Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
602
Views
3
Helpful
5
Replies

L2 Forwarding: EPGs Unable to Communication Over a Single VLAN

Go to solution
Umair123
Level 1
Level 1

‎01-26-2025 12:39 AM

Hi Everyone,

We are in a phase of migration from a legacy DC to newly deployed ACI, where one traffic flow in causing an issue & we are unable to find a solution. I'm new to this community & there might be a chance that someone have ask same question. Below is the brief summary.

I've attached a legacy traffic flow where one common VLAN is being used by two different customers on a same broadcast domain. There is no layer-3 defined on Access & Core layer. Layer-3 is only defined at customer end. It is a simple & straight forward scenario which is common in normal setup. 

When migrating this scenario on ACI, customers are unable to communicate with each other. There is no subnet defined under EPG or BD. ACI will act as L2 transit. We have tried with two options which are attached:

Note: Global Contracts & other options like Port Scope Local/Global have been tried with both options. We’ve also tried these scenarios in Common Tenant as well.

 

Labels:
Preview file
52 KB
Preview file
91 KB
Preview file
73 KB
1 Accepted Solution

Accepted Solutions

Go to solution
RedNectar
VIP Alumni
VIP Alumni

‎01-26-2025 12:26 PM

Hi @Umair123 

Let me rewrite your question

@Umair123 wrote:

Hi Everyone,

We are in a phase of migration from a legacy DC to newly deployed ACI, where one traffic flow in causing an issue & we are unable to find a solution. I'm new to this community & there might be a chance that someone have ask same question. Below is the brief summary.

I've attached a legacy traffic flow where one common VLAN is being used by two different customers on a same broadcast domain. There is no layer-3 defined on Access & Core layer. Layer-3 is only defined at customer end. It is a simple & straight forward scenario which is common in normal setup. 

RedNectar_0-1737922647595.jpeg

 

When migrating this scenario on ACI, customers are unable to communicate with each other. There is no subnet defined under EPG or BD. ACI will act as L2 transit. We have tried with two options which are attached:

RedNectar_1-1737922691290.jpeg
RedNectar_2-1737922728270.jpeg

 

 Note: Global Contracts & other options like Port Scope Local/Global have been tried with both options. We’ve also tried these scenarios in Common Tenant as well.

 

Option 1 will never work because you've put the endpoints in two different EPGs and you've not defined any contracts

Option 2 should work so long as

  1. you've associated a Physical Domain with EPG->A and
  2. that Physical Domain is linked to a VLAN pool that has VALN 10
  3. that Physical Domain is linked to an AAEP
  4. that AAEP is linked to an Interface Policy
  5. Both interface 501/1/1 and 502/1/1 are associated with that Interface Policy
  6. Both interface 501/1/1 and 502/1/1 are statically mapped to EPG->A
RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

5 Replies 5

Go to solution
RedNectar
VIP Alumni
VIP Alumni

‎01-26-2025 11:51 AM

RedNectar's Forum Tips:

    • When you add pictures, add your pictures inline - i.e. PASTE your picture right where you want it.  If it is a screenshot, you'll probably then want to click on the image and make the image large - like this.

RedNectar_1-1685651021448.png

This means you pictures are actually SEEN (a) in the email that gets sent to subscribers and (b) anyone who looks at this post in the future. Adding pictures as attachments... puts your submission into the TL;DR category.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful

Go to solution
RedNectar
VIP Alumni
VIP Alumni

‎01-26-2025 12:26 PM

Hi @Umair123 

Let me rewrite your question

@Umair123 wrote:

Hi Everyone,

We are in a phase of migration from a legacy DC to newly deployed ACI, where one traffic flow in causing an issue & we are unable to find a solution. I'm new to this community & there might be a chance that someone have ask same question. Below is the brief summary.

I've attached a legacy traffic flow where one common VLAN is being used by two different customers on a same broadcast domain. There is no layer-3 defined on Access & Core layer. Layer-3 is only defined at customer end. It is a simple & straight forward scenario which is common in normal setup. 

RedNectar_0-1737922647595.jpeg

 

When migrating this scenario on ACI, customers are unable to communicate with each other. There is no subnet defined under EPG or BD. ACI will act as L2 transit. We have tried with two options which are attached:

RedNectar_1-1737922691290.jpeg
RedNectar_2-1737922728270.jpeg

 

 Note: Global Contracts & other options like Port Scope Local/Global have been tried with both options. We’ve also tried these scenarios in Common Tenant as well.

 

Option 1 will never work because you've put the endpoints in two different EPGs and you've not defined any contracts

Option 2 should work so long as

  1. you've associated a Physical Domain with EPG->A and
  2. that Physical Domain is linked to a VLAN pool that has VALN 10
  3. that Physical Domain is linked to an AAEP
  4. that AAEP is linked to an Interface Policy
  5. Both interface 501/1/1 and 502/1/1 are associated with that Interface Policy
  6. Both interface 501/1/1 and 502/1/1 are statically mapped to EPG->A
RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Go to solution
Umair123
Level 1
Level 1

‎01-26-2025 09:38 PM - edited ‎01-26-2025 10:38 PM

Thank you for the reply & correcting me for the next post. 

For Option 1: We've tried with Contracts as well but in-vain. Even we've tried this on same Leaf but still no results. 

For Option 2: It is working after following your steps. Initially, we were trying with separate VLAN Pool, Domain & AAEP as we have separate policies as per customers. So now, we will create a common policy for multiple customers for Transit L2.  

Go to solution
RedNectar
VIP Alumni
VIP Alumni
In response to Umair123

‎01-27-2025 02:45 AM - edited ‎01-27-2025 11:59 AM

Hi @Umair123 ,

Yes - the VLAN pools must be the same - it is actually a complicated issue, based on the fact that the internal VLAN allocation is based on the VLAN pool as well as the VLAN ID

[EDIT] I forgot to mention - in your situation where you have two tenants that you want to keep separate, but still have some VLANs that need to be shared to:

  1. Have a VLAN Pool -> Physical Domain -> AAEP for one tenant
  2. Have a different VLAN Pool -> Physical Domain -> AAEP for the other tenant
    • ...repeat for as many tenants as needed
  3. Have shared VLAN Pool -> Physical Domain -> AAEP for VLANs that have to be shared

[/EDIT]

If your question has been answered, it is a great idea to mark the question as being answered.  This helps:

  1. others with a similar problem find the correct answer
  2. people who look for "unanswered" questions to answer finding this
  3. prevent your question from becoming a "dead thread"
RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful

Go to solution
Umair123
Level 1
Level 1

‎01-28-2025 12:02 AM

Thanks @RedNectar, Let me try 2nd Option as well for separate Tenants.  Right now, I'm marking this as a solution. 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License