At IPTel, we've been working with Cisco Software-Defined Access (SDA) more and more over the last few years. You might have heard of it and be keen on seeing it in your network. But here is the problem: you like the idea, but how do you get there? You might not have Cisco ISE in your network, you might not have layer 3 to your access layer, or you just don't know what migration to SDA looks like.
The benefits of SDA Fabric are primarily in these two areas:
We've covered this more in our free eBook: The CIOs Guide to SDA Fabric.
ASSOCIATED BLOGS:
Migration from traditional (or legacy, depending on which term you prefer) networking to software-controlled controlled SDA Fabric is not straightforward.
What we've seen is there is much more front-end planning with SDA Fabric than with legacy networking - but once you have the network up and running it is quicker to configure and expand.
The initial design phase is critical - you need to know much more about the clients on your network and how you want to treat those than with traditional networking.
Why is that? We will be configuring a much more granular set of security policies than traditional networking allows - right up to the edge port if you want to configure micro-segmentation.
The image below explains the options we have and is split between a new network (greenfield install) versus existing networks (brownfield install):
New Network SDA Options:The option you pick (Option 1 or 2), depends on your comfort level and how quickly you'd like to deploy.
Image Courtesy of Cisco
For existing networks, there's a slightly different choice, which is more around how much up-front time you want to spend figuring out what is using your network before you migrate.
Existing Network SDA Options:
In the case of existing networks neither option is better or worse - it's more a case of preference to find out up front what's on your network, or rollout the first stages of the Macro Segmentation, then do that monitoring.
For the existing installations, there is an order for how we prepare for migrations. There are some specific pre-requisites:
Cisco Catalyst Center: (Formerly Cisco DNA Center): This is used to configure and monitor the SDA Fabric - this is a must have
A typical migration scenario we would see is an enterprise network with core, distribution and access layer switching.
Image Courtesy of Cisco
In the SDA migration process, we can convert in stages:
Stage 1: Convert the existing hardware (providing it is SDA compatible):
Retain existing VLAN IDs and layer 2 access.
Stage 2: Add in Cisco Catalyst Center to monitor and manage the network
The network is now ready for the migration options (see section above - Option 3 or 4)
ASSOCIATED BLOGS:
Migrating to Cisco Software‑Defined Access (SDA) is not a simple “network refresh” — it is a fundamental shift in how enterprise networks are designed, secured, and operated.
Rather than focusing on VLANs and device‑by‑device configuration, SDA introduces a policy‑driven, fabric‑based architecture that centralises control, improves security through segmentation, and significantly reduces operational complexity.
The key take aways for any business looking to migrate to Cisco SDA Fabric are:
If you need any help, we have migrated many customers - drop us a line!
ASSOCIATED BLOGS: