cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
840
Views
0
Helpful
5
Replies

ISE SXP domains: can not have overlapping IPs ?

Michal Garcarz
Cisco Employee
Cisco Employee

Hello Team,

I have SXP domain customer1 with mapping for ip 8.8.8.32.

And i can not add static mapping for the same ip for different SXP domain:

Screen Shot 2018-09-07 at 10.42.34.png

 

I would call it a bug - not a feature (since we have VPN domains for SXP for such a separation - right ?).

Could you please confirm ?

Do we have the same problem for dynamic mappings ? (received from network devices which belong to different SXP domains)

Thanks,

Michal

2 Accepted Solutions

Accepted Solutions

Hi Michael,

I won't take this as a implicit feature as you mention. Unless the specific use case is tested & validated (& documented) it can't be declared as supported. Since I don't see it documented, I would say it is not supported.

 

Please feel free to reach out to the Segmentation PM team to further the discussion.

 

- Krish

View solution in original post

Agreed, this is all allowed on the switch infrastructure, it's just an ISE implementation anomaly.

You can of course just edit the one mapping entry in ISE and enter more SXP domain destinations.

A fix for individual entries needs to be tracked under CSCuz00603 (multiple exceptions in log with unified ip-sgt functional).

View solution in original post

5 Replies 5

kvenkata1
Cisco Employee
Cisco Employee

I don't see any reference where we claim overlapping IP support in ISE SXP. The only reference I could find is in VRF aware SXP in IOS.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cts/configuration/xe-3s/sec-usr-cts-xe-3s-book/cts-sxp-ipv4.html#GUID-FB372893-786F-495B-912B-172DF3AE1972

 

- Krish

 

Hi Krish,

Thanks for the help.

VRF for SXP is nice - but a bit different.

We do not mention explicitly that we do support overlapping IPs - but that might be the perception - because of support for multiple SXP VPN domains (and domain filters).

Why do we support SXP VPN domains + filters if those are not really separated/independent ?

 

Thanks,

 

Hi Michael,

I won't take this as a implicit feature as you mention. Unless the specific use case is tested & validated (& documented) it can't be declared as supported. Since I don't see it documented, I would say it is not supported.

 

Please feel free to reach out to the Segmentation PM team to further the discussion.

 

- Krish

Agreed, this is all allowed on the switch infrastructure, it's just an ISE implementation anomaly.

You can of course just edit the one mapping entry in ISE and enter more SXP domain destinations.

A fix for individual entries needs to be tracked under CSCuz00603 (multiple exceptions in log with unified ip-sgt functional).

hslai
Cisco Employee
Cisco Employee
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers