The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter includes the following sections:
A named VLAN creates a connection to a specific external LAN. The VLAN isolates traffic to that external LAN, including broadcast traffic.
The name that you assign to a VLAN ID adds a layer of abstraction that allows you to globally update all servers associated with service profiles that use the named VLAN. You do not need to reconfigure the servers individually to maintain communication with the external LAN.
You can create more than one named VLAN with the same VLAN ID. For example, if servers that host business services for HR and Finance need to access the same external LAN, you can create VLANs named HR and Finance with the same VLAN ID. Then, if the network is reconfigured and Finance is assigned to a different LAN, you only have to change the VLAN ID for the named VLAN for Finance.
In a cluster configuration, you can configure a named VLAN to be accessible only to one fabric interconnect or to both fabric interconnects.
You cannot create VLANs with IDs from 3968 to 4048. This range of VLAN IDs is reserved.
VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.
The VLAN name is case sensitive.
A private VLAN (PVLAN) partitions the Ethernet broadcast domain of a VLAN into subdomains and allows you to isolate some ports. Each subdomain in a PVLAN includes a primary VLAN and one or more secondary VLANs. All secondary VLANs in a PVLAN must share the same primary VLAN. The secondary VLAN ID differentiates one subdomain from another.
All secondary VLANs in a Cisco UCS domain must be isolated VLANs. Cisco UCS does not support community VLANs.
Communications on an isolated VLAN can only use the associated port in the primary VLAN. These ports are isolated ports and are not configurable in Cisco UCS Manager. If the primary VLAN includes multiple secondary VLANs, those isolated VLANs cannot communicate directly with each other.
An isolated port is a host port that belongs to an isolated secondary VLAN. This port has complete isolation from other ports within the same private VLAN domain. PVLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports. You can have more than one isolated port in a specified isolated VLAN. Each port is completely isolated from all other ports in the isolated VLAN.
When you create PVLANs, be aware of the following guidelines:
You cannot create VLANs with IDs from 3968 to 4048. This range of VLAN IDs is reserved.
VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.
The VLAN name is case sensitive.
Cisco UCS Manager limits the number of VLAN port instances that can be configured under border and server domains on a fabric interconnect to 6000.
The following types of ports are counted in the VLAN port calculation:
Based on the number of VLANs configured for these ports, Cisco UCS Manager keeps track of the cumulative count of VLAN port instances and enforces the VLAN port limit during validation. Cisco UCS Manager reserves some pre-defined VLAN port resources for control traffic. These include management VLANs configured under HIF and NIF ports.
Cisco UCS Manager validates VLAN port availability during the following operations.
Note |
This is outside the control of Cisco UCS Manager |
Cisco UCS Manager strictly enforces the VLAN port limit on service profile operations. If Cisco UCS Manager detects that you have exceeded the VLAN port limit service profile configuration will fail during deployment.
Exceeding the VLAN port count in a border domain is less disruptive. When the VLAN port count is exceeded in a border domainCisco UCS Manager changes the allocation status to Exceeded. In order to change the status back to Available, you should complete one of the following actions:
Configuring Named VLANs
In a Cisco UCS domain that is configured for high availability, you can create a named VLAN that is accessible to both fabric interconnects or to only one fabric interconnect.
You cannot create VLANs with IDs from 3968 to 4048. This range of VLAN IDs is reserved.
VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.
If Cisco UCS Manager includes a named VLAN with the same VLAN ID as the one you delete, the VLAN is not removed from the fabric interconnect configuration until all named VLANs with that ID are deleted.
If you are deleting a private primary VLAN, make sure to reassign the secondary VLANs to another working primary VLAN.
Step 1 | In the Navigation pane, click the LAN tab. | ||||||||||
Step 2 | On the LAN tab, click the LAN node. | ||||||||||
Step 3 | In the Work pane, click the VLANs tab. | ||||||||||
Step 4 |
Click one of the following subtabs, depending upon what type of VLAN you want to delete:
|
||||||||||
Step 5 |
In the table, click the VLAN you want to delete. You can use the Shift key or Ctrl key to select multiple entries. |
||||||||||
Step 6 | Right-click the highlighted VLAN or VLANs and select Delete. | ||||||||||
Step 7 | If Cisco UCS Manager GUI displays a confirmation dialog box, click Yes. |
Configuring Private VLANs
In a Cisco UCS domain that is configured for high availability, you can create a primary VLAN that is accessible to both fabric interconnects or to only one fabric interconnect.
You cannot create VLANs with IDs from 3968 to 4048. This range of VLAN IDs is reserved.
VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.
Step 1 | In the Navigation pane, click the LAN tab. | ||||||||||||||
Step 2 | On the LAN tab, click the LAN node. | ||||||||||||||
Step 3 | In the Work pane, click the VLANs tab. | ||||||||||||||
Step 4 |
On the icon bar to the right of the table, click +. If the + icon is disabled, click an entry in the table to enable it. |
||||||||||||||
Step 5 |
In the Create VLANs dialog box, complete the following fields:
|
||||||||||||||
Step 6 |
If you clicked the Check Overlap button, do the following:
|
||||||||||||||
Step 7 |
Click OK. Cisco UCS Manager adds the primary VLAN to one of the following VLANs nodes: |
In a Cisco UCS domain that is configured for high availability, you can create a secondary VLAN that is accessible to both fabric interconnects or to only one fabric interconnect.
You cannot create VLANs with IDs from 3968 to 4048. This range of VLAN IDs is reserved.
VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.
Create the primary VLAN.
Step 1 | In the Navigation pane, click the LAN tab. | ||||||||||||||
Step 2 | On the LAN tab, click the LAN node. | ||||||||||||||
Step 3 | In the Work pane, click the VLANs tab. | ||||||||||||||
Step 4 |
On the icon bar to the right of the table, click +. If the + icon is disabled, click an entry in the table to enable it. |
||||||||||||||
Step 5 |
In the Create VLANs dialog box, complete the following fields:
|
||||||||||||||
Step 6 |
If you clicked the Check Overlap button, do the following:
|
||||||||||||||
Step 7 |
Click OK. Cisco UCS Manager adds the primary VLAN to one of the following VLANs nodes: |
Step 1 | In the Navigation pane, click the Equipment tab. | ||||||||||
Step 2 | On the Equipment tab, expand . | ||||||||||
Step 3 | Click the fabric interconnect for which you want to view the VLAN port count. | ||||||||||
Step 4 | In the Work pane, click the General tab. | ||||||||||
Step 5 |
In the General tab, click the down arrows on the VLAN Port Count bar to expand that area. Cisco UCS Manager GUI displays the following details:
|