Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3736
Views
23
Helpful
9
Replies

Non sda switch connected to the fabric edge

Go to solution
taytibob
Level 1
Level 1

‎02-25-2021 01:08 AM - edited ‎02-25-2021 02:10 AM

I would like to discuss the scenario where endpoints are connected to a standard switch which is itself connected to the fabric edge of a sda campus network (as shown on the attached picture).

The clients on the non sda switch have to connect to a server located in the datacenter through the sda campus.

First question : Is this a scenario that can work ? if yes how ?

Second question : If this doesn't work what can be the alternative ?

Third question: If a router is connected between the non sda switch and the fabric edge does this work ?

 

Labels:
Preview file
1431 KB
2 Accepted Solutions

Accepted Solutions

Go to solution
jedolphi
Cisco Employee
Cisco Employee

‎02-25-2021 02:37 PM

Hi team

Yes, we allow non-SD-Access switch to connect to SD-Access Edge Node. If you set Edge Node port type to "Server" it becomes an 802.1Q trunk. Then on downstream switch you match the SD-Access VLAN IDs as required. FYI "Server" port has been renamed to "Trunk" port in next major release of SD-Access for the exact reason you asked this question - we want to make it clear that it's supported to connect external switches.

If Edge Node port is access port (Not Server/Trunk port), then you can have non-SDA switch connected also, BUT, Edge Node access port has BPDU Guard enabled and you cannot turn it off today (roadmap, hopefully later this year), so, you would need to block BPDUs on the non-SDA switch if Edge Node port is access port.

Yes, you can put a router between an SDA Edge Node and an non-SDA switch. The router will need to present a single IP address into the SDA fabric i.e. you cannot program static routes on the Edge Node pointing to the router - so in other words, the router would NAT the external network so that it appears to SDA fabric as the same as any other endpoint e.g. printer, PC, etc.

(We CAN route between a router and SDA Edge + Border Node, but that is a much larger conversation, I assume it is not what you're looking for here).

N.B. I have a presentation on all the new SDA compatibility scenarios at Cisco Live next month (March 2021). Hope those interested get a chance to review it.

Cheers! Jerome

View solution in original post

Go to solution
jedolphi
Cisco Employee
Cisco Employee
In response to taytibob

‎02-25-2021 10:58 PM

Yes, connect it to an Edge Node access port. I will update the field on this at Cisco Live next month. In meantime you can see some detail in my previous presentation on this topic - go to www.ciscolive.com and search for presentation BRKENS-3822. See the slide entitled "FE Access Port with Unintelligent Switch". Link -> https://www.ciscolive.com/global/on-demand-library.html?search=brkens-3822#/session/1570575336196001v4R5

Best regards, Jerome

View solution in original post

9 Replies 9

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-25-2021 02:19 AM - edited ‎02-25-2021 02:33 AM

As per the diagram it works in terms of technically.  you can extend SGT to non fabric so they work  as expected.

 

There is good document how you can extend non fabric devices :

 

https://www.cisco.com/c/en/us/td/docs/solutions/Verticals/EE/DG/ee-dg/ee-dg.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
taytibob
Level 1
Level 1
In response to balaji.bandi

‎02-25-2021 04:31 AM

The document doesn't say that. It says that we need to use cisco fabric extended node.

However here we use unmanaged 3rd party switch or non sda capable switch. 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to taytibob

‎02-25-2021 06:50 AM

Look at Figure 7 - is that what you looking to deploy ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
jedolphi
Cisco Employee
Cisco Employee

‎02-25-2021 02:37 PM

Hi team

Yes, we allow non-SD-Access switch to connect to SD-Access Edge Node. If you set Edge Node port type to "Server" it becomes an 802.1Q trunk. Then on downstream switch you match the SD-Access VLAN IDs as required. FYI "Server" port has been renamed to "Trunk" port in next major release of SD-Access for the exact reason you asked this question - we want to make it clear that it's supported to connect external switches.

If Edge Node port is access port (Not Server/Trunk port), then you can have non-SDA switch connected also, BUT, Edge Node access port has BPDU Guard enabled and you cannot turn it off today (roadmap, hopefully later this year), so, you would need to block BPDUs on the non-SDA switch if Edge Node port is access port.

Yes, you can put a router between an SDA Edge Node and an non-SDA switch. The router will need to present a single IP address into the SDA fabric i.e. you cannot program static routes on the Edge Node pointing to the router - so in other words, the router would NAT the external network so that it appears to SDA fabric as the same as any other endpoint e.g. printer, PC, etc.

(We CAN route between a router and SDA Edge + Border Node, but that is a much larger conversation, I assume it is not what you're looking for here).

N.B. I have a presentation on all the new SDA compatibility scenarios at Cisco Live next month (March 2021). Hope those interested get a chance to review it.

Cheers! Jerome

Go to solution
taytibob
Level 1
Level 1
In response to jedolphi

‎02-25-2021 10:10 PM - edited ‎02-25-2021 10:34 PM

If the switch is an unmanaged switch (no configuration) vlan tagging will not happen. Is there a solution for that?

0 Helpful

Go to solution
jedolphi
Cisco Employee
Cisco Employee
In response to taytibob

‎02-25-2021 10:58 PM

Yes, connect it to an Edge Node access port. I will update the field on this at Cisco Live next month. In meantime you can see some detail in my previous presentation on this topic - go to www.ciscolive.com and search for presentation BRKENS-3822. See the slide entitled "FE Access Port with Unintelligent Switch". Link -> https://www.ciscolive.com/global/on-demand-library.html?search=brkens-3822#/session/1570575336196001v4R5

Best regards, Jerome

Go to solution
katerina.dardoufa
Level 4
Level 4

‎11-06-2022 02:40 AM

Hey all!

This is really great information! In many cases there is a need to use a non-sda capable switch connected to FE, for "quick and dirty" solutions, that is until a new sda-switch can be provided (this can take up to many months in the current post-covid situation). 

I have a question which came up after watching the BRKENS-3822 presentation. If an "unintelligent switch" is connected to FE there is a limitation of 10 end devices that can be hosted. Does this same limitation apply when an intelligent switch is used?

From all the previous conversation it is my understanding that if a non-sda switch is connected to FE it can still do trustsec, if it manually configured properly. Is this correct? I haven't gotten round to reading "https://www.cisco.com/c/en/us/td/docs/solutions/Verticals/EE/DG/ee-dg/ee-dg.html", so maybe this is described in this doc.

Kind regards,

Katerina

 

0 Helpful

Go to solution
jeanciriacdorgelest
Level 1
Level 1

‎03-08-2024 08:32 AM

Hello everyone

In the SD-Access Design with Layer 3 Routed Access I noticed that the access switches are interconnected to the distribution switches but not directly to each other.

So I'd like to know, since the routing decision is made directly at the access switches, why not interconnect them directly to each other in addition to interconnecting them to the distribution switches?

0 Helpful

Go to solution
andy!doesnt!like!uucp
Spotlight
Spotlight
In response to jeanciriacdorgelest

‎03-08-2024 08:46 AM

this same Q from u has been answered in different tread. please dont mix topics.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents