VLANs

Named VLANs

A named VLAN creates a connection to a specific external LAN. The VLAN isolates traffic to that external LAN, including broadcast traffic.

The name that you assign to a VLAN ID adds a layer of abstraction that allows you to globally update all servers associated with service profiles that use the named VLAN. You do not need to reconfigure the servers individually to maintain communication with the external LAN.

You can create more than one named VLAN with the same VLAN ID. For example, if servers that host business services for HR and Finance need to access the same external LAN, you can create VLANs named HR and Finance with the same VLAN ID. Then, if the network is reconfigured and Finance is assigned to a different LAN, you only have to change the VLAN ID for the named VLAN for Finance.

In a cluster configuration, you can configure a named VLAN to be accessible only to one fabric interconnect or to both fabric interconnects.

Guidelines for VLAN IDs


Important

VLANs with IDs from 4043 to 4047 and from 4094 to 4095 are reserved. You cannot create VLANs with IDs from this range. Until Cisco UCS Manager Release 4.0(1d), VLAN ID 4093 was in the list of reserved VLANs. VLAN 4093 has been removed from the list of reserved VLANs and is available for configuration.

The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.

VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.

VLAN 4048 is user configurable. However, Cisco UCS Manager uses VLAN 4048 for the following default values. If you want to assign 4048 to a VLAN, you must reconfigure these values:

  • After an upgrade to Cisco UCS, Release 2.0—The FCoE storage port native VLAN uses VLAN 4048 by default. If the default FCoE VSAN was set to use VLAN 1 before the upgrade, you must change it to a VLAN ID that is not used or reserved. For example, consider changing the default to 4049 if that VLAN ID is not in use.

  • After a fresh install of Cisco UCS, Release 2.0—The FCoE VLAN for the default VSAN uses VLAN 4048 by default. The FCoE storage port native VLAN uses VLAN 4049.

The VLAN name is case sensitive.

Private VLANs

A private VLAN (PVLAN) partitions the Ethernet broadcast domain of a VLAN into subdomains, and allows you to isolate some ports. Each subdomain in a PVLAN includes a primary VLAN and one or more secondary VLANs. All secondary VLANs in a PVLAN must share the same primary VLAN. The secondary VLAN ID differentiates one subdomain from another.

Isolated and Community VLANs

All secondary VLANs in a Cisco UCS domain can be Isolated or Community VLANs.


Note

You cannot configure an isolated VLAN to use with a regular VLAN.

Ports on Isolated VLANs

Communications on an isolated VLAN can only use the associated port in the primary VLAN. These ports are isolated ports and are not configurable in Cisco UCS Manager. A primary VLAN can have only one isolated VLAN, but multiple isolated ports on the same isolated VLAN are allowed. These isolated ports cannot communicate with each other. The isolated ports can communicate only with a regular trunk port or promiscuous port that allows the isolated VLAN.

An isolated port is a host port that belongs to an isolated secondary VLAN. This port has complete isolation from other ports within the same private VLAN domain. PVLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports. You can have more than one isolated port in a specified isolated VLAN. Each port is completely isolated from all other ports in the isolated VLAN.

Guidelines for Uplink Ports

When you create PVLANs, use the following guidelines:

  • The uplink Ethernet port channel cannot be in promiscuous mode.

  • Each primary VLAN can have only one isolated VLAN.

  • VIFs on VNTAG adapters can have only one isolated VLAN.

Guidelines for VLAN IDs


Note

You cannot create VLANs with IDs from 3915 to 4042. These ranges of VLAN IDs are reserved.

The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.

VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.

VLAN 4048 is user configurable. However, Cisco UCS Manager uses VLAN 4048 for the following default values. If you want to assign 4048 to a VLAN, you must reconfigure these values:

  • After an upgrade to Cisco UCS, Release 2.0—The FCoE storage port native VLAN uses VLAN 4048 by default. If the default FCoE VSAN was set to use VLAN 1 before the upgrade, you must change it to a VLAN ID that is not used or reserved. For example, consider changing the default to 4049 if that VLAN ID is not in use.

  • After a fresh install of Cisco UCS, Release 2.0—The FCoE VLAN for the default VSAN uses VLAN 4048 by default. The FCoE storage port native VLAN uses VLAN 4049.

The VLAN name is case sensitive.

VLAN Port Limitations

Cisco UCS Manager limits the number of VLAN port instances that you can configure under border and server domains on a fabric interconnect.

Types of Ports Included in the VLAN Port Count

The following types of ports are counted in the VLAN port calculation:

  • Border uplink Ethernet ports

  • Border uplink Ether-channel member ports

  • FCoE ports in a SAN cloud

  • Ethernet ports in a NAS cloud

  • Static and dynamic vNICs created through service profiles

  • VM vNICs created as part of a port profile in a hypervisor in hypervisor domain

Based on the number of VLANs configured for these ports, Cisco UCS Manager tracks the cumulative count of VLAN port instances and enforces the VLAN port limit during validation. Cisco UCS Manager reserves some pre-defined VLAN port resources for control traffic. These include management VLANs configured under HIF and NIF ports.

VLAN Port Limit Enforcement

Cisco UCS Manager validates VLAN port availability during the following operations:

  • Configuring and unconfiguring border ports and border port channels

  • Adding or removing VLANs from a cloud

  • Configuring or unconfiguring SAN or NAS ports

  • Associating or disassociating service profiles that contain configuration changes

  • Configuring or unconfiguring VLANs under vNICs or vHBAs

  • Receiving creation or deletion notifications from a VMWare vNIC and from an ESX hypervisor


    Note

    This is outside the control of the Cisco UCS Manager.

  • Fabric interconnect reboot

  • Cisco UCS Manager upgrade or downgrade

Cisco UCS Manager strictly enforces the VLAN port limit on service profile operations. If Cisco UCS Manager detects that the VLAN port limit is exceeded, the service profile configuration fails during deployment.

Exceeding the VLAN port count in a border domain is less disruptive. When the VLAN port count is exceeded in a border domain Cisco UCS Manager changes the allocation status to Exceeded. To change the status back to Available, complete one of the following actions:

  • Unconfigure one or more border ports

  • Remove VLANs from the LAN cloud

  • Unconfigure one or more vNICs or vHBAs

Configuring Named VLANs

Creating a Named VLAN Accessible to Both Fabric Interconnects (Uplink Ethernet Mode)


Important

VLANs with IDs from 4043 to 4047 and from 4094 to 4095 are reserved. You cannot create VLANs with IDs from this range. Until Cisco UCS Manager Release 4.0(1d), VLAN ID 4093 was in the list of reserved VLANs. VLAN 4093 has been removed from the list of reserved VLANs and is available for configuration.

The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.

VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.

SUMMARY STEPS

  1. UCS-A# scope eth-uplink
  2. UCS-A /eth-uplink # create vlan vlan-name vlan-id
  3. UCS-A /eth-uplink/fabric/vlan # set sharing {isolated | none | primary}
  4. UCS-A /eth-uplink/vlan # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink mode.

Step 2

UCS-A /eth-uplink # create vlan vlan-name vlan-id

Creates a named VLAN, specifies the VLAN name and VLAN ID, and enters Ethernet uplink VLAN mode.

The VLAN name is case sensitive.

Step 3

UCS-A /eth-uplink/fabric/vlan # set sharing {isolated | none | primary}

Sets the sharing for the specified VLAN.

This can be one of the following:

  • isolated —This is a secondary VLAN associated with a primary VLAN. This VLAN is private.

  • none —This VLAN does not have any secondary or private VLANs.

  • primary —This VLAN can have one or more secondary VLANs.

Step 4

UCS-A /eth-uplink/vlan # commit-buffer

Commits the transaction to the system configuration.

Example

The following example creates a named VLAN for both fabric interconnects, names the VLAN accounting, assigns the VLAN ID 2112, sets the sharing to none, and commits the transaction: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # create vlan accounting 2112
UCS-A /eth-uplink/vlan* # set sharing none
UCS-A /eth-uplink/vlan* # commit-buffer
UCS-A /eth-uplink/vlan #

Creating a Named VLAN Accessible to Both Fabric Interconnects (Ethernet Storage Mode)


Important

VLANs with IDs from 4043 to 4047 and from 4094 to 4095 are reserved. You cannot create VLANs with IDs from this range. Until Cisco UCS Manager Release 4.0(1d), VLAN ID 4093 was in the list of reserved VLANs. VLAN 4093 has been removed from the list of reserved VLANs and is available for configuration.

The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.

VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.

SUMMARY STEPS

  1. UCS-A# scope eth-storage
  2. UCS-A /eth-storage # create vlan vlan-name vlan-id
  3. UCS-A /eth-storage/vlan # create member-port {a | b} slot-id port-id
  4. UCS-A /eth-storage/vlan/member-port # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-storage

Enters Ethernet storage mode.

Step 2

UCS-A /eth-storage # create vlan vlan-name vlan-id

Creates a named VLAN, specifies the VLAN name and VLAN ID, and enters Ethernet storage VLAN mode.

The VLAN name is case sensitive.

Step 3

UCS-A /eth-storage/vlan # create member-port {a | b} slot-id port-id

Creates a member port for the specified VLAN on the specified fabric.

Step 4

UCS-A /eth-storage/vlan/member-port # commit-buffer

Commits the transaction to the system configuration.

Example

The following example creates a named VLAN for both fabric interconnects, names the VLAN accounting, assigns the VLAN ID 2112, creates a member port on slot 2, port 20, and commits the transaction: 

UCS-A# scope eth-storage
UCS-A /eth-storage # create vlan accounting 2112
UCS-A /eth-storage/vlan* # create member-port a 2 20
UCS-A /eth-storage/vlan/member-port* # commit-buffer
UCS-A /eth-storage/vlan/member-port #

Creating a Named VLAN Accessible to One Fabric Interconnect (Uplink Ethernet Mode)


Important

VLANs with IDs from 4043 to 4047 and from 4094 to 4095 are reserved. You cannot create VLANs with IDs from this range. Until Cisco UCS Manager Release 4.0(1d), VLAN ID 4093 was in the list of reserved VLANs. VLAN 4093 has been removed from the list of reserved VLANs and is available for configuration.

The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.

VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.

SUMMARY STEPS

  1. UCS-A# scope eth-uplink
  2. UCS-A /eth-uplink # scope fabric {a | b}
  3. UCS-A /eth-uplink/fabric # create vlan vlan-name vlan-id
  4. UCS-A /eth-uplink/fabric/vlan # set sharing {isolated | none | primary}
  5. UCS-A /eth-uplink/fabric/vlan # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink mode.

Step 2

UCS-A /eth-uplink # scope fabric {a | b}

Enters Ethernet uplink fabric interconnect mode for the specified fabric interconnect (A or B).

Step 3

UCS-A /eth-uplink/fabric # create vlan vlan-name vlan-id

Creates a named VLAN, specifies the VLAN name and VLAN ID, and enters Ethernet uplink fabric interconnect VLAN mode.

The VLAN name is case sensitive.

Step 4

UCS-A /eth-uplink/fabric/vlan # set sharing {isolated | none | primary}

Sets the sharing for the specified VLAN.

This can be one of the following:

  • isolated —This is a secondary VLAN associated with a primary VLAN. This VLAN is private.

  • none —This VLAN does not have any secondary or private VLANs.

  • primary —This VLAN can have one or more secondary VLANs.

Step 5

UCS-A /eth-uplink/fabric/vlan # commit-buffer

Commits the transaction to the system configuration.

Example

The following example creates a named VLAN for fabric interconnect A, names the VLAN finance, assigns the VLAN ID 3955, sets the sharing to none, and commits the transaction: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # scope fabric a
UCS-A /eth-uplink/fabric # create vlan finance 3955
UCS-A /eth-uplink/fabric/vlan* # set sharing none
UCS-A /eth-uplink/fabric/vlan* # commit-buffer
UCS-A /eth-uplink/fabric/vlan #

Creating a Secondary VLAN for a Private VLAN (Accessible to One Fabric Interconnect)


Important

VLANs with IDs from 4043 to 4047 and from 4094 to 4095 are reserved. You cannot create VLANs with IDs from this range. Until Cisco UCS Manager Release 4.0(1d), VLAN ID 4093 was in the list of reserved VLANs. VLAN 4093 has been removed from the list of reserved VLANs and is available for configuration.

The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.

VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.

SUMMARY STEPS

  1. UCS-A# scope eth-uplink
  2. UCS-A /eth-uplink # scope fabric {a | b}
  3. UCS-A /eth-uplink/fabric # create vlan vlan-name vlan-id
  4. UCS-A /eth-uplink/vlan # set sharing isolated
  5. UCS-A /eth-uplink/vlan # set pubnwname primary-vlan-name
  6. UCS-A /eth-uplink/fabric/vlan/member-port # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink mode.

Step 2

UCS-A /eth-uplink # scope fabric {a | b}

Enters Ethernet uplink fabric interconnect mode for the specified fabric interconnect (A or B).

Step 3

UCS-A /eth-uplink/fabric # create vlan vlan-name vlan-id

Creates a named VLAN, specifies the VLAN name and VLAN ID, and enters Ethernet uplink fabric interconnect VLAN mode.

The VLAN name is case sensitive.

Step 4

UCS-A /eth-uplink/vlan # set sharing isolated

Sets the VLAN as the secondary VLAN.

Step 5

UCS-A /eth-uplink/vlan # set pubnwname primary-vlan-name

Specifies the primary VLAN to be associated with this secondary VLAN.
Step 6

UCS-A /eth-uplink/fabric/vlan/member-port # commit-buffer

Commits the transaction to the system configuration.

Example

The following example creates a named VLAN for fabric interconnect A, names the VLAN finance, assigns the VLAN ID 3955, makes this VLAN the secondary VLAN, associates the secondary VLAN with the primary VLAN, and commits the transaction: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # scope fabric a
UCS-A /eth-uplink/fabric # create vlan finance 3955
UCS-A /eth-uplink/fabric/vlan* # set sharing isolated
UCS-A /eth-uplink/fabric/vlan* # set pubnwname pvlan1000
UCS-A /eth-uplink/fabric/vlan* # commit-buffer
UCS-A /eth-uplink/fabric/vlan #

Deleting a Named VLAN

If Cisco UCS Manager includes a named VLAN with the same VLAN ID as the one you delete, the VLAN is not removed from the fabric interconnect configuration until all named VLANs with that ID are deleted.

If you are deleting a private primary VLAN, ensure that you reassign the secondary VLANs to another working primary VLAN.

Before you begin

Before you delete a VLAN from a fabric interconnect, ensure that the VLAN was removed from all vNICs and vNIC templates.


Note

If you delete a VLAN that is assigned to a vNIC or vNIC template, the vNIC might allow that VLAN to flap.

SUMMARY STEPS

  1. UCS-A# scope eth-uplink
  2. (Optional) UCS-A /eth-uplink # scope fabric{a | b}
  3. UCS-A /eth-uplink # delete vlan vlan-name
  4. UCS-A /eth-uplink # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink mode.

Step 2

(Optional) UCS-A /eth-uplink # scope fabric{a | b}

(Optional)

Enters Ethernet uplink fabric mode. Use this command when you want to delete a named VLAN only from the specified fabric (a or b).

Step 3

UCS-A /eth-uplink # delete vlan vlan-name

Deletes the specified named VLAN.

Step 4

UCS-A /eth-uplink # commit-buffer

Commits the transaction to the system configuration.

Example

The following example deletes a named VLAN accessible to both fabric interconnects and commits the transaction: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # delete vlan accounting
UCS-A /eth-uplink* # commit-buffer
UCS-A /eth-uplink #

The following example deletes a named VLAN accessible to one fabric interconnect and commits the transaction: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # scope fabric a
UCS-A /eth-uplink/fabric # delete vlan finance
UCS-A /eth-uplink/fabric* # commit-buffer
UCS-A /eth-uplink/fabric #

Configuring Private VLANs

Creating a Primary VLAN for a Private VLAN (Accessible to Both Fabric Interconnects)


Important

VLANs with IDs from 4043 to 4047 and from 4094 to 4095 are reserved. You cannot create VLANs with IDs from this range. Until Cisco UCS Manager Release 4.0(1d), VLAN ID 4093 was in the list of reserved VLANs. VLAN 4093 has been removed from the list of reserved VLANs and is available for configuration.

The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.

VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.

SUMMARY STEPS

  1. UCS-A# scope eth-uplink
  2. UCS-A /eth-uplink # create vlan vlan-name vlan-id
  3. UCS-A /eth-uplink/vlan # set sharing primary
  4. UCS-A /eth-uplink/vlan # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink mode.

Step 2

UCS-A /eth-uplink # create vlan vlan-name vlan-id

Creates a named VLAN, specifies the VLAN name and VLAN ID, and enters Ethernet uplink VLAN mode.

The VLAN name is case sensitive.

Step 3

UCS-A /eth-uplink/vlan # set sharing primary

Sets the VLAN as the primary VLAN.

Step 4

UCS-A /eth-uplink/vlan # commit-buffer

Commits the transaction to the system configuration.

Example

The following example creates a named VLAN for both fabric interconnects, names the VLAN accounting, assigns the VLAN ID 2112, makes this VLAN the primary VLAN, and commits the transaction: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # create vlan accounting 2112
UCS-A /eth-uplink/vlan* # set sharing primary
UCS-A /eth-uplink/vlan* # commit-buffer
UCS-A /eth-uplink/vlan #

Creating a Primary VLAN for a Private VLAN (Accessible to One Fabric Interconnect)


Important

VLANs with IDs from 4043 to 4047 and from 4094 to 4095 are reserved. You cannot create VLANs with IDs from this range. Until Cisco UCS Manager Release 4.0(1d), VLAN ID 4093 was in the list of reserved VLANs. VLAN 4093 has been removed from the list of reserved VLANs and is available for configuration.

The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.

VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.

SUMMARY STEPS

  1. UCS-A# scope eth-uplink
  2. UCS-A /eth-uplink # scope fabric {a | b}
  3. UCS-A /eth-uplink/fabric # create vlan vlan-name vlan-id
  4. UCS-A /eth-uplink/fabric/vlan # set sharing primary
  5. UCS-A /eth-uplink/fabric/vlan # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink mode.
Step 2

UCS-A /eth-uplink # scope fabric {a | b}

Enters Ethernet uplink fabric interconnect mode for the specified fabric interconnect.

Step 3

UCS-A /eth-uplink/fabric # create vlan vlan-name vlan-id

Creates a named VLAN, specifies the VLAN name and VLAN ID, and enters Ethernet uplink fabric interconnect VLAN mode.

The VLAN name is case sensitive.

Step 4

UCS-A /eth-uplink/fabric/vlan # set sharing primary

Sets the VLAN as the primary VLAN.

Step 5

UCS-A /eth-uplink/fabric/vlan # commit-buffer

Commits the transaction to the system configuration.

Example

The following example creates a named VLAN for fabric interconnect A, names the VLAN finance, assigns the VLAN ID 3955, makes this VLAN the primary VLAN, and commits the transaction: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # scope fabric a
UCS-A /eth-uplink/fabric # create vlan finance 3955
UCS-A /eth-uplink/fabric/vlan* # set sharing primary
UCS-A /eth-uplink/fabric/vlan* # commit-buffer
UCS-A /eth-uplink/fabric/vlan #

Creating a Secondary VLAN for a Private VLAN (Accessible to Both Fabric Interconnects)


Important

VLANs with IDs from 4043 to 4047 and from 4094 to 4095 are reserved. You cannot create VLANs with IDs from this range. Until Cisco UCS Manager Release 4.0(1d), VLAN ID 4093 was in the list of reserved VLANs. VLAN 4093 has been removed from the list of reserved VLANs and is available for configuration.

The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.

VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.

SUMMARY STEPS

  1. UCS-A# scope eth-uplink
  2. UCS-A /eth-uplink # create vlan vlan-name vlan-id
  3. UCS-A /eth-uplink/vlan # set sharing isolated
  4. UCS-A /eth-uplink/vlan # set pubnwname primary-vlan-name
  5. UCS-A /eth-uplink/vlan # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink mode.

Step 2

UCS-A /eth-uplink # create vlan vlan-name vlan-id

Creates a named VLAN, specifies the VLAN name and VLAN ID, and enters Ethernet uplink VLAN mode.

The VLAN name is case sensitive.

Step 3

UCS-A /eth-uplink/vlan # set sharing isolated

Sets the VLAN as the secondary VLAN.

Step 4

UCS-A /eth-uplink/vlan # set pubnwname primary-vlan-name

Specifies the primary VLAN to be associated with this secondary VLAN.
Step 5

UCS-A /eth-uplink/vlan # commit-buffer

Commits the transaction to the system configuration.

Example

The following example creates a named VLAN for both fabric interconnects, names the VLAN accounting, assigns the VLAN ID 2112, makes this VLAN the secondary VLAN, associates the secondary VLAN with the primary VLAN, and commits the transaction: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # create vlan accounting 2112
UCS-A /eth-uplink/vlan* # set sharing isolated
UCS-A /eth-uplink/vlan* # set pubnwname pvlan1000
UCS-A /eth-uplink/vlan* # commit-buffer
UCS-A /eth-uplink/vlan #

Creating a Secondary VLAN for a Private VLAN (Accessible to One Fabric Interconnect)


Important

VLANs with IDs from 4043 to 4047 and from 4094 to 4095 are reserved. You cannot create VLANs with IDs from this range. Until Cisco UCS Manager Release 4.0(1d), VLAN ID 4093 was in the list of reserved VLANs. VLAN 4093 has been removed from the list of reserved VLANs and is available for configuration.

The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.

VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.

SUMMARY STEPS

  1. UCS-A# scope eth-uplink
  2. UCS-A /eth-uplink # scope fabric {a | b}
  3. UCS-A /eth-uplink/fabric # create vlan vlan-name vlan-id
  4. UCS-A /eth-uplink/vlan # set sharing isolated
  5. UCS-A /eth-uplink/vlan # set pubnwname primary-vlan-name
  6. UCS-A /eth-uplink/fabric/vlan/member-port # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink mode.

Step 2

UCS-A /eth-uplink # scope fabric {a | b}

Enters Ethernet uplink fabric interconnect mode for the specified fabric interconnect (A or B).

Step 3

UCS-A /eth-uplink/fabric # create vlan vlan-name vlan-id

Creates a named VLAN, specifies the VLAN name and VLAN ID, and enters Ethernet uplink fabric interconnect VLAN mode.

The VLAN name is case sensitive.

Step 4

UCS-A /eth-uplink/vlan # set sharing isolated

Sets the VLAN as the secondary VLAN.

Step 5

UCS-A /eth-uplink/vlan # set pubnwname primary-vlan-name

Specifies the primary VLAN to be associated with this secondary VLAN.
Step 6

UCS-A /eth-uplink/fabric/vlan/member-port # commit-buffer

Commits the transaction to the system configuration.

Example

The following example creates a named VLAN for fabric interconnect A, names the VLAN finance, assigns the VLAN ID 3955, makes this VLAN the secondary VLAN, associates the secondary VLAN with the primary VLAN, and commits the transaction: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # scope fabric a
UCS-A /eth-uplink/fabric # create vlan finance 3955
UCS-A /eth-uplink/fabric/vlan* # set sharing isolated
UCS-A /eth-uplink/fabric/vlan* # set pubnwname pvlan1000
UCS-A /eth-uplink/fabric/vlan* # commit-buffer
UCS-A /eth-uplink/fabric/vlan #

Allowing PVLANs on vNICs

SUMMARY STEPS

  1. UCS-A# scope org /
  2. UCS-A /org # scope service-profile profile-name
  3. UCS-A /org/service-profile # scope vnic vnic-name
  4. UCS-A /org/service-profile/vnic # create eth-if community-vlan-name
  5. UCS-A /org/service-profile/vnic/eth-if* # exit
  6. UCS-A /org/service-profile/vnic* # create eth-if primary-vlan-name
  7. UCS-A /org/service-profile/vnic # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope org /

Enters root organization mode.

Step 2

UCS-A /org # scope service-profile profile-name

Commits the transaction to the system configuration.

Step 3

UCS-A /org/service-profile # scope vnic vnic-name

Enters command mode for the specified vNIC.

Step 4

UCS-A /org/service-profile/vnic # create eth-if community-vlan-name

Allows the community VLAN to access the specified vNIC.

Step 5

UCS-A /org/service-profile/vnic/eth-if* # exit

Exits the interface configuration mode for the specified vNIC.

Step 6

UCS-A /org/service-profile/vnic* # create eth-if primary-vlan-name

Allows the primary VLAN to access the specified vNIC.

Step 7

UCS-A /org/service-profile/vnic # commit-buffer

Commits the transaction to the system configuration.

Example

The following example shows how to assign the community VLAN cVLAN102 and the primary VLAN primaryVLAN100 to the vNIC vnic_1 and commits the transaction. 

UCS-A# scope org /
UCS-A /org # scope service-profile GSP1
UCS-A /org/service-profile # scope vnic vnic_1
UCS-A /org/service-profile/vnic # create eth-if cVLAN102
UCS-A /org/service-profile/vnic/eth-if* # exit
UCS-A /org/service-profile/vnic # create eth-if primaryVLAN100 
UCS-A /org/service-profile/vnic* # commit-buffer

Creating a Primary VLAN for a Private VLAN on an Appliance Cloud


Important

VLANs with IDs from 4043 to 4047 and from 4094 to 4095 are reserved. You cannot create VLANs with IDs from this range. Until Cisco UCS Manager Release 4.0(1d), VLAN ID 4093 was in the list of reserved VLANs. VLAN 4093 has been removed from the list of reserved VLANs and is available for configuration.

The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.

VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.

SUMMARY STEPS

  1. UCS-A# scope eth-storage
  2. UCS-A /eth-storage # create vlan vlan-name vlan-id
  3. UCS-A /eth-storage/vlan* # set sharing primary
  4. UCS-A /eth-storage/vlan* # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-storage

Enters Ethernet storage mode.

Step 2

UCS-A /eth-storage # create vlan vlan-name vlan-id

Creates a named VLAN, specifies the VLAN name and VLAN ID, and enters Ethernet storage VLAN mode.

The VLAN name is case sensitive.

Step 3

UCS-A /eth-storage/vlan* # set sharing primary

Sets the VLAN as the primary VLAN.

Step 4

UCS-A /eth-storage/vlan* # commit-buffer

Commits the transaction to the system configuration.

Example

The following example creates a named VLAN for fabric interconnect A, names the VLAN, assigns the VLAN ID, makes this VLAN the primary VLAN, and commits the transaction: 

UCS-A# scope eth-storage
UCS-A /eth-storage # create vlan primaryvlan500 500
UCS-A /eth-storage/vlan* # set sharing primary
UCS-A /eth-storage/vlan* # commit-buffer
UCS-A /eth-storage/vlan #

Creating a Secondary VLAN for a Private VLAN on an Appliance Cloud


Important

VLANs with IDs from 4043 to 4047 and from 4094 to 4095 are reserved. You cannot create VLANs with IDs from this range. Until Cisco UCS Manager Release 4.0(1d), VLAN ID 4093 was in the list of reserved VLANs. VLAN 4093 has been removed from the list of reserved VLANs and is available for configuration.

The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.

VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.

SUMMARY STEPS

  1. UCS-A# scope eth-storage
  2. UCS-A /eth-storage # create vlan vlan-name vlan-id
  3. UCS-A /eth-storage/vlan* # set sharing isolated
  4. UCS-A /eth-storage/vlan* # set pubnwname primary-vlan-name
  5. UCS-A /eth-storage/vlan* # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-storage

Enters Ethernet storage mode.

Step 2

UCS-A /eth-storage # create vlan vlan-name vlan-id

Creates a named VLAN, specifies the VLAN name and VLAN ID, and enters Ethernet storage VLAN mode.

The VLAN name is case sensitive.

Step 3

UCS-A /eth-storage/vlan* # set sharing isolated

Sets the VLAN as the secondary VLAN.

Step 4

UCS-A /eth-storage/vlan* # set pubnwname primary-vlan-name

Specifies the primary VLAN to be associated with this secondary VLAN.

Step 5

UCS-A /eth-storage/vlan* # commit-buffer

Commits the transaction to the system configuration.

Example

The following example creates a named VLAN for fabric interconnect A, names the VLAN, assigns the VLAN ID, makes this VLAN the secondary VLAN, associates the secondary VLAN with the primary VLAN, and commits the transaction: 

UCS-A# scope eth-storage
UCS-A /eth-storage # create vlan isovlan501 501
UCS-A /eth-storage/vlan* # set sharing isolated
UCS-A /eth-storage/vlan* # set pubnwname primaryvlan500
UCS-A /eth-storage/vlan* # commit-buffer
UCS-A /eth-storage/vlan #  #

Community VLANs

Cisco UCS Manager supports Community VLANs in UCS Fabric Interconnects. Community ports communicate with each other and with promiscuous ports. Community ports have Layer 2 isolation from all other ports in other communities, or isolated ports within the PVLAN. Broadcasts are transmitted between the community ports associated with the PVLAN only and the other promiscuous ports. A promiscuous port can communicate with all interfaces, including the isolated and community ports within a PVLAN.

Creating a Community VLAN

SUMMARY STEPS

  1. UCS-A# scope eth-uplink .
  2. UCS-A# /eth-uplink/ # create vlan ID .
  3. UCS-A# /eth-uplink/ vlan # set sharing Type .
  4. UCS-A# /eth-uplink/ vlan # set pubnwname Name .
  5. UCS-A# /eth-uplink/ vlan # commit-buffer .

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink .

Enters Ethernet uplink mode.

Step 2

UCS-A# /eth-uplink/ # create vlan ID .

Create a VLAN with the specified VLAN ID.

Step 3

UCS-A# /eth-uplink/ vlan # set sharing Type .

Specifies the vlan type.

Step 4

UCS-A# /eth-uplink/ vlan # set pubnwname Name .

Specifies the primary vlan association.

Step 5

UCS-A# /eth-uplink/ vlan # commit-buffer .

Commits the transaction to the system configuration.

Example

The following example shows how to create a Community VLAN: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # create vlan vlan203 203
UCS-A /eth-uplink/vlan* # set sharing community
UCS-A /eth-uplink/vlan* # set pubname vlan200
UCS-A /eth-uplink/vlan* # commit-buffer
UCS-A /eth-uplink/vlan* # exit
UCS-A /vlan-group #

Viewing Community VLANS

SUMMARY STEPS

  1. UCS-A# scope org
  2. UCS-A /org # show vlan

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope org

Enters Cisco UCS Manager organization.

Step 2

UCS-A /org # show vlan

Displays the available groups in the organization.

Example

The following example shows the available VLAN groups in the root org: 

UCS-A# scope org
UCS-A# /org/# show vlan
VLAN Group:
   
    Name         VLAN ID         Fabric ID     Native VLAN    Sharing Type    Primary Vlan
    ---------------------------------------------------------------------------------------
    vlan100      100             Dual          No             Primary         vlan100
				vlan100      101             Dual          No             Isolated        vlan100
				vlan100      203             Dual          No             Community       vlan200

Allowing Community VLANs on vNICs

SUMMARY STEPS

  1. UCS-A# scope org org-name
  2. UCS-A /org # scope service-profile profile-name
  3. UCS-A /org/service-profile # scope vnic vnic-name
  4. UCS-A /org/service-profile/vnic # create eth-if community-vlan-name
  5. UCS-A /org/service-profile/vnic # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope org org-name

Enters the organization mode for the specified organization. To enter the root organization mode, enter / as the org-name .

Step 2

UCS-A /org # scope service-profile profile-name

Commits the transaction to the system configuration.

Step 3

UCS-A /org/service-profile # scope vnic vnic-name

Enters command mode for the specified vNIC.

Step 4

UCS-A /org/service-profile/vnic # create eth-if community-vlan-name

Allows the community VLAN to access the specified vNIC.

Step 5

UCS-A /org/service-profile/vnic # commit-buffer

Commits the transaction to the system configuration.

Example

The following example shows how to assign the community VLAN cVLAN101 to the vNIC vnic_1 and commits the transaction. 

UCS-A# scope org /
UCS-A /org # scope service-profile GSP1
UCS-A /org/service-profile # scope vnic vnic_1
UCS-A /org/service-profile/vnic # create eth-if cVLAN101
UCS-A /org/service-profile/vnic* # commit-buffer

Allowing PVLAN on Promiscuous Access or Trunk Port

For a promiscuous access port, the isolated and community VLANs must be associated to the same primary VLAN.

For a promiscuous trunk port, isolated and community VLANs belonging to different primary VLANs are allowed, as well as regular VLANs.

SUMMARY STEPS

  1. UCS-A # scope eth-storage
  2. UCS-A /eth-storage # scope vlan iso-vlan-name
  3. UCS-A /eth-storage/vlan # create member-port fabric slot- num port- num
  4. UCS-A /eth-storage/vlan/member-port # exit
  5. UCS-A /eth-storage/vlan # exit
  6. UCS-A /eth-storage # scope vlan comm-vlan-name
  7. UCS-A /eth-storage/vlan # create member-port fabric slot- num port- num
  8. UCS-A /eth-storage/vlan/member-port # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A # scope eth-storage

Enters Ethernet storage mode.

Step 2

UCS-A /eth-storage # scope vlan iso-vlan-name

Enters the specified isolated VLAN.

Step 3

UCS-A /eth-storage/vlan # create member-port fabric slot- num port- num

Creates the member port for the specified fabric, assigns the slot number and port number, and enters member port configuration scope.

Step 4

UCS-A /eth-storage/vlan/member-port # exit

Returns to VLAN mode.

Step 5

UCS-A /eth-storage/vlan # exit

Returns to Ethernet storage mode.

Step 6

UCS-A /eth-storage # scope vlan comm-vlan-name

Enters the specified community VLAN.

Step 7

UCS-A /eth-storage/vlan # create member-port fabric slot- num port- num

Creates the member port for the specified fabric, assigns the slot number and port number, and enters member port configuration scope.

Step 8

UCS-A /eth-storage/vlan/member-port # commit-buffer

Commits the transaction to the system configuration.

Example

The following example shows how to assign the isolated and community associated with the same primary VLAN to the same appliance port and commits the transaction. 

UCS-A# scope eth-storage
UCS-A /eth-storage # scope vlan isovlan501
UCS-A /eth-storage/vlan # create member-port a 1 2
UCS-A /eth-storage/vlan/member-port* # exit
UCS-A /eth-storage/vlan* # exit
UCS-A /eth-storage* # scope vlan cvlan502
UCS-A /eth-storage/vlan* # create member-port a 1 2
UCS-A /eth-storage/vlan/member-port* # commit-buffer
UCS-A /eth-storage/vlan/member-port #

Deleting a Community VLAN

If Cisco UCS Manager includes a named VLAN with the same VLAN ID as the one you delete, the VLAN is not removed from the fabric interconnect configuration until all named VLANs with that ID are deleted.

If you are deleting a private primary VLAN, ensure that you reassign the secondary VLANs to another working primary VLAN.

Before you begin

Before you delete a VLAN from a fabric interconnect, ensure that the VLAN was removed from all vNICs and vNIC templates.


Note

If you delete a VLAN that is assigned to a vNIC or vNIC template, the vNIC might allow that VLAN to flap.

SUMMARY STEPS

  1. UCS-A# scope eth-uplink
  2. (Optional) UCS-A /eth-uplink # scope fabric{a | b}
  3. UCS-A /eth-uplink # delete community vlan vlan-name
  4. UCS-A /eth-uplink # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink mode.

Step 2

(Optional) UCS-A /eth-uplink # scope fabric{a | b}

(Optional)

Enters Ethernet uplink fabric mode. Use this command when you want to delete a named VLAN only from the specified fabric (a or b).

Step 3

UCS-A /eth-uplink # delete community vlan vlan-name

Deletes the specified community VLAN.

Step 4

UCS-A /eth-uplink # commit-buffer

Commits the transaction to the system configuration.

Example

The following example deletes a Community VLAN and commits the transaction: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # delete commnity vlan vlan203
UCS-A /eth-uplink* # commit-buffer
UCS-A /eth-uplink #

Viewing the VLAN Port Count

SUMMARY STEPS

  1. UCS-A# scope fabric-interconnect {a | b}
  2. UCS-A /fabric-interconnect # show vlan-port-count

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope fabric-interconnect {a | b}

Enters fabric interconnect mode for the specified fabric interconnect.
Step 2

UCS-A /fabric-interconnect # show vlan-port-count

Displays the VLAN port count.

Example

The following example displays the VLAN port count for fabric interconnect A:

UCS-A# scope fabric-interconnect a
UCS-A /fabric-interconnect # show vlan-port-count

VLAN-Port Count:
VLAN-Port Limit     Access VLAN-Port Count     Border VLAN-Port Count     Alloc Status
----------	              ---------------           ----------------          ----------
6000                           3                         0                      Available

VLAN Port Count Optimization

VLAN port count optimization enables mapping the state of multiple VLANs into a single internal state. When you enable the VLAN port count optimization, Cisco UCS Manager logically groups VLANs based on the port VLAN membership. This grouping increases the port VLAN count limit. VLAN port count optimization also compresses the VLAN state and reduces the CPU load on the fabric interconnect. This reduction in the CPU load enables you to deploy more VLANs over more vNICs. Optimizing VLAN port count does not change any of the existing VLAN configuration on the vNICs.

VLAN port count optimization is disabled by default. You can enable or disable the option based on your requirements.


Important

  • Enabling VLAN port count optimization increases the number of available VLAN ports for use. If the port VLAN count exceeds the maximum number of VLANs in a non-optimized state, you cannot disable the VLAN port count optimization.

  • VLAN port count optimization is not supported in Cisco UCS 6100 Series fabric interconnect.

On the Cisco UCS 6454 Fabric Interconnect, VLAN port count optimization is performed when the PV count exceeds 16000.

When the Cisco UCS 6454 Fabric Interconnect is in Ethernet switching mode:

  • The FI does not support VLAN Port Count Optimization Enabled

  • The FI supports 16000 PVs, similar to EHM mode, when VLAN Port Count Optimization is Disabled

The following table illustrates the PV Count with VLAN port count optimization enabled and disabled on UCS 6200, 6300, and Cisco UCS 6454 Fabric Interconnects.

6200 Series FI

6300 Series FI

6454 FI

PV Count with VLAN Port Count Optimization Disabled

32000

16000

16000

PV Count with VLAN Port Count Optimization Enabled

64000

64000

64000

Enabling Port VLAN Count Optimization

SUMMARY STEPS

  1. UCS-A# scope eth-uplink
  2. UCS-A /eth-uplink# show detail
  3. UCS-A /eth-uplink* # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink mode.

Step 2

UCS-A /eth-uplink# show detail

Displays the fabric port-channel vHBA reset configuration.
Step 3

UCS-A /eth-uplink* # commit-buffer

Commits the transaction to the system configuration.

Example

The following example shows the fabric port-channel vHBA reset configuration:

UCS-A# scope eth-uplink
UCS-A /eth-uplink # show detail
UCS-A /eth-uplink* # commit-buffer
UCS-A /eth-uplink# 

Ethernet Uplink:
Mode: End Host
MAC Table Aging Time (dd:hh:mm:ss): Mode Default
VLAN Port Count Optimization: Disabled
Fabric Port Channel vHBA reset: Disabled
service for unsupported transceivers: Disabled

Disabling Port VLAN Count Optimization

If you have more Port VLAN count than that is allowed in the non port VLAN port count optimization state, you cannot disable the optimization.

SUMMARY STEPS

  1. UCS-A# scope eth-uplink
  2. UCS-A /eth-uplink# set vlan-port-count-optimization disable
  3. UCS-A /eth-uplink # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink mode.

Step 2

UCS-A /eth-uplink# set vlan-port-count-optimization disable

Disables the port VLAN count optimization.
Step 3

UCS-A /eth-uplink # commit-buffer

Commits the transaction to the system configuration.

Example

The following example shows how to disable VLAN port count optimization:

UCS-A# scope eth-uplink
UCS-A /eth-uplink # set vlan-port-count-optimization disable
UCS-A /eth-uplink* # commit-buffer
UCS-A /eth-uplink#

Viewing the Port VLAN Count Optimization Groups

SUMMARY STEPS

  1. UCS-A# scope eth-uplink
  2. UCS-A /eth-uplink# show vlan-port-count-optimization group

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink mode.

Step 2

UCS-A /eth-uplink# show vlan-port-count-optimization group

Displays the vlan for port VLAN count optimization groups.

Example

The following example shows port VLAN count optimization group in fabric a and b:
UCS-A# scope eth-uplink
UCS-A /eth-uplink # show vlan-port-count-optimization group
VLAN Port Count Optimization Group:
    Fabric ID  Group ID   VLAN ID
    --------   -------    -------
    A          5          6
    A          5          7
    A          5          8
    B          10         100
    B          10         101

VLAN Groups

VLAN groups allow you to group VLANs on Ethernet uplink ports, by function or by VLANs that belong to a specific network. You can define VLAN membership and apply the membership to multiple Ethernet uplink ports on the fabric interconnect.


Note

Cisco UCS Manager supports a maximum of 200 VLAN Groups. If Cisco UCS Manager determines that you create more than 200 VLAN groups, the system disables VLAN compression.

You can configure inband and out-of-band (OOB) VLAN groups to use to access the Cisco Integrated Management Interface (CIMC) on blade and rack servers. Cisco UCS Manager supports OOB IPv4 and inband IPv4 and IPv6 VLAN groups for use with the uplink interfaces or uplink port channels.


Note

Inband Management is not supported on VLAN 2 or VLAN 3.

After you assign a VLAN to a VLAN group, any changes to the VLAN group are applied to all Ethernet uplink ports that are configured with the VLAN group. The VLAN group also enables you to identify VLAN overlaps between disjoint VLANs.

You can configure uplink ports under a VLAN group. When you configure an uplink port for a VLAN group, that uplink port will support all the VLANs that are part of the associated VLAN groups and individual VLANs that are associated with the uplink using LAN Uplinks Manager, if any. Further, any uplink that is not selected for association with that VLAN group will stop supporting the VLANs that are part of that VLAN group.

You can create VLAN groups from the LAN Cloud or from the LAN Uplinks Manager.

Creating a VLAN Group

SUMMARY STEPS

  1. UCS-A# scope eth-uplink .
  2. UCS-A# /eth-uplink/ #create vlan-groupName .
  3. UCS-A# /eth-uplink/ vlan-group#create member-vlanID .
  4. UCS-A# /eth-uplink/vlan-group #create member-port [member-port-channel] .
  5. UCS-A#/vlan-group* # commit-buffer .

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink .

Enters Ethernet uplink mode.

The VLAN Group name is case sensitive.

Step 2

UCS-A# /eth-uplink/ #create vlan-groupName .

Create a VLAN group with the specified name.

This name can be between 1 and 32 alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and you cannot change this name after the object is saved.

Step 3

UCS-A# /eth-uplink/ vlan-group#create member-vlanID .

Adds the specified VLANs to the created VLAN group.
Step 4

UCS-A# /eth-uplink/vlan-group #create member-port [member-port-channel] .

Assigns the uplink Ethernet ports to the VLAN group.
Step 5

UCS-A#/vlan-group* # commit-buffer .

Commits the transaction to the system configuration.

Example

The following example shows how to create a VLAN group:

UCS-A# scope eth-uplink
UCS-A /eth-uplink # create vlan-group eng
UCS-A /eth-uplink/vlan-group* # create member-vlan 3
UCS-A /eth-uplink/vlan-group* # commit-buffer
UCS-A /vlan-group #

Creating an Inband VLAN Group

Configure inband VLAN groups to provide access to remote users via an inband service profile.

SUMMARY STEPS

  1. UCS-A# scope eth uplink
  2. UCS-A /eth-uplink # create vlan-group inband-vlan-name
  3. UCS-A /eth-uplink/vlan-group # create member-vlan inband-vlan-name inband-vlan-id
  4. UCS-A /eth-uplink/vlan-group/member-vlan # exit
  5. UCS-A /eth-uplink/vlan-group # create member-port fabric slot-num port-num
  6. UCS-A /eth-uplink/vlan-group/member-port # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth uplink

Enters Ethernet uplink configuration mode.
Step 2

UCS-A /eth-uplink # create vlan-group inband-vlan-name

Creates a VLAN group with the specified name and enters VLAN group configuration mode.
Step 3

UCS-A /eth-uplink/vlan-group # create member-vlan inband-vlan-name inband-vlan-id

Adds the specified VLAN to the VLAN group and enters VLAN group member configuration mode.
Step 4

UCS-A /eth-uplink/vlan-group/member-vlan # exit

Exits VLAN group member configuration mode.
Step 5

UCS-A /eth-uplink/vlan-group # create member-port fabric slot-num port-num

Creates the member port for the specified fabric, assigns the slot number, and port number and enters member port configuration.
Step 6

UCS-A /eth-uplink/vlan-group/member-port # commit-buffer

Commits the transaction.

Example

The example below creates a VLAN group named inband-vlan-group, creates a member of the group named Inband_VLAN and assigns VLAN ID 888, creates member ports for Fabric A and Fabric B, and commits the transaction: 

UCS-A# scope eth-uplink 
UCS-A /eth-uplink # create vlan-group inband-vlan-group 
UCS-A /eth-uplink/vlan-group* # create member-vlan Inband_VLAN 888 
UCS-A /eth-uplink/vlan-group/member-vlan* # exit
UCS-A /eth-uplink/vlan-group* # create member-port a 1 23 
UCS-A /eth-uplink/vlan-group/member-port* # exit
UCS-A /eth-uplink/vlan-group* # create member-port b 1 23   
UCS-A /eth-uplink/vlan-group/member-port* # commit-buffer 
UCS-A /eth-uplink/vlan-group/member-port # exit
UCS-A /eth-uplink/vlan-group # exit

What to do next

Assign the inband VLAN group to an inband service profile.

Viewing VLAN Groups

SUMMARY STEPS

  1. UCS-A# scope org
  2. UCS-A /org # show vlan-group

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope org

Enters Cisco UCS Manager organization.
Step 2

UCS-A /org # show vlan-group

Displays the available groups in the organization.

Example

The following example shows the available VLAN groups in the root org:

UCS-A# scope org
UCS-A# /org/# show vlan-group
VLAN Group:
    Name
    ----
    eng
				hr
				finance

Deleting a VLAN Group

SUMMARY STEPS

  1. UCS-A# scope eth-uplink .
  2. UCS-A# /eth-uplink/ #delete vlan-groupName .
  3. UCS-A#/eth-uplink* # commit-buffer .

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink .

Enters Ethernet uplink mode.
Step 2

UCS-A# /eth-uplink/ #delete vlan-groupName .

Deletes the specified VLAN group.
Step 3

UCS-A#/eth-uplink* # commit-buffer .

Commits the transaction to the system configuration.

Example

The following example shows how to delete a VLAN group: 

UCS-A# scope eth-uplink
UCS-A /eth-uplink # delete vlan-group eng
UCS-A /eth-uplink* # commit-buffer
UCS-A /eth-uplink #

Modifying the Reserved VLAN

This task describes how to modify the reserved VLAN ID. Modifying the reserved VLAN makes transitioning from Cisco UCS 6200 Series Fabric Interconnects to the Cisco UCS 6454 Fabric Interconnect more flexible with preexisting network configurations. The reserved VLAN block is configurable by assigning a contiguous block of 128 unused VLANs, rather than reconfiguring the currently existing VLANs that conflict with the default range. For example, if the reserved VLAN is changed to 3912, then the new VLAN block range spans 3912 to 4039. You can select any contiguous block of 128 VLAN IDs, with the start ID ranging from 2 to 3915. Changing the reserved VLAN requires a reload of the 6454 Fabric Interconnect for the new values to take effect.

SUMMARY STEPS

  1. UCS-A# scope eth-uplink .
  2. UCS-A# /eth-uplink/ #show reserved-vlan .
  3. UCS-A# /eth-uplink/ #scope reserved-vlan .
  4. UCS-A# /eth-uplink/reserved-vlan #set start-vlan-id [vlan-id] .
  5. UCS-A# /eth-uplink/reserved-vlan* # commit-buffer .

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink .

Enters Ethernet uplink mode.
Step 2

UCS-A# /eth-uplink/ #show reserved-vlan .

This displays the reserved VLAN IDs.
Step 3

UCS-A# /eth-uplink/ #scope reserved-vlan .

Enters reserved VLAN ID specification mode.
Step 4

UCS-A# /eth-uplink/reserved-vlan #set start-vlan-id [vlan-id] .

Assigns the new reserved VLAN starting ID. The reserved VLAN range ID can be specified from 2-3915.
Step 5

UCS-A# /eth-uplink/reserved-vlan* # commit-buffer .

Commits the transaction to the system configuration.

Example

The following example shows how to modify the reserved VLAN ID:

UCS-A# scope eth-uplink
UCS-A /eth-uplink # show reserved-vlan
UCS-A /eth-uplink/ # scope reserved-vlan
UCS-A /eth-uplink/reserved-vlan # set start-vlan-id 3912
UCS-A /eth-uplink/reserved-vlan/* # commit-buffer

VLAN Permissions

VLAN permissions restrict access to VLANs based on specified organizations and on the service profile organizations to which the VLANs belong. VLAN permissions also restrict the set of VLANs that you can assign to service profile vNICs. VLAN permissions is an optional feature and is disabled by default. You can enable or disable the feature based on your requirements. If you disable the feature, all of the VLANs are globally accessible to all organizations.


Note

If you enable the org permission in LAN > LAN Cloud > Global Policies > Org Permissions, when you create a VLAN, the Permitted Orgs for VLAN(s) option displays in the Create VLANs dialog box. If you do not enable the Org Permissions, the Permitted Orgs for VLAN(s) option does not display.

Enabling the org permission allows you to specify the organizations for the VLAN. When you specify the organizations, the VLAN becomes available to that specific organization and all of the sub organizations below the structure. Users from other organizations cannot access this VLAN. You can also modify the VLAN permission anytime based on changes to your VLAN access requirements.


Caution

When you assign the VLAN org permission to an organization at the root level, all sub organizations can access the VLANs. After assigning the org permission at the root level, and you change the permission for a VLAN that belongs to a sub organization, that VLAN becomes unavailable to the root level organization.

Creating VLAN Permissions

SUMMARY STEPS

  1. UCS-A# scope org .
  2. UCS-A# /org/ #create vlan-permitVLAN permission name .
  3. UCS-A#/org* # commit-buffer .

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope org .

Enters the Cisco UCS Manager VLAN organization.
Step 2

UCS-A# /org/ #create vlan-permitVLAN permission name .

Creates the specified VLAN permission and assigns VLAN access permission to the organization.
Step 3

UCS-A#/org* # commit-buffer .

Commits the transaction to the system configuration.

Example

The following example shows how to create a VLAN permission for an organization:

UCS-A# scope org
UCS-A /org # create vlan-permit dev
UCS-A /org* # commit-buffer
UCS-A /org #

Viewing VLAN Permissions

SUMMARY STEPS

  1. UCS-A# scope org
  2. UCS-A /org # show vlan-permit

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope org

Enters Cisco UCS Manager organization.
Step 2

UCS-A /org # show vlan-permit

Displays the available permissions in the organization.

Example

The following example shows the VLAN groups that have permission to access this VLAN:

UCS-A# scope org
UCS-A# /org/# show vlan-permit
VLAN Group:
    Name
    ----
    eng
				hr
				finance

Deleting a VLAN Permission

SUMMARY STEPS

  1. UCS-A# scope org .
  2. UCS-A# /org/ #delete vlan-permitVLAN permission name .
  3. UCS-A#/org* # commit-buffer .

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope org .

Enters the Cisco UCS Manager VLAN organization.
Step 2

UCS-A# /org/ #delete vlan-permitVLAN permission name .

Deletes the access permission to the VLAN.
Step 3

UCS-A#/org* # commit-buffer .

Commits the transaction to the system configuration.

Example

The following example shows how to delete a VLAN permission from an organization:

UCS-A# scope org
UCS-A /org # delete vlan-permit dev
UCS-A /org* # commit-buffer
UCS-A /org #

Fabric Port-Channel vHBA

A virtual host bus adapter (vHBA) logically connects a virtual machine to a virtual interface on the fabric interconnect and allows the virtual machine to send and receive traffic through that interface. This is currently accomplished by using the fibre channel modes (end-host mode/swtich mode).

The port-channel operations that involves addition or removal of a member link between fabric interconnect and I/O Module (IOM). Such operations may result in a long I/O pause or connection drop from virtual machines to its targets and require a vHBA reset support

With the fabric port-channel vHBA reset is set to enabled, when the Cisco UCS IOM port-channel membership changes, the fabric interconnect sends a Registered State Change Notification (RSCN) packet to each vhba configured via that Cisco UCS IOM. The RSCN enables the virtual interface card (VIC) or VIC Driver to reset the fabric port-channel vHBA and to restore the connectivity.

By default, the fabric port-channel vHBA reset is set to disabled. This configuration supports additional bandwidth and provides greater resilience.


Important

The option fabric port-channel vHBA is currently supported only on Cisco UCS 6400 series Fabric Interconnects.

Enabling Fabric Port Channel vHBA reset

SUMMARY STEPS

  1. UCS-A# scope eth-uplink
  2. UCS-A /eth-uplink# set fabric-pc-vhba-reset enabled
  3. UCS-A /eth-uplink* # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink mode.

Step 2

UCS-A /eth-uplink# set fabric-pc-vhba-reset enabled

Sets the fabric port-channel vHBA reset state as enabled.
Step 3

UCS-A /eth-uplink* # commit-buffer

Commits the transaction to the system configuration.

Example

The following example shows how to enable fabric port-channel vHBA reset:

UCS-A# scope eth-uplink
UCS-A /eth-uplink # set fabric-pc-vhba-reset enabled
UCS-A /eth-uplink* # commit-buffer
UCS-A /eth-uplink#

Disabling fabric port channel vHBA reset

You can disable the fabric port-channel vHBA reset.

SUMMARY STEPS

  1. UCS-A# scope eth-uplink
  2. UCS-A /eth-uplink# set fabric-pc-vhba-reset disabled
  3. UCS-A /eth-uplink # commit-buffer

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink mode.

Step 2

UCS-A /eth-uplink# set fabric-pc-vhba-reset disabled

Sets the fabric port-channel vHBA reset state as disabled. This is the default state.
Step 3

UCS-A /eth-uplink # commit-buffer

Commits the transaction to the system configuration.

Example

The following example shows how to disable the fabric port-channel vHBA reset:

UCS-A# scope eth-uplink
UCS-A /eth-uplink # set fabric-pc-vhba-reset disabled
UCS-A /eth-uplink* # commit-buffer
UCS-A /eth-uplink#

Viewing the Fabric Port Channel vHBA Reset

SUMMARY STEPS

  1. UCS-A# scope eth-uplink
  2. UCS-A /eth-uplink# show detail

DETAILED STEPS

  Command or Action Purpose
Step 1

UCS-A# scope eth-uplink

Enters Ethernet uplink mode.

Step 2

UCS-A /eth-uplink# show detail

Displays the fabric port-channel vHBA reset configration.

Example

The following example shows the fabric port-channel vHBA reset configration:
UCS-A# scope eth-uplink
UCS-A /eth-uplink # show detail

Ethernet Uplink:
    Mode: End Host
    MAC Table Aging Time (dd:hh:mm:ss): Mode Default
    VLAN Port Count Optimization: Disabled
    Fabric Port Channel vHBA reset: Disabled
    service for unsupported transceivers: Disabled