5 Responses

  1. JC
    JC at |

    How exactly does the “VLAN Port override” function? We’ve never configured the override but today I noticed the switch was still forwarding a VLAN a consisted with a port group that hadn’t been explicitly allowed on the Uplink port. I got to looking into it but couldn’t get a good definition of what the VLAN override did.

    Reply
  2. JC
    JC at |

    So the exact scenario was a bare-metal subnet was being moved virtual so the VLAN was already trunked on the UCS and the switches and we just needed to build the port-group on the vDS but realized the uplink from the vDS was passing the new port-group’s traffic before we added it the the explicit allow range of VLANs on the DVUplink. I did some further testing of pinging a server on that new port-group from an outside physical PC and no matter how I changed overrides or allowed lists on DVUplink the ping stayed consistent. The only thing I could do to stop traffic was to go into the port-group and remove the 2 active uplinks associated with it.

    These are hosts on a UCS Chassis so I was looking at the VIC comparison (http://www.cisco.com/c/en/us/products/interfaces-modules/unified-computing-system-adapters/models-comparison.html) and datasheets and couldn’t find a mention of if a specific model had “vlan pruning/filtering” capability. I suppose maybe you were talking about the actual vmnic v1000/vmxnet but I don’t see how that would affect the uplinks only the virtual machine’s port. My next thing is to open a ticket with VMWare I just wanted to get a better understanding of what was going on first.

    Thanks

    Reply
    1. Carlo
      Carlo at |

      Have you found the solution?
      I noticed the same behaviour in my infrastructure.
      Regards

      Reply

Share your point of view!