I'm doing some UCS studying and I'm trying to understand how private-vlans work within UCS, but there's surprisingly little documentation on the subject. So far, based mostly on trial-and-error, these seem to be the rules for using pvlans in UCSM:
- only isolated type is allowed
- no promiscuous ports within UCS
- a vNIC can carry the secondary vlan ID only (no other vlans can ride alongside it, including the primary)
- the primary vlan can never be used on a vNIC
Despite this, I cannot get a VM to speak to its upstream promiscuous port/gateway. One document I found suggested the vNIC should not set the secondary vlan as native, but that seems to have no effect either way (even looking at the veth config at the CLI). The same document suggested VMware should tag the traffic, which would require the 1000V. Based on the CLI configuration, I'm guessing that's not true, but I could easily be wrong.
Does anyone know of a good guide for this, or maybe could even point me in the right direction for getting pvlans to work within UCS? Thanks!
Well, nevermind, it seems I had a misconfiguration in VMware. User error :) Here's what I found:
- No tagging required from VMware. Port groups should remain untagged.
- The vNIC must be configured ONLY for the secondary/isolated vlan.
- It doesn't seem to matter whether it's native or not. The CLI configuration doesn't change, and pings work either way. I'm guessing the 'clean/proper' configuration is to leave it unmarked as native since it's not a trunk port.
- 1000V isn't required.
Strange that the FIs learn the VM's mac address within the secondary/isolated vlan, but the upstream Nexus switches learn it via the primary vlan. UCS seems to have a focus on the secondary vlan - again, I'm fairly certain you cannot use a vlan on a vNIC once it's labeled as primary.
So the 1000V isn't required, per se, but since VMware won't honor the pvlans within the host, it certainly has a benefit. The alternative to 1000V appears to be creating a pvlan-vNIC+vswitch per VM.
Many users of technology in today's workforce are considered "remote workers". We have laptops, tablets, smartphones, etc. that allows us to stay connected if we choose ~96.259% of the time (personal "guestimate" percentage). When you get down to ...
Mega raid option does not appear when the server comes to the bios screen, I see the Megar aid PCI card when I look at the bios but I can not do in the configuration because all setting is disable. There are three from this server and they all have t...
•This field guide is meant to be used by customers for cleaning up an existing HyperFlex Edge deployment for the purposes of reinstalling.
•The procedures in this guide are DESTRUCTIVE. Make sure all VMs and data are backed up before proceedi...
i have installed two numbers of cisco VIC 1385 card on UCS C240M5 server but in CIMC VIC adapter section only one card is listed. i have installed the cards in slot number 4 & 5. in VIC adapter section only slot 5 is showing. In PCI adapter i could se...