Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3162
Views
0
Helpful
1
Replies

L2Out understanding

Go to solution
raza555
Level 3
Level 3

‎04-26-2019 09:19 AM

Hi,

I need help in understanding the L2Out. Please find attached the Pic of my scenario. 

I have setup the L2Out as per attached diagram.

- I can ping from servers (192.168.200.0/24) to the L2Out-EPG(192.168.200.10/24).

- But unable to ping the EPG-10(10.10.10.254/24) from the Server in vlan -30. Although I have the contract between L2Out-EPG & EPG-10

 

Please advice, that its normal behavior, I was understanding that via L2Out, we extend the BD  and the servers comes inside the BridgeDomain-1 via L2Out-EPG. If we further provide the contract bet L2Out-EPG & EPG-10, Server will be able to talk with EPG-10 . But in my case, servers still unable to talk with EPG-10

 

Please advice

2 people had this problem
Labels:
Preview file
28 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
RedNectar
VIP Alumni
VIP Alumni

‎04-26-2019 03:19 PM

Hi @raza555 ,

Let's start with your picture:

L2Out understanding.png

Firstly, I am confused by your "External Routed Networks" having a L2-EPG - to me the "Network" you create under an "External Routed Networks" would be a L3-EPG  [L2=bridging, L3-routing]

But that aside, let me see if I can relate your words to the diagram:

- I can ping from servers (192.168.200.0/24) to the L2Out-EPG(192.168.200.10/24).

That makes sense - after all, that communication is definately L2 and handled by hte 3750 switch. Nothing to do with ACI

- But unable to ping the EPG-10(10.10.10.254/24) from the Server in vlan -30. Although I have the contract between L2Out-EPG & EPG-10

OK - you have a contract. But you haven't said what filters are in the contract. I'm going to have to assume that you have an ICMP filter in the contract.  If not, that MAY be your problem.

Please advice, that its normal behavior, I was understanding that via L2Out, we extend the BD  and the servers comes inside the BridgeDomain-1 via L2Out-EPG. If we further provide the contract bet L2Out-EPG & EPG-10, Server will be able to talk with EPG-10 . But in my case, servers still unable to talk with EPG-10

Now things get tricky - especially the confusion between Layer 2 and Layer 3.

IF you have created an External Routed Network (a.k.a L3 Out) as your diagram shows, then you need to set up routing between ACI and an external router - presumably the Cisco 3750 switch is the external router.

IF you have created a L2Out (i.e. an External Bridged Outside or External Bridged Network in ACI terminology) then probably all you have to do is move the default gateway IP address of the 192.168.200.0/24 servers to the Bridge-Domain-1 BD - i.e. add another IP address to the Bridge-Domain-1 BD and remove it from the 3750.

Having said that, my advice would be to never use L2Outs. Instead, create EPG-3 and map vlan 30 on port 101/1/31 ro EPG-3 (you'll still have to move the default agteway IP too)

I hope this helps

 


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
RedNectar
VIP Alumni
VIP Alumni

‎04-26-2019 03:19 PM

Hi @raza555 ,

Let's start with your picture:

L2Out understanding.png

Firstly, I am confused by your "External Routed Networks" having a L2-EPG - to me the "Network" you create under an "External Routed Networks" would be a L3-EPG  [L2=bridging, L3-routing]

But that aside, let me see if I can relate your words to the diagram:

- I can ping from servers (192.168.200.0/24) to the L2Out-EPG(192.168.200.10/24).

That makes sense - after all, that communication is definately L2 and handled by hte 3750 switch. Nothing to do with ACI

- But unable to ping the EPG-10(10.10.10.254/24) from the Server in vlan -30. Although I have the contract between L2Out-EPG & EPG-10

OK - you have a contract. But you haven't said what filters are in the contract. I'm going to have to assume that you have an ICMP filter in the contract.  If not, that MAY be your problem.

Please advice, that its normal behavior, I was understanding that via L2Out, we extend the BD  and the servers comes inside the BridgeDomain-1 via L2Out-EPG. If we further provide the contract bet L2Out-EPG & EPG-10, Server will be able to talk with EPG-10 . But in my case, servers still unable to talk with EPG-10

Now things get tricky - especially the confusion between Layer 2 and Layer 3.

IF you have created an External Routed Network (a.k.a L3 Out) as your diagram shows, then you need to set up routing between ACI and an external router - presumably the Cisco 3750 switch is the external router.

IF you have created a L2Out (i.e. an External Bridged Outside or External Bridged Network in ACI terminology) then probably all you have to do is move the default gateway IP address of the 192.168.200.0/24 servers to the Bridge-Domain-1 BD - i.e. add another IP address to the Bridge-Domain-1 BD and remove it from the 3750.

Having said that, my advice would be to never use L2Outs. Instead, create EPG-3 and map vlan 30 on port 101/1/31 ro EPG-3 (you'll still have to move the default agteway IP too)

I hope this helps

 


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License