API Guide
The VLAN ID tag is removed from packets transmitted in a VXLAN tunnel. Each packet is encapsulated with the VXLAN VNI in
the packet header before it is sent from the egress source interface for the tunnel. At the remote VTEP, the VXLAN VNI is
removed and the packet transmits on the virtual-network bridge domain. The VLAN ID regenerates using the VLAN ID
associated with the virtual-network egress interface on the VTEP and is included in the packet header.
Configure untagged access ports
Add untagged access ports to the VXLAN overlay network using either a switch-scoped VLAN or port-scoped VLAN. Only one
method is supported.
● To use a switch-scoped VLAN to add untagged member ports to a virtual network:
1. Assign a VLAN to a virtual network in VLAN Interface mode.
interface vlan vlan-id
virtual-network vn-id
exit
2. Configure port interfaces as access members of the VLAN in Interface mode.
interface ethernet node/slot/port[:subport]
switchport access vlan vlan-id
exit
Packets received on the untagged ports transmit over the virtual network.
● To use a port-scoped VLAN to add untagged member ports to a virtual network:
1. Create a reserved VLAN ID to assign untagged traffic on member interfaces to a virtual network in CONFIGURATION
mode. The VLAN ID is used internally for all untagged member interfaces on the switch that belong to virtual networks.
virtual-network untagged-vlan untagged-vlan-id
2. Configure port interfaces as trunk members and remove the access VLAN in Interface mode.
interface ethernet node/slot/port[:subport]
switchport mode trunk
no switchport access vlan
exit
3. Assign the trunk interfaces as untagged members of the virtual network in VIRTUAL-NETWORK mode. You cannot use
the reserved VLAN ID for a legacy VLAN or for tagged traffic on member interfaces of virtual networks.
virtual-network vn-id
member-interface ethernet node/slot/port[:subport] untagged
exit
If at least one untagged member interface is assigned to a virtual network, you cannot delete the reserved untagged VLAN ID. If
you reconfigure the reserved untagged VLAN ID, you must either reconfigure all untagged member interfaces in the virtual
networks to use the new ID or reload the switch.
Enable overlay routing between virtual networks
The previous sections describe how a VTEP switches traffic between hosts in the same L2 tenant segment on a virtual network,
and transports traffic over an IP underlay fabric. This section describes how a VTEP enables hosts in different L2 segments
belonging to the same tenant VRF to communicate with each other.
NOTE:
On the S4248-ON switch, IPv6 overlay routing between virtual networks is not supported with static VXLAN. IPv6
overlay routing is, however, supported with BGP EVPN asymmetric IRB.
Each tenant is assigned a VRF and each virtual-network interface is assigned an IP subnet in the tenant VRF. The VTEP acts as
the L3 gateway that routes traffic from one tenant subnet to another in the overlay before encapsulating it in the VXLAN
header and transporting it over the IP underlay fabric.
To enable host traffic routing between virtual networks, configure an interface for each virtual network and associate it to a
tenant VRF. Assign a unique IP address in the IP subnet range associated with the virtual network to each virtual-network
interface on each VTEP.
884
VXLAN