VLAN inside VXLAN

VLANs can be assigned to VXLAN interfaces. In a data center network where VXLAN is used to create an L2 overlay network and for multitenant environments, a customer VLAN tag can be assigned to VXLAN interface. This allows the VLAN tag from VLAN traffic to be encapsulated within the VXLAN packet.

To configure VLAN inside VXLAN on HQ1:
  1. Configure VXLAN:
    config system vxlan
       edit "vxlan1"
          set interface port1
          set vni 1000
          set remote-ip 173.1.1.1
       next
    end
  2. Configure system interface:
    config system interface
       edit vlan100
         set vdom root
         set vlanid 100
         set interface dmz
       next
       edit vxlan100
         set type vlan
         set vlanid 100
         set vdom root
         set interface vxlan1
       next
    end
  3. Configure software-switch:

    config system switch-interface

    edit sw1

    set vdom root

    set member vlan100 vxlan100

    set intra-switch-policy implicit

    next

    end

Note

The default intra-switch-policy implicit behavior allows traffic between member interfaces within the switch. Therefore, it is not necessary to create firewall policies to allow this traffic.

Tooltip

Instead of creating a software-switch, it is possible to use a virtual-wire-pair as well. See Virtual wire pair with VXLAN.

To configure VLAN inside VXLAN on HQ2: