Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2552
Views
0
Helpful
6
Replies

Dealing with VLAN conflicts on UCS infrastructure

Go to solution
aevans001111
Beginner
Beginner

‎03-29-2017 05:54 PM - edited ‎03-01-2019 01:08 PM

Hi,

This is a configuration guidance questions so hoping someone can assist.

We are in the process of migrating our internal environment onto UCS environment shared with our Hosting/Customer environment. Unfortunately there are VLAN conflicts so we are hoping to workaround this rather than resolving the actual conflicts.

The current plan is as follows.

Implement new Nexus switching and create dedicated port channels for the internal environment. These switches will deal with all the internal VLANs while the existing switches deal with the hosting/customer VLANs. Basically we are separating the VLAN conflicts using different port channels.

My question is will this actually work? On the Fabric Interconnects there is a Global VLAN list so I'm worried the network traffic will get confused on the interconnects and not know which port channel to push the communication up since the conflicting VLANs will exist on both. A colleague suggested looking into VLAN Pin groups and tieing the VLANs to specific vNic's but I've never used Pin groups so don't want to waste time looking at this if it won't work anyway.

Appreciate any thoughts or suggestions from someone who has dealt with a similar situation in the past.

Thanks.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Wes Austin
Cisco Employee
Cisco Employee

‎03-29-2017 06:04 PM

Hello,

If I understand correctly, you want to pin and allow certain VLANs on network uplinks, while allowing other VLANs on another segmented layer 2 network uplink? You will want to utilize disjointed layer 2 to accomplish this. UCS will pin vNICs only to network uplinks that satisfy all of the VLANs defined on that vNIC.

http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/unified-computing/white_paper_c11-692008.html

HTH,

Wes

View solution in original post

0 Helpful

Go to solution
Kirk J
Cisco Employee
Cisco Employee
In response to aevans001111

‎03-30-2017 04:06 AM

Greetings.

If your individual tenants have blade level control/ownership, then the blades and OSs running on them, that share the same vlans, are going to see each others broadcast & arp traffic, and ability to contact each other (not withstanding individual blade OS firewall implementations) >>>This is something you already realize, and why you created this post.

We see customers needed to deploy multi-tenant type configurations similar to yours, using private vlans to segregate individual tenants.

See http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-manager/GUI-User-Guides/Network-Mgmt/3-1/b_UCSM_Network_Mgmt_Guide_3_1/b_UCSM_Network_Mgmt_Guide_3_1_chapter_0110.html#d17683e1065a1635 

There are limitations, and private vlans don't always fit all requirements.

Thanks,

Kirk...

View solution in original post

0 Helpful
6 Replies 6