cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
291
Views
0
Helpful
2
Replies
Highlighted

PVlan N5k-UCS-N1K

Hello,

I have an architecture with N5k-UCS-N1K(ESXi) where private-vlan need pass to virtual machine inerface. I set the whole environment but not get it to work properly the PVLAN through the UCS.

 

My configuration is

- N5K

  - Vlan 2200 primary, 2201 isolated, 2202 comunity

  - Po200: Promiscuous conected to Cisco ASA (L3 Gateway of vlans)

  - Po10: Interconection trunk with UCS with vlan 2200-2202 as regulars vlan

- Fabric InterConnect

  - Vlans 2200-2202 as regulars vlan

  - 2xvnics with server

- N1K

  - Vlan 2200 primary. 2201 isolated, 2202 comunity

  - port-profile  port-channel uplink trunk with vlan 2200-2202 as regulars vlan

  - prot-profile vethernet with 2201 as isolated

  - prot-profile vethernet with 2202 as comunity

 

I know that in N5k the private vlans work ok because i can ping to ASA from a machine connected to n5k in vlan 2201. I know that it work ok in n1k because i can ping between two vm in 2202 in same host and can't ping if the virtual machine is in 2201. My problema is that from vm in one host I can not ping either the ASA or virtual machines on another host.

 

Is my architecture ok, or i can a problem of concept?.

 

Regards.

 

Everyone's tags (3)
2 REPLIES 2
Highlighted
Advocate

ErnestoDo you knowhttp://www

Ernesto

Do you know

http://www.cisco.com/c/en/us/support/docs/servers-unified-computing/ucs-b-series-blade-servers/116310-config-ucs-pvlan-00.html

and the pvlan limitations in UCS ?

  • Only isolated ports are supported in UCS. With the N1K incorporated, you can use community VLANs, but the promiscuous port must be on the N1K as well.
  • A server virtual Network Interface Controller (vNIC) in UCS cannot carry both a regular and an isolated VLAN unless on Version 2.2(2c) and later.
  • There is no support for promiscuous ports/trunks, community ports/trunks, or isolated trunks.
  • Promiscuous ports need to be outside the UCS domain, such as an upstream switch/router or a downstream N1K.
Highlighted

Hello,Thanks for your reply

Hello,

Thanks for your reply Walter.

I know the limitations of UCS with pvlans, but i think that it don't impact in my environment because the UCS don't know about pvlans. All is in n5k (promiscuous, comunity and isolated ports) and n1k (comunity and isolated), and i have 2.2.3f version that support transport of regular an pvlans.

Regards.

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey

This widget could not be displayed.