What's a simple way to implement a L2 network across 2 L3 DCs connected by 2x1Gig links using a 6504-E with SUP720-3C?! The DCs are only a few kilometres apart and our local service provider can only provide 1Gig fiber links between DCs (which I can then configure as L2 or L3). I do not want to simply configure flat L2 across both DCs - I would like to keep each DC as a separate L3 site and run OSPF for fast convergence and therefore avoid spanning-tree altogether.
At the moment each DC uses 3750 switches connected by L3 links and runs EIGRP. We then use separate hardware (7200) and L2TPv3 to create some shared L2 networks across that. We're moving to the 6500 platform and so it's a good opportunity to redesign things - and hopefully I can minimise the amount of hardware needed and consolidate using only the 6500 platform in each DC.
I also have a Cisco ACE appliance to fit at each site and to have redundancy for these they need to live in a shared network! That's what happens when the design process starts after the kit has already been brought (not my choice btw!).
The 2x1Gig links are to connect the 2 DCs together - but the question is what's the best way to do this? For example, best practice dictates that sites should be L3 only. However, I also need some kind of L2 connectivity for certain clustered services which require L2.
What I've ended up doing is a bit of both L2 and L3. Basically I created a L2 etherchannel which only allows 2 things - a VLAN which is used to provide a small /30 link so that I can create SVIs on each end and run L3 on top; and VLANs which are used as pure L2 which run HSRP. Here's the config:
interface Vlan2 ip address 10.x.x.10 255.255.255.252 ip ospf network point-to-point ip ospf priority 0
interface Vlan120 description Shared VLAN ip address 10.120.0.252 255.255.255.0 standby 120 ip 10.120.0.254 standby 120 preempt
It does seem to work ok - for example I have different networks at each DC which I can reach independently and I have a couple of VLANs which stretch across sites. The only problem that I can see is that there would be serious problems if the 2 Gig links went down between the 2 switches - each would then be HSRP master. Also there's a trombone effect with traffic from DC2 using DC1 as its default gateway but there's no way around this unless we use OTV or similar!
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...