Solved: There are a couple ways to

Claudia de Luna · ‎10-08-2016

Hi,

I’m trying to replicate the following in ACI

Interface e1/2

Switchport mode trunk

Switchport trunk native vlan 100

Switchport trunk allowed vlan 100

I have my EPG (say VLAN100-EPG) configured already with static path bindings to the appropriate switch/interface using mode "Trunk" and encap vlan-100. First I tried to add another static path binding to EPG VLAN100-EPG with the same interface and encap using mode Access(802.1P) but that threw an error which makes sense to me (two different encaps in the same EPG). So then I created VLAN100-NATIVE-EPG and created a static path binding to the same interface using mode Access(802.1P) and encap 100. ACI allowed me to create this (vs the first attempt) but then threw an error.

Is it not possible to re-create this in ACI or am I just doing it wrong?

Thanks in advance for any guidance!

Here is the error raised when I created the new EPG and mapped the interface (that is already static path mapped as a trunk with encap = 100) as an access 802.1P (encap 100)

minor

2016-10-07T13:30:33.155-07:00

Raised

topology/pod-1/node-203/local/svc-policyelem-id-0/uni/epp/fv-[uni/tn-Production-TN/ap-VLAN100-AP/epg-VLAN100-NATIVE-EPG]/node-203/stpathatt-[eth1/2]/nwissues

Configuration failed for uni/tn-Production-TN/ap-VLAN100-AP/epg-VLAN100-NATIVE-EPG node 203 eth1/2 due to Different encap modes are not allowed for an encap on a given interface.

Tomas de Leon · ‎10-08-2016

There are a couple ways to configure this type of setup:

1. Use a "different" port to connect DHCP hosts to the leaf switch. You are using eth1/2 on the leaf for the trunk port. Connect the individual hosts directly into the front panel ports of leaf (like eth1/3, eth1/4, etc...) and the create a static binding for each port using the vlan encap of 100 as type Access(802.1P). Create these all in the same EPG.

2. Use a "different" vlan encap (101) on a different EPG and configure that port as Access(802.1P) and connect it to the external switch with the appropriate configuration

3. Configure a separate EPG with a vmm domain that has vlan100 associated with a portgroup and put all of you DHCP hosts\clients in the port group associated with the VMM domain and EPG.

I hope this helps!

T.

View solution in original post

omarali875 · ‎10-08-2016

Are your EPGs in the same BD?

Claudia de Luna · ‎10-08-2016

Yes. Both VLAN100-EPG and VLAN100-NATIVE-EPG are in the same BD, common/VLAN100-BD

"fvBD": {
"attributes": {
"arpFlood": "yes",
"descr": "",
"dn": "uni/tn-common/BD-VLAN100-BD",
"epMoveDetectMode": "",
"ipLearning": "yes",
"limitIpLearnToSubnets": "no",
"llAddr": "::",
"mac": "00:22:BD:F8:19:FF",
"mcastAllow": "no",
"multiDstPktAct": "bd-flood",
"name": "VLAN100-BD",
"ownerKey": "",
"ownerTag": "",
"type": "regular",
"unicastRoute": "yes",
"unkMacUcastAct": "flood",
"unkMcastAct": "flood",
"vmac": "not-applicable"
},

omarali875 · ‎10-08-2016

Could you please describe your scenario in depth? I don't understand why would you point out two static bindings to the same leaf/same interface/same encap ?

Claudia de Luna · ‎10-08-2016

We are trying to use a host provisioning tool which uses DHCP but the packets go out untagged on bootup and we believe the DHCP server is dropping them because it can't map them so we want to set the native vlan to the appropriate vlan to see if that will address the issue. We know this has worked in a classical ethernet environment with the host on a port configured in my IOS example above so we are trying to replicate that in ACI.

omarali875 · ‎10-08-2016

That vlans in ACI do not have the same meaning as VLANs in our regular context.

I am going to build up the same scenario and will see how my setup reacts to that. I will update you once I have the results.

Claudia de Luna · ‎10-08-2016

Thank you, Omer!

Yes, vlans are different and the use of Access (802.1P) is also slightly different so this may not be a supported configuration in ACI...

Tomas de Leon · ‎10-08-2016

There are a couple ways to configure this type of setup:

1. Use a "different" port to connect DHCP hosts to the leaf switch. You are using eth1/2 on the leaf for the trunk port. Connect the individual hosts directly into the front panel ports of leaf (like eth1/3, eth1/4, etc...) and the create a static binding for each port using the vlan encap of 100 as type Access(802.1P). Create these all in the same EPG.

2. Use a "different" vlan encap (101) on a different EPG and configure that port as Access(802.1P) and connect it to the external switch with the appropriate configuration

3. Configure a separate EPG with a vmm domain that has vlan100 associated with a portgroup and put all of you DHCP hosts\clients in the port group associated with the VMM domain and EPG.

I hope this helps!

T.

Claudia de Luna · ‎10-08-2016

Hi Tomas,

1. is not an option but yes, i could see how that works

3 is also not an option as we don't have a VMM domain in this environment, is this basically a variant of 2 and using a non Physical domain allows this to work?

2 is a variant of what I tried (different "NATIVE" EPG but same encap) which resulted in the error I noted. We don't have an external switch but would this not work with the hosts directly connected?

So in diagram 01, this was my first attempt to address the issue but that errored out immediatly.

In diagram 02, I created a new "NATIVE" version of the vlan but used the same encap and that threw an error but let me configure.

Diagram 03 is what you are suggesting but with an external switch? It would not work as drawn (same interface, same BD, new EPG, new encap, new mode. In fact this could be mode Access right? since its a new encap altogether.

Leon · ‎10-11-2016

If you use tag VLAN 101 and use Native for VLAN 100 in different EPG. It will work. But same encap on the same switch in the same EPG is not a supported configuration in ACI.

Native Vlan Behavior in ACI