Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
964
Views
1
Helpful
8
Replies

ACI EPG static mapping

Go to solution
suya2024
Level 1
Level 1

‎01-30-2025 05:59 PM

Hello,

I have an external switch connected to a leaf switch using a port channel. The port channel carried Vlan 100,200,300. I have EPGs 100,200 and 300 and tried statically mapping the port channel to each EPG, but is fails saying the port channel already has an encapsulation defined.

how do I make sure that traffic from any of these vlans are assigned the correct EPG, when entering the fabric via the port channel?

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
AshSe
VIP
VIP

‎01-30-2025 10:21 PM

Hello @suya2024 

For the visual understanding of your query; here is the diagram:

Screenshot 2025-01-31 at 11.41.04 AM.png

And here is a brief explanation:

  • When you statically map a port channel to an EPG, ACI expects a unique VLAN encapsulation for each EPG on that port channel. If you try to statically map multiple EPGs with overlapping VLANs, ACI will throw an error because it cannot differentiate traffic for the EPGs.
  • When you statically map a port channel to an EPG, you must ensure that the VLAN encapsulation is unique for each EPG on that port channel. 

And the Solution:

  • Use a VLAN pool and dynamic VLAN assignment.
  • By using a VLAN pool and dynamic VLAN assignment, ACI can automatically map the incoming VLAN traffic to the correct EPG based on the VLAN tag.

 

Hope This Helps!!!

AshSe

Forum Tips: 

  1. Insert photos/images inline - don't attach.
  2. Always mark helpful and correct answers, it helps others find what they need.
  3. For a prompt reply, kindly tag @name. An email will be automatically sent to the member.

View solution in original post

0 Helpful

Go to solution
RedNectar
VIP Alumni
VIP Alumni

‎01-31-2025 01:31 AM - edited ‎01-31-2025 01:31 AM

Hi @suya2024 ,

The exact error message would help, plus a little more about your existing configuration.

However, with some guessing, I'm going to suggest you do this:

Go to one of the EPG's Configured Access Policies - let's say the VLAN 100 EPG (From your Tenant - Application Profiles > Your_Application_Profile > Application EPGs > Your_EPG |> [Operational] tab > Configured Access Policies

Now hover over the VLAN Pool column to see the name of the VLAN Pool - in my lab it's called T06:MappedVLANS_VLAN.Pool

RedNectar_0-1738315445667.png

Now make sure VLAN 100 is in that pool- using my example of T06:MappedVLANS_VLAN.Pool, navigate to Fabric > Access Policies >> Pools > VLAN > T06:MappedVLANS_VLAN.Pool and add an Encap Block for VLAN 100

Now try mapping the port-channel to the EPG again From your Tenant - Application Profiles > Your_Application_Profile > Application EPGs > Your_EPG > Static Ports >+ Deploy Static EPG on PC, VPC or Interface

Let me know if this gets you out of trouble - if now, a bit more detail would help

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

Go to solution
YanL
Level 1
Level 1

‎01-31-2025 08:37 AM

We do it all the time, basically extending L2 VLAN(s) from NXOS to ACI over a VPC_IPG. We use the same design as AshSe's diagram except our NXOS switch is VPC to leaf 101 and 102. You need to have VLAN(s) defined as static in your vlan pool and static port need to be in trunk mode.

VLAN_POOL, static, VLANs 100 ,200, 300

EPG_V100, static port VPC_IPG, vlan 100, trunk

EPG_V200, static port VPC_IPG, vlan 200, trunk

EPG_V300, static port VPC_IPG, vlan 300, trunk

View solution in original post

0 Helpful
8 Replies 8

Go to solution
AshSe
VIP
VIP

‎01-30-2025 10:21 PM

Hello @suya2024 

For the visual understanding of your query; here is the diagram:

Screenshot 2025-01-31 at 11.41.04 AM.png

And here is a brief explanation:

  • When you statically map a port channel to an EPG, ACI expects a unique VLAN encapsulation for each EPG on that port channel. If you try to statically map multiple EPGs with overlapping VLANs, ACI will throw an error because it cannot differentiate traffic for the EPGs.
  • When you statically map a port channel to an EPG, you must ensure that the VLAN encapsulation is unique for each EPG on that port channel. 

And the Solution:

  • Use a VLAN pool and dynamic VLAN assignment.
  • By using a VLAN pool and dynamic VLAN assignment, ACI can automatically map the incoming VLAN traffic to the correct EPG based on the VLAN tag.

 

Hope This Helps!!!

AshSe

Forum Tips: 

  1. Insert photos/images inline - don't attach.
  2. Always mark helpful and correct answers, it helps others find what they need.
  3. For a prompt reply, kindly tag @name. An email will be automatically sent to the member.
0 Helpful

Go to solution
suya2024
Level 1
Level 1
In response to AshSe

‎01-31-2025 05:02 AM

Hello Ashse

Thank you for your detailed response, I have the setup you described, only difference is that my vlans are static and not dynamic. The PC is been mapped to EPGs with unique and not overlapping VLANs. This is the specific error i get

Error: 400 - Validation failed: Port: topology/pod-1/paths-1000/pathep-[AGGSWITCH-PC] has more than 1 native encap. So i mapped AGGSWITCH-PC to EPG100 with encap vlan 100. When i try to map AGGSWITCH-PC to EPG200 with encap vlan 200, i get that error.

0 Helpful

Go to solution
RedNectar
VIP Alumni
VIP Alumni

‎01-31-2025 01:31 AM - edited ‎01-31-2025 01:31 AM

Hi @suya2024 ,

The exact error message would help, plus a little more about your existing configuration.

However, with some guessing, I'm going to suggest you do this:

Go to one of the EPG's Configured Access Policies - let's say the VLAN 100 EPG (From your Tenant - Application Profiles > Your_Application_Profile > Application EPGs > Your_EPG |> [Operational] tab > Configured Access Policies

Now hover over the VLAN Pool column to see the name of the VLAN Pool - in my lab it's called T06:MappedVLANS_VLAN.Pool

RedNectar_0-1738315445667.png

Now make sure VLAN 100 is in that pool- using my example of T06:MappedVLANS_VLAN.Pool, navigate to Fabric > Access Policies >> Pools > VLAN > T06:MappedVLANS_VLAN.Pool and add an Encap Block for VLAN 100

Now try mapping the port-channel to the EPG again From your Tenant - Application Profiles > Your_Application_Profile > Application EPGs > Your_EPG > Static Ports >+ Deploy Static EPG on PC, VPC or Interface

Let me know if this gets you out of trouble - if now, a bit more detail would help

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Go to solution
suya2024
Level 1
Level 1
In response to RedNectar

‎01-31-2025 05:08 AM

Hey Chris,

Thanks for the response, the VLANs are in the vlan pool and here is the exact error

 

Error: 400 - Validation failed: Port: topology/pod-1/paths-1000/pathep-[AGGSWITCH-PC] has more than 1 native encap.

So i mapped AGGSWITCH-PC to EPG100 with encap vlan 100. When i try to map AGGSWITCH-PC to EPG200 with encap vlan 200, i get that error. vlan 100 and 200 are in the vlan pool, associated with the phydom, tied to the aep, assigned to the port channel group. 

0 Helpful

Go to solution
suya2024
Level 1
Level 1
In response to RedNectar

‎01-31-2025 07:48 AM

I think what i am attempting is not allowed in ACI. You cannot directly map a single port channel to multiple EPGs using different vlan encapsulation. Can someone confirm this. Thanks

0 Helpful

Go to solution
YanL
Level 1
Level 1

‎01-31-2025 08:37 AM

We do it all the time, basically extending L2 VLAN(s) from NXOS to ACI over a VPC_IPG. We use the same design as AshSe's diagram except our NXOS switch is VPC to leaf 101 and 102. You need to have VLAN(s) defined as static in your vlan pool and static port need to be in trunk mode.

VLAN_POOL, static, VLANs 100 ,200, 300

EPG_V100, static port VPC_IPG, vlan 100, trunk

EPG_V200, static port VPC_IPG, vlan 200, trunk

EPG_V300, static port VPC_IPG, vlan 300, trunk

0 Helpful

Go to solution
suya2024
Level 1
Level 1
In response to YanL

‎01-31-2025 09:09 AM

Thanks YanL, i have done this myself in the past, but surprised i was running into this problem. The issue was i was selecting Trunk (Native) and not Trunk. This allowed me to map the PC to multiple EPGs with different encaps

0 Helpful

Go to solution
RedNectar
VIP Alumni
VIP Alumni
In response to suya2024

‎01-31-2025 11:51 AM

Ah ha! Yes - if you'd have put the error message in the original post, I'd have told you that that was the problem! Glad you got it all worked out while I slept!

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License