Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
726
Views
5
Helpful
4
Replies

1 L3out 2 SVI with different encap for different peer

ceisarmaulanashabirin1622
Level 1
Level 1

‎07-14-2022 05:33 AM - edited ‎07-14-2022 05:55 AM

Hi all,

i want to ask about a scenario. here the detail.

  1. we are using 2 leaf with single physical peer edge switch.
  2. i will create a vPC port between them, so on the dist switch side it will make a port channel.
  3. this one vPC link (physical link) will be use for leaf to access 2 peer with different encap.
  4. 1st peer is a north south firewall that connected to edge switch as bypass. so the config the port on edge switch that facing the firewall as switchport and access vlan 916. and allow vlan 916 to Leaf switch.
  5. 2nd peer is a core switch and allow vlan 917 to leaf switch.
  6. edge switch have a trunk port facing to leaf switch as portchannel with vlan 916-917.

here some picture of my design.

cisco community.PNG

My Question is, can i just create 1 L3out with static route, but with 2 SVI with different vlan encap 916 and 917. SVI 916 will have p2p ip address from leaf to fw, and SVI 917 will have p2p ip address from leaf to edge switch.?

in hope to differ traffic from server that need to go to firewall and to core. with just adding static route configuration with different hop.

is it the best practice? or better using 2 l3outs. pls advice

Thanks

 

 

Labels:
0 Helpful
4 Replies 4

MHM Cisco World
VIP
VIP

‎07-14-2022 07:30 AM

try using VLAN mapping if that what you looking for

0 Helpful

ceisarmaulanashabirin1622
Level 1
Level 1
In response to MHM Cisco World

‎07-14-2022 08:48 PM

Hi @MHM Cisco World , thanks for your reply.

but pls can u help elaborate your answer?

is creating 2 different SVI with different vlan and ip is what u mean?

0 Helpful

Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎07-16-2022 09:49 AM

Hi,

For your use case, there are two valid configuration:

1. A single L3Out, which contains:

  •  2x Logical Interface Profiles - one for each set of SVIs/for each vlan
  •  2x ExtEPGs - one for each external node, or to be more specific, one for each set of "external subnets for external epg"

2. Two individual L3Outs, one for each node, with it's own set of SVIs and it's own set of "external subnets for external epg"

I find the second option more appealing to me, simply because of it's clear separation of everything, but maybe that's just me.

The only disadvantage I know is if you would need a change to a dynamic routing protocol in the future, first option would give you some problems with export route control (this action has effect over the whole L3Out).

Other than that both are perfectly fine. Maybe other community peers may add to advantages/disadvantages.

 

Take care,

Sergiu

ceisarmaulanashabirin1622
Level 1
Level 1
In response to Sergiu.Daniluk

‎07-17-2022 11:04 PM

hi @Sergiu.Daniluk ,

thanks for your answer,

well noted by me. i'll choose point 1. and i'll get back after implementing it.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License