cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
355
Views
0
Helpful
3
Replies

Fiab on 9300

Ciro G Mele
Beginner
Beginner

Hi,

We are about to implement sd-access, does anyone have a guide to configuring fiab and how it should be incorporated into the sd wan solution...
Thanks in advance

Ciro Gustavo Mele

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

You can look Fabiric in box below videos :

https://www.youtube.com/watch?v=plo8N7tg9Wc

check sd-access deployment guide : (if the SD-wan  connecting the SD-Access site - depends on what transit you have)

https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/SD-Access-Distributed-Campus-Deployment-Guide-2019JUL.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

jedolphi
Cisco Employee
Cisco Employee

Hi, there's a video on how to deploy FIAB, https://youtu.be/plo8N7tg9Wc?si=eZYhaiMwFpZRAZVf . Regarding SD-WAN, the FIAB is adjacent but not integrated to SD-WAN. You can review these two items which should answer most questions: https://cs.co/independent-domain and https://www.ciscolive.com/on-demand/on-demand-details.html?#/session/1686177810867001V3CW . Let me know if anything else is needed. Regards, Jerome

 

anthony.wild
Beginner
Beginner

Hi Ciro,

We've accomplished this by ensuring that the SD-WAN BGP/Interface templates (and VPN's therein) are aligned to support the number of VRFs/VNs that you currently maintain in your SDA deployment for border handoff. It works without issue and allows SGT propagation across the WAN.

We took a phased approach by executing a duplicative peering for underlay/overlay into the same VPN initially before working in our phase 2 design to establish a separate/true VPN for INFRA. We did this because you need to consider the fact that you need more than just access to DNA in the underlay, and need other shared services such as DHCP for your wireless access points and fabric extended nodes if applicable. Our phase 3 approach will include yet another SD-WAN VPN for Guest Shared Services (DNS/DHCP). 

You could most certainly setup all of that at once but we felt more comfortable in a crawl, walk, run approach... and the duplicative BGP peering into the same VPN helped our NetOps team get more familiarized supporting SDA at scale/remotely without making a lot of other changes in the shared services/fusion/WAN layers.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: