Showing results for 
Search instead for 
Did you mean: 

Help the total Noob,intra EPG with VLAN based EPG's

Please can someone help with this LAB, I have the following topology shown in the Left hand side I am trying to set up the Tenant as shown in the top right, Once setup as shown EPG-b to EPG-c can communicate but not EPG-a to EPG-b. I believe this topology should be possible. After many mouse clicks I Found the only way I could get the topology to work is by setting it up as per the topology in the bottom right.

How can I get the first topology in the top right to work?

Also please can someone confirm or deny the following statement:

"In ACI you cannot base an EPG on more than one VLAN i.e If you want to base EPG assignment by defining the VLAN a host resides in, you can only specify one VLAN per EPG."


ACI Noob


HALT !!!!!!!

Because its a Wednesday evening I went and did something crazy and configured HSRP on all 3 interfaces on the 4500. Then did the ping tests to the HSRP VIP's and not the interface IP's addresses and it works.

<If me, Robert and Chris aka RedNectar where in the same room>

Thanks for all your help, you guys kik ass!

Saj aka ACI Noob

Wow - seems you and Robert have sorted it while I was getting my beauty sleep. I'll check back later to see if it all works out!


RedNectar aka Chris Welsh. Forum Tips: 1. Click the camera icon then paste pictures in the grey area. 2. After clicking Preformatted, click HTML before pasting to preserve spacing

Hey Chris

No worries, your website has helped me a lot so its all good.

Some of my reply replies are inline below

So the real question is "Why didn't Config #1 work?"  And to answer that, I need to ask if you saw any errors under the Faults tab for the EPG?  And if you did, what did it say.  Here are a couple of likely faults:

1) Invalid VLAN - this error occur if the VLAN you assigned in the physical mapping of the Static Port to the EPG is ( I did have the invalid VLAN error but I think this was for the following reason, I was at the "what if i do this instead of this" stage" and did a static link to the Leaf as oppose to the static link to the a individual port under the EPG's. I changed them back to static port and the fault went away)

2) not part of the VLAN pool that is linked to the Physical Domain that you linked to the EPG under the Domains option. (below are the Physical Domain properties that all the EPG's are linked to )

Below are the VLAN properties

3) or not configured as a port in an interface profile that is linked both to the appropriate Leaf Profile and to an Access Port Policy Group that is linked to an Attachable Access Entity Profile that is linked to the Physical Domain that is linked to the VLAN Pool that contains the VLAN

Below are all the associations between profiles 

   1) Invalid Path - probably means you haven't linked the Physical Domain to your EPG.

below is some bridge domain and EPG info

This Lab is currently not using a VMM domain thus each node in the EPG is shown a bare metal which is actually a VRF on the end of a trunk link

below is some output on the 4500 switch

Vlan10             YES manual up                    up      
Vlan20             YES manual up                    up   
Vlan30             YES manual up                    up 

each VLAN  sits in a separate VRF.

So to summarise currently EPG Alpha can ping to the Beta EPG (they sit in SEPARATE  bridge domains) but Alpha EPG cant ping to the Gamma EPG (they both sit in the SAME bridge domain)


ACI Noob