1.4 Explain the working principles of the Cisco SD-Access solution
📘CCNP Encore (350-401-ENCORE-v1.1)
1. What Is Traditional Campus Interoperability?
Traditional campus interoperability means how Cisco SD-Access works together with an existing (legacy) campus network that is not part of the SD-Access fabric.
In real IT environments:
- Organizations do not replace the entire network at once
- SD-Access is usually deployed step by step
- Some parts of the network remain traditional (non-fabric)
Cisco SD-Access is designed to interoperate smoothly with:
- Traditional Layer 2 and Layer 3 networks
- Existing VLANs and IP subnets
- Legacy security and routing designs
This interoperability allows:
- Gradual migration
- Lower risk
- Continued operation of existing services
2. Why Interoperability Is Required (Exam Focus)
Cisco SD-Access does not exist in isolation. It must communicate with:
- Legacy access switches
- Traditional distribution/core layers
- External networks (data centers, WAN, Internet)
Key exam point:
SD-Access fabric supports coexistence and integration, not forced replacement.
3. Types of Networks in an SD-Access Environment
3.1 Fabric Network
- Built using Cisco SD-Access
- Uses VXLAN for data plane
- Uses LISP for control plane
- Policy is enforced using SGTs
- Managed by Cisco DNA Center
3.2 Traditional Network (Non-Fabric)
- Uses VLANs and IP routing
- Uses STP, OSPF, EIGRP, BGP
- Uses ACLs and VLAN-based security
- Manually configured
4. Fabric Edge and Traditional Network Connectivity
4.1 Fabric Edge Node
- The switch where end devices connect
- Can connect to:
- Fabric devices
- Non-fabric (traditional) switches
4.2 How Traditional Switches Connect
- Traditional access switches connect to:
- Fabric Edge Node
- These traditional switches:
- Are not SD-Access aware
- Do not run VXLAN or LISP
- Still forward traffic normally
Exam point:
Traditional switches treat the fabric edge like a normal Layer 2 or Layer 3 device.
5. Extended Nodes (Important Exam Topic)
5.1 What Is an Extended Node?
An Extended Node is a traditional Layer 2 switch connected to a Fabric Edge Node.
5.2 Purpose of Extended Nodes
- Allows legacy switches to remain in use
- No need to replace all access switches
- Supports gradual SD-Access deployment
5.3 Key Characteristics
- Extended node:
- Is not part of the fabric
- Does not run VXLAN or LISP
- Fabric Edge Node:
- Acts as the fabric entry point
- Applies policy on behalf of extended nodes
Exam key line:
Extended nodes extend the fabric to non-fabric switches at Layer 2.
6. VLAN to Virtual Network (VN) Mapping
6.1 Why Mapping Is Needed
Traditional networks use:
- VLANs
- IP subnets
SD-Access uses:
- Virtual Networks (VNs)
To communicate:
- VLANs must be mapped to VNs
6.2 How Mapping Works
- A VLAN on a traditional switch
- Is mapped to a VN at the fabric edge
- Traffic entering the fabric:
- Is assigned to the correct VN
- Is encapsulated using VXLAN
Exam point:
VLANs exist outside the fabric, VNs exist inside the fabric.
7. Fabric Border Node and Traditional Network Integration
7.1 What Is a Fabric Border Node?
A Fabric Border Node connects the SD-Access fabric to:
- Traditional campus core
- Data center
- WAN
- Internet
7.2 Role in Interoperability
- Translates traffic between:
- Fabric (VXLAN-encapsulated)
- Traditional IP network
- Acts as the exit and entry point
7.3 Routing Interaction
- Uses traditional routing protocols:
- OSPF
- EIGRP
- BGP
- Advertises fabric routes to traditional networks
Exam focus:
Border nodes enable communication between fabric and non-fabric networks.
8. Policy Interoperability (SGT and Traditional Security)
8.1 Security in Traditional Networks
- VLAN-based segmentation
- IP-based ACLs
8.2 Security in SD-Access
- Uses Scalable Group Tags (SGTs)
- Identity-based security
8.3 How Policies Interoperate
- At fabric boundaries:
- SGTs can be:
- Translated
- Preserved
- SGTs can be:
- Legacy devices that do not understand SGT:
- Use traditional ACL enforcement
Exam point:
SD-Access supports policy enforcement even when traffic flows into traditional networks.
9. Layer 2 and Layer 3 Interoperability
9.1 Layer 2 Interoperability
- Extended nodes operate at Layer 2
- VLANs are preserved
- Fabric edge performs encapsulation
9.2 Layer 3 Interoperability
- Border nodes handle Layer 3 routing
- IP reachability is maintained
- No changes required in traditional routing design
10. Multicast and Broadcast Handling
- Inside the fabric:
- Broadcast, unknown unicast, multicast (BUM) traffic is controlled
- Outside the fabric:
- Traditional handling continues
- Border nodes manage translation between both worlds
Exam tip:
Fabric reduces unnecessary broadcast traffic compared to traditional networks.
11. Migration Strategy (Very Important for Exam)
Cisco SD-Access supports:
- Brownfield deployments
- Coexistence with legacy networks
Migration Steps:
- Deploy fabric in a limited area
- Connect traditional switches as extended nodes
- Gradually move users and services
- Keep legacy networks operational
Exam key idea:
SD-Access is designed for gradual adoption, not immediate replacement.
12. Key Exam Summary (Must Remember)
✔ SD-Access interoperates with traditional campus networks
✔ Extended nodes allow legacy switches to connect
✔ VLANs are mapped to Virtual Networks (VNs)
✔ Border nodes connect fabric to non-fabric networks
✔ Traditional routing protocols are supported
✔ Security policies work across fabric and non-fabric areas
✔ SD-Access supports brownfield deployments
13. One-Line Exam Definition
Traditional campus interoperability with SD-Access is the ability of the SD-Access fabric to coexist, integrate, and communicate with non-fabric legacy campus networks using extended nodes, border nodes, and policy translation.
