Installing, Configuring, Monitoring and Troubleshooting Cisco Catalyst SD-WAN (SDWAN) V20.15.2/17.15.2

Installing, Configuring, Monitoring, and Troubleshooting Cisco Catalyst (SDWAN) v20.15.2/17.15.2

< This release begins the Journey of streamlining Configuration Groups and Policy Groups, empowering network administrators with greater control and efficiency. This release is pretty close to feature complete, and the first release that I would tell customers that it is time to look to convert Configuration Templates to Configuration Groups.

Here are some of the Updates: 

Configuration Groups: Simplifying Network Management

With the advent of configuration groups, network administrators can now create and manage device configurations more effectively. The feature allows for the grouping of devices based on specific criteria, enabling consistent and centralized configuration deployment. By reducing manual configurations on individual devices, configuration groups ensure uniformity and significantly decrease the potential for errors, leading to a more streamlined and reliable network management process.

Policy Groups: Enhanced Policy Management

The introduction of policy groups in Cisco SD-WAN 20.15.2 marks a substantial improvement in policy management. This feature allows administrators to define and apply policies to specific groups of devices or regions, facilitating more granular control over network behavior. By aligning policies with organizational requirements and regional compliance standards, policy groups enhance security and performance across the network. This targeted approach ensures that policies are both effective and relevant to the specific needs of different network segments.

The release of Cisco SD-WAN 20.15.2 underscores the importance of adopting configuration and policy groups to optimize network operations. These features not only simplify the management of complex network environments but also enhance scalability and responsiveness to organizational changes. By leveraging configuration groups, administrators can ensure maintaining a secure and efficient network infrastructure. >

In this 5-day hands-on up-to-date course on Cisco Catalyst (Viptela) SD-WAN 20.15.2 / IOS-XE 17.15.2, students will learn how to administer SD-WAN. Students will learn about Deploying and Configuring SD-WAN Controllers, vEdge Devices, and Cisco IOS-XE Devices. Students will learn how to manage the (SD-WAN Manager (vManager) Interface, along with the change in the interface in 20.6 and above. Students will learn about Device Template, Feature Template, Configuration Groups, and CLI Templates. Students will learn how to tune OMP, BFD, TLOCs, QoS, TCP OPT, DRE, FEC, and Packet Duplication. Students will learn how SD-WAN implements Security using SASE, SIG, Umbrella, FW, IPS, AMP, Threat grid, TLS Decryption, and Direct Internet Access (DIA). Students will learn about Local and Central Policies. Students will also learn how Cisco SD-WAN allows Enterprises to deploy effective Cloud Solutions such as Amazon AWS, Microsoft Azure, Google Cloud, MegaPort, Equinix, and SAAS applications such as O365 and Webex. Students will also learn how to Monitor and Troubleshoot the SDWAN Solution.

Use this course towards your Cisco Continuing (CE) Education Credits (40)

• SD-WAN Overview
• SD-WAN Controllers (vSmart)
• Allow Lists and Certificates
• Platforms
• Router Deployment
• Configure SD-WAN Manager (vManager)
• SD-WAN Software Updates
• OMP / Fabric
• QoS / QoE
• Security / SASE
• Creating and Applying SD-WAN Templates
• Local and Central Policy
• Deploying using Templates
• ThousandEyes Integration
• Cloud Onramp for SaaS
• Analytics
• Monitoring & Troubleshooting the SD-WAN Solution

Who should sit this course?

This course is suitable for Network Engineers, System Administrators, IT Professionals, Technical Support Staff, and Cisco-Certified Professionals looking to enhance their skills and proficiency with Cisco Catalyst SD-WAN network management tailored for networks. 

The course is highly recommended for:

• Network Engineers: Professionals tasked with the design, implementation, and maintenance of the network infrastructure. This includes managing both Catalyst SD-WAN and data communication systems, ensuring they meet the high standards required for government operations.
• System Administrators: Individuals responsible for the daily management and configuration of the network systems. Their role is crucial in ensuring the reliable operation of Catalyst SD-WAN and WAN services across various departments.
• IT Professionals: This group includes a wide range of IT personnel working who require a robust understanding of secure and reliable Catalyst SD-WAN network systems. Their work is critical in ensuring that these networks comply with stringent standards and regulations.
• Technical Support Staff: These are the frontline personnel who provide essential technical support for Catalyst SD-WAN network systems within the environments. Their expertise ensures that any issues are promptly resolved to maintain network integrity and security.
• Cisco Certified Professionals: Individuals who have already achieved Cisco certifications and are looking to further their knowledge and expertise specifically in Catalyst SD-WAN Networks and Technologies. This course offers them an opportunity to specialize in Catalyst SD-WAN solutions, enhancing their skill set in the context of the network requirements.

N/A

Module 0: Introductions

Module 1: Catalyst SD-WAN (Viptela) Platform Overview

• Module Topics
• Lesson 1: SD-WAN WAN Architecture Overview
• Lesson 2: Cisco SD-WAN Solution Overview
• Lesson 3: New Features by Version
• Lesson 4: Licensing for Cisco SD-WAN
• Lesson 5: SD Routing Overview (20.12)
• Module Summary

Module 2: Cisco SD-WAN Controllers 

• Module Topics
• Lesson 1: Cisco SD-WAN Controller Architecture
• Lesson 2: Cisco Catalyst SD-WAN Portal
• Lesson 3: Multitenant Tenancy
• Lesson 4: Controller High Availability
• Lesson 5: Verify Control Plane
• Module Summary

Module 3: Catalyst SD-WAN Platforms

• Module Topics
• Lesson 1: SD-WAN Platform Overview
• Lesson 2: SD-WAN vEdge Platforms
• Lesson 3: Cisco ISR 4000 Series Routers
• Lesson 4: Cisco ASR 1000 Routing Portfolio
• Lesson 5: Catalyst 8000 Series Router Overviews
• Lesson 6: Catalyst 8500 Series Routers
• Lesson 7: Catalyst 8300 Series Routers
• Lesson 8: Catalyst 8200 Series Routers
• Lesson 9: Catalyst 8000v Series Virtual Router
• Lesson 10: Catalyst 8000 SD-WAN Supported Modules
• Lesson 11: Cellular Gateways for SDWAN
• Lesson 12: SD-WAN WAN Edge High Availability
• Module Summary

Module 4: Cisco SD-WAN WAN Edge Deployments        

• Module Topics
• Lesson 1: Adding Device to the PNP Portal
• Lesson 2: Device Initial Bootup and Image Selection
• Lesson 3: SD-WAN Zero Touch Provisioning
• Lesson 4: SD-WAN Quick Connect
• Lesson 5: Manually Provision SD-WAN IOS-XE
• Lesson 6: Verifying SD-WAN WAN Edge Configuration
• Module Summary

Module 5: Catalyst SD-WAN SD Routing

• Module Topics
• Lesson 1: SD Routing Overview
• Lesson 2: SD Routing Onboarding
• Lesson 3: SD Routing Configuration
• Lesson 4: SD Routing Management
• Module Summary

Module 6: Configuring SD-WAN Manager

• Module Topics
• Lesson 1: Dashboard Overview and Changes
• Lesson 2: SD-Wan Manager Monitoring Dashboard
• Lesson 3: SD-WAN Manager Configuration
• Lesson 4: SD-WN Manager Tools
• Lesson 5: SD-WAN Manager Maintenance
• Lesson 6: Administrative Settings
• Lesson 7: Resource Groups
• Lesson 8: Users and Groups
• Lesson 9: RADIUS and TACACS
• Lesson 10: Single Sign-On / IDP Management
• Lesson 11: License Management
• Lesson 12: Network Wide Path Insight
• Module Summary

Module 7: SD-WAN Software Upgrades

• Module Topics
• Lesson 1: Upgrading the SD-WAN Environment
• Lesson 2: Upgrade SD-WAN Controllers
• Lesson 3: Software Upgrade Workflow Version 20.10 / 17.10
• Lesson 4: Upgrading Devices via CLI
• Module Summary

Module 8: SD-WAN OMP/Fabric

• Module Topics
• Lesson 1: SD-WAN Fabric Overview and Terminology
• Lesson 2: SD-WAN Segmentation
• Lesson 3: OMP / TLOCs / Routes
• Lesson 4: SD-WAN BFD
• Lesson 5: On-Demand Tunnels
• Lesson 6: SD-WAN Fabric Verification
• Module Summary

Module 9: SD-WAN QoS / QoE

• Module Topics
• Lesson 1: QoE / QoS Challenges
• Lesson 2: Quality of Experience (QoE) / Quality of Service (QoS)
• Lesson 3: Per-Tunnel QoS
• Lesson 4: Adaptive QoS
• Lesson 5: Per VPN QoS
• Lesson 6: Application Quality of Experience (AppQoE)
• Lesson 7: Forward Error Correction (FEC) / Packet Duplication
• Lesson 8: TCP Optimization
• Lesson 9: Data Redundancy Elimination (DRE) / Lempel-Ziv Compression (LZ)
• Lesson 10: SD-AVC / Microsoft O365 Telemetry
• Module Summary

Module 10: SD-WAN Security 

• Module Topics
• Lesson 1: Security Overview
• Lesson 2: Secure Analytics (StealthWatch) Integration
• Lesson 3: Locking Down Edge Access
• Lesson 4: SD-WAN Fabric Security
• Lesson 5: IPSec Key Exchange in SD-WAN Fabric
• Lesson 6: SD-WAN Security Options
• Lesson 7: SD-WAN Integrated Security
• Lesson 8: SD-WAN Enterprise Firewall
• Lesson 9: SD-WAN Identity Firewall
• Lesson 10: SD-WAN Intrusion Prevention System
• Lesson 11: URL Filtering
• Lesson 12: Anti-Malware Protection / Threatgrid
• Lesson 13: DNS Security
• Module Summary

Module 11: SD-WAN Templates and Configuration Groups 

• Module Topics
• Lesson 1: Template Overview
• Lesson 2: Feature Templates
• Lesson 3: Device Templates
• Lesson 4: CLI Templates
• Lesson 5: Create Device Templates using Feature Templates
• Lesson 6: Attaching Devices to Template
• Lesson 7: Configuration Groups Overview
• Lesson 8: Creating Configuration Groups
• Lesson 9: Deploy Configuration Group Workflow
• Lesson 10: View/Edit Configuration Groups
• Lesson 11: Configuration Catalog
• Module Summary

Module 12: SD-WAN Local Policy

• Module Topics
• Lesson 1: Local Policy Overview
• Lesson 2: Local Policy Lists
• Lesson 3: Local Data Policies
• Lesson 4: Local Policy QoS Configuration
• Lesson 5: Access Control Lists
• Lesson 6: Localized Control Policy
• Lesson 7: Save and Apply Local Policy
• Module Summary

Module 13: SD-WAN Central Policies

• Module Topics
• Lesson 1: Central Policy Overview
• Lesson 2: Policy Construction
• Lesson 3: Central Control Policy
• Lesson 4: Control Policy - Dis-contiguous Data Planes
• Lesson 5: Control Policy - Data Center Priority
• Lesson 6: Control Policy - VPN Topologies
• Lesson 7: Control Policy - VPN Membership Policy
• Lesson 8: Control Policy - Application-Aware Routing
• Lesson 9: Control Policy - Service Chaining
• Lesson 10: Central Data Policies
• Lesson 11: Central Data Policies - Use Cases
• Lesson 12: Central Data Policies - Cflowd
• Lesson 13: Creating Centralized Policies
• Module Summary

Module 14: SD-WAN Policy Groups

• Module Topics
• Lesson 1: What are Policy Groups?
• Lesson 2: Groups of Interest (Policy Objects)
• Lesson 3: Application Priority and SLA
• Lesson 4: NGFW
• Lesson 5: SIG/SSE and DNS Security
• Lesson 6: Policy Group Creation
• Lesson 7: Associate and Deploy Policy Groups
• Lesson 8: UX 2.0 Topology
• Module Summary

Module 15: Cisco SD-WAN with ThousandEyes Integration

• Module Topics
• Lesson 1: ThousandEyes Introduction
• Lesson 2: Architecture and SD-WAN Deployment
• Module Summary

Module 16: Cloud On Ramp for SaaS

• Module Topics
• Lesson 1: Cloud OnRamp - Overview
• Lesson 2: Cloud OnRamp for SaaS Overview
• Lesson 3: Cloud OnRamp for M365
• Lesson 4: Cloud OnRamp for Webex
• Lesson 5: Cloud OnRamp for Enterprise & Custom Apps
• Lesson 6: Cloud OnRamp for SaaS – Security
• Lesson 7: Deployment Use cases
• Lesson 8: Cloud OnRamp for SaaS Configuration
• Lesson 9: Cloud OnRamp for SaaS Monitoring
• Module Summary

Module 17: Analytics 3.0

• Module Topics
• Lesson 1: SD-WAN Analytics Overview
• Lesson 2: SD-WAN Analytics Dashboards
• Lesson 3: SD-WAN Analytics KPIs and Scores
• Lesson 4: SD-WAN Analytics Bandwidth Forecasting
• Lesson 5: SD-WAN Analytics Troubleshooting
• Lesson 6: SD-WAN Analytics IDP Onboarding
• Lesson 7: SD-WAN Analytics Onboarding & Access Workflow
• Module Summary

Module 18: Monitoring & Troubleshooting the SD-WAN Solution

• Module Topics
• Lesson 1: SD-WAN Troubleshooting Overview
• Lesson 2: SD-WAN Technical Support Access
• Lesson 3: Controller Failure Scenarios
• Lesson 4: Troubleshooting Controllers
• Lesson 5: Troubleshooting Control Connections
• Lesson 6: Typical Control Connection Issues
• Lesson 7: Troubleshooting Data Plane
• Lesson 8: Troubleshooting Routing
• Lesson 9: Centralized Policies Troubleshooting
• Lesson 10: Packet Forwarding Troubleshooting
• Lesson 11: Device Configuration and Upgrades Failure
• Lesson 12: vDiagnose - Diagnostic Tool for SD-WAN
• Lesson 13: Troubleshooting cEdge
• Lesson 14: Troubleshooting using SD-WAN Manager
• Lesson 15: Device Troubleshooting
• Lesson 16: Using the GUI for cli show command Under Troubleshooting > Real-time
• Lesson 17: CLI Troubleshooting
• Lesson 18: Network Wide Path Insights
• Lesson 19: NetFlow Collectors
• Lesson 20: SNMP Overview
• Lesson 21: SD-WAN Logs
• Lesson 22: SD-WAN Reporting
• Lesson 23: SD-WAN Manager APIs & Programmability
• Module Summary

Appendix A: Deploying SD-WAN Controllers

• A: On-Prem Controller Deployment
• B: Create vManage VM Instance on ESXi or KVM (slide 6)
• Lesson 3: Initial vManage Setup (slide 30)
• Lesson 4: Create vBond VM Instance on ESXI or KVM (slide 44)
• Lesson 5: Create vSmart VM Instance on ESXI or KVM (slide 63)
• Lesson 6: Add Controllers to vManage (slide 81)
• Lesson 7: Enterprise CA Configuration (slide 87)
• Module Summary

LAB OUTLINE

Lab 1: Deploy the SD-WAN Controller

• Deploy the vManage Controllers
• Deploy the vBond Orchestrator
• Deploy the vSmart Controller
• Configure Certificate Settings

Lab 2: Deploy the vEdge, ISR 4K /C8000V Routers

• Deploy WAN Edges
• Configure the WAN Edge Routers
• Prepare vEdge Routers for ZTP

Lab 3: vManage Configuration

• Explore the Interface
• Add Controllers to the Whitelist
• Add vEdge whitelist
• BFD Tuning
• Create and Update Users
• Manage the Fabric

Lab 4-8: Creating Device Templates 

• Create CLI Policy Template
• Create Feature Policy Template
• Create vSmart Device CLI Template
• Create DC1 vEdges Device Feature Template
• Attach DC1 Devices to Template
• Create DC2 IOS-XE CSRs Device Feature Template
• Attach DC2 Devices to Template
• Create BR1 vEdges Device CLI Template using TLOC Extensions
• Attach BR1 Devices to Template
• Create BR2 IOS-XE CSRs Device Feature Template using TLOC Extensions
• Attach BR2 Devices to Template
• Create BR3 IOS-XE ISR4K Device Feature Template
• Attach BR3 Devices to Template
• Configuration Rollback

Lab 9: Use APIs to Import Feature Templates

Lab 10: Upgrade SDWAN Environment 

Lab 11-13: Perform ZTP on SDWAN Environment 

Lab 14-17: SDWAN Policies 

• List types of policies that can be implemented in the SD-WAN solution
• Describe how policies can be implemented that affect the control plane
• Describe what affect policies can have on data traffic forwarding
• Identify the various components of the vSmart policy architecture
• Describe how different policies are enabled in different devices
• Detail how policies are processed and applied
• Control Policy Lab
• Configure a Vpn-membership-policy
• Configure Site-list Selection Policies
• Configure a Service Chaining Policy
• Configure an Extranet VPN Policy
• Configure a Service path affinity Policy
• Configure Fabric Policies
• Configure Security Zones
• Data Policy Lab
  • Configure Shaping Policies
  • Configure QoS Policies
  • Configure a Service Chaining
  • Configure an Extranet VPN Policy
  • Configure Service path affinity Policy
  • Configure a NAT Policies for DIA
  • Configure an OSPF BGP Routing Policy
• Application Aware Routing Policy Lab
• SLA Classes
• Path Selection using Application Policies
• Create a cFlowd Policy
• Create a Local Control Policy
• Configure OSPF and BGP
• Create a Local Data Policy
• Create ACL
• Create Device Access Policy
• Configure QOS
• Configure OSPF Route Policy

Lab 18: Application Visibility

• Create a Centralized Policy for Application-Aware Routing
• Identify Application Groups (FTP/Office 365/Voice)
• Create Lists
• Site Lists
• Application Lists
• Data Prefix Lists
• VPN Lists
• Create a SLA Classes
• Create Traffic Rules
• Apply Policies to Sites and VPNs

Lab 19: Cloud On-RAMP 

• Configure Cloud Onramp for SAAS

Lab 20: Monitoring / Troubleshooting

• Explore vManage Dashboard analytics
• Monitor Applications
• Monitor Loss, Latency, and Jitter
• Monitor Individual Device
  • Check system Status
  • Check Control Connections
  • Check OMP Status
  • Check BFD Status
  • Check Interfaces for Issues
• Use the CLI to view and troubleshooting debug Logs
• Troubleshoot BFD
• Troubleshoot OMP
• Use troubleshooting tools to diagnose issues
  • Use the Ping tool
  • Use the Traceroute tool
  • Use the App Route Visualization
  • Simulate traffic flows
  • Take a Packet
• Troubleshoot Application Routing