vlan mapping aci

EMAIL SUPPORT

• VLAN Encapsulation in ACI – Deep Dive

VLAN Encapsulation in ACI

There are two types of VLANs used in ACI

• External VLAN: Used for External Communication and Integration
• Internal VLAN: It is also called as Platform Independent Vlan whose scope is local to each leaf. ACI has no control how Platform VLAN is allocated to traffic going via leaf. APIC allocates PI VLAN per EPG, Per BD and these allocation is local to leaf and is different to each Leaf.

Cisco ACI fabric internally does not use VLANs as traditional switches but it translates externally connected VLANs to Flooding Domain, Bridge Domain and VXLANs. All of this is happening at the ingress to the fabric.

Here we can see the ACI has allocated the Platform VLAN to each VLAN which its receives from ingress port. Example from port Eth1/11, Traffic comes to Leaf with encapsulation of Ethernet vlan 1675 and upon receive, it allocates VLAN 12 randomly on that leaf switch.

show vlan extended output command you can see how internal VLANs are encapsulated to VXLANs or external VLANs. With this command, you can easily see which external VLANs are used on the particular leaf switch.

There are various Internal Platform VLAN used by ACI on each Leaf and they are independent to each other. Several VLANs exist on a leaf switch. There are two commands most commonly used for troubleshooting purposes: show vlan extended and show system internal eltmc info vlan brief . In the output of the later command you can see a table with several different VLANs:

Different Platform VLANs used in ACI are: 

VlanId :  is the PI (platform independent) VLAN of the system and is locally significant to each switch. This is the same VLAN as seen in the output of the command show vlan.

Hw_VlanId: is the VLAN used in ASICs but is usually not relevant for a user.

BD-VLAN : is used to represent a bridge domain and can link multiple FD-VLANs (encap VLANs) together with multiple hardware VLANs and internal VLANs. It is one forwarding aspect used by the Broadcom ASIC to determine if traffic should be locally switched or forwarded to the Northstar ASIC for processing. The BD-VLAN connects different local FD-VLANs to a single bridge domain, and is used on the Broadcom ASIC to determine the Layer 2 broadcast domain. If for example two different access_enc VLANs have the same BDVlan ID it means they belong to two EPGs that are part of the same BD.

LEAVE A COMMENT

Table of contents.

• ACI Hardware Component
• ACI Hardware Installation
• ACI Fabric Discovery
• ACI Terminology
• Access & Fabric Policies
• VXLAN Forwarding in ACI
• L2 DataPath – Deep Dive
• Switching in ACI
• Routing in ACI
• L3 Datapath – Deep Dive
• Traffic Filtering in Cisco ACI
• Tenant Network Configurations
• VRF Network Configuration
• Bridge Domain Configuration
• Filters & Contracts Configuration
• Application Profile & EPG Configuration
• Integrating With VMware
• VPC for ESXi-1 & ESXi-2
• Compute & Storage Connectivity In ACI
• L2 external network with ACI
• Layer 3 Outside & External Routed Networks
• L3Out-Subnet Flags
• MP-BGP Spine Route-Reflector in ACI
• ACI Initial Fabric Configuration
• ACI Configure Tenant VRF & Bridge Domain
• ACI Configure Filters and Contracts
• ACI Configure Three-Tier Application Profile
• ACI Configure Baseline Interface Policies
• ACI Integration with VMWARE
• ACI Inter Tenant Connectivity
• ACI Extend Bridge Domain by External Layer 2 Connection
• ACI External Network Connectivity to External Switch via Trunk
• ACI Static Routing for External Layer 3 Connectivity
• ACI OSPF Routing for External Layer 3 Connectivity
• ACI EIGRP Routing for External Layer 3 Connectivity
• ACI EBGP Routing for External Layer 3 Connectivity
• IPN Configuration
• ACI Automation & Scripting
• ACI Multipod Overview
• ACI Multi-Pod Building Control Plane
• ACI Multi-Pod Data Traffic Flow
• Multi-Pod Connectivity via External L3
• Host Tracking Subnet Check & Limit IP Learning
• Service Graph Introduction
• BD VRF & EPG Design consideration – Service Chaining
• IP Routing & VRF Design Consideration – Service Chaining
• L3Out for Routing to L4-L7 Devices
• Routed Mode ( Go-To mode ) for L4-L7 Appliance
• Transparent & One ARM mode for L4-L7 Appliance
• Policy Based Redirect in ACI
• Monitoring ACI Fabric
• Monitoring ACI via REST API
• OOB & In-Band Management
• Syslog-SNMP-SPAN-Netflow Configuration
• ACI Multi-Site Architecture
• Multi-Site Bridge Domain Configuration Approach
• Multi-Site ISN Design
• ACI Multi-Site Control Plane
• ACI Multi-Site Data Plane Communication
• ACI Multi-Site Connectivity to External Layer 3 domain
• ACI Multi-Site Intersite L3Out
• ACI Multi-Site Integration
• Remote Leaf Architecture
• Bits & Bytes of Remote Leaf
• Traffic Forwarding between RL pair before ACI 4.1(2) & After 4.1(2)
• Multi-Site With Remote Leaf
• Remote-Leaf Integration
• Remote Leaf Failure Handling Scenarios

RECENT POSTS

• How to Prepare for the Microsoft Azure AZ-305 Exam
• AWS Training Certification Course for Solutions Architect
• Cisco SASE Architecture
• SASE vs SD-WAN
• What is SASE
• Accessing Amazon S3 using AWS private Link in Secure hybrid method.
• Cisco Smart Licensing Policy
• Cisco Certification – A Closer Deep-Dive Look
• Cisco DNA-Spaces : Monitoring IOT Network
• Compute in AWS Cloud

Membership Plan

$100/Monthly

$200/6 Months

Latest Update

• Software Development
• Managed IT Services
• Cloud Computing Services
• Hybrid Data Center & Hybrid Cloud Services
• Cyber Security Services
• DevOps Services & Solutions
• IT Consulting Services
• Audit & Assessment Services
• Disaster Recovery Services
• People in Zindagi
• Zindagi Insights
• Case Studies
• Company Profile
• Managed IT and Cybersecurity
• Testimonials
• Careers at Zindagi
• Employee Benefits

At Zindagi, our focus is to create value for our customers by applying our deep industry experience, technical expertise, and business intelligence.

Our Clients

• Zindagi Technologies Pvt. ltd. 301-302, 3rd Floor 40-41 Bakshi House Nehru Place, New Delhi 110019

[email protected]

+91-9773973971

How To Configure A VLAN On A Port In An ACI Fabric?

In this blog, we will explain how different policies are configured to assign VLAN on a port in an ACI fabric . We do not configure VLAN directly on a port but use policies that will allow us to scale configuration and apply similar behavior to switches or ports.

Let’s see the below use cases where Layer 2 switch is connected to ACI Fabric on port 1/5 of Leaf-1 and Server connected to LACP port-channel are connected to Leaf-1 and Leaf-2 on 1/10 port respectively.

In the above scenario following features need to be configured for the communication.

• Switch Profile
• Interface Profile
• Interface Policies
• Interface Policies Group
• Attachable Access Entity Profile
• Tenant, Application Profile, and EPG

What is a Switch Profile?

Switch Profile defines the switches which need to be configured.

Steps to create Switch Profile

Path- Fabric>Access Policies>Switches>Leaf Switches >Profile >Create Leaf Profile>Right Click

Note : “Switch101-Profile” will be for a switch profile containing node-101 and “Switch101-102_Profile” for a switch profile containing switches 101-102 which are part of a vPC domain.

For the above scenarios, we will create two switch profiles one for Leaf-101 and the other for Leaf-101 and Leaf-102 being part of vPC.

What is Interface Profile?

The interface profile contains 1 or more access port selectors which require the configuration.

Steps to create Interface Profile

Path- Fabric>Access Policies>Interface>Leaf Interface>Profile>Create Leaf Interface Profile>Right Click

Note : A single interface profile can be created per physical switch and one interface profile for each vPC domain.

Switch101_Profile_ifselector will be the interface profile for per physical switch and Switch101-102_Profile_ifselector for the vPC domain.

What are Interface Policies?

Interface Policies are the characteristics that we can define for the ports in the switch and these interface policies are further called in the Interface Policy Group.

Steps to Create Interface Policies

Path-Fabric>Access Policies>Policies>Interfaces>CDP Interface>Right Click

Similarly make policies such as LLDP, Port-Channel, etc.

Steps to create Interface Policy Group

Path-Fabric>Access Policies>Interfaces>Leaf Interface>Policy Groups>Leaf Access Port>Right Click

Note : Access Port IPG is created for the port which is not a member of the port channel. In the above scenario Access port, IPG will be made for Leaf 101.

Note: We can select another characteristic too which needs to be deployed on the interface.

Path-Fabric>Access Policies>Interfaces>Leaf Interface>Policy Groups> vPC Interface >Right Click

Note : vPC Interface IPG is created for the port which is a member of the port channel.

Steps to bind switch profile with interface profile

Path-Fabric>Access Policies>Switches>Leaf Switches>Profile>Select Switch Profile Created

Steps to bind interface policy group with interface

Path-Fabric>Access Policies>Interfaces>Leaf Interfaces>Profile>Select Interface Profile>Access Port Selector

Note- The interface policies which are called in IPG are now bound to the interface which requires the mentioned characteristic.

Steps to create a VLAN pool

Path-Fabric>Access Policies>Pools>VLAN>Right Click

Note: Static VLAN pool is created for static deployment and a Dynamic pool is created for dynamic deployment (VMM).

What is Domain?

A domain defines the ‘scope’ of a VLAN pool and where that pool will be used. Physical Domain is used for Bare Metal. For most deployments, a single physical domain is sufficient for static path deployment and one routed domain for L3Outs.

Steps to Create Domain

Path- Fabric>Access Policies>Physical and External Domains>Physical Domains>Right Click

Map the domain with the VLAN pool.

What is AAEP?

Attachable Access Entity Profile is used to map the domain to the interface policies group with the end goal of mapping VLAN to the interface. Single AEP should be used for static paths and additional AEP per VMM domain.

Steps to create Attachable Access Entity Profile

Path: Fabric>Access Policies>Policies>Global>Attachable Access Entity Profile>Right Click

Map AAEP with the domain

Map AAEP with the IPG

Steps to create a vPC domain and Explicit vPC Protection Group

Path-Fabric>Access Policies>Policies>Switch>VPC Domain>Right Click

Note – One VPC Domain is created where we define Peer Dead Interval. VPC Explicit Protection Group is created where we call vPC peer device. Once created, a VTEP IP for the peer device is assigned automatically by APIC.

Path-Fabric>Access Policies>Policies>Switch>Virtual Port Channel default>Right Click

What is Tenant in ACI?

Tenant is the main Container of policies where all L2 and L3 policies will be constructed, access rules, and services. It is used for the separation of management. There are two kinds of tenants- user define and pre-defined or default.

Three pre-defined tenants are

• Infra Tenant- It will have policies related to internal fabric communication.
• Common Tenant- It will have policies/services which can be used by the rest of the tenant.
• Management Tenant- It will be responsible for Inband and OOB management.

Steps to creating a Tenant

Path- Tenants>Add Tenant>Click>Submit

What is Bridge Domain?

A bridge domain is a container of subnets. Under B.D we define subnet for the VLAN. The bridge domain will be part of VRF and VRF will be part of the tenant.

Steps to create VRF and Bridge Domain

Path- Tenants>PROD-TENANT>Networking>Click on it>Drag and drop VRF

Path- Tenants>PROD-TENANT>Networking>Click on it>Drag and drop Bridge Domain

What are Application Profile and EPG?

Application Profile is a container of EPG. It contains one or more EPGs. The Endpoint Group is a logical entity that contains a collection of endpoints that may be in different VLANs or subnets.

Steps to Create Application Profile

Path- Tenant>PROD-TENANT>Application Profile>Right Click

Note: – Under the application profile, EPG created will be used for the physical domain (bare metal) and VMM domain.

Steps to Create EPG

Path- Tenant>PROD-TENANT>App-Profile>Application EPG>Right Click

EPG is created and bound with Bridge Domain. The next step is to bind EPG with the domain and bond either with the entire leaf or the ports of the leaf.

Path- Tenants>PROD-TENANT>Application Profile>App-Profile>Application EPG>EPG-1>Domain>Right Click

Note: – In the below dashboard static port option within the EPG is used to bind ports to an EPG and the static leaf option within the EPG is used to bind the entire leaf to that EPG.

Path- Tenants>PROD-TENANT>Application Profile>App-Profile>Application EPG>EPG-1>Static Ports>Right Click

Note: – Mapping VLAN to an individual port of a leaf.

Note: – Static Port binding for the vPC is shown below

In the next blog, we will see how traffic flows between endpoints in ACI fabric. For more information regarding ACI deployment, you can follow Setting Up an ACI Fabric: Initial Setup Configuration Example.

Zindagi Technologies is an IT consulting and cybersecurity company in Delhi having engineers with decades of experience in planning, designing, and implementing Data Centers along with Managed IT Services , cybersecurity, and cloud services. Not just this, we also deal in many other services that will help you in finding out bugs in your IT infrastructure. If you want to secure your network, we are just a call away. Please ping us at +91-9773973971 or drop us a mail.  To get the latest updates on our organization, you can follow us on LinkedIn . Author Jainul Khan Associate Consultant

Marathonbet yukle Azərbaycanda Sürətli və rahat mərc üçün Marathon Bet yukl

Cederquist rådgivare till styrelsen för leovegas vid mgm: s offentliga uppköpserbjudand, comment (1), traffic flow in aci | zindagi technologies.

[…] moving forward to see how traffic flows in the ACI environment let’s have a look at a few terminologies which are required to understand the traffic […]

Leave a comment Cancel reply

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

Zindagi Technologies is a leading IT consulting and Managed Services Provider serving commercial enterprises across the globe. 

Quick Links

• Sales: +91-9773973971
• Careers: +91-7217744680
• Email: [email protected]

Copyright © 2023 Zindagi Technologies . All Rights Reserved.

Privacy Overview

Subscribe to our latest updates!

• CCNA 200-301
• CCNA 200-301 Labs
• CCNP 350-401 ENCOR
• CCNP 350-401 ENCOR Labs
• CCNP 300-410 ENARSI
• CCIE Enterprise Infrastructure

Cisco Packet Tracer Lab Course

• NRS II IRP Course
• NRS II MPLS Course
• NRS II Service Architecture
• Nokia Configuration Course
• Nokia SRC Program
• JNCIA Junos
• HCIA (HCNA)
• HCIA Configuration Course
• What is Huawei R&S Certification?
• Huawei ICT Certifications
• Python Course
• IPv6 Course
• IP Multicast Course
• NRS I Configuration Course
• Cisco Packet Tracer How To Guide
• Online Courses
• Udemy Courses
• CCNA Flashcard Questions
• Protocol Cheat Sheets
• Subnetting Cheat Sheet
• Linux Cheat Sheet
• Python Cheat Sheet
• CLI Commands Cheat Sheets
• Miscellaneous Cheat Sheets
• Cisco Packet Tracer Labs
• Cisco GNS3 Labs
• Huawei eNSP Labs
• Nokia GNS3 Labs
• Short Config Videos
• Network Tools
• IPCisco on Social Media
• Network Engineer Interview Questions
• Personality Interview Training
• Sign In/Up | Members
• Lost password
• Sign In/Sign Up
• ENROLL HERE

• VLAN Mapping (VLAN Translation) on Cisco

On Cisco devices, VLAN mapping term is used for mentioning the swap of incoming VLAN id to a new VLAN id. In the below configuration examples, we will see Cisco configuration for this swapping. Lets check this configuration for a Cisco switch. The related congfiguration steps are:

And to verify, the below command scan be used:

As an example, we can configure the customer 10,20,30 and 40 VLANs(C-VLAN s) to the Service provider vlans(S-VLAN s),110,120,130 and 140.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Basic Configurations

• Cisco Router Password Recovery
• Common Cisco Router Configuration on Packet Tracer

Routing Protocol Configurations (IPv4)

• BGP Configuration Example with Packet Tracer
• ISIS Configuration Example on Cisco IOS
• EIGRP Configuration With Packet Tracer
• Cisco Single Area OSPF Configuration
• RIP Configuration With Packet Tracer
• Static Route Configuration on Cisco Routers

Routing Protocol Configurations (IPv6)

• ISIS For IPv6 Configuration Example on Cisco IOS
• EIGRP For IPv6 Configuration On Cisco IOS
• OSPFv3 Configuration Example on Cisco IOS
• RIPng Configuration Example on Cisco IOS
• IPv6 Static and Default Route Configuration on Cisco IOS

WAN Configurations

• Basic Multipoint Frame Relay Configuration
• Basic Frame Relay Point-to-Point Configuration
• Basic Frame-Relay Configuration with both Inverse-ARP and Frame-Relay Map Command
• PPP Configuration on Cisco
• HDLC Configuration on Cisco

DHCP and NAT Configurations

• Dynamic NAT Configuration with Packet Tracer
• PAT Configuration with Packet Tracer
• Static NAT Configuration with Packet Tracer
• Router DHCP Configuration with Packet Tracer

Security and ACL Configurations

• Extended Access List Configuration With Packet Tracer
• Standard Access List Configuration With Packet Tracer
• Switch Port Security Configuration with Cisco Packet Tracer
• Basic Cisco Router Security Configuration

SNMP Configurations

• SNMP Configuration On Cisco IOS

VLAN Configurations

• Packet Tracer VLAN Configuration Example 2
• Private VLAN Cisco Configuration Example
• Switch Virtual Interface Configuration on Packet Tracer
• Inter VLAN Routing Configuration on Packet Tracer (Router on Stick)
• Packet Tracer VLAN Configuration Example

Spanning Tree Configurations

• RSTP Configuration on Packet Tracer
• STP Portfast Configuration with Packet Tracer
• STP (Spanning Tree Protocol) Example on Packet Tracer

Neighbor Discovery Configurations

• LLDP Configuration on Cisco
• CDP Configuration with Packet Tracer

EtherChannel Configurations

• LACP Configuration on Cisco Devices

First Hop Redundancy Configurations

• VRRP Configuration on Cisco
• GLBP Configuration on Cisco
• HSRP Configuration on Cisco IOS

Latest Lessons

• uRPF (Unicast Reverse Path Forwarding) Part of: CCNP Enterprise 350-401 ENCOR
• Conditional debugging Part of: CCNP Enterprise 350-401 ENCOR
• Cisco Terminal Monitor and Cisco Logging Monitor Part of: CCNP Enterprise 350-401 ENCOR
• Cisco Debug Command Part of: CCNP Enterprise 350-401 ENCOR
• Packet Tracer VLAN Example 2 Part of: CCNA 200-301
• Packet Tracer VLAN Configuration Example 2 Part of: Cisco Packet Tracer Lab Course
• Container vs Virtual Machine Part of: CCNP Enterprise 350-401 ENCOR
• Virtual Switching and Virtual Switch (vSwitch) Part of: CCNP Enterprise 350-401 ENCOR
• Policy Based Routing (PBR) Part of: CCNP Enterprise 350-401 ENCOR
• Virtual Extensible LAN (VXLAN) Part of: CCNP Enterprise 350-401 ENCOR
• More Lessons

Latest Blog Posts

WHAT YOU WILL FIND?

• 250.000+ Students All Over The World
• 8.000+ Questions & Answers
• 100+ Lab Files & Cheat Sheets
• 30+ IT/Network Courses
• A Real Desire To Help You
• Daily Social Media Shares
• %100 Satisfaction
• CISCO Courses
• NOKIA Courses
• HUAWEI Courses
• JUNIPER Courses
• PYTHON Course
• KEY Courses
• VIDEO Courses
• UDEMY Courses
• Cheat Sheets
• Configuration Files
• Interview Questions
• IPCisco On Social Media
• Pärnu mnt. 139c – 14, 11317, Tallinn, Estonia
• [email protected]

Search form

• Routing & Switching
• Service Provider
• Data Center

You are here

Dc0014 - aci l2out (part 3).

• EPG Extension
• Virtual Port-Channel
• Mis-Cabling Protocol (MCP)
• ARP Flooding
• Extended Bridged Network (L2OUT)
• L2OUT Contract
• Server Migration

About Author

• Log in or register to post comments

L2OUT VLAN MAPPING

First of all, thank you for this great series of videos!

I have one question about those vlan changes that you did. Do we have to use different vlans only if the L2OUT Port and Endpoint port are on the same Leaf?

If we have a dedicated leaf for L2OUT and others dedicate leafs for endpoint connectivity, is it possible to use the same vlan mapping?

Thanks again!

Related Topics

Top 5 videos.

• Lab Minutes Main Website
• Reset Password

Other Services