Cisco Installing, Configuring, Monitoring and Troubleshooting Cisco Catalyst for Government v4.0 (SDWAN-GOV)

Agenda

1. Cisco Catalyst SD-WAN Overview:

• Students will learn about the concepts of Cisco Catalyst SD-WAN. SD-WAN is designed to revolutionize wide-area network management by offering centralized control, enhancing connectivity, and optimizing performance across network infrastructures. SD-WAN streamlines network operations provide intelligent path control for efficient data routing and provides robust security measures for secure connectivity. Key functionalities include Zero-Touch Provisioning for easy deployment, direct cloud access for improved application performance, and application-aware routing to prioritize critical applications.

2. Deployment and Configuration of SD-WAN Controllers:

• Participants will learn to deploy, manage, and upgrade SD-WAN Controllers using either government cloud services or on-premise servers. This includes detailed instructions on the SD-WAN Manager (vManage), SD-WAN Controller (vSmart), and SD-WAN Validator (vBond).

3. Router Configuration and Management:

• The course covers sizing, deploying, and upgrading IOS-XE routers utilizing Device/Feature Templates, CLI Templates, and Configuration Groups. Including: Cisco Catalyst 8000 Series Edge Platforms: Participants will gain familiarity with the Cisco Catalyst 8000 Series Edge Platforms, learning to configure and manage these devices for optimal SD-WAN deployment. The series includes the Catalyst 8300 Series Edge Platforms, designed for branch offices, and the Catalyst 8500 Series Edge Platforms, ideal for campus and aggregation layers.
• Cisco ISR 4000 Series Integrated Services Routers: The course will cover configuration and management practices for the ISR 4000 Series, focusing on their integration into the SD-WAN fabric. Participants will learn how these routers are versatile platforms for delivering highly secure, reliable, and high-performance WAN connectivity.

4. SD-WAN Fabric Optimization:

• Students will learn all the different pieces of the SD-WAN fabric and how to deploy the SD-WAN fabric using Overlay Management Protocol (OMP) to distribute routes, policy information, and security keys. Understanding the significance of Transport Location (TLOC) is crucial for establishing and maintaining the network overlay.
• Deploying SD-AVC Integration: Learners will explore how SD-AVC, combined with security and QoS enhancements, offers a holistic solution for managing and safeguarding SD-WAN deployments. This is crucial for maintaining high performance and reliability while meeting security protocols, especially in government network setups.
• Deploying Dynamic Bandwidth Allocation: Through Per-Tunnel and Adaptive Per-Tunnel QoS with Adaptive QoS, participants will understand how to dynamically adjust bandwidth for each tunnel to ensure efficient performance across varying network scenarios.
• Deploying Forward Error Correction (FEC): This section will demonstrate the importance of FEC in boosting data transmission reliability across unreliable networks by fixing errors without resending the data.
• Deploying Packet Duplication: The course will highlight the technique of increasing data reliability by duplicating packets and sending them through multiple routes. This ensures the data reaches its intended destination even if one path is compromised.

5. Security and Cloud Security:

• The SD-WAN Security module offers an in-depth exploration of Cisco\'s multi-layered security strategy for its SD-WAN solution, tailored to meet the specific needs of government networks. It gives participants the necessary knowledge and tools to deploy robust security measures.
• Integrated Security Features: A look at Cisco’s SD-WAN’s integrated security features, such as end-to-end encryption, segmentation, and secure communication protocols, ensuring data protection and compliance with government security standards.
• Zero Trust Security Model: Examining the Zero Trust model applied to SD-WAN, emphasizing the “never trust, always verify” approach to enhance network security through continuous validation of access requests.
• Cloud Security with SASE: Insights into the Secure Access Service Edge (SASE) framework, which merges network security with WAN capabilities to securely connect to cloud services. The module will cover Cisco\'s integration of SASE into its SD-WAN solution for improved cloud security.
• Advanced Threat Protection: Discuss tools such as Advanced Malware Protection (AMP), Intrusion Prevention Systems (IPS), URL Filtering, and DNS Security, aimed at preemptive threat detection and response to protect against advanced cyber threats.
• Policy and Access Control: Guidance on the development and implementation of comprehensive security policies and access control strategies, including VPN management, application-aware routing, and policy enforcement based on user identity and device type.

6. Local Policy Implementation and Management:

• This module focuses on the creation, implementation, and management of local policies within the Cisco SD-WAN environment, critical for customizing and optimizing network behavior at the edge of the network.

7. Upgrading the Catalyst SD-WAN Network:

• Students will learn how to provide network professionals with the knowledge and skills necessary to successfully upgrade Cisco SD-WAN solutions. This includes planning and executing upgrades to ensure network stability, security, and performance are maintained or enhanced.
• Upgrade Planning: Strategies for planning upgrades, including assessing current network configurations, understanding compatibility requirements, and scheduling upgrades to minimize disruptions.
• Backup and Rollback Procedures: The importance of backing up current configurations and understanding rollback procedures to ensure quick recovery in case of unsuccessful upgrades.
• Upgrading Controllers and Edge Devices: Step-by-step guidance on upgrading SD-WAN Controllers (SD-WAN Manager (vManage), SD-WAN Controller (vSmart), and SD-WAN Validator (vBond)) and edge devices (Cisco Catalyst 8000 Series, ISR 4000 Series, vEdge Routers), including pre-upgrade checks, the actual upgrade process, and post-upgrade validation.
• Version Compatibility: Detailed information on managing version compatibility between different components of the SD-WAN solution, ensuring seamless communication and functionality across the network.
• Change Management: Best practices for change management, including communicating planned changes, documenting the upgrade process, and conducting post-upgrade reviews to assess upgrade impact and effectiveness.
• Troubleshooting Upgrade Issues: Techniques for identifying and resolving common issues encountered during the upgrade process, ensuring a swift return to operational status.

8. Feature and Device Templates:

• Introduction to Feature and Device Templates: Overview of the role and benefits of using Feature and Device Templates within the Cisco SD-WAN architecture. This section explains how templates simplify the deployment and management of network devices by standardizing configurations.
• Creating and Managing Feature Templates: Detailed guidance on designing Feature Templates for various SD-WAN components, such as VPN, routing protocols, and security settings. Participants will learn how to create templates encapsulating specific network features and apply them across multiple devices.
• Developing Device Templates: Techniques for combining Feature Templates into comprehensive Device Templates that define the complete configuration for an SD-WAN device. This includes instructions on incorporating variables and device-specific settings to ensure flexibility and scalability.
• Applying Templates to SD-WAN Devices: Step-by-step instructions on deploying Device Templates to manage device configurations centrally through vManage. This section covers the process of binding templates to devices, pushing configurations, and verifying template applications.
• Troubleshooting Template Issues: Strategies for identifying and resolving common issues encountered when applying Feature and Device Templates, including template conflicts, variable misconfigurations, and deployment errors.

9. Configuration Groups:

• Introduction to Configuration Groups: An overview of Configuration Groups within the Cisco SD-WAN solution, highlighting how they facilitate the efficient management of network configurations across multiple devices. This section explains the concept, benefits, and use cases of Configuration Groups in simplifying network administration tasks.
• Creating Configuration Groups: Detailed guidance on how to create and manage Configuration Groups in the vManage dashboard. Participants will learn the steps to define groups based on device type, location, role, or other criteria that dictate common configuration needs.
• Applying Configuration to Groups: Techniques for applying configurations to groups of devices, leveraging the previously covered Feature and Device Templates. This includes instructions on associating templates with Configuration Groups and deploying these configurations en masse to streamline network management.
• Managing and Maintaining Configuration Groups: Strategies for the ongoing management and maintenance of Configuration Groups, including updating group configurations, adding or removing devices from groups, and managing group policies.

10. Deploying Network QoS:

• Understanding Local Policies: Introduction to local policies, including their scope, purpose, and how they differ from centralized policies. This section will clarify the role local policies play in traffic handling and decision-making at the device level.
• Creating Local Policies: Step-by-step guidance on designing effective local policies to meet specific network requirements. Participants will learn how to use local policies to control traffic routing, prioritize critical applications, and implement security controls at the edge.

11. Central Policy Implementation and Management:

• The course will guide students through creating and implementing policy elements, including Local and Central Data Policies, Control Policies, Application-Aware Routing Policies, and VPN Membership Policies.
• Introduction to Central Policies: Understanding the role and scope of central policies in the Cisco SD-WAN architecture. This section explains how central policies provide a unified framework for network-wide policy management, contrasting with the device-specific focus of local policies.
• Creating Central Policies: Participants will learn how to design central policies that meet organizational objectives, including traffic engineering, application prioritization, and security requirements. This includes understanding policy components like lists, sequences, and actions.

12. Cloud On-RAMP:

• Introduction to Cloud OnRamp: Overview of Cloud OnRamp services, including Cloud OnRamp for SaaS and Cloud OnRamp for IaaS. This section highlights the benefits of integrating SD-WAN with cloud environments, enhancing cloud application performance, and streamlining cloud connectivity.
• Configuring Cloud OnRamp for SaaS: Detailed instructions on configuring Cloud OnRamp to optimize the performance of SaaS applications. Participants will learn how to monitor SaaS application performance, manage policies for SaaS usage, and troubleshoot common issues related to SaaS connectivity.
• Cloud OnRamp for Multicloud: Techniques for extending the SD-WAN fabric to IaaS providers (such as AWS, Azure, and Google Cloud) using Cloud OnRamp. This includes deploying virtual edge devices in the cloud, configuring cloud gateways, and ensuring secure, direct connectivity between the SD-WAN network and cloud instances.

13. Monitoring and Troubleshooting Catalyst SD-WAN:

• Comprehensive Monitoring Strategies: Techniques for utilizing vManage for comprehensive network monitoring, including real-time and historical data analysis, bandwidth usage, application recognition, and network health indicators.
• Advanced Troubleshooting Techniques: In-depth coverage of troubleshooting methodologies tailored to the SD-WAN environment. This includes identifying and resolving issues related to router join processes, template deployment, IPSEC tunnel configurations, and routing inconsistencies.
• Using Network Analytics and Diagnostics: Leveraging network analytics and diagnostics tools within the SD-WAN architecture for predictive analysis and proactive troubleshooting. Participants will learn to use built-in tools to diagnose network issues before they impact services.
• On-Demand Troubleshooting Tools: Hands-on experience with on-demand troubleshooting tools such as ping, traceroute, and packet capture within the SD-WAN dashboard. This segment emphasizes the practical application of these tools in identifying and resolving network issues swiftly.
• Performance Monitoring and Optimization: Strategies for monitoring and optimizing network performance using Quality of Service (QoS), Application-Aware Routing, and other SD-WAN features to ensure optimal network operation and user experience. This course is structured to provide both theoretical knowledge and practical skills, preparing students to effectively administer, configure, and optimize Federal and State network infrastructures using Cisco\'s SD-WAN technologies.