Hello, everyone.

I'm facing an issue with an access interface on a Leaf switch. I have two tenants configured—DEV and QA environments—and within these tenants, dozens of EPGs have been created with VLAN encapsulation. These VLANs are learned from an extended environment via an L3Out from a Cisco N7K.

For the access ports, under Access Policies, I created the selectors in Interfaces > Profiles > Leaf Profile > Selector_ethernet_01 (for example), with a Policy Group associated to an AEP that includes both the DEV and QA Physical Domains.

With this configuration, I can connect a VMware host to an access port on the Leaf and learn all VLANs from the QA and DEV tenants. Using trunk configuration, I learn all VLANs, and the VMs within the hosts communicate properly.

The issue I'm facing is that a VMware host I'm migrating from a Nexus 6000 switch to the ACI Leafs is not dynamically associating all EPGs from the DEV and QA tenants. When we plug in the cable, the interface comes up but stays in "Switching disabled" mode with a yellow LED, indicating no traffic at Layer 2 or 3.

The only way I was able to temporarily fix this was by statically configuring the EPG of the VMware VLAN on the physical interface. This way, I can see it under the "Deployed EPGs" and "VLANs" tabs, but the other VLANs from the EPGs are not automatically associated.

I don’t have this issue with other interfaces—I have other VMware hosts working properly. It’s just this one I’m trying to migrate now that isn’t working. I’ve checked all access policies, and the interface that dynamically assigned the EPGs is the same one I’m using on this new connected interface, yet I still can’t get connectivity.

Has anyone experienced something like this and can help? I’ve read a lot of documentation, but haven’t found anything that addresses the dynamic and automatic assignment of multiple EPGs on a Leaf access port in trunk mode.

Thanks, everyone.