Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
606
Views
0
Helpful
2
Replies

Nexus Layer Two to Layer three communications problem

jladolcetta
Level 1
Level 1

‎06-13-2022 08:29 AM

I am trying to convert a data center into a multilayered environment. In brief, I have bgp working on an outside switch feeding internet connectivity to an active/passive pair of Palo Alto firewalls. Internally I am doing an Area 0 OSPF instance from the firewalls to a pair of Nexus 93280s. These in turn do an "Area 51" OSPF region that I want to distribute NATted subnets to a core consisting of four 9500 switches that connect over 40 9300 and 9200 TOR switches in 20+ cabinets.

 

Currently its a Layer 2 environment behind the firewalls and is running nicely, utilizing multiple FIOS links load balanced using ECMP.

 

Since delivery of a 10GB dedicated internet circuit with a /56 IPv6 and a /24 IPv4 allocation, we have a need to introduce dynamic routing, which is what I was explaining in the first paragraph.

 

I am testing this design change by dedicating one cabinet with 1 9200 and 1 9300 switch connected directly to the OSPF Area 0 switches behind the firewall. Everything works (i.e.routes are propagating, pings and traceroutes work, until you get to the local switches (the 9200 and 9300). VLANs are not communicating upstream from these switches out to the core and internet. I am enclosing copies of the configs for the test environment. NJB1SWC9-1 is the distribution switch. NJB1SWA2-3 is the OSPF switch. In the mean time, I am trying to do this through SVIs and port channels but I am getting nowhere. I am willing to try VXLAN architecture but I do not seem to find a basic CLI example anywhere. Barring that, is there something I am missing in my core - distribution stack?

 

Thanks for your assistance.

Jeff Ladolcetta

908-645-4401

jeffrey.ladolcetta@envrmnt.com

 

Labels:
Preview file
16 KB
Preview file
17 KB
0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎06-13-2022 08:41 AM

can you draw topology ?

0 Helpful

jladolcetta
Level 1
Level 1
In response to MHM Cisco World

‎06-13-2022 09:44 AM

Hi, attached is the test plan network that I've set up.

Since I am using the 93280 as an end node (not a 92380) please read accordingly... i.e. NJB1SWC9-2 is replaced with NJB1SWC9-1. However, functionally the concept is the same... Internet to Firewall, Firewall to OSPF switch, OSPF switch to NJB1SWC9-1. Please remember this is just a test, a POC, to be implemented after verification on a set of 4 9500s distributed to TOR switches (9200-9300s). I basically have an unutilized TOR cabinet talking to the OSPF switch which sits on top of my 9500s.

 

OSPF responds well at all nodes. The problem is in the Layer 2 switchports on the NJB1SWC9-1 switch. I attached a computer to one of the ports on the switch.. I cannot ping the computer, or reach it via RDP, and from the computer itself, I cannot get anywhere... even to an adjacent port thats on the same VLAN.

Preview file
197 KB
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card