© 2021 Cisco and/or its affiliates. All rights reserved. Page 5 of 51
Define
Cisco DNA Center and Cisco Identity Service Engine integrates to solve multiple use cases such as Micro-Segmentation, secured
network access for authorized users, guests, and onboarding IoT devices into a Software Defined Access network. Cisco SD-
Access customers with Large or Distributed Enterprise Fabric networks often leverage more than one Cisco DNA Center cluster
for management simplicity, multi-regional deployments and even for compliance reasons. At the same time, they leverage a
single Cisco ISE cluster for globally consistent Group-based Access Control Policy. The "Multiple Cisco DNA Center” feature
centrally manages Virtual Networks, Scalable Groups, Group-based Access Control Policy, Access Contracts and Virtual Networks
to Scalable Group associations. It does so by allowing multiple Cisco DNA Center clusters to integrate with a single Cisco ISE
system.
What is covered in this Guide?
This guide provides guidance to Cisco Software-Defined Access customers integrating Multiple Cisco DNA Center clusters with
Cisco ISE. The process, procedure, and steps listed in this guide are working configurations verified with the Cisco DNA Center,
Cisco ISE, and Cisco IOS XE code versions listed in Appendix A.
What is NOT covered in this Guide?
Although this deployment guide is about Cisco DNA Center and Cisco ISE, it does not cover the initial bootstrap and installation
of the Cisco DNA Center appliances and Cisco ISE deployment, shared services installation and deployment such as DHCP, DNS,
and network connectivity configuration between various infrastructure components such as the routers and switches.
Deployment of the SD-Access Fabric and its various features are beyond the scope of this guide as well.
For more information on these items, please see additional references in Appendix B.
About Cisco DNA Center and SD-Access
Cisco DNA Center is the network management and command center for the Cisco Digital Network Architecture (DNA), built on
intent-based networking principles. It helps you build the new network and deliver better experiences more securely, so you
can focus on your business, and not on your network. It creates a holistic end-to-end platform for your enterprise so you can
better manage the business. Cisco DNA Center provides a centralized management dashboard for complete control of this new
network. This platform can simplify IT network operations, proactively manage the network, provide consistent wired and
wireless policy, and correlate insights with contextual cognitive analytics.
Cisco DNA Center is a hardware appliance powered through a software collection of applications, processes, services, packages,
and tools. This software provides full automation capabilities to deploy networks in minutes, to perform device upgrades and
patches network-wide with a minimal clicks, and to help ensure configuration consistency and save your team time. It also
provides visibility and network assurance through intelligent analytics combined with AI/ML which has more than 30 years of
best practices to help optimize your network's performance, reduce troubleshooting time for your team, and lower the cost of
network operations.
Cisco® Software-Defined Access (SD-Access) is the industry’s first intent-based networking solution for the Enterprise built on
the principles of Cisco’s Digital Network Architecture (Cisco DNA). Cisco SD-Access provides automated end-to-end
segmentation to separate user, device and application traffic without redesigning the network. Cisco SD-Access automates user
access policy so organizations can make sure the right policies are established for any user or device with any application across
the network. This is accomplished with a single network fabric across LAN and WLAN which creates a consistent user experience
anywhere without compromising on security.
Building this next-generation solution involved some key foundational elements including:
Controller-based orchestrator to drive business intent into the orchestration and operation of network elements including day-
0 configuration of devices and policies associated with users, devices and endpoints as they connect to a network.