Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
René Andersen System Engineer
November 22, 2017
DNA, ETA, SDA, C9K. NETTEAM Event
The Network. Intuitive
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
Cisco DK
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKDCN-2489 2
Cisco Digital Network Architecture (DNA)
LOWER RiskREDUCE
Cost & ComplexityInnovate FASTER
New Requirements for the Digital Age
Insights &Actions
Security & Compliance
Automation& Assurance
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Challenge for Enterprise IT - Doing more with Less
Spent of
Network
Operations
$60B
Resources
Data growth
Connected devices
Threat surface areas
Organizations
intend to be
digital-ready
within 2 years
3xmore
An evolved world needs a network evolved.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
I have Security regulations to follow, yet I can’t report on
Compliance and Risk are greater than ever
Network Manager
I want to Simplify deployments and Automate some functions, but don’t trust the network to do it by itself
Network Operations
I want to provide Assurance to my users that I can
Accelerate time to resolution of problems and prevent problems on the network before they start
Network Manager
I need to Replace or Augment my existing Infrastructurewhile maintaining investment in tools and training
Security Operations
Customer RequirementsBuying and Solution Relevancy Triggers
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
New
Announcements
See and Act on All ThreatsEncrypted Traffic Analytics(Sept 2017)
Cisco DNA Center(Jul 2017)
Assurance with Network Data Platform(Nov 2017)
Catalyst 9000 Portfolio with Programmable ASICs
9500 (Jun 2017), 9400 (August 2017), 9300 (June 2017)
Networking at the Speed of Software
Software-Defined Access (For existing and next-gen infrastructure) (Aug2017)
C97-739094-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Content under Strict Embargo until June 20 th at 12pm PST.
Hardware centric
Manual
Fragmented security
Network data
Cisco is rewriting the network playbook
Built-in security
Automated
Software driven
Business insights
Traditional network The Network. Intuitive.
C97-739094-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Content under Strict Embargo until June 20 th at 12pm PST.
Business outcomesPowered by Cisco DNA™The new network
Only Cisco DNA delivers such a transformative network
Built-in security
Automated
Software driven
Business insights
Reduce risk
Save money
Make moneySecurity built-in
Cloud Service Management
Virtualization
Automation Analytics
C97-739094-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Content under Strict Embargo until June 20 th at 12pm PST.
Automation
Abstraction & Policy Control from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service ManagementPolicy | Orchestration
Virtualization
Physical & Virtual Infrastructure | App Hosting
Analytics
Network Data, Contextual Insights
Network-enabled Applications
Cloud-enabled | Software-delivered
Principles
8
Cisco Digital Network ArchitectureDNA Overview
Networks Phys/Virtual
DNA CenterAPIC-EM + ISE + NDP
Insights & Experiences
Automation& Assurance
Security & Compliance
111011011000001
000111100111101
001000100001
Catalyst
9000 Switch
Stealthwatch
NetFlow with
enhanced
telemetry
Machine
learning
Spot malware in
encrypted traffic
DNA-Center
Cognitive Threat
Analytics
Automated policy
enforcement for
segmentation
Act on Encrypted Threats for Wired and Wireless
1. Source : Identifying Encrypted Malware Traffic
with Contextual Flow Data, Oct 2016
2. Making Digital Transformation Real, IDC
2017
84% of breached health records in 2016 resulted from hacking incidents2
Threat Detection
Accuracy1
False Positives*
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Intent-based Network Infrastructure
DNA Center
AnalyticsPolicy Automation
The Network. Intuitive.Constantly learning, adapting and protecting.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Key Challenges for Traditional Networks
Slower Issue ResolutionComplex to ManageDifficult to Segment
Ever increasing number of users
and endpoint types
Ever increasing number of
VLANs and IP Subnets
Multiple steps,
user credentials, complex
interactions
Multiple touch-points
Separate user policies for
wired and wireless networks
Unable to find users
when troubleshooting
Traditional Networks Cannot Keep Up!
Enterprise IT Today
VLAN Based
HQ
Wired Wireless Badges
VLAN 1 VLAN 2 VLAN 3
Remote
VLAN C
Branch A
WAN
VLAN A
Lighting
BMS
| Disparate Networks | Complex Provisioning | Not Scalable
Branch B
VLAN B
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNA SolutionCisco Enterprise Portfolio
APIC-EM Network Data PlatformIdentity Services Engine
Routers Switches Wireless APs
DNA Center
DESIGN POLICY PROVISION ASSURANCE
DNA Center
Simple Workflows
Wireless Controllers
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Software-Defined Access
Insights & Telemetry
Automated Network Fabric
Identity-based Policy & Segmentation
Decoupled security policy definition
from VLAN and IP Address to
enable rapid
policy updates
Automation across wired and
wireless for optimized traffic flows,
and workflow-based management
to provide consistency at scale
Analytics and insights into
user and application behavior for
proactive issue identification
and resolution
Networking at the Speed of Software!
Digital IT of the Future: Logical Virtual Network
Lighting
BMS
WAN
Branch B
Remote
Branch AHQ
Agile Fabric Services
Collaboration SecurityAnalytics
Users & Devices
Building Devices
Private & Public
Cloud Resources
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure Segmentation and Profiling for HealthcareSecure On-boarding of Users and Devices
Before SD-Access After SD-Access
Static Medical
Imaging Devices
Manual IP-based
ACLs for access
policy
Deal with policy
violations and errors
manually
Enable Mobile
Clinical Devices
Mitigate medical
device
vulnerabilities by
providing context-
aware access
control
Policy and access
control follow
identity of the
Device and User
Intuitive
Workflows
Users
Medical
Devices
Apps
Privileged Staff Virtual Network
Devices Virtual Network
Guest Virtual Network
Patients
Lights
Doctors
Visitors
Imaging
Nurses
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Lab specific VLAN and
isolated to lab- ACL
Identity PSK for HealthcareGroup-based PSK
SSID
All devices have same PSK
and same access policy
Limited Data center
access with highest
QoS / AVC
Direct Access to
internet only
Key
Cisco123
Key
T36c0#$7
Key
S25c0#$3
Key
C15c0#$4HealthCare-PSK
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Healthcare Segmentation Use-Cases
Lights ImagingPatients Visitors
Doctors Nurses
Privileged Access to
patient records
Gold-level Quality of
Service for video/voice
Selective Encryption
for certain confidential
traffic
Copy Policy for Audits
Very Limited Access to
Internet only
BYOD policy for
Visitors and Patients
Silver-level QOS for
Patients but Best Effort
QOS for Visitors
Location-awareness and
usage statistics
Any subnet anywhere for IP
mobility of medical devices
Multi-site Fabric for
redundancy of ERs and
OTs
Staff Partners
Limited Access to
databases
Silver-level Quality of
Service for video/voice
BYOD dependent on Org
priorities
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Consistent wired and wireless managementA single network fabric
Before SDA After SDA
• Repeated policy work
for wired-wireless
• Roaming issues
across L3 domains
• Chase down IP
addresses for
troubleshooting
• Consistent
management across
wired-wireless
• Optimal traffic flows
with seamless
roaming
• Seamless roaming in
Fabric and non-Fabric
domains
Campus-Wide RoamingWired and Wireless
ConsistencySimplified Provisioning
Roam
is L2
Seamless
Roam
Policy stays
with user
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Automate IoT Deployments at ScaleSubtended Node
Connected
Lighting
Employee
Network AEmployee
Network B
Before SDA After SDA
• Complex
segmentation of IoT
and user traffic
• Chase down IP
addresses for
troubleshooting
• Static endpoint
management
• Intuitive identity-
based segmentation
with device profiling
• Built-in visibility and
granular policy control
• Dynamic endpoint
management
Users, Device and IoTSegmentation
Policy based Automation
Purpose Built Switches for IoT
IP
Surveillance
Subtended Node
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Dynamic Logical Topologies with Overlays (Stateless Tunnels)
Traffic for Wired and Wireless is carried inside Overlays
Policy Context is carried inline with Traffic
Network Fabric – Normalized Transport for Wired & WirelessSoftware-Defined Access
Underlay Network
Overlay Network
Encapsulation
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
First level Segmentation that ensures
zero Communication between Building
systems and Users
1
Virtual Networks
Second level Segmentation within a
Virtual Network that ensures role
based access control between Two
Groups
Groups
1
2
Identity-based Policy – Segmentation & Access ControlSoftware-Defined Access
IoT Virtual Network
Group 3
Employee Virtual Network
Group 1 Group 2
Routers Switches Wireless AP WLC
Group 4
Group 5
2
Default Permit
Custom Deny
Default Deny
Intelligent Policy
Simplified Network Wide
Intelligent Policy enforcement
Based on your Identity, not on your Address
Campus
Building 2
10.18.1.0/2410.17.1.0/24
EmployeeCampus
Building 1
ISE / AD NDP
C
BB
DNA
Center
APIC-EM
10.0.255.310.0.255.1
Prod Server5 SGT 8 SGT
CLASSIFICATION
Employee – SGT 5
Employee
App_Serv
Prod_Serv
App_Serv Prod_Serv
Permit All
Permit All Deny All
Permit AllDeny All
Deny All
So
urc
e
Destination
Egress Policy
#WWST #CISCOVT #CISCOSE
New in 1.1 - Border AutomationConfigure a Distributed Border node
#WWST #CISCOVT #CISCOSE
“Easy QoS” - QoS in OverlaySDA Fabric - Applications
End to End PolicyCampus, Branch, WAN and DC Integration
AUTOMATIONAPIC-EM
POLICYIdentity Services
Engine (ISE)
ASSURANCENetwork Data
Platform (NDP)
DNA Center
Employee
Virtual Network
Group 1 Group 2
IoT
Virtual Network
Group 3 Group 4
Roam is L2
Seamless
Roam
Policy stays
with user
Firewall
SD - Access At a GlanceSoftware Architecture For The New Enterprise
Distributed Fabric
with consistent experience
across wired and wireless
Automatic
Integration for
critical servicesFABRIC ENABLES ANY
SERVICE OR POLICY ON
ANY PORT
Contextual Visibility and
Troubleshooting
Policy Mobility
with no Topology
Dependence
#WWST #CISCOVT #CISCOSE
DNA Assurance Network Fabric Health Page
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Proactive Issue Identification and Faster Issue ResolutionPowered by Network Data Platform
FIX
Fix real time issues and get
insight into historic trends and
errors
PREDICT
Predict Client and network
issues before they occur
Machine Learning
0100101100010111001
00101011001011000
InsightsInfrastructure Data
Crowd Sourcing
AnalyticsSensor Data
COLLECT
Rich network data including AAA,
DNS, DHCP, ISE, OS, NetFlow,
syslog, SNMP
#WWST #CISCOVT #CISCOSE
New in 1.1 - Fabric Assurance Insights: SDA Use-Cases
Control Plane Data Plane Policy PlaneClient
Onboarding
Edge to Control Plane
Border to Control Plane
CP performance
Routing protocols
Border and Edge connectivity
Border node health
Edge node health
Device to Services (DHCP, DNS, AAA)
ISE connectivity
Border node policy
Edge node policy
Client / Device DHCP
Client Authentication
Client Authorization
Device
CPU, Memory
TCAM Tables
Modules
Temperature
Power (POE)
Clients
Applications
Services
Network Infrastructure
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Policy
• Virtual Networks• ISE, AAA, Radius
• Endpoint Groups
• Group Policies
Assure
DNA CenterSD-Access 4 Step Workflow
Design
• Global Settings
• Site Profiles• DDI, SWIM, PNP
• User Access
Provision
• Fabric Domains• CP, Border, Edge
• FEW / OTT WLAN
• External Connect
Assurance
• Network Health
• 360o Views• FD, Device, Client
• Path Traces
Planning & Preparation
Installation & Integration
31
Assure Assure
Provision Assure
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SD-Access SupportA single fabric for your digital ready network
WirelessRoutingSwitching
AIR-CT5520
AIR-CT8540
Wave 2 APs (1800, 2800,3800)
Wave 1 APs* (1700, 2700,3700)
Catalyst 9400
Catalyst 9300
Catalyst 9500
Catalyst 4500E Catalyst 6K Nexus 7700
Catalyst 3850 and 3650
AIR-CT3504
*with Caveats
**Future
NEW
NEW
NEWNEW
Subtended
Catalyst Digital Building
Catalyst 3560-CX
NEW
IE Switches** (2K/3K/4K/5K)
ASR-1000-X
ASR-1000-HX
ISR 4430
ISR 4450
ENCS 5400**
ISR 4351
ISR 4331
CSRv
Network
Provisioning Time
Savings
67%
Improve Issue
Resolution
80%
Reduced Security
Breach Impact
48%
Reduced Operating
Expense
61%
Shift IT Time to Business Focus
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SD-Access Customer TestimonialsSD-Access Customer Testimonials
"Transportation is at a disruptive shift.
With SD-Access we can consolidate our
locations across the country with
consistent policy in one solid view.“
"SD-Access is transformational in how our
IT can securely and remotely provision
cruise ships around the world."
Michael Giresi, CIO, Royal Caribbean
Raja Ukil, CIO, WiproSebastian Meissner, Network Architect,
Deutsche Bahn Systel
"SD-Access’ segmentation & automation
capabilities drastically simplifies global IT
operations with complete visibility to deliver
new services quickly.“
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
"The Intel® Xeon® processor D family of
System on a Chip and the Cisco Catalyst
9000 switches push the edge of ‘what is
possible’ with the ecosystem for
containers and application hosting on a
common platform.“
"The Catalyst 9000 has exceeded NASA’s
mission-critical requirements for security
and segmentation...and at twice the
performance.“
Eric Latta, Solutions Architect, NASA
University of ViennaSandra Rivera, Sr. VP/GM, Network
Platforms Group, Intel
“The Catalyst 9000 with open Cisco IOS
XE simplifies operations dramatically and
helps IT create a secure learning
environment for our 10,000 employees
and nearly 100,000 students.”
SD-Access Customer Testimonials
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Catalyst 9000 – Built for SD-Access
First in enterprise
• x86 CPU with app hosting
• Programmable ASIC
• Software patching
Future-Proofed
• IEEE 802.11ax ready
• 100W PoE (IEEE 802.3bt) ready
• 25G Ethernet ready
Industry’s unmatched
• High Availability
• MultiGigabit density
• UPOE scale
SD-Access
integrated
Converged
ASIC
Single Image
Common
Licensing
UADP 2.0
IOS® XE Software
Catalyst 9000 Series 9300 – Fixed Access, 9400 – Modular Access,
9500 – Fixed Core
Security IoT convergence CloudMobility
C97-738949-01 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Introducing Cisco Catalyst 9300New generation of fixed access
Modular
FansModular uplinks
8x10G 2x40G 4x mGig 4x1G
Modular power supplies
350W 715W 1100W
mGig UPOE
1G UPOE/PoE+
24 Ports
1G Data
48 Ports
* Not available at FCS
Cisco Catalyst 9000
leadership
UADP 2.0
Cisco IOS® XE Software
SD-Access
x86 CPU and containers
Encrypted Traffic Analytics
(ETA)*
AES256/MACSEC256*
Trustworthy systems
StackWise® Virtual*
IEEE1588 and AVB*
NBAR2
Perpetual/fast PoE
Model-driven programmability
Patching/GIR
Streaming telemetry*
2.5G at
the price
of 1G 40G
at the price
of 10G
Only
stackable
switch with
8x 10G
uplinks
Highest
2.5G/mgig
density in
the industry
C97-738949-01 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Introducing Cisco Catalyst 9400New generation of modular access
4-Slot* 7-Slot 10-Slot
Supervisor• Sup-1: 80G/slot access optimized
• Sup-1XL*: 120G/slot core optimized
Access line cards
• 24xmGig + 24xUPOE*
• 48xUPOE
• 48xPoE+*
• 48xData
Core line cards• 24x 10G SFP+*
• 48x1G SFP*
• 24x1G SFP*
Power supply• 3200W AC
• 3200W DC*
• 2400W AC*
*Not available at FCS
Cisco Catalyst 9000
leadership
UADP 2.0
Cisco IOS® XE Software
SD-Access
x86 CPU and containers
Encrypted Traffic Analytics
AES256/MACSEC256*
Trustworthy systems
StackWise® Virtual*
IEEE1588 and AVB*
NBAR2
Perpetual PoE*
Model-driven programmability
Patching/GIR
Streaming telemetry*
Industry’s
highest PoE
scale
Redundancy
now
tablestake
9Tbps
system
b/w
C97-738949-01 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Catalyst 9500 innovations and benefits
12Px40G 24Px40G 40Px10G + 8Px10G/2Px40G
Granular port densities to address all campus sizes
Depth: 21.8”
Height:1RU
Cisco IOS® Software 16.xSD-Access, MPLS AVB, WRED, NAT, PAT, NBAR2 StackWise® Virtual
High-scale control plane with 2.4GHz x86 CPU with 16 GB DDR4 memory
Internal storage: 16GBExternal storage: 1xUSB 2.0 (front), 1xUSB 3.0 (back)
Up to 2x 950W AC/DC PSU5 x fan trays
Up to 24 ports of QSFP
Nonblocking ports with 5.3MB (shared) packet buffer per portBuilt-in RFID
Extending Cisco
Catalyst 4500X
leadership in fixed
backbone
3x throughput
3x bandwidth
5x buffering
5x CPU speed
4x memory and flash
4x port speed
2.4x 10G port density
C97-738949-01 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Catalyst 9000 platform transitions
Catalyst
9000
Series
Cisco®
Catalyst® 9400
Cisco Catalyst 9300 Cisco Catalyst 9500
Cisco Catalyst 3850 Copper Cisco Catalyst 4500-E Cisco Catalyst 4500XCisco Catalyst 3850 Fiber 48
Port
Access switching Backbone switching
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Catalyst 9K Licensing Ties
DNA Advantage
includes
DNA Essentials
Software Suites for Business Outcomes
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Introducing New Software Subscription Licensing
Cisco ONE Suites or Ala
Carte Model
ADVANTAGEESSENTIALS
Full L3, Segmentation,
Software Defined Access,
ETA & Assurance
Layer 2, Routed Access,
Base Automation and
Monitoring
Ongoing
Innovation
License Portability
Software Support
Included
OpExPreference
Lower Entry Costs
Available for Current Generation Catalyst 3K, 4K, 6K and Next Generation Catalyst 9K Series
Cisco ONE Suite – Essentials Includes ISE Base
What’s in each software package?
DNA Center
ISE
Stealthwatch
Encrypted Traffic Analytics (ETA)
Software Defined Access
Assurance
Base Automation & Monitoring
ISE Plus
ISE Base
Stealthwatch
Cisco ONE
Advantage
DNA
Advantage
DNA
Essentials
Cisco ONE A la Carte
Included
ISE Base & Plus
required
ISE Base
recommended
Capable (requires
additional purchase)
ISE Base
recommended
ISE Base & Plus
recommended*
Steathwatch required
* ISE Base & Plus required to troubleshoot network with user name search
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Catalyst Support Model
Solution Support
-or-
Smart Net Total Care
- or -
Partner Support Service
*Includes NBD HW replacement + ELL-W provides 90 days of TAC access at business hours and lifetime Software Updates;
SNTC required for IP Services; E-LLW not supported on 4K or 6K
**Includes 24x7 TAC access, knowledge base access, software downloads for DNA only; TAC access for Perpetual stack will
require SNTC or Partner Support or Solution Support
TS Product Level Support
Hardware with Network Stack(Lan Lite, Lan Base, IP Lite, IP Base, IP
Services, Enterprise Services, Ad. IP Services, Ad. Enterprise Services)
AndNBD HW Repl. + E-LLW*
Catalyst 2K, 3K, 4K, 6K
DNA Essentials / Advantage
With Embedded Support**
Catalyst 9K
Hardware with Network Stack(Essentials / Advantage)
AndNBD HW Repl. + E-LLW*
DNA Essentials / Advantage
With Embedded Support**Embedded Support
Optional
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNA SolutionCisco Enterprise Portfolio
APIC-EM Network Data PlatformIdentity Services Engine
Routers Switches Wireless APs
DNA Center
DESIGN POLICY PROVISON ASSURANCE
DNA Center
Simple Workflows
Wireless Controllers
© 2017 Cisco Confidential - Internal Use Only
Introducing DNA Add-on Licenses for 3K, 4K, 6K
3650/3850 4500E 68002960X/XR/L
Essentials
Basic
Automation
Basic
Monitoring
Element
Management
Essentials
LAN Base
Basic
Automation
Basic
Monitoring
Element
Management
Advantage
Software-Defined
Access
Assurance &
Analytics
IP Base/ IP Services/
Enterprise ServicesLAN Base
4500X
© 2017 Cisco Confidential - Internal Use Only
Tilbud 1A DNA Center Essentiels licens pakke samt fuld Netflow (2960X vs 9300)
Part Number Description
Service
Duration
(Months)
Unit List Price in $
WS-C2960X-24PS-L Cisco Catalyst 2960X 24 Port PoE 4x1G Uplink LAN
Base --- 3.195,00Uden Stacking (Pris 1195$)
C2960X-DNA-E-24-3YC2960X DNA Essentials, 24-Port, 3 Year Term
License36 610,00
C1FACAT29003K9 C1 2960X Netflow license, Prime, ISE Base 25 36 1.100,00
Part Number Description
Service
Duration
(Months)
Unit List Price in $
C9300-24P-E Catalyst 9300 24-port PoE+, Network Essentials --- 5.510,00Med stacking
C9300-NM-4G Catalyst 9300 4 x 1GE Network Module --- 510,00
C9300-DNA-E-24-3YC9300 DNA Essentials, 24-Port, 3 Year Term
License36 610,00
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Tilbud 1B DNA Center Essentiels licens pakke samt fuld Netflow (3650 vs 9300)
Part Number Description
Service
Duration
(Months)
Unit List Price in $
WS-C3650-24PS-S Cisco Catalyst 3650 24 Port PoE 4x1G Uplink IP
Base --- 5.200,00Uden Stacking (Pris 1650$)
C3650-DNA-E-24-3YC3650 DNA Essentials, 24-Port, 3 Year Term
License36 610,00
Part Number Description
Service
Duration
(Months)
Unit List Price in $
C9300-24P-E Catalyst 9300 24-port PoE+, Network Essentials --- 5.510,00Med stacking
C9300-NM-4G Catalyst 9300 4 x 1GE Network Module --- 510,00
C9300-DNA-E-24-3YC9300 DNA Essentials, 24-Port, 3 Year Term
License36 610,00
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What to Do Next?
49
BRKDCN-2489
Get SD-Access Capable Devices
with C1 DNA Advantage OS License
Get DNA Center Appliances
with C1 DNA Advantage App License
Cisco Services can help you
to Test / Migrate / Deploy
Refresh your
Hardware and Software
Deploy the
DNA Center
SD-Access
Capable
Engage
Cisco Partner & Services
DNA
Center
Cisco
Services
Advisory
Implementation
Technical
Optimization Training
Managed
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SD-Access Sales JourneyAlign to Customer Priorities
Qualify Discover Select Lead Sales Motion AdoptSet the Agenda
and Pilot
DNAC Assurance
DNA-Ready Infra Segmentation & Access
Control
SDA
DNAC Automation
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Customers Software Defined Access Journey
Assurance
Software
Defined Access
AdvantageEssentials
Base Automation &
Monitoring
Basic Automation &
Monitoring
Assurance
Software
Defined
Access
PNP cloud &APIC-EM 1.6 Update
Cisco Plug and Play Connect (PnP Connect) General Availability
We are pleased to announce the general availability of Cisco Plug and Play Connect (PnP Connect)
Release 1.0. Cisco PnP Connect, a cloud based service, is a component of the Cisco Network Plug and Play
solution and provides automated discovery of an on-premise APIC-EM controller. Additionally, PnP Connect
enables configuration provisioning of devices directly through the cloud, without APIC-EM (beta feature
N-PnP Cloud Redirection Service
PnP-Agent APIC EM
Server
PnP-Agent
Where’s my PnP Server?
PnP Cloud
Redirection Service
Customer
Or Partner
APIC-EM IP
PnP Protocol
CISCO
CUSTOMERCisco Commerce Workspace
Supply-Chain
Customer DB
Customer Order
Smart
Account DB
Device SR# Device SR#
Download Image & Config
APIC-EM Registers IP Address w/ Cloud
APIC-EM EasyQoS App
EasyQoSApplication QoS
Wireless AP
Trust Boundary
PEP
4Q (WMM)
Catalyst 3650
Trust Boundary
PEP
2P6Q3T
Catalyst 4500
1P7Q1T
Catalyst 6500
1P3Q4T
1P7Q4T
2P6Q4T
…
Nexus 7700
F3: 1P7Q1T
WLC
PEP
ASR/ISRs
MQC
Catalyst 2960-X
Trust Boundary
PEP
1P3Q3T
Wireless AP
Trust Boundary
PEP
4Q (WMM)
EM
Applications can interact with APIC-EM via Northbound
APIs, informing the network of application-specific and
dynamic QoS requirements
Southbound APIs translate
business-intent to platform-
specific configurations
Network Operators express high-level
business-intent to APIC-EM EasyQoS
Custom BW Allocation per BW Class
Ability to select BW profile per policy scope
APIC-EM CAA – Life Cycle Management
APIC-EM 1.x PlatformCAA- Life Cycle Management
APIC-EM 1.x PlatformCAA- Life Cycle Management – Hardware EoL
HW End of Sale/End of Support Information
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Customers Software Defined Access Journey
Assurance
Software
Defined Access
AdvantageEssentials
Base Automation &
Monitoring
Basic Automation &
Monitoring
Assurance
Software
Defined
Access
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64
Per Jensen
November 22, 2017
Enable secure and consistent network access
DEMO & Deepdive DNA-Center & Software-Defined Access
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
System Engineer Cisco DK