APIC NXOS CLI – Vlan Domains

Slides:



Advertisements
Similar presentations
Virtual Trunk Protocol
Advertisements

LAN Segmentation Virtual LAN (VLAN).
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
Virtual LANs.
Chapter 9: Access Control Lists
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.
VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward
VLAN ROUTING How can we route traffic between vlans ? By Default Vlans isolate them selves. To Route Traffic we can use: 1. Router: A Router connected.
© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)
Sybex CCNA Chapter 9: VLAN’s Instructor & Todd Lammle.
VLANs.ppt CCNA Exploration Semester 3 Chapter 3
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-1 Implementing VLANs in Campus Networks Applying Best Practices for VLAN Topologies.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing And Switching.
Module 12 MXL DCB <Place supporting graphic here>
Advanced Computer Networks
Chapter 6 Lecture11 Inter-VLAN Routing Assistant Professor Pongpisit Wuttidittachotti, Ph.D. Faculty of Information Technology King Mongkut's University.
Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.
Chapter review Chapter 5 test.
Building Cisco Multilayer Switched Networks (BCMSN)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN BCMSN v3.0—2-1 Correcting Common VLAN Configuration Errors BSMSN Module.
The University of Bolton School of Business & Creative Technologies MWD1014 Computer Networks Virtual Local Area Networks (VLANs) Martin Stanhope
VLAN V irtual L ocal A rea N etwork VLAN Network performance is a key factor in the productivity of an organization. One of the technologies used to.
Basic Router Configuration 1.1 Global configuration Cisco allows us to configure the router to support various protocols and interfaces. The router stores.
Cisco 3 - LAN Perrine. J Page 110/20/2015 Chapter 8 VLAN VLAN: is a logical grouping grouped by: function department application VLAN configuration is.
Author: Bill Buchanan. 1. Broadcast: What is the MAC address of this network address? 2. Requested host: All the hosts read the broadcast and checks.
Medium-Sized Switched Network Construction NetPro-ITI Implementing VLANs and Trunks.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs.
Switching Basics and Intermediate Routing CCNA 3 Chapter 8.
The University of Bolton School of Games Computing & Creative Technologies LCT2516 Network Architecture CCNA Exploration LAN Switching and Wireless Chapter.
CCNP Network Part-I SWITCH Switch is a piece of hardware which joins multiple devices such as computers to make a Network. Switch operates at layer 2 which.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs Cisco Networking Academy.
ITD + ASA 5585-X Configuration Guide
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
Switching Topic 2 VLANs.
Configuring VLAN Chapter 14 powered by DJ 1. Chapter Objectives At the end of this Chapter you will be able to:  Understand basic concept of VLAN  Configure.
Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Multicasting within UCS Qiese Dides.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
Presented BY Kanav Dev Singh B.Tech I.T (8 Th sem)
+ Lecture#8: VLAN Asma AlOsaimi Topics VLAN Segmentation VLAN Implementation VLAN Security and Design 3.0.
LAN Switching Virtual LANs. Virtual LAN Concepts A LAN includes all devices in the same broadcast domain. A broadcast domain includes the set of all LAN-connected.
L4 – L7 Services Network Stitching Only Mode. Why do we need this feature and where is it used?
BGP. BGP Configuration Create Fabric ASN Enable BGP on a given Tenant & VRF Create BGP Neighbor and associated config eBGP Vs iBGP Route Maps BGP over.
Shared Layer 3 Outside. Agenda – Shared Layer3 Outside Overview & Description Configuration Troubleshooting Other Related Documents.
VRealize ACI Plugin.
VRF, Interface Configuration. Enable VRF On A Leaf Command Syntax: Enabling VRF on leaf is a pre-requisite for most of the L3 configuration on that leaf.
External – Layer3 Use Cases. Advertise BD Subnet Through OSPF Step 1: Configure Vlan Domain. apic1(config)# vlan-domain dom400 apic1(config-vlan)# vlan.
Intra EPG Isolation Support For AVS
ACI Micro-Segmentation for Hyper-V
ACI RBAC Rules More fine grained Role-Based Access Control for the ACI REST API.
Instructor Materials Chapter 2: Scaling VLANs
AFM-CPS 2.1.
Obtain Your Dream Certification
Switch Commands.
Instructor & Todd Lammle
Instructor Materials Chapter 6: VLANs
UCS Director: Tenant Onboarding
UCS Director: Tenant Onboarding
Chapter 5: Inter-VLAN Routing
Introduction to Networking
Chapter 2: Scaling VLANs
Cisco Real Exam Dumps IT-Dumps
Routing and Switching Essentials v6.0
CCNA Routing and Switching Routing and Switching Essentials v6.0
Chapter 2: Scaling VLANs
Presentation transcript:

APIC NXOS CLI – Vlan Domains

Agenda Overview Basic Configuration Vlan Domain Model API Configured Vlan Domains Validations Troubleshooting

Overview ACI fabric can be partitioned into sets of 4K VLANs. Each vlan domain represents set of VLANs that can be configured on a group of nodes and ports. Vlans present in the vlan domain can be used for one of the APIC applications – Application EPG, External-L2, External-L3, VMM, L4-L7 Services. In a multiple admin environment, including different privileges for Tenant and Fabric Admins, VLAN domain is used as a security domain. Fabric Admin creates VLAN domains and gives read access to specific Tenant Admins to use the particular vlan domain. Any other tenant admin will not be able to use the vlan domain. This allows multiple admins to manage the same fabric resources (ports, vlans) without over running each other. Note: Security domain feature will be supported in the follow on release.

Overview (cont.) Vlan domain can be static or dynamic. Static vlan domain can support static vlan-pool, while dynamic vlan domain can support both static and dynamic vlan-pools. Vlans in the static vlan-pools are managed by the user and are used for applications such as connectivity to bare metal hosts. Vlans in dynamic vlan-pools are allocated and managed by the APIC controller without user intervention and are used for applications such as VMM, where APIC allocates vlan for each EPG behind the VMM controlled hosts. The default type for vlan domains and vlan-pool within the domain is static

Basic Configuration

Configuration Steps Step 1: Create vlan domain in global mode. Step 2: Add VLANs to vlan domain. Step 3: Assign vlan domain to one or more interfaces.

Create Vlan Domain Command Syntax: [no] vlan-domain <domain-name> [dynamic] Executed in global configuration mode. dynamic: To create dynamic vlan domains. Default is static. Example: apic1(config)# vlan-domain dom1 apic1(config-vlan)# ? vlan Add VLANs to vlan-domain

Add / Remove VLAN’s Command Syntax: [no] vlan <vlan-range> [dynamic] Executed in vlan-domain mode dynamic: dynamic vlan encapBlks. Default is static. Example: apic1(config-vlan)# vlan 5-6, 10, 50-100 apic1(config-vlan)# no vlan 5-6 apic1(config-vlan)# no vlan 50 Error: Static EncapBlk 50-50 not Found Command execution failed.

Associate VLAN Domain To Interfaces Command Syntax: [no] vlan-domain member <domain-name> Associates vlan domain to an interface, port-channel, virtual port-channel or a template. Can associate multiple vlan domains to a given interface.

Associate VLAN Domain To A Port Example: apic1(config)# leaf 101 apic1(config-leaf)# interface ethernet 1/4 apic1(config-leaf-if)# vlan-domain member dom1 apic1# show run leaf 101 interface ethernet 1/4 # Command: show running-config leaf 101 interface ethernet 1/4 # Time: Tue Mar 08 15:35:12 2016 leaf 101 interface ethernet 1/4 vlan-domain member dom1 exit

Associate VLAN Domain To A Port-Channel Example: apic1(config)# leaf 101 apic1(config-leaf)# interface ethernet 1/5 apic1(config-leaf-if)# vlan-domain member dom1 apic1# show run leaf 101 interface ethernet 1/5 # Command: show running-config leaf 101 interface ethernet 1/5 # Time: Tue Mar 08 15:37:12 2016 leaf 101 interface ethernet 1/5 vlan-domain member dom1 exit

Associate VLAN Domain To A Virtual Port-Channel Example: apic1# configure apic1(config)# vpc context leaf 101 102 apic1(config-vpc)# interface vpc vpc5 apic1(config-vpc-if)# vlan-domain member dom1 apic1# sh run vpc context leaf 101 102 # Command: show running-config vpc context leaf 101 102 # Time: Tue Mar 08 15:38:52 2016 vpc context leaf 101 102 interface vpc vpc5 vlan-domain member dom1 exit apic1#

Associate VLAN Domain To A Template Policy-Group Example: apic1# configure apic1(config)# template policy-group tmppolGrp apic1(config-pol-grp-if)# vlan-domain member dom2 apic1# show run template policy-group tmppolGrp # Command: show running-config template policy-group tmppolGrp # Time: Tue Mar 08 15:35:12 2016 template policy-group tmppolGrp vlan-domain member dom2 exit

Associate VLAN Domain To A Template Port-Channel Example: apic1# configure apic1(config)# template port-channel tmppc apic1(config-if)# vlan-domain member dom2 apic1# show run template port-channel tmppc # Command: show running-config template port-channel tmppc # Time: Tue Mar 08 15:35:12 2016 template port-channel tmppc vlan-domain member dom2 exit

VLAN Domain Model

API Model There are three types of vlan domain – Physical, External Bridged, External Routed. “vlan-domain <domain-name>” : This command will internally create Physical(physDomP), External Bridged (l2extDomP)  and External Routed(l3extDomP) vlan domains and the vlan-pool (fvnsVlanInstP) with the same name as the vlan domain.  Basically, vlan domain lets the user use the vlans defined under the vlan domain for any application.   For example, if a vlan under the vlan domain is used by a application EPG, internally, the relations are created for the corresponding physDomP. “vlan-domain member <domain-name>”: Sets up the infraRsDomP to physDomP, l2extDomP and l3extDomP matching the corresponding domain-name.

API Model For VLAN Domain physDomP l2extDomP l3extDomP infraRsVlanNs fvnsVlanInstP (vlan-pool) ….… EncapBlks

API Configured VLAN Domain

Overview physDomP, l2extDomP, l3extDomP and Relation to the Attachable Entity profiles created through API can be modified through the vlan domain CLI with extensions to represent the particular sub domain. CLI is fully compatible with API and GUI for vlan domain config changes. Since, the new CLI users are not expected to be aware of the model specifics, the vlan-domain CLI type extensions are hidden for newly created vlan-domains through CLI.

Create VLAN Domain Command Syntax: [no] vlan-domain <domain-name> [dynamic] [type (phys|l2ext|l3ext)] Executed in global configuration mode. “type” option is visible and mandatory If all three vlan-domain types for <domain-name> are not present or If they have different vlan-pool or If they share same vlan-pool but if the pool name is different from the vlan domain name. Example: apic1(config)# vlan-domain dom2 type phys

Assign VLAN-Pool To VLAN Domain Command Syntax: [no] vlan-pool <pool-name> Executed in vlan-domain mode If type option is present in vlan-domain command, user has to assign a pool to the vlan domain before adding any vlans to it. “no vlan-pool <pool-name>” : If the vlan-pool is used by other vlan domains, we just delete the relation(RsVlanNs), Otherwise, we delete the relation and the vlan-pool. Example: apic1(config-vlan)# vlan-pool pool2

Associate VLAN Domain Member Command Syntax: [no] vlan-domain member <domain-name> [type (phys|l2ext|l3ext)] Associates vlan-domain to an interface, port-channel, virtual port-channel or a template. Can associate multiple vlan-domains to a given interface.

Associate VLAN Domain Member (cont.) Example: apic1(config)# leaf 101 apic1(config-leaf)# interface ethernet 1/4 apic1(config-leaf-if)# vlan-domain member dom1 type phys apic1# show run leaf 101 interface ethernet 1/4 # Command: show running-config leaf 101 interface ethernet 1/4 # Time: Tue Mar 08 15:35:12 2016 leaf 101 interface ethernet 1/4 vlan-domain member dom1 type phys exit

Validations

Validations “no vlan-domain <name>”: Check if vlan-domain is in use by any interface. If yes, return error. User needs to delete vlan-domain from interface using “no vlan-domain member <domain-name>” under the interface config mode. apic1(config)# no vlan-domain dom1 Error: Vlan-domain is in-use. Policies using vlan-domain dom1 : '__ui_p1_l101_eth1--1'. Please remove it and re-try. “no vlan <range>”: Cannot delete subset of vlans for a encapBlk. Whole block has to be removed. apic1(config-vlan)# vlan 2-3, 10, 50-100 apic1(config-vlan)# no vlan 2-3 apic1(config-vlan)# no vlan 50 Error: Static EncapBlk 50-50 not Found

Validations (cont.) “no vlan-pool <pool-name>”: Check if vlan-pool is associated to any vlan-domain. If yes, only remove the relation to vlan-pool. Otherwise, delete the relation and the vlan-pool. apic1(config)# vlan-domain dom2 type phys apic1(config-vlan)# vlan-pool pool1 apic1(config)# vlan-domain dom3 type l2ext apic1(config-vlan)# vlan-pool pool2 apic1(config-vlan)# no vlan-pool pool2 Vlan-pool is in use by other vlan-domain(s). Removing only the vlan-pool relation from the vlan-domain. To delete the vlan-pool, please remove the pool from the other vlan-domain(s).

Validations (cont.) “vlan-domain member <name>”: Cannot associate vlan-domains with overlapping vlans on a given port. (Port, Vlan) should uniquely map to one vlan domain. apic1(config)# vlan-domain dom2 apic1(config-vlan)# vlan 3-4 apic1(config)# vlan-domain dom3 apic1(config)# leaf 101 apic1(config-leaf)# interface ethernet 1/1 apic1(config-leaf-if)# vlan-domain member dom2 apic1(config-leaf-if)# vlan-domain member dom3 Error: Overlapping of Vlans is not allowed on an interface. Vlans overlapping with vlan-domain dom2. Please remove the overlapping vlans.

Validations (cont.) “ vlan <range>”: Cannot add new vlan range to a vlan-domain, if the vlan-domain is associated with an interface, which is also a member of another vlan-domain with overlapping vlan set. apic1(config)# vlan-domain dom2 apic1(config-vlan)# vlan 1-4 apic1(config)# vlan-domain dom3 apic1(config-vlan)# vlan 5-7 apic1(config)# leaf 101 apic1(config-leaf)# interface ethernet 1/2 apic1(config-leaf-if)# vlan-domain member dom2 apic1(config-leaf-if)# vlan-domain member dom3 apic1(config)# vlan-domain dom2 Error: Overlapping of Vlans is not allowed on an interface. Vlans overlapping with vlan-domain dom3. Please remove the overlapping vlans. Command execution failed.

Validations (cont.) “switchport trunk allowed vlan <> ..”: When a vlan is associated to a application (app EPG, L2, SVI) , the vlan should be part one of the vlan-domains associated with the interface. If not, configuration is not allowed All interface level validations apply to all interface types and templates where vlan-domain member configuration is allowed. apic1(config)# leaf 101 apic1(config-leaf)# interface ethernet 1/14 apic1(config-leaf-if)# switchport trunk allowed vlan 100 tenant Nubecentro application ap1 epg epg1 No vlan-domain associated to node 101 interface ethernet1/14 encap vlan-100

Troubleshooting

Show VLAN Domain Command Syntax: show vlan-domain [name <domain-name>] [vlan <vlan-id>] [leaf <leaf-id>] Displays vlan usage for the following applications: - Application EPG static path deployment. - Legacy Bridge-domain. - External-L2 EPG path deployment. - External-L3: Vlan used by SVI, Sub-interface.

Show VLAN Domain (cont.) One stop shop for vlan usage in the system. Displays user configuration filtered by one or more combinations of vlan domain name, vlan id, leaf id. Vlan Domain name incudes all three types(phys,l2ext,l3ext). Fetches the operational state of the Vlan interface (l2BD, sviIf objects) and the paths on which EPG is deployed from the switch. In APIC, User configured encap vlan and BD are mapped to locally allocated vlans in the switch. This mapping is displayed in the operational vlan. Faults (like invalid path, invalid vlan, ctx/vrf missing ) corresponding to the EPG deployment is available in the operational state.

Show VLAN Domain (cont.)

Security Domain Command Syntax: [no] security-domain <domain-name> Executed in vlan-domain mode Security-domain is one of the main use-cases of vlan-domain Supported in follow on release Users with same security-domains associated can access the vlan-domain Example: userA associated to secdom1 apic1(config)# vlan-domain dom1 apic1(config-vlan)# vlan 100 apic1(config-vlan)# security-domain secdom2 apic1# ssh userA@192.168.10.1 Application Policy Infrastructure Controller userA@192.168.10.1's password: apic1# configure apic1(config)# vlan-domain ? WORD Vlan domain name (Max Size 64)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.