Here lies the configuration to provide the same pvlan to both UCS N1k VMs while continuing to protect physical servers on an upstream Nexus. Note the promiscuous vlan is flipped between the N1k uplink (397) to N7k (396). The gateway resides on vlan 396. This is confusing to configure & troubleshoot. It is highly recommended to use a different pVLAN upstream until UCS supports multiple isolated vlans per vNIC.
# N1k SS1(5.1a)
vlan 396
private-vlan isolated
vlan 397
private-vlan primary
private-vlan association 396
!
port-profile type vethernet isolated396
vmware port-group
switchport mode private-vlan host
switchport private-vlan host-association 397 396
no shutdown
state enabled
port-profile type ethernet pvlan-uplink
vmware port-group
switchport mode private-vlan trunk promiscuous
switchport private-vlan trunk allowed vlan 119,219,396-397
switchport private-vlan mapping trunk 397 396
switchport private-vlan trunk native vlan 219
channel-group auto mode on mac-pinning
no shutdown
system vlan 119
state enabled
# UCS
- trunk all regular vlans
# N7k - 6.0(3) w/ EPLD6.0(2)
Note: 5.0(2) + 5.x EPLD required to carry +1 pvlan pair per trunk (max 16 pairs per trunk)
feature private-vlan
vlan 396
private-vlan primary
private-vlan association 397
vlan 397
private-vlan isolated
!
interface Ethernet2/14
description Physical Server - Promiscuous
switchport
switchport mode private-vlan promiscuous
switchport private-vlan mapping 396 397
no shutdown
!
interface Ethernet7/25
description to_UCS#1
switchport
switchport mode private-vlan trunk secondary
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
switchport private-vlan trunk allowed vlan 119,219,390-391,396-397
switchport private-vlan association trunk 396 397
no shutdown
!
interface Ethernet7/26
description to_N5k_router
switchport
switchport mode private-vlan trunk promiscuous
spanning-tree port type edge trunk
switchport private-vlan trunk allowed vlan 119,219,390-391,396-397
switchport private-vlan mapping trunk 396 397
no shutdown
# Upstream N5k / router
interface Vlan396
no shutdown
ip address 10.10.20.254/24
SV15b# sh mac address-table vlan 397
VLAN MAC Address Type Age Port Mod
---------+-----------------+-------+---------+------------------------------+---
397 0050.56a9.0000 static 0 5
397 0050.56a9.0013 static 0 5
397 0050.56a9.0000 static 0 Veth13 6 <---VM
397 0050.56a9.0013 static 0 Veth12 6 <---VM
397 547f.ee2f.3381 dynamic 0 Po4 6 <---Router
Total MAC Addresses: 5
f340-31-12-ucs-1-B(nxos)# sh mac address-table vlan 397
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 397 0050.56a9.0000 dynamic 0 F F Veth736
* 397 0050.56a9.0013 dynamic 0 F F Veth736
N7K-VDC04(config-if)# sh mac address-table vlan 396
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
* 396 0050.56a9.0000 dynamic 0 F F Eth7/25
* 396 0050.56a9.0013 dynamic 0 F F Eth7/25
* 396 547f.ee2f.3381 dynamic 0 F F Eth7/26 <---Router
f340-31-19-5548-1# sh mac address-table vlan 396
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
* 396 0050.56a9.0000 dynamic 10 F F Po1000 <---PO to UCS
* 396 0050.56a9.0013 dynamic 0 F F Po1000
* 396 547f.ee2f.3381 static 0 F F Router