05-08-2021 05:57 PM - edited 05-08-2021 05:58 PM
I’m new to ACI. So where I’m at, I have connected up 2 Leafs in VPC to my 2960 switch. By that I am able to see is CDP traffic on the 2960 to the leafs. What I’m not getting is how do I get the VLAN on the 2960 to the ACI environment? I’ve looked up tons of documents but I’m not really finding anything to show how to configure both devices. I would assume the 2960 is like normal trunk configuration with the allowed VLANs, 20,40,50,2001. But what is the configuration inside ACI? With Nexus it’s pretty simple create your VLANs, Interface vlan ## IP Address, create vPC apply to interface configure other end and done but this new way of programming and clicking and waiting throw the GUI is seeming like way more work then before. Then this simple connecting a switch from IDFs to Out of Band management seems like a headache.
And help or examples would be awesome. Also is there an ACI simulator to testing and learning more.
Thanks.
Solved! Go to Solution.
05-08-2021 09:49 PM
Hi @jmaurer101
You have two options basically: extend the EPG or extend the BD.
My recommendation is to go for the EPG extension. By that I mean simply configure the vlan as static path in EPG.
You have an example here: https://aci-lab.ciscolive.com/lab/pod2/tenants/create-l2-ap
For ACI practice, you can download the ACI simulator (available on cisoc software download page) and also I would recommend for watching some of the ciscolive presentations (all of them available for free).
Stay safe,
Sergiu
05-10-2021 05:34 AM
Could be a number of different issues. Are you learning any MACs on the Leaf port connected to the 2960?
1. Check the tagging between the 2960 & Leaf. Are you allowing VLAN 10 on the trunk going to the Leaf? Did you tag the EPG Static Path binding as "Trunk VLAN 10" ?
2. Can try to change the Bridge domain unknown unicast mode to Flood (from default Proxy).
3. When you're trying to test reachability between an external switch using a SVI, sometimes you can have issues caused by CDP/LLDP as the endpoint type is detected as Bridge/Router and this can affect EP learning. To try a workaround, disable CDP/LLDP sending on the 2960.
Robert
05-08-2021 09:49 PM
Hi @jmaurer101
You have two options basically: extend the EPG or extend the BD.
My recommendation is to go for the EPG extension. By that I mean simply configure the vlan as static path in EPG.
You have an example here: https://aci-lab.ciscolive.com/lab/pod2/tenants/create-l2-ap
For ACI practice, you can download the ACI simulator (available on cisoc software download page) and also I would recommend for watching some of the ciscolive presentations (all of them available for free).
Stay safe,
Sergiu
05-09-2021 10:21 AM
That is the example that I am following. It allowed me to connect the VPC and show the CDP. How do I get the EPG extended working? Is there anything special I need to do to the 2960?
I example I have vlan 10 with IP Address of 10.1.1.10/24. But unable to ping the gateway of 10.1.1.1/24 on the EPG. Ping ip 10.1.1.1 source vlan 10. Just dots.
05-10-2021 05:34 AM
Could be a number of different issues. Are you learning any MACs on the Leaf port connected to the 2960?
1. Check the tagging between the 2960 & Leaf. Are you allowing VLAN 10 on the trunk going to the Leaf? Did you tag the EPG Static Path binding as "Trunk VLAN 10" ?
2. Can try to change the Bridge domain unknown unicast mode to Flood (from default Proxy).
3. When you're trying to test reachability between an external switch using a SVI, sometimes you can have issues caused by CDP/LLDP as the endpoint type is detected as Bridge/Router and this can affect EP learning. To try a workaround, disable CDP/LLDP sending on the 2960.
Robert
05-10-2021 06:17 AM
I was able to ping the gateway of the VLAN/Subnet/EPG from the switch this morning after placing the gateway on the Bridge Subnet tab. I thought I had done this already, but I had started over a few different times to cleanup.
https://aci-lab.ciscolive.com/lab/pod10/tenants/create-bd
Now I just need to figure out how to be able to ping / connect to the other BD and life will be golden.
Thank you for your help.
05-10-2021 07:06 AM
You will need contracts between EPG. But since I believe you are in a network centric mode, where each Vlan= EPG = BD, it would be an easier approach to simply change the VRF in unenforced mode: Tenant -> VRF -> Vrf_name -> Policy -> change to unenforced.
Stay safe,
Sergiu
05-10-2021 09:09 AM
It looks like I have Policy Control Enforcement Preference to Unenforced.
Question, What does the EPG Subnets and Bridge Domain subnets do? Do I need to have one for each and different IPADDR on each?
05-11-2021 05:51 AM - edited 05-11-2021 05:53 AM
Bridge Domain Subnets are typically your Gateway IPs (SVI). If you want your Subnet GW hosted on ACI, this is where you'd configure it. BD Subnets act pervasively and will be programmed on each Leaf which where endpoints exist that are using it. This ensures any connected ACI endpoint is always 1 hop from it's GW.
The EPG Subnet is only used in the case where you're doing cross-VRF route leaking in the instance of shared services. If you're not doing this, then you will likely never need to define the subnet under the EPG. If you want more detail on this you can see Chris Welsh's (RedNectar) post here: https://community.cisco.com/t5/application-centric/difference-between-subnet-under-epg-and-bd/td-p/3199067
Robert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide