Create an External Routed Network

The firewalls pass IP routing information to the ACI ovar a Layer 3 OSPF network. ACI uses a switch virtual interface (SVI) on the leaf switches with an IP address on each switch for connection resilience. Create a Layer 3 routed network to peer with the firewall using OSPF.
  1. On the
    Tenants
    tab, double-click on the name of your tenant.
  2. Select
    Networking
    External Routed Networks
    .
  3. Right-click
    External Routed Networks
    and select
    Create Routed Outside
    .
  4. Enter a descriptive
    Name
    for your
    External Routed Network
    .
  5. Select your VRF with external connectivity from the
    VRF
    drop-down.
  6. Select the external routed domain you created previously form the
    External Routed Domain
    drop-down.
  7. Select
    OSPF
    .
  8. Enter an
    OSPF Area ID
    . The Area ID can be expressed in decimal number or dotted decimal form. For example, Area 1 is the same as Area 0.0.0.1 or Area 271 is the same as Area 0.0.1.15. The Area ID range is 0 (0.0.0.0) to 4294967295 (255.255.255.255).
  9. Select
    Regular Area
    for the
    OSPF Area Type
    .
  10. Click the plus (+) button to the right of
    Nodes and Interface Profiles
    to create a Node Profile with a node that for the border-leaf switches that connect to the firewall.
  11. Enter a descriptive
    Name
    for your
    Node Profile
    .
  12. Attach nodes to your Node Profile.
    1. Click the plus (+) button to the right of
      Nodes
      . This opens the
      Select Node
      window.
    2. Select the node that your firewall is connected to from the
      Node ID
      drop-down.
    3. Enter the IP address of the router attached to the leaf switch in
      Router ID
      .
    4. Click
      OK
      .
    5. Click the plus (+) button to the right of
      Nodes and Interface Profiles
      .
    6. Enter a descriptive
      Name
      for your
      Node Profile
      .
    7. Click the plus (+) button to the right of
      Nodes
      . This opens the
      Select Node
      window.
    8. Select the node that your secondary HA firewall is connected to from the
      Node ID
      drop-down.
    9. Enter the IP address of the router attached to the second leaf switch in
      Router ID
      .
    10. Click
      OK
      .
  13. Attach an OSPF Interface Profile for your Node Profile.
    1. Enter a descriptive
      Name
      for your OSPF Interface Profile.
    2. Click
      Next
      .
    3. Select
      Create OSPF Interface Policy
      from the OSPF Policy drop-down.
    4. Enter a descriptive
      Name
      for your OSPF Interface Policy.
    5. Select
      MTU Ignore
      .
    6. Click
      Submit
      .
    7. Click
      Next
      .
    8. Click
      SVI
      .
    9. Click the plus (+) button to the right of
      SVI Interfaces
      . This opens the
      Select SVI
      window.
    10. Click
      Virtual Port Channel
      .
    11. Select the Path to the port and port channel interface where the firewall connects to the leaf switch.
    12. In
      Encap
      , enter the VLAN encapsulation used for your layer 3 outside profile.
    13. Select
      Trunk
      for Mode.
    14. In the
      Side A IPv4 Primary Address
      field, enter the primary IP address of the path attached to the layer 3 outside profile.
    15. In the
      Side B IPv4 Primary Address
      field, enter the secondary IP address of the path attached to the layer 3 outside profile.
    16. Click
      OK
      .
  14. Click
    OK
    to close the Create Interface Profile window.
  15. Click
    OK
    to close the Create Node Profile window.
  16. Click
    Next
    .
  17. Click the plus (+) button to the right of
    External EPG Networks
    . This opens the
    Create Routed Outside
    window.
  18. Enter a descriptive
    Name
    for you External Network.
  19. Add a subnet to you External Network.
    1. Click the plus (+) button to the right of
      Subnets
      .
    2. Enter the IP address and mask of the subnet’s default gateway.
    3. Select
      Export Route Control Subnet
      .
    4. Select
      External Subnets for External EPG
      .
    5. Click
      OK
      .
  20. Click
    Finish
    .

Recommended For You