Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
267
Views
0
Helpful
1
Replies

Changing the Overlay-Mode from config-profile to CLI

Mario Rosi
Level 1
Level 1

‎03-04-2025 09:31 AM

I've a question concerning the setting of Overlay-mode on NDFC.

The config-profile is the default setting once you have to bring-up a VXLAN fabric using NDFC; let's suppose that at a cert point, we want to introduce "security-group" with GPO and contracts (as for ACI).

 

Unfortunately, as described here https://www.cisco.com/c/en/us/td/docs/dcn/ndfc/1222/articles/ndfc-configure-security-vxlan-evpn-fabrics/configure-security-vxlan-evpn-fabrics.html the only way that supports GPO is with Overlay Mode set to CLI.

And here we start crying

From TAC case opened on this problem, it looks that to change from config-profile to CLI you must destroy the fabric config because before you must detach “everything” from the Network and VRF point of view concerning the overlay configuration, Trigger a fabric-wide "Recal and Deploy" action and then you can change the overlay mode to cli ... finally re-attach logical configuration.

Obviously, all that is massively traffic affecting!

Being the config-profile the default overlay-mode, it means that most of the cases will have gone for that choice; and if they want now introduce GPO, they cannot on a fabric in production.

Can be like that?

I cannot believe that is is working like that...

Please, tell me that we can change the overly-mode "on the fly" on a DC in production.

 

Thanks

Mario

Labels:
0 Helpful
1 Reply 1

MikeBeck28967
Level 1
Level 1

‎05-07-2025 11:22 PM

Hi, 

TAC is right. You can't change the overlay mode "on the fly".

From the config guide:

Overlay Mode

You can create a VRF or network in CLI or config-profile mode at the fabric level. The overlay mode of member fabrics of an MSD fabric is set individually at the member-fabric level. Overlay mode can only be changed before deploying overlay configurations to the switches. After the overlay configuration is deployed, you cannot change the mode unless all the VRF and network attachments are removed.

https://www.cisco.com/c/en/us/td/docs/dcn/ndfc/121x/configuration/fabric-controller/cisco-ndfc-fabric-controller-configuration-guide-121x/managing-greenfield-vxlan-fabric.html

Let's hope that the support for config-profile mode is coming for GPO's. 

Regards,

Mike

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card