Understanding ACI VLAN types and VLAN scopes is crucial for network professionals aiming to optimize their network configurations. In this article, I explore the various ACI VLAN types, examining their significance and how they impact the interpretation of the show endpoint ACI CLI command output.
Additionally, I will delve into the concept of VLAN scope, which allows for the reuse of the same VLANs across multiple Endpoint Groups (EPGs). Whether you’re a seasoned network engineer or just starting, this guide will provide the essential knowledge to navigate VLAN configurations in ACI effectively.
Download the PDF Slides
Summary
- In ACI, we have two main VLAN types: Access Encap VLAN and platform-independent (PI) VLAN.
- The access encap VLAN is the VLAN ID for external devices (on-the-wire encapsulation VLAN). It is a user-configurable value and is used to classify traffic from the endpoints into EPGs.
- The PI VLAN is an internal VLAN assigned automatically on every leaf in the fabric. It is not shared across the leaf switches and represents an EPG (FD VLAN) and BD (BD VLAN) in the leaf switch.
- ACI VLAN scope should be considered when applying the same access encap VLAN to more than one EPG on the same Leaf switch. Therefore, we should apply the port Local scope on the interfaces where the same access encap VLAN is used for different EPGs. Additionally, each EPG should be associated with a separate VLAN pool, domain, and bridge domain.
hi Salman,
thank you very much for the explanation.
still have some questions please to clarify my understanding please. I come from a VXLAN background.
we established that :
one other question please about “Flood in Encapsulation” you mentioned that when it is enabled, traffic would be contained in the same encap VLAN 10 that it ented from even though VLAN 20 is also in the same BD as VLAN 10. so basically with “Flood in Encapsulation” enabled on Leaf1 and we have two hosts connected to Leaf1 and one host is in VLAN10 and the other in VLAN20, with “Flood in Encap” one host would not be able to talk to the other on the same Leaf switch on L2 right ?
your response is greatly appreciated.
Hi Simo,
Good question. The Fabric Encap is used when we have “Flood in Encapsulation” enabled, or in the case of STP BPDU forwarding through the ACI.
This VNID represents each VLAN throughout the whole ACI fabric, regardless of EPGs.
Regarding the second question, no, the “flood in encap” option affects only the broadcast and the Layer-2 multicast traffic, of course, excluding the ARP request traffic. So, if the traffic is unicast between these hosts, they will be able to communicate.
hi Salman,
Thank you for your response.
so with “flood in encapsulation” enabled and if we have :
VLAN 10 and VLAN 20 on leaf_1
VLAN 10 and VLAN 20 on leaf_2
BUM traffic ingressing on on Leaf_1 VLAN 10 will be bridged, using the encap VNID, then egressing on VLAN 10 on Leaf_2 ?
does mean that “Fllod in Encapsulation” make encap VLAN significant throughout the whole fabric ?
with that being said will there be a Fabric encap VNID for each Encap VLAN meaning that we will have Fabric encap VNID for VLAN 10 and VLAN 20 ?
Thank you very much for your help.
Hi Simo,
The Flood in Encapsulation feature in Cisco ACI makes VLAN flooding similar to legacy networking, but within the same BD. Remember, you may have VLAN encap-10 across multiple BDs, and ACI won’t cross-flood between them.
Best Regards.
Great explanation when it comes to re-use of overlapping VLANs
Thanks for you feedback James.
Very good, thank you.
You’re welcome.