This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Attach vlan and L2-VSN on VSP ToR port to vsphere trunk

Attach vlan and L2-VSN on VSP ToR port to vsphere trunk

Go to solution
darvid
New Contributor II

‎02-15-2024 09:35 AM

Hi all

My goal is to bring internet acces directly to a VM with L2-VSN

I make a rule in xmc to set vlan/i-sid (MAC auth) for the provider box and my test computer.

ERS where is plugged my box give the right vlan to the port and mlt uplink to VSP core. On another ERS I plug my computer which fall in the same vlan and get internet access through the box (no routing, nothing, it's fabric magic !)

I would like to do the same for a VM. On VSP, vsphere trunk is manually tagged, I thought that I just need to create vlan and its i-sid as do the rule for ERS, but I should miss something else ? 

Regards

0 Kudos
2 ACCEPTED SOLUTIONS

Go to solution
gfriedl
Extreme Employee

‎02-16-2024 06:15 AM

Darvid,

a tagged trunk is not yet a valid L2 connection to VLANs. 

On fabric side you have two options: CVLAN UNI L2VSN, which consists of VLAN + port members (here the trunk to your VMs) and I-SID.

Other option is flex-uni port (tagged too per default) plus Switched UNI L2VSN, which is, when you don't create a VLAN, just create I-SID and attach the port:

(config)#i-sid xxx

config(i-sid xxx)#c-vid <vlan-id> port x/y

hope that helps!

View solution in original post

0 Kudos

Go to solution
TQU
Contributor

‎02-16-2024 07:18 AM

Hi Darvid,

If your TOR devices are in virtual-ist cluster mode, you need to define vlan/i-sid association on both members.

Because, through the fabric, trafic is send to the cluster system-id (virtual b-mac) and not to the vsp system-id. By the topology, if packet comes to second cluster member (the one without vlan/i-sid association) the packet is dropped.

So you need define vlan/i-sid association on both cluster member even if servers are connected on only one member.

Regards,

TQU

 

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
darvid
New Contributor II

‎02-16-2024 10:20 AM

Thank you for these details, each reply is a part of the explanation.

0 Kudos

Go to solution
TQU
Contributor

‎02-16-2024 07:18 AM

Hi Darvid,

If your TOR devices are in virtual-ist cluster mode, you need to define vlan/i-sid association on both members.

Because, through the fabric, trafic is send to the cluster system-id (virtual b-mac) and not to the vsp system-id. By the topology, if packet comes to second cluster member (the one without vlan/i-sid association) the packet is dropped.

So you need define vlan/i-sid association on both cluster member even if servers are connected on only one member.

Regards,

TQU

 

0 Kudos

Go to solution
gfriedl
Extreme Employee

‎02-16-2024 06:15 AM

Darvid,

a tagged trunk is not yet a valid L2 connection to VLANs. 

On fabric side you have two options: CVLAN UNI L2VSN, which consists of VLAN + port members (here the trunk to your VMs) and I-SID.

Other option is flex-uni port (tagged too per default) plus Switched UNI L2VSN, which is, when you don't create a VLAN, just create I-SID and attach the port:

(config)#i-sid xxx

config(i-sid xxx)#c-vid <vlan-id> port x/y

hope that helps!

0 Kudos

Go to solution
darvid
New Contributor II

‎02-16-2024 04:45 AM

Finally found my mistake, but don't really undersand !

Bellow a little nice diagram :), blue is spbm vsp

Vlan/i-sid must be manualy created on the second Tor (red) 
although it is not used.

How is it that i-side does not transit automatically like on COREs ?Capture du 2024-02-16 13-36-00.png

0 Kudos
GTM-P2G8KFN