This section provides information to configure a universal hardware Fabric Engine Edge switch operating as a Fabric Connect node and to configure Shortest Bridging Path (SPB) and Intermediate System-to-Intermediate System (IS-IS).
Before you replace an existing Ethernet Routing Switch (ERS) configuration with the universal hardware Fabric Engine edge solution, consider the following key decision points:
Will the edge switch use Network Access Control (NAC)?
Tip
If you use NAC then you should use Switched UNI (S-UNI) mode because it is more flexible in supporting the available RADIUS assigned attributes, which the RADIUS server can return. With NAC, RADIUS assigned attributes can automate assigning VLANs to ports, so a S-UNI configuration remains transparent.Will the universal hardware edge switch be deployed as a Distributed Virtual Routing (DvR) Leaf?
Note
A DvR Leaf supports S-UNI mode only.DvR support varies by product and software release. For more information, see the Fabric Engine Feature Support Matrix for the specific software release.
On the Fabric Engine edge, you can apply VLANs on ports in two distinct ways:
C-VLAN-UNI Mode
In C-VLAN-UNI mode, you create every VLAN globally on the switch and assign membership of that VLAN to ports. You can configure VLAN ports as untagged, tagged, or untagPvidOnly. For some of these settings, you must configure a default port VLAN ID (PVID) on a per port basis. You can assign a Layer 2 service I-SID VLAN to extend that same VLAN to other switches in the fabric.
The Spanning Tree Protocol always operates on C-VLAN-UNI ports unless you disable it.
C-VLAN-UNI mode is very similar to VLAN configuration on an ERS and presents the easiest migration option to the Fabric Engine edge solution.
S-UNI Mode
In S-UNI mode, the ports are flex-uni enabled. You do not need to create global VLANs. Instead, configure Layer 2 I-SIDs globally and assign ports directly to the Layer 2 I-SID. If the port is to process untagged traffic, then a VLAN-ID is not required. However, if the port is to process tagged traffic, then you must specify a VLAN-ID on a per port basis.
The Spanning Tree Protocol never operates on S-UNI ports.
S-UNI Mode is more powerful than C-VLAN-UNI mode. With S-UNI, a VLAN-ID and a given port (VID, port) maps to a Layer 2 VSN I-SID. With this UNI type, VLAN-IDs can be reused on other ports and therefore mapped to different I-SIDs.
This configuration approach is significantly different from the way VLANs are configured on an ERS.
An additional consideration is the starting point of all configuration on the Fabric Engine edge switch. There are two possible factory default configurations on a Fabric Engine switch:
The following list identifies the default configuration if you use the boot config flags factorydefaults command and reset the switch:
All ports are disabled by default.
All ports are untagged members of default VLAN 1 and are in C-VLAN-UNI mode.
All ports have Spanning Tree Protocol enabled.
All ports are enabled by default.
All ports are flex-uni enabled and are untagged members of the new default onboarding VLAN 4048. This VLAN is a Private-VLAN and all ports operate as Private-VLAN isolated members.
Auto-sense functionality is enabled by default on all ports. If you globally configure a switch with a RADIUS server and you globally enable EAPOL, all Auto-sense access ports automatically perform both EAP and NEAP when they do not detect other possible Auto-sense states. This means that if you enable NAC, port level configuration is not necessary.
Note
Zero Touch Deployment-ready configuration mode is obtained when the switch resets and the switch does not have an existing primary or secondary configuration file loaded (for example, /intflash/config.cfg).The following guidelines are suggested:
If the Fabric Engine edge deploys in DvR Leaf mode and/or you enable NAC on the switch:
Ensure the switch boots in Zero Touch Deployment-ready configuration mode so that flex-uni and Auto-sense are enabled on all access ports.
Configure the RADIUS server and globally enable EAPOL. Zero Touch Provisioning Plus (ZTP+) performs these actions while the switch onboards.
If the Fabric Engine edge switch does not deploy in DvR Leaf mode and you do not enable NAC on the switch:
Enable the boot config flags factorydefaults command, save the configuration, and reset the switch.
Or
If the switch boots in Zero Touch Deployment-ready configuration mode, before you configure a port, disable Auto-sense on that port. This disables Auto-sense on the port and flex-uni at the same time.
Configure the VLAN membership similar to your ERS configuration. For information about VLAN configuration using C-VLAN-UNI, see CLI Command Examples .
If the Fabric Engine edge switch deploys in DvR Leaf and you do not enable NAC on the switch:
If the switch does not boot in Zero Touch Deployment-ready configuration mode, enable flex-uni on all the access ports.
If the switch boots in Zero Touch Deployment-ready configuration mode, disable Auto-sense on all the access ports and enable flex-uni on the same ports.
Manually configure the VLAN membership using S-UNI. For more information about VLAN configuration using S-UNI, see CLI Command Examples.