Volume 2 - Chapter 22: Cisco Software-Defined Access (Cisco SD-Access)

Question 1

In regards to Cisco SD-Access, describe the function of the underlay.

Answer 1

The underlay are all of the physical components and connections required to provide connectivity to all SD-access devices.

Question 2

In regards to Cisco SD-Access, describe the function of the overlay.

Answer 2

A collection of devices that use VXLAN tunnels to transport traffic from one endpoint to another over a fabric.

Question 3

The combination of an overlay and underlay together within an SD-Access network is refered to as a ____.

Answer 3

Fabric

Question 4

What RFC defines VXLANs?

Answer 4

RFC 7348

Question 5

Describe the function of a VXLAN in regards to SD-Access

Answer 5

Virtual Xtensible Local Area Network.

To provide/extend a layer 2 network over an existing layer 3 network

Question 6

What term best describes the following:
* A switch that resides at the edge of the Cisco SD-Access fabric
* Each switch is connected using a VXLAN tunnel
* Connects to end devices

Answer 6

A Fabric Edge Node

Question 7

Describe the function of a Fabric Border Node.

Answer 7

A switch that connects to devices outside of the control of Cisco SD-Access.

Question 8

What term best describes the following?

A switch that performs special control plane functions for the underlay (LISP)

Answer 8

The Fabric Control-Plane Node.

Question 9

Describe how layer 2 and 3 differ with Cisco SD-Access in comparison to a tradition network.

Answer 9

SD-Access uses a routed access layer design, where all LAN witches use layer 3 links between each other rather than trunks.

STP is not needed in this configuration so no ports are in a blocking state and more bandwidth is supported.

Question 10

True or False;

Cisco Catalyst Center can automatically configure the underlay network layer.

Answer 10

True.

Question 11

The following diagram is an example of a?

Answer 11

Routed Access Layer created using Cisco Catalyst Center.

Question 12

What type of routing protocol is used by switches configured to use a routed access layer?

Answer 12

IS-IS

Question 13

True or False;

HSRP/FHRP is required to support a routed access layer.

Answer 13

False; all switch to switch links are layer 3 connections and as such, FHRP/HSRP is not required.

Question 14

True or False;

STP is not required to support a routed access layer.

Answer 14

True; all switch to switch links are layer 3 connections and as such, STP is not required.

Question 15

Describe how a frame sent by a host is processed and forwarded on a Cisco SD-Access Overlay.

Answer 15

1. Host sends a frame which is received by a fabric edge node
2. The edge node encapsulates the original frame into an additional VXLAN frame and passed it onto the overlay
3. The other fabric nodes forward the frame based on the information in the VXLAN frame
4. The frame arrives at another fabric edge node and the VXLAN details are removed; leaving the original frame.

Question 16

The ASIC chip on each fabric node that perfroms the VXLAN encapsulation/de-encapsulation is refered to as?

Answer 16

The Unified Access Data Plane (UADP).

Question 17

Describe how the IP space is utilized on a Cisco SD-Access network.

Answer 17

A seperate address space is used for the underlay that differs from the rest of the enterprise.

Question 18

Describe how LISP is used with a Cisco SD-Access network.

Answer 18

The LISP server contains a mapping of Endpoint IDs (EIDs) to Routing Locators (RLOCs)

For example, Host 1 (10.1.1.1/24) is connected to a fabric edge node (SW3 - 172.16.4.5). The LISP server will containing a mapping:
* Subnet 10.1.1.0/ 24 is reachable through switch 3 (172.16.4.5)

Question 19

Host A is connected to SW1 on the SD-Access network. Host A wants to send traffic to Host B (192.168.40.3), but SW1 does not know where to forward the traffic.

What are the steps required for SD-Access forward this frame?

Answer 19

1. Host A’s frame arrives at SW1
2. SW1 queries the LISP server (how do I reach 192.168.40.3?)
3. LISP server responds with the RLOC for SW8 (172.12.1.2)
4. SW1 queries SW8 (do you have an EID for 192.168.40.3?)
5. SW8 confirms
6. SW1 encapsulates the original frame into a VXLAN frame and packet with a destination of 172.12.1.2 and forwards it onto the overlay
7. SW8 receives the frame, de-encapsulates it, then forwards it to Host B

Question 20

True or False;

The LISP mapping server keeps track of a host’s EID and updates the other fabric nodes as the host moves from location to location.

Answer 20

True.

Question 21

What are the 2 roles of the Cisco Catalyst Center?

Answer 21

1. As the controller in a Cisco SD-Access network.
2. As a network management platform for traditional non-SD-Access devices.

Question 22

What northboud API is utilized by Cisco Catalyst Center?

Answer 22

REST API

Question 23

What are the southbound APIs that are supported by Cisco Catalyst Center?

Answer 23

Traditional: SNMP, SSH, Telnet
Newer: NETCONF, RESTCONF

Question 24

Describe how ACL security differs with Cisco SD-Access versus traditional ACLs.

Answer 24

ACLs require manual configuration and management.

Cisco Catalyst Center is used with SD-Access to configure policies through an API or the GUI. Then Catalyst Center configures the fabric accordingly.

Question 25

What term best describes the following?

A networking model where a technician configures a desired outcome (such as a security policy), and a controller configures the network devices accordingly to acceive that outcome.

Answer 25

Intent-Based Networking

Question 26

In regards to security with SD-Access, describe the function of SGTs.

Answer 26

Scalable Group Tags (SGTs) are used to restrict user traffic similar to access-lists. Rather than manually configuring ACLs, scalable groups are created and assigned permissions:
* Accouting can talk to Finance
* Finance can talk to Management
* Guests cannot talk to any other network

Question 27

Describe how SGTs are processed on a VXLAN.

Answer 27

Edge nodes will communicate with Catalyst Center to identify and tag user traffic with SGTs:
* If two SGTs are allowed to communicate, the VXLAN tunnel is built
* If two SGTs are not alloved to communicate, the tunnel is not built

Question 28

Describe the differences bettwen Narrow AI and Generative AI.

Answer 28

Narrow AI is designed to complete a specific task and lacks the cognitive abilities of humans.

Generative AI can make desicisions, learn, and be taught information similar to the abilities of humans.

Question 29

What term best describes the following?

A branch of AI that focuses on the development of algorithms and complex data models.

Answer 29

Machine Learning.

Question 30

What term best describes the following?

A branch of AI that allows an AI to make predictions on datasets that it has not seen yet.

Answer 30

Predictive AI.

Question 31

AI sometimes can sometimes be improved by providing it with a large set of databases and API access. This model is sometimes refered to as?

Answer 31

A Large Language Model (LLM).

Question 32

What term best describes the following?

A network management model that utilizes Machine Learning and AI to automate manual IT tasks.

Answer 32

AI Operations (AI Ops)