this mean that the when

Ahmed Hassabo · ‎12-15-2014

Dear all

I have Cisco UCS V2.1(a3) and B200M3 with MLOM Vnic 1240

i have Question Regrading when Create vNIC that will associated to Service profile for install MS windows server 2012 Data center

UCS ask for some parameter like name and MAC address and VLNA ID

I take the VLAN ID from network adminstrator and and create the SAME Vlan ID in Cisco UCS

when i assign the Vlan ID TO vNIC it and enter an IP address to this Vnic from Windows it can not reach to external network untill I checked Native Vlan

Why should I check Native Vlan ???

Steven Sumichrast · ‎12-15-2014

A traditional Windows NIC configuration is to not interpret VLAN tag information. Using vlan 100 as an example, when you send the VLAN to the UCSM blade without native enabled, windows server receives the packet and discards it as it is for a vlan that is not being listened to on windows. Windows by default will only listen to u tagged traffic and will discard everything else. The same is true when sending a packet up to the interconnect: windows will send an untagged packet and the interconnect will discard it because no native (untagged) vlan is configured for that profile.

Unless you are going to tell Windows to accept tagged traffic and expect multiple vlans on one interface you must send the traffic as VLAN native to windows.

Ahmed Hassabo · ‎12-15-2014

this mean that the when unchecked native Vlan it is not work and when checked native vlan work > this setting depend on windows behaviour ?

other question :

if i have same Vnic and will acess more than Vlan which Vlan should i mark as native ?

Steven Sumichrast · ‎12-15-2014

By saying "native VLAN" it tells UCS (NXOS) to send any packets for that VLAN to the UCS blade without a VLAN header. Windows expects a frame to come without a header, unless the NIC is specifically configured to handle VLAN trunking (My general experience is with Windows servers, except Hyper-V, you don't trunk multiple VLANs down a NIC -- it's easier, especially with UCS, to just add more NICs).

So your experience is expected -- for Windows you need to send a VLAN as the native (untagged) VLAN and then Windows will handle that traffic properly. Easiest way to show this would to be load WireShark or Netmon on the box and watch the traffic come in -- you can see the packet come in with the VLAN ID header on each and every packet. Setting the VLAN to native will eliminate the header.

As far as one VNIC handling multiple VLANs, at that point you need to trunk VLANs (send multiple VLANs to one destination). My recommendation would be to never send a native VLAN to a system in that case (security concern, google "VLAN Hopping") -- just send the VLANs you want ("select" them in UCSM) and then configure Windows to handle multiple VLANs.

http://blog.atlanticmetro.net/2014/04/30/using-vlan-tagging-on-windows-server-2012/

Ahmed Hassabo · ‎12-16-2014

so let me say what i do now from my UCS i create Vlan called Vlan5 with ID 5 and set it as native vlan

in my Vnic i select the Vlan5 and i checked the native vlan beside for Vlan 5 .

now i can reach to win2012 server and ping it .

but in this senrrio My Fi in end-host mode and port type in core switch is Access mode that allow only the Vlan ID 5

IF i need to access other Vlan from My server what should i do ??

and what should i do if change the access mode in core switch to be Trunk ?

Steven Sumichrast · ‎12-16-2014

The FI should, generally speaking, always be in end-host mode. That means to the rest of the network the entire UCS environment "looks" like one server, with a lot of MAC addresses coming out of it.

You ideally should have created the links between the FI and <insert network device here> as a 802.11q trunk. That would allow you to hot add VLANs from the access switch -> FI's without any outage. To answer your question directly, if you need to have more than one VLAN come from the access switch your network admin will need to set the port to a trunking port and just add the VLANS you want. (Side note: ideally your network admin would set the native VLAN to 999 and then tell the switch not to allow it on the trunk. That would eliminate the possibility of VLAN hopping from the UCS -> network -- but that's an internal discussion you will need to have with your network guy. Whatever he configures, you just set the corresponding setting on UCS).

Once your admin has added the VLANs to your port, you go into the LAN tab on UCS, expand LAN Cloud -> VLANs and add the VLAN. Make sure to specify the correct VLAN ID and that it is not native. That's all that is required to make it work on the UCS side as long as you don't have disjoint layer 2 (sounds unlikely right now).

As for your blade, whenever we have a Windows server that needs access to multiple VLANs directly we just add another vNIC with the VLAN that it should be on.

Ahmed Hassabo · ‎12-18-2014

Dear i will explain what i understand and please correct to me .

1- Create link between FI and Core Switch AS trunk link

2-ask the network admin to set the port to a trunking port and just add the VLANS want as example Vlan ID 5 and Vlan ID 44 and Set the Native Vlan AS vlan ID 1 but the Native Vlan should not allow to have access to trunk port

3- from VLAN Cloud -> VLANs create the Vlan ID 5 and VLAN ID 44 and not set any one as Native Vlan

4- Set the Vlan id 1 as native vlan from VLAN Cloud -> VLANs > Right click and Set as native

5- Create Vnic 1 and assign it to service profile and check the Correct Vlan as Vlan ID 5

6-Create Vnic2 and assign it to same service profile and check correct Vlan as Vlan Id 44

Note this Vnic "vnic1 ,Vnic2" will be associated to same service profile and Windows server 2012

1st question :in this case do i need to check in vnic beside every vlan Id native vlan as i upload in picture Vnic.png ???

2nd question : if same Vnic will have access to more than Vlan as Vlan ID 5 and Vlan Id 44 what should i choose in Vnic paramter

Cisco UCS Native Vlan Misunderstanding