Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11143
Views
9
Helpful
7
Replies

UCS Native VLAN Question

Go to solution
tohoken
Level 1
Level 1

‎12-17-2010 11:27 AM - edited ‎03-01-2019 09:46 AM

All,

I have a problem that I just cannot wrap my mind around.  We have UCS setup in a lab with 2 interconnects connected to 2 nexus 5510 switches.  The nexus switches are uplinked to the network via a 4900m switch.  All trunks are setup and tested as functional. All routing is setup and confirmed.  I have an issue in UCS that is baffling me.  In the lab I have kept the native VLAN at vlan1.  I have setup test vlans 2-10 on all the switches and interconnects.  I have created a service profile that contains 1 nic and placed it in VLAN 7.  I have installed Windows 2008 on a blade using this service profile.  In the OS I have statically IP'ed the NIC for the scheme used in VLAN 7.  From the OS I cannot ping another device that is in vlan 7.  I also cannot ping a host on another vlan.  If I place a check on VLAN 1 as the native vlan I still cannot ping anything.  If I place the check for native vlan to vlan 7 I can ping hosts within the same vlan as well as outside the vlan.  So, why do I need to place vlan 7 as the native vlan when all my trunks are set up as vlan 1 being the native vlan?

Thanks for any help,

Ken

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Robert Burns
Cisco Employee
Cisco Employee
In response to adambaum1

‎12-20-2010 02:52 PM

Ken,

When allowing certain VLANs on your Service Profile vNICs you need to set the native VLAN. This is because the way you have it configured currently you're only "allowing VLAN 15", but you're not tagging it.   This would work fine for ESX or Linux where you can assign the dot1q tag at the host.  With Windows unless you have specific drivers doing the tagging for you, you'll need to do this at the vNIC level within UCS.

Two ways to see this in action.  When creating a service profile in the "Basic" method - not "Expert", you will select a single VLAN for your interfaces.  This will treat the interfaces pretty much like an "Access Port".  Conversely when you use the "Expert mode you're enable the vNIC as a trunk, in which you will "allow" all the VLANs you'd like access to. Sounds like this is the method you have performed.

For a Windows OS, set the VLAN as Native for the VLAN you want it to access and you'll be sweet.  Unchecking that "Native VLAN" option box is allowing the traffic to traverse out of UCS on the Native VLAN of your network - VLAN 1, which is why it's MAC appears on the other fabric under VLAN1

Regards,

Robert

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Chad Peterson
Cisco Employee
Cisco Employee

‎12-17-2010 03:39 PM

Hi Ken,

It almost sounds like your links aren't trunking properly.  From the nexus 5000 can you see the mac addresses of the hosts?  Also did you make sure you defined those vlans in all devices as well (not just allowing them on the trunk).  I see that happen quite a bit.

If you could send some output that would be helpful.  On the 5k:

show vlan

show interface trunk (let us know the trunk links you are in the picture here)

show mac-address address x.x.x (what ever the mac address of the host is...want ot make sure its in the proper vlan)

Hopefully that should get us started.


Chad

0 Helpful

Go to solution
tohoken
Level 1
Level 1
In response to Chad Peterson

‎12-20-2010 11:33 AM

Chad,

In doing some investigation I have noticed something on my Fabric Interconnects that don't make sense to me.  I have a trunk setup from Fabric A and B to another switch for testing PIN groups.  This trunk shows all vlans allowed to traverse the trunk.  I have a port channel setup with two interfaces from Fabric A and B going to a 4900m switch.  The trunk shows as up on both ends.  The port channel shows all vlans allowed to traverse the trunk.  If I look at each interface in the port channel they show only vlan 1 allowed.  Does the port channel override the interface setting?  I cannot find a way to configure the interfaces via CLI so I cannot manually allow all vlans on each interface.  I think this may be my problem but can't seem to do anything about it.  Any ideas?

Ken

0 Helpful

Go to solution
tohoken
Level 1
Level 1
In response to Chad Peterson

‎12-20-2010 02:38 PM

Chad,

I doing more research it appears that the traffic is showing up on Fabric A on vlan 1.  Here is the output:

N5K-1# sh mac address-table address 0025.b500.000f
Legend:
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link
   VLAN     MAC Address      Type      age     Secure NTFY    Ports
---------+-----------------+--------+---------+------+----+------------------
* 1        0025.b500.000f    dynamic   0          F    F  Po11

Here is a shot from my service profile showing that I have the vNIC configured for vlan 15.

I have no idea why traffic is showing up on my FI as vlan 1 when the vNIC is clearly in vlan 15.  Do you have any ideas?

Ken

0 Helpful

Go to solution
adambaum1
Level 1
Level 1
In response to tohoken

‎12-20-2010 02:43 PM

What happens if you check the "Native  VLAN" checkbox for that particular vNIC?   We pretty much do that for all of ours when we are not using VLAN 1.

adam

0 Helpful

Go to solution
Robert Burns
Cisco Employee
Cisco Employee
In response to adambaum1

‎12-20-2010 02:52 PM

Ken,

When allowing certain VLANs on your Service Profile vNICs you need to set the native VLAN. This is because the way you have it configured currently you're only "allowing VLAN 15", but you're not tagging it.   This would work fine for ESX or Linux where you can assign the dot1q tag at the host.  With Windows unless you have specific drivers doing the tagging for you, you'll need to do this at the vNIC level within UCS.

Two ways to see this in action.  When creating a service profile in the "Basic" method - not "Expert", you will select a single VLAN for your interfaces.  This will treat the interfaces pretty much like an "Access Port".  Conversely when you use the "Expert mode you're enable the vNIC as a trunk, in which you will "allow" all the VLANs you'd like access to. Sounds like this is the method you have performed.

For a Windows OS, set the VLAN as Native for the VLAN you want it to access and you'll be sweet.  Unchecking that "Native VLAN" option box is allowing the traffic to traverse out of UCS on the Native VLAN of your network - VLAN 1, which is why it's MAC appears on the other fabric under VLAN1

Regards,

Robert

0 Helpful

Go to solution
Manish Tandon
Cisco Employee
Cisco Employee
In response to Robert Burns

‎12-24-2010 07:55 PM

Ken

As Robert mentioned, in UCS we do not have "true" access ports.

So if you create define a VNIC is a SP and selected one VLAN for OS (like Windows/Linux) running on bare metal, you need to set it as Native otherwise the system will send (dot1q) tagged traffic to it. If the VLAN selected is the default/native VLAN for the system (as done in the LAN tab) you shld be okay otherwise select it as native.

Thanks

--Manish

Go to solution
tohoken
Level 1
Level 1
In response to Robert Burns

‎12-28-2010 12:36 PM

Thanks for the clarification.  For some reason I just couldn't get my mind wrapped around it.  I kept looking at it from the network standpoint and not from a server standpoint.  I have made a note for myself in the future that the setting is for the "server" NIC and not a switchport.  Thanks again.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking products for a $25 gift card