Multiple EPGs in the same Bridge Domain

Ziad El Achkouty · ‎03-23-2018

I have an EPG with tagged static ports. I want to add untagged static ports however i get an error that all ports should be either tagged or untagged.

If I create a second EPG, associate it to the same Bridge Domain, and put in it the untagged ports with same VLAN encap as the EPG with tagged ports, would it create a problem or a limitation?

richmond · ‎03-24-2018

APIC does not let you configure the same VLAN encap as trunk and access on the same switch.

You can use dot1p, which is effectively the trunk native VLAN, with other ports on the same switch that are in trunk mode for the same encap.

RedNectar · ‎03-24-2018

Hi Ziad, I've added my comments to yours - but my answer is just an elaboration of Richmond's correct answer. I wrote an even more elaborate answer to a similar question once before if you want to check it out.

I have an EPG with tagged static ports. I want to add untagged static ports however i get an error that all ports should be either tagged or untagged.

Correct. Like Richmond said, add it as 802.1P encapsulation - but you can't use VLAN 1 as the native VLAN, so you'll still have to allocate a VLAN ID, the equivalent of

switchport native vlan xxx

And that VLAN ID better be in the VLAN pool that is linked to the Physical Domain that is linked to your EPG.

If I create a second EPG, associate it to the same Bridge Domain, and put in it the untagged ports with same VLAN encap as the EPG with tagged ports, would it create a problem or a limitation?

It would create a nightmare if it would even let you do it. Don't do it.

I hope this helps

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Ziad El Achkouty · ‎03-26-2018

If we do an L2OUT bridge domain extension instead of the assigned trunk interfaces, would this allow us to add the untagged ports to the EPG without creating problems?

This way all the trunk ports are associated with the L2out and the untagged ports are in the EPG

RedNectar · ‎03-26-2018

Hi again Ziad,

If we do an L2OUT bridge domain extension instead of the assigned trunk interfaces, would this allow us to add the untagged ports to the EPG without creating problems?

No. A With a L2Out, you will need a separate L2 out for every VLAN ID, (and untagged is not an option), and then you create a new L2EPG (or External Network) FOR EACH VLAN/L2OUT.

This way all the trunk ports are associated with the L2out and the untagged ports are in the EPG

Sorry to say, but I don't think this will help you.

Now you stated that your original problem was:

I have an EPG with tagged static ports. I want to add untagged static ports however i get an error that all ports should be either tagged or untagged.

The CORRECT way to do this is to to make sure that when you add the untagged static ports that you specify 802.1P as the encapsulation.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Ziad El Achkouty · ‎03-26-2018

what if the servers that we are trying to connect do not support tagging. isn't there any workaround?

richmond · ‎03-26-2018

If you use the dot1p encapsulation type in your static binding then this will allow untagged frames to be sent from the servers.

Setting dot1p configures the switchport as a trunk with the native VLAN set to the encapsulation VLAN selected. The native VLAN is untagged.