Solved: Can I connect 9k NX-OS mode Switch to ACI Leaf Switch???

umesh_1211 · ‎11-12-2018

We have some legacy LAB setup which is working on Cisco 9K NX-OS switches.

We recently build new LAB ACI Fabric (Green Field).

Now I want to migrate VMs which are connected to Legacy 9k NX-OS switch to ACI. I gone through some of migration while paper and decided to connect my leaf switch with NX-OS 9k switch for migration and done the physical cabling but on NX-OS 9k switch is not showing as ports as connected.

Can anyone please inform if we can connect NX-OS 9k directly to ACI Leaf?

Your answers will help me to go ahead with my migration,

Jumbo3750 · ‎11-12-2018

Hello Umesh, yes you can connect the 9k running in NX-OS (also known as Standalone mode) to the ACI leaf switch.

Basically this is known as the L2 or layer 2 extension mode, since you will be trunking your existing vlans from the 9k switch to ACI leaf. Then you will move or vmotion your VMs to ACI and lastly if you need to, you will decomm your old lab switch.

Do the following steps to make sure your links are up on both sides.

First, you have to make sure that you have created the Bridge Domain (the exsisting subnet) in ACI.

1) Make the 9k interface (going to leaf) as a standard trunk port with all your vlans that will be migrated. Use LACP if you are bundling ports. This should be the only thing needed on 9k side.

2) on ACI side, this will take more steps.

i) Create Interface policy and Int Policy group(s), Make sure you have already created the "AEP" and vlan Pool, since the AEP will be attached to the Policy group

ii) Create Leaf profile (under Interface policies > Profiles > leaf Profiles) and associate the Leaf switch interface to the above created Policy group

iii) Once you are done with this part, simply go to your tenant > AP > Epg and then statically map the interface policy group there.

This should be it. Let me know if you have further questions.

View solution in original post

Jumbo3750 · ‎11-12-2018

Hello Umesh, yes you can connect the 9k running in NX-OS (also known as Standalone mode) to the ACI leaf switch.

Basically this is known as the L2 or layer 2 extension mode, since you will be trunking your existing vlans from the 9k switch to ACI leaf. Then you will move or vmotion your VMs to ACI and lastly if you need to, you will decomm your old lab switch.

Do the following steps to make sure your links are up on both sides.

First, you have to make sure that you have created the Bridge Domain (the exsisting subnet) in ACI.

1) Make the 9k interface (going to leaf) as a standard trunk port with all your vlans that will be migrated. Use LACP if you are bundling ports. This should be the only thing needed on 9k side.

2) on ACI side, this will take more steps.

i) Create Interface policy and Int Policy group(s), Make sure you have already created the "AEP" and vlan Pool, since the AEP will be attached to the Policy group

ii) Create Leaf profile (under Interface policies > Profiles > leaf Profiles) and associate the Leaf switch interface to the above created Policy group

iii) Once you are done with this part, simply go to your tenant > AP > Epg and then statically map the interface policy group there.

This should be it. Let me know if you have further questions.

umesh_1211 · ‎11-12-2018

Thanks for feedback.

My plan is same for migration as you mentioned.I am planning network centric migration where VLAN=EPG=BD. Gateway will be outside of ACI Fabric so basically L2 EPG extension with static binding.

Interestingly, Gateway is our ASAv which is also hosted on ESXi host which we are planning to migrate but currently my plan is migrate all VMs including ASAv and have L2 EPG static binding on ACI. I hope my approach is correct for migration.

Regarding switch connectivity, my LAB is remote and ask my operation team to connect my ACI Leaf to Legacy 9k switch. I am using vPC at ACI side. My problem is that DC ops team saying that physical connection has been done but on 9k switch I can see ports showing not connected. I asked 40 G ports to connect to ACI Leaf so is this a problem? shall I use 10G port instead of 40 G?

Jayesh Singh · ‎11-13-2018

I asked 40 G ports to connect to ACI Leaf so is this a problem? shall I use 10G port instead of 40 G?

Hello Umesh,

Answering to the 2nd part of your post, I am assuming you have switch with 48port 10/25G and 6port 40/100G for uplink like Nexus 93180YC-EX/FX in ur lab setup. If so then in ACI 40G ports are fabric ports which are for uplink(connecting to spine). Remaining 48 ports are downlink ports where you can connect your compute and blade switch or legacy network.

So that is a problem. You need to connect NXOS 9K switch on downlink ports i.e. 10G ports.

However, from ACI 3.1(1) onwards you can convert uplink port to downlink ports. So even 40G ports can be used for downlink. More details/references on this are mentioned in post below:

https://community.cisco.com/t5/application-centric/unable-to-resolve-aci-faullt-code-f0849/m-p/3742217

Regards,

Jayesh

Rate all posts that are helpful. Mark it as a solution if it solves your problem, it might help other users who have the same query.

umesh_1211 · ‎11-13-2018

Thanks Jayesh and Jumbo3750,
Your answers helped me to resolve issue. After moving port to 10G on Legacy 9K switch issue got resolved.

Thanks.