Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
505
Views
5
Helpful
6
Replies

How to configure same encap-VLAN in two different tenant on same Leaf

Go to solution
irenof
Spotlight
Spotlight

‎04-24-2025 04:13 AM - edited ‎04-24-2025 07:02 AM

Hi all,

I am trying to configure 2 static bindings for two EGPs belonging to two different Tenant, but it does not work as expected.

Here the recap of the situation:

Tenant A -> EPG vl_100 -> Leaf 111 -> port eth1/5 -> vlan 100

Tenant B -> EPG vl_100 -> Leaf 111 -> port eth1/6 -> vlan 100

Interface policy is 1G_pol binded to a single AAEP -> PHY_DOM-> vlan_pool

When I configure the second static bind, I get an error about the sme encap is used in the other EPG, but of a different tenant.

I solved with the tutorial of @RedNectar , https://rednectar.net/2016/12/11/cisco-aci-per-port-vlan-feature/.

But it is for EPG under the same Tenant...

Is that the only possible solution even in the case of two Tenants, or can I change something in AAEP, PHYs domain, vlan pool? Maybe to separate the Tenants?

Thanks

UPDATE

I tried splitting the AAEP, Phy dom, Vlan pool in two, once per-tenant and I create two Inter policy poinitng to the two new AAEP, but the problem remains. I can fix it only with the per-port scope l2 policy

UPDATE

Reading rednectar's post comments, I saw that this has to be also done for different tenant! My last question is: Can I set for both  interface policies the vlan per-port scope?

 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Remi-Astruc
Cisco Employee
Cisco Employee
In response to irenof

‎04-24-2025 10:41 AM - edited ‎04-24-2025 10:42 AM

The moment you set interfaces to re-use a Vlan Encap on a same Leaf, you have to set them as Per-port Scope, however only one of them could still be Global Scope if that's something you want.

Setting all interfaces with Per-port Scope can be set as a standard in some environments, but be careful about the reduced "Ports x Vlans" scalability.

Regards

Remi Astruc

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Remi-Astruc
Cisco Employee
Cisco Employee

‎04-24-2025 07:34 AM

Hi @irenof ,

Yes, your both "Updates" are correct. You need to set per-port scope for both interfaces.

Regards

Remi Astruc

Go to solution
irenof
Spotlight
Spotlight
In response to Remi-Astruc

‎04-24-2025 08:07 AM

hi @Remi-Astruc, thank you for your response. I asked the last question because in the rednectar post he configure only one interface with the per-port policy. But in my case, since I have to different Tenant, I would like to create simmetric configurations by setting for all the interface policies of both tenant the same vlan scope.
More important. can I set the vlan scope for every policy -> interface regardles the case the EPG is duplicated in both tenants? Like a default practice.

thanks

Go to solution
Remi-Astruc
Cisco Employee
Cisco Employee
In response to irenof

‎04-24-2025 10:41 AM - edited ‎04-24-2025 10:42 AM

The moment you set interfaces to re-use a Vlan Encap on a same Leaf, you have to set them as Per-port Scope, however only one of them could still be Global Scope if that's something you want.

Setting all interfaces with Per-port Scope can be set as a standard in some environments, but be careful about the reduced "Ports x Vlans" scalability.

Regards

Remi Astruc
0 Helpful

Go to solution
irenof
Spotlight
Spotlight
In response to Remi-Astruc

‎04-24-2025 11:38 AM

@Remi-Astrucyou are right. I read about scalability after my last response and I changed my idea. I will leave the default "global" scope as default. In case the same VLAN encap occurs for different tenants on the same switch, I will set the new interface with the “per-port” policy, leaving the other ports with the same VLAN alredy configured (i.e for the other tenant) with the global scope. Tenants have different phy domain and vlan pool, so all should work.

Many thanks!

Irenof

0 Helpful

Go to solution
RedNectar
VIP Alumni
VIP Alumni
In response to irenof

‎04-24-2025 02:10 PM

Hi @irenof ,

Glad @Remi-Astruc was able to sort this out while I was sleeping! Maybe I should update my post with a "same tenant" example.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Go to solution
irenof
Spotlight
Spotlight
In response to RedNectar

‎04-24-2025 02:24 PM

Hi @RedNectar! thanks for joining the conversation. Your post does not mention the "different tenants",, but only TenantName. So I asked the question. But later I read better the comments zone under your post and I found the question of a user asking for "same EPGs, but different tenants" (i.e. my case). It might be helpful to specify this situation in your valuable post as well!

Thanks again to both of you!

Irenof

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License