Solved: Show All VLAN Encaps Used in ACI Fabric

weylin.piegorsch · ‎07-06-2023

I understand it to be a best practice recommendation to have a unique VLAN encap per EPG, and to always use the same VLAN encap for a given EPG. Is there a way in the GUI to show if a VLAN encap is/isn't used in the fabric?

I know the APIC will prevent me from clobbering another EPG. However, if I spin-up a new EPG and static bind it on leaf "A", if I then a year later static bind it on leaf "B," I worry there might be another EPG already using that same encap on leaf "B""

RedNectar · ‎07-10-2023

Hi @weylin.piegorsch ,

I understand it to be a best practice recommendation to have a unique VLAN encap per EPG, and to always use the same VLAN encap for a given EPG.

That's more or less correct. Sometimes it is useful to use more than one encap per EPG (mainly when deploying a mix of static hosts and dynamically allocated VLANs for a VMM). But definitely not a good idea to use the same VLAN ID for different EPGs within the same Tenant.

Is there a way in the GUI to show if a VLAN encap is/isn't used in the fabric?

Not easily. FAR FAR easier to use the CLI. For instance, lets say you have 10 leaf switches numbered 1201-1210, and you want to know if VLAN 202 has been used on any port on any of those switches.

The following command issued at the APIC will tell you which ports on which switches the VLAN 202 has been deployed on. (The | egrep "Node|active" part is purely to reduce the size of the output here)

apic1# fabric 1201-1210 show vlan encap-id 202 | egrep "Node|active"
 Node 1201 (Leaf1201)
 44   mgmt:default:inb_EPG             active    Eth1/1
 Node 1202 (Leaf1202)
 Node 1203 (Leaf1203) 
 Node 1204 (Leaf1204)
 Node 1205 (Leaf1205)
 Node 1206 (Leaf1206)
 Node 1207 (Leaf1207)
 Node 1208 (Leaf1208)
 Node 1209 (Leaf1209) 
 76   mgmt:default:inb_EPG             active    Eth1/1
 Node 1210 (Leaf1210)

This shows that VLAN 202 is active only on ports Eth1/1 on leaf 1201 and 1209.

Sometimes you just have to go back to the good old-fashioned CLI to get the best out of ACI!

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

RedNectar · ‎07-10-2023

Hi @weylin.piegorsch ,

I understand it to be a best practice recommendation to have a unique VLAN encap per EPG, and to always use the same VLAN encap for a given EPG.

That's more or less correct. Sometimes it is useful to use more than one encap per EPG (mainly when deploying a mix of static hosts and dynamically allocated VLANs for a VMM). But definitely not a good idea to use the same VLAN ID for different EPGs within the same Tenant.

Is there a way in the GUI to show if a VLAN encap is/isn't used in the fabric?

Not easily. FAR FAR easier to use the CLI. For instance, lets say you have 10 leaf switches numbered 1201-1210, and you want to know if VLAN 202 has been used on any port on any of those switches.

The following command issued at the APIC will tell you which ports on which switches the VLAN 202 has been deployed on. (The | egrep "Node|active" part is purely to reduce the size of the output here)

apic1# fabric 1201-1210 show vlan encap-id 202 | egrep "Node|active"
 Node 1201 (Leaf1201)
 44   mgmt:default:inb_EPG             active    Eth1/1
 Node 1202 (Leaf1202)
 Node 1203 (Leaf1203) 
 Node 1204 (Leaf1204)
 Node 1205 (Leaf1205)
 Node 1206 (Leaf1206)
 Node 1207 (Leaf1207)
 Node 1208 (Leaf1208)
 Node 1209 (Leaf1209) 
 76   mgmt:default:inb_EPG             active    Eth1/1
 Node 1210 (Leaf1210)

This shows that VLAN 202 is active only on ports Eth1/1 on leaf 1201 and 1209.

Sometimes you just have to go back to the good old-fashioned CLI to get the best out of ACI!

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Andrii Oliinyk · ‎01-19-2025

Hi Chris
a bit late to this party, but still seems to be good place to ask: is there a way to reuse the same encap-VLAN for same EPG with both physical server & VMM?
thanks in advance

RedNectar · ‎01-19-2025

Hi Andy.

Probably should tell you to ask a new question - but yes, there is a way to reuse the same encap-VLAN for the same EPG with both a Physical Domain and a VMM Domain.

Create a Dynamic VLAN Pool - say MyShared_VLAN.Pool
Add a Static range of VLANs to MyShared_VLAN.Pool which includes the VLAN you want to use for both associations, say VLAN 100
Create your Physical Domain and link it to MyShared_VLAN.Pool
Create your VMM Domain and link it to MyShared_VLAN.Pool
Link your EPG to the Physical Domain
Do a static mapping for your Physical server to the appropriate interface on VLAN 100
Now the tricky bit
Link you EPG to the VMM Domain, but when you do so, choose Static for VLAN Mode, and then specify vlan-100 (or whatever) for the Port Encap

HTH

BTW - if you DO ask this as a new question, I'll copy and paste this answer there - that should help anyone find it if they do a search for the same question, although these days search engines are getting smarter, so may not be such a big deal - but it will give you the chance to mark the answer as correct, which I hope will help the AI searches sort the truth from fiction!

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Andrii Oliinyk · ‎01-20-2025

Hi Chris
same encap-VLAN for EPG in both Phy & VMM domains - how to - Cisco Community
with pleasure will mark your answer as Accepted Solution

weylin.piegorsch · ‎07-17-2023

Thanks @RedNectar. This is a fantastic command! I knew about moquery approaches from https://community.cisco.com/t5/application-centric-infrastructure/command-to-see-all-vlan-encap-s-in-use/td-p/2983912, this is far superior as it's understandable to a nornal person. I'll update that thread so other that stumble across it are aware, and thank you for your help on this!