I am looking for best practice advice. In a network I have two Nexus 5548UP switches that are connected together with a port channel. I have created a layer 3 link over the port channel using vlan 1152 192.168.150.8/30. A management vlan has been also been created on the switches with vlan 211 172.30.211.0/24. A Cisco ASA firewall is connected to the Nexus1 switch and has the inside intereface configured with an IP from the management network. A Cisco Router is connected to the Nexus2 switch and the LAN interface is also configured with an IP from the management network. EIGRP has been configured on all 4 devices. On the Nexus switches all svi's have been configured with the passive-interface command with the exception of the Vlan 1152 SVI's and the Vlan 211 SVI's. I am using the vlan 211 SVI IP for my EIGRP router-id. With this configuration the Nexus switches are neighbored twice with each other on both the 192.168.150.8.0/30 network and the 172.30.211.0/24 network. I would like to reduce that down to where they only neighbor using the layer 3 192.168.150.8.0/30 network but if I put the vlan 211 svi's in passive mode then it will break the neighborship with my ASA and router. To overcome this issue would I be better creating loopback interfaces to use as my router id and also making the links between my switch and ASA plus switch and router layer 3? Is there a better way to do this? I have attached two images, the first being the original design and the second being the proposed design. I have also provided the neighbor show commands from original design which lists all the neighbors being formed.
Nexus1# sh ip eigrp neighbor IP-EIGRP neighbors for process 100 VRF default H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 3 172.30.211.1 Vlan211 14 6w6d 3 200 0 439537 2 172.30.211.2 Vlan211 14 6w6d 2 200 0 439536 1 192.168.150.10 Vlan1152 14 6w6d 1 200 0 439535 0 172.30.211.20 Vlan211 14 11w5d 1 200 0 293289
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...