Showing results for 
Search instead for 
Did you mean: 

Cisco Community Designated VIP Class of 2020


Layer 3 gateway for a VPC VLAN on a separate device

Hi there,


I have a query around a supported VPC design using Nexus 77xx. I've struggled to find any documentation specific to this particular scenario.


I have a client who has a requirement to create a DMZ network (layer 2 separation) through a Nexus 7700 pair, with layer 3 routing carried out using a separate firewall appliance. 

A host on one of these VLANs requires resilient connectivity, using bundled links with LACP. The intention would be to cross-patch these links across separate FEX, with separate parent chassis using VPC.


Connectivity to the upstream firewall (active/standby) would be via a layer 2 port-channels (non-VPC) directly between the core switches and the firewall appliances. These port-channels would trunk the VLAN of the DMZ network, as well as other (transit) networks where the devices peer using EIGRP. The transit/peering VLANs for all other traffic are non-VPC.


Layer 3 routing for the DMZ network would be carried out by these firewalls to allow segregation, with no layer 3 configuration present on the Nexus core switches.


The VLAN would be trunked across the VPC port-channel between the two Nexus core switches.


I've thrown together the below diagram to try and show the intended setup.


Is this a supported design?

Are there any considerations regarding failover for this solution?


I hope the above description and diagram is reasonably clear, but please let me know if you need further information.


VIP Advisor

Re: Layer 3 gateway for a VPC VLAN on a separate device

I do not see any issue in terms of design, Layer 2 handover to FW, FW configured correctly with HA with Floated IP, you should be good..


why do you think you have an issue here?


*** Rate All Helpful Responses ***

Re: Layer 3 gateway for a VPC VLAN on a separate device

Hi there,


I don't believe there's an issue, I'm just looking for reassurance in the absence of any validated designs.


Thanks for your feedback.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here