Solved: Connecting non-sda capable switch to Fabric Edge

katerina.dardoufa · ‎11-06-2022

Hello all,

there seems to be a lot of discussion about if it is possible to connect a non sda capable switch to FE. I have found this post "Solved: Non sda switch connected to the fabric edge - Cisco Community" from which I understand that it is possible to connect a non-sda capable switch to FE, if you connect it to a "trunk/server" port on the FE.

Unfortunately I cannot find any other documentation that supports the above and all other related cisco documentation advises to use extended nodes.

If this solution is to work, I assume that all configuration should be added manually to the non-sda-capable switch. Does trustsec still work if all needed configuration is done on the switch? What about LISP? Does the FE share the information about the downstream end points to the Control Node?

Please advise, since the temp use of a non-sda switch seems to be a "quick fix" for urgent scenarios, at least until an Extended node or other FE is provisioned.

Regards,

Katerina

jedolphi · ‎11-07-2022

Hi Katerina,
You are correct, the non-SD-Access 3rd party switch would need to be manually configured.
Extended Nodes and Policy Extended Nodes do not run LISP. 3rd party switches do not need to run LISP. When endpoints connected to the 3rd party switch send packets into the network the IP and MAC of the endpoints will be learned by Device Tracking on the Fabric Edge Node. DT on the FE will register those details with LISP Control Plane Node automatically. Extended Node and Policy Extended Node also rely on the FE to register endpoint details.
Static VLAN-to-SGT mapping will work for endpoints connected to the 3rd party switch, some details can be found in the following Cisco Live presentation: https://www.ciscolive.com/on-demand/on-demand-library.html?search.event=1636046385175001F3fI&search=brkens-2008#/session/16360602466310017kjm
Dynamic SGT assignment and policy for endpoints connected to the 3rd party switches may be theoretically possible but not recommended due to the significant increase in network design and maintenance complexity. If you feel this is a "must have" then I'd encourage you to talk to your Cisco representative about pros / cons / requirements / tradeoffs / supportability.
Best regards, Jerome

View solution in original post

jedolphi · ‎11-07-2022

Hi Katerina,
You are correct, the non-SD-Access 3rd party switch would need to be manually configured.
Extended Nodes and Policy Extended Nodes do not run LISP. 3rd party switches do not need to run LISP. When endpoints connected to the 3rd party switch send packets into the network the IP and MAC of the endpoints will be learned by Device Tracking on the Fabric Edge Node. DT on the FE will register those details with LISP Control Plane Node automatically. Extended Node and Policy Extended Node also rely on the FE to register endpoint details.
Static VLAN-to-SGT mapping will work for endpoints connected to the 3rd party switch, some details can be found in the following Cisco Live presentation: https://www.ciscolive.com/on-demand/on-demand-library.html?search.event=1636046385175001F3fI&search=brkens-2008#/session/16360602466310017kjm
Dynamic SGT assignment and policy for endpoints connected to the 3rd party switches may be theoretically possible but not recommended due to the significant increase in network design and maintenance complexity. If you feel this is a "must have" then I'd encourage you to talk to your Cisco representative about pros / cons / requirements / tradeoffs / supportability.
Best regards, Jerome

katerina.dardoufa · ‎11-08-2022

Hi Jerome,

thank you so much for making things clear!

Best regards,

Katerina