SD-Access FiAB limitations

alessandro.s · ‎06-06-2025

Hi all,

i have a very small remote site that is currently connected via an L2 Point-to-Point link to our headquarters. The site is provided with two stacked 9300L switches and four 9120AXI APs and is working as a "streched site" so 9300L switches are configured as Fabric Edges and directly connected to the BN/CP nodes in the HQ, where there's also a 9800-L WLC managing the four APs.

Now we are going to dismiss the Point-To-Point connection, and we will connect the site with a third party SD-WAN solution that will not support inline SGT tagging, so we will go with IP Transit and configure the 9300L switches as FiAB with eWLC to manage local APs.

As per i remember, there was some limitations about FiAB, regarding the number of VNs and IP pools that we can use in such a site, is there any document about this?

Also, is there a specific procedure to follow to "migrate" a FE o FiAB, considering that i'm aware that there will be traffic disruptions?

Thanks in advance

Parthiv Shah · ‎06-06-2025

Hi

Data sheet provided as-access scale information. Most of the scale is per platform and not based on fiab role but you can find the details.

<>
[logo-open-graph.gif]
Catalyst Center 2.3.7 Data Sheet<>
cisco.com<>

Thanks

Andrii Oliinyk · ‎06-06-2025

try to put things in order with sharing CMO network diagram 1st:
a) BN-to-FN(s) implementation should be standard - l2-trunk carrying transfers for site VNs & L3 peered by BGP or is it SDA-transit?
b) SGT propagation on BN-to-FN(s) link(s) in case of no SDA-transit
c) site WLC or site eWLC?
any concerns about VRF-lite limitations on the C9300L?
pls remove misconceptions like "9300L switches as FiAB" - FIAB is always single R&S entity (stack or single switch)
etc