Static Ports binding modes Explained – Cisco ACI
Static path binding modes in Cisco ACI
When you configure static port binding for an EPG in Cisco ACI, you will get 3 Options:
- Trunk
- Access (802.1P)
- Access (Untagged)
Generally, this option can be compared with the configuration on NXOS (traditional) swithces:
- Access (Untagged): in an access port where only one VLAN is allowed and traffic is untagged.
# switchport access vlan x
- Trunk: is trunk port where multiple VLAN could be allowed.
switchport mode trunk
switchport trunk allowed vlan add x,z
- Access (802.1p): it correspond to a QoS implementation of 802.1Q protocol, which basically mean that this is a trunk port where other VLAN are allowed (tagged), but the VLAN specified (VLAN X) in sent untagged –> Native VLAN:
switchport mode trunk
switchport trunk native vlan x
That’s should sufficient for understanding basic VLAN encap mode for static port binding in ACI, but there is some difference between ACI Leaf generations in regarding untagged and Access (802.1p), discussed below:
Native 802.1p vs Untagged Ports in EPGs
When assigning Access (802.1p or Untagged) modes, follow these guidelines to ensure that devices that require untagged or 802.1p packets operate as expected when they are connected to access ports of an ACI leaf switch.
These guidelines apply to EPGs deployed on ports on a single leaf switch. When EPGs are deployed on different switches, these restrictions do not apply.
- Only one 802.1p VLAN or one untagged VLAN is allowed on a port. It can be one or the other but not
both. - For generation 1 switches, if an EPG deployed on any port on a leaf switch is configured with Access
(Untagged) mode, all the ports used by the EPG should be untagged on the same leaf switch and its VPC
peer (if there is one). You can have a combination of untagged and tagged ports on generation 2 switches (with -EX, -FX, or -FX2 suffixes). - You can deploy different EPGs using (tagged) VLAN numbers in Trunk mode on the same port, with
an EPG deployed on the port in Access (Untagged) mode.
There are some differences in traffic handling, depending on the switch, when a leaf switch port is associated with a single EPG that is configured as Access (802.1p) or Access (Untagged) modes.
Generation 1 Switches
If the port is configured in Access (802.1p) mode:
- On egress, if the access VLAN isthe only VLAN deployed on the port, then traffic will be untagged.
- On egress, if the port has other (tagged) VLANs deployed along with an untagged EPG, then traffic
from that EPG is zero tagged. - On egress, for all FEX ports, traffic is untagged, irrespective of one or more VLAN tags configured
on the port. - The port accepts ingress traffic that is untagged, tagged, or in 802.1p mode.
If a port is configured in Access (Untagged) mode:
- On egress, the traffic from the EPG is untagged.
- The port accepts ingress traffic that is untagged, tagged, or 802.1p.
Generation 2 Switches
Generation 2 switches, or later, do not distinguish between the Access (Untagged) and Access (802.1p) modes. When EPGs are deployed on Generation 2 ports configured with either Untagged or 802.1p mode:
- On egress, traffic is always untagged on a node where this is deployed.
- The port accepts ingress traffic that is untagged, tagged, or in 802.1p mode.
Reference: Cisco