Installing, Configuring, Monitoring and Troubleshooting Cisco Catalyst (SDWAN) V20

In this 5-day hands-on up-to-date course on Cisco (Viptela) SD-WAN 20.12 / IOS-XE 17.12, students will learn how to administer SD-WAN. Students will learn about deploying and configuring SD-WAN Controllers, vEdge Devices, and Cisco IOS-XE Devices. Students will learn how to manage the vManage Interface, along with the change in the interface in 20.6 and above. Students will learn about Device Template, Feature Template, Configuration Groups and CLI Templates. Student will learn how to tune OMP, BFD, TLOCs, QoS, TCP OPT, DRE, FEC, Packet Duplication. Students will learn how SD-WAN implements Security using SASE, SIG, Umbrella, FW, IPS, AMP, Threat grid, TLS Decryption and Direct Internet Access (DIA). Students will learn about Local and Central Policies. Students will also learn how Cisco SD-WAN allows Enterprises to deploy an effective Cloud Solutions such as Amazon AWS, Microsoft Azure, and Google Cloud, MegaPort, Equinix, and SAAS application such as O365 and Webex. Students will also learn how to Monitor and Troubleshoot the SDWAN Solution.

Use this course towards your Cisco Continuing (CE) Education Credits (40)

Pay by using your Cisco (CLCs) Learning Credits (46) click here: Cisco Learning Locator

Why Attend with Current Technologies CLC

• Our Instructors are the top 10% rated by Cisco
• Our Lab has a dedicated 1 Gig Fiber Connection for our Labs
• Our Labs run up to Date Code for all our courses

• SD-WAN Overview
• Controllers
• Allow Lists and Certificates
• Platforms
• Router Deployment
• Configure vManage
• SD-WAN Software Updates
• OMP / Fabric
• QoS / QoE
• Security / SASE
• Creating and Applying SD-WAN Templates
• Local and Central Policy
• Deploying using Templates
• ThousandEyes Integration
• Cloud Onramp for SaaS
• vAnalytics
• Monitoring & Troubleshooting the SD-WAN Solution

The job roles best suited to the material in this course are:

• System Installers
• System Integrators
• System Administrators
• Network Administrators
• Solutions Designers
• Systems Architects

Recommended Cisco offerings that may help you meet these prerequisites:

• Implementing and Administering Cisco Solutions (CCNA®) or equivalent knowledge

Module 0: Introductions

• Module Topics
  • General Administration
  • Introductions
  • WebEX Basics
  • Lab Access
  • Questions Administrators are asking about their WAN
  • Why SD-WAN
  • Questions Asked by Companies about SD-WAN
  • What is SD-WAN?
  • SD-WAN Desired Benefits
  • How does Cisco define SD-WAN?
• Module Summary

Module 1: Cisco SD-WAN (Viptela) Platform Overview

• Module Topics
• Lesson 1: Legacy WAN Architecture
  • Common WAN Topologies - Design and Deployment Considerations
  • WAN needs to Support Cloud Apps
  • Cisco’s SD-WAN Functionality Comparison
• Lesson 2: Cisco SD-WAN Solution Overview
  • Cisco SD-WAN Solution Overview
  • Software Defined Centralized Control
  • SD-WAN - Control Plane vs Data Plane
  • SD-WAN Terminology – SD-WAN Pathways
  • Cisco SD-WAN Solution Roles and Responsibilities
  • SD-WAN Terminology – TLOC (Transport Locator)
  • SD-WAN Terminology – Site-ID
  • Site-ID Design
    SD-WAN Terminology – Required WAN Edge Settings
  • SD-WAN Terminology – Control Connections
  • OMP Parameters – Security Keying Timers
  • Cisco SD-WAN Cloud -Delivered Architecture
  • Widely Deployed Capabilities
• Lesson 3: Licensing for Cisco SD-WAN
  • Cisco Cloud Hosted Controller
  • Licensing
  • Choose License Type and Level
  • High Availability Licensing
  • Cisco DNA SD-WAN Licensing (1)
  • SDWAN Licensing Tiers
  • High Availability Licensing
  • Cisco Smart Licensing
  • Cisco Smart Licensing Pooling
  • Managing Smart Licenses
  • What a Smart Account is and what it isn’t
  • Smart Account Structure
  • Smart Licensing for SD-WAN
  • Cisco vManage Using an Internet Cisco SSM
  • Cisco vManage Using a Cisco SSM On-Prem License Server
  • Device License Interface
  • Sync Licenses
  • Assign Licenses to Devices
  • License Assigned to Devices
  • License Reporting
• Module Summary

Module 2: Cisco SD-WAN Controllers 

• Module Topics
• Lesson 1: Cisco SD-WAN Controller Architecture
  • Cisco SD-WAN Architecture
  • Cisco SD-WAN Controller Deployment Models
  • Controllers Deployment Models
  • SD-WAN Order Provisioning Flow
  • Controllers Deployment Options
  • Cisco SD-WAN vManage Architecture
  • Cisco SD-WAN vSmart Architecture
  • Cisco SD-WAN vBond Architecture
  • vBond Controller IP/Port Requirement
  • Controller Deployment in AWS/AZURE
  • Large Multinational Controller Deployment in AWS/AZURE
  • Cloud Hosted Secure Management Access Requirements
  • SNMP/SYSLOG/TACACS Management Controller Access
  • Cloud Hosted Deployment - Caveats
  • WAN Edge Control Plane Transport Caveats
  • On-Prem Deployment Considerations
  • On-Prem Deployment – vBond/NAT Traversal
  • On-Prem Controller Access
  • On-Prem Deployment
  • Controller Proxy Access
  • Controller VPNs/Network Interfaces
• Lesson 2: Cisco SD-WAN Self-Service Portal
  • Prior to SD-WAN Self-Service Portal
  • Cisco SD-WAN Self-Service Portal (SSP)
  • Cisco SD-WAN Self-Service Portal Tools
  • Cisco SD-WAN Self-Service Portal Login URL
  • Cisco SD-WAN SSP Controller Lifecycle Management
  • SSP Manages SD-WAN Controller Fabric
  • SD-WAN SSP Cloud Service Provider Selection
  • Choose AWS or AZURE Cloud and SD-WAN Version
  • Choose Location of Controllers and Data Storage (1)
  • Monitoring Controllers using the Self-Service Portal
  • Control Access to SD-WAN Controllers
  • Management WAN Edges and AAA Use Cases
  • Configure Self-Service Portal Roles for IdP Users
  • Create a Cisco SD-WAN Cloud-Hosted Overlay Network (1)
• Lesson 3: vManage Multitenant Mode
  • Multitenant vManage NMS
  • Controller Tenancy – Single Tenant
  • vManage Multi-Tenancy
  • Migrate Single-Tenant Cisco SD-WAN Overlay to Multitenant
  • Multi-Tenancy Options
  • Place the vManage NMS into Multitenant Mode
  • Tenant Menu
  • Add Tenants
• Lesson 4: Verify Control Plane
  • Check Control Plane – vManage (1)
  • Check Control Plane – vBond (1)
  • Check Control Plane – vSmart (1)
• Lesson 5: Controller High Availability
  • SD-WAN Controller Scale
  • Horizontal Solution Scale – Data Plane
  • Using Affinity to Manage Network Scaling
  • Redundancy – vSmart Control Controllers
  • Redundancy – vManage System
  • vManage Redundancy
  • Cluster Management Status
  • vManage CLI Status Command
  • Cisco vManage Cross – DC High Availability 19.2 and above
  • Understanding the vManage Cluster Messaging Interface
• Module Summary

Module 3: Cisco SD-WAN Allow Lists and Certificates

• Module Topics
• Lesson 1: Certificate Fundamentals
  • Public Key Infrastructure
  • Types of Certificates
  • Certificate Trust Chain
• Lesson 2: SD-WAN Certificates
  • Certificate Authority for Controllers Authentication
  • Certificate Authority Options
  • WAN Edge and Controllers Allow Lists
  • Certificate-Based Trust Allow Lists
  • Digitally Signed WAN Edge List - Manual Download
  • Digitally Signed WAN Edge List - Smart Account
  • Controllers Identity
  • Establishing IOS-XE SD-WAN Edge Router Identity
  • cEdge Router Identity
  • Cisco IOS-XE Router Certificates
  • Secure Control Channel
  • Secure Control Channel - WAN Edge
  • Cisco SD-WAN Network Bring-up (1)
  • Zero Touch Provisioning - vEdge
• Lesson 3: Certificate Configuration
  • Organization Name and vBond Configuration
  • Controller Certificate Authorization - Cisco Automated
  • Controller Certificate Authorization - Digicert Automated
  • Controller Certificate Authorization - Symantec Manual
  • Controller Certificate Authorization - Enterprise Root CA
  • Configure Hardware WAN Edge Certificate Authorization Settings
  • Configure WAN Edge Cloud Certificate Authorization Settings
  • Configure – Certificate Revocation List
  • Generate Web Server Certificate - CSR
  • Import Web Server Certificate
  • View Web Server Certificate
  • Enterprise Feature Certificate Authorization
• Lesson 4: Certificate Validity
  • SD-WAN WAN-Edge Certificate States
  • Configuration > Certificate
• Lesson 5: Monitoring and Troubleshooting Certificates
  • Monitor Certificates using Dashboard
  • Ensure WAN Edge Certificates are Valid
  • Check Certificate Properties in GUI
  • Check Certificate Properties in CLI
  • Troubleshooting – View Installed Certificate
  • Troubleshooting – View the Root CA Certificate
  • Check Certificate Expiration Date
• Module Summary

Module 4: Cisco SD-WAN Platforms

• Module Topics
• Lesson 1: SD-WAN Platform Overview
  • Cisco SD-WAN Routing Portfolio
  • Picking a Device Platform
  • What’s in a Name?
• Lesson 2: SD-WAN vEdge Platform
  • Discontinuation of vEdge & Viptela OS
  • Cisco vEdge Routers
  • Scalability Considerations Data Plane and IPsec
  • WAN Edge Cloud Virtual Routers
    • Cisco ISR1100-4G
    • Cisco ISR1100-6GvEdge 100
• Lesson 3: SD-WAN cEdge Platform Overview
  • SD-WAN cEdge Platforms
  • IOS Version Images
• Lesson 4: SD-WAN Industrial Router Portfolio
  • SD-WAN Industrial Routers
  • SD-WAN Industrial Routers – Catalyst IR1100/IR1101
  • SD-WAN Industrial Routers – Catalyst IR1800 Series
  • SD-WAN Industrial Routers – Catalyst IR8300
  • SD-WAN Industrial Routers – Cisco Catalyst IR8140H
  • Cisco Catalyst IR8140H Heavy Duty Series Router
• Lesson 5: SD-WAN ISR 1000/1100 Series Routers
  • Cisco ISR 1000 Platform Evolution
  • ISR1100 Series Router PID Breakdown
  • C1109-2PLTE/C1109-4PLTE2P
  • C1111X-8P
  • Cisco ISR C1121X-8PLTEPWx
  • Cisco ISR 1130 Series Platforms List
  • Cisco ISR C1131-8PWx
  • Cisco ISR C1131X-8PWx
  • Cisco ISR C1131-8PLTEPWx
  • Cisco ISR C1131X-8PLTEPWx
  • Cisco ISR C1161X-8PLTEP
  • ISR 1100 Features
  • ISR 1100 Portfolio
  • ISR1100-4G vs ISR1100X-4G
  • ISR1100-6G vs ISR1100X-6G
• Lesson 6: Cisco ISR 4000 Series Routers
  • Cisco ISR 4000 Platforms Family
  • Cisco ISR 4221-X Edge Platform
  • Cisco ISR 4321 Edge Platform
  • Cisco ISR 4331 Edge Platform
  • Cisco ISR 4351 Edge Platform
  • Cisco ISR 4431 Edge Platform
  • Cisco ISR 4451-X Edge Platform
  • Cisco ISR 4461 Edge Platform
• Lesson 7: Cisco ASR 1000 Routing Portfolio
  • Cisco ASR 1000 Series Routers: Overview
  • Cisco ASR1001-X
  • Cisco ASR1001-HX
  • Cisco ASR1002-X
  • Cisco ASR1001-HX
  • Cisco ASR1006-X
• Lesson 8: Catalyst 8000 Series Router Overview
  • Cisco Catalyst 8000 Routing Portfolio
  • Cisco Catalyst 8000 Edge Platforms Family (1)
  • Catalyst 8000 Edge Routers
• Lesson 9: Catalyst 8500 Series Routers
  • Catalyst 8500 for SD-WAN
  • Catalyst 8500 Third Generation QFP ASIC Innovation
  • Catalyst 8500/8500L Series Edge Platforms
  • Cisco Catalyst 8500 Series Edge Platforms
  • Cisco Catalyst 8500 Series Edge Platforms
  • SD-WAN Throughput Performance
  • Catalyst 8500-20X6C Fixed Platform
  • C8500-12X4QC Port Connectivity
  • 100GE, 40GE Connectivity Options (1)
  • High Density 10GE, 1GE Connectivity Options
  • Catalyst 8500L Series Edge Platforms
  • ASR1002-HX vs C8500-12X4QC
  • ASR1001-HX vs C8500-12X
  • ASR1001-X vs C8500L-8S4X
  • SD-WAN Throughput Performance
• Lesson 10: Catalyst 8300 Series Routers
  • Cisco Catalyst 8300 Series Edge Platforms (1)
  • Cisco Catalyst 8300, 8200 Edge Platforms
  • C8300-2N2S Front View
  • C8300-1N1S Front View
  • ISR 4451 vs C8300-2N2S-xxxx
  • ISR 4431 vs C8300-1N1S-xxxx
• Lesson 11: Catalyst 8200 Series Routers
  • Cisco Catalyst C8200-1N-4T
  • Cisco Catalyst 8200L-1N-4T
  • Cisco Catalyst C8200-1N-4T / 8200L-1N-4T
  • ISR 4331 vs C8200-1N-4T
  • Catalyst 8200 vs ISR4331
• Lesson 12: Catalyst 8000 SD-WAN Supported Modules
  • Catalyst 8000 Backward Module Compatibility
  • Catalyst 8200/8300 Supported Modules
  • C8300 SM Based Layer 2 Switch Module
  • C8300 NIM Based Layer 3 1Gig and MGig WAN Module
  • C8300 NIM Based Layer 3 10G WAN Module
• Lesson 13: Catalyst 8000v Series Virtual Router
  • Deploy C8000V Anywhere - Flexible Deployment
  • Cisco Catalyst 8000v Edge Software
  • SD-WAN Cloud-first Journey with Catalyst 8000V
  • Cisco Catalyst 8000V Edge Software
• Lesson 14: ENCS 5000 and CSP 5000
  • Virtualization Provides Flexibility, Simplicity, & Savings
  • vEdge Cloud on ENCS
  • ENCS 5400 Series (1)
  • ENCS 5400 CPU Allocation Planning
  • ENCS 5400 RAM Allocation Planning
  • ENCS 5400 Internal Networking
  • CSP 5000 Major Components
  • CSP 5216/5228*
  • CSP 5436/5444/5456*
  • ENCS 5000 and CSP 5000 Series - Chassis Options
• Lesson 15: Cellular Gateways for SDWAN
  • Cisco Routing Cellular Platforms
  • SD-WAN Connectivity Options
  • Cisco Wireless WAN Current Offerings
  • LTE Dongle
  • LTE Advanced Pro
  • LTE Advanced
  • Cisco Cellular Gateway G
  • Cellular Gateway Connections
  • Cellular Gateways
  • Why Cellular Gateway is needed for High Quality Wireless WAN
  • Deployment Connectivity
  • Use Case for SDWAN Wireless
  • Last Resort Circuit
• Lesson 16: SD-WAN WAN Edge High Availability
  • High Availability and Redundancy Overview
  • Redundancy – Site with LAN Routing
  • Redundancy – Site with LAN Bridging
  • Transport Redundancy – Meshed (1)
  • Redundancy – Meshed Transports
  • Redundancy – Extended Transports
  • Transport Redundancy – TLOC Extension
  • TLOC Extension Configuration
• Module Summary

Module 5: Cisco SD-WAN WAN Edge Deployments

• Module Topics
• Lesson 1: Adding Device to the PNP Portal
  • Cisco Smart Accounts
  • Cisco Software Central PNP Portal – software.cisco.com
  • Cisco Plug and Play Portal
  • Plug and Play Connect – Add Controller Profiles (1)
  • Add Device to the Plug and Play Portal
  • Cisco IOS-XE Router Certificates
  • Add Device – Identify Sources
  • Add Device – Identify Device (1)
• Lesson 2: Device Initial Bootup and Image Selection
  • Single Image for IOS XE and IOS XE SD-WAN
  • Operational Mode Change
  • Greenfield, Brownfield Image Upgrade Scenarios
  • Install Requirements
  • Single Image: Boot Up Sequence
  • Generate Bootstrap Configuration for a vEdge Cloud Router (1)
• Lesson 3: SD-WAN Zero Touch Provisioning
  • Provisioning using Bootstrap Config File
  • ZTP – WAN Edge – Static IP Support
  • Zero Touch Deployment Using PnP Connect
  • Create Device Templates and Attach to Devices
  • ZTP: On-Boarding Physical Appliance
  • Power Up WAN Edge Appliance, PnP
  • Connect to vBond
  • Connect to vManage
  • Receive Full Config
  • Connect to the Overlay
• Lesson 4: SD-WAN Quick Connect
  • SD-Wan 20.6 – Quick Connect Onboarding
  • Quick Connect Workflow
  • Quick Connect – Getting Started
  • Quick Connect – Prerequisites
  • Quick Connect – Process Overview
  • Quick Connect – Progress Bar
  • Quick Connect – Sync Device Inventory
  • Quick Connect – Sync Device Inventory – From Smart Account
  • Quick Connect – Sync Device Inventory – Upload Device List
  • Quick Connect – Sync Device Inventory – Skip if Already Done
  • Quick Connect – Select Devices
  • Quick Connect – View Sync Device Inventory Task Details
  • Quick Connect – Return to Workflow
  • Quick Connect – Review Workflow – at any stage
  • Quick Connect – Add and Review Device Configuration (1)
  • Export the Config, Edit and Import
  • Quick Connect – Summary
  • Quick Connect – Preview CLI
  • Quick Connect – Deploy
  • Quick Connect – PnP/ZTP
  • Manual On-boarding
• Lesson 5: SD-WAN One Touch Provisioning
  • One Touch Previsioning Use-case
  • One Touch Provisioning Feature Overview
  • One Touch Provisioning Require Edge Device Configuration
  • One Touch Provisioning Require Edge Device Information
  • One Touch Provisioning Procedure
  • One Touch Provisioning Phase 2
  • One Touch Provisioning SMS Workflow
  • Mobile App – Upload Bootstrap File
  • Mobile App – Selection of Bootstrap File
  • Mobile App – Viewing/Editing File Content
  • Mobile App – Pushing Bootstrap File to Device
  • Mobile App – Enabling Controller Mode
  • One Touch Provisioning Supported Platforms
• Lesson 6: Manually Provision SD-WAN Edge Configuration
  • Manually Provision IOS-XE (1)
• Lesson 7: Verifying SD-WAN WAN Edge Configuration
  • OS Package Files
  • Running Configuration (1)
  • View a Device's Local Configuration
  • Template Log
  • Delete a WAN Edge Router
  • Decommission a vEdge Cloud Router
  • View Status of Device Bring-up
• Module Summary

Module 6: Configuring vManage

• Module Topics
• Lesson 1: Dashboard Overview and Changes
  • 20.6 vManage Menu Structure
  • SD-WAN 20.6 vManage Main Dashboard
  • SD-WAN 20.9 vManage Menu Structure
• Lesson 2: vManage Monitoring Dashboard
  • Monitor > Overview – Controllers Status Pane
  • Monitor > Overview – WAN Edge Status Pane
  • Monitor > Overview – Certificate Status Pane
  • Monitor > Overview – Licensing Pane
  • Monitor > Overview – Reboot Pane
  • Monitor > Overview – Modify the Dashboard (1)
  • Monitor > Overview – WAN Edge Health
  • Monitor > Overview – Site BFD Connectivity
  • Monitor > Overview – Transport Interface Distribution (1)
  • Monitor > Overview – WAN Edge Inventory Pane
  • Monitor > Overview – Transport Health
  • Monitor > Overview – Top Applications
  • Monitor > Overview – Application-Aware Routing
  • Monitor > Devices
  • Sort Devices by Health, Reachability, Personality, and Status
  • Select a Device to Monitor
  • Monitor > Device > System Status > Reboots
  • Monitor > Device > System Status > Crash
  • Monitor > Device > System Status > Hardware Inventory
  • Monitor > Device > System Status > Power Supply / Fans
  • Monitor > Device > System Status > CPU & Memory
  • Monitor > Device > SAIE Applications
  • Monitor > Device > Interface
  • Monitor > Device > Tracker
  • Monitor > Device > QoS
  • Monitor > Device > On Demand Troubleshooting
  • Monitor > Device > TLOC
  • Monitor > Device > Tunnel
  • Monitor > Device > Security Monitoring > Firewall
  • Monitor > Device > Control Connections
  • Monitor > Device > ACL Logs
  • Monitor > Device > Events
  • Monitor > Device > Troubleshooting
  • Monitor > Device > Real Time
  • Monitor > Device > Certificates
  • Monitor > Device > Licensing
  • Monitor > Tunnels
  • Monitor > Security
  • Monitor > VPN
  • Monitor > Logs > Alarms
  • Monitor > Logs > Events
  • Monitor > Logs > Audit Logs
  • Monitor > Multicloud
  • Monitor > Geography (1)
  • Monitor > SD-AVC Cloud Connector
• Lesson 3: vManage Configuration
  • Configuration > Devices
  • Configuration > Devices > Running Configuration
  • Configuration > Devices > Local Configuration
  • Configuration > Devices > Delete WAN Edge
  • Configuration > Devices > Decommission WAN Edge
  • Configuration > Devices > Generate Boot Strap
  • Configuration > Devices > Change Device Values
  • Configuration > Devices > Template Log
  • Configuration > Devices > Device Bring-up
  • Configuration > TLS / SSL Proxy
  • Configuration > Certificates
• Lesson 4: vManage Tools
  • Tools > SSH Terminal
  • Tools > Rediscover Network
  • Tools > Operation Commands
  • Tools > Operation Commands > Generate Admin Tech
  • Tools > Operation Commands > View Generate Admin Tech
  • Tools > Operation Commands > Reset Interface (1)
  • Tools > Operation Commands > Reset Locked Account
  • Tools > Operation Commands > Invalidate Device
  • Tools > Operation Commands > Stop Data Traffic
  • Tools > Operation Commands > Factory Default
  • Tools > TAC Cases
  • Tools > Template Migration
  • Tools > Network Wide Path Insights
  • Tools > On-Demand Troubleshooting
• Lesson 5: vManage Maintenance
  • Maintenance > Device Reboot
  • Maintenance > Security
• Lesson 6: Administrative Settings
  • vManage > Administration > Settings
  • Alarm Notifications - Enable Email Notifications
  • Enforce Software Version on WAN Edge Routers
  • Create a Custom Banner
  • Settings > HTTP/HTTPS Proxy Server
  • Settings > Enable Reverse Proxy
  • Settings > Statistics Settings
  • Settings > Cloud Onramp for SaaS
  • Settings > Cloud Services / vAnalytics Platform
  • Settings > vManage Client Session Timeout
  • Settings > vManage Session / Server Session Timeouts
  • Settings > Max Session per User
  • Settings > Enable Data Stream Collection
  • Settings > Tenancy Mode
  • Settings > Set Interval to Collect Device Statistic
  • Settings > vManage Maintenance Window
  • Settings > Single Sign-On – Identity Provider Settings
  • Settings > vManage Statistics Database
  • Settings > Google Map API Key
  • Settings > Software Installation Timeout
  • Settings > IPS Signature Update
  • Settings > Smart Account Credentials
  • Cisco vManage Communication with External Servers via Proxy
• Lesson 7: Resource Groups
  • Resource Group
  • Resource Groups
  • Terminologies – Resource Group vs User Group
  • Terminologies – Global Resource Group, Global Admin
• Lesson 8: Users and Groups
  • SD-WAN Authentication Mechanisms
  • Configuring AAA User Accounts
  • User Group Rules
  • Creating Users in CLI
  • Creating Users via vManage
  • User Account Management
  • Basic Group Privilege
  • Operator Group Privilege
  • Netadmin Group Privilege
  • Add Group and Permissions
  • Which Policies have Granular RBAC (R/W)?
  • Creating User Groups with Policy RBAC – GUI
  • Create Users and Assign to User Groups
  • Edit Group Permissions or Delete Group
• Lesson 9: RADIUS and TACACS
  • Configuring RADIUS
  • Configuring TACACS+ Authentication
  • [cEdge] Split NetAdmin Role on CLI
  • Privilege Levels
  • AAA Authorization and Accounting
  • cEdge CLI Authorization and Accounting Configuration
  • Configuring the Authentication Order
  • ISE (Identity Services Engine)
  • Configuring NAS Attributes
  • Show Users Command
  • show AAA Usergroup Commands
  • Administration > VPN Groups > Add VPN Group
  • Administration > VPN Segments
• Lesson 10: Single Sign-On / IDP Management
  • IDP Overview
  • vManage Configuration (1)
• Lesson 11: License Management
  • License Management
  • License Management – Smart Account Management (1)
  • License Management – Smart Account Management Reporting
• Lesson 12: Network Wide Path Insight
  • Network Wide Path Insight (NWPI)
  • NWPI Prerequisites
  • Network Wide Path Insight (1)
• Module Summary

Module 7: SD-WAN Software Upgrades

• Module Topics
• Lesson 1: Upgrading the SD-WAN Environment
  • SD-WAN Upgrade Images
  • Cisco vManage Upgrade Paths
  • SD-Wan Upgrade Images – WAN Edges
  • Upgrade Images Merge into Unified Image in IOS XE in 17.2
  • Best Practices for Software Upgrades
  • Upload Software Images to the Repository
  • Upload Images to Repository
  • Upload SD-WAN Images to vManage (1)
  • Upload Virtual Images for Security/DRE on IOS-XE (1)
  • Repository for Remote Images
  • Add Image to Remote Repository
• Lesson 2: Upgrade SD-WAN Controllers
  • Upgrade vManage
  • Software Upgrade Location and Platform Version
  • vManage OS Update Scheduled (1)
  • Activation of New vManage Images
  • vManage Activation
  • vManage Activation Complete
  • vBond Upgrades (1)
  • vSmart Upgrades (1)
  • vSmart Activation (1)
  • Upgrading WAN Edge Devices (1)
  • SD-WAN Upgrade - Set Default Image
  • SD-WAN Upgrade – Delete Old Images
  • SD-WAN Upgrade – Delete Downloaded Images
• Lesson 3: Software Upgrade Workflow Version 20.10 / 17.10
  • Workflow - Device Software Upgrade (1)
  • Check Tasks for Upgrade Status
• Lesson 4: Upgrading Devices via CLI
  • SD-WAN Upgrade – CLI – Transfer Files
  • SD-WAN CLI Upgrade – Install Image
  • SD-WAN CLI Upgrade – Activate Image
  • SD-WAN CLI Upgrade – Verify Image Activation
  • SD-WAN CLI Upgrade – Set Default Image
  • SD-WAN CLI Upgrade – Delete Old Image
  • SD-WAN IOS-XE Upgrade – CLI
  • SD-WAN CLI IOS-XE Upgrade – Install Image
  • SD-WAN CLI IOS-XE Upgrade – Activate Image
  • SD-WAN CLI IOS-XE Upgrade – Verify Image Activation
  • SD-WAN IOS-XE CLI Upgrade – Set Default Image
  • SD-WAN IOS-XE CLI Upgrade – Delete Old Image
• Module Summary

Module 8: SD-WAN OMP/Fabric

• Module Topics
• Lesson 1: SD-WAN Fabric Overview and Terminology
  • Why Fabric Architectures
  • SD-WAN Terminology – SD-WAN Pathways
  • SD-WAN Terminology – TLOC (Transport Locator)
  • SD-WAN Terminology – Site-ID
  • Site-ID Design
  • SD-WAN Terminology – Required WAN Edge Settings
  • SD-WAN Terminology – Control Connections
• Lesson 2: SD-WAN Segmentation
  • End-to-End Segmentation with Multi-Topology
  • Current Challenges in Deploying Segmentation
  • WAN Edge VPNs and Segmentation
  • VPN Labels
  • SD-WAN VPN Segmentation
  • SD-WAN Site Traffic Flows and Segmentation
  • Segmentation and Multi-Topology
• Lesson 3: OMP / TLOCs / Routes
  • Overlay Management Protocol (OMP)
  • OMP Parameters – Security Keying Timers
  • OMP Parameters
  • Fabric Operation Walk-Through
  • Overlay Management Protocol Route and Service Distribution
  • OMP Route Types and Prominent Attributes
  • OMP Routes - Routes learned from a site-local network
  • Interface (TLOC) Color
  • TLOC Route
  • TLOC Preference vs Weight
  • OMP Service Route Attributes
  • TLOC Colors
  • Overlay Routing
  • WAN Communication
  • Multi-Domain Routing Fabric
  • OMP Service/Route Timers
  • Graceful Restart for OMP
  • Transport Independent Fabric
  • Unicast Overlay Routing Overview
  • Advertise Local Routes
  • OMP Route Redistribution
  • Administrative Distance
  • NAT Traversal
• Lesson 4: SD-WAN BFD
  • Bidirectional Forwarding Detection (BFD)
  • SD-WAN Terminology – BFD
  • SD-WAN in a nutshell.!
  • BFD used for Critical Applications SLA
  • BFD Calculation for App-Route Policies
  • BFD Templates
  • Per-Class BFD Probing for AAR
  • BFDs In 17.4 and Beyond
  • Per Class BFD
  • Per Class BFD Applied with a SLA Class
  • Troubleshooting BFD Session Issues
• Lesson 5: On-Demand Tunnels
  • On-Demand Tunnels
  • On-Demand Tunnels – How?
  • How Dynamic Tunnels are Established?
• Lesson 6: SD-WAN Fabric Verification
  • Operational Commands (1)
  • show omp routes vpn 10 | tab
  • show ip route
  • show omp tlocs
• Module Summary

Module 9: SD-WAN QoS/QoE

• Module Topics
• Lesson 1: QoE / QoS Challenges
  • Application Delivery Challenges
  • The way we work has changed and Applications have moved to not one, but many Clouds
• Lesson 2: Quality of Experience (QoE) / Quality of Service (QoS)
  • Multidimensional Application Quality of Experience
  • Application Visibility and Recognition
  • WAN Edge Router QoS
  • Device QoS: Queuing
  • WAN Edge Router Traffic Prioritization
  • Device QoS: Shaping
  • Device QoS: Policing
  • Policing with Packet Loss Priority
  • DSCP and COS (802.1p) Re-marking
  • Differentiated Services - Quality of Service
  • Localized Data Policy (QoS) Configuration (1)
  • SD-WAN QoS Features
• Lesson 3: Per-Tunnel QoS
  • Per-Tunnel QoS
  • Per-Tunnel QoS Support on SD-WAN
  • Per-Tunnel QoS Configuration Workflow (1)
  • Per-Tunnel QoS Support on SD-WAN
• Lesson 4: Adaptive QoS
  • Adaptive QoS (1)
  • Adaptive QoS: Configuration Workflow
  • Adaptive QoS on IOS-XE SD-WAN
  • IOS-XE 17.3 - Adaptive QoS
• Lesson 5: Per VPN QoS
  • Overview of Per-VPN QoS
  • Per-VPN QoS Working
  • Description of Per-VPN QoS
• Lesson 6: Application Quality of Experience (AppQoE)
  • What is AppQoE?
  • Building Blocks of AppQoE
  • AppQoE with SD-WAN
  • AppQoE – Multitude of Deployment Use Cases
• Lesson 7: Forward Error Correction (FEC) / Packet Duplication
  • Forward Error Correction (FEC) (1)
  • FEC and Multiple Circuits
  • Forward Error Correction Design Considerations
  • Packet Duplication (1)
  • Packet Duplication Design Considerations
• Lesson 8: TCP Optimization
  • TCP Optimization (1)
  • TCP Optimization on IOS-XE
• Lesson 9: Data Redundancy Elimination (DRE) / Lempel-Ziv Compression (LZ)
  • DRE Optimization
  • DRE Architectural Overview
  • DRE (Data Redundancy Elimination) Optimization (1)
  • Lempel-Ziv Compression (LZ)
  • DRE vs LZ Compression
  • DRE (Data Redundancy Elimination) Optimization (1)
  • Multiple Service Nodes for AppQoE
• Lesson 10: SSL Optimization
  • SSL Optimization
  • SSL Proxy – WAN Edge Packet Flow
  • SSL Proxy – CA Deployment Use Cases
  • Deployment Scenarios
  • AppQoE – Supported Platforms
• Lesson 11: SD-AVC / Microsoft O365 Telemetry
  • SD-AVC Service
  • NBAR Agents
  • Enable SD-AVC
  • Microsoft Informed Routing
  • Microsoft Informed Routing Prerequisites
  • Microsoft 365 Telemetry Opt-in
  • Dynamic URL Categories + M365 Informed Routing
• Module Summary

Module 10: SD-WAN Security / SASE

• Module Topics
• Lesson 1: Security Overview
  • Secure SD-WAN is now Business Critical
  • SD-WAN with Distributed Security Enforcement
  • Cisco SD-WAN Security
• Lesson 2: Secure Access Service Edge (SASE)
  • What is SASE & SSE?
  • SASE Addresses these Challenges
  • Cisco SASE Architecture
  • SASE Deployment Options
• Lesson 3: SD-WAN Fabric Security
  • DDoS Protection for Controllers
  • DDoS Protection for SDWAN Edge Routers
  • Firewall Rules for Controllers
  • Firewall Ports Used in Cisco SD-WAN
  • Firewalls Ports – DTLS
  • Firewalls Ports – TLS
  • Ports Used by Cisco SDWAN Devices Running Multiple vCPUs
  • Administrative Ports Used by vManage NMS
  • vManage Cluster Ports
  • Anti-Replay Protection
• Lesson 4: SD-WAN Security Options
  • Data Plane Privacy and Encryption
  • Data Plane Privacy (Pairwise)
  • Pairwise IPSec Keys for SA
  • Data Plane Integrity
  • Layered Branch Security with SD-WAN
  • Service Based Traffic Engineering
  • Regional Secure Perimeter – Single Service
  • Regional Secure Perimeter – Multiple Services
  • Regional Internet Security
  • DIA Security
• Lesson 5: SD-WAN Integrated Security
  • SD-WAN Integrated Security
  • Enterprise Firewall (1)
  • Geo Fencing with SD-WAN Edge Devices -17.6
  • Identify Based Firewall (17.9)
  • Enterprise Firewall
  • ZBFW Policy – Building Blocks
  • ZBFW Policy – Matching Criteria
  • How FQDN Works?
  • Use Case: Intra-Zone Policy
  • Use Case: Inter-Zone Policy
  • Use Case: Self-Zone Policy
  • ZBFW: DIA/DCA Security
  • High Speed Logging (HSL)
  • SD-WAN Unified Security Policy (20.6)
  • SD-WAN Unified Security
  • Security Custom Options
  • Pre-Create Unified Security Features
  • Unified IPS Policy
  • New Unified Security Policy – Next Generation Firewall
  • NG Firewall Configuration
  • Create an Advanced Inspection Profile to be used with Rule / RuleSets
  • New Unified Firewall Rule with Advanced Inspections Profile
  • Intrusion Prevention
  • Snort IPS/IDS & Web Filtering Architecture
  • IPS Signature Set – Types
  • URL Filtering
  • URL-Filtering (URL-F) Database Profiles
  • How often URL-Filtering Database gets Updated?
  • DNS/Web-layer Security
  • DNS/Web-layer Security - Solution Overview
  • Advanced Malware Protection
  • TLS/SSL Decryption (MiTM Proxy)
• Lesson 6: SD-WAN Security Configuration
  • Security Configuration
  • Legacy Security Policy
  • SD-WAN Security Workflow
  • Add Firewall Policy (1)
  • Add Rule to Firewall Policy
  • Add Rule to Deny and Log Traffic
  • Review Inspect and Deny Rules
  • Create Firewall Zones
  • Create Source Firewall Zone
  • Create Destination Firewall Zone
  • Create Firewall Zone Pair
  • Firewall Policy
  • Intrusion Prevention Policy
  • Intrusion Prevention Policy – Add Target VPNs
  • Intrusion Prevention Policy – Configuration
  • Intrusion Prevention Policy – Advanced Configuration
  • Intrusion Prevention Policy – Save IPS Configuration
  • Intrusion Prevention Policy
  • Add URL Filtering Policy
  • URL Filtering Policy – Add Target VPNs
  • URL Filtering Policy -- Basic Configuration
  • URL Filtering Policy – Advanced Configuration
  • URL Filtering Policy – Save Configuration
  • URL Filtering Policy
  • Advanced Malware Protection
  • Advanced Malware Protection – Add Target VPNs
  • Advanced Malware Protection – Basic Configuration
  • Advanced Malware Protection – File Analysis Configuration
  • Advanced Malware Protection – Save Configuration
  • Advanced Malware Protection
  • DNS Security Policy
  • Umbrella API Key
  • DNS Security Policy – Add Target VPN
  • DNS Security Policy – Basic Configuration
  • DNS Security Policy – Save Configuration
  • DNS Security Policy
  • TLS/SSL Decryption
  • TLS/SSL Decryption Policy Configuration (1)
  • Configure Trusted CA
  • TLS/SSL Decryption Policy Decryption Rule
  • Security Policy – Configuration
  • Security Policy – Preview
  • Edit Template and Apply Security Policy
  • Security Policy – Apply Security Policy to Template
• Lesson 7: Cisco Umbrella
  • Cisco Cloud Security
  • Increased Throughput Capabilities per Router
  • Layer7 Health Check
  • SIG Policy Outcomes
  • Auto-Registration to Cisco Umbrella
  • IPSec Auto-Tunnel to Cisco Umbrella
  • Cisco Umbrella
  • Enhancement to Integration with Umbrella
  • Cloud Delivered Firewall
• Lesson 8: Secure Internet Gateway (SIG)
  • Secure Internet Gateway (SIG) – IPSEC
  • Secure Internet Gateway (SIG) – GRE
  • SIG Integrations
  • Increased Throughput Capabilities Per Router
  • Layer7 Health Check
  • Cloud OnRamp for SaaS for SIG - 17.6
  • Fall-back Routing for SIG (17.8)
• Lesson 9: Cisco Zscaler SIG
  • Cisco SD-WAN - ZScaler Automatic GRE Tunnel support
  • Cisco SD-WAN - ZScaler Secure-Internet-Gateway (SIG)
  • Onboarding of Automatic GRE SIG Tunnels
  • Policy Based Routing to SIG Provider
  • Weighted Load-Balancing – ECMP
  • Weighted Load-Balancing
  • Use Case # 5: Layer 7 Health Check
• Lesson 10: vManage ZScaler Workflow for Auto GRE SIG Tunnel
  • vManage ZScaler SIG Workflow (1)
• Lesson 11: Zscaler Workflow
  • ZScaler Workflow (1)
  • Unified Secure-Internet Gateway (SIG) Workflow
  • Active-Active SIG Tunnels
  • ECMP + Active-Active Tunnels
• Lesson 12: L7 Health Check Inside ZScaler Auto-GRE Tunnel
  • Monitoring – SIG Tunnel Status
  • Monitoring – Security Events
  • L7 Health Check Inside ZScaler Auto-GRE Tunnel (1)
  • L7 Tracker Parameters
  • Other Supported SIG Features on ZScaler GRE Auto-SIG tunnels
• Module Summary

Module 11: Creating and Applying SD-WAN Templates

• Module Topics
• Lesson 1: Security Overview
  • Secure SD-WAN is now Business Critical
  • SD-WAN with Distributed Security Enforcement
  • Cisco SD-WAN Security
• Lesson 2: Secure Access Service Edge (SASE)
  • What is SASE & SSE?
  • SASE Addresses these Challenges
  • Cisco SASE Architecture
  • SASE Deployment Options
• Lesson 3: SD-WAN Fabric Security
  • DDoS Protection for Controllers
  • DDoS Protection for SDWAN Edge Routers
  • Firewall Rules for Controllers
  • Firewall Ports Used in Cisco SD-WAN
  • Firewalls Ports – DTLS
  • Firewalls Ports – TLS
  • Ports Used by Cisco SDWAN Devices Running Multiple vCPUs
  • Administrative Ports Used by vManage NMS
  • vManage Cluster Ports
  • Anti-Replay Protection
• Lesson 4: SD-WAN Security Options
  • Data Plane Privacy and Encryption
  • Data Plane Privacy (Pairwise)
  • Pairwise IPSec Keys for SA
  • Data Plane Integrity
  • Layered Branch Security with SD-WAN
  • Service Based Traffic Engineering
  • Regional Secure Perimeter – Single Service
  • Regional Secure Perimeter – Multiple Services
  • Regional Internet Security
  • DIA Security
• Lesson 5: SD-WAN Integrated Security
  • SD-WAN Integrated Security
  • Enterprise Firewall (1)
  • Geo Fencing with SD-WAN Edge Devices -17.6
  • Identify Based Firewall (17.9)
  • Enterprise Firewall
  • ZBFW Policy – Building Blocks
  • ZBFW Policy – Matching Criteria
  • How FQDN Works?
  • Use Case: Intra-Zone Policy
  • Use Case: Inter-Zone Policy
  • Use Case: Self-Zone Policy
  • ZBFW: DIA/DCA Security
  • High Speed Logging (HSL)
  • SD-WAN Unified Security Policy (20.6)
  • SD-WAN Unified Security
  • Security Custom Options
  • Pre-Create Unified Security Features
  • Unified IPS Policy
  • New Unified Security Policy – Next Generation Firewall
  • NG Firewall Configuration
  • Create an Advanced Inspection Profile to be used with Rule / RuleSets
  • New Unified Firewall Rule with Advanced Inspections Profile
  • Intrusion Prevention
  • Snort IPS/IDS & Web Filtering Architecture
  • IPS Signature Set – Types
  • URL Filtering
  • URL-Filtering (URL-F) Database Profiles
  • How often URL-Filtering Database gets Updated?
  • DNS/Web-layer Security
  • DNS/Web-layer Security - Solution Overview
  • Advanced Malware Protection
  • TLS/SSL Decryption (MiTM Proxy)
• Lesson 6: SD-WAN Security Configuration
  • Security Configuration
  • Legacy Security Policy
  • SD-WAN Security Workflow
  • Add Firewall Policy (1)
  • Add Rule to Firewall Policy
  • Add Rule to Deny and Log Traffic
  • Review Inspect and Deny Rules
  • Create Firewall Zones
  • Create Source Firewall Zone
  • Create Destination Firewall Zone
  • Create Firewall Zone Pair
  • Firewall Policy
  • Intrusion Prevention Policy
  • Intrusion Prevention Policy – Add Target VPNs
  • Intrusion Prevention Policy – Configuration
  • Intrusion Prevention Policy – Advanced Configuration
  • Intrusion Prevention Policy – Save IPS Configuration
  • Intrusion Prevention Policy
  • Add URL Filtering Policy
  • URL Filtering Policy – Add Target VPNs
  • URL Filtering Policy -- Basic Configuration
  • URL Filtering Policy – Advanced Configuration
  • URL Filtering Policy – Save Configuration
  • URL Filtering Policy
  • Advanced Malware Protection
  • Advanced Malware Protection – Add Target VPNs
  • Advanced Malware Protection – Basic Configuration
  • Advanced Malware Protection – File Analysis Configuration
  • Advanced Malware Protection – Save Configuration
  • Advanced Malware Protection
  • DNS Security Policy
  • Umbrella API Key
  • DNS Security Policy – Add Target VPN
  • DNS Security Policy – Basic Configuration
  • DNS Security Policy – Save Configuration
  • DNS Security Policy
  • TLS/SSL Decryption
  • TLS/SSL Decryption Policy Configuration (1)
  • Configure Trusted CA
  • TLS/SSL Decryption Policy Decryption Rule
  • Security Policy – Configuration
  • Security Policy – Preview
  • Edit Template and Apply Security Policy
  • Security Policy – Apply Security Policy to Template
• Lesson 7: Cisco Umbrella
  • Cisco Cloud Security
  • Increased Throughput Capabilities per Router
  • Layer7 Health Check
  • SIG Policy Outcomes
  • Auto-Registration to Cisco Umbrella
  • IPSec Auto-Tunnel to Cisco Umbrella
  • Cisco Umbrella
  • Enhancement to Integration with Umbrella
  • Cloud Delivered Firewall
• Lesson 8: Secure Internet Gateway (SIG)
  • Secure Internet Gateway (SIG) – IPSEC
  • Secure Internet Gateway (SIG) – GRE
  • SIG Integrations
  • Increased Throughput Capabilities Per Router
  • Layer7 Health Check
  • Cloud OnRamp for SaaS for SIG - 17.6
  • Fall-back Routing for SIG (17.8)
• Lesson 9: Cisco Zscaler SIG
  • Cisco SD-WAN - ZScaler Automatic GRE Tunnel support
  • Cisco SD-WAN - ZScaler Secure-Internet-Gateway (SIG)
  • Onboarding of Automatic GRE SIG Tunnels
  • Policy Based Routing to SIG Provider
  • Weighted Load-Balancing – ECMP
  • Weighted Load-Balancing
  • Use Case # 5: Layer 7 Health Check
• Lesson 10: vManage ZScaler Workflow for Auto GRE SIG Tunnel
  • vManage ZScaler SIG Workflow (1)
• Lesson 11: Zscaler Workflow
  • ZScaler Workflow (1)
  • Unified Secure-Internet Gateway (SIG) Workflow
  • Active-Active SIG Tunnels
  • ECMP + Active-Active Tunnels
• Lesson 12: L7 Health Check Inside ZScaler Auto-GRE Tunnel
  • Monitoring – SIG Tunnel Status
  • Monitoring – Security Events
  • L7 Health Check Inside ZScaler Auto-GRE Tunnel (1)
  • L7 Tracker Parameters
  • Other Supported SIG Features on ZScaler GRE Auto-SIG tunnels
• Module Summary

Module 12: SD-WAN Local Policy

• Module Topics
• Lesson 1: Security Overview
  • Secure SD-WAN is now Business Critical
  • SD-WAN with Distributed Security Enforcement
  • Cisco SD-WAN Security
• Lesson 2: Secure Access Service Edge (SASE)
  • What is SASE & SSE?
  • SASE Addresses these Challenges
  • Cisco SASE Architecture
  • SASE Deployment Options
• Lesson 3: SD-WAN Fabric Security
  • DDoS Protection for Controllers
  • DDoS Protection for SDWAN Edge Routers
  • Firewall Rules for Controllers
  • Firewall Ports Used in Cisco SD-WAN
  • Firewalls Ports – DTLS
  • Firewalls Ports – TLS
  • Ports Used by Cisco SDWAN Devices Running Multiple vCPUs
  • Administrative Ports Used by vManage NMS
  • vManage Cluster Ports
  • Anti-Replay Protection
• Lesson 4: SD-WAN Security Options
  • Data Plane Privacy and Encryption
  • Data Plane Privacy (Pairwise)
  • Pairwise IPSec Keys for SA
  • Data Plane Integrity
  • Layered Branch Security with SD-WAN
  • Service Based Traffic Engineering
  • Regional Secure Perimeter – Single Service
  • Regional Secure Perimeter – Multiple Services
  • Regional Internet Security
  • DIA Security
• Lesson 5: SD-WAN Integrated Security
  • SD-WAN Integrated Security
  • Enterprise Firewall (1)
  • Geo Fencing with SD-WAN Edge Devices -17.6
  • Identify Based Firewall (17.9)
  • Enterprise Firewall
  • ZBFW Policy – Building Blocks
  • ZBFW Policy – Matching Criteria
  • How FQDN Works?
  • Use Case: Intra-Zone Policy
  • Use Case: Inter-Zone Policy
  • Use Case: Self-Zone Policy
  • ZBFW: DIA/DCA Security
  • High Speed Logging (HSL)
  • SD-WAN Unified Security Policy (20.6)
  • SD-WAN Unified Security
  • Security Custom Options
  • Pre-Create Unified Security Features
  • Unified IPS Policy
  • New Unified Security Policy – Next Generation Firewall
  • NG Firewall Configuration
  • Create an Advanced Inspection Profile to be used with Rule / RuleSets
  • New Unified Firewall Rule with Advanced Inspections Profile
  • Intrusion Prevention
  • Snort IPS/IDS & Web Filtering Architecture
  • IPS Signature Set – Types
  • URL Filtering
  • URL-Filtering (URL-F) Database Profiles
  • How often URL-Filtering Database gets Updated?
  • DNS/Web-layer Security
  • DNS/Web-layer Security - Solution Overview
  • Advanced Malware Protection
  • TLS/SSL Decryption (MiTM Proxy)
• Lesson 6: SD-WAN Security Configuration
  • Security Configuration
  • Legacy Security Policy
  • SD-WAN Security Workflow
  • Add Firewall Policy (1)
  • Add Rule to Firewall Policy
  • Add Rule to Deny and Log Traffic
  • Review Inspect and Deny Rules
  • Create Firewall Zones
  • Create Source Firewall Zone
  • Create Destination Firewall Zone
  • Create Firewall Zone Pair
  • Firewall Policy
  • Intrusion Prevention Policy
  • Intrusion Prevention Policy – Add Target VPNs
  • Intrusion Prevention Policy – Configuration
  • Intrusion Prevention Policy – Advanced Configuration
  • Intrusion Prevention Policy – Save IPS Configuration
  • Intrusion Prevention Policy
  • Add URL Filtering Policy
  • URL Filtering Policy – Add Target VPNs
  • URL Filtering Policy -- Basic Configuration
  • URL Filtering Policy – Advanced Configuration
  • URL Filtering Policy – Save Configuration
  • URL Filtering Policy
  • Advanced Malware Protection
  • Advanced Malware Protection – Add Target VPNs
  • Advanced Malware Protection – Basic Configuration
  • Advanced Malware Protection – File Analysis Configuration
  • Advanced Malware Protection – Save Configuration
  • Advanced Malware Protection
  • DNS Security Policy
  • Umbrella API Key
  • DNS Security Policy – Add Target VPN
  • DNS Security Policy – Basic Configuration
  • DNS Security Policy – Save Configuration
  • DNS Security Policy
  • TLS/SSL Decryption
  • TLS/SSL Decryption Policy Configuration (1)
  • Configure Trusted CA
  • TLS/SSL Decryption Policy Decryption Rule
  • Security Policy – Configuration
  • Security Policy – Preview
  • Edit Template and Apply Security Policy
  • Security Policy – Apply Security Policy to Template
• Lesson 7: Cisco Umbrella
  • Cisco Cloud Security
  • Increased Throughput Capabilities per Router
  • Layer7 Health Check
  • SIG Policy Outcomes
  • Auto-Registration to Cisco Umbrella
  • IPSec Auto-Tunnel to Cisco Umbrella
  • Cisco Umbrella
  • Enhancement to Integration with Umbrella
  • Cloud Delivered Firewall
• Lesson 8: Secure Internet Gateway (SIG)
  • Secure Internet Gateway (SIG) – IPSEC
  • Secure Internet Gateway (SIG) – GRE
  • SIG Integrations
  • Increased Throughput Capabilities Per Router
  • Layer7 Health Check
  • Cloud OnRamp for SaaS for SIG - 17.6
  • Fall-back Routing for SIG (17.8)
• Lesson 9: Cisco Zscaler SIG
  • Cisco SD-WAN - ZScaler Automatic GRE Tunnel support
  • Cisco SD-WAN - ZScaler Secure-Internet-Gateway (SIG)
  • Onboarding of Automatic GRE SIG Tunnels
  • Policy Based Routing to SIG Provider
  • Weighted Load-Balancing – ECMP
  • Weighted Load-Balancing
  • Use Case # 5: Layer 7 Health Check
• Lesson 10: vManage ZScaler Workflow for Auto GRE SIG Tunnel
  • vManage ZScaler SIG Workflow (1)
• Lesson 11: Zscaler Workflow
  • ZScaler Workflow (1)
  • Unified Secure-Internet Gateway (SIG) Workflow
  • Active-Active SIG Tunnels
  • ECMP + Active-Active Tunnels
• Lesson 12: L7 Health Check Inside ZScaler Auto-GRE Tunnel
  • Monitoring – SIG Tunnel Status
  • Monitoring – Security Events
  • L7 Health Check Inside ZScaler Auto-GRE Tunnel (1)
  • L7 Tracker Parameters
  • Other Supported SIG Features on ZScaler GRE Auto-SIG tunnels
• Module Summary

Module 13: SD-WAN Central Policy

• Module Topics
• Lesson 1: Security Overview
  • Secure SD-WAN is now Business Critical
  • SD-WAN with Distributed Security Enforcement
  • Cisco SD-WAN Security
• Lesson 2: Secure Access Service Edge (SASE)
  • What is SASE & SSE?
  • SASE Addresses these Challenges
  • Cisco SASE Architecture
  • SASE Deployment Options
• Lesson 3: SD-WAN Fabric Security
  • DDoS Protection for Controllers
  • DDoS Protection for SDWAN Edge Routers
  • Firewall Rules for Controllers
  • Firewall Ports Used in Cisco SD-WAN
  • Firewalls Ports – DTLS
  • Firewalls Ports – TLS
  • Ports Used by Cisco SDWAN Devices Running Multiple vCPUs
  • Administrative Ports Used by vManage NMS
  • vManage Cluster Ports
  • Anti-Replay Protection
• Lesson 4: SD-WAN Security Options
  • Data Plane Privacy and Encryption
  • Data Plane Privacy (Pairwise)
  • Pairwise IPSec Keys for SA
  • Data Plane Integrity
  • Layered Branch Security with SD-WAN
  • Service Based Traffic Engineering
  • Regional Secure Perimeter – Single Service
  • Regional Secure Perimeter – Multiple Services
  • Regional Internet Security
  • DIA Security
• Lesson 5: SD-WAN Integrated Security
  • SD-WAN Integrated Security
  • Enterprise Firewall (1)
  • Geo Fencing with SD-WAN Edge Devices -17.6
  • Identify Based Firewall (17.9)
  • Enterprise Firewall
  • ZBFW Policy – Building Blocks
  • ZBFW Policy – Matching Criteria
  • How FQDN Works?
  • Use Case: Intra-Zone Policy
  • Use Case: Inter-Zone Policy
  • Use Case: Self-Zone Policy
  • ZBFW: DIA/DCA Security
  • High Speed Logging (HSL)
  • SD-WAN Unified Security Policy (20.6)
  • SD-WAN Unified Security
  • Security Custom Options
  • Pre-Create Unified Security Features
  • Unified IPS Policy
  • New Unified Security Policy – Next Generation Firewall
  • NG Firewall Configuration
  • Create an Advanced Inspection Profile to be used with Rule / RuleSets
  • New Unified Firewall Rule with Advanced Inspections Profile
  • Intrusion Prevention
  • Snort IPS/IDS & Web Filtering Architecture
  • IPS Signature Set – Types
  • URL Filtering
  • URL-Filtering (URL-F) Database Profiles
  • How often URL-Filtering Database gets Updated?
  • DNS/Web-layer Security
  • DNS/Web-layer Security - Solution Overview
  • Advanced Malware Protection
  • TLS/SSL Decryption (MiTM Proxy)
• Lesson 6: SD-WAN Security Configuration
  • Security Configuration
  • Legacy Security Policy
  • SD-WAN Security Workflow
  • Add Firewall Policy (1)
  • Add Rule to Firewall Policy
  • Add Rule to Deny and Log Traffic
  • Review Inspect and Deny Rules
  • Create Firewall Zones
  • Create Source Firewall Zone
  • Create Destination Firewall Zone
  • Create Firewall Zone Pair
  • Firewall Policy
  • Intrusion Prevention Policy
  • Intrusion Prevention Policy – Add Target VPNs
  • Intrusion Prevention Policy – Configuration
  • Intrusion Prevention Policy – Advanced Configuration
  • Intrusion Prevention Policy – Save IPS Configuration
  • Intrusion Prevention Policy
  • Add URL Filtering Policy
  • URL Filtering Policy – Add Target VPNs
  • URL Filtering Policy -- Basic Configuration
  • URL Filtering Policy – Advanced Configuration
  • URL Filtering Policy – Save Configuration
  • URL Filtering Policy
  • Advanced Malware Protection
  • Advanced Malware Protection – Add Target VPNs
  • Advanced Malware Protection – Basic Configuration
  • Advanced Malware Protection – File Analysis Configuration
  • Advanced Malware Protection – Save Configuration
  • Advanced Malware Protection
  • DNS Security Policy
  • Umbrella API Key
  • DNS Security Policy – Add Target VPN
  • DNS Security Policy – Basic Configuration
  • DNS Security Policy – Save Configuration
  • DNS Security Policy
  • TLS/SSL Decryption
  • TLS/SSL Decryption Policy Configuration (1)
  • Configure Trusted CA
  • TLS/SSL Decryption Policy Decryption Rule
  • Security Policy – Configuration
  • Security Policy – Preview
  • Edit Template and Apply Security Policy
  • Security Policy – Apply Security Policy to Template
• Lesson 7: Cisco Umbrella
  • Cisco Cloud Security
  • Increased Throughput Capabilities per Router
  • Layer7 Health Check
  • SIG Policy Outcomes
  • Auto-Registration to Cisco Umbrella
  • IPSec Auto-Tunnel to Cisco Umbrella
  • Cisco Umbrella
  • Enhancement to Integration with Umbrella
  • Cloud Delivered Firewall
• Lesson 8: Secure Internet Gateway (SIG)
  • Secure Internet Gateway (SIG) – IPSEC
  • Secure Internet Gateway (SIG) – GRE
  • SIG Integrations
  • Increased Throughput Capabilities Per Router
  • Layer7 Health Check
  • Cloud OnRamp for SaaS for SIG - 17.6
  • Fall-back Routing for SIG (17.8)
• Lesson 9: Cisco Zscaler SIG
  • Cisco SD-WAN - ZScaler Automatic GRE Tunnel support
  • Cisco SD-WAN - ZScaler Secure-Internet-Gateway (SIG)
  • Onboarding of Automatic GRE SIG Tunnels
  • Policy Based Routing to SIG Provider
  • Weighted Load-Balancing – ECMP
  • Weighted Load-Balancing
  • Use Case # 5: Layer 7 Health Check
• Lesson 10: vManage ZScaler Workflow for Auto GRE SIG Tunnel
  • vManage ZScaler SIG Workflow (1)
• Lesson 11: Zscaler Workflow
  • ZScaler Workflow (1)
  • Unified Secure-Internet Gateway (SIG) Workflow
  • Active-Active SIG Tunnels
  • ECMP + Active-Active Tunnels
• Lesson 12: L7 Health Check Inside ZScaler Auto-GRE Tunnel
  • Monitoring – SIG Tunnel Status
  • Monitoring – Security Events
  • L7 Health Check Inside ZScaler Auto-GRE Tunnel (1)
  • L7 Tracker Parameters
  • Other Supported SIG Features on ZScaler GRE Auto-SIG tunnels
• Module Summary

Module 14: Cisco SD-WAN with ThousandEyes Integration

• Module Topics
• Lesson 1: Security Overview
  • Secure SD-WAN is now Business Critical
  • SD-WAN with Distributed Security Enforcement
  • Cisco SD-WAN Security
• Lesson 2: Secure Access Service Edge (SASE)
  • What is SASE & SSE?
  • SASE Addresses these Challenges
  • Cisco SASE Architecture
  • SASE Deployment Options
• Lesson 3: SD-WAN Fabric Security
  • DDoS Protection for Controllers
  • DDoS Protection for SDWAN Edge Routers
  • Firewall Rules for Controllers
  • Firewall Ports Used in Cisco SD-WAN
  • Firewalls Ports – DTLS
  • Firewalls Ports – TLS
  • Ports Used by Cisco SDWAN Devices Running Multiple vCPUs
  • Administrative Ports Used by vManage NMS
  • vManage Cluster Ports
  • Anti-Replay Protection
• Lesson 4: SD-WAN Security Options
  • Data Plane Privacy and Encryption
  • Data Plane Privacy (Pairwise)
  • Pairwise IPSec Keys for SA
  • Data Plane Integrity
  • Layered Branch Security with SD-WAN
  • Service Based Traffic Engineering
  • Regional Secure Perimeter – Single Service
  • Regional Secure Perimeter – Multiple Services
  • Regional Internet Security
  • DIA Security
• Lesson 5: SD-WAN Integrated Security
  • SD-WAN Integrated Security
  • Enterprise Firewall (1)
  • Geo Fencing with SD-WAN Edge Devices -17.6
  • Identify Based Firewall (17.9)
  • Enterprise Firewall
  • ZBFW Policy – Building Blocks
  • ZBFW Policy – Matching Criteria
  • How FQDN Works?
  • Use Case: Intra-Zone Policy
  • Use Case: Inter-Zone Policy
  • Use Case: Self-Zone Policy
  • ZBFW: DIA/DCA Security
  • High Speed Logging (HSL)
  • SD-WAN Unified Security Policy (20.6)
  • SD-WAN Unified Security
  • Security Custom Options
  • Pre-Create Unified Security Features
  • Unified IPS Policy
  • New Unified Security Policy – Next Generation Firewall
  • NG Firewall Configuration
  • Create an Advanced Inspection Profile to be used with Rule / RuleSets
  • New Unified Firewall Rule with Advanced Inspections Profile
  • Intrusion Prevention
  • Snort IPS/IDS & Web Filtering Architecture
  • IPS Signature Set – Types
  • URL Filtering
  • URL-Filtering (URL-F) Database Profiles
  • How often URL-Filtering Database gets Updated?
  • DNS/Web-layer Security
  • DNS/Web-layer Security - Solution Overview
  • Advanced Malware Protection
  • TLS/SSL Decryption (MiTM Proxy)
• Lesson 6: SD-WAN Security Configuration
  • Security Configuration
  • Legacy Security Policy
  • SD-WAN Security Workflow
  • Add Firewall Policy (1)
  • Add Rule to Firewall Policy
  • Add Rule to Deny and Log Traffic
  • Review Inspect and Deny Rules
  • Create Firewall Zones
  • Create Source Firewall Zone
  • Create Destination Firewall Zone
  • Create Firewall Zone Pair
  • Firewall Policy
  • Intrusion Prevention Policy
  • Intrusion Prevention Policy – Add Target VPNs
  • Intrusion Prevention Policy – Configuration
  • Intrusion Prevention Policy – Advanced Configuration
  • Intrusion Prevention Policy – Save IPS Configuration
  • Intrusion Prevention Policy
  • Add URL Filtering Policy
  • URL Filtering Policy – Add Target VPNs
  • URL Filtering Policy -- Basic Configuration
  • URL Filtering Policy – Advanced Configuration
  • URL Filtering Policy – Save Configuration
  • URL Filtering Policy
  • Advanced Malware Protection
  • Advanced Malware Protection – Add Target VPNs
  • Advanced Malware Protection – Basic Configuration
  • Advanced Malware Protection – File Analysis Configuration
  • Advanced Malware Protection – Save Configuration
  • Advanced Malware Protection
  • DNS Security Policy
  • Umbrella API Key
  • DNS Security Policy – Add Target VPN
  • DNS Security Policy – Basic Configuration
  • DNS Security Policy – Save Configuration
  • DNS Security Policy
  • TLS/SSL Decryption
  • TLS/SSL Decryption Policy Configuration (1)
  • Configure Trusted CA
  • TLS/SSL Decryption Policy Decryption Rule
  • Security Policy – Configuration
  • Security Policy – Preview
  • Edit Template and Apply Security Policy
  • Security Policy – Apply Security Policy to Template
• Lesson 7: Cisco Umbrella
  • Cisco Cloud Security
  • Increased Throughput Capabilities per Router
  • Layer7 Health Check
  • SIG Policy Outcomes
  • Auto-Registration to Cisco Umbrella
  • IPSec Auto-Tunnel to Cisco Umbrella
  • Cisco Umbrella
  • Enhancement to Integration with Umbrella
  • Cloud Delivered Firewall
• Lesson 8: Secure Internet Gateway (SIG)
  • Secure Internet Gateway (SIG) – IPSEC
  • Secure Internet Gateway (SIG) – GRE
  • SIG Integrations
  • Increased Throughput Capabilities Per Router
  • Layer7 Health Check
  • Cloud OnRamp for SaaS for SIG - 17.6
  • Fall-back Routing for SIG (17.8)
• Lesson 9: Cisco Zscaler SIG
  • Cisco SD-WAN - ZScaler Automatic GRE Tunnel support
  • Cisco SD-WAN - ZScaler Secure-Internet-Gateway (SIG)
  • Onboarding of Automatic GRE SIG Tunnels
  • Policy Based Routing to SIG Provider
  • Weighted Load-Balancing – ECMP
  • Weighted Load-Balancing
  • Use Case # 5: Layer 7 Health Check
• Lesson 10: vManage ZScaler Workflow for Auto GRE SIG Tunnel
  • vManage ZScaler SIG Workflow (1)
• Lesson 11: Zscaler Workflow
  • ZScaler Workflow (1)
  • Unified Secure-Internet Gateway (SIG) Workflow
  • Active-Active SIG Tunnels
  • ECMP + Active-Active Tunnels
• Lesson 12: L7 Health Check Inside ZScaler Auto-GRE Tunnel
  • Monitoring – SIG Tunnel Status
  • Monitoring – Security Events
  • L7 Health Check Inside ZScaler Auto-GRE Tunnel (1)
  • L7 Tracker Parameters
  • Other Supported SIG Features on ZScaler GRE Auto-SIG tunnels
• Module Summary

Module 15: Cloud Onramp for SaaS

• Module Topics
• Lesson 1: Cloud OnRamp - Overview
  • Cloud OnRamp for SaaS
  • Cloud OnRamp for Multicloud
  • Cloud OnRamp with AWS Transit Gateway Connect
  • Cloud OnRamp with Azure Virtual WAN
  • Cisco SD-WAN Cloud Hub with Google Cloud
  • Cisco SD-WAN Cloud OnRamp for Colocation
• Lesson 2: Cloud OnRamp for SaaS Overview
  • Cloud OnRamp for SaaS Benefits
  • SaaS Optimization Challenges
  • SaaS Optimization
  • Cloud OnRamp for SaaS
  • Cloud OnRamp for SaaS – Workflow (1)
  • Cloud OnRamp for SaaS
  • Cloud OnRamp for SaaS – Workflow (1)
  • Microsoft 365 Optimization with Cisco SD-WAN
• Lesson 3: Cloud OnRamp for M365
  • Cloud OnRamp for M365 (1)
  • M365 Cloud Feed – Pre-Populated Update
  • M365 URL/IP Categories
  • Microsoft Informed Routing
  • Dynamic URL Categories + M365 Informed Routing
  • Microsoft Informed Network Routing (17.9)
• Lesson 4: Cloud OnRamp for Webex
  • Cloud OnRamp for Webex
• Lesson 5: Cloud OnRamp for Enterprise & Custom Apps
  • Cloud OnRamp for Custom Applications
• Lesson 6: Cloud OnRamp for SaaS – Security
  • Cloud OnRamp for SaaS - Security
• Lesson 7: Deployment Use cases
  • Cloud onRamp for SaaS (Gateway)
  • Use Case - Branch with Dual DIA
  • Cloud onRamp for SaaS (Dual ISP)
  • Use Case - Branch with DIA + Gateway
  • SaaS Cloud OnRamp – DIA and Gateways
  • Use Case - Branch with SIG + Regional DC
  • Cloud OnRamp for SaaS WorkFlow - Site Types
• Lesson 8: Cloud OnRamp for SaaS Configuration
  • DNS settings on VPN0
  • NAT settings on VPN0 Interface
  • Enable Cloud On-Ramp
  • Cloud On-Ramp for SaaS WorkFlow - Adding Applications (1)
  • Cloud On-Ramp for SaaS – Custom Applications
  • Cloud On-Ramp for SaaS WorkFlow - Adding DIA Sites (1)
  • Cloud OnRamp for SaaS WorkFlow - Adding Client Sites (1)
  • Cloud On-Ramp for SaaS WorkFlow - Adding Gateway Sites (1)
• Lesson 9: Cloud OnRamp for SaaS Monitoring
  • Cloud On-Ramp for SaaS QoE - Application Drill Down (1)
  • Monitor > Network > Realtime > CloudExpress Applications
• Module Summary

Module 16: vAnalytics 3.0

• Module Topics
• Lesson 1: Analytics Overview
  • Challenges in Monitoring Cloud Applications over WAN
  • Cisco Vision: SD-WAN Analytics
  • Cisco vAnalytics
  • vAnalytics: Translate Raw Data into Intelligent Insights
  • SD-WAN vAnalytics
  • vAnalytics Architecture
  • vAnalytics – Customer Data
  • Metadata Collected by vAnalytics (XML)
• Lesson 2: vAnalytics Dashboards
  • New with vAnalytics 2023 update?
  • Summary Dashboard
  • Applications Dashboard
  • Application 360 View
  • Application 360 View – Filtered by Site
  • Site 360 View
  • vAnalytics Reporting Increments
  • vAnalytics Reporting Metrics
  • Automated Reporting
  • vAnalytics Facilitating Telemetry Exchange for M365 Cloud OnRamp
• Lesson 3: vAnalytics IDP Onboarding
  • IDP Onboarding
  • Create SAML Integration (Okta)
  • Download IDP Metadata
  • Upload IDP Metadata
  • Update IDP Settings
  • IDP User Login
• Lesson 4: vAnalytics KPIs and Scores
  • AIOps: Predictive Path Recommendations
  • “Predictive Path Recommendations” to improve App Experience
  • vAnalytics Facilitating Telemetry Exchange for M365 Cloud OnRamp
  • Cloud OnRamp for SaaS: Webex Telemetry
  • Webex Application Performance Metrics
  • Webex Application Usage Stats (Cisco vManage)
  • What is QoE Score?
  • Key components of the QoE score
  • SD-WAN Underlay Path Monitoring + ThousandEyes Path Visualization = Faster Troubleshooting & Lower Mean Time to Resolution (MTTR)
• Lesson 5: vAnalytics Onboarding & Access Workflow
  • Discover an Application having Issues
  • Application 360 View
  • Application Performance Metrics
  • SD-WAN Underlay Path Monitoring
• Lesson 6: vAnalytics Onboarding & Access Workflow
  • vAnalytics Onboarding & Access Workflow
  • Request vAnalytics Onboarding against your Overlay
  • Customer Onboarding – vManage Configuration
  • Launch vAnalytics URL and follow login workflow
  • Day-0 login workflow for an Admin user
  • Login Workflow for a Regular User
  • a) Launch vAnalytics URL & Select Authentication Method
• Module Summary

Module 17: Monitoring & Troubleshooting the SD-WAN Solution

• Module Topics
• Lesson 1: SD-WAN Troubleshooting Overview
  • SD-WAN Troubleshooting Overview
  • SD-WAN Monitoring Tools
  • SD-WAN Incident Management – Components
  • Network Wide Path Insight (NWPI)
  • SD-WAN Incident Management - Components & Interfaces
  • SD-WAN Incident Management Components
  • LiveAction – End-to-End visibility of app and network
• Lesson 2: SD-WAN Technical Support Access
  • Contact Cisco TAC Support
  • Contacting Cisco TAC Support
  • Cisco TAC Case Tracking
  • Cisco TAC Connect Bot
• Lesson 3: Controller Failure Scenarios
  • Recovering from a Failure in the Control Plane
  • Recovering from a vSmart Controller Failure
  • Recovering from a vBond Orchestrator Failure
• Lesson 4: Troubleshooting Controllers
  • Troubleshooting vManage Slowness (1)
  • Template Push Failure
  • Template Push Failure (Logs)
  • vManage Logs
  • Operational Commands - Collecting Admin-Tech
  • Enable Debugs
• Lesson 5: Troubleshooting Control Connections
  • Control Connections Failing
  • Error Legends
  • SD-WAN Device Requirements to Establish a Control Connections
  • View Status of Device Bring-up
  • WAN Edge Cannot Join the SD-WAN Overlay (Fabric)
  • Show Control Local Properties (vEdge)
  • Show Control Connections | Connections-History
• Lesson 6: Typical Control Connection Issues
  • Connectivity Problems – Not Reaching vBond
  • TLOC Disabled
  • Transient Conditions
  • Certificate Marked Invalid or Device Not in Authorized Serial Number List
  • Authorized Serial List Number File
  • Certificate Revoked/Invalidated
  • Clock Time Off
  • Root Certificate Missing
  • Organization-name Mismatch
  • DTLS Connection Debug
  • Troubleshooting Basic Connectivity
  • Useful Debug Options
• Lesson 7: Troubleshooting Data Plane
  • Troubleshooting BFD Sessions
  • Check Control Connections
  • Restrict Keyword
  • Firewall Ports Requirements
  • Tunnel Statistics
  • Access List Verification
• Lesson 8: Troubleshooting Routing
  • Troubleshooting OMP Peering
  • OMP Peering: Verification
  • Missing Route(s) Troubleshooting Algorithm
  • RIB and FIB Tables (vEdge)
  • RIB and FIB Tables (IOS XE SD-WAN)
  • OMP Routes and Associated TLOCs
  • Check TLOC Advertisements
  • Check Control Policy
  • OMP Routing Troubleshooting Example
  • OMP Commands and Debugs
• Lesson 9: Centralized Policies Troubleshooting
  • Building Blocks of Centralized Policies
  • Centralized Policy Application
  • Order of Operation on WAN Edge
  • Policy Preview in vManage
  • Useful Policy Features for Troubleshooting
  • Useful Policy Commands for Troubleshooting
  • Typical Control Policy Faults
• Lesson 10: Packet Forwarding Troubleshooting
  • vManage Packet Capture (1)
  • IOS XE Embedded Packet Capture (1)
  • Packet Trace
  • Configuring Packet Trace (1)
  • Using Packet Trace
  • Display NetFlow Data – cflowd
  • Display Application Aware Routing Stats
• Lesson 11: Device Configuration and Upgrades Failure
  • Self-Healing
    Software Upgrade and Configuration Changes
  • Device Rejects a Template
• Lesson 12: vDiagnose - Diagnostic Tool for SD-WAN
  • vDiagnose Problem Description
  • vDiagnose Tool Overview
  • vDiagnose Checks
  • vDiagnose Usage
  • Helpful Commands – Health Check
• Lesson 13: Troubleshooting cEdge
  • cEdge Password Discovery
  • Factory Default a cEdge
• Lesson 14: Troubleshooting using vManage
  • Check Controller Status
  • Checking Control Connections
  • WAN Edge Health
  • Reboot / Reload Services / Reset Services on Controllers / Devices
  • Reset an Interface
  • Admin Tech
  • Reset Locked Out User on a Device
  • System Alarm
  • System Events
  • System Audit Log
  • Monitor > ACL Log
• Lesson 15: Device Troubleshooting
  • Troubleshoot Configuration – Change to CLI Mode
  • Monitor > Device - System Status
  • Monitor > Device - System Status – Crash (1)
  • Checking Interface Utilization
  • Checking Transport Quality
  • Monitor > Device – Control Connections
  • Monitor > Device – Events
  • Monitor > Device – Troubleshooting
  • Troubleshooting > Ping
  • Troubleshooting > Traceroute
  • Troubleshooting > Speed Test
  • Troubleshooting > Tunnel Health
  • Troubleshooting > Visualizing Application Paths
  • Troubleshooting > Packet Capture
  • Troubleshooting > Simulate Flows
  • Troubleshooting > Debug Logs
• Lesson 16: Using the GUI for cli show command Under Troubleshooting > Real-time
  • Monitor > Device - Real Time (Show Commands)
  • Checking BFD Connections (1)
  • Troubleshooting Routing
  • Checking OMP Peers Detail
• Lesson 17: CLI Troubleshooting
  • vManage CLI Troubleshooting
  • Time Issues
  • Check vBond Control Connection
  • show orchestrator valid-vEdges
  • show orchestrator valid-vSmart
  • show orchestrator valid-vManage
  • CLI Troubleshooting Commands - show control connections
  • CLI Troubleshooting Commands - show control connections-history
  • clear orchestrator connections-history
• Lesson 18: Netflow Collectors
  • Application Visibility with External Collectors
  • Application Visibility + ART with External Collectors
• Lesson 19: SNMP Overview
  • SNMP Overview
  • SNMP MIBs Supported on WAN Edges
  • CISCO-SDWAN-OPER-SYSTEM-MIB – Supported Attributes
  • CISCO-SDWAN-APP-ROUTE-MIB – Supported Attributes
  • CISCO-SDWAN-BFD-MIB – Supported Attributes
  • CISCO-SDWAN-POLICY-MIB – Supported Attributes (1)
  • CISCO-SDWAN-SECURITY-MIB – Supported Attributes
• Lesson 20: SD-WAN Logs
  • Logging: General Directory/Log Structure
  • Logging: /var/log/nms (1)
  • vManage Troubleshooting – Enable Logs (1)
  • Helpful Commands – Health Check (1)
  • vManage Troubleshooting – Template Push (1)
  • vManage Troubleshooting – Statistics Collection (1)
  • Log Troubleshooting
  • vBond Look for Specific System IP in Logs
  • vManage Log
  • vManage Rest API Log
  • Display the Last 10 Log Messages
  • View the Root CA Certificate on vBond
  • View the Server Certificate on vBond
  • Using tcpdump to Capture Headers
  • show configuration rollback
  • Validate Command
  • Route-consistency-check (WAN Edges Only)
  • Troubleshoot Configuration – Change to CLI Mode
• Lesson 21: SD-WAN Reporting
  • Reporting Overview
  • Reports Menu
  • Report Templates
  • Preview report
  • Create Report
  • Select Sites
  • Time Range and Delivery Options
  • Email Settings
  • Scheduling Options
  • vManage Task
  • Audit Logs
  • Reports List
  • Filtering
  • Report Actions – Scheduled
  • Report Actions – One-time
  • Report Download
  • Sample Downloaded Report
• Lesson 22: vManage, APIs & Programmability
  • vManage REST APIs
  • REST Web Service
  • Requests and Response REST API Flow
  • Available API Calls
  • SD-WAN API Library and Documentation
  • REST API (1)
  • URI Structure
  • Options for Working with REST APIs
• Module Summary

LAB OUTLINE

Lab 1: Deploy the SD-WAN Controller

• Deploy the vManage Controllers
• Deploy the vBond Orchestrator
• Deploy the vSmart Controller
• Configure Certificate Settings

Lab 2: Deploy the vEdge, ISR 4K /C8000V Routers

• Deploy WAN Edges
• Configure the WAN Edge Routers
• Prepare vEdge Routers for ZTP

Lab 3: vManage Configuration

• Explore the Interface
• Add Controllers to the Whitelist
• Add vEdge whitelist
• BFD Tuning
• Create and Update Users
• Manage the Fabric

Lab 4-8: Creating Device Templates 

• Create CLI Policy Template
• Create Feature Policy Template
• Create vSmart Device CLI Template
• Create DC1 vEdges Device Feature Template
• Attach DC1 Devices to Template
• Create DC2 IOS-XE CSRs Device Feature Template
• Attach DC2 Devices to Template
• Create BR1 vEdges Device CLI Template using TLOC Extensions
• Attach BR1 Devices to Template
• Create BR2 IOS-XE CSRs Device Feature Template using TLOC Extensions
• Attach BR2 Devices to Template
• Create BR3 IOS-XE ISR4K Device Feature Template
• Attach BR3 Devices to Template
• Configuration Rollback

Lab 9: Use APIs to Import Feature Templates

Lab 10: Upgrade SDWAN Environment 

Lab 11-13: Perform ZTP on SDWAN Environment 

Lab 14-17: SDWAN Policies 

• List types of policies that can be implemented in the SD-WAN solution
• Describe how policies can be implemented that affect the control plane
• Describe what affect policies can have on data traffic forwarding
• Identify the various components of the vSmart policy architecture
• Describe how different policies are enabled in different devices
• Detail how policies are processed and applied
• Control Policy Lab
  • Configure a Vpn-membership-policy
  • Configure Site-list Selection Policies
  • Configure a Service Chaining Policy
  • Configure an Extranet VPN Policy
  • Configure a Service path affinity Policy
  • Configure Fabric Policies
  • Configure Security Zones
• Data Policy Lab
  • Configure Shaping Policies
  • Configure QoS Policies
  • Configure a Service Chaining
  • Configure an Extranet VPN Policy
  • Configure Service path affinity Policy
  • Configure a NAT Policies for DIA
  • Configure an OSPF BGP Routing Policy
• Application Aware Routing Policy Lab
  • SLA Classes
  • Path Selection using Application Policies
• Create a cFlowd Policy
• Create a Local Control Policy
  • Configure OSPF and BGP
• Create a Local Data Policy
  • Create ACL
  • Create Device Access Policy
  • Configure QOS
  • Configure OSPF Route Policy

Lab 18: Application Visibility

• Create a Centralized Policy for Application-Aware Routing
• Identify Application Groups (FTP/Office 365/Voice)
• Create Lists
  • Site Lists
  • Application Lists
  • Data Prefix Lists
  • VPN Lists
• Create a SLA Classes
• Create Traffic Rules
• Apply Policies to Sites and VPNs

Lab 19: Cloud On-RAMP 

• Configure Cloud Onramp for SAAS

Lab 20: Monitoring / Troubleshooting

• Explore vManage Dashboard analytics
• Monitor Applications
• Monitor Loss, Latency, and Jitter
• Monitor Individual Device
  • Check system Status
  • Check Control Connections
  • Check OMP Status
  • Check BFD Status
  • Check Interfaces for Issues
• Use the CLI to view and troubleshooting debug Logs
• Troubleshoot BFD
• Troubleshoot OMP
• Use troubleshooting tools to diagnose issues
  • Use the Ping tool
  • Use the Traceroute tool
  • Use the App Route Visualization
  • Simulate traffic flows
  • Take a Packet
• Troubleshoot Application Routing