Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1594
Views
6
Helpful
2
Replies

Domain Profile Fails

Tom MacDonald
Level 1
Level 1

‎10-21-2022 12:11 PM

Hello,

I am getting the following error message when trying to apply a domain profile to a set of FIs? I am not configuring a DJL2.

Validate Port Policy
VLANS 10,11,100-101 from ethernet group allowed vlans(10,11,100-101) are not part of the allowed disjoint VLANs. Disable the AutopAllowOnUplinks in VLAN Policy for disjoint VLANs. Re-deploy the Domain Profile.

Labels:
0 Helpful
2 Replies 2

Brian Morrissey
Cisco Employee
Cisco Employee

‎10-21-2022 12:40 PM

On your port policy attached to the FI go into the uplink ports or uplink portchannels and try un-attaching any "ethernet network group" policies, if you aren't doing disjoint L2 you just need the vlans defined in the vlan configuration policy.

 

BrianMorrissey_0-1666381136358.png

 

RedNectar
VIP
VIP

‎10-21-2022 01:33 PM - edited ‎10-21-2022 11:02 PM

Hi @Tom MacDonald ,

[2022.10.22 - Edited heavily after @Brian Morrissey 's excellent suggestion]

This is a VERY ANNOYING BUG

PLEASE click the Send Us Feedback option in Intersight and REPORT IT - it will never get fixed until enough noise is made - make sure you click Report Defect and check the Open for Follow-up option

RedNectar_2-1666384352448.png

 

What you have to do is

  • navigate to Configure > Policies > Your_PortPolicy
  • Click Edit Policy
  • Click Next
    • Do NOT change any Fibre Channel ports
  • Click Next
    • Do NOT change any 40/100G Ethernet ports 
  • Click Next
  • IF you are using a Port Channel for your Uplink, select the Port Channels  tab
    • Select your Port Channel and click the Edit icon
    • Make sure the Ethernet Network Group policy is NOT set (remove it if it is)
      [See @Brian Morrissey 's post]
  • ELSE (i.e) you are using  discrete ports for your Uplink ports, then
    • Select your Uplink ports (may have to do this one-at-a-time) then click Configure
      • Make sure the Ethernet Network Group policy is NOT set (remove it if it is)
      • Set the Flow Control and Link Control Policies (if not already set)
        RedNectar_0-1666417343962.png

         

      • Click Save
  • ENDIF
  • Navigate to Configure > Profiles > [UCS Domain Profiles]
  • Click the ellipsis to the right of Your_UCS.DomainProfile
  • Select Deploy

Now open an ssh session to one of your Fabric Interconnects

enter the command connect nxos

Substituting each uplink interface number for x in the following, enter the command
 show run interface ethernet 1/x

If all the VLANs you require are showing in the switchport trunk allowed line, you are good to go.

If not, raise a TAC case

EXPLANATION

As far as I can gather, the Ethernet Network Group Policy is ONLY ever relevant on an Ethernet Uplink's Port Policy configuration when Disjoint VLANs are being deployed on the Uplink - i.e. when you DON'T want the same VLANs on every uplink. (Such as when you have two set of discrete uplinks to say two different service providers)

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card