Question 132 of 290 from exam 400-151: CCIE Data Center Written Exam
Question
A VPC stretched from two leaf switches up to an ASA firewall.
You are configuring the VPC as an L3Out interface in a Cisco ACI Fabric.
How is the Layer 3 configuration applied?
Answers
Explanations
D.
Sure! Let me explain each answer choice in detail:
A. Each endpoint of the VPC must be configured with an IP address in the same range. This answer choice is not correct. VPC (Virtual Port-Channel) is a technology used to provide link-level redundancy between two devices (such as switches) while presenting a single logical port-channel to a downstream device (such as a server or a firewall). While VPC can be used to provide Layer 2 redundancy, it doesn't necessarily require any Layer 3 configuration.
B. Each link must be configured as a Layer 3 link. This answer choice is not correct either. A Layer 3 link typically refers to a link that carries IP traffic and is used for routing. However, VPC is a Layer 2 technology and doesn't require Layer 3 links to function. In fact, VPC links are typically configured as regular Layer 2 port-channels.
C. The VPC configuration itself must be seen as a Layer 2 Portchannel stretching over two devices. A subinterface in the port channel configuration of the VPC must be configured at both ends of the VPC. This answer choice is partially correct. As mentioned earlier, VPC is a Layer 2 technology, so it doesn't require any Layer 3 configuration by default. However, if you want to extend Layer 3 connectivity over a VPC, you can configure a Layer 3 subinterface on each device that participates in the VPC. The subinterfaces should be configured with the same VLAN ID and IP subnet, and they should be members of the VPC port-channel. This way, traffic that enters the VPC on one device can be routed to the other device using the Layer 3 subinterfaces.
D. A separate SVI must be configured in the ACI fabric and the VLAN of the SVI must be allowed on the VPC trunk configuration. This answer choice is also partially correct. In Cisco ACI (Application Centric Infrastructure) fabric, you can configure an L3Out interface to provide Layer 3 connectivity to external devices such as firewalls or routers. When you configure a VPC as an L3Out interface, you need to create a separate SVI (Switched Virtual Interface) in the ACI fabric and associate it with the VPC port-channel. The SVI should be configured with the same VLAN ID and IP subnet as the Layer 3 subinterfaces on the VPC devices. Additionally, you need to allow the VLAN of the SVI on the VPC trunk configuration so that traffic can flow between the ACI fabric and the VPC devices.
In summary, answer choice C and D are both partially correct, but answer choice D is more specific to the Cisco ACI fabric. Answer choice C describes the general concept of configuring Layer 3 connectivity over a VPC, while answer choice D describes the specific steps needed to configure an L3Out interface in the ACI fabric.
