In the last few months i had the opportunity to create from scratch an sd-access network as company’s internal lab (many many thanks to my company for purchasing a Catalyst Center server - formerly DNA Center, some Catalyst 9300 and a 9800 WLC) and one of the most interesting task i accomplished is L2 handoff.
L2 handoff allow you to export a fabric L2VNI (fabric vlan) into a classic vlan in your legacy network, in few words is a simple and intuitive method to integrate your classic LAN with a fabric and starts the migration from the older environment to the newer one.
Suppose you want to migrate from your 3 tier classic LAN to a brand new VXLAN fabric deployed by Catalyst Center, the gateway for a particular vlan still reside in your old core switch but you want to start to connect some clients (belong to that specific vlan) to the FEN (Fabric Edge Nodes).
LAB topology is:
- SW1-SITE2 is the old core switch, gateway for the vlan 200
- SW1-SITE1 is the fabric control-plane and border node
- SW2-SITE1 is the fabric edge node where the client is connected
Here the simple SW1-SITE2 configuration:
interface Vlan200
ip address 172.29.120.1 255.255.255.128
end
interface GigabitEthernet1/0/24
switchport mode trunk
end
On Catalyst Center side, you simply need to create the L2VNI and associate it to the Vlan ID, then provision it to the fabric.
In “Provision->Fabric Sites” menù you need to click on “Preview New SD-Access” button for better visibility and select “Layer 2 Virtual Networks” in Virtual Networks section:
Here you can create the new Layer 2 Virtual Network and follow the workflow where you will add all the necessary info:
After the system finish to deploy the network, it appear on the main page with a L2VNI assigned:
In the meantime, the border node switch receive that particular configuration:
SW1-SITE1#sh vlan bri | i 200
200 Site2_client_wired active L2LI0:8190
SW1-SITE1#sh run | sec instance-id 8190
instance-id 8190
remote-rloc-probe on-route-change
service ethernet
eid-table vlan 200
broadcast-underlay 239.0.17.1
flood arp-nd
flood unknown-unicast
database-mapping mac locator-set rloc_dd4e0bf4-1f64-4336-a430-b258b353359e
exit-service-ethernet
!
exit-instance-id
eid-record instance-id 8190 any-mac
Finally you need to configure the endpoint switchport (Gi1/0/2 in SW2-SITE1). In the menù “Provision->Fabric Sites” click on the selected site and choose “Port assignement” (The old visualization show you Host onboarding->Port assignement):
After you assign the intended configuration to the switchport you need to re-deploy the fabric on the Fabric Sites main page:
and the configuration is applied to the switchport:
SW2-SITE1#sh run inte gigabitEthernet 1/0/2
Building configuration...
Current configuration : 414 bytes
!
interface GigabitEthernet1/0/2
switchport access vlan 200
switchport mode access
device-tracking attach-policy IPDT_POLICY
load-interval 30
access-session inherit disable interface-template-sticky
access-session inherit disable autoconf
cts manual
policy static sgt 20
no propagate sgt
no macro auto processing
spanning-tree portfast
spanning-tree bpduguard enable
ip nbar protocol-discovery
end
As you can see form the “Assurance->Health->Client” menù, a laptop with IP address 172.29.120.100 is correctly connected to the fabric…
…and it can be reach by its gateway in a different site
SW1-SITE2#ping 172.29.120.100 source vlan 200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.29.120.100, timeout is 2 seconds:
Packet sent with a source address of 172.29.120.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms