When a service provider has multiple customers connecting to the same physical switch using the same VLAN encapsulation, but they should not be on the same Layer 2 segment, translating the incoming VLAN to a unique VLAN/VNI is the right way to extending the segment.

Beginning with Cisco NX-OS Release 10.3(3)F, Port VLAN mapping on non-VXLAN VLANs is supported on Cisco Nexus 9300-EX/FX/FX2/FX3/GX/GX2, C9408 platform switches and Cisco Nexus 9500 switches with 9700-EX/FX/GX line cards.

In the figure below two customers, Blue and Red are connecting to the leaf using VLAN 10 as their encapsulation.

In this example VLAN 10 for Customer Blue (on interface E1/1) is mapped/translated to VLAN 100, and VLAN 10 for customer Red (on interface E1/2) is mapped to VLAN 200.

On the other leaf, this mapping is applied in reverse. Incoming VLAN 100 is mapped to VLAN 10 on Interface E1/1 and VLAN 200 is mapped to VLAN 10 on Interface E1/2.

You can configure VLAN translation between the ingress (incoming) VLAN and a local (translated) VLAN on a port. For the traffic arriving on the interface where VLAN translation is enabled, the incoming VLAN is mapped to a translated VLAN.

On the underlay, the inner dot1q is deleted, and switched over to the non-VXLAN network. On the outgoing interface, where VLAN translation is configured, the traffic is converted to the original VLAN and egressed out. Refer to the VLAN counters on the translated VLAN for the traffic counters and not on the ingress VLAN.

The following are the guidelines and Limitations for Port VLAN Mapping:

• Beginning with Cisco NX-OS Release 10.3(3)F, Port VLAN mapping on VLANs is supported on Cisco Nexus 9300-EX/FX/FX2/FX3/GX/GX2, C9408 platform switches and Cisco Nexus 9500 switches with 9700-EX/FX/GX line cards.

• Beginning with Cisco NX-OS Release 10.4(1)F, Port VLAN mapping on VLANs is supported on Cisco Nexus 9332D-H2R switch.

• Beginning with Cisco NX-OS Release 10.4(2)F, Port VLAN mapping on VLANs is supported on Cisco Nexus 93400LD-H1 switch.

• The ingress (incoming) VLAN does not need to be configured on the switch as a VLAN. The translated VLAN must be configured.

• All Layer 2 source address learning and Layer 2 MAC destination lookup occurs on the translated VLAN. See the VLAN counters on the translated VLAN and not on the ingress (incoming) VLAN.

• Port VLAN mapping routing supports configuring an SVI on the translated VLAN.

• The following example shows incoming VLAN 10 being mapped to local VLAN 100:

  interface ethernet1/1
  switchport vlan mapping 10 100

• The following is an example of overlapping VLAN for PV translation. In the first statement, VLAN-102 is a translated VLAN. In the second statement, VLAN-102 the VLAN where it is translated to VLAN-103:

  interface ethernet1/1
  switchport vlan mapping 101 102
  switchport vlan mapping 102 103

• When adding a member to an existing port channel using the force command, the "mapping enable" configuration must be consistent. For example:

  Int po 101
  switchport vlan mapping enable
  switchport vlan mapping 101 10
  switchport trunk allowed vlan 10
   
  int eth 1/8
  /***No configuration***/

  Note	The switchport VLAN mapping enable command is supported only when the port mode is trunk.

• VLAN mapping helps with VLAN localization to a port, scoping the VLANs per port. A typical use case is in the service provider environment where the service provider leaf switch has different customers with overlapping VLANs that come in on different ports. For example, customer A has VLAN 10 coming in on Eth 1/1 and customer B has VLAN 10 coming in on Eth 2/2.

• Port VLAN mapping does not coexist with PVLAN.

• If the inherit port-profile command is configured on a PV interface, use the no inherit port-profile <profile name> command to detach and then execute the no switchport vlan mapping all command.

• If the system dot1q-tunnel transit vlan provider_vlan_list command is globally configured on the switch, do not set the provider VLAN as the native or access port VLAN for any other trunk or access port on the system. It is expected to choose provider VLANs other than the native VLANs on the system.