Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1664
Views
5
Helpful
2
Replies

ACI - Network Centric Migration - Same VLAN on Tenants ?

Go to solution
Sean Pillay
Level 1
Level 1

‎07-18-2019 11:25 PM

Hi Guys

 

We migrating from NXOS STP classic network to ACI. We have different Tenants that need to utilize the same VLAN. However when statically pathing ports in an EPG using port encap of vlan 811 ACI complains about it being used in another Tenant

 

We have layer 2 extended back to the old network in order for us to migrate from classic to ACI, We cannot migrate all workloads at once because of the dynamics of applications so we do it in phases and have active hosts in both ACI and Classic while the L3 lives on the classic.

 

This is what we have

Tenant X: EPG811->VLAN811->Classic

Tenant Y: EPG811->VLAN811->Classic

 

The above does not work. Get the error message below

 

Encap is already in use by Tenantx:Tenantx_Ap_Prf:Vlan811_EPG;

 

Any one encounter the same, and whats a good practice to overcome ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
RedNectar
VIP
VIP

‎07-19-2019 04:09 AM

Hi Sean,

This certainly can be done. What you have to do is build two different Access Policy Chains - one for each Tenant, but crucially, in the Interface Policy Group in each chain, you have to assign a Layer 2 Interface Policy that specifies Per Port VLAN assignment, rather than Global VLAN assignment, which is the default.

One caveat of course, traffic from each Tenant has to arrive on different ports - even ACI is not smart enough to figure out if traffic arriving on a given port that is tagged with VLAN 811 belongs to one tenant or the other.

I know this explanation is a bit sketchy, so let me know if you need more guidance.

I hope this helps

 


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
RedNectar
VIP
VIP

‎07-19-2019 04:09 AM

Hi Sean,

This certainly can be done. What you have to do is build two different Access Policy Chains - one for each Tenant, but crucially, in the Interface Policy Group in each chain, you have to assign a Layer 2 Interface Policy that specifies Per Port VLAN assignment, rather than Global VLAN assignment, which is the default.

One caveat of course, traffic from each Tenant has to arrive on different ports - even ACI is not smart enough to figure out if traffic arriving on a given port that is tagged with VLAN 811 belongs to one tenant or the other.

I know this explanation is a bit sketchy, so let me know if you need more guidance.

I hope this helps

 


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful

Go to solution
Sean Pillay
Level 1
Level 1
In response to RedNectar

‎07-19-2019 05:10 AM

Hi Chris

 

Thanks for the info, will definitely give this a try. Funny enough the first ACI testing I have done was based on your website and instructions you have on setting up ACI :) 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License