I would like to enable SGT based policy between Virtual Networks based on SGTs. The fusion device is a 9300s switch and I understand I have two options: 1. SXP between the fusion device and ISE to receive IP to SGT mappings + Enable Enforcement of th...
I have 2 questions about the following setup - Integrate Fusion Devices with the Legacy Network by Static Routing (Default + few specifics redistributed to IS-IS)- Legacy Core switches just have a single route back to the fusion covering all SD-Acces...
Hi All
I have gone through the initial setup for Stealthwatch Management Console Appliance:
- CIMC IP Address
- Management IP Address
- Changed the sysadmin password
- Changed the root password
I can ping the device but when I HTTPS to it, it s...
Hi
I have really random problem as follows:
- Backbone Router Interface set to MTU 9216
- 3850 WAN Switch between the Back Bone Router and ACI Leaf with MTU 1500
- Leaf Configured to Run BGP with the Backbone Router across 3850 WAN switch
BGP Endpo...
Hi I have got the following problem:- Wireless Workstation authenticate using certificates and cert profile matches SAN- recently added BYOD devices that wont work unless I use cert profile matching Common Name Is there any way to split Wireless 802...
This white paper confuses me a little bit as I have the following use case. - 2 sites that are connected via Virtual Stack 9500 switches with Dark Fibre Between them- LAN/WAN connects to Virtual Stack which means that IPN network would basically be a...
Thanks Mike Well, I avoid route leaking in my setup because traffic out of the fabric routes out to the legacy core by following default route and if the destination is in the fabric but different VN it simply hairpins back. The route leaking would a...
For me, the only reason that may require iBGP (per VRF) between the borders is if your uplinks to two different fusion devices are patched into a single linecard on the border because this linecard would be SPOF and the only re-routing option would b...
Thanks Mike, Route leaking or lack of is just connectivity ON & OFF which doesn't solve the problem. I don't want to rely on any prefix lists in SD-Access because the main advantage of it is abstracting IP addresses from the endpoint. I suspect tha...