Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2961
Views
20
Helpful
8
Replies

SD-Access Host Onboarding - Fabric Edge Port Connected Device Type of Server & Supported Devices

dmorello74
Level 1
Level 1

‎11-13-2019 09:07 AM

When Host Onboarding a Meraki AP to the Fabric Edge port, you choose a device type of "Server" which basically configures this port as a trunk.  In the DNAC User Guide, it states the following constraints for the Fabric Edge port:

 

     - Cisco SD-Access deployments support only APs, extended nodes, user devices (such as a single computer or a single   

         computer plus phone), and single servers

     - Other networking equipment (such as hubs, routers, and switches) is not supported.

     - Each port can learn up to a maximum of 10 MAC addresses.

 

If the Meraki AP is configured as a "single server" on the Fabric Edge port, what prevents you from connecting a Switch to this same Fabric Edge port and trunk its VLAN's similar to the Meraki AP?  Does the Fabric Edge port have BPDU Guard enabled and would this be a possible reason you can't connect a Switch (Non-Extended Node) to the Fabric Edge port?

 

Also, the Fabric Edge port is stated to only support a maximum of 10 MAC addresses.  Is this number correct?  I heard during a SD-Access & Meraki Integration "Cisco Live" presentation that 100 devices/MAC's are supported per Fabric Edge port when it configured as a "Server" Device Type.  This would make more sense that 100 devices/MAC's are supported per Fabric Edge port.  Can we verify?    

 

Labels:
8 Replies 8

Mike.Cifelli
VIP Alumni
VIP Alumni

‎11-13-2019 09:38 AM

I can confirm this: Also, the Fabric Edge port is stated to only support a maximum of 10 MAC addresses. Is this number correct? I heard during a SD-Access & Meraki Integration "Cisco Live" presentation that 100 devices/MAC's are supported per Fabric Edge port when it configured as a "Server" Device Type. This would make more sense that 100 devices/MAC's are supported per Fabric Edge port. Can we verify?

When assigning DEVICE_TYPE: 'User Device' DNAC will provision the following device-tracking policy:

device-tracking policy IPDT_MAX_10
limit address-count 10
no protocol udp
tracking enable

When DNAC provisions a port with DEVICE_TYPE: 'Server' it applies this tracking policy:

device-tracking policy IPDT_TRUNK_POLICY
limit address-count 100
no protocol udp
tracking enable

If you are interested in utilizing an extended node in your fabric please see here: https://www.cisco.com/c/en/us/solutions/enterprise-networks/software-defined-access/compatibility-matrix.html
Only certain platforms are supported. As of 1.3.1.3 one thing to note is that ext. nodes are capable of running port-channels (no MEC).

The tracking policies are re-configurable via template editor. Also, for the trunk DNAC will by default allow all vlan ids. This is also tweak-able via the template editor. Obviously not all vlan ids are in your db so keep that in mind when worried about the default config.

Anyways, hopefully this helps answer some of your concerns.

jedolphi
Cisco Employee
Cisco Employee

‎11-13-2019 06:09 PM

As of today a standard SD-Access fabric edge access port allows maximum 10x IP addresses.  An SD-Access fabric edge "Server" port allows 100x IP addresses. BPDU guard is not enabled on "Server" port. Nothing stops you from connecting a basic switch to a Server port, however, you lose DNAC automation (basic switch is not configured by DNAC, DNAC cannot configure ports, upgrade code versions, etc), you may lose SGT segmentation (basic switch downstream from server port is not part of VXLAN overlay, and not integrated with ISE for TrustSec policy download), you may lose MAB/802.1x (basic switch may not be talking to ISE for AAA) and you lose e2e network Assurance  (DNAC is not aware of the basic switch, DNAC doesn't know if there is any problems on the basic switch), and the list goes on. Hope that makes sense. Jerome

angel_flk
Level 1
Level 1
In response to jedolphi

‎03-13-2020 04:49 AM

Hello Jerome, thanks for the very precise explanation, just a doubt?

Is this scenario supported by TAC? (Connecting a external basic Switch to a Fabric Edge?)

0 Helpful

Scott Hodgdon
Cisco Employee
Cisco Employee
In response to angel_flk

‎03-16-2020 12:40 PM

angel_flk,

Yes, this is supported. Just keep the other information Jerome listed in mind.

Cheers,

Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking Group

0 Helpful

rasmus.elmholt
Level 7
Level 7
In response to angel_flk

‎10-04-2021 12:02 AM

Hi,

 

I think that if you want to connect a switch to you SDA Fabric, the L2 handoff feature would be better to use.

0 Helpful

SNGreene
Level 1
Level 1
In response to jedolphi

‎09-29-2021 06:34 AM

Jerome,

 

What if we connect a MR44/46/56 AP to this port? Will it or can we setup a way for the AP to reach ISE for AAA?

0 Helpful

Scott Hodgdon
Cisco Employee
Cisco Employee
In response to SNGreene

‎09-29-2021 10:37 AM

@SNGreene ,

This is the only documentation of which I know for Meraki wireless integration with SD-Access:

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Campus/WhitePaper-Deploying-Cisco-Meraki-Cloud-AP-SDA-2019MAR.pdf

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking and Cloud Group

SNGreene
Level 1
Level 1
In response to Scott Hodgdon

‎09-29-2021 11:03 AM

Thank you!!

0 Helpful
Customers Also Viewed These Support Documents