VMware Communities
TalalTayyaroğlu
Enthusiast
Enthusiast
‎08-21-2023 07:13 AM
Jump to solution

Edge and Cisco switches

Good day,

Our network used to be composed of Cisco ISRs and switches (2960 L2 switches).

The ISR routers would connect to the switches using trunks (dot 1q tagging) with sub-interfaces for LAN and WAN.

Can this be done using an Edge (510)? I want to configure one physical port/interface to act as WAN with multiple sub-interfaces, each with its own VLAN/IP subnet. The LAN port would be configured similarly.

Do I configure this under 'Profiles' or 'Segments'

Are there things to pay attention to while con figuring routing?

I need this because I plan to enable Type1 Standard HA:

https://docs.vmware.com/en/VMware-SD-WAN/5.2/VMware-SD-WAN-Administration-Guide/GUID-55289AFA-90F7-4...

The Edge 510 has 4 ports. I have 2 WAN links (internet). My plan is to configure the Edge as follows:

Port    GE1       HA link to standby Edge

Port    GE2       LAN trunk, with multiple VLANs (as need per each branch's requirement)

Port    GE3       WAN trunk, with two VLANs, one per ISP

Port    GE4       DHCP-client WAN for initiation

 

Any ideas, or links to configuration materials / case studies, or other informative material?

Reply
0 Kudos
1 Solution

Accepted Solutions
TalalTayyaroğlu
Enthusiast
Enthusiast
‎09-08-2023 12:57 PM
Jump to solution

Ok guys so here is the 101 after I got our first site online for production:

  1. Never compare the Edge with a Cisco router (even the smallest one). The VMware Edge (and the entire VMware SASE solution) is immature. It cannot function as a full fledged router.
  2. The amount of limitations is staggering
  3. You CAN configure trunks, assign which VLAN is untagged, which VLANs are allowed on a switched trunk interface, BUT, you CANNOT NAT/PAT where you like. You ARE LIMITED to NAT/PAT between a LAN destination and (what SASE considers to be) a WAN.
  4. You definitely CANNOT nest NAT/PAT, and you CANNOT reroute/PAT traffic between VLANs. Believe me, I tried. I escalated this to support who stated that this feature is simply NOT SUPPORTED
  5. The DHCP server feature, although does support SOME common options, DOES NOT SUPPORT option 121. Again I asked tech support, and they confirmed it.
  6. What all my might and knowledge on the subject, I could not get the Edge-to-Cisco ISR VPN tunnel to work. I have been doing this for the past 9 years (VPN from Cisco ASA/ISR to various platforms, HW and SW), but I have finally met me arch nemesis. Tech support were as usual, no help and I got the "we will check and come back" thing. They never came back.

Please make sure you know the product's abilities and limitations BEFORE you sign the contract.

Hope this helps some of you

Best regards,

Talal

View solution in original post

Reply
0 Kudos
3 Replies
khirom
Enthusiast
Enthusiast
‎08-22-2023 09:09 AM
Jump to solution

Hi,

This KB might be helpful.

VMware SD-WAN Edge Interface Types and WAN Overlay (74846)
https://kb.vmware.com/s/article/74846

Reply
0 Kudos
khirom
Enthusiast
Enthusiast
‎08-22-2023 09:19 AM
Jump to solution


Edge port assignments can be made in profiles, but IP addresses and other settings are configured for individual Edges.

https://docs.vmware.com/en/VMware-SD-WAN/5.2/VMware-SD-WAN-Administration-Guide/GUID-554B6DB5-60B7-4...

Segments is similar to VRFs.
Segments is used when you want to separate traffic.

This Document is helpful to understand VMware SD-WAN for me.
https://sase.vmware.com/resources/sdwan-1-on-1-the-what-why-and-how

Reply
0 Kudos
TalalTayyaroğlu
Enthusiast
Enthusiast
‎09-08-2023 12:57 PM
Jump to solution

Ok guys so here is the 101 after I got our first site online for production:

  1. Never compare the Edge with a Cisco router (even the smallest one). The VMware Edge (and the entire VMware SASE solution) is immature. It cannot function as a full fledged router.
  2. The amount of limitations is staggering
  3. You CAN configure trunks, assign which VLAN is untagged, which VLANs are allowed on a switched trunk interface, BUT, you CANNOT NAT/PAT where you like. You ARE LIMITED to NAT/PAT between a LAN destination and (what SASE considers to be) a WAN.
  4. You definitely CANNOT nest NAT/PAT, and you CANNOT reroute/PAT traffic between VLANs. Believe me, I tried. I escalated this to support who stated that this feature is simply NOT SUPPORTED
  5. The DHCP server feature, although does support SOME common options, DOES NOT SUPPORT option 121. Again I asked tech support, and they confirmed it.
  6. What all my might and knowledge on the subject, I could not get the Edge-to-Cisco ISR VPN tunnel to work. I have been doing this for the past 9 years (VPN from Cisco ASA/ISR to various platforms, HW and SW), but I have finally met me arch nemesis. Tech support were as usual, no help and I got the "we will check and come back" thing. They never came back.

Please make sure you know the product's abilities and limitations BEFORE you sign the contract.

Hope this helps some of you

Best regards,

Talal

Reply
0 Kudos