Re: Disjoint Layer 2 Question

tbone-111 · ‎06-21-2013

I want to configure a disjoint layer 2 network in UCS. For this, I have created dedicated NIC templates with only the disjointed networks VLAN specified. I have 8 total NICS going to ESXi and only 2 of them were created from the 'dedicated' disjoint VLAN NIC templates. My problem is, whenever I go into LAN uplinks manager and specify the new uplink ports and associate them with the dedicated VLAN, I lose all network traffic until I remove the VLAN from those uplinks again. Why would this be? It's almost like traffic is getting routed through those ports, even though the NICs in question haven't been added to a vSwitch yet and no other vmnic or NIC template has that VLAN specified. I've done this before without problems so I'm uncertain what's wrong here. The only thing I'm questioning now is whether or not I should have to also add all my existing VLANs to the current uplink ports. But again, this has worked for me before via just adding a specific VLAN to a specific uplink port and leaving all other VLANs as they are. Any ideas?

Robert Burns · ‎06-21-2013

The concept of Disjoint VLANs is a permit all basis on uplinks by default.

If you explicitly add an uplink to a VLAN, it implicitly denies that VLAN on all other uplinks. You then need to explicitly add all other VLANs to all remaining (regular) uplinks to complete the process. Once you've complete the disjoint L2 config I'd recommend re-ack'ing each profile to force re-pinning of vnics to uplinks to ensure proper configuration.

A simple test is to open an SSH to UCSM CLI:

connect nxos a | b

show int trunk

From here you should see the "allowed vlans" section of the output display only the desired/permitted VLANs on the appropriate uplinks. If it doesn't look right from this output, you could be black-holing traffic up the wrong uplink.

Regards,

Robert