06-11-2020 01:07 AM - edited 06-11-2020 02:49 AM
Hi All,
I have used LAN automation to deploy a three tier network using both methods as outlined in the LAN automation deployment guide without any problems. I have LAN automated distribution and edge switches using the core switches as seeds, and I have LAN automated the distribution switches first, with the core switches as seeds, and then the edge switches second with the distribution switches as seeds. Both worked successfully.
What I have not tested, and cannot see documented, is LAN automating a more complex topology that may have daisy chained edge switches such as core->distribution->edge->edge->edge which is common in my experience as there are always a few corner cases like this. I'm aware that the switch to be automated cannot be more than 2 hops away from the seed. For the topology above, would we have to LAN automate up to the first edge, and then use that edge as the seed for the remaining edge switches? Is this supported?
06-11-2020 04:29 AM
@de1denta wrote:
Hi All,
I have used LAN automation to deploy a three tier network using both methods as outlined in the LAN automation deployment guide without any problems. I have LAN automated distribution and edge switches using the core switches as seeds, and I have LAN automated the distribution switches first, with the core switches as seeds, and then the edge switches second with the distribution switches as seeds. Both worked successfully.
What I have not tested, and cannot see documented, is LAN automating a more complex topology that may have daisy chained edge switches such as core->distribution->edge->edge->edge which is common in my experience as there are always a few corner cases like this. I'm aware that the switch to be automated cannot be more than 2 hops away from the seed. For the topology above, would we have to LAN automate up to the first edge, and then use that edge as the seed for the remaining edge switches? Is this supported?
Yes - You would need to run LAN Automation on the first edge layer again in order to onboard the bottom two layers. This is fully supported and I have done this for a number of customers myself.
Thanks!
Roddie
06-11-2020 09:09 AM
Hi d1denta,
just wanted to share a hint as the question is already awnsered.
Pay attention to your TrustSec Policies. If you have a topology like this and "no cts role-based enforcement" is not configured on the uplinks and in the Policy Unknown to Unkown SGTs is not permitted you will loose underlay communication.
I have Topologies like Border1>Edge>Edge>Edge>Edge>Edge>Border2 and it works fine. You just have to pay more attention and more LAB time depending on which Features you want to use and how you want to use them (for TrustSec+Multicast) (:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: