Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
600
Views
3
Helpful
2
Replies

ACI fabric to Legacy fabric L2out

Go to solution
roysegev
Level 1
Level 1

‎05-09-2023 05:19 AM

Hello, In order to create an l2out for my legacy fabric, do I need to create an l2out for every vlan I want to access in the legacy?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎05-09-2023 05:33 AM

Before @RedNectar blasts you, don't use "L2outs" (aka External Bridged Networks)
It's better to use EPG Static Ports (Static Path bindings) instead which over more granular control over the respective VLANs.  L2Outs extend the broadcast domain for an entire range of VLANs, but it becomes an all-or-none extension.  With EPG static ports, you can extend & remove individual VLANs much easier, and control access on a per VLAN basis (think ACLs). 

With this in mind, you typically would create an AEP, Physical Domain and VLAN Pool for representative of the Legacy enviornments and configure your Interfaces connecting from ACI to that environment with this AEP.  From there, you can then add/remove EPG static paths within your tenant by adding the Physical domain to your EPGs, and adding the Static Port Entry.  Depending on how many VLANs/EPGs you have, could be tedious, but nothing a little PostMan scripting/API magic can't make quick work of.  

Robert

View solution in original post

2 Replies 2

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎05-09-2023 05:33 AM

Before @RedNectar blasts you, don't use "L2outs" (aka External Bridged Networks)
It's better to use EPG Static Ports (Static Path bindings) instead which over more granular control over the respective VLANs.  L2Outs extend the broadcast domain for an entire range of VLANs, but it becomes an all-or-none extension.  With EPG static ports, you can extend & remove individual VLANs much easier, and control access on a per VLAN basis (think ACLs). 

With this in mind, you typically would create an AEP, Physical Domain and VLAN Pool for representative of the Legacy enviornments and configure your Interfaces connecting from ACI to that environment with this AEP.  From there, you can then add/remove EPG static paths within your tenant by adding the Physical domain to your EPGs, and adding the Static Port Entry.  Depending on how many VLANs/EPGs you have, could be tedious, but nothing a little PostMan scripting/API magic can't make quick work of.  

Robert

Go to solution
RedNectar
VIP Alumni
VIP Alumni

‎05-09-2023 01:42 PM

I think @Robert Burns must have read this or this but my favourite is the one that pictorially explains Robert's point about using EPG static ports (aka L2 extension) in this post.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License