As of version 1.3(1), UCS supports up to 512 VLANs. Getting that number of VLANs configured and ready for use, however, can take time. The user interface to add VLANs in UCSM currently only allows for adding one VLAN at a time. Below I describe a method for adapting an existing switch VLAN configuration to the UCS.
To add VLANs via the CLI, we can SSH to the 6100 cluster and issue commands that look something like the following:
Easy enough, but it doesn't allow for much opportunity to copy and paste from a switch configuration. Here is an example of the same VLANs configured on a switch running IOS:
vlan 10 name Vlan10Name ! vlan 20 name Vlan20Name !
Or, on a switch running NX-OS without VLAN names defined:
vlan 10, 20
Unfortunately neither of these configurations are close to what we need. This is a perfect application for regular expression.
Regular expression is a syntax for matching and replacing strings which has been around forever. Wikipedia will serve as a good primer for anyone unfamiliar with regular expression, also known as regex. http://en.wikipedia.org/wiki/Regular_expression
To get started, we'll need an editor capable of regex find/replace. I recommend Notepad++ (http://notepad-plus-plus.org/) as it is a good multipurpose editor that also has some advanced find/replace functionality. To accomplish a UCS VLAN configuration using Notepad++ we can do the following:
Paste in our IOS switch VLAN config
Navigate to Search->Replace (CTRL+H).
In “Extended” mode replace
with nothing at all. The config should now look like this:
vlan 10 Vlan10Name
vlan 20 Vlan20Name
In “Regular expression” mode replace
vlan ([0-9]*) (.*)
create vlan \2 \1\r\n exit\r\n
Voila! That looks better.
create vlan Vlan10Name 10 exit
create vlan Vlan20Name 20 exit
Add the scope directive to the top and a ‘commit-buffer’ at the end and we have our UCS VLAN config.
scope eth-uplink create vlan Vlan10Name 10 exit
! create vlan Vlan20Name 20 exit
Pretty neat. Not all that impressive for two VLANs, but if you have to configure 300 you might be happy to have this trick in your toolbox. From the above it's pretty easy to imagine the steps to turn the NX-OS VLAN configuration into the format required for UCS. In fact, using the techniques above, I built several hundred vNIC Templates for server access ports based on my switch VLAN config as well. This is why every network engineer should know and love regular expression.
Briefly, here are the regex components we used.
[0-9] matches any single number. 1, 2, or 3, etc.
* matches the previous character 0 or more times. This is what allows us to grab the whole VID.
. matches any character. So .* matches a string of any characters.
() defines a subexpression. This is how we define the VID and the VLAN name to be used in the replace expression.
\# recalls a subexpression. So \1 recalls the string matched inside the first set of parenthesis, \2 the second and so on.
\r\n This represents a newline character in Windows.
The reason for two find/replace operations is because Notepad++ does not support multiline regular expression which means matching a newline in the find dialog is not allowed in Regular expression mode. First an Extended find/replace is needed to get everything on one line. There are other editors that do allow multiline regex, but Notepad++ tends to be more multipurpose than these. If you really want multiline regular expression in Notepad++, you can download the python plugin (http://npppythonscript.sourceforge.net/http://npppythonscript.sourceforge.net) and run
editor.pymlreplace(r”vlan ([0-9]*)\r\n name (.*)\r\n”,r”create vlan \2 \1\r\n exit\r\n”)
from the python console to accomplish the same thing in one step.
There are editors capable of handling regex on all platforms. On OS X or Linux, for example, you could use Emacs.
Spend a few hours learning the ins and outs of regular expression and you could save yourself years of toil over a lifetime.
1. According to bug#CSCvs40360 and release notes, v4.2(6d) should support AES-256 for SNMPv3 encryption. But when I try to add SNMP User profile (screenshot), I still only have AES-128 or DES or None... OR maybe I need to specifically enabling it somewher...
We have started using ManageEngine Opmanager for our monitoring after the Solarwinds breach. The are working on a device template for the Apic but they have not provided one at this time. We have added one to the system and have received the fo...
Hi, I'm unable to ping some leafs and spines from the APIC, though I can ping these leafs and spines from outside the ACI network and I can ping these spines and leafs if I use the source address from any APIC i.e:_ping "leaf" -I "source_APIC_IP"......