Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
921
Views
0
Helpful
2
Replies

PVlan N5k-UCS-N1K

Ernesto Fernandez gomez-pinto
Level 1
Level 1

‎06-02-2015 12:07 AM

Hello,

I have an architecture with N5k-UCS-N1K(ESXi) where private-vlan need pass to virtual machine inerface. I set the whole environment but not get it to work properly the PVLAN through the UCS.

 

My configuration is

- N5K

  - Vlan 2200 primary, 2201 isolated, 2202 comunity

  - Po200: Promiscuous conected to Cisco ASA (L3 Gateway of vlans)

  - Po10: Interconection trunk with UCS with vlan 2200-2202 as regulars vlan

- Fabric InterConnect

  - Vlans 2200-2202 as regulars vlan

  - 2xvnics with server

- N1K

  - Vlan 2200 primary. 2201 isolated, 2202 comunity

  - port-profile  port-channel uplink trunk with vlan 2200-2202 as regulars vlan

  - prot-profile vethernet with 2201 as isolated

  - prot-profile vethernet with 2202 as comunity

 

I know that in N5k the private vlans work ok because i can ping to ASA from a machine connected to n5k in vlan 2201. I know that it work ok in n1k because i can ping between two vm in 2202 in same host and can't ping if the virtual machine is in 2201. My problema is that from vm in one host I can not ping either the ASA or virtual machines on another host.

 

Is my architecture ok, or i can a problem of concept?.

 

Regards.

 

Labels:
Preview file
74 KB
0 Helpful
2 Replies 2

Walter Dey
VIP Alumni
VIP Alumni

‎06-02-2015 02:26 AM

Ernesto

Do you know

http://www.cisco.com/c/en/us/support/docs/servers-unified-computing/ucs-b-series-blade-servers/116310-config-ucs-pvlan-00.html

and the pvlan limitations in UCS ?

  • Only isolated ports are supported in UCS. With the N1K incorporated, you can use community VLANs, but the promiscuous port must be on the N1K as well.
  • A server virtual Network Interface Controller (vNIC) in UCS cannot carry both a regular and an isolated VLAN unless on Version 2.2(2c) and later.
  • There is no support for promiscuous ports/trunks, community ports/trunks, or isolated trunks.
  • Promiscuous ports need to be outside the UCS domain, such as an upstream switch/router or a downstream N1K.
0 Helpful

Ernesto Fernandez gomez-pinto
Level 1
Level 1
In response to Walter Dey

‎06-02-2015 12:26 PM

Hello,

Thanks for your reply Walter.

I know the limitations of UCS with pvlans, but i think that it don't impact in my environment because the UCS don't know about pvlans. All is in n5k (promiscuous, comunity and isolated ports) and n1k (comunity and isolated), and i have 2.2.3f version that support transport of regular an pvlans.

Regards.

0 Helpful
Customers Also Viewed These Support Documents