Solved: Trying to duplicate a traditional network construct in aci. Having issues.

jgesualdi · ‎05-31-2017

I'm trying to duplicate a traditional network construct in aci. I have a switch which has a connection to a firewall, the connection is a trunk. The FW is running 802.1q. On the switch I have two svi's and these vlans are allowed over the trunk. I also use static routing on switch to force traffic to the appropriate sub interface on the fw. How do I duplicate this setup in ACI?

Do I do this with a l3out and use SVI interface?

If I try l3out with svi it's asking for an interface and vlan. So first time around I select port 1/32 (vlan2). Then I add the 2nd SVI using 1/32 again and vlan 22 and it complains the interface is already in use.

Any ideas on the best way to build this?

Thanks.

Jason Williams · ‎05-31-2017

Have you tried placing these into separate L3 outs?

L3-out-1 = Eth 1/32 = VLAN 2

L3-out-2 = Eth 1/32 = VLAN 22

If you need the subnet(s) behind the firewall in L3-out-1 to communicate with the subnet(s) behind the firewall in L3-out-2, then you can do transit routing between the L3 outs.

Jason

View solution in original post

Jason Williams · ‎05-31-2017

Have you tried placing these into separate L3 outs?

L3-out-1 = Eth 1/32 = VLAN 2

L3-out-2 = Eth 1/32 = VLAN 22

If you need the subnet(s) behind the firewall in L3-out-1 to communicate with the subnet(s) behind the firewall in L3-out-2, then you can do transit routing between the L3 outs.

Jason