Showing results for 
Search instead for 
Did you mean: 

9200 switch Virtual Network

Level 2
Level 2



i have a question here, what is the limitation of 1 no's of virtual networks in 9200L series switches,



14 Replies 14


Can you elaborate your question ?

-hope this helps-

Level 1
Level 1



The 9200L switch is a basic equipment that intends to replace the 2960 for a branch office.
The 9200 model allows up to 4 VN, but the cost of the uplink makes you almost have to put 9300 as an access switch to be able to implement SD-Access without restrictions.
Be aware that with Wi-Fi controllers with 9200!



Farhan Mohamed
Cisco Employee
Cisco Employee

Total VNs or virtuals networks will be one in case of 9200 switch. This information is pulled from Cisco Datasheet.

the virtual network's are the underlay network in the DNA center, ?? Please confirm

its actually the overlay. Also DNA Center is the controller, for managing everything including overlay network, the overlay can potentially span across multiple sites.

Interworking of SDA revolves around 3 protocols.

At Data plane - VxLAN

At Control plane - LISP

At Policy plane - Cisco TrustSec

This white paper is a good place to start learning more.


-hope this helps-


so this means i cannot have a 2 PC's ( Corporate PC and Guest PC) on this switch with different Virtual Network , for example if i want a guest virtual network and corporate virtual network to co exist on this switch it is not possible, becz when DNA will push virtual network to switch it will accept only one instead of two numbers.

Please correct me

You are correct. Maximum one SD-Access Virtual Network (VN) on 9200L. So you can have either CORP VN or GUEST VN, but not both. Please also be advised that the restriction applies to the whole fabric site, not just the switch. If you have an SD-Access site with 40x C9300s and 1x C9200L, then the whole site is limited to one VN. This is because users could roam to anywhere at a site, so it's not possible to have different VNs on fabric edge switches at same SD-Access site.


Dear Jerome,


Please also be advised that the restriction applies to the whole fabric site, not just the switch. If you have an SD-Access site with 40x C9300s and 1x C9200L, then the whole site is limited to one VN.


please elaborate more on the above statement.


OR in the other way to explain is as below.


That if we have multiple VN's on the network and it will be push from DNA to every switch hence the switch 9200L will not accept more than 1 , but if a user who is sitting on 9300 CORP VN and if he is moving to 9200L he will not get the access becz his port cannot be configured on the corp VN. this is what u want to mentioned.


DNA Centre will look at lowest capability switch in a fabric site and restrict the number of VNs on entire fabric site to the VN limit of the lowest capability switch. So, if you have a fabric site with 40x Cat 9300 and 1x Cat 9200L then the whole fabric site, including the Cat 9300 switches is limited to one VN.


Is there a roadmap to enhance the VNs at the 9200L or change the support of the VNs in the DNA - Center because we want to mount the 9200L sitches in case  they have less depth to mount in the racks. But reducing the whole site to one VN is not


I haven't heard about it, but you can reach out to your Cisco SE or AM, they will be able to get more recent info on this.


-hope this helps-

Hi Jerome,

I know that is a old post, but this is still true?

Do you have any links from the Cisco docs about this?

Leonardo Santana

*** Rate All Helpful Responses***

VIP Alumni
VIP Alumni
IMO if you are not limited on resources (money) you should run with 9300s if you are in search of a copper based edge node. The limitations alone from a scale perspective with the 9200s are not worth it unless you are running a pretty small shop. Some would say that it depends on the number of VNs you run. Others would probably argue the fact that you could run with 1 VN or up to 4 VNs in your fabric with the 9200 (depending on your uplink model). Something to consider from a design and purchasing type question/s should be how you wish to segregate your environment. What I mean by this is maybe 1 VN is sufficient with a ton of IP pools and separate SGTs, or maybe per requirements you need several segregated routing instances. In scenario 2, routing instances (VNs), you would have more work on your fusions from a leaking perspective. Anyway, I ultimately think that it comes down to your requirements. Good luck & HTH!