Re: Layer 2 VLAN SD-Fabric

p11l · ‎06-19-2025

Hello everyone,

today I want to ask how I can enable pure L2 switching in a SD-Fabric Site.

I attached a little draw and a tooltip info form CatalystCenter at the end of my post.

I did the following to achive this but it don't work.

I go into my Site B, create under "Layer 2 Virtual Networks" a new entry.
Name, VLAN ID, Traffic Type: Data, Layer 2 Flooding already checked and leave the rest default.

The Catalyst Center pushed the new created vlan to all edge devices in this site.
GUI shows me additional information like "Layer 2 VNID"=8198.

I checked it as follow on some edge switches:

#sh run | sect instance-id 8198

instance-id 8198
remote-rloc-probe on-route-change
service ethernet
eid-table vlan 266
broadcast-underlay 239.0.17.2
flood arp-nd
flood unknown-unicast
database-mapping mac locator-set rloc_a5c8d578-c876-4efa-9a77-deeb7bee8329
exit-service-ethernet
!
exit-instance-id

I connect two clients to same switch edge-1. Ping each other work.
Second check is to ping each other with client-1 connect to edge-1 and client-2 to edge-2.
This did not work.

I go back to cli from edge-1 and 2 and check the following:

#show ip mroute
IP Multicast Forwarding is not enabled.

So it seems to me that I can't only create a pure L2 vlan and use it over a routed sd-fabric site. I saw a tooltip info at the creation point in the Layer 2 wizard - attached to my post.
There is a option "Configure Multicast" that start a wizard in the site-view from fabric menu. In the wizard are explanations like "configure multicast routing within one or more L3 VN" so it seems to me they need more configuration.

I use LAN automation and I did not check to use multicast. Is this the problem? Can I check the box after LAN automation becaus I already have a few devices...attached screenshot at the end of the post.

Please, can anyone clarify me how I can achive to use a vlan into the same Fabric site over all attached devices?

I need it for devices that don't need any connection to another network, so I do not need any gateway or so on for the devices. They should run in their own network.

Thanks for your help!

Torbjørn · ‎06-20-2025

Yes, you need multicast in the underlay for L2 flooding to work.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

p11l · ‎06-20-2025

Thanks.

It seems to me that in LAN-Automation process I can check the multicast box to automatically configure it.

Is there any option to do this after the LAN-Automation process?

jedolphi · ‎06-20-2025

If LAN Auto has concluded, then you will have to do it manually with template or on the CLI. If you prefer LAN Auto to have the ability to do this configuration on day N in future then please "Make a Wish" in the CatC UI and briefly explain the use case. Thank you!

p11l · ‎06-20-2025

OK great, I understand.

I found a great cisco live document where this is the topic.

I need to configure my two BNs to be the RP, so far so good.

There is a important notice on the slide with information that the loopback interface I configure on each BN must belong to the underlay domain.

So hopefully someone can explain me wheter the loopback interface must be in the same subnet like the underlay lan automated devices or i create a new subnet for that?

If there must be in the same subnet like the automated devices, then I use a static IP in a pool for automation. I don't know if there is a problem.

For all who want to read the cisco live document:

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2024/pdf/BRKENS-2820.pdf

Slide with notice attached to my post.

jedolphi · ‎06-20-2025

Please do not manually assign IP addresses from the LAN Auto subnet, it has the potential to create a duplicate IP problem. Please use a different subnet for Anycast RP and inject that subnet into underlay ISIS.

wajidhassan · ‎06-20-2025

You're on the right track, and your observation is correct: in Cisco SD-Access, pure Layer 2 switching across fabric edge nodes requires multicast to be properly configured.
Layer 2 Virtual Network (VN) creates an overlay VLAN across fabric, but inter-edge flooding (like ARP, unknown unicast) depends on multicast
The message "IP Multicast Forwarding is not enabled" confirms why cross-edge pings fail — the L2 flooding can’t function without multicast
Yes, you must enable multicast (like PIM + MSDP/Anycast RP) in your fabric under the “Configure Multicast” wizard for L2 VN to work between edge switches
It’s safe to enable multicast even after LAN Automation; it won’t break existing setups
Once multicast is set up, your clients on different edge switches in the same VLAN should communicate without needing a gateway.
let me now if you need exact steps,

p11l · ‎06-25-2025

I only want to say that it work for me as discussed.

Thanks for all your help!

p11l · ‎07-01-2025

It seems to be working for me but I have one more question:
To enable anycast RP I configured msdp on both RP devices.
Now I read that I should choose between msdp and pim for anycast RP.
msdp worked only for ipv4 and pim additonal for ipv6.

I did the following:
Router-1

interface Loopback60000
 description Anycast RP Address
 ip address 192.168.100.1 255.255.255.255
 ip router isis
 clns mtu 1492
 ip pim sparse-mode
 exit
ip multicast-routing
ip pim rp-address 192.168.100.1
ip pim register-source Loopback60000
ip msdp peer 192.168.105.4 connect-source Loopback0
ip pim ssm default

interface range Gi 1-4
  ip pim sparse-mode

Router-2

interface Loopback60000
 description Anycast RP Address
 ip address 192.168.100.1 255.255.255.255
 ip router isis
 clns mtu 1492
 ip pim sparse-mode
 exit
ip multicast-routing
ip pim rp-address 192.168.100.1
ip pim register-source Loopback60000
ip msdp peer 192.168.105.3 connect-source Loopback0
ip pim ssm default

interface range Gi 1-4
  ip pim sparse-mode

I read that i can work without configuring msdp an use following pim commands to reach the same goal.

Router-1

no ip msdp peer 192.168.105.4 connect-source Loopback0
ip pim anycast-rp 192.168.100.1 192.168.105.3
ip pim anycast-rp 192.168.100.1 192.168.105.4

Router-2

no ip msdp peer 192.168.105.3 connect-source Loopback0
ip pim anycast-rp 192.168.100.1 192.168.105.3
ip pim anycast-rp 192.168.100.1 192.168.105.4

Can someone please give me further information which one is the better way?
Thanks a lot!

jedolphi · ‎07-02-2025

Today LAN Automation configures MSDP for underlay AnyCast RP, this is the standard solution, so I'd suggest going with that.

Perhaps better though, if there is no multicast configs on your original LAN Auto seeds (BNs in this case), you can start and stop a dummy LAN Auto session with BNs selected as primary and secondary seed. It will not discover any new switches of course, but if you check the multicast box during LAN Auto start then it should create the AnyCast RP on the BNs for you.

p11l · ‎07-03-2025

Great Idea, thanks!

I already configured it manually and added a new switch per LAN Auto. New Switch gets the multicast settings from BNs so I think it worked as it should. I leave it at MSDP.