Cisco SD-Access Architecture: Management Layer

The Cisco SD-Access solution management layer comprises the Cisco DNA Center User Interface/User Experience (UI/UX). The users can view the information from the physical, network, and controller layers through a centralized management dashboard, which shows Cisco DNA’s intent-based networking feature.

Because of the Cisco DNA Center management layer, in-depth knowledge of the SD-Access network layer’s LISP, Virtual Extensible LAN, TrustSec, and the controller layer’s Cisco ISE, NDP, and NCP are not necessary. Knowing how to configure the network devices and features is not also required.

The management layer provides simple GUI tools and workflows for the user to efficiently operate and manage the entire Cisco DNA network.


Cisco DNA Center Application Workflows

The Cisco DNA Center applications are built based on the following workflows:

  • Design
  • Policy
  • Provision
  • Assurance


Cisco DNA Design Workflow

Cisco DNA’s design workflow provides the tools required to define the Cisco Software Defined Access (SD-Access) fabric. These design tools include the following:

  • Network Hierarchy – used to set up and associate floorplan, building, and geolocation with a unique site ID.
  • Network Settings – used to set up DNS, DHCP, AAA, and other network servers. It is also used for device credentials, IP management, and wireless settings.
  • Image Repository – used to manage software images and maintenance updates. It is also utilized for version compliance up and image download and deployment.
  • Network Profiles – used to define and apply LAN, WAN, and Wireless networks’ connection profiles, such as SSID, to one or more sites.


Cisco DNA Policy Workflow

Cisco DNA’s policy workflow provides the tools to define the Cisco DNA policies. Some of the policy tools are as follows:

  • Dashboard – used to monitor Virtual Networks (VNs), scalable groups, policies, and latest changes.
  • Group-Based Access Control – used to configure group-based access control policies, such as SGACLs. Cisco DNA Center and Cisco Identity Services Engine (ISE) integrate together to make the SGACL set-up and maintenance easier.
  • IP-Based Access Control – for configuring IP-based access control policies to control the traffic going in and out of a Cisco device.
  • Application – used to configure the Quality of Service (QoS) in the network through application policies.
  • Traffic Copy – used to set up Encapsulated Remote Switched Port Analyzer (ERSPAN) to copy the IP traffic flow between entities to a particular remote destination for monitoring and troubleshooting.
  • Virtual Network – used to set up and associate VNs to various scalable groups.


Cisco DNA Provision Workflows

Cisco DNA’s provision workflow provides the tools to deploy the Cisco SD-Access fabric. Some of the Cisco DNA provision tools are as follows:

  • Devices – used for assigning devices to a site ID, updating or confirming software versions, and provisioning the network underlay configuration.
  • Fabrics – used to set up the default LAN fabric or create fabric domains.
  • Fabric Devices – used to include devices to the fabric domain and specify the device roles, which can be control plane, border, edge, or WLC.
  • Host Onboarding – used to assign various VNs the host authentication type, static or dynamic, and the host pools, both wired and wireless.


Cisco DNA Assurance Workflow

Cisco DNA’s assurance workflow provides the tools required to manage the Cisco SD-Access fabric. These assurance tools include the following:

  • Dashboard – used to monitor non-fabric and fabric devices’ and clients’ global health, with scores based on the status of different sites.
  • Client 360 – used to monitor and resolve client-related status and issues, like onboarding and app experience, linking to connected devices.
  • Devices 360 – used to monitor and resolve device-related status and issues, like latency, resource usage, and loss, linking to connected clients.
  • Issues – used to monitor and resolve reactive (open) issues and proactive (developing) trends with clients and devices at different sites.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: