Host Onboarding in SD-Access

Host Onboarding in SD-Access

Endpoints can be attached to fabric nodes during host on-boarding in SD-Access. With host on-boarding, endpoints are authenticated, classified, assigned to scalable groups, and then assigned to IP pools and virtual networks.

Fig 1.1- Host Onboarding

We have four steps to go through for Host Onboarding in SD-Access environment

Authentication Template:    
A number of predefined authentication templates are available in Cisco DNA Center to simplify the process of implementing authentication on your network. The fabric edge will be automatically configured once a template is selected.

You can see in below image we have Open Authentication, Closed, Low impact and no Authentication. We generally use Closed one.

Fig 1.2- Auth Template

Virtual networks and IP pools selection
IP address pools can be assigned to unicast or multicast virtual networks (VN) defined in your SD-Access Fabric. So step 1 is to create a Virtual network by adding it and then click that created VN. Once clicked you will see there to define the IP and Pool type, Define that and you VN is ready.

Fig 1.3- VNs & Pool

Fabric SSID selection:
Wireless and wired networks can be managed using SD-Access. As well as applying the same IP pool and VN across wired and wireless networks, SD-Access allows you to apply the same IP pool to both.

Fig 1.4- Fabric SSIDs

Port Assignment: 
By using the global authentication template that we applied earlier as well as overriding it to select specific Edge nodes and ports, Cisco DNA Center allows authentication templates to be applied to all Edge nodes and all ports.

Fig 1.5- Fabric Port Assignment

The AP will use the No Authentication security template, rather than the global authentication template (Closed Authentication).

Cisco DNA Center immediately creates a switch virtual interface (SVI) for each edge node when an IP pool is configured in SD-Access.

A Fabric Anycast Gateway is additionally configured on all Edge nodes within each IP pool.SD-Access relies on this feature to allow hosts to roam freely to any Edge node without additional provisioning.