What is Software Defined Access?

What is Cisco Software Defined Access?

Also referred to as SD-Access, or Cisco SDA, software defined access is campus fabric with DNA Center.

Using DNA center you can orchestrate all the policy and security of your campus networks.

It is giving you a single point of configuration instead of having to configure ISE policies and then switch configurations, and then worry about software upgrades. By making the campus network a fabric of switches you can configure and monitor them as one.

There are three main components of Software Defined Access

• The DNA Center Controller
• The Network Fabric
• Cisco Identity Services Engine

Also, all switches must run the DNA Advantage license

DNA Center Controller

The brains of Cisco software defined access is the DNA controller, this can be done device or a cluster of 3 with optional standby nodes or standby clusters.

You cannot run SDA without a DNAC.

The Network Fabric

Within the software defined campus network there is no longer the concept of Core / Distribution and Access switches. Instead they are referred to as Control Plane Nodes, Fabric Border Nodes and Fabric Edge Nodes. The network is typically formed of Catalyst 9k switches running the DNA advantage license.

Control Plane Nodes

The control plan node keeps track of the location of the host. Within an SD-Access network you can run a single subnet as each host device shows up as a /32 host in the routing table.

Fabric Border Nodes

Fabric border nodes have one leg in the fabric and one leg that lives outside the fabric and connected to MPLS, they talk IP and provide the connectivity in and out of the fabric.

Do you have to have a border? Not if you don’t require any connectivity in our out of your fabric, but there aren’t many networks that do not require connectivity in our out.

Fabric Edge Nodes

An edge node is what directly connects to the host.

Fabric Wireless Controller

To enable seamless integration with wireless, you need to have a wireless controller in the fabric, you can then have the same policy defined for a wired and wireless. If you wish to maintain your existing controllers you can run “over the top” wireless and just use the Fabric as a transport.