SD-Access, VN with multiple IP pools

GuyJCRaymakers40943 · ‎01-26-2022

Hi colleagues,

I was wondering whether anyone has come across the following situation, related to migration of a standard LAN to SDA.

In the traditional LAN (typical 2-tier with L3 on the core and L2 downstream on the access) there could be multiple VLANS serving the same client types on different access-switches (worst case - a VLAN per access switch). Looking at the transition to SDA, and where we can't change existing used IPs, what are the options? Any thoughts pls?

Thanks,

Guy

Scott Hodgdon · ‎01-26-2022

@GuyJCRaymakers40943 ,

This is a very typical request for migration where IP subnets must be both in and out of the fabric at the same time. I recommend having a look at the SD-Access Migration sessions in the Cisco Live On-Demand Library, specifically:

Real World Route/Switch to Cisco SD-Access Migration Tools and Strategies - BRKCRS-3493 Event: 2020 Digital APJC
Updated Cisco SD-Access Migration Strategies - BRKENS-2008 Event: 2021 Digital
Cisco SD-Access Integrating with Your Existing Network - BRKCRS-2812 Event: 2020 Barcelona

As far as having multiple IP Pools in the same VN, that is not a problem at all. It has been supported since Day 1 of SDA.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking and Cloud Group

GuyJCRaymakers40943 · ‎01-26-2022

Thanks Scott,

Indeed - the multiple IP pools in a VN is OK - just having i.e. 10 IP pools for the same user community (example "employees"), not sure how to deal with that from an ISE policy point of view (authorization VLANs?). So perhaps this is more an ISE question than SD-Access...

I'll take a look at the listed CL sessions.

Cheers,

Guy