Configuring VLAN 1 with VXLAN

VLAN 1 is also known as the default VLAN, as it is assigned by default to switch ports. It is also used by default on Arista switches to transport fabric-specific traffic.

In general, it is a common best practice to not use VLAN 1 network-wide to carry user traffic, especially to avoid potential misconfigurations due to user error.

However, in certain cases, it is required to use and transport VLAN 1 over a VXLAN-based fabric and hence it needs to be associated with a VNI. Before NetVisor OS release 6.0.0 attempting to map VLAN 1 to a VNI would be rejected, like so:

CLI (network-admin@switch) > vlan-modify id 1 vxlan 123

vlan-modify: Vlan id 1 is not a valid vlan, or is a reserved vlan 

Starting from release 6.0.0, if the fabric VLAN is modified to a value different from 1, it is then possible to map VLAN 1 to a VNI like so:

CLI (network-admin@switch) > fabric-local-modify vlan 100

CLI (network-admin@switch) >  vlan-modify id 1 vxlan 123

vlan-modify: ports 13,25-26,69-Disabling MAC Address Learning72 are tagged in vlan 20, but untagged in vlan 1 with vxlan not allowed, Adjust the port membership and retry the vxlan configuration

Note that the fabric-local-modify command is—as the name implies—local to each node and hence it needs to be executed on all the nodes that are part of the fabric (for example, with the switch * command prefix). Moreover, although fabric-local-modify was available even before release 6.0.0, the VLAN 1 to VNI mapping was not allowed until version 6.0.0.

Also note that, as shown above, if the untagged port membership of VLAN 1 comprises any ports, due to a hardware limitation, the vlan-modify id 1 vxlan <value> command will still fail. You need to make sure there are no ports using VLAN 1 as untagged VLAN in order for the command to succeed:

CLI (network-admin@switch) >  vlan-modify id 1 vxlan 123

!!!! Vlan has vxlan, but there are no ports configured in

vxlan-loopback-trunk. vxlan forwarding may not function correctly. !!!!

The printed message means that VLAN 1 was successfully associated to a VXLAN ID. As explained in the previous section, in order for VXLAN forwarding to be fully functional, you also need to make sure that ports are added to the vxlan-loopback-trunk.

Once VLAN 1 is mapped to a VNI, you cannot change the fabric VLAN back to 1, as that would create a conflict:

CLI (network-admin@switch) > fabric-local-modify vlan 1

fabric-local-modify: vlan 1 has VXLAN 123, unconfigure and retry

However, you may at some point decide to unmap VLAN 1 from the associated VNI (in other words, “unconfigure” it as suggested in the message above), by using the command:

CLI (network-admin@switch) > vlan-modify id 1 vxlan 0

As explained in the command help, as shown below, the VNI value 0 is used to unconfigure, that is, to remove a VLAN/VNI mapping:

CLI (network-admin@switch) > vlan-modify id 1 vxlan