Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
134
Views
0
Helpful
0
Replies

Changing the Overlay-Mode from config-profile to CLI

Mario Rosi
Level 1
Level 1

‎03-04-2025 09:31 AM

I've a question concerning the setting of Overlay-mode on NDFC.

The config-profile is the default setting once you have to bring-up a VXLAN fabric using NDFC; let's suppose that at a cert point, we want to introduce "security-group" with GPO and contracts (as for ACI).

 

Unfortunately, as described here https://www.cisco.com/c/en/us/td/docs/dcn/ndfc/1222/articles/ndfc-configure-security-vxlan-evpn-fabrics/configure-security-vxlan-evpn-fabrics.html the only way that supports GPO is with Overlay Mode set to CLI.

And here we start crying

From TAC case opened on this problem, it looks that to change from config-profile to CLI you must destroy the fabric config because before you must detach “everything” from the Network and VRF point of view concerning the overlay configuration, Trigger a fabric-wide "Recal and Deploy" action and then you can change the overlay mode to cli ... finally re-attach logical configuration.

Obviously, all that is massively traffic affecting!

Being the config-profile the default overlay-mode, it means that most of the cases will have gone for that choice; and if they want now introduce GPO, they cannot on a fabric in production.

Can be like that?

I cannot believe that is is working like that...

Please, tell me that we can change the overly-mode "on the fly" on a DC in production.

 

Thanks

Mario

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card