LEARN WORK IT

INFORMATION TECHNOLO GY (NE T WORK )

C I S C O ACI BLO GS VMWARE N SX BLO G S CISCO ROUT ING B LO G

C I S CO SW ITCHIN G BLO G IT INS TITU TES CONTACT US

TERMS & CONDIT ION

9. VLAN in ACI
 APRIL 8, 2021  LEAVE A COMMENT

VLAN
Encapsulation in
ACI
There are two types of VLANs used in ACI
E x t e r n a l V L A N : Used for External Communication
and Integration
I n t e r n a l V L A N : It is also called Platform Independent
Vlan whose scope is local to each leaf. ACI has no
control over how Platform VLAN is allocated to traf�c
going via leaf. APIC allocates PI VLAN per EPG, Per BD,
and this allocation is local to leaf and is different to
each Leaf.
Cisco ACI fabric internally does not use VLANs as
traditional switches but it translates externally
connected VLANs to Flooding Domain, Bridge Domain,
and VXLANs. All of this is happening at the ingress to
the fabric.

s h o w V L A N e x t e n d e d output command you can see

how internal VLANs are encapsulated to VXLANs or
external VLANs. With this command, you can easily see
which external VLANs are used on the particular leaf
switch.
There are various Internal Platforms VLAN used by ACI
on each Leaf and they are independent of each other.
Several VLANs exist on a leaf switch. There are two
commands most commonly used for troubleshooting
purposes: s h o w V L A N e x t e n d e d and s h o w
s y s t e m i n t e r n a l e l t m c i n f o V L A N b r i e f . In the
output of the later command you can see a table with
several different VLANs:
V l a n I d : is the PI (platform-independent) VLAN of the
system and is locally signi�cant to each switch. This is
the same VLAN as seen in the output of the command
show VLAN.
H w _ V l a n I d : is the VLAN used in ASICs but is usually
not relevant for a user.
B D - V L A N : is used to represent a bridge domain and
can link multiple FD-VLANs (encap VLANs) together
with multiple hardware VLANs and internal VLANs. It
is one forwarding aspect used by the Broadcom ASIC to
determine if traf�c should be locally switched or
forwarded to the Northstar ASIC for processing. The BD-
VLAN connects different local F D - V L A N s to a single
bridge domain and is used on the Broadcom ASIC to
determine the Layer 2 broadcast domain. If for example,
two different access_enc VLANs have the same BDVlan
ID it means they belong to two EPGs that are part of the
same BD.
F D - V L A N : is a Flood domain VLAN. The FD-VLAN is
the forwarding VLAN used to forward traf�c on the
Broadcom ASIC. The
F D _ V L A N is directly linked to the ACCESS_ENC and is
also referred to as the internal VLAN. The FD_VLAN is
used to represent the ACCESS_ENC instead of linking it
directly to the BD_VLAN. The FD_VLAN allows the
BD_VLAN to link to different ACCESS_ENCs and treat
all of them as if they were all in the same 802.1Q VLAN
on an NX-OS switch. When a broadcast packet comes
into the leaf switch from the ACI fabric, the BD_VLAN
can map to several FD_VLANs to allow the packet to be
forwarded out different ports using different
ACCESS_ENCs. The FD_VLAN is used to learn Layer 2
MAC addresses.
A c c e s s _ e n c : is the encapsulation VLAN (or VXLAN) –
this is a user VLAN; if in the troubleshooting process
you can‘t �nd a particular VLAN you are searching for
in the column means the switch doesn‘t even know
about VLAN. This is particularly important when
talking about VMM; you create an EPG, you bind it to a
VMM domain and ACI takes a VLAN from a dynamic
pool. That VLAN is synced to vCenter and a VM starts
using this VLAN. That VLAN should also be pushed to
any leaf switch on which this particular port group is
present.
F a b r i c _ e n c : is a VXLAN (VNID) used within the
Fabric.

Command : System internal eltmc info

VLAN brief