Buy or Renew
Buy or Renew
Register Here! - Join us 11/13 for the "Navigating DHCP Processes in SD-Access Network" Community Live event
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1249
Views
0
Helpful
4
Replies

Question about the use of firewall in the SD-Access factory

khalilsoltani47714
Level 1
Level 1

‎04-20-2021 06:20 AM

When creating SD-Access Fabric we use the transit-IP
I used switch nodes borders Cisco Catalyst 9500 and fusion (you can used Firewall to share the VRF)
either the firewall is not recommended as a fusion ???
for the wireless which recommended in the factory to use wirelless embedded in the border node or in the Edge node.

Labels:
0 Helpful
4 Replies 4

Scott Hodgdon
Cisco Employee
Cisco Employee

‎04-20-2021 06:56 AM

Khalil,

If you will use embedded wireless controller, it is better to have it in the Border Node.

Firewall as a fusion device is a good option, as long as it can take the vrf-lite handoff from the Border. If the firewall can support SGT-based policy, then that is even better.

Do you have a diagram of your proposed design that you can share?

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking and Cloud Group

0 Helpful

khalilsoltani47714
Level 1
Level 1
In response to Scott Hodgdon

‎04-20-2021 08:58 AM

Thanks for your feedback
I am creating our company factory design, please find attached our target architecture or i used as fusion (nexus switch 7K) but my manager help me who we can use firewall as fusion is better
You can send a link to a cisco site that talks about firewall as a fusion and the recommendation of cisco for the use of firewall as a fusion and wlc at the border node level
thank you for sending a cisco site link about the recommendation for the firewall and wlc

Preview file
22 KB
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to khalilsoltani47714

‎04-20-2021 09:20 AM

New FP with 6.6 or 6.7 code support i guess with VRF.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Scott Hodgdon
Cisco Employee
Cisco Employee
In response to khalilsoltani47714

‎04-20-2021 09:26 AM

Khalil,

We have an SD-Access Cisco Validated Design (CVD) Guide here : https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html . It covers all areas of design.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking and Cloud Group

0 Helpful
Customers Also Viewed These Support Documents