Do we support up to 30 MAC Addresses behind one Port on an Edge Switch (SDA)

rorosenb · ‎06-13-2019

Hi Team,

I have a questions regarding IOT devices behind one single Port on an Edge Switch 9300 (SDA).

A customer of us is using a lot of production machines (~15) in his environment and has to segment his network. Behind one single Production Machine are up to 30 Devices, which are connected over an internal switch (we couldn't change this) to a single port on the edge. At the Moment the customer has no segmentation and connect these machines all together in one IP Subnet /16.

The actually plan at the moment is, to segment theses devices with SGT and SDA because the customer is not able to change the IP address concept yet.

The Big question to you guys is:

Do we support up to 30 MAC Addresses behind one Port on an Edge Switch (no authentication, static SGT assignment to all devices behind a single access Port) without an extended node?
Do we support up to 30 MAC Addresses behind one Port on an Edge Switch (MAB authentication, dynamic SGT assignment) without an extended node?
Could we change the IDT (IP Device tracking) as well to 30 instead of 10 to have the Assurance Feature for every device?
- With a Template for example?

Thank you in advance

Best regards,

Robert

ChuckMcF · ‎06-20-2019

You could create an IBN and set it up with the new Layer 2 handoff feature. This allows you to map your "legacy" VLANs from the older network to SDA with the ability to have the same network range (for example 150.151.152.0/24) on both the Legacy and SDA networks. You just trunk your Legacy switch to the IBN and hang the IBN off of your SDA network (typically the INs) and you're good to go. As long as your IBN can peer (iBGP) to your EBNs then you get all SDA information on the IBN. You map the VLANs to the SGT that you want and that's about it. Hope this helps.

Good Luck!!

Chuck