cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
725
Views
5
Helpful
2
Replies

SDA - L2 Features like Storm-Control and DAI

markus.forrer
Level 4
Level 4

Hi Community

Someone know how to deploy Storm-Control Features in a SDA deployment? Just using CLI Templates?

What about the feature Dynamic ARP Inspection?

 

Just wondering how to deploy these features. Anything on the roadmap for newer DNA release?

 

Kind regards

2 Replies 2

Mike.Cifelli
VIP Alumni
VIP Alumni

Depending on what version of DNAC you are running your best bet is to probably rely on the template editor to deploy custom configs as you wish.  I do know via TAC that they are working on providing customers the ability to create custom authentication templates.  This feature request can be tracked here: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs05020

HTH!

gabori
Level 1
Level 1

The following document suggests that DAI is enabled by default with SD-Access. Not explicit though.

https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/dna-center/215885-troubleshoot-arp-resolution-in-sd-access.html

 

I have tested this with a 9300 at 17.6.5, and actually "debug platform dai all" shows the arp packets received on a fabric SVI, but doesn't show them when coming in on a normal SVI. So apparently on fabric SVIs DAI is implicitly enabled.

But receiving ARPs from an end device which is not using DHCP is still working, meaning that DAI is actually not working on the fabric VLAN as it should.

It is also a challenge to enable it with a CLI template, as in a CLI template I was not able to find any way to list the vlans configured on the switch dynamically. So probably the vlan assignments should be done statically and then a static CLI template can enable DAI on those vlans.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: