10 interview questions on Cisco SD-Access

Today we are going to talk about the basic few questions which are usually asked in the interview for Cisco SD-Access

Let's start with the first part of interview questions in Cisco SD-Access. we will come up with another round of questions in Cisco SD-Access.

Fig 1.1- Cisco DNA Center and SD-Access

Q1: What is SD-Access ? 
Cisco Software-Defined Access (SD-Access) is a central part of the Cisco Digital Network Architecture (Cisco DNA) solution and represents an exponential and fundamental shift in how we design, build, and manage networks, enabling enterprise customers to reduce operating expenditures (OpEx) and risk while creating an agile infrastructure that delivers consistent policies and services over wired, wireless, and hybrid networks. 

Q2: What are the main components of SD-Access solution? 
Cisco DNA center, Cisco ISE, Fabric Edge Node and Fabric Border Node. 

Q3: What is a fabric edge node? 
A switch in an SD-Access-enabled network that is at the “edge” of the network to which endpoints (user and IoT devices) connect is called a fabric edge node. 

Q4: What is a Fabric Border node? 
A switch in an SD-Access-enabled network that is at the “core” of the network to which Fusion router and Edge node connects is called a fabric border node. 

Q5: What are the benefits of SD-Access? 

  • Secure, policy-based automation 
  • Endpoint and traffic visibility 
  • Easier and more effective segmentation 
  • Assurance and telemetry 

Q6: What is fabric in a box solution in SDA? 
Fabric in a Box is an SD-Access construct where the border node, control plane node, and edge node are running on the same fabric node 

Q7: What is the purpose of VXLAN encapsulation for packets and frames?  
Packets and frames received from outside the fabric and destined for an endpoint inside of the fabric are encapsulated in fabric VXLAN by the border node.  Packets and frames sourced from inside the fabric and destined outside of the fabric are de-encapsulated by the border node. 

Q8: What is the protocol used on Control plane, Data plane and Policy Plane? 
Control Plane: LISP 
Data Plane: VXLAN 
Policy Plane: Cisco TrustSec 

Q9: Explain Policy Plane Cisco TrustSec? 
Cisco TrustSec decouples access that is based strictly on IP addresses and VLANs by using logical groupings in a method known as Group-Based Access Control (GBAC).  The goal of Cisco TrustSec technology is to assign an SGT value to the packet at its ingress point into the network.  An access policy elsewhere in the network is then enforced based on this tag information. 

Q10: What is the purpose of the fusion router in SDA environment ? 
Fusion device has a responsibility to provide access to shared services for the endpoints in the fabric. These are Route Leaking and VRF Leaking 

  • Route Leaking—The option is used when the shared services routes are in the GRT.  On the fusion device, IP prefix lists are used to match the shared services routes, route-maps reference the IP prefix lists, and the VRF configurations reference the route-maps to ensure only the specifically matched routes are leaked. 
  • VRF Leaking—The option is used when shared services are deployed in a dedicated VRF on the fusion device.  Route-targets under the VRF configuration are used to leak between the fabric VNs and the shared services VRF.