Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
158
Views
0
Helpful
2
Replies

domain network group policy

tdubb123
Level 1
Level 1

‎04-26-2024 06:28 AM

Is a domain network group policy necessary for a domain profile on the FIs? I have vlan policy that has tons of vlans with allow on uplinks enabled and the domain ethernet network group policy seems to be causing issues

Labels:
0 Helpful
2 Replies 2

tdubb123
Level 1
Level 1

‎04-26-2024 07:37 AM - edited ‎04-26-2024 07:37 AM

any idea

0 Helpful

Sandeep Kumar
Cisco Employee
Cisco Employee

‎05-28-2024 10:05 PM - edited ‎05-28-2024 10:06 PM

I am assuming you are referring to Ethernet Network Group policy. 

In VLAN Policy, when we add VLAN's, we have a toggle switch: "Auto Allow On Uplinks"
 
We have two uplink design options:
Option-1: Disjoint Layer 2 Setup
- We should disable "Auto Allow On Uplinks" on all the VLANs.
- We need a separate "Ethernet Network Group" policy for each uplink.
- We also need "Ethernet Network Group" policies for Server vNICs

Option-2: No Disjoint Layer 2 Setup
- If you don't have a Disjoint Layer 2 Setup and have no intentions of doing it in the future, we should keep this option enabled.
- This allows the VLANs on all the uplinks without configuring an "Ethernet Network Group" Policy.
- In this case, we don't need an "Ethernet Network Group" Policy for Uplinks.
- We still need "Ethernet Network Group" policy for Server vNICs
0 Helpful
Customers Also Viewed These Support Documents