Layer 2 Out Procedure

ksherwood · ‎07-17-2016

Could someone PLEASE accurately vet my procedure attached ?

My test goal is to connect my laptop to a leaf port and PING back to my brownfield router.

dpita · ‎07-27-2016

Hello

Thanks for using SupportForums.

i skimmed the procedure you attached and stopped at the "legacy BD" step. That is not required. All you need to do is make sure the BD is set to all Flood and unicast routing off as you described.

Access policies are always required which you seem to understand based on the procedure. the important thing is that there are two options when trying to accomplish your L2 out. Extending the EPG or extending the BD.

I recommend you extend the EPG, it is quicker and does not require contracts. Using the same EPG where the laptop static path would be defined, add a new domain for the L2 and a new static path for the interface where your brownfield router is connected.

please see this document for more information on L2 out options:

http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c07-732033.html#_Toc395143568

Hope that helps!

ksherwood · ‎07-28-2016

OK, thanks Daniel, so what I need is the best way to migrate our 6500 VSS data centre vlans over into the ACI, is that what my procedure would do ?

I really need the detail as i want to get this working.

Can you amend and attach back please ?

dpita · ‎07-29-2016

Here is the guide we have for new customers running through our JumpStart Program. It is essentially like your document with a few changes:

-Security Domains are optional

-Do not use Legacy Mode BD

-Access Policies are required:

---Switch selector, Interface Profile with Port block tied to the access port policy group, AEP, VLAN Pool and Domain

-BD tied to a VRF, BD tied to an EPG

-Domain tied to EPG

-Static path under EPG that corresponds to the access policies created above. tag a vlan and thats it.

1. Access Policies

Fabric > Access Policies > Quickstart

Run through the Quickstart for the interface that has the switch behind it
Ensure physical or L2 domain is created and is tied to a static VLAN pool as

well as an AEP
Run through the Quickstart again for the endpoint. Either VMM or a

bare metal laptop to test connectivity with.

2. Tenant Policies

Create a Bridge Domain under the Tenant > Networking and tie it to a VRF
Create an Application Profile, then an EPG

a. Name it something like “VLAN-100”
Add the physical/L2 Domain created in step 1

Add a static path pointing to the leaf port configured in step 1 for the external switch. Make it tagged to trunk a VLAN
Add the domain and static path for the other endpoint that was configured under 1c

a. This static path should be the same VLAN as 2d
Test connectivity

ksherwood · ‎07-29-2016

Thanks Daniel, I'd still like you to amend my procedure and attach back as I want to use this as a detailed document procedure. If you could take a few minutes of your time I would really appreciate it.

ksherwood · ‎10-15-2016

Hello Dan,
I'm still struggling with this L2Out setup which I'm sure is easy for someone with your level of experience. Could you please edit the steps above with a more detail so that I can comprehend the approach. It probably seems clear to you but not for us beginners :>)

The real bit I can't seem to grasp is configuring a leaf port in a particular vlan in order to connect my laptop and PING back into the brownfield network and router.

My L2Out pool does contain this particular vlan I want to use as a test so I assume that bit is set up correctly.

Thanks Kevin.

Tomas de Leon · ‎10-16-2016

Kevin,

I am going to make an assumption that you are ok making the ACCESS POLICIES which define the personality of the port that you want to attach to the laptop. For example, 1 gig port speed, vlan Pool, and Domains (physical or External bridged Domains)

Since you have a laptop that you want to plugin into the front panel port of the leaf and you want to communicate to the legacy network on this same vlan, you will need to use at least two ports on the leaf. One for the laptop and one for the trunk port to connect to a legacy switch.

For this example, lets say we use VLAN80. Port 1/13 is a Physical Domain Port and Port 1/80 is the External bridged Domain (in my setup I use a VPC but it would be the same with a single port trunk)

The simplest configuration is to use an EPG and use static ports. In the EPG, you define your physical or External bridged Domains. Then you configure your port selection under the EPG selecting the VLAN defined in your access policies for your domains. You would configure a static path for your laptop connection which would be an "ACCESS" Port and then a static path for your connection to your external switch which would be a "TRUNK" Port.

For example:

The second way to do this is similar. You create an EPG with static paths for your access port connections for each vlan. Then your create a "Bridged Outside" connection for your trunk connections for each vlan.

For example:

Either way will work so it is a personal preference on how you want to configure.

I hope this helps!

T.

ksherwood · ‎08-06-2016

Do you mean don't set the BD to legacy mode ?

dpita · ‎08-06-2016

you do not need legacy BD enabled in your scenario

essentially, legacy BD is used to conserve internal vlan translations but is mostly not needed.

ksherwood · ‎08-16-2016

Thanks Daniel, I have disabled legacy mode and the layer two out interface in the topology view is now green.

So I think I have my trunk back to Brownfield network now, but I don't know how to add the test EPG interface to put my laptop onto. Can you help ???

I want to put this into VLAN 80 which is part of my L2 out trunk VLAN pool.