cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1447
Views
0
Helpful
7
Replies
jmaurer101
Beginner

ACI trunk connection to Switch 2960 and VLANs

I’m new to ACI. So where I’m at, I have connected up 2 Leafs in VPC to my 2960 switch. By that I am able to see is CDP traffic on the 2960 to the leafs. What I’m not getting is how do I get the VLAN on the 2960 to the ACI environment? I’ve looked up tons of documents but I’m not really finding anything to show how to configure both devices.  I would assume the 2960 is like normal trunk configuration with the allowed VLANs, 20,40,50,2001.  But what is the configuration inside ACI? With Nexus it’s pretty simple create your VLANs, Interface vlan ## IP Address, create vPC apply to interface configure other end and done but this new way of programming and clicking and waiting throw the GUI is seeming like way more work then before. Then this simple connecting a switch from IDFs to Out of Band management seems like a headache.

 

And help or examples would be awesome. Also is there an ACI simulator to testing and learning more. 

Thanks. 

 

2 ACCEPTED SOLUTIONS

Accepted Solutions
Sergiu.Daniluk
VIP Advocate

Hi @jmaurer101 

You have two options basically: extend the EPG or extend the BD.

My recommendation is to go for the EPG extension. By that I mean simply configure the vlan as static path in EPG.

You have an example here: https://aci-lab.ciscolive.com/lab/pod2/tenants/create-l2-ap

 

For ACI practice, you can download the ACI simulator (available on cisoc software download page) and also I would recommend for watching some of the ciscolive presentations (all of them available for free).

 

 

Stay safe,

Sergiu

View solution in original post

Robert Burns
Cisco Employee

Could be a number of different issues.  Are you learning any MACs on the Leaf port connected to the 2960?

 

1. Check the tagging between the 2960 & Leaf.  Are you allowing VLAN 10 on the trunk going to the Leaf?  Did you tag the EPG Static Path binding as "Trunk VLAN 10" ?

2.  Can try to change the Bridge domain unknown unicast mode to Flood (from default Proxy).

3.  When you're trying to test reachability between an external switch using a SVI, sometimes you can have issues caused by CDP/LLDP as the endpoint type is detected as Bridge/Router and this can affect EP learning.  To try a workaround, disable CDP/LLDP sending on the 2960.

Robert  

View solution in original post

7 REPLIES 7
Sergiu.Daniluk
VIP Advocate

Hi @jmaurer101 

You have two options basically: extend the EPG or extend the BD.

My recommendation is to go for the EPG extension. By that I mean simply configure the vlan as static path in EPG.

You have an example here: https://aci-lab.ciscolive.com/lab/pod2/tenants/create-l2-ap

 

For ACI practice, you can download the ACI simulator (available on cisoc software download page) and also I would recommend for watching some of the ciscolive presentations (all of them available for free).

 

 

Stay safe,

Sergiu

View solution in original post

That is the example that I am following. It allowed me to connect the VPC and show the CDP. How do I get the EPG extended working? Is there anything special I need to do to the 2960?

 

I example I have vlan 10 with IP Address of 10.1.1.10/24. But unable to ping the gateway of 10.1.1.1/24 on the EPG. Ping ip 10.1.1.1 source vlan 10.  Just dots. 

Robert Burns
Cisco Employee

Could be a number of different issues.  Are you learning any MACs on the Leaf port connected to the 2960?

 

1. Check the tagging between the 2960 & Leaf.  Are you allowing VLAN 10 on the trunk going to the Leaf?  Did you tag the EPG Static Path binding as "Trunk VLAN 10" ?

2.  Can try to change the Bridge domain unknown unicast mode to Flood (from default Proxy).

3.  When you're trying to test reachability between an external switch using a SVI, sometimes you can have issues caused by CDP/LLDP as the endpoint type is detected as Bridge/Router and this can affect EP learning.  To try a workaround, disable CDP/LLDP sending on the 2960.

Robert  

View solution in original post

I was able to ping the gateway of the VLAN/Subnet/EPG  from the switch this morning after placing the gateway on the Bridge Subnet tab. I thought I had done this already, but I had started over a few different times to cleanup. 

 

https://aci-lab.ciscolive.com/lab/pod10/tenants/create-bd

 

Now I just need to figure out how to be able to ping / connect to the other BD and life will be golden. 

 

Thank you for your help.

You will need contracts between EPG. But since I believe you are in a network centric mode, where each Vlan= EPG = BD, it would be an easier approach to simply change the VRF in unenforced mode: Tenant -> VRF -> Vrf_name -> Policy -> change to unenforced.

 

Stay safe,

Sergiu

It looks like I have Policy Control Enforcement Preference to Unenforced. 

 

Question, What does the EPG Subnets and Bridge Domain subnets do? Do I need to have one for each and different IPADDR on each?

Robert Burns
Cisco Employee

Bridge Domain Subnets are typically your Gateway IPs (SVI).  If you want your Subnet GW hosted on ACI, this is where you'd configure it.  BD Subnets act pervasively and will be programmed on each Leaf which where endpoints exist that are using it.  This ensures any connected ACI endpoint is always 1 hop from it's GW.  

The EPG Subnet is only used in the case where you're doing cross-VRF route leaking in the instance of shared services.  If you're not doing this, then you will likely never need to define the subnet under the EPG.   If you want more detail on this you can see Chris Welsh's (RedNectar) post here: https://community.cisco.com/t5/application-centric/difference-between-subnet-under-epg-and-bd/td-p/3199067

Robert