Cisco SDA - Building the SDA Fabric using Discovery and LAN Automation

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in the last video what we did is we implemented the integration between the ice engine and the dnac now what we want to do is take the steps that are going to allow us to be able to actually implement a full-blown sda fabric now in this video what we're going to do is we're going to focus on how to set up the network hierarchy what i define and discuss as the context now all of this is going to come together as we go step by step but what i want you guys to do right now is i want you to focus on design i tell students time and time again that the three most important things related to building an sda infrastructure is design design design and in this video i'm going to show you how okay back to the dnac i'm going to go ahead and log in and what i want to do is i want us to turn our attention to these five tabs in the top here you'll notice we see design policy provision assurance and platform these are going to be the tabs that we're going to be dealing with as we transition from the left starting at design and ultimately move towards the right and what we're going to do in this video series we're going to stop at provision and what that's going to do is it's going to put us into a position where we're actually going to have a functional sda fabric that is the goal to be able to demonstrate how simple it is to build the fabric while introducing the basic concepts behind the theory so what we're going to do is we're going to begin at the design section and when i enter the design section what i'm going to find is a very cisco prime esque window that is basically a graphical representation of the world now what i want to do is i will actually want to begin defining locations or locales that i'm going to be using to house my equipment once i discover it this is why i refer to this concept as my context now what i'm going to do is i'm going to actually create a site and that site is going to exist in an area we'll go ahead and just say us hit okay or add then what i'm going to do is i'm going to next create a area that's going to end up being i'm going to go ahead and use san jose california in class we use the different airport codes so we have san jose atlanta we've got chicago other cities that we use in class but right now i'm just going to be building a single site a single fabric and that single fabric is actually going to exist in san jose and in san jose what i'm going to do is i'm going to go ahead and i'm going to add a building now the building that i'm going to add i'm just going to call it my hq you know what we'll just say s c j dash hq because that's going to be my headquarters building and what i'm going to do is i'm going to go ahead and give it a location and i'm just going to type in cisco and we will say comma san jose and this should give me a site that i can choose from i just want to basically pick one so here we'll just simply say cisco way not san diego san diego i need san jose california and what this is going to do is it's going to add the building now from the perspective of the building i'm going to go ahead and create two floors now of the floors that i'm going to create what i want to do is i want to go ahead and implement this and it's just going to be headquarters floor one is going to be the first one that i'm going to build so i'm going to come over here and i'm going to add a floor to this building this is representative of where my equipment is actually going to be placed when i discover it or when i automate so what i'm going to do is i'm just going to say hq-1 and i'm going to go ahead and upload a floor plan for this floor i'll go ahead and hit ok and i'm going to go ahead and hit add and what this is going to do is it's actually going to create that floor and it's going to make reference to that little simple drawing that i implemented so that we can actually see a graphical representation of the floor layout obviously you know in the real world this would actually be pretty big bear in mind that in the cci enterprise infrastructure exam we don't have to worry about wireless but every building is also going to have a primary wiring closet typically so what i'm going to do is i'm going to go ahead and add a another floor and i'm going to go ahead and call that floor my mdf my main distribution frame so again we're going to say i want to add a floor and the floor that i'm going to add is going to be my mdf so my main distribution frame it's going to exist in this building i'm not going to upload a picture of it and it's going to ask me do i want to proceed without one and what we're going to see here is we are going to now have my mdf now i probably should have named the mdf differently i probably should have went in here and called this hq mdf just for clarity's sake let's see what my options are can i look at things as far as setting it up i can i edit the floor if i come over here and say hq dash mdf and hit update we see that it is editable so that's not something that i've got to worry about too much and once i've got this implemented now everything kind of makes sense so i've got san jose headquarters headquarters floor one headquarters main distribution frame now when the time comes what i'm going to ultimately end up doing here is i'm going to be adding resources to my sda fabric and those resources will actually need to be added in a specific location in a specific floor in a specific building building in a specific site and this is what we use to define how we're going to be scoping context in the sda fabric now it doesn't end here what i've done is i've just built a hierarchical infrastructure of locations i.e you know the san jose headquarters building we could have an atlanta headquarters building we could have a chicago headquarters building and in fact in class we do so when we look at what's happening next i want to make certain that i define the things that i'm going to be using in each of these contexts in each of these network hierarchical constructs and that means we need to start our attention to the creation of things like credentials address pools and address pull reservations again i'm going to discuss the theoretical component to this after we do the implementation so back to the config what we're going to do is we're going to turn our attention to the next set of resources or things that i want to define so what i'm going to do is i'm going to go back to my global tab and from the global tab you'll notice that we have the network hierarchy the next thing that we're going to want to implement is going to be network settings and interestingly enough this allows me to be able to design network settings device credentials and the creation of address pools i'm going to begin with my network settings now network configuration is going to define the resources in my infrastructure that's going to allow things to actually function as part of the fabric that means i'm going to actually define my dhcp server my dns servers syslog servers snp servers if i use them but i also because i integrated the ice engine i want to go ahead and add the aaa functionality and i'm going to go ahead and add network time protocol also as a server that i want to implement and leverage in my infrastructure so you'll notice here now i have triple a and what i'm going to do is i'm going to configure network settings for aaa and client endpoint configurations for aaa and this is going to be how i would actually define things like how endpoints and resources are actually going to be connected to my infrastructure now judging based on my configuration remember we use the idea of ice and we configured the tacacs functionality and what i'm going to do is i'm just simply going to hit the arrow here and it's going to give me the options to pick the devices that the dnac knows about that can provide these functions and remember i only have one ice engine and that ice engine is located at 100.64 in fact i'll come over here and do the exact same thing for this now notice this is making reference when i hit the down arrow this is talking about the network identity bit when it comes to tacacs when i hit the down arrow notice that this is making reference to the psn that is going to be the policy service node that i'm actually going to require network endpoints to be able to communicate to i'll define sgt and policy inside the dnac communicate that to the ice engine via the px grid and xmpp protocol that we discussed in the last video but enforcement is going to be the responsibility of the actual ice engine itself so all devices that want to leverage this functionality need to have the ability to be able to communicate to the ice engine so again we're just walking through the step by step by step and on the back end of this video there will be the theoretical component but i'm just again trying to show the fact that it's not difficult to actually build a fabric you just need to have a basic understanding of what the dnac is going to need in order to be able to implement your intent so looking at this i'm going to go ahead and scroll down and from the perspective of my end points i'm going to do something similar so from endpoints what i'm going to do is i'm going to do my ice engine and instead of tack acts for an endpoint typically we don't use radia we don't use attack acts for endpoints endpoints are going to be using a radius so that's what i'm going to maintain here and again i'm just going to hit the down arrow and select the devices in question given the fact that the radius service is part of the psn this translates to the fact that it's the responsibility of the ice engine to provide those services now next what i'm going to do is i'm going to define the identity of my dhcp server my dns and what you're going to find here is is that these in our lab are going to be located at 100.64.0.2 in fact we're going to be serving up the micronics lab.com domain and again the dns is going to be also at 100.64.0.2 for those that are curious this is also going to be our jump box so it's all in one so dns ntp all of that is going to be running on this windows 2016 server when the syslog is by default going to be the dnac snmp is going to be by default the dnac the ntp server will be 100.64.0.2 and i'm going to go ahead and put my timezone here as pst so that's going to be u.s pacific standard time because that's where the site's located and then what i'm going to do is i'm going to hit save now ideally what this is going to do is this is going to set up all of the necessary network information that i'm going to need to build a functional sda fabric now remember the sda fabric is going to be comprised of an underlay a set of resources and all of their integrated routing processes that allow them to communicate aka ip transit ip reachability and an overlay the overlay is the actual sda fabric and again we'll get into this from the perspective of the theoretical when we start talking about the fact that we are going to have the underlay it's going to have its igps it's going to have its own control plane constructs it may or may not have to support multicast depending on our requirements and then what we're going to do is we're going to discuss the overlay that we're actually going to be tasking the dnac to build for us now bear in mind that the underlay may exist already or we could have a greenfield deployment now brownfield aka the underlay exists already is a common solution and a common situation that actually happens in the real world and as a direct result of that happening in the real world it becomes really important for us to understand that we can actually go both ways we can do the lan automation and we can do the discovery now what i've done in this lab is i've actually built a pre-existing infrastructure that goes all the way down to the sda devices that are going to be performing our control plane border roles now that ip infrastructure already exists and what we're going to do is we're going to discover those devices and when we discover those devices subsequent to that what we're going to do is we're actually going to use lan automation to identify my two edges so in our environment we're going to have one isr that's going to be acting as our fusion router we're going to have two control plane border nodes 9300 catalyst devices and we're also going to have two edge devices and those edge devices are also going to be 9300s now moving forward a lot of the labs are actually going to have edge devices that are going to be 3850s because i've actually tried to expand the functionality in the lab but it still gives us all of the devices and resources to entertain things like fabric in a box or independent edge and control plane border functionalities so with that being said let's go back into the config and take a look at the next thing that i want to look at now you'll notice i'm following the tabs so my first section was network resources ntp servers the snmp server syslog dhcp dns all of those resources everything that we need in a network infrastructure needs to be defined and the dnac needs to be informed of their identities now the next thing also i'm going to want to look at is i'm going to want to look at my device credentials now this is going to be the information the dnac is going to need to communicate to and leverage the command line functionality in each of the individual devices that we're going to be adding to our fabric so basically at the end of the day i'm going to provide the dnac with everything that needs to know to log into take control of and configure devices that i'm going to be discovering in my infrastructure and this is really really important for us and we need to make certain that we do it right so moving forward what i'm going to do is i'm going to create a set of command line credentials and what i'm going to do is i'm actually going to call this my ios device admin account now this basically could be anything that i want to call it i am giving it this name slash description and the login is actually going to be net admin and my password is going to be ice is cool and i'll go ahead and do an enable password of ice is cool now again this is going to be capital ise lowercase is capital c 0 0 capital l and i'm going to be using that for both of these now when the time comes when we create these edge devices and we and these border devices we're actually going to pick resources and put some basic configuration on those specifically the borders because we're going to do implementation of the borders using the discovery method so i'm going to go ahead and save these credentials next i'm going to configure snmp version 2 read op read configurations that's going to be snmp v2 it's going to be read and i'm going to call this read-only r-o and r-o again just so that you see it this is the community this is the name so r-o-r-o and then what i'm going to do is i'm actually going to hit the right operation and i'm going to hit add and i'm going to create the right which is going to be rwrw obviously this is an advise in production but again this is a lab and i'm trying to take the quote path of least resistance so in this specific scenario what we've done is we've created the necessary information to allow us to be able to log into devices and actually control those devices i'll need to select these credentials and now i will hit save we can see that we have actually created these settings now in order to be able to manage these devices that are going to be added to my fabric or attached to the fabric on the edge side i need to define the ranges of ip addresses that i'm actually going to implement now there are a hundred different ways to do this i am going to go ahead and add a pool and the pool that i'm going to add is going to be a generic pool and if we look at we can see we have a generic pool and we have a tunnel so this is the type of pool i'm going to be creating and what i'm going to do right now is i'm going to come over here and i'm going to call this my global pool in class this would be for pod one and it's going to be an ipv4 pool and the subnet is going to be 100.96.0.0.11. so i'm creating a big block of addresses and what i'm going to do is i'm going to use that big block of addresses to basically pull out other chunks of addresses that i'm going to use so i'm going to create basically subnet this into different ranges the i the gateway of last resort for this is going to be 196.0.1 i'm not going to to use a dhcp server i'm not going to use a dns server these are all things that i'm not going to worry about and then what i'm going to do is i'm just going to go ahead and hit save and what this should do is it should actually create that block of addresses for me it's a global pool and it's generic in fact in this video series what we're going to end up implementing here is we're going to everything's going to be a generic type of pool except for my lan automation pool and it's going to need to be told that it is an actual automation pool of addresses so again let's not get wrapped around the axles too much about theory at this particular juncture let's go ahead and see if we just can't get these pools created now i'm going to create a large number of pools in fact i think i'm going to make about five to include pools that we won't be using i just want to go through the exercise because later on i may want to be able to do a demonstration using wireless functionality and again bear in mind i am still situated at the global hierarchy so i'm sitting right here on global the next part of this operation is going to require me to actually take that large pool of addresses that i created and reserve groups of addresses or ranges of addresses in the context that i created so what i'm getting at here is i actually want to go to san jose and from san jose i want to start reserving blocks of addresses out of that greater pool that i created that existed globally all the way at the top of my hierarchy now in order to be able to do that what we're going to do is we're going to need to reorient ourselves inside of our hierarchy i am going to go down to san jose so i'm actually in san jose hq i'm going to go ahead and say don't show me this again what this is telling me is that i have the principle of inheritance when it comes to having accessibility to things like device credentials and ip address pools we'll look at that later but right now what you're going to see is i now have san jose hq highlighted and i've got an option here to reserve now what i intend to do is i want to reserve a block of addresses and i'm going to go ahead and give each of these block of addresses their own name so as an example i'm going to come in here and call this my san jose border handoff pool and again it's going to be a generic pool and i want to take the addresses that i'm going to define and assign here out of that big pool of addresses that i created so what i'm doing is i'm actually subnetting this address range out on an as needed basis so that's why i create a large pool at the global config and then what i do is i just reserve blocks of addresses as i need them now the address that i'm going to actually go in here and resolve is going to be based on prefix length and what i'm going to go ahead and assign that as a slash 24 and it's going to actually be part of the network of 100.126.1.0 and dot one is going to be my gateway of last resort 26.1.1 and i'm going to go ahead and create or reserve this block of addresses all the way down to san jose so here we go i have my san jose border handoff block it is of this address of this particular cider designation and 100 of the ip addresses that were defined are available in san jose that means that when i assign resources to san jose as in i say okay i want to have two border nodes and those border nodes are going to exist on the floor in this building that means that those ip addresses can actually be leveraged by those resources or by resources that are connected to those switches now what i'm going to do is i want to go ahead and build out all of the pools that i'm going to need for our demonstration also some pools that i may need for future demonstrations and again i'm going to do that by reserving another chunk of addresses in this instance what i'm going to do is i want to take a look at assigning a group of addresses that's going to be used in san jose for all of my campus users again it's going to be a generic type the pool that i'm going to be taking out of is going to be that same address range that we were discussing earlier in this instance what i'm going to do is i'm going to use a slash 20 and i am going to use a subnet of 100.10 with a gateway of last resort of 100.100.0.1 and i'm going to go ahead and tell it what dhcp servers to use now i want to point out right now that the dhcp and dns services are not offered by the dnac they're not hosted by the d-neck i have a stand-alone dhcp server that is in my network infrastructure in fact just to make things simple for the purposes of this walkthrough i actually made the dhcp server part of the shared services block of resources that includes my ice engine my dnac and then later on down the road it would probably include my v manage my v bond and my v smart when we start actually building a multi-domain scenario which is on your blueprint by the way so again we want to take a critical look at all of this step by step but first we need to build all of these scopes and these ranges and now what i'm going to do is i'm going to go ahead and reserve this block of addresses again pulling it out of the pool of addresses that i created all the way up here at the global with that really really large block of addresses now subsequent to this what i'm going to do is i'm going to go ahead and add another san jose and what i'm going to do is i'm going to specify guest users in this pool and i'm going to want to give guest users addresses out of this pool i'm going to go ahead and set this up it'll also be a slash 20. and in this instance i'm going to use 100.99.0.0 with 100.99 and in this instance i do want to specify dns and dhcp i'll go ahead and reserve this address range next let's go ahead and create another block and this is going to be we're not going to use this in this demonstration but later on when i do demonstrate ap access points and how i can assign things to access points using the dnac for other classes for my sda course what i'm going to do is i'm going to go ahead and assign a block of addresses again i'll just go ahead and use 20. 20 works out mathematically easier than pretty much everything else and what i'm going to do is i'm going to assign these guys 100.123 with a gateway of last resort of 100.123.0.1 and again i'm going to want to use dhcp servers and i'm 101 dns servers now the next block of addresses that i'm going to build are going to involve or be a block of addresses that i'm going to use for the purposes of automation remember i reminded you earlier on in the discussion the automation is its own type of address pool so i'm going to pull a block of addresses out of the pool that we defined all the way up at the global level but this is not going to be type generic this is going to have to be of another type so let's go ahead and make that happen i'm going to go to reserve and what i'm going to do is i'm going to call this my sjc lan automation pool and it is going to be a type of lan rather than generic meaning i'm going to be using this for land automation you can see here i can reserve these for when for service for management for land and we'll be discussing all of those in detail if you sit a class with me as far as what their functions are and how they operate in this particular instance we're just building our fabric so again i'm going to take it out of that big pool 100.96.0.0.11 and the range that i'm going to pull here is again going to be a 20 and i'm going to use the ip addresses of 100.124.0.0 with a mask or a gateway excuse me of 100 124.0.1 and since this is for the purposes of automation lan automation i'm not going to worry about any of my servers for dns and dhcp the last pool that i'm going to create is going to be a special pool that i'm going to want to talk about just so that you guys are aware of it and that's going to be the fact that i can actually create extension or extended devices now what this translates to is i could actually attach a resource to my infrastructure it could be attached to another edge and i could do a fabric extension i could actually extend say for instance from a fabric in a box scenario to another edge device these are all things that i can actually implement i just want to go ahead and plan for them because remember i stressed at the beginning of this that it's all about design if you want to leverage it in the future it really needs to be integrated now when it comes to building your infrastructure in order to be able to set up your sda access dna environment so let's go ahead and make this one this one's going to be of a type generic i'm going to pull it out of the pool the bigger pool and what i'm going to do is this is again i'll just use the slash 20 again i'm just trying to keep the math super simple on this and i am going to go ahead and specify the address of 100.125.0.0 with a gateway of one so 100.125.0.1 and in this instance i am going to specify my dhcp servers so in this particular instance what we have done is we have built all of the pools what did i leave out here invalid gateway oh it's wrong address it's cool the system will bark at you if you mess up let's give that a try and what we see now is the fact that i have created i said five i actually have created six so i've got my san jose access point pool my san jose border handoff pool my san jose campus users pool my sjc extend devices my guest users and my lan automation everything is of the type generic except for the sjc lan automation pool now we have done everything that we need in order to be able to define these ranges we've defined the hierarchical structure the sites the buildings the floors we have created the credentials that we're going to use to access devices and we'll be using those in the next process when we actually start discovering resources in our lab after that we actually created the pools we created the large pool and then of that large pool we did reservations so we went in and reserved subsection of the larger pool inside of the d-neck and made those resources those blocks those subnets that we've actually pulled out of that larger range available in san jose in the context of the resources that are going to be positioned in the san jose site so we've done that and from here the next thing that we want to think about is going to be what is going to be involved in identifying devices and actually adding them to our fabric that means we're going to move from planning and design to provisioning all right in order to proceed with provisioning we find ourselves back on the jump box and what i want to do is i want to do the basic configuration to assure that we have reachability in our environment and rather than just have this be configured and working i've decided i'm just going to start everything from scratch so what i'm going to do is i'm going to go to my putty session on this desktop and what i'm going to do is i'm actually going to open up a session to cp border 1 and i'm going to open up a session to cp border 2 and these are going to be the two 90 300s that we're going to have in our lab that are actually going to be providing the services of control plane border nodes now you're going to see that everything right now has zero configuration so let's go ahead and get the baseline configuration on these devices such that we have reachability i'm going to copy and paste those configs and what we will do is we will actually walk through each of these now in order to implement this what i've done is i've actually created text files that has the configuration of each of these individual devices you can see i am simply giving it a host name i'm giving it a loopback address that i'm later going to use to discover the device i am giving it a physical interface that's going to be connected to the fusion router in my topology i am giving it a username and i'm also telling the system to use that username for the purpose of local login we can see that i have defined my domain name micronicslab.com we see i've enabled ip routing and we can see that i am running ospf now as a result of running ospf what i'm doing is i'm distributing or redistributing connected subnets and i'm also going to be redistributing isis level one information now what we are going to do is just simply take this configuration and paste it into what will be cp border one so i'll go to that ssh configuration here and i will merely right click and paste that configuration in i'm going to wait for the adjacency to come up in the interim i'm going to go ahead and open up another session don't save and i'm going to open cp border 2 i'm going to go ahead and grab all of its config and paste it into cp border 2 paste and if all goes well i should actually successfully bring these devices up and form an ospf adjacency with my fusion router so if i say show ip ospf interface brief i should have two interfaces that are running the loopback and gigabit 101. if i say show ipospf neighbors we just saw the adjacency come up what we're going to see here is i have a peering to the device located using the neighbor id or the router id of 0.0.0.100 which just happens to be my fusion router now as a result of the turn up what this should do show ipospf neighbor let's just make sure that we have that adjacency i saw it come up on this device and we do now what i want to do is i want to do some testing i want to make certain that we can ping 100.64.0.101 that's the identity of the dnac i also want to make certain that i can ping the ice engine and just as a comfort check what i'm going to do is i'm going to specify to use the source of loopback zero just to make certain that everything is reachable bidirectionally sourcing traffic from the loopback zero interface of this device i'm gonna just do that test on the second control plane border node just to make sure that that's good to go and then what i'm gonna do is i'm gonna cut to a discussion of what my topology looks like so right now let's go ahead and just verify reachability to the dnac so we'll say ping 100.64.0.101 source it from my loopback zero interface and we have reachability now the next thing that i want to do is i want to take a 30 000 foot look at our infrastructure and that means we need to talk about all of the resources and how everything is going to be connected and we're going to do that and once we walk through that process what we're going to do is we're going to begin the process of discovering these two cp border devices i want to spend some time talking about our topology and in order to be able to do that what i want to do is i want to highlight the fact that we have these resources that we've been discussing thus far so as an example we have the dnac and the dnac is located at the fourth octet of 101 in the network of 100.64.0.0.24 and what we're going to find is the dnac is just one of the controllers remember we also have the ice engine and the ice engine is going to be located at dot one two zero and i've mentioned the dhcp server which is also my dns as well as my ntp server and it also services as our jump box when it comes to interacting with these resources and these devices and it is located at the ip address of dot two we have a gateway of last resort and that gateway of last resort is going to be dot one and that ip actually resides on a i s r 43 31 router and that device has three interfaces one interface goes out to my isp my internet service provider the other interface actually goes down to a catalyst 35 60 switch that catalyst 3560 switch is going to be where i am going to take this interface which is located at gigabit 1 0 2 and i'm actually running this as an 802.1q trunk down to the switch and what i'm doing is i'm actually employing a series of sub interfaces on this interface that are going to be encapsulated using vlan 11 on the left side and vlan 12 on the right side these are going to then in turn through the switch be connected to my cp border devices so cp border 1 and cp border 2. are those devices that we just went in and did our configuration on now we ran ospf on these interfaces so ospf is engaged here and here ospf is also engaged on our loopback zero interfaces remember we created loopback zero over here and loopback zero over here and since that loop pack zero interface we configured it with the ip address of 100.124.0.1 32 on cp border 1 and we also configured 100.124.0.2 32 on cp border 2 loopback 0. and these interfaces are all being run in ospf as are the sub interfaces that are located up on isr 4331 now the key benefit as far as how we have this currently implemented is the fact that these devices are also going to be connected to our edge devices now in my current configuration right now i'm actually running two edges edge zero one and edge zero two as part of the same fabric now in a typical class these resources may be split i may have one border one edge but for the purposes of these demonstrations what i'm doing is i'm going to highlight the fact that these resources are connected like so in fact this is going to be gigabit one slash zero 0 13 and this is going to be gigabyte 1 0 14 respectively so 1 0 14 and 1 0 13. these interfaces go down to these edge devices and again all of these devices that i'm describing right here are all in my lab 93 hundreds now in some classes uh the edge devices might be 3850s but this is the way that i'm doing things right now and what i want to call our attention to right now is is that we are in the process of implementing these resources right here and what i'm going to do is i'm actually going to use the process of discovery to be able to do this now bear in mind that when i say that i'm going to be employing discovery what i'm actually saying is these resources have already been configured in fact you saw me copy paste the configuration commands into each of these devices respectively such that they would come up we would form our adjacencies i validated reachability you can see that i can go from the bottom of the equation all the way up to the top of the equation here as far as getting information and doing pings and testing this should actually illustrate the fact that these devices are going to be reachable inside of our infrastructure and the first part of this is like i said going to be about discovery in other words what i want to do is i want to as the administrator access the dnac and i want to notify the dnac about the existence of these individual resources for the purposes of actually adding them to our fabric so what i want to do is i want to be able to add these resources but before i can add them to a fabric i need to be able to integrate them into an inventory and when the time comes once they're in my inventory what i'm going to do is i'm actually going to allocate these resources to a context so again i'm just going to add these two resources using discovery to my inventory and then when the time comes what we're also going to do is we're all going to kind of change the rules up a little bit and what we're going to do is we're actually going to implement another mechanism to be able to discover and add the edges to our inventory and this is going to be through the principle of what we call lan automation what this implies is that we're going to see both processes in this video we're going to be adding the existing cp border nodes because they have baseline configuration on them ip reachability login information everything that we need and we're going to do that through the implementation of discovery the next part of this is going to be we're going to step back and then what we're going to do is we're going to go to these edge devices and we're going to make them pristine we're going to delete any information that may have been gleaned as being part of the fabric at any time in their history and what we want to do is we want to actually add them using this principle of land automation and then with this being done we should be able to see both of these mechanisms in play even though in a actual field deployment it's my personal opinion that you're actually going to see discovery employed far more than you would ever see lan automation in fact 99.9 of the time whenever i do land automation i'm doing land automation as part of a green field turn up and a lot of those environments actually have a fabric site normally the main fabric site that was actually implemented using the precepts and the principles of discovery and then as they bring up other sites they just simply automate that process so it is common to see aspects of both worlds but in a standard typical right out of the gate deployment most organizations are not going to be interested in the idea of land automation for their main site because it means you've got to destroy everything and a lan automation build for our non-seed devices our borders become our seeds those devices must have zero configuration on them in fact they need to be as i said pristine so what we're going to do next is we're actually going to dive back into the dnac and from there we're going to implement this process of discovery to discover our fabric i need the dnac so let's go ahead and get logged in and what i want to do first is i want to verify two things now what i'm going to do is i'm actually going to access cp border 1 and what i want to do is from cp border 1 i'm going to type show run and i'm going to hit enter and i'm going to go down to where i get to my interfaces so let's just be patient here and what i want to point out is the fact that there are no configurations other than the configuration that we pasted into the config so we set up the concept of the physical interface here for gigabit 1 0 1 which points towards the fusion node and you'll notice here that interface gigabit 1 0 2 through in fact all 24 of them according to my box here and any of the additional interfaces that are attached or a part of gigabit ethernet 1 slash 1 0 through 4 or the 10 gigabit ethernet configurations or the 25 gigabit information configurations you're going to notice that we have no commands under those interfaces that's a very important thing because what i want to do is i want to highlight the fact that the moment that we start engaging this idea of software to find access the rules are kind of going to change we are going to discover resources and as a result of doing the discovery it is a good assumption that the devices that we discover we're going to want to add to our fabric i mean that's the entire object of this exercise and as a result of that the d-neck is going to go ahead and condition and prepare these devices for that goal now what i want to do is i want to actually go in and do my discovery so what i'm going to do is i'm going to go to my little touch pad up here and i'm going to hit discovery and what we're going to do is we're actually going to create a discovery process notice here i have the capability under the widget here to say add my discovery we are going to give this discovery process a name i'm going to call it hq underscore devices and what i'm going to do is i'm going to specify a ip address range in fact i know that we assigned ip address 100 124.0.1 and 100.124.0.2 to the loopback zero interfaces and what i'm going to do is i'm going to say use that loopback address as or for management you're also going to notice that if i scroll down remember when we created our design component we set up the login for the cli for the read write operations for my snmp and i'm going to go ahead and take one step further here and i'm going to enable net conf it's not it's not essential and i'm going to do it just simply by going to the net confluento say save this is a global setting and save it and what ended up happening is that now that that has been saved if i scroll down netconf is also going to be one of the options that i can use to control devices secondary to that i'm going to go to the advanced config and you'll see i can use ssh or telnet or and telnet if i go ahead and click them both and if i wanted i could actually make one my preferred over the other by simply dragging it to the top of the list now what i'm going to do at this particular juncture is i'm going to go ahead and say that i want to do this discovery process and i want to do it now i'll press start and it's going to take me to my screen you'll notice here there's a little tab that says discover devices uh will be added to the inventory automatically and what i'm going to do is it's covering up what i want to see it's covering up the fact that the messages here say that i'm starting and now i'm transitioning to in progress and ultimately i hope to discover both of my cp border devices as well as discovering them i also want to see over here in the indications that i have greens for icmp snmp cli net conf as well as status and ultimately i want to see the resolved names we're going to wait for this to transpire okay we can see immediately that we have indeed found two devices we have a green status complete we see that everything is following the idea of the green check box and this means that i have now added these devices to my inventory now there's going to be two places that i want to do my verification first what i want to do is i want to go back to my border node and what i want to do is we're going to notice here notice that there's a number of logins and the ip address of the login is actually coming from my dnac from 100.64.101. now what that means is the dnac has actually logged into these devices and pushed configuration so remember when we took a look at our running configuration before i'll scroll up and let's see this is border one notice remember that i had these configs right here where we manually configure this ip address but every other interface had no configuration in under it whatsoever or for it whatsoever what i'm going to do is i'm going to grab this guy right here and what i'm going to do is i'm going to say show run pipe and i'm going to say begin and what i'm going to do is i'm going to paste that in to this device and let's see what we see under our configurations now if anything now what notice what's happening here we don't see any output but i do want you to see that there are still connections that are going on now we're going to come back and we're going to revisit this because notice configuration commands seem to be being pushed changes seem to be taking place we formed a trust point with the dnac certificate authority we have allowed connectivity in and this box should actually be going undergoing some changes let's repeat that show command notice now that there is configuration under each of these interfaces and this is going to be for my the ability to be able to detect the movement of devices so this is going to be my ip device tracking capability that's going to become essential for me to be able to actually monitor the status of my fabric now that i've verified the command line configurations what i want to do next is i want to look at this idea of inventory now to do that what i'm going to do is i'm going to hit the cisco dna center tag on the top and i'm going to go to provision and under provision here is the hierarchical context that we created and what you're going to find is is that these resources the cp border 1 and the cp border 2 devices have been allocated to the global level and they are listed currently as being unassigned unassigned is not what we want in fact before we can actually assume a role a border a control plane node or an edge device these devices have to be assigned to and provisioned such that they're going to function in a particular site or context now i'm going to do to make this happen is i'm going to select both of these devices and from the perspective of the dnac i'm going to go to my actions tab and what i'm going to do is i am going to provision these devices now i could just simply allocate them to the area where i want them to be assigned and then provision them or i could just simply hit provision the device and tell it where i want it to be assigned and then provision it now what i'm going to do is i'm actually going to apply whatever configuration i make here to all the devices that i've selected and i'm going to choose my site and my site is going to be located in the san jose headquarters specifically i'm going to assign these resources to my main distribution frame i'm going to select save and then i'm going to select next now if i were to do configuration where i wanted to implement one-off scenarios i uh as an example assigning a template i could do that here but i'm not doing that again we're taking the path of least resistance as it relates to creating this fabric so now all i'm going to do is i'm going to go to next and it's going to show me my summary it's going to tell me the information that's going to actually be disseminated to these devices the identity of the aaa the dhcp the dns all of those things that we configured in our design phase and as soon as i hit deploy these resources are going to become real once i select now and hit apply this process is going to take some time and we'll want to observe the behavior as you can see the devices have been assigned to the site we want to validate the configuration and wait for the dnac to update us on the status of this process we see cp border 1 has started provisioning and you'll also notice that these devices to include cp border 2 have disappeared from the unassigned devices folder i'm going to go down to san jose to the headquarters building and i'm going to go to the headquarters mdf site and what we're going to see is these devices are now actually showing up here now by virtue of what we've done this means that these devices now have the capability of being able to call upon the ip pools the credential configurations and the network resources that we defined in the design phase so what we're going to do right now is we're going to wait for this process and then we're going to make these devices part of our sda fabric notice it says the cp border 1 has been provisioned successfully and cp border 2 has been provisioned successfully now as a direct result of this provisioning process these devices should now actually exist as resources that i can work with now what's happened at this particular juncture is is that the dnac has pushed configuration to these or will push configuration to these resources but the problem is is that we have not defined a role for these devices yet notice it says device role it just says access all this means access is basically just saying i'm going to use a particular representation on this topology section of the drawing it really doesn't have anything to do with the way these devices and the role these devices are actually going to assert or have now i do want to log into one of these devices i'm going to go to my cp border one and i'm going to log in and it's going to be netadmin it's going to be my credential net admin because that's what i told it that it would use and i'm going to log in using ice is cool let's see if it lets me log in in and what we're going to see now is is that we should be able to determine if any configuration has actually been applied to these devices so i'm going to run some show commands the show command that i'm going to run initially is going to be the taking a look at the list configuration i want to look at aaa configuration and some other components because we didn't make set that up when we built the devices out so as an example if i say show run pipe include lisp what we're going to find is the only thing that we see is a snmp server enable trap 4 lisp let's take a look at isis remember there's all that talk about intermediate system to intermediate system and the only reference that we see here is that i did instantiate a instance of router isis and we have that mention in our configuration where i wanted to redistribute isis level one prefixes into ospf but other things let's go ahead and take a look at and we'll say is going to be show run pipe section vrf let's look and see if there's any vrs that have been configured we have a management vrf we have the address family ipv4 configuration but nothing has been added let's go ahead and check aaa show run pipe section aaa and what we should see here is is that it has indeed pushed a lot of aaa configuration in fact it's assigned aaa new model as its mode of operation and that's a direct result of the fact that we integrated and built the ice engine into our scenario and we see here that we're leveraging 802.1x as a protocol now what i want to do from this point on is i want to make certain that we look at this idea of designing and building our fabric or i didn't discover the fusion router as a result it's not going to show up in my drawing but we're going to look at that later now what i want to do is i'm actually going to go to cp border 1 and what i'm going to do is i am going to click on this device and this is where software defined functionality comes into play i am going to tell my device i'm telling my dnac that i want this device to be a border node now to turn it into a border node i'm going to need bgp i'm going to use 65534 as my autonomous system and i am going to turn this into a anywhere actually we're going to turn this into a border device we'll talk later about the idea of an anywhere border an unknown border or a known border but right now all i'm going to do is i'm going to say generate a default to all virtual networks which is basically making this a unknown border so that's one of those different varieties there's also a fourth variety of border node called a layer to handoff border node that we'll talk about at a later date now as i take a look at the implementation here what what i have done is i have created this and all i'm going to do is i'm going to go ahead and say add that functionality to this border node to this cp border 1 9 300 that i have in my infrastructure i'm also going to come down and i'm going to say hey let's go ahead and make this a control plane node that's going to actually enable the list service it's going to become a map server and a map resolver now i'm not i could go ahead and turn it into all three this is a 9 300. if i were to enable edge node border node and control mode these this device would actually become a fabric in a box node or an fia b node we're not going to do that right now well all i'm going to do is i'm going to say add and then i'm going to select the second device and i'm going to do the exact same thing border it's going to be 6 5 5 3 4. do not import external routes and add and make this a control plane node now i want to verify that i didn't fat finger anything here so i want to look at the border node configuration or configure and this is wrong so it's going to be 65534 and i will hit add and add and now what i'm going to do is i'm going to select save now this message up right here that says right here is three information alerts this is just informational configuration or notification so as an example it's letting me know about my operational version i am currently running 1703 amsterdam on both of these devices so i'm not really too concerned about that all i'm going to do now is i'm going to hit save and we're going to go ahead and say do it now apply it and we're going to modify our fabric we're going to wait for the response messages to show up we can see the fabric provisioning has been initiated and we want to quote unquote observe the process i want to verify things from the command line so what i'm going to do is i'm going to dive back into the configuration and i'm going to go ahead and see if i can't open up one of our devices i'm going to go to cp border 2 and from the perspective of that device i'm actually going to say show run section lisp and let's see if there's been any lisp configuration pushed to this device sure enough we see that we have a lot of list config in place as far as the device acting as a control plane node let's take a look at it from the perspective of the d-neck i'm going to click on one of these devices so i'm going to go to cp border 1 and what i'm going to do is i'm going to go to details i'm going to scroll down and we can see that this device has successfully been provisioned i want to go ahead and verify that the cp border 2 has been successfully provisioned and also if you ever have an interest as to what configuration has been pushed to the device simply go to the configuration tab and you'll have an ability to be able to scroll through and look at all of the configuration that was actually delivered to this specific device in question based on the implementation inside of my topology now what this is done is this has actually allowed us to be able to create the top part of our fabric that means that these devices the cp border 1 and cp border 2 9300 devices are actually now part of a fabric but we have an incomplete fabric we need edge devices and rather than implement an edge device using discovery what i want to do is i want to show you how easy it is to use the process of lan automation okay here we are at the dnac and what i want to do is i want to deploy our edge devices using lan automation now what i need to do is i'm going to go to each of those devices and i'm going to make certain that they are in a state where they're going to be ready to be deployed so what i need to do is i'm just going to go ahead and enter the wizard and i'm going to run some delete operations so what i'm going to do is i'm just going to say do you want to enter the initial configuration no yes terminate the auto install then what i'm going to do is open up the second one and do the same thing so no i do not want to enter initial configuration yes i want to terminate the auto install now once these devices come up in a state where i can work with them all i'm going to do is i'm going to type delete force flash pnp anything so anything that begins with pnp i want to delete from the flash the next thing i'm going to do is i'm going to remove flash vlan dot dat i'm then going to write erase and then reload this device say no when it asks you to save configuration because it's been modified and what we're going to want is we're going to want this box to actually come up and be in the installation wizard mode i'm going to do the same thing on the second device in delete force flash anything that starts with pnp plug and play delete flash vlan dot dat write erase reload no do not save the running configuration now it is extremely important that once this it has been done and these boxes are coming up that we do not press enter or do anything in the cli until such time that we are going to be ready to start the land automation process so we're going to have to wait for a little bit won't take long but when these devices come up and it's going to ask me if i want to take part in the installation wizard i'm just going to leave them setting and then what we're going to do is we're going to turn our attention to the dnac and we're going to start the lan automation operation all right about four minutes have passed the devices are sitting in the system configuration dialog just like i want them to these devices are running a pnp agent in the background so two things could happen at this instance i could go ahead and configure these devices at the command line like we normally do or i could allow the dnac to handle the configuration now what i want to do is i want to go through that process because that process is going to be the idea of lan automation and like i said it's not hard also i want to call your attention to the fact that these devices are actually 3850s i ended up taking the two 9300s that i was originally working with and building a second pod so that can students could actually lab and what i want to do now is go ahead and see if we can't get this configured now this is our fabric this is our border 1 device this is our border 2 device now what i want to do is i want to go ahead and see if we can't on board the edges now to do that what i'm going to do is i'm going to go to devices i'm going to go to my inventory and what i'm going to do is i'm going to go ahead and just put my mouse right here on hq1 because this is where i want to put those resources and what i'm going to do actually i don't need i don't have to be here i could actually go all the way up to san jose if i wanted this is where i'm going to do these deployments and what i'm going to do now is i'm actually going to hit the actions tab and i'm going to go down to provision and one of my options is lan automation now all i'm going to do is provide the information necessary to allow the dnac to discover these two edge devices through the utilization of my cp border nodes as what we call seed devices what we're going to see on this page is the fact that i have a primary site and a peer site now my primary site and my peer site are really going to be the same site right now all the devices that i have in my infrastructure are part of headquarters mdf so what i'm going to do is i'm going to pick that as my primary site because that's where my border nodes are and those are going to be the resources that i'm going to use to do my discovery aka these are the resources that i'm going to use for my seed operation i'm going to go ahead and select the primary device here and i'm going to use border 1 and the peer device is going to be border 2. this is what you need to do when you have more than one border in a sda fabric site next what i'm going to do is i'm going to modify my interfaces and what i'm going to do is i'm going to select port gigabit ethernet 1013 and ethernet 1014 because those are the interfaces that point down towards my edge devices i'm going to say done now what i'm going to do is i'm going to say the discovered device site so anything that i find i want to actually assign to headquarters one so i'm going to put everything here once it's discovered and the pool that i'm going to use is going to be that land automation pool remember that special pool that we set up and i'm going to go ahead and say my isis domain that's going to be built by the dnac is going to use cisco as the password now we have some options here i could use a csv file to provide information as far as naming these devices but what i'm going to do instead is i'm just going to come up and use a naming prefix and i'm just going to say go ahead and use edge as the prefix and then what the system is going to do is it's just going to attach a number to these resources now we'll fix this later moving on because what we're going to do is in another video we'll use a template to modify this behavior and then i'll also demonstrate how you can actually do this using that csv file that i described another thing that's also really interesting to me here is is that at this point i'm pretty much done so like i said there's not a lot to this concept of land automation bear in mind that land automation will work for no more than two hops in my infrastructure so in this particular scenario i've got everything i should be good to go and what we're going to do is we're going to hit start and we're going to see that the network orchestration is indeed starting now what i want to do is i'm going to go to actions provision and i have an option here to monitor the automation status and it it'll take about two minutes now what i'm also going to do is i'm going to go ahead and open up one of my edge devices and i want to observe what happens on this device as we're executing this process so it still hasn't really done anything for me yet what i'm going to do is i'm going to minimize this just a little bit and drag it over and what we want to do is observe this process so let's give it a minute notice that the system is receiving commands so this is the edge one device it's being accessed programmatically the pnp agent discovery process has engaged and what you'll note is this should actually be happening on both devices so if i go to ch or edge 2 if i go to edge 2 we can see that that's happening here let me go ahead and reopen edge one again just so it'll be sitting on my console and what i want to do is i want to see how this process proceeds now we should at some point here transition to an in progress and that should show me the number of edge devices that are in the process or in progress of being automated and then when the system is done it's going to move all of those devices to completed after waiting for a little while what i'm going to do is i'm going to stop this process and what we're going to do is we're going to observe what actually transpires at the command line got impatient and decided to just go ahead and click it we can see that we have two devices that are actually in progress notice that we have dhcp addresses being assigned and operations are running please keep in mind that this particular range of addresses is not being provided by our dhcp server instead they're actually being provided by the d-nac now what we see on the screen now is that we have two completed installations now i'm going to give this a little bit of time to stabilize and what i want to do is i want to execute some commands on these devices all right what i'm going to do is i'm going to go ahead and hit enter and i'm gonna log into these devices before remember they had zero configuration on them i'm gonna go ahead and expand this and i'm gonna log in using net admin and remember our password was ice is cool and our enabled password was also ice is cool and what i want to do is i want to call your attention to a number of things first of all i'm going to say show ip interface brief and what we're going to find is these devices actually have ip addresses notice i have an ip address out of my lan automation range of 100.124.128 and it was assigned.2 that's running on svi interface 1 and also notice that the system got a loopback address that was assigned this ip address here now this device if i go and say ping 100.64.0 i have reachability all the way up to the d-neck in fact if i source this from my loopback address i have reachability but the problem that i have here is is remember we discussed early on that the system is going to go so far as to actually assign isis as a routing protocol so what i'm going to do is i'm going to log in and i'm going to say show is is neighbors and we see here that we have these adjacencies level one level two level one level two and it is indeed actually running isis but i'm not if i say show run interface gigabit ethernet 2.0.13 notice that there is no special configuration here and if i do 14 there is no special configuration now what i want to have happen is i want to have these resources be assigned ip addresses and i want to form my isis adjacencies using these as routed interfaces not using them as trunks so if i say show spanning tree for vlan 1 what we're going to see here is that vlan 1 is indeed running on 13 and 14. now to do that honestly it doesn't require me to do anything all i got to do is tell the dnac that i'm done automating and discovering all of these other devices that exist at least two hops away from my seed switches in my case i'm using two seed switches so let's go ahead and stop that process and then observe what's going to happen i'm going to hit stop and then what i'm going to do is i'm actually going to go to cp border 1 and from the perspective of cp border 1 i want to wait now notice the d-neck is going through and it's making configurations and we can see that i've got adjacency change information happening notice my adjacencies are coming back up new adjacency and observe that those adjacencies are also appearing on my control plane node success we've stopped the network orchestration notice that we're getting a pnpa dhcp with option 43 being set option 43 is telling me the vendor information in fact this output right here is what is being communicated as part of option 43 and what you'll find here is this is the this is the address of my dnac cluster and now all i want to do is let's see what happens so now if i type a show i s i s neighbors now notice i only have two entries layer one layer two and notice that they're using different addresses in fact now if i come up and say show run interface gigabit two zero 13 and 2 0 14 what i want you guys to observe is the fact that we now have information associated to the layer 3 functionality of this interface and the device actually went in the dnac did a no switch port and assigned the addresses the really really cool part about what just happened is that this configuration actually took place on my cp border so again if i say enable and i say show run interface gigabit 1 0 13 and 1 0 14. we're going to find the configuration is taking place here let's check out cp2 because remember we said that we wanted to use cp2 as our pure device in show run height we'll just say show run interface gigabit 1 0 13 and 14. so what i've done here is try to illustrate just how easy it is to be able to leverage the capability of the dnac to one dynamically discovered devices and resources that exist below whatever it is we're using as our seed component in fact that works up to two hops away from the device that is acting as the seed and at the same time actually integrate these devices and these resources in to our fabric the only thing that remains now is actually to give them a roll in the fabric and once that's done we're pretty much finished with this part of our demonstration and explanation so what i'm going to do now is i'm actually going to make that happen i'm going to go into my dnac and from the perspective of my dnac i'm going to go to fabric and what i'm going to do is i'm going to return to my cisco fabric i'm going to pick san jose and what we're going to see is we're going to have additional devices edge 12 edge 13. now we'll fix this later again we'll use a template to do that but what i'm going to do is i'm actually going to rearrange this because i don't like the layout i'm going to say this is going to be my border 1 this is going to be my border 2 this will be my edge and my edge and rather than fight with this all the time what i'm actually going to do is i'm gonna i'm going to go into the configuration here and i'm going to say custom view and what i'm going to do is i'm going to create a custom view called my custom view you can see i already have one but i'm showing you how that i can implement this because i get tired of moving these things around and what's going to end up happening now is this layout my custom view has been saved so if i were to exit this and then go back into here notice it went back to the way it was all i got to do is come over here and say hey use my custom view and what it's going to do is it's going to lay these out the way i want them keeps me from having to move things around but the problem is is these devices these edge devices are not blue so let's go ahead and see if we can't handle that part of it all right so while i'm doing now is i just want to see if we can get this provisioning to take place and i'm just waiting for the system to actually give me the messages that tell me that it has successfully been provisioned so we see edge 13 and edge 12 have been provisioned successfully so now let's go back to our fabric and let's see if we can't do the rest of the manipulations i may be trying to move too fast the d-neck is fantastic but it's also pretty slow let's go back to my custom view and let's see if we can't give these guys a roll now we can give them rolls now these are 35 38 50s that means that they can be edges borders and control planes as well as guest border control plane devices but they can't be all of these e b and c at the same time i'm just going to simply turn on these as edge devices this one on as an edge device and then i'm going to save we'll do that now once this is done we've built our campus fabric so campus fabric has been initiated all of my devices are now blue we can see that the these little circles mean that the cp border nodes are basically re-syncing so everything is being updated ultimately i want to just simply have all four of these devices up and functional but like i said what we've done is we have successfully built our fabric fabric builds are not complicated a lot of people want to make this stuff sound hard yes there's a lot of moving parts and yes you've got to know where to be in the dnac to get what you want done done so you need to know where to be to configure it but again these are not by any stretch of the imagination herculean concepts so again i'm just simply trying to demonstrate how simple it can be obviously we can make it complicated but we don't want to make something complicated when we're just starting to learn it so in the next video what i'm going to do is i'm going to take this and i'm going to move it a step further and what we're going to do is we're actually going to leverage our ability to be able to manipulate these devices through the utilization of templates as an example i don't like this naming convention i don't even really know if the device that is being called in my lab v sorry edge 12 is actually my edge one i don't know but i do want to have a way of being able to make that happen now obviously it would be easier to use the csv file and i'm all about making things easy but at the same time i want you guys to get a lot of experience climbing around inside of the graphical user interface of the dnac and the template is definitely a cool way to do that so i hope this was helpful for you guys and i'll see you guys in the next video hopefully really soon

Info

Channel: Terry Vinson CCIEx2

Views: 1,388

Rating: undefined out of 5

Keywords: ccie, ccie ei, ccie enterprise infrastructure, cisco dna, cisco dna center, cisco dnac installation, cisco dnac lan automation, cisco ise training, cisco sda configuration, cisco sda deployment, cisco sda explained, cisco sda training, cisco sd-access, dna center, dnac, dna-center, encor, enterprise infrastructure, ise integration, sda, sd-access, sd-access deployment, software defined networking, terry vinson, cisco sda, cisco dnac, cisco dna center training, dna center demo

Id: 2gNe7XMRb98

Channel Id: undefined

Length: 85min 23sec (5123 seconds)

Published: Wed Feb 24 2021