ADV Cisco SD-WAN Design, Troubleshoot, Topology, Configuration & Policy Groups, & Features

ADV Cisco SD-WAN Design, Troubleshoot, Topology, Configuration & Policy Groups, & Features

This 5-day Advanced Cisco SD-WAN training course, is tailored specifically for Enterprise networks, provides an in-depth exploration of the 20.12 SD-WAN and 17.12 IOS-XE platforms. Designed for engineers seeking expertise in complex SD-WAN environments, the course covers advanced feature, device, and CLI template design, configuration groups, and policy implementation. Participants will deploy and troubleshoot enhanced QoS features such as Forward Error Correction (FEC), TCP Optimization, and DRE, while configuring overlay and service-side routing protocols including OMP, BGP, OSPF, and Multicast. Security integration with Cisco Umbrella, SASE, and on-premise firewalls is emphasized, alongside Catalyst SD-WAN clustering and high availability strategies. The course culminates in multi-region fabric design and comprehensive SD-WAN migration strategies from vEdge to cEdge, offering students hands-on expertise in scaling, securing, and modernizing SD-WAN infrastructures.

Use this course towards your Cisco Continuing (CE) Education Credits (50) 

How you’ll benefit

This class will help you:

• Build on the SDWAN class. Focuses on Advanced Features (Routing, Templates, Configuration Groups, Policies, SASE Security, Thousand Eyes Integration, Advanced QoS)
• Enhance voice integration and configuration expertise
• Prepare for the 300-415 ENSDWI Certification Between SDWAN and ADVANCED SDWAN

Why Attend with Current Technologies CLC

• Our Instructors are the top 10% rated by Cisco
• Our Lab has a dedicated 1 Gig Fiber Connection for our Labs
• Our Labs run up to Date Code for all our courses

• SD-WAN Review
• SD-WAN Advanced Settings
• SD-WAN High Availability
• SD-WAN APP-QoE, SD-AVC and QoS Policies
• Bridging
• Routing Protcols
• Multicast
• Direct Internet Access (DIA)
• SD-WAN Voice Configuration
• SD-WAN Migration
• Advanced Template Design and Troubleshooting
• Advanced Local & Central Policies on vEdge and IOS-XE Platforms
• Advanced Security Policies on vEdge and IOS-XE Platforms
• Advanced Troubleshooting of Policies on vEdge and IOS-XE Platforms

Who should sit this course?

This course is suitable for Network Engineers, System Administrators, IT Professionals, Technical Support Staff, and Cisco-Certified Professionals looking to enhance their skills and proficiency with Cisco Catalyst SD-WAN network management tailored for networks. 

The course is highly recommended for:

• Network Engineers: Professionals tasked with the design, implementation, and maintenance of the network infrastructure. This includes managing both Catalyst SD-WAN and data communication systems, ensuring they meet the high standards required for government operations.
• System Administrators: Individuals responsible for the daily management and configuration of the network systems. Their role is crucial in ensuring the reliable operation of Catalyst SD-WAN and WAN services across various departments.
• IT Professionals: This group includes a wide range of IT personnel working who require a robust understanding of secure and reliable Catalyst SD-WAN network systems. Their work is critical in ensuring that these networks comply with stringent standards and regulations.
• Technical Support Staff: These are the frontline personnel who provide essential technical support for Catalyst SD-WAN network systems within the environments. Their expertise ensures that any issues are promptly resolved to maintain network integrity and security.
• Cisco Certified Professionals: Individuals who have already achieved Cisco certifications and are looking to further their knowledge and expertise specifically in Catalyst SD-WAN Networks and Technologies. This course offers them an opportunity to specialize in Catalyst SD-WAN solutions, enhancing their skill set in the context of the network requirements

• Installing, Configuring, Monitoring and Troubleshooting Cisco Catalyst (SDWAN) v20.15

Module 0: Introductions

• Introductions
  • Get familiar with the course structure and participants.

Module 1: SD-WAN Overview

• Cisco SD-WAN Overview
  • An overview of SD-WAN architecture and capabilities.
• SD-WAN Platform Discussion
  • Platform selection and deployment strategies.

Module 2: SD-WAN Advanced Settings

• Design Considerations and Scaling
  • Design for large-scale and performance.
• Site Design
  • Developing a reliable site architecture.
• Advanced Settings
  • Tuning and optimization settings.
• Ether Channel Support (20.6)
  • Use of link aggregation in SD-WAN.
• Hot Standby Router Protocol (HSRP)
  • Redundancy through HSRP.
• LTE Design and Deployment
  • Integrate LTE with SD-WAN.

Module 3: SD-WAN High Availability

• Common WAN Topologies Design and Deployment Considerations
  • Designing reliable WAN links.
• Active vManage, Backup Inactive vManage, Clustering vManage
  • vManage HA design.
• SD-WAN Disaster Recovery
  • Strategies for site and controller DR.
• Troubleshooting Cluster Operation
  • Identify and fix cluster issues.

Module 4: SD-WAN Templates

• Template Overview
  • Overview of template-based configurations.
• Using Python to Import / Export Templates
  • Automating with Python APIs.
• Parsing JSON with Python
  • Read/write JSON data structures.
• Create / Delete / Import / Export of Templates
  • Template operations and management.

Module 5: SD-WAN APP-QoE, SD-AVC and QoS Policies

• Application Quality of Experience (APPQoE)
  • Enhancing app experience.
• Custom Application Identification
  • Defining custom apps.
• Bidirectional Forwarding Detection (BFD)
  • Monitor and recover tunnel loss.
• Cloud onRamp for SaaS for Office 365
  • Optimize O365 performance.
• Per Tunnel QOS
  • QoS settings per tunnel.
• Adaptive QOS
  • Dynamic adjustments to QoS.
• SD-WAN 17.6/20.6 - Per VPN QOS
  • VPN-based traffic control.
• TCP Optimization
  • Improve TCP traffic performance.
• Service Nodes for AppQoE
  • Offload services to nodes.
• Forward Error Correction (FEC)
  • Error correction techniques.
• Packet Duplication
  • Resiliency for critical apps.

Module 6: Bridging

• Transparent Bridging
  • Enable Layer 2 bridging in SD-WAN.
• Bridging Template Configuration
  • Set up bridge templates.
• cEdge Bridging Template Configuration
  • Bridge config for IOS-XE.
• vEdge Bridging Template Configuration
  • Bridge config for vEdge.

Module 7: Routing Protocols

• SD-WAN Underlay Routing
  • Dynamic and static underlay routes.
• Static Routes
  • Configure static routing.
• VRRP Enhancements
  • Redundancy enhancements.
• Dynamic Routing Protocols
  • Implement BGP, OSPF, EIGRP.
• Routing Information Protocols
  • Overview of routing exchange.
• SD-WAN On Demand Tunnels
  • Create tunnels dynamically.
• Route Leaking
  • Cross-VPN route redistribution.
• Hierarchical SD-WAN (Regions)
  • Regional segmentation.

Module 8: Multicast

• Complete Multicast Support on Cisco SD-WAN
  • Multicast capability overview.
• vEdge Support
  • Multicast implementation on vEdge.

Module 9: Direct Internet Access (DIA) Overview

• SD-WAN Direct Internet Access (DIA)
  • Enable DIA for branch offices.
• Deploying DIA
  • Implementation strategies.
• Central Data Policy
  • Use central policies with DIA.
• NAT DIA Route
  • Route directly to Internet.

Module 10: SD-WAN Voice Configuration

• Voice Integration in SD-WAN
  • Deploy voice traffic in SD-WAN.
• Voice Card Feature Templates
  • Configure DSP and voice cards.
• Call Routing Feature Templates
  • Handle dial plans.
• Survivable Remote Site Telephony (SRST)
  • Maintain calls during WAN loss.
• Voice Policies
  • Control voice traffic and codecs.
• Create a Voice Port Policy
  • Define physical voice settings.
• Voice Port Translation Profile
  • Number translation rules.
• FXO Supervisory Disconnect
  • Handle analog signaling.
• Cisco Unified Border Element (CUBE)
  • Enable PSTN SIP trunking.

Module 11: SD-WAN Security Policy

• SD-WAN Security
  • General overview of secure SD-WAN.
• SD-WAN Base Security
  • Foundational protections.
• SD-WAN Cloud Security
  • Security for cloud edge.
• Zscaler Integration
  • Partner-based cloud security.
• SD-WAN Cloud Security Features
  • Deep packet inspection and controls.
• SD-WAN Integrated Security
  • NGFW, IDS/IPS built-in.
• 17.6/20.6 – Geo-Fencing
  • Location-based policy control.
• SD-WAN Security Configuration
  • Deploy security templates.

Module 12: SD-WAN Local Policy

• Policy Configuration Overview
  • Basic structure of local policies.
• Local Data Policies
  • Match and forward decisions.

Module 13: SD-WAN Central Policy

• Centralized Control Policies
  • Influence route propagation.
• Centralized Data Policies
  • Control forwarding actions centrally.
• Application Aware Routing
  • Use SLA for path decisions.
• Service Chaining
  • Redirect traffic through devices.
• Traffic Flow Monitoring with Cflowd
  • NetFlow-style data export.
• Policy Construction
  • Steps to build usable policies.
• Platform Support and Scalability
  • Deployment models and limitations.

Module 14: SD-WAN Migration

• SD-WAN Conversation Tool
  • Convert CLI to template-based.
• Cisco Sure Tool
  • Assisted deployment and validation.
• Migration and Deployment Models
  • Migration planning.
• Typical Migrations
  • Branch and DC best practices.
• Data Center / Hub Migration
  • Migrate hubs to SD-WAN.
• Branch / Spoke Site Migration
  • Convert branches to SD-WAN.

LAB OUTLINE

Lab 1: Review & Troubleshoot Initials SDWAN Environment

• Review Environment
• Troubleshooting Initial Connectivity
• Troubleshooting Initial Control Connections

Lab 2: Create and Troubleshoot SDWAN Clusters

• Create a 3 Node SDWAN Cluster
• Monitor Cluster Troubleshoot Cluster

Lab 3: Template / Configurations Groups

• Advanced Techniques for Template Creation
• Variable Naming Conventions for Reusability
• Create Feature Template for reuse across all vEdge devices
• Export and Import Templates via API
• Troubleshoot Template Deployment

Lab 4: Deploy and Troubleshoot Hardware Routers with ztp. 

• Troubleshoot and Deploy 4331 Router
• Troubleshoot and Deploy vEdge Router

Lab 5: Implement Routing Protocol 

• Configure Transparent Routing
• Configure BGP Template and Local Policy on the Transport VPN
• Configure OSPF Template and Local Policy on the Transport VPN
• Configure BGP Template and Local Policy on the Service Side (LAN) VPN
• Configure OSPF Template and Local Policy on the Service Side (LAN) VPN
• Configure EIGRP Template and Local Policy on the Service Side (LAN) VPN
• Configure Multicast on vEdge
• Configure Multicast on IOS-XE
• Monitor Routing
• Troubleshooting Routing Protocols

Lab 6: Advanced Firewall Policy Design

• Setup and deploy a realistic firewall Configuration on vEdge and IOS-XE
• Setup IPS/URL Filtering on IOS-XE Device
• Setup Web Layer Security
• Monitoring Security Policy
• Test and Troubleshoot a Firewall Policy

Lab 7: Designing and Implementing Local Policies and QoS Policies

• Design and Implement Lists to Support Local Policies
• Design Access List
• Advanced QoS Design on Interfaces / Sub Interfaces
• Creating Shapers and Policers
• Rewriting QoS for External MPLS Circuit
• Remarking for Cisco Enterprise QoS Model
• Setup Port Mirroring for traffic analysis

Lab 8: Create Advanced Central Policies

• Advanced List Design Techniques
• Advanced Site Design
• Design and Troubleshoot a Hub and Spoke Topology
• Design, Configure, and Troubleshoot a Full Mesh Topology
• Design, Configure, and Troubleshoot a Hub and Spoke Topology with a Full Mesh Core
• Design, Configure, and Troubleshoot Custom Control Policies with Traffic Engineering
• Design, Configure, and Troubleshoot a Service Chain with an ASA Firewall
• Design, Configure, and Troubleshoot a QoS Policy at the VPN Level
• Design, Configure, and Troubleshoot Extranet with a 3rd Party Provider
• Design, Configure, and Troubleshoot Application Aware Routing Policy

Lab 9: Monitoring the Environment

• Monitoring using vManage
• Monitoring using the CLI
• Monitoring using vAnalytics

Lab 10: Troubleshooting

• Troubleshooting Hardware Issues
• Troubleshooting Control Connections
• Troubleshooting Certificate Issues
• Troubleshooting Controllers
• Troubleshooting BFD Sessions
• Troubleshooting Templates
• Troubleshooting Local Policies
• Troubleshooting Central Policies