Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
239
Views
0
Helpful
1
Replies

ACI L3out Pair Firewalls

atalebzadeh
Level 1
Level 1

‎05-05-2024 07:14 AM

Hey folks,

I'm looking to set up an L3out with static routes for an Active/Standby Firewalls pair, as shown in the diagram below. However, I'm feeling a bit confused, especially when it comes to configuring the L3out with SVI. Any advice on how to proceed would be greatly appreciated.

atalebzadeh_0-1714918391600.png

 

 

 

Labels:
0 Helpful
1 Reply 1

kewwa
Level 1
Level 1

‎05-10-2024 11:55 AM

this post
https://community.cisco.com/t5/application-centric-infrastructure/aci-l3out-using-svi/td-p/4172036

and rednectar's blog 
https://unofficialaciguide.com/2017/08/03/l3out-connecting-to-activestandby-fw/
(prt screens seem to be from older version so not 1:1 witht he newer but the concept is the same jsut the matter of finding where it was placed in gui now)
are helpful


instead of nodes you configure vPC and choose your vpc in the l3out config (path)
then the IPs as rednectar wrote


kewwa_0-1715367035832.png

 


For my test setup I was using also trunk interface (as opossed to access in the blog) as I had a shared interface
For that, if it is also your case, check the best practice for aaep as well
https://community.cisco.com/t5/application-centric-infrastructure/aaep-for-shared-interfaces-design-best-practice/td-p/3920017

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License