Hi there,

Assume that, there is a network that consists of 3 buildings: 2x9407 in each and 9300 access/edge nodes. We have 9410 as super core (central node which aggregates all of 3 buildings). 2xCisco router as ISP facing device, 2x Cisco firewall and 2x Cisco WLC, 2 ISE appliances are also there.

Need design recommendations. My doubt is that what if I want to connect nodes to border device

Option 1) using 9407 in each building as Border/Control node and 9410 as fusion/next device for rest of network.

Here my question: is it possible to attach any node to 9407 border as access port? Or trunk port?

Option 2) using 9407 as intermediate and edge node (at the same time), attach nodes to it and it will be intermediate node for 9300 devices as well (I know that edge behind edge is supported). 9410 will be border device.

There same question appears, can I connect nodes (WLC/DNA/ISE) to 9410 border?

Option 3) The same as option 2,  but use router as control&border element (not as ISP facing devices, FW will be directly connect to ISP).

Question: Since 9410 is aggregation point can I pass traffic from 9407 to ASR1001 as L2/L3 (in case of L3 different VRF for 9410)? 9410 becomes some soft of intermediate device, but I'll use it as the device where DNA/ISE/WLC connected.

I hope could explain the topology/design (in short, as in traditional design: 3 tier design where access/distro nodes are in separate buildings and core nodes aggregates links from distro switches).

And I think option 1 is more stable and safe. Just my doubt is what if customer wants to connect server/some node to 9407 devices (building central device). Node may be one vlan based (access port) or esxi server with mutliple vlan (trunk port).

I can't implement FIAB in 9407 because edge (9300) behind FIAB (9407) is not supported.

Thanks in advance,