other tenants I create myself with no issues ?

its all depends on the design - Each tenant treat as their own domain, so i do not see any issue.

Yes, you can re-use the infrastructure VLAN across different fabrics, even if they are connected via Multisite Orchestrator (NDO).

Robert

Using the same VLAN ID (3967) for the infrastructure VLAN across multiple tenants in a networking environment can potentially lead to issues, depending on how your network is configured and your specific use case. It's important to consider a few factors:

1. VLAN Segmentation: VLANs are typically used to segment network traffic. The infrastructure VLAN is often reserved for management and internal network functions, while tenant-specific VLANs are used to isolate the traffic of different tenants. If you use the same VLAN ID for both infrastructure and tenant VLANs, it can lead to traffic leakage and security concerns.

2. VLAN Isolation: It's crucial to ensure that tenant VLANs are isolated from each other and from the infrastructure VLAN. If you reuse the same VLAN ID across tenants, you may not achieve the desired isolation, which could result in unintended connectivity between tenants.

3. Networking Equipment: Some networking equipment and switches may have limitations or restrictions on reusing the same VLAN ID for different purposes. It's important to check the capabilities and configurations of your networking gear to see if this is supported.

4. Best Practices: It's generally recommended to use unique VLAN IDs for different purposes to avoid potential conflicts and ensure proper network segmentation.

To maintain a clear and well-organized network, it's advisable to use distinct VLAN IDs for your infrastructure and tenant networks. If you have specific requirements or constraints that make you want to reuse VLAN IDs, consult with your network administrator or refer to the documentation of your network equipment to ensure that it is done correctly and does not create issues with network segmentation and security.

Hi @leathem123 ,

Reading the replies here, there seems to be a lot of confusion about what your (fairly simple) question meant.

If I use 3967 for the infrastructure vlan, can I use 3967 in the other tenants I create myself with no issues ?

---

MY reading of this is that you are asking a question about a SINGLE fabric, where the infrastructure VLAN is 3967. As in

admin@apic1:~> ifconfig | grep bond0
bond0: flags=5187<UP,BROADCAST,RUNNING,MASTER,MULTICAST> mtu 1500
bond0.3967: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1496

You want to know if you can now put VLAN 3967 in a VLAN pool, and map it to an EPG in a tenant. Even multiple times in multiple tenants.

You said NOTHING about multiple FABRICS - so I'm going to ignore that part.

So. Back to 

"can I use 3967 in the other tenants I create myself with no issues ?"

Answer: No you can't.

The reason is because if you deploy say and ESXi host running CIsco's AVS, that AVS will be expecting traffic to arrive encapsulated in VLAN 3967, and similarly the ACI leaf switches will be expecting all traffic reaching a leaf switch to be traffic coming from an AVS

So therefore, if a Tenant was using VLAN 3967 for an EPG, the ACI Leaf switch might get confused.

I say might - because strictly speaking, the ESXi I mentioned above would need to be connected to an interface that was mapped back to an AAEP with the Infrastructure VLAN option checked, and if your Tenants were using AAEPs that did NOT have the Infrastructure VLAN option checked you should be OK.

However - you never know what's happening in the future - and so to avoid potential future problems, and to be sure you can get support from Cisco TAC should you need it...

don't use the infrastructure VLAN ID fir tenant traffic