Re: Trunk port to legacy switch

sbdladla1 · ‎12-28-2018

Hi everyone

we host multiple customers on our DC. we also have work space and offices for them. we use one common voice system for all our customers. we separate each customer by VLAN,but one voice VLAN for all of them. from customers work space and offices we use two up-links to our DC per switch, but now we want to implement ACI, I want to create a trunk port from ACI to my up-link switches. how do I go about doing this on ACI ?

Can I have an epg configured as a trunk with all the subnet?

Jayesh Singh · ‎12-28-2018

Hello,

You can definitely have physical interface configured as trunk in ACI which is connecting to your uplink switches. But you need to consider,

One EPG per VLAN which indeed is one subnet per EPG, in case of network centric approach.

Regards,

Jayesh

RedNectar · ‎12-28-2018

Hi sbdladla1,

I think you reveal that you are struggling to understand what an EPG is when you ask the question:

Can I have an epg configured as a trunk with all the subnet?

Firstly, think of an EPG as a VLAN. Now let's ask the question again.

Can I have a VLAN configured as a trunk with all the subnet?

Doesn't make sense does it?

So perhaps I'd better forget your second question and look at your problem description and answer your first question

how do I go about doing this on ACI ?

In ACI, build an access-policy chain that includes all the ports (trunk or otherwise) that you intend to use, and include all the VLAN IDs in your VLAN Pool (Try a google search for cisco aci access policy chain if you don't know what that is. The top hit is probably the one you want :))
In ACI, create an EPG for every customer VLAN. These could be all configured in the same Tenant, or if you plan on providing services to those customers, you may with to create a separate Tenant for each customer. By the sound of it, you don't provide anything more than a transport service, so all EPGs in the one Tenant should be fine
In ACI, create an EPG for the one voice VLAN. This could be in the same Tenant as the other EPGs (if you put them all in one Tenant) or in the common tenant.
In each EPG, statically map each trunk port to one of the VLAN IDs in your VLAN Pool, presumably using the same VLAN IDs that you currently use.
[Optional - not entirely clear if this is a requirement] In each EPG, statically map each access port that you use for direct customer connections to the appropriate VLAN.

I hope this helps

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

sbdladla1 · ‎01-02-2019

Thanks for reply
I run a disaster recovery centre. Where customers come and recover their systems. Implementing ACI is going to help with VLAN duplicates. there fact that I can not have one EPG/Physical port running more than one subnet in it. You mean I can not have an EPG that allow all subnet of a tenant/bridge-domain in one epg?

RedNectar · ‎01-05-2019

Hi sbdladla1,

Sorry for the slow reply - I've been in study mode for the past week and completely ignored anything else.

Let's look at your concerns, but first I have to make some assumptions about your design - you haven't exactly said what your design is apart from "we use one common voice system for all our customers. we separate each customer by VLAN,but one voice VLAN for all of them. from customers work space and offices"

From the point of view of trying to solve your problem, I don't really have enough information.

Does every customer have a dedicated phyical link?

Do your custmers send traffic on more than two vlans (voice + data)?

But to your specific concerns:

"there fact that I can not have one EPG/Physical port running more than one subnet in it"

Yes you can. You have to make sure that each subnet is tagged with a different VLAN ID. That's it. Nothing different than it's ever been before. If the same VLAN tag is used more than once on the same switch, you should look for a tutorial on how to use the Per-port-VLAN feature.

"You mean I can not have an EPG that allow all subnet of a tenant/bridge-domain in one epg"

Yes you can. You can have multiple subnets in one bridge domain, and if you wish those subnets can be in the same EPG - or you can separate each subnet into its own EPG if you wish. Did you check out any ACI configuration tutorials on Google?

My schedule is pretty clear next week, so if you need any more help I'll probably get back to you pretty quickly, but pleas give us as much information about your design as you can.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

alieson · ‎01-06-2019

Hello sbdladla1,

please consider that if you used one bridge domain for all subnets, it will be very difficult for you to change later on it since it will impact all the subnets at a time.

From my point of view, you are creating a big bomb that would be exploded any time in case of misbehaving happened!

I recommended the below :

1 subnet / 1 EPG / 1 BD . so later on if you wish to go with Application centeric approach, you can configure more EPGs and use different Vlan for each EPG then control the communication based on Contract. plus you isolated the impact if any changes happened on BD level.

HTH.

sbdladla1 · ‎01-07-2019

HI RedNectar

I have different clients with multiple configuration some have one subnet others have more than one. I have a 6509 switch where all my clients terminates to my Network. Those who use one subnet I connect them to access port and give them a VLAN. those who use multiple subnet I give them Trunk ports. from there I have a Data center using nexus 5548, thats where I have customer servers some running on VMWare, Linux, AIX, Mainframe and bare Mental servers.

with ACI I can separate my clients with Tenants and each client with its own Tenat, BD, VRF and EPG. Now I have taken out the 6509 switch and 5548 nexus switch with ACI. My uplink connection now connect to Edge leaf switches. but I don't have enough ports to accommodate each subnet per EPG.

I want to connect from ACI each tenant with all of its BD and its subnets in one epg . lets say me make example: Tenant RS has vrf vrfrs and Bridge-domain rsdom with five subnets, can I have one epg that can carry tenant RS with all five subnets to my uplinks ?