cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1101
Views
0
Helpful
3
Replies

Fiab on 9300

Ciro G Mele
Level 1
Level 1

Hi,

We are about to implement sd-access, does anyone have a guide to configuring fiab and how it should be incorporated into the sd wan solution...
Thanks in advance

Ciro Gustavo Mele

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

You can look Fabiric in box below videos :

https://www.youtube.com/watch?v=plo8N7tg9Wc

check sd-access deployment guide : (if the SD-wan  connecting the SD-Access site - depends on what transit you have)

https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/SD-Access-Distributed-Campus-Deployment-Guide-2019JUL.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

In this video, we are going to see what is Fabric in a box and how can this be enabled from Cisco DNA Center.

jedolphi
Cisco Employee
Cisco Employee

Hi, there's a video on how to deploy FIAB, https://youtu.be/plo8N7tg9Wc?si=eZYhaiMwFpZRAZVf . Regarding SD-WAN, the FIAB is adjacent but not integrated to SD-WAN. You can review these two items which should answer most questions: https://cs.co/independent-domain and https://www.ciscolive.com/on-demand/on-demand-details.html?#/session/1686177810867001V3CW . Let me know if anything else is needed. Regards, Jerome

 

anthony.wild
Level 1
Level 1

Hi Ciro,

We've accomplished this by ensuring that the SD-WAN BGP/Interface templates (and VPN's therein) are aligned to support the number of VRFs/VNs that you currently maintain in your SDA deployment for border handoff. It works without issue and allows SGT propagation across the WAN.

We took a phased approach by executing a duplicative peering for underlay/overlay into the same VPN initially before working in our phase 2 design to establish a separate/true VPN for INFRA. We did this because you need to consider the fact that you need more than just access to DNA in the underlay, and need other shared services such as DHCP for your wireless access points and fabric extended nodes if applicable. Our phase 3 approach will include yet another SD-WAN VPN for Guest Shared Services (DNS/DHCP). 

You could most certainly setup all of that at once but we felt more comfortable in a crawl, walk, run approach... and the duplicative BGP peering into the same VPN helped our NetOps team get more familiarized supporting SDA at scale/remotely without making a lot of other changes in the shared services/fusion/WAN layers.

Review Cisco Networking for a $25 gift card