topic Re: L2 only domain between fabric and outside networks? in Software-Defined Access (SD-Access)

L2 only domain between fabric and outside networks?

acc.94 — Mon, 05 Jul 2021 16:00:44 GMT

Hello all!

We are deploying an SD-Access infrastructure and customer is requesting a L2 stretching between Fabric and their traditional network. I have seen the choice to create an L2 only domain under Default_VN.

Is the right procedure to configure this L2 only domain and then using a L2 handoff or is there anything left to be configured?

Thank you!

Re: L2 only domain between fabric and outside networks?

jalejand — Wed, 07 Jul 2021 07:54:31 GMT

The usual procedure is to create a fabric pool/subnet with the same subnet as your legacy L2 network. Then deploy a layer 2 handoff link which is a trunk link between the L2 handoff border and a traditional L2 switch. You will map the fabric VLAN to the legacy VLAN during L2 handoff provisioning. No L2 only needed (well, you can use L2 only if you want to keep your L3 gateway on the legacy network instead of keeping it on the fabric)

Example:

VLAN 20 is legacy
VLAN 1024 is the one created on the fabric

Both are 192.168.10.0/24

After provisioning the L2 Handoff, shutdown your L3 gateways for the subnet on the legacy core, as the L2 handoff border will now serve as SVI.

L2 handoff requires L2 flooding to work properly, be sure that underlay multicast was provisioned during lan automation or either do it manually yourself.

Re: L2 only domain between fabric and outside networks?

Scott Hodgdon — Wed, 07 Jul 2021 13:59:13 GMT

acc,

For information on L2 Handoff, see https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html#L2_Border_Handoff .

You may wish to bookmark this is well: https://community.cisco.com/t5/networking-documents/cisco-sd-access-resources/ta-p/4196271 .

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking and Cloud Group

Re: L2 only domain between fabric and outside networks?

fatalXerror — Wed, 12 Jul 2023 03:16:57 GMT

Hi @jalejand / @Scott Hodgdon,

Is the L2 Handoff BN works if the VLAN gateway resides in the firewall and not a core switch?

What will be the other migration strategy if the gateway of each VLANs in the traditional network resides in a firewall?

Thank you

Re: L2 only domain between fabric and outside networks?

jalejand — Wed, 12 Jul 2023 03:33:29 GMT

For gw outside the fabric, use an L2 only pool, the gw will simply become a host in that vlan.

Re: L2 only domain between fabric and outside networks?

fatalXerror — Wed, 12 Jul 2023 03:48:56 GMT

Hi @jalejand , is this means that if I use "L2 Only Pool", I can still use my current VLAN gateway which resides in the firewall in the traditional network?

Is L2 Only Pool is it in the L2 Handoff BN and configurable in DNAC?

Re: L2 only domain between fabric and outside networks?

jalejand — Wed, 12 Jul 2023 16:52:16 GMT

Right, an L2 Only pool has no anycast gateway, the fabric is just a big switch for that vlan. It is configurable via DNAC , its an option when configuring the IP Pool (like wireless pool, critical pool, l2 flooding, etc). Its just not editable, you must create the pool from scratch.