- Preface
- Overview of Cisco Unified Computing System
- Overview of Cisco UCS Manager
- Overview of Cisco UCS Manager CLI
- Configuring the Fabric Interconnects
- Configuring Ports and Port Channels
- Configuring Communication Services
- Configuring Authentication
- Configuring Organizations
- Configuring Role-Based Access Control
- Configuring DNS Servers
- Configuring System-Related Policies
- Managing Licenses
- Managing Virtual Interfaces
- Registering Cisco UCS Domains with Cisco UCS Central
- VLANs
- Configuring LAN Pin Groups
- Configuring MAC Pools
- Configuring Quality of Service
- Configuring Network-Related Policies
- Configuring Upstream Disjoint Layer-2 Networks
- Configuring Named VSANs
- Configuring SAN Pin Groups
- Configuring WWN Pools
- Configuring Storage-Related Policies
- Configuring Fibre Channel Zoning
- Configuring Server-Related Pools
- Setting the Management IP Address
- Configuring Server-Related Policies
- Configuring Server Boot
- Deferring Deployment of Service Profile Updates
- Service Profiles
- Configuring Storage Profiles
- Managing Power in Cisco UCS
- Managing Time Zones
- Managing the Chassis
- Managing Blade Servers
- Managing Rack-Mount Servers
- CIMC Session Management
- Managing the I/O Modules
- Backing Up and Restoring the Configuration
- Recovering a Lost Password
- Named VLANs
- Private VLANs
- VLAN Port Limitations
- Configuring Named VLANs
- Creating a Named VLAN Accessible to Both Fabric Interconnects (Uplink Ethernet Mode)
- Creating a Named VLAN Accessible to Both Fabric Interconnects (Ethernet Storage Mode)
- Creating a Named VLAN Accessible to One Fabric Interconnect (Uplink Ethernet Mode)
- Creating a Named VLAN Accessible to One Fabric Interconnect (Ethernet Storage Mode)
- Deleting a Named VLAN
- Configuring Private VLANs
- Creating a Primary VLAN for a Private VLAN (Accessible to Both Fabric Interconnects)
- Creating a Primary VLAN for a Private VLAN (Accessible to One Fabric Interconnect)
- Creating a Secondary VLAN for a Private VLAN (Accessible to Both Fabric Interconnects)
- Creating a Secondary VLAN for a Private VLAN (Accessible to One Fabric Interconnect)
- Community VLANs
- Viewing the VLAN Port Count
- VLAN Port Count Optimization
- VLAN Groups
- VLAN Permissions
VLANs
- Named VLANs
- Private VLANs
- VLAN Port Limitations
- Configuring Named VLANs
- Configuring Private VLANs
- Community VLANs
- Viewing the VLAN Port Count
- VLAN Port Count Optimization
- VLAN Groups
- VLAN Permissions
Named VLANs
A named VLAN creates a connection to a specific external LAN. The VLAN isolates traffic to that external LAN, including broadcast traffic.
The name that you assign to a VLAN ID adds a layer of abstraction that allows you to globally update all servers associated with service profiles that use the named VLAN. You do not need to reconfigure the servers individually to maintain communication with the external LAN.
You can create more than one named VLAN with the same VLAN ID. For example, if servers that host business services for HR and Finance need to access the same external LAN, you can create VLANs named HR and Finance with the same VLAN ID. Then, if the network is reconfigured and Finance is assigned to a different LAN, you only have to change the VLAN ID for the named VLAN for Finance.
In a cluster configuration, you can configure a named VLAN to be accessible only to one fabric interconnect or to both fabric interconnects.
Guidelines for VLAN IDs
You cannot create VLANs with IDs from 4030 to 4047. This range of VLAN IDs is reserved.
The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.
VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.
VLAN 4048 is user configurable. However, Cisco UCS Manager uses VLAN 4048 for the following default values. If you want to assign 4048 to a VLAN, you must reconfigure these values:
-
After an upgrade to Cisco UCS, Release 2.0—The FCoE storage port native VLAN uses VLAN 4048 by default. If the default FCoE VSAN was set to use VLAN 1 before the upgrade, you must change it to a VLAN ID that is not used or reserved. For example, consider changing the default to 4049 if that VLAN ID is not in use.
-
After a fresh install of Cisco UCS, Release 2.0—The FCoE VLAN for the default VSAN uses VLAN 4048 by default. The FCoE storage port native VLAN uses VLAN 4049.
The VLAN name is case sensitive.
Private VLANs
Isolated and Community VLANs
All secondary VLANs in a Cisco UCS domain can be Isolated or Community VLANs.
![]() Note | You cannot configure an isolated VLAN to use with a regular VLAN. |
Ports on Isolated VLANs
Communications on an isolated VLAN can only use the associated port in the primary VLAN. These ports are isolated ports and are not configurable in Cisco UCS Manager. A primary VLAN can have only one isolated VLAN, but multiple isolated ports on the same isolated VLAN are allowed. These isolated ports cannot communicate with each other. The isolated ports can communicate only with a regular trunk port or promiscuous port that allows the isolated VLAN.
An isolated port is a host port that belongs to an isolated secondary VLAN. This port has complete isolation from other ports within the same private VLAN domain. PVLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports. You can have more than one isolated port in a specified isolated VLAN. Each port is completely isolated from all other ports in the isolated VLAN.
Guidelines for Uplink Ports
When you create PVLANs, use the following guidelines:
Guidelines for VLAN IDs
You cannot create VLANs with IDs from 4030 to 4047. This range of VLAN IDs is reserved.
The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.
VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.
VLAN 4048 is user configurable. However, Cisco UCS Manager uses VLAN 4048 for the following default values. If you want to assign 4048 to a VLAN, you must reconfigure these values:
-
After an upgrade to Cisco UCS, Release 2.0—The FCoE storage port native VLAN uses VLAN 4048 by default. If the default FCoE VSAN was set to use VLAN 1 before the upgrade, you must change it to a VLAN ID that is not used or reserved. For example, consider changing the default to 4049 if that VLAN ID is not in use.
-
After a fresh install of Cisco UCS, Release 2.0—The FCoE VLAN for the default VSAN uses VLAN 4048 by default. The FCoE storage port native VLAN uses VLAN 4049.
The VLAN name is case sensitive.
VLAN Port Limitations
Cisco UCS Manager limits the number of VLAN port instances that you can configure under border and server domains on a fabric interconnect.
Types of Ports Included in the VLAN Port Count
The following types of ports are counted in the VLAN port calculation:
-
Border uplink Ethernet ports
-
Border uplink Ether-channel member ports
-
FCoE ports in a SAN cloud
-
Ethernet ports in a NAS cloud
-
Static and dynamic vNICs created through service profiles
-
VM vNICs created as part of a port profile in a hypervisor in hypervisor domain
Based on the number of VLANs configured for these ports, Cisco UCS Manager tracks the cumulative count of VLAN port instances and enforces the VLAN port limit during validation. Cisco UCS Manager reserves some pre-defined VLAN port resources for control traffic. These include management VLANs configured under HIF and NIF ports.
VLAN Port Limit Enforcement
Cisco UCS Manager validates VLAN port availability during the following operations:
-
Configuring and unconfiguring border ports and border port channels
-
Adding or removing VLANs from a cloud
-
Configuring or unconfiguring SAN or NAS ports
-
Associating or disassociating service profiles that contain configuration changes
-
Configuring or unconfiguring VLANs under vNICs or vHBAs
-
Receiving creation or deletion notifications from a VMWare vNIC and from an ESX hypervisor
Note
This is outside the control of the Cisco UCS Manager.
-
Fabric interconnect reboot
-
Cisco UCS Manager upgrade or downgrade
Cisco UCS Manager strictly enforces the VLAN port limit on service profile operations. If Cisco UCS Manager detects that the VLAN port limit is exceeded, the service profile configuration fails during deployment.
Exceeding the VLAN port count in a border domain is less disruptive. When the VLAN port count is exceeded in a border domain Cisco UCS Manager changes the allocation status to Exceeded. To change the status back to Available, complete one of the following actions:
Configuring Named VLANs
Creating a Named VLAN Accessible to Both Fabric Interconnects (Uplink Ethernet Mode)
You cannot create VLANs with IDs from 4030 to 4047. This range of VLAN IDs is reserved.
The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.
VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.
The following example creates a named VLAN for both fabric interconnects, names the VLAN accounting, assigns the VLAN ID 2112, sets the sharing to none, and commits the transaction:
UCS-A# scope eth-uplink UCS-A /eth-uplink # create vlan accounting 2112 UCS-A /eth-uplink/vlan* # set sharing none UCS-A /eth-uplink/vlan* # commit-buffer UCS-A /eth-uplink/vlan #
Creating a Named VLAN Accessible to Both Fabric Interconnects (Ethernet Storage Mode)
You cannot create VLANs with IDs from 4030 to 4047. This range of VLAN IDs is reserved.
The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.
VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.
The following example creates a named VLAN for both fabric interconnects, names the VLAN accounting, assigns the VLAN ID 2112, creates a member port on slot 2, port 20, and commits the transaction:
UCS-A# scope eth-storage UCS-A /eth-storage # create vlan accounting 2112 UCS-A /eth-storage/vlan* # create member-port a 2 20 UCS-A /eth-storage/vlan/member-port* # commit-buffer UCS-A /eth-storage/vlan/member-port #
Creating a Named VLAN Accessible to One Fabric Interconnect (Uplink Ethernet Mode)
You cannot create VLANs with IDs from 4030 to 4047. This range of VLAN IDs is reserved.
The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.
VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.
The following example creates a named VLAN for fabric interconnect A, names the VLAN finance, assigns the VLAN ID 3955, sets the sharing to none, and commits the transaction:
UCS-A# scope eth-uplink UCS-A /eth-uplink # scope fabric a UCS-A /eth-uplink/fabric # create vlan finance 3955 UCS-A /eth-uplink/fabric/vlan* # set sharing none UCS-A /eth-uplink/fabric/vlan* # commit-buffer UCS-A /eth-uplink/fabric/vlan #
Creating a Named VLAN Accessible to One Fabric Interconnect (Ethernet Storage Mode)
You cannot create VLANs with IDs from 4030 to 4047. This range of VLAN IDs is reserved.
The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.
VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.
The following example creates a named VLAN for fabric interconnect A, names the VLAN finance, assigns the VLAN ID 3955, creates a member port on slot 2, port 20, and commits the transaction:
UCS-A# scope eth-storage UCS-A /eth-storage # scope fabric a UCS-A /eth-storage/fabric # create vlan finance 3955 UCS-A /eth-storage/fabric/vlan* # create member-port a 2 20 UCS-A /eth-storage/fabric/vlan/member-port* # commit-buffer UCS-A /eth-storage/fabric/vlan/member-port #
Deleting a Named VLAN
If Cisco UCS Manager includes a named VLAN with the same VLAN ID as the one you delete, the VLAN is not removed from the fabric interconnect configuration until all named VLANs with that ID are deleted.
If you are deleting a private primary VLAN, ensure that you reassign the secondary VLANs to another working primary VLAN.
Before you delete a VLAN from a fabric interconnect, ensure that the VLAN was removed from all vNICs and vNIC templates.
![]() Note | If you delete a VLAN that is assigned to a vNIC or vNIC template, the vNIC might allow that VLAN to flap. |
The following example deletes a named VLAN accessible to both fabric interconnects and commits the transaction:
UCS-A# scope eth-uplink UCS-A /eth-uplink # delete vlan accounting UCS-A /eth-uplink* # commit-buffer UCS-A /eth-uplink #
The following example deletes a named VLAN accessible to one fabric interconnect and commits the transaction:
UCS-A# scope eth-uplink UCS-A /eth-uplink # scope fabric a UCS-A /eth-uplink/fabric # delete vlan finance UCS-A /eth-uplink/fabric* # commit-buffer UCS-A /eth-uplink/fabric #
Configuring Private VLANs
Creating a Primary VLAN for a Private VLAN (Accessible to Both Fabric Interconnects)
You cannot create VLANs with IDs from 4030 to 4047. This range of VLAN IDs is reserved.
The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.
VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.
The following example creates a named VLAN for both fabric interconnects, names the VLAN accounting, assigns the VLAN ID 2112, makes this VLAN the primary VLAN, and commits the transaction:
UCS-A# scope eth-uplink UCS-A /eth-uplink # create vlan accounting 2112 UCS-A /eth-uplink/vlan* # set sharing primary UCS-A /eth-uplink/vlan* # commit-buffer UCS-A /eth-uplink/vlan #
Creating a Primary VLAN for a Private VLAN (Accessible to One Fabric Interconnect)
You cannot create VLANs with IDs from 4030 to 4047. This range of VLAN IDs is reserved.
The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.
VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.
The following example creates a named VLAN for fabric interconnect A, names the VLAN finance, assigns the VLAN ID 3955, makes this VLAN the primary VLAN, and commits the transaction:
UCS-A# scope eth-uplink UCS-A /eth-uplink # scope fabric a UCS-A /eth-uplink/fabric # create vlan finance 3955 UCS-A /eth-uplink/fabric/vlan* # set sharing primary UCS-A /eth-uplink/fabric/vlan* # commit-buffer UCS-A /eth-uplink/fabric/vlan #
Creating a Secondary VLAN for a Private VLAN (Accessible to Both Fabric Interconnects)
You cannot create VLANs with IDs from 4030 to 4047. This range of VLAN IDs is reserved.
The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.
VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.
The following example creates a named VLAN for both fabric interconnects, names the VLAN accounting, assigns the VLAN ID 2112, makes this VLAN the secondary VLAN, associates the secondary VLAN with the primary VLAN, and commits the transaction:
UCS-A# scope eth-uplink UCS-A /eth-uplink # create vlan accounting 2112 UCS-A /eth-uplink/vlan* # set sharing isolated UCS-A /eth-uplink/vlan* # set pubnwname pvlan1000 UCS-A /eth-uplink/vlan* # commit-buffer UCS-A /eth-uplink/vlan #
Creating a Secondary VLAN for a Private VLAN (Accessible to One Fabric Interconnect)
You cannot create VLANs with IDs from 4030 to 4047. This range of VLAN IDs is reserved.
The VLAN IDs you specify must also be supported on the switch that you are using. For example, on Cisco Nexus 5000 Series switches, the VLAN ID range from 3968 to 4029 is reserved. Before you specify the VLAN IDs in Cisco UCS Manager, make sure that the same VLAN IDs are available on your switch.
VLANs in the LAN cloud and FCoE VLANs in the SAN cloud must have different IDs. Using the same ID for a VLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all vNICs and uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that overlaps with an FCoE VLAN ID.
The following example creates a named VLAN for fabric interconnect A, names the VLAN finance, assigns the VLAN ID 3955, makes this VLAN the secondary VLAN, associates the secondary VLAN with the primary VLAN, and commits the transaction:
UCS-A# scope eth-uplink UCS-A /eth-uplink # scope fabric a UCS-A /eth-uplink/fabric # create vlan finance 3955 UCS-A /eth-uplink/fabric/vlan* # set sharing isolated UCS-A /eth-uplink/fabric/vlan* # set pubnwname pvlan1000 UCS-A /eth-uplink/fabric/vlan* # commit-buffer UCS-A /eth-uplink/fabric/vlan #
Community VLANs
Cisco UCS Manager supports Community VLANs in UCS Fabric Interconnects. Community ports communicate with each other and with promiscuous ports. Community ports have Layer 2 isolation from all other ports in other communities, or isolated ports within the PVLAN. Broadcasts are transmitted between the community ports associated with the PVLAN only and the other promiscuous ports. A promiscuous port can communicate with all interfaces, including the isolated and community ports within a PVLAN.
- Creating a Community VLAN
- Allowing Community VLANs on vNICs
- Allowing PVLAN on Promiscuous Access or Trunk Port
- Deleting a Community VLAN
Creating a Community VLAN
The following example shows how to create a Community VLAN:
UCS-A# scope eth-uplink UCS-A /eth-uplink # create vlan vlan203 203 UCS-A /eth-uplink/vlan* # set sharing community UCS-A /eth-uplink/vlan* # set pubname vlan200 UCS-A /eth-uplink/vlan* # commit-buffer UCS-A /eth-uplink/vlan* # exit UCS-A /vlan-group #
Allowing Community VLANs on vNICs
The following example shows how to assign the community VLAN cVLAN101 to the vNIC vnic_1 and commits the transaction.
UCS-A# scope org / UCS-A /org # scope service-profile GSP1 UCS-A /org/service-profile # scope vnic vnic_1 UCS-A /org/service-profile/vnic # create eth-if cVLAN101 UCS-A /org/service-profile/vnic* # commit-buffer
Allowing PVLAN on Promiscuous Access or Trunk Port
For a promiscuous access port, the isolated and community VLANs must be associated to the same primary VLAN.
For a promiscuous trunk port, isolated and community VLANs belonging to different primary VLANs are allowed, as well as regular VLANs.
The following example shows how to assign the isolated and community associated with the same primary VLAN to the same appliance port and commits the transaction.
UCS-A# scope eth-storage UCS-A /eth-storage # scope vlan isovlan501 UCS-A /eth-storage/vlan # create member-port a 1 2 UCS-A /eth-storage/vlan/member-port* # exit UCS-A /eth-storage/vlan* # exit UCS-A /eth-storage* # scope vlan cvlan502 UCS-A /eth-storage/vlan* # create member-port a 1 2 UCS-A /eth-storage/vlan/member-port* # commit-buffer UCS-A /eth-storage/vlan/member-port #
Deleting a Community VLAN
If Cisco UCS Manager includes a named VLAN with the same VLAN ID as the one you delete, the VLAN is not removed from the fabric interconnect configuration until all named VLANs with that ID are deleted.
If you are deleting a private primary VLAN, ensure that you reassign the secondary VLANs to another working primary VLAN.
Before you delete a VLAN from a fabric interconnect, ensure that the VLAN was removed from all vNICs and vNIC templates.
![]() Note | If you delete a VLAN that is assigned to a vNIC or vNIC template, the vNIC might allow that VLAN to flap. |
The following example deletes a Community VLAN and commits the transaction:
UCS-A# scope eth-uplink UCS-A /eth-uplink # delete commnity vlan vlan203 UCS-A /eth-uplink* # commit-buffer UCS-A /eth-uplink #
Viewing the VLAN Port Count
Command or Action | Purpose |
---|
The following example displays the VLAN port count for fabric interconnect A:
UCS-A# scope fabric-interconnect a UCS-A /fabric-interconnect # show vlan-port-count VLAN-Port Count: VLAN-Port Limit Access VLAN-Port Count Border VLAN-Port Count Alloc Status ---------- --------------- ---------------- ---------- 6000 3 0 Available
VLAN Port Count Optimization
VLAN port count optimization enables mapping the state of multiple VLANs into a single internal state. When you enable the VLAN port count optimization, Cisco UCS Manager logically groups VLANs based on the port VLAN membership. This grouping increases the port VLAN count limit. VLAN port count optimization also compresses the VLAN state and reduces the CPU load on the fabric interconnect. This reduction in the CPU load enables you to deploy more VLANs over more vNICs. Optimizing VLAN port count does not change any of the existing VLAN configuration on the vNICs.
VLAN port count optimization is disabled by default. You can enable or disable the option based on your requirements.
-
Enabling VLAN port count optimization increases the number of available VLAN ports for use. If the port VLAN count exceeds the maximum number of VLANs in a non-optimized state, you cannot disable the VLAN port count optimization.
-
VLAN port count optimization is not supported in Cisco UCS 6100 Series fabric interconnect.
- Enabling Port VLAN Count Optimization
- Disabling Port VLAN Count Optimization
- Viewing the Port VLAN Count Optimization Groups
Enabling Port VLAN Count Optimization
Command or Action | Purpose |
---|
The following example shows how to enable VLAN port count optimization:
UCS-A# scope eth-uplink UCS-A /eth-uplink # set vlan-port-count-optimization enable UCS-A /eth-uplink* # commit-buffer UCS-A /eth-uplink#
Disabling Port VLAN Count Optimization
If you have more Port VLAN count than that is allowed in the non port VLAN port count optimization state, you cannot disable the optimization.
Command or Action | Purpose |
---|
The following example shows how to disable VLAN port count optimization:
UCS-A# scope eth-uplink UCS-A /eth-uplink # set vlan-port-count-optimization disable UCS-A /eth-uplink* # commit-buffer UCS-A /eth-uplink#
Viewing the Port VLAN Count Optimization Groups
Command or Action | Purpose |
---|
UCS-A# scope eth-uplink UCS-A /eth-uplink # show vlan-port-count-optimization group VLAN Port Count Optimization Group: Fabric ID Group ID VLAN ID -------- ------- ------- A 5 6 A 5 7 A 5 8 B 10 100 B 10 101
VLAN Groups
VLAN groups allow you to group VLANs on Ethernet uplink ports, by function or by VLANs that belong to a specific network. You can define VLAN membership and apply the membership to multiple Ethernet uplink ports on the fabric interconnect.
![]() Note | Cisco UCS Manager supports a maximum of 200 VLAN Groups. If Cisco UCS Manager determines that you create more than 200 VLAN groups, the system disables VLAN compression. |
You can configure inband and out-of-band (OOB) VLAN groups to use to access the Cisco Integrated Management Interface (CIMC) on blade and rack servers. Cisco UCS Manager supports OOB IPv4 and inband IPv4 and IPv6 VLAN groups for use with the uplink interfaces or uplink port channels.
After you assign a VLAN to a VLAN group, any changes to the VLAN group are applied to all Ethernet uplink ports that are configured with the VLAN group. The VLAN group also enables you to identify VLAN overlaps between disjoint VLANs.
You can configure uplink ports under a VLAN group. When you configure an uplink port for a VLAN group, that uplink port will support all the VLANs that are part of the associated VLAN groups and individual VLANs that are associated with the uplink using LAN Uplinks Manager, if any. Further, any uplink that is not selected for association with that VLAN group will stop supporting the VLANs that are part of that VLAN group.
You can create VLAN groups from the LAN Cloud or from the LAN Uplinks Manager.
Creating a VLAN Group
The following example shows how to create a VLAN group:
UCS-A# scope eth-uplink UCS-A /eth-uplink # create vlan-group eng UCS-A /eth-uplink/vlan-group* # create member-vlan 3 UCS-A /eth-uplink/vlan-group* # commit-buffer UCS-A /vlan-group #
Creating an Inband VLAN Group
Configure inband VLAN groups to provide access to remote users via an inband service profile.
The example below creates a VLAN group named inband-vlan-group, creates a member of the group named Inband_VLAN and assigns VLAN ID 888, creates member ports for Fabric A and Fabric B, and commits the transaction:
UCS-A# scope eth-uplink UCS-A /eth-uplink # create vlan-group inband-vlan-group UCS-A /eth-uplink/vlan-group* # create member-vlan Inband_VLAN 888 UCS-A /eth-uplink/vlan-group/member-vlan* # exit UCS-A /eth-uplink/vlan-group* # create member-port a 1 23 UCS-A /eth-uplink/vlan-group/member-port* # exit UCS-A /eth-uplink/vlan-group* # create member-port b 1 23 UCS-A /eth-uplink/vlan-group/member-port* # commit-buffer UCS-A /eth-uplink/vlan-group/member-port # exit UCS-A /eth-uplink/vlan-group # exit
Assign the inband VLAN group to an inband service profile.
Deleting a VLAN Group
Command or Action | Purpose |
---|
The following example shows how to delete a VLAN group:
UCS-A# scope eth-uplink UCS-A /eth-uplink # delete vlan-group eng UCS-A /eth-uplink* # commit-buffer UCS-A /eth-uplink #
Viewing VLAN Groups
Command or Action | Purpose |
---|
The following example shows the available VLAN groups in the root org:
UCS-A# scope org UCS-A# /org/# show vlan-group VLAN Group: Name ---- eng hr finance
VLAN Permissions
VLAN permissions restrict access to VLANs based on specified organizations and on the service profile organizations to which the VLANs belong. VLAN permissions also restrict the set of VLANs that you can assign to service profile vNICs. VLAN permissions is an optional feature and is disabled by default. You can enable or disable the feature based on your requirements. If you disable the feature, all of the VLANs are globally accessible to all organizations.
![]() Note | If you enable the org permission inPermitted Orgs for VLAN(s) option displays in the Create VLANs dialog box. If you do not enable the Org Permissions, the Permitted Orgs for VLAN(s) option does not display. , when you create a VLAN, the |
Enabling the org permission allows you to specify the organizations for the VLAN. When you specify the organizations, the VLAN becomes available to that specific organization and all of the sub organizations below the structure. Users from other organizations cannot access this VLAN. You can also modify the VLAN permission anytime based on changes to your VLAN access requirements.
![]() Caution | When you assign the VLAN org permission to an organization at the root level, all sub organizations can access the VLANs. After assigning the org permission at the root level, and you change the permission for a VLAN that belongs to a sub organization, that VLAN becomes unavailable to the root level organization. |
Creating VLAN Permissions
The following example shows how to create a VLAN permission for an organization:
UCS-A# scope org UCS-A /org # create vlan-permit dev UCS-A /org* # commit-buffer UCS-A /org #
Deleting a VLAN Permission
Command or Action | Purpose |
---|
The following example shows how to delete a VLAN permission from an organization:
UCS-A# scope org UCS-A /org # delete vlan-permit dev UCS-A /org* # commit-buffer UCS-A /org #
Viewing VLAN Permissions
Command or Action | Purpose |
---|
The following example shows the VLAN groups that have permission to access this VLAN:
UCS-A# scope org UCS-A# /org/# show vlan-permit VLAN Group: Name ---- eng hr finance