Layer 3 Virtual Network
Location in GUI: Provision
» SD-Access
» Virtual Networks
» Layer 3 Virtual Networks
Diagram
Section titled “Diagram”Classes
Section titled “Classes”fabric (catalyst_center)
Section titled “fabric (catalyst_center)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
l3_virtual_networks | List | [l3_virtual_networks] | No |
l3_virtual_networks (catalyst_center.fabric)
Section titled “l3_virtual_networks (catalyst_center.fabric)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Yes |
Examples
Section titled “Examples”Example-1: Basic Layer 3 Virtual Network Creation and Assignment
This example demonstrates how to create Layer 3 virtual networks at the global level and assign them to specific fabric sites. Layer 3 virtual networks enable network segmentation and micro-segmentation within SD-Access fabric, providing isolated routing domains for different user groups, applications, or security zones.
The Layer 3 virtual network configuration includes:
- Global L3 VN creation (SDA_VN_USERS, SDA_VN_PRINTERS, SDA_VN_CORPORATE) for reusable network segments
- Virtual network names that reflect organizational structure and traffic types
- Site-specific assignment enabling selective deployment across fabric sites
- Flexible assignment allowing different combinations per site based on requirements
catalyst_center: fabric: l3_virtual_networks: - name: SDA_VN_USERS - name: SDA_VN_PRINTERS - name: SDA_VN_CORPORATE
Next, you need to assign the L3 VN to a Fabric Site:
catalyst_center: fabric: fabric_sites: - name: Global/Canada authentication_template: name: No Authentication l3_virtual_networks: - SDA_VN_USERS - SDA_VN_PRINTERS - SDA_VN_CORPORATE
- name: Global/United States authentication_template: name: No Authentication l3_virtual_networks: - SDA_VN_CORPORATE - SDA_VN_PRINTERS
Example-2: Department-Based Layer 3 Virtual Networks
This example shows how to create Layer 3 virtual networks organized by department or functional area for enterprise environments requiring departmental isolation and security policies.
catalyst_center: fabric: l3_virtual_networks: - name: FINANCE_VN - name: HR_VN - name: ENGINEERING_VN - name: MARKETING_VN - name: GUEST_VN
Site assignment with department-specific virtual networks:
catalyst_center: fabric: fabric_sites: - name: Global/North_America/Corporate HQ authentication_template: name: Closed Authentication l3_virtual_networks: - FINANCE_VN - HR_VN - ENGINEERING_VN - MARKETING_VN - GUEST_VN
- name: Global/Europe/Branch Office authentication_template: name: Closed Authentication l3_virtual_networks: - ENGINEERING_VN - GUEST_VN
Example-3: Service-Based Layer 3 Virtual Networks
This example demonstrates how to create Layer 3 virtual networks based on network services and application types for service-oriented network architectures.
catalyst_center: fabric: l3_virtual_networks: - name: WEB_SERVICES_VN - name: DATABASE_SERVICES_VN - name: APPLICATION_SERVICES_VN - name: MANAGEMENT_SERVICES_VN - name: BACKUP_SERVICES_VN
Service-oriented site assignment:
catalyst_center: fabric: fabric_sites: - name: Global/Data Center/Primary authentication_template: name: Closed Authentication l3_virtual_networks: - WEB_SERVICES_VN - DATABASE_SERVICES_VN - APPLICATION_SERVICES_VN - MANAGEMENT_SERVICES_VN - BACKUP_SERVICES_VN
- name: Global/Data Center/DR Site authentication_template: name: Closed Authentication l3_virtual_networks: - DATABASE_SERVICES_VN - BACKUP_SERVICES_VN
Example-4: Security Zone Layer 3 Virtual Networks
This example shows how to create Layer 3 virtual networks based on security zones and trust levels for environments requiring strict security segmentation and compliance.
catalyst_center: fabric: l3_virtual_networks: - name: SECURE_ZONE_VN - name: DMZ_ZONE_VN - name: INTERNAL_ZONE_VN - name: PUBLIC_ZONE_VN - name: QUARANTINE_ZONE_VN
Security zone site assignment:
catalyst_center: fabric: fabric_sites: - name: Global/Security/High_Security_Facility authentication_template: name: Closed Authentication l3_virtual_networks: - SECURE_ZONE_VN - INTERNAL_ZONE_VN - QUARANTINE_ZONE_VN
- name: Global/Security/Public_Access_Area authentication_template: name: Closed Authentication l3_virtual_networks: - DMZ_ZONE_VN - PUBLIC_ZONE_VN - QUARANTINE_ZONE_VN
Example-5: Multi-Tenant Layer 3 Virtual Networks
This example demonstrates how to create Layer 3 virtual networks for multi-tenant environments with customer isolation and service provider deployments.
catalyst_center: fabric: l3_virtual_networks: - name: TENANT_A_PROD_VN - name: TENANT_A_DEV_VN - name: TENANT_B_PROD_VN - name: TENANT_B_DEV_VN - name: SHARED_SERVICES_VN
Multi-tenant site assignment:
catalyst_center: fabric: fabric_sites: - name: Global/Service Provider/CustomerA_Site authentication_template: name: Closed Authentication l3_virtual_networks: - TENANT_A_PROD_VN - TENANT_A_DEV_VN - SHARED_SERVICES_VN
- name: Global/Service Provider/CustomerB_Site authentication_template: name: Closed Authentication l3_virtual_networks: - TENANT_B_PROD_VN - TENANT_B_DEV_VN - SHARED_SERVICES_VN
Example-6: Environment-Based Layer 3 Virtual Networks
This example shows how to create Layer 3 virtual networks based on environment types for development lifecycle management and application deployment stages.
catalyst_center: fabric: l3_virtual_networks: - name: PRODUCTION_VN - name: STAGING_VN - name: DEVELOPMENT_VN - name: TESTING_VN - name: SANDBOX_VN
Environment-based site assignment:
catalyst_center: fabric: fabric_sites: - name: Global/Development/Primary_Lab authentication_template: name: Closed Authentication l3_virtual_networks: - DEVELOPMENT_VN - TESTING_VN - SANDBOX_VN
- name: Global/Production/Data_Center authentication_template: name: Closed Authentication l3_virtual_networks: - PRODUCTION_VN - STAGING_VN