Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1274
Views
1
Helpful
2
Replies

Multiple SVI's to a single L3out

Go to solution
DuaBell
Level 1
Level 1

‎10-25-2022 11:13 PM

Hi All,

May you please advise on the following:

We are currently busy with a firewall migration project that will be utilizing multiple vdoms.

The internal interface of the firewall will be configured with sub interfaces and each sub-interface ip address will be linked or assigned to a specific vdom.

From an aci routing perspective, there will be a vpc from x2 leaf switches to x2 firewalls. Static routes will be used to route specific traffic to the different sub-interface ip addresses on the firewall that will be utilizing the same vpc and l3out policy.

Is it possible to create a single logical interface profile and configure multiple svi's to a single path (vpc)?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎10-25-2022 11:39 PM

Hi @DuaBell 

You cannot configure multiple SVIs to a single interface part of the same logical interface profile. You get an error like this: 

Error: 400 - Cannot create Leaf Port (l3extRsPathL3OutAtt); object uni/tn-SD/out-L3Out/lnodep-L3Out_nodeProfile/lifp-L3Out_logicalIfProf/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/17]] already exists.

This is simply because

However, you can use different LIP for each vlan. According to L3Out whitepaper:

when the same interface needs to trunk two different VLANs for two different SVIs, each SVI needs to be configured in different Logical Interface Profiles

Reference: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/guide-c07-743150.html

 

What is more important from my perspective in your scenario, is to split each vdom in different ExtEPG. This way you can properly configure the  policy enforcement.

 

Take care,

Sergiu

View solution in original post

2 Replies 2

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎10-25-2022 11:39 PM

Hi @DuaBell 

You cannot configure multiple SVIs to a single interface part of the same logical interface profile. You get an error like this: 

Error: 400 - Cannot create Leaf Port (l3extRsPathL3OutAtt); object uni/tn-SD/out-L3Out/lnodep-L3Out_nodeProfile/lifp-L3Out_logicalIfProf/rspathL3OutAtt-[topology/pod-1/paths-201/pathep-[eth1/17]] already exists.

This is simply because

However, you can use different LIP for each vlan. According to L3Out whitepaper:

when the same interface needs to trunk two different VLANs for two different SVIs, each SVI needs to be configured in different Logical Interface Profiles

Reference: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/guide-c07-743150.html

 

What is more important from my perspective in your scenario, is to split each vdom in different ExtEPG. This way you can properly configure the  policy enforcement.

 

Take care,

Sergiu

Go to solution
DuaBell
Level 1
Level 1
In response to Sergiu.Daniluk

‎10-25-2022 11:58 PM

Hi Sergiu,

So, basically you can have multiple SVI's to different paths in a LIP but not multiple SVI's to the same path in a single LIP?

Makes sense.

Many thanks for your valuable assistance.

 

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License