04-08-2022 08:53 AM
First of all, I have a campus network entirely capable of running inline tagging. I'm wondering though, should I run SXP instead of inline tagging to get tags to my switches. The reason I ask is because I have had trouble getting the CTS commands deployed correctly and stable in my network. There have been quite a few cases where the CTS commands have caused traffic issues (particularly on my cores). In my Cat4ks, the interfaces have to be shut/no shut after adding the cts commands. I am running port-channeled uplinks on top of that, so I have to deploy the commands with an EEM script because otherwise I will get disconnected because the port-channel members will have inconsistent config. I have some cat9ks where this isn't an issue.
The point is that CTS manual has given me heartburn. Would it be easier/better to just run SXP from my access layer switches to ISE?
Solved! Go to Solution.
04-08-2022 09:13 AM
As you have observed, applying cts manual and it's subcommand will typically break a link until you get the matching commands on the other side. As you pointed out, this behavior can deviate a little and be inconsistent, but the expectation is that the link will break when you are applying it. It's also considered a best practice to shut/no shut any link you apply it to so you have to finesse it in to the config.
SXP is a lot to manage, and it has it's own complexities and scaling limitations. If it was me, I would push through getting the inline tagging/cts manual working everywhere it is supported. I would only use SXP for specific enforcement points, ASAs, or across unsupported link.
You mention an EEM script, I've never done it that way but instead use text files and ftp to apply the config to remote switches.
Process would go something like this
04-08-2022 09:13 AM
As you have observed, applying cts manual and it's subcommand will typically break a link until you get the matching commands on the other side. As you pointed out, this behavior can deviate a little and be inconsistent, but the expectation is that the link will break when you are applying it. It's also considered a best practice to shut/no shut any link you apply it to so you have to finesse it in to the config.
SXP is a lot to manage, and it has it's own complexities and scaling limitations. If it was me, I would push through getting the inline tagging/cts manual working everywhere it is supported. I would only use SXP for specific enforcement points, ASAs, or across unsupported link.
You mention an EEM script, I've never done it that way but instead use text files and ftp to apply the config to remote switches.
Process would go something like this
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide