« back to news

Cisco Extended Enterprise with Cisco DNA Center Instant Demo v3

Date
November 2020

Security is top of mind for many network administrators especially when it comes to IOT. To those network administrators, IOT means end devices that don’t authenticate and pose a security risk. How to effectively secure your network while allowing unauthenticated devices on? That is the dilemma. Today many network administrators are operating networks with IOT devices attached and no security policy. They are just hoping and praying that nothing bad happens. They rely on badge access to the building or badge access to the areas where the IOT devices are to be secure. But they can’t be sure about this in all cases.

Cisco DNA Center has a solution that allows network administrators to deploy a simple and effective security policy for IOT devices. It does not involve multiple firewalls deployed in the network. Cisco DNA Center security solution allows the network administrator to push Intent into the network, and the network implements the security policy. It’s simple and effective.

This Cisco Extended Enterprise with Cisco DNA Center Instant Demo will lead the user through a series of steps showing Cisco DNA Center’s Intent-based security feature. The demo defines a security policy for IOT Devices, and then shows how a network administrator could implement this policy through intent. It shows how Cisco DNA Center can be used to segment devices that do not authenticate from those end users and devices that authenticate. Finally, it demonstrate how to define detailed security policy within in each segment.

Scenarios

In Scenario 1, Cisco DNA Center – Managing the Extended Enterprise we cover an overview of Cisco’s Digital Network Architecture (DNA) Center showing a further extension of the extended enterprise network beyond carpeted areas into IoT environments such as meters, warehouses, security cameras, and digital signage with IoT elements managed by Cisco DNA Center. View assurance summary, network snapshot, network configuration, and tools covering network topology, security advisories, data reports and more. There are no live devices used in this demonstration therefore some DNAC features are not covered in this demo. Nevertheless, you can explore the options available keeping this limitation in mind.

In Scenario 2, Intent Based Security for IoT using Cisco DNA Center we explore creating security policy via the creation of a virtual network to segment devices. In this scenario we see devices that do not authenticate on our IoT network, so we use Cisco DNAC to establish a security policy. We cover providing security for IoT devices by using Cisco DNAC’s Policy feature to define a virtual network to provide macro segmentation and use Group Based access control and IP Based access control to provide micro segmentation.

In Scenario 3, Template Based Configuration for Industrial Ethernet Switches Using Cisco DNA Center, we will configure IE switches using Templates in Cisco DNA Center. The templates would enable IE alarms for these switches are deployed in Cabinets. The IE alarms will notify the network admin when the cabinet door is opened. An SNMP Trap and a syslog message is initiated by the IE switch when the “input” alarm is triggered. Additionally, an alarm is also triggered when an uplink goes down, and SNMP Trap and syslog messages are sent out. Once the IE Templates are configured, we will use them in Network Profiles and deploy the configuration to switches available in the inventory.

Requirements

 

Required Optional
  • PC or MAC running the Chrome browser in incognito mode
Firefox Browser in Private Window

Get Started & Resources