Solved: Re: L2/L3 vpc

Monsinka · ‎02-24-2026

hello , i have ACI operating as pure Layer 2 and the servers’ default gateway is on the firewall. The firewall is connected to two ACI leafs using a vPC that is already configured for an L3Out (SVI + vPC). i have created two domains, one for bare metal and other for the L3out and a single AAEP that combines both domains

Do I need to use that same firewall vPC to carry the Layer 2 VLANs of the servers so they can reach their gateway on the firewall? or i create a seperate vpc

M02@rt37 · ‎02-24-2026

@Monsinka

this vpc was intially created to carry the L2/L3 ? Yoy have have already created on AAEF that combine the physical domain and l3out domain ?

...given that...

there is no architectural requirement to create a separate vpc _ just a design preference question, not a technical necessity...

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

M02@rt37 · ‎02-24-2026

Hello @Monsinka

Since your existing vpc is already tied for L3Out, svi interfaces and routed config toward firewall, that means it is operating as a L3 routed connection. So, use a separate vpc for "pure" L2 servers vlans, not the same one used for the L3out.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

M02@rt37 · ‎02-24-2026

@Monsinka

this vpc was intially created to carry the L2/L3 ? Yoy have have already created on AAEF that combine the physical domain and l3out domain ?

...given that...

there is no architectural requirement to create a separate vpc _ just a design preference question, not a technical necessity...

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.