L2 Interface Policy – Per Port VLAN in Cisco ACI [Explained]

L2 Interface Policy – Per Port VLAN in Cisco ACI [Explained]


Why do we need L2 Interface Policy:

ACI  check VLAN tag on an incoming frame to determine what source End Point Group (EPG) the endpoint belong. But, if we need to use the same Vlan tag for different EPGs.

In the example below:

  • VLAN tag 10 used identify EPG1 on interface Ethernet 1/5.
  • VLAN tag 10 to identify EPG2 if traffic arrives on interface Ethernet 1/10.

In normal (default setting), this will end with fault in ACI: “Encap already used in another EPG.



Configuration:

Create L2 Interface Policy:

Navigate to:

FABRIC > ACCESS POLICIES > Policies > Interface Policies > Policies > L2 Interface >+ Create L2 Interface Policy.


Considerations for Local Port Feature:

  • Seperate VLAN pool for VLANs to be duplicated
  • EPGs need to be part of different BD (Unique BD)
  • Interface Policy Group needs to have L2 Interface policy for Port Local scope


L2 Interface Policy requires that when applied to two different EPGs on the same switch, those two EPGs must be associated with two different Physical Domains, and each domain linked to a different VLAN Pool.



Create Interface Policy Group and select L2 Interface:

In the Interface Policy Groups, chose the AAEP and also select the L2 Interface policy:



Verify:

One thing to note is that for the same Vlan 10, the Fabric_encap is unique. This fabric_encap is generated based on the VLAN pool/namespace. Thats why its required to have a unique VLAN pool, so that the fabric_encap VXLAN/vnid is unique.

module-1# show system internal eltmc info vlan brief
VLAN-Info
VlanId  HW_VlanId Type            Access_enc Access_enc Fabric_enc Fabric_enc BDVlan  
                                  Type                 Type                      
==================================================================================
     27       23         BD_VLAN   Unknown         0     VXLAN  16416668      27
     28       24         FD_VLAN    802.1q        10     VXLAN      9809      27
   
     45       34         BD_VLAN   Unknown         0     VXLAN  16416669      45
     46       35         FD_VLAN    802.1q        10     VXLAN     10592      45



https://rednectar.net/tag/l2-interface-policy/

https://community.cisco.com/t5/data-center-and-cloud-documents/per-port-vlan/ta-p/3164234

Bilel-A

Enthusiastic Network Engineer specializing in Cisco ACI, passionate about solving challenges. A lifelong learner who loves gaining and sharing knowledge. Profile: https://www.linkedin.com/in/bilel-ameur-71116b2b5

Related articles

ACI L3 Multicast Troubleshoot – Part-3: Source and Receiver inside ACI – Topology 2

ACI L3 Multicast Troubleshoot – Part-3: Source and Receiver inside ACI – Topology 2

ACI L3 Multicast Troubleshoot – Part-3: Source and Receiver inside ACI – Topology 1

ACI L3 Multicast Troubleshoot – Part-3: Source and Receiver inside ACI – Topology 1

Troubleshoot ACI L3 Multicast – Part-2: Source in ACI and Receiver Outside

ACI L3 Multicast Troubleshoot – Part-1: Receiver in ACI and Source Outside

Quality of Service (QoS) in Cisco ACI – Overview and Configuration Examples

MACsec configuration in ACI Fabric

Cisco ACI Floating L3OUT [Explained & Configuration]

ACI Multiste PBR Configuration and Troubleshooting

ACI Q in Q Dot1Q Tunnel Data Forwarding

ACI Q in Q Dot1Q Tunnel Data Forwarding

ACI Multisite Connectivity Design and Deployment use cases

ACI Multisite Connectivity Design and Deployment use cases

4 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x