Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1765
Views
0
Helpful
2
Replies

Multiple Vlans (Multiple IP subnets) in single EPG while default GW is defined in FW

Thushan Pramod
Level 1
Level 1

‎03-06-2017 10:34 PM - edited ‎03-01-2019 05:10 AM

Inline image 1

One of the customer requires to implement their ACI topology in the above manner.There are vlan 10 and 11 which host same application which are in different ip subnets in a single EPG. Default GW is defined at the firewall.

1. Can we configure two vlans in different ip subnets in a single epg?

2. If so, can those end points communicate with each other by default?

3. Default GW should be defined at FW so how can we accomplish that through a L2 out or L3 out?

4. Do we need to configure different L2 outs for each vlans (vlan 10,11 in this case) in order to make the communication happen between two vlans in the single epg?

5. Then there is another issue, can we create more than one L2 out in a single BD?

6. What is the path for the communication between two end points in vlan 10,11,. Will it go through the FW since the default GW is defined in FW?

Labels:
0 Helpful
2 Replies 2

dpita
Cisco Employee
Cisco Employee

‎03-07-2017 04:28 AM

Hello

Thanks for using SupportForums

To get started, the above will not work with a single BD. In order to re-use VLAN encaps, you must use different BDs. In addition, you must also use different VLAN pools which will cause issues when trying to flood from EPG1 VLAN10 to EPG2 VLAN10 and probably break communication

If they are the same application, why are you dividing them into different EPGs? why do you need subnet A in EPG A in VLAN 10 to be separate from VLAN 10 subnet A in EPG B??

To answer your questions:

1)Yes, you can have two VLAN encaps in different subnets in a single EPG/BD

2)Yes, they will be able to communicate without contracts, but since they are different subnets the GW on the FW needs to route the traffic

3)I would skip the L2 or L3 out and just configure a static path in the EPG. this will reduce complexity in your already complex design

4)When using L2 out, yes you must configure different L2 out per VLAN. Caveat here is that you cannot reuse the same VLAN already being used by a regular EPG. that is VLAN10 cannot be in an EPG and VLAN10 be extended via an L2 out. This is why i recommended static path from inside the EPG in the question above. 

5)Yes you can create more than one L2 out per BD

6)Yes, it will go to the FW since it is the gateway and someone needs to handle the routing between subnets

Preview file
32 KB
0 Helpful

Thushan Pramod
Level 1
Level 1
In response to dpita

‎03-11-2017 10:40 PM

Hi DPita,

Thanks for the detailed reply. If I am going to change the network topology to following manner will I be able to implement without any issues.

Vlan 10,20 will be defined in BD1 and BD2 

What are the configuration do I need to configure at FW end, since I use different L2 outs for BD1 and BD2, Can I create interface Vlans 10,20 twice in FW end.

Please comment what are the issues related to below design, Customer needs to implement Vlan 10,20 in two BDs but they are in same IP subnets (Vlan 10:IP subnet A and Vlan 20:IP subnet B)

Preview file
39 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License