Solved: L3 and L2 out on same interfaces

mmacdonald70 · ‎04-07-2016

I apologize if this is asked and answered, i'm finding the documentation somewhat hard to follow.

Our migration strategy for ACI involves extending our L2 vlans into ACI as needed and eventually moving the L3 routing into it. For this purpose, we would like to have both L2 and L3 outs configured but I'm having issues figuring out how to do this. We have two border leaves, that are each connected to a pair of Nexus 6004 switches. I would like to:

1. Create a VPC from these two border leaves to each of the two 6004 switches (each 6004 will have a 2 port port-channel to the ACI).

2. Create a trunk on both port-channels

3. Create an SVI on both 6004 (vlan 15 and 16)

On the ACI, I would be running OSPF on vlan 15 and 16 and extending the other vlans into the NXOS network

Is this possible with ACI? If so, I can't figure out how I would go about doing it.

lpember · ‎04-07-2016

mmacdonald70,

You can accomplish this by creating an L3Out in ACI. Even though the link will technically be doing L2 in this case, if you are doing L3 routing then it will need to be an L3Out from ACI perspective.

This is a good resource for how to do the configuration specifically:

http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c07-732033.html#_Toc395143550

For the purely layer 2 connectivity, you can use either an L2Out or EPGs with static paths per VLAN.

View solution in original post

lpember · ‎04-07-2016

mmacdonald70,

You can accomplish this by creating an L3Out in ACI. Even though the link will technically be doing L2 in this case, if you are doing L3 routing then it will need to be an L3Out from ACI perspective.

This is a good resource for how to do the configuration specifically:

http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c07-732033.html#_Toc395143550

For the purely layer 2 connectivity, you can use either an L2Out or EPGs with static paths per VLAN.

majba.uddin · ‎01-10-2019

Sorry I know this post is a bit old but still checking if anyone can guide. I want to use the same physical interface between ACI leaf and external switch for both L2out and L3out. In the L2out, I want to trunk few vlans for example 10,20,100. In L3out, I want to use vlan 100 as my SVI to do routing. Is that possible.

stcorry · ‎01-10-2019

Hello! That is possible as long as the VLANs are in the VLAN pool attached to the L2 External and L3 External Domains from access policies.

Just be careful because you can’t necessarily use the same VLAN for 2 different thing in your example. There would be ways to do this if you were going to use 2 different ports using port local vlan scope.

majba.uddin · ‎01-10-2019

thanks stcorry. It helps.

tigephillips · ‎01-16-2019

Adding a little more info to this. I've done this a number of times using the following (there are always multiple ways):

L2 - I use EPG Static Ports, identify the port and the VLAN in the EPG. The identified port will be the same is your router interface.
L3 - I use Routed Sub-Interface (SVI is also an option, I just don't like it as much with the L2 in there).
As said before, don't overlap vlan #s.

At the end of the day, these devices are still Cisco L3 switches. It's been possible for a long time to merge L3 routing and L2 bridging on a single interface (typically with SVI, more recently with Routed-sub). ACI changes name and makes the configuration different than what we are used too, but most things we did before are still possible. It just takes a bit to figure it out. :)