cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1619
Views
10
Helpful
5
Replies

DNA (l2 port-channel)

waleedmatter
Level 1
Level 1

I have many question related to SD Access 

 

q1 

can i make manual configuration l2 port-channel between the two borders and fusion as a trunk and then make l3 handoff from the two border through the DNA and my question now  i will seen the port-channel interface  in the interface list to point to the fusion to make the BGP config or not ?

 

q2 for license smart (call home config) , I will configure it manual in each node in the fabric and point it to the satellite license manager  

 

q3 

no need for the back to back link between two borders to make IBGP neigbour per VN correct if i have full redundancy between the two borders and the fusion 

5 Replies 5

willwetherman
Spotlight
Spotlight

Hi @waleedmatter 

 

Q1

 

Yes this will work. I have configured L3 border handoff between a Catalyst 9500 border node and a 6800 VSS using an L2 port-channel. Once you have configured the port-channel manually on your border nodes, make sure that you resync the borders so that DNAC learns of the port-channel interface. The port-channel interface will then appear when you configure border handoff automation.

 

Q2

 

DNA Center 2.1.2.X and above supports the automation of following SSM connection modes so no need to configure your nodes manually

 

Direct connection mode requires all smart enabled devices in your network have direct internet access to Cisco SSM cloud.

Cisco Smart Software Manager On-Prem (formerly known as Cisco Smart Software Manager satellite) offers near real-time visibility and reporting of the Cisco licenses you purchase and consume. In case your organisation is security-sensitive it gives you and an option to access a subset of Cisco SSM functionality without using a direct Internet connection to manage your licenses with Cisco SSM cloud.

Smart proxy connection mode offers that this Product Instance performs as a proxy for smart enabled devices in your network to Cisco SSM cloud . With this connection mode Smart enabled devices in your network need not have direct internet access and only this product instance has direct internet access to Cisco SSM cloud. This option is not applicable for Registering Cisco DNA Center.

 

Q3

 

Correct. If your border nodes are dual connected to your fusion routers, then per VN iBGP between borders is not required. As BGP path selection prefers eBGP over iBGP, the border to border iBGP link will not be used unless both of the border to fusion links are down. For my deployments this was considered as a highly unlikely scenario so the need to configure iBGP between borders (which still has to be done manually) was considered as unnecessary. The following Cisco Live On-demand slides by Jerome Dolphin provides a really good explanation of the supported border to fusion handoff topologies.

 

BRKCRS-3493

Real World Route/Switch to Cisco SD-Access Migration Tools and Strategies

 

Hope that this helps

Will

 

Thanks for your answer so for q2 of i have cisco license on prem (option 2) so i need to configure manual the call home  to point to ip of the on prem and enable smart license and apply token id in the all nodes of the fabric to register on the on prem (border 9500 , nodes 9300 ) as on the traditional nodes correct? 

Hi,

 

I have another questions, 

 

q4

If the border will be the GW for the all nodes so it will be external or internal + external and take in your mind the topology as below 

 

Fusion----------FW(Shared services)

         ----------Voice Gateway

       -----------Internet Gateway

 

q5 

 

Border---INFRA_VN(global)--(Shared_VN)2 x Fusion (Cat9500 Virtual Stack)---Shared_VN---(global)---FW(Shared)

          ---Employees_VN -------     

         ---Contract_VN----------

         ---NON_IT_VN----------

 

I will make the leaking in  the Fusion router between the VRF's and the Shared VN to make the shared service is reachable to the other VN's ,,,my question from the Fusion to the FW i will extend the Shared_VN from the fusion and it will be global from the FW   and make ibgp is this ok ?

 

q6

 

Fusion----------Employee---(global)Voice GW

          ---------Contract----(global)

         ----------Non_IT-----(global)

 

Fusion----------Employee---(global)Internet GW

          ---------Contract----(global)

          ---------Non_IT-----(global)

 

The routing for these VN's , I will extend the Employee and Contract  & Non_IT VN's from the fusion and it will be global from  the Voice GW and Internet GW and i will make OSPF (not BGP) because these routes will go outside to avoid overlapping the AS number's which i used internal correct ?

 

or i extend the Shared_VN from fusion and global from Voice gateway and Internet Gateway as it included the all users of the employees and the Contracts & Non_IT to reduce the VN's configuration and the routing between the Fusion and the Voice Gateway and the Internet Gateway 

In my network I have two border routers currently dual homed to one Fusion Router. I am looking to dual home the border routers to a second Fusion router for resiliency and do not plan to implement an iBGP peering between the two borders. This appears to be a supported topology in the slide deck you have highlighted but there does not appear to be an option on DNAC to automate the addition of a second L3 handoff to the Border routers to the 2nd Fusion router. I assume I would need to manually configure this?

Thanks for your answer so for q2 of i have cisco license on prem (option 2) so i need to configure manual the call home  to point to ip of the on prem and enable smart license and apply token id in the all nodes of the fabric to register on the on prem (border 9500 , nodes 9300 ) as on the traditional nodes correct? 

 

 have another questions, 

 

q4

If the border will be the GW for the all nodes so it will be external or internal + external and take in your mind the topology as below 

 

Fusion----------FW(Shared services)

         ----------Voice Gateway

       -----------Internet Gateway

 

q5 

 

Border---INFRA_VN(global)--(Shared_VN)2 x Fusion (Cat9500 Virtual Stack)---Shared_VN---(global)---FW(Shared)

          ---Employees_VN -------     

         ---Contract_VN----------

         ---NON_IT_VN----------

 

I will make the leaking in  the Fusion router between the VRF's and the Shared VN to make the shared service is reachable to the other VN's ,,,my question from the Fusion to the FW i will extend the Shared_VN from the fusion and it will be global from the FW   and make ibgp is this ok ?

 

q6

 

Fusion----------Employee---(global)Voice GW

          ---------Contract----(global)

         ----------Non_IT-----(global)

 

Fusion----------Employee---(global)Internet GW

          ---------Contract----(global)

          ---------Non_IT-----(global)

 

The routing for these VN's , I will extend the Employee and Contract  & Non_IT VN's from the fusion and it will be global from  the Voice GW and Internet GW and i will make OSPF (not BGP) because these routes will go outside to avoid overlapping the AS number's which i used internal correct ?

 

or i extend the Shared_VN from fusion and global from Voice gateway and Internet Gateway as it included the all users of the employees and the Contracts & Non_IT to reduce the VN's configuration and the routing between the Fusion and the Voice Gateway and the Internet Gateway correct ?

 

Review Cisco Networking for a $25 gift card