Global VLANs

Global VLAN

Cisco UCS Central enables you to define global VLANs in LAN cloud at the domain group root or at the domain group level. You can create a single VLAN or multiple VLANs in one operation.

Global VLAN resolution takes place in Cisco UCS Central prior to global service profiles deployment. If a global service profile references a global VLAN, and that VLAN does not exist, the global service profile deployment fails in the Cisco UCS domain due to insufficient resources. All global VLANs created in Cisco UCS Central must be resolved before deploying that global service profile.

Global VLANs are pushed to Cisco UCS along with the global service profiles that reference them. Global VLAN information is visible to Cisco UCS Manager only if a global service profile with reference to a global VLAN is deployed in that UCS domain. When a global VLAN is deployed and becomes available in the UCS domain, locally-defined service profiles and policies can reference the global VLAN. A global VLAN is not deleted when a global service profile that references it is deleted.

VLAN Org Permission

All VLANs configured in Cisco UCS Central are common to the orgs in which they are created. You must assign organization permissions before the Cisco UCS Manager instances that are part of the organizations can consume the resources. When you assign org permission to a VLAN, the VLAN is visible to those organizations, and available to be referenced in service profiles maintained by the Cisco UCS Manager instances that are part of the organization.

VLAN name resolution takes place within the hierarchy of each domain group. If a VLAN with the same name exists in multiple domain groups, the organization permissions are applied to all VLANs with the same name across the domain groups.

You can create, modify or delete VLAN org permission.


Note

Make sure to delete the VLAN org permission from the same org you created it in. On Cisco UCS Central GUI you can view the org structure where this VLAN is associated. But at the sub org level on the Cisco UCS Central CLI, you cannot view the VLAN org permission association hierarchy, so if you try to delete the VLAN at the sub org level on the Cisco UCS Central CLI the delete operation will fail.

Creating a Single VLAN

This procedure describes how to create a single VLAN in the domain group root or in a specifc domain group.

Important:
Procedure
     Command or ActionPurpose
    Step 1UCSC # connect resource-mgr  

    Enters resource manager mode.

     
    Step 2UCSC(resource-mgr) # scope domain-group domain-name  

    Enters the UCS domain group root.

     
    Step 3UCSC(resource-mgr) # scope eth-uplink  

    Enters Ethernet uplink command mode.

     
    Step 4UCSC(resource-mgr) /domain-group/eth-uplink # create vlan vlan-namevlan-id  

    Creates a VLAN and assigns a VLAN ID.

    Note   

    The VLAN name is case sensitive.

     
    Step 5UCSC(resource_mgr)/domain-group/eth-uplink/vlan # set mcastpolicy {default | policy-name}  

    (Optional)

    Assigns a specific multicast policy name. If you do not enter a multicast policy name, the name is resolved from the Cisco UCS Manager domain upon deployment.

     
    Step 6UCSC(resource-mgr) /domain-group/eth-uplink/vlan# commit-buffer  

    Commits the transaction to the system.

     

    The following example shows how to create a VLAN named Administration in the domain group root and ssign it VLAN ID 15: 

    UCSC# connect resource-mgr
UCSC(resource-mgr)# scope domain-group /
UCSC(resource-mgr) /domain-group # scope eth-uplink
UCSC(resource-mgr) /domain-group/eth-uplink create vlan Administration 15
UCSC(resource-mgr) /domain-group/eth-uplink/vlan* # commit-buffer
UCSC(resource-mgr) /domain-group/eth-uplink/vlan #

    The following example shows how to create a VLAN named Administration in domain group 12 and assign it VLAN ID 15: 

    UCSC# connect resource-mgr
UCSC(resource-mgr)# scope domain-group 12
UCSC(resource-mgr) /domain-group # scope eth-uplink
UCSC(resource-mgr) /domain-group/eth-uplink create vlan Administration 15
UCSC(resource-mgr) /domain-group/eth-uplink/vlan* # commit-buffer
UCSC(resource-mgr) /domain-group/eth-uplink/vlan #

    Creating Multiple VLANs

    This procedure describes how to create multiple VLANs.

    Procedure
       Command or ActionPurpose
      Step 1UCSC# connect resource-mgr  

      Enters resource manager mode.

       
      Step 2UCSC(resource-mgr) #scope domain-group domain-group  

      Enters the UCS domain group root.

       
      Step 3UCSC(resource-mgr) #scope eth-uplink.  

      Enters Ethernet uplink command mode.

       
      Step 4UCSC(resource-mgr) /domain-group/eth-uplink #create vlan vlan-name vlan-id  

      Creates a VLAN and with the VLAN name and VLAN ID you enter.

      Note   

      The VLAN name is case sensitive.

       
      Step 5UCSC (resource-mgr) /domain-group/eth-uplink/vlan # set mcastpolicy {default | policy-name}  

      (Optional)

      Assigns a particular multicast policy name. If you do not enter a multicast policy name, the name is resolved from the Cisco UCS Manager upon deployment.

       
      Step 6UCSC (resource-mgr) /domain-group/eth-uplink/vlan # commit-buffer  

      Commits the transaction to the system.

       
      The following example shows how to create two VLANs in domain group 12 and assign multicast policies: 
      UCSC# connect resource-mgr
UCSC(resource-mgr)# scope domain-group 12
UCSC(resource-mgr) /domain-group # scope eth-uplink
UCSC(resource-mgr) /domain-group/eth-uplink create vlan Administration 15
UCSC(resource-mgr) /domain-group/eth-uplink/vlan* # set mcastpolicy default
UCSC(resource-mgr) /domain-group/eth-uplink/vlan* # create vlan Finance 20
UCSC(resource-mgr) /domain-group/eth-uplink/vlan* # set mcastpolicy mpolicy
UCSC(resource-mgr) /domain-group/eth-uplink/vlan* # commit-buffer
UCSC(resource-mgr) /domain-group/eth-uplink/vlan

      Enabling Global VLANs in a Cisco UCS Manager Instance

      The publish vlan command allows you to use global VLANs that were created in Cisco UCS Central in a Cisco UCS Manager instance without deploying a service profile.

      Procedure
         Command or ActionPurpose
        Step 1UCSC# connect resource-mgr  

        Enters resource manager mode.

         
        Step 2UCSC(resource-mgr) #scope domain-mgmt  

        Enters the UCS domain management configuration mode.

         
        Step 3UCSC(resource-mgr) /domain-mgmt #scope ucs-domain domain-ID  

        Enters the UCS domain configuration mode for the specified domain ID.

        Note   

        If you do not know the UCS domain ID, use the show ucs-domain command.

         
        Step 4UCSC(resource-mgr) /domain-mgmt/ucs-domain #publish vlan vlan_name .  

        Pushes the selected global VLAN to the Cisco UCS Manager instance.

         

        The following example shows how to enable global VLAN globVLAN in the local domain 1008: 

        UCSC# connect resource-mgr
UCSC(resource-mgr) # scope domain-mgmt 
UCSC(resrouce-mgr) /domain-mgmt # scope ucs-domain 1008
UCSC(resrouce-mgr) /domain-mgmt/ucs-domain # publish vlan globVLAN

Publish Vlan is a standalone operation. You may lose any uncommitted changes in this CLI session.
Do you want to continue? (yes/no): yes
UCSC(resource-mgr) /domain-mgmt/ucs-domain #

        Deleting a VLAN

        This procedure describes how to delete a VLAN from a domain group.

        Before You Begin

        Consider the following points before deleting global VLANs in Cisco UCS Central:

        • Before deleting global VLANs, ensure that any global service profiles that reference them are updated.

        • Before deleting the last global VLAN from a domain group, you should remove its organization permissions.

        • If you delete a global VLAN, it is also deleted from all registered Cisco UCS Manager instances that are associated with the domain groups in which the VLAN resides.

        • Global service profiles that reference a global VLAN that is deleted in Cisco UCS Central will fail due to insufficient resources. Local service profiles that reference a global VLAN that is deleted will be set to virtual network ID 1.

        Procedure
           Command or ActionPurpose
          Step 1UCSC # connect resource-mgr  

          Enters resource manager mode.

           
          Step 2UCSC(resource-mgr) # scope domain-group {/ | domain-name}  

          Enters the UCS domain group root or the domain group name you enter.

           
          Step 3UCSC(resource-mgr) # scope eth-uplink  

          Enters Ethernet uplink command mode.

           
          Step 4UCSC(resource-mgr) /domain-group/eth-uplink # delete vlanvlan-name  

          Deletes the VLAN with the name you entered.

           
          Step 5UCSC(resource-mgr) /domain-group/eth-uplink # commit-buffer  

          Commits the transaction to the system.

           

          The following example shows how to delete the VLAN named Finance from the domain group root: 

          UCSC# connect resource-mgr
UCSC(resource-mgr)# scope domain-group /
UCSC(resource-mgr) /domain-group # scope eth-uplink
UCSC(resource-mgr) /domain-group/eth-uplink delete vlan Finance
UCSC(resource-mgr) /domain-group/eth-uplink/vlan* # commit-buffer
UCSC(resource-mgr) /domain-group/eth-uplink/vlan #

          Creating VLAN Permissions for an Organization

          This procedure describes how to assign a VLAN permission to organizations in Cisco UCS Central.

          Procedure
             Command or ActionPurpose
            Step 1UCSC# connect resource-mgr  

            Enters resource manager mode.

             
            Step 2UCSC# (resource-mgr) scope org {org-name}  

            Enters organization management mode for the organization name you enter.

             
            Step 3UCSC(resource-mgr) /org # create vlan permit vlan-name  
            Assigns the specified VLAN permission to the organization, and all of the suborganizations that belong to it.
            Note   

            VLAN name is case sensitive.

             
            Step 4UCSC(resource-mgr) /org # commit-buffer  

            Commits the transaction to the system.

             

            The follwing example shows how to assign the VLAN named Administration permission to Sub-Org1: 

            UCSC# connect resource-mgr
UCSC(resource-mgr)# scope org Sub-Org1
UCSC(resource-mgr) /org #create vlan-permit Administration
UCSC(resource-mgr) /org* #commit-buffer
UCSC(resource-mgr) /org #

            Deleting VLAN Permissions from an Organization

            This procedure describes how to delete a VLAN Org permission in Cisco UCS Central.

            Procedure
               Command or ActionPurpose
              Step 1UCSC# connect resource-mgr  

              Enters resource manager mode.

               
              Step 2UCSC# (resource-mgr) scope org {org-name}  

              Enters organization management mode for the organization name you enter.

               
              Step 3UCSC(resource-mgr) /org # delete vlan-permit vlan-name  
              Deletes permission for the specified VLAN from the organization and all sub organizations that belong to it.
              Note   

              VLAN name is case sensitive.

               
              Step 4UCSC(resource-mgr) /org # commit-buffer  

              Commits the transaction to the system.

               

              The follwing example shows how to delete permission for the VLAN named Administration from Sub-Org1: 

              UCSC# connect resource-mgr
UCSC(resource-mgr)# scope org Sub-Org1
UCSC(resouce-mgr) /org #delete vlan-permit Administration
UCSC(resouce-mgr) /org* #commit-buffer
UCSC(resouce-mgr) /org #