cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
166
Views
5
Helpful
2
Replies
Highlighted
Beginner

ACI - Network Centric Migration - Same VLAN on Tenants ?

Hi Guys

 

We migrating from NXOS STP classic network to ACI. We have different Tenants that need to utilize the same VLAN. However when statically pathing ports in an EPG using port encap of vlan 811 ACI complains about it being used in another Tenant

 

We have layer 2 extended back to the old network in order for us to migrate from classic to ACI, We cannot migrate all workloads at once because of the dynamics of applications so we do it in phases and have active hosts in both ACI and Classic while the L3 lives on the classic.

 

This is what we have

Tenant X: EPG811->VLAN811->Classic

Tenant Y: EPG811->VLAN811->Classic

 

The above does not work. Get the error message below

 

Encap is already in use by Tenantx:Tenantx_Ap_Prf:Vlan811_EPG;

 

Any one encounter the same, and whats a good practice to overcome ?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

Re: ACI - Network Centric Migration - Same VLAN on Tenants ?

Hi Sean,

This certainly can be done. What you have to do is build two different Access Policy Chains - one for each Tenant, but crucially, in the Interface Policy Group in each chain, you have to assign a Layer 2 Interface Policy that specifies Per Port VLAN assignment, rather than Global VLAN assignment, which is the default.

One caveat of course, traffic from each Tenant has to arrive on different ports - even ACI is not smart enough to figure out if traffic arriving on a given port that is tagged with VLAN 811 belongs to one tenant or the other.

I know this explanation is a bit sketchy, so let me know if you need more guidance.

I hope this helps

 



Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem


 

RedNectar
aka Chris Welsh


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

2 REPLIES 2
Rising star

Re: ACI - Network Centric Migration - Same VLAN on Tenants ?

Hi Sean,

This certainly can be done. What you have to do is build two different Access Policy Chains - one for each Tenant, but crucially, in the Interface Policy Group in each chain, you have to assign a Layer 2 Interface Policy that specifies Per Port VLAN assignment, rather than Global VLAN assignment, which is the default.

One caveat of course, traffic from each Tenant has to arrive on different ports - even ACI is not smart enough to figure out if traffic arriving on a given port that is tagged with VLAN 811 belongs to one tenant or the other.

I know this explanation is a bit sketchy, so let me know if you need more guidance.

I hope this helps

 



Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem


 

RedNectar
aka Chris Welsh


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

Beginner

Re: ACI - Network Centric Migration - Same VLAN on Tenants ?

Hi Chris

 

Thanks for the info, will definitely give this a try. Funny enough the first ACI testing I have done was based on your website and instructions you have on setting up ACI :) 

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards