Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
813
Views
16
Helpful
1
Replies

Bringing APs into the fabric without the INFRA_VN, is it possible?

Go to solution
Joshua Marks
Level 1
Level 1

‎09-15-2020 08:01 PM

Hi there,

 

We have recently labbed an SD-Access implementation using 9200L edge switches, only to be hit with this error when deploying multiple VNs to the fabric:

Provisioning failed due to invalid parameter. Cisco Catalyst 9200L Switch Stack supports maximum of 1 VRFs. Current operation has 2 VRFs.

 

Some digging has revealed that the 9200L (fixed uplink variant) only supports one VRF, which causes problems in an SDA network as VNs and macro segmentation can not be deployed. We were planning to usea few 9120s as fabric APs, but noting that they would normally operate over the INFRA_VN, is it possible to push APs to operate over another VN if the INFRA_VN is unavailable?

Labels:
Preview file
10 KB
Preview file
44 KB
1 Accepted Solution

Accepted Solutions

Go to solution
jedolphi
Cisco Employee
Cisco Employee

‎09-15-2020 11:11 PM

Hello Jousha. The limitation is one user-defined VN on 9200L. INFRA_VN is not user defined, thus it does not contribute to the limit. Also please do note that 9200L will not terminate VXLAN from fabric APs, as per the SDA CVD and the SDA compatibility matrix: https://cs.co/sda-sdg and http://cs.co/sda-compatibility-matrix . If you can wait a few months then you could consider using 9200L as a policy extended node, which means it becomes an TrustSec capable L2 extender homed to an SDA FE switch and thus should (roadmap) bypass the one VN limitation. Another option might be to look at OTT wireless which means there is no AP VXLAN tunnel terminating on the FE. Best regards, Jerome

View solution in original post

1 Reply 1

Go to solution
jedolphi
Cisco Employee
Cisco Employee

‎09-15-2020 11:11 PM

Hello Jousha. The limitation is one user-defined VN on 9200L. INFRA_VN is not user defined, thus it does not contribute to the limit. Also please do note that 9200L will not terminate VXLAN from fabric APs, as per the SDA CVD and the SDA compatibility matrix: https://cs.co/sda-sdg and http://cs.co/sda-compatibility-matrix . If you can wait a few months then you could consider using 9200L as a policy extended node, which means it becomes an TrustSec capable L2 extender homed to an SDA FE switch and thus should (roadmap) bypass the one VN limitation. Another option might be to look at OTT wireless which means there is no AP VXLAN tunnel terminating on the FE. Best regards, Jerome

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents