Q-in-Q Encapsulation Mapping for EPGs
Using Cisco Application Policy Infrastructure Controller (APIC), you can map double-tagged VLAN traffic ingressing on a regular interface, PC, or vPC to an EPG. When this feature is enabled, when double-tagged traffic enters the network for an EPG, both tags are processed individually in the fabric and restored to double-tags when egressing the Cisco Application Centric Infrastructure (ACI) switch. Ingressing single-tagged and untagged traffic is dropped.
The following guidelines and limitations apply:
-
This feature is only supported on Cisco Nexus 9300-FX platform switches.
-
Both the outer and inner tag must be of EtherType 0x8100.
-
MAC learning and routing are based on the EPG port, sclass, and VRF instance, not on the access encapsulations.
-
QoS priority settings are supported, derived from the outer tag on ingress, and rewritten to both tags on egress.
-
EPGs can simultaneously be associated with other interfaces on a leaf switch, that are configured for single-tagged VLANs.
-
Service graphs are supported for provider and consumer EPGs that are mapped to Q-in-Q encapsulated interfaces. You can insert service graphs, as long as the ingress and egress traffic on the service nodes is in single-tagged encapsulated frames.
-
When vPC ports are enabled for Q-in-Q encapsulation mode, VLAN consistency checks are not performed.
The following features and options are not supported with this feature:
-
Per-port VLAN feature
-
FEX connections
-
Mixed mode
For example, an interface in Q-in-Q encapsulation mode can have a static path binding to an EPG with double-tagged encapsulation only, not with regular VLAN encapsulation.
-
STP and the "Flood in Encapsulation" option
-
Untagged and 802.1p mode
-
Multi-pod and Multi-Site
-
Legacy bridge domain
-
L2Out and L3Out connections
-
VMM integration
-
Changing a port mode from routed to Q-in-Q encapsulation mode
-
Per-VLAN mis-cabling protocol on ports in Q-in-Q encapsulation mode