11-04-2019 10:23 AM
Hi community
Recently we implemented a POC with Fabric using the topology below.
Activities carried out are:
- Integration with ISE (16 SGTS)
- Fabric topology (SW 3850 "CP-B", 2 SW 3560 "Fabric")
- Global configuration DNA has the IP DHCP Server.
-The VRF, Subinterfaces were replicated on the Fuzion router and in the BGP section the VNs were extended with their respective IPV4 Address-Family.
- Host-OnBoarding was configured on the switches by assigning the guest VN for wired tests.
When we connect 2 hosts "one on each switch" they do not receive configuration via DHCP but when we configure a static IP if there is communication between the hosts.
We even set up a micro segmentation as proof with a DENY between the hosts of the same VN Guests and we effectively lose the ping. When the micro segmentation is removed, the ping is restored.
Do you think it is necessary to manually configure something on the Fuzion Router?
Do you think there is still something to configure in the ISE?
Also take packet captures and note that there is only DHCP Request up to SW Border 3850 but you never see anything in the Fuzion.
Thank you.
Solved! Go to Solution.
11-04-2019 12:25 PM
It sounds like the route to DHCP server (and other shared services) isn't in the VN routing table. You need to leak those routes:
11-04-2019 12:25 PM
It sounds like the route to DHCP server (and other shared services) isn't in the VN routing table. You need to leak those routes:
11-06-2019 04:14 PM
Thank you finally I get IP Address vía DHCP but when I try to open a web page, the page delay to show something an finally sends a message of Certificate invalid.
Port Configuration
interface GigabitEthernet1/0/1
switchport access vlan 1037
switchport mode access
device-tracking attach-policy IPDT_MAX_10
load-interval 30
cts manual
policy static sgt 6
no propagate sgt
no macro auto processing
spanning-tree portfast
end
Any idea?
Thanks and regards.
11-05-2019 07:46 AM
Since the DHCP server is not inside your fabric your EBN needs a DFR or static route that should be advertised from your FR to EBN via your ebgp peering. Once that is done this should work fine. Good luck & HTH!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide