Latency, and Jitter
• Monitor Individual Device
o Check system Status
o Check Control Connections
o Check OMP Status
o Check BFD Status
o Check Interfaces for Issues

Lab 11: API Integration
• Explore the API Docs
• Use Poster to connect to vManage and download Templates

Lab 12: Troubleshooting
• Use the CLI to view and troubleshooting debug Logs
• Troubleshoot BFD
• Troubleshoot OMP
• Use troubleshooting tools to diagnose issues
o Use the Ping tool
o Use the Traceroute tool
o Use the App Route Visualization
o Simulate traffic flows
o Take a Packet
• Troubleshoot Application Routing

 

Implementing and Configuring Cisco SDWAN (ICSDWAN-CT)