Hello, In our SDA Fabric, we deployed some switches without LAN Automation. This manual underlay is built using SVIs and the Fabric Edge uplinks are L2 trunks. On those switches we are carrying non-SDA VLANs, with default gateway being located outsid...
Forum Posts
Hi There,I would like to ask, in my environment we will deploy Catalyst Centre, WLC 9800, AP 9130 and 3102 series. Once all the devices has been managed through Catalyst Centre, can the WLAN configuration being done and push through Catalyst Centre? ...
Resolved! Do I need DNA license for Netflow?
Hi A customer wants netflow enabled access switch. I offered 9200 with Network Essentials base license. Now I am going through the datasheet again I see NetFlow feature is listed under DNA licenses. The lowest DNA add-on license that supports netflow...
Hello,I have an 8-port switch (c9200) which is no longer connected to the fabric.It's currently at my workplace. Can I still delete the switch from the fabric and inventory even though it is no longer connected?When I try this, I always get an error ...
Hi All,I've just been watching Cisco Live session "Deploying Your First Cisco SD-Access Project - BRKENS-2824" (great session by the way) and I have some questions about underlay scale.I'm currently working on a deployment that will have 2 x C9500 co...
Resolved! Cisco SDA Trustsec Concept
Hi, Lets say i have ISE, DNAC, edge, intermediate, border and fusion firewall non cisco. Outside all of this doesnt support trustsec. 1. Where policy SGACL enforcement should be applied? Please tell me the most common practice 2. When packet return f...
Hi CommunityI am trying to install the signed certificated (CRT) via vManage but I got an error message: Failed to retrieve device data: Not able to find any device for CSR common name. Where did I make the mistake? the CSR was generated and the CRT ...
Resolved! SD-Access compatibility matrix
Gentsany idea why SDA EVPN is disabled in Subject & how to enable? Thanks
HI All,I'm currently starting to rollout some fabric edge switches in a new site using LAN automation. I noticed that when deploying LAN-A, that you have the option to assign the discovered device to the building or floor level of the network hierarc...
Hi All,I am planning on installing a Cisco 9300X switch within my fabric site that will act as a L2 handoff border node to support migration. Looking at the Catalyst Center data sheet, the C9300X supports a maxium of 32,000 endpoints when deployed as...
PKI Config push Failed when provisioning WLC from DNAC WLC#ter mo Mar 4 01:31:42.745: %PKI-3-PKCS12_IMPORT_FAILURE: PKCS #12 import failed for trustpoint: sdn-network-infra-wan. Reason: Failed to read PKCS12 from url: https://20.20.20.20/api/v1/t...
Resolved! Cisco SD Access Questions
HiSorry for this but I have some questions regarding Cisco DNA as it make me confusedFirst: when two host in the same layer 2 virtual network with anycast gateway and same ip subnet communicate over the fabric , the vni field in the encapsulated pack...
Resolved! SDA L2 VN - SDA Transport between sites
We have a Layer 2 Virtual Network (with gateway outside of the fabric) that we would like to stretch between SDA sites. Users would be in Site A and Site B, but the gateway would only be located in Site B. We would have SDA Transit between Site A a...
I want to use SGACL in SDA to make guest ssid only accessible to internet. From what I understand, it seems like I need to set ACL on Fabric edge guest ssid is included in fabric and I want to use psk I want to know more details.
Hello, team I’m deploying a DNAC environment version 2.3.7.7-70047 We have 2 C9500 BN/CP in co-located mode and configuring the L3-Handoff link against 2 Firewalls in active/passive cluster. Following BRKENS-2824 documentation due both BN/CP are not ...
