Hello Everyone,We are building an SDA network with two separate border and control plane nodes ( collated both roles on same device) that are connected by BGP to a fusion firewall (Active/Standby). When DNAC configures the L3 border handoff, I provid...
-
-
-
-
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community
-
Forum Posts
I would like to know if Cisco requires me to install a DNA license on the C1121 router, even though I do not plan to use DNA. I will only use CLI mode. I know that there are other platforms that require purchasing a DNA license even if you don't us...
So we currently run CC 2.3.5.6 with a fully integrated ISE 3.0 and we use policy set for Wired+Wireless Authentication and have 3 VNs in SDA with multiple hierarchical L2 VN/AnyCast Gateways and associated IP Pools in CC. Simply put: depending on MAC...
Hi,in this document , it says that in case of External+Internal border where BGP is imported into LISP and LISP is redistributed back into BGP, tags are needed to prevent iBGP to LISP route imports and hence avoid potential loops.Can someone, please,...
Resolved! Fusion Firewall with Intermediate L3 Hop
We are deploying the similar design as shown in the attached picture ( source: Cisco Live) where we have Nexus vPC switch as L3 hop between Border and Firewalls.BGP sessions will be established directly between:Border Nodes and NexusNexus & Firewalls...
Trying to deploy VNs to the fabric devices, but when I reach the preview configuration step, it shows "no devices found." The VN has already been created and assigned under the fabric site.Some quick checkupFabric devices (Border Nodes, Control Plane...
Hi, I have a working location with single 9300X working as FIB - i.e. it runs edge, contorl, border and also embedded WLC functionality. The fabric is working good. But now I need to change the Loopback0 IP address (due to global network renumbering)...
Hi Cisco Community We have used some C3560CX as office extenders and now want to activate SGT. Unfortunately this does not work and we do not yet understand the reasons. A new C9200CX works perfectly. There are contradictory announcements and ma...
Hi All, Hope you’re doing well! Just one small question – if MACsec support is on the roadmap for SD-Access? Or there are no plans to support it at all? Any input would be very welcome
Hi AllI m working on setting up PXE boot for SCCM device builds over the network . We are using an SDA network where I have configured IP helper on the SVI the endpoints are connected to . This is the configuration on the Fabric Edge node SDA-EDGE-...
Hello, I have a physical Cisco DNAC appliance, and I’ve set up EVE-NG on ESXi to practice SD-Access. I’m a bit confused about which Cisco switch IOS images are compatible with EVE-NG for SD-Access lab simulations. I want to ensure I use the right ima...
We’re working on a greenfield deployment of Cisco SD-Access. We have two Catalyst 9600R switches designated as BN/CP, which we’re setting up as individual devices. Many recommended avoid using VSS or SVL due to downtime during maintenance windows Eac...
Hi Can I check for small SDA sites design, can we directly connect DHCP/DNS server to the Border Node?
Hi,We have a requirement where we need to route single VRF (SSOL_Vrf) Traffic in SDA Fabric. Currently all vrf traffic is being forwarded based on default route, as a new requirement we need to forward it to new firewall being a part of SDA Fabric.S...
HiI have a requirement to move every device from one subnet/address pool and disperse the clients around other ones. My problem is I don't know how many ports are assigned to a particular address pool across my fabric. I can find active devices eas...
