Error: "VLAN backed segment cannot have connectivity path set" when mapping a VLAN segment to a Tier-1 or Tier-0 Gateway in NSX.
search cancel

Error: "VLAN backed segment cannot have connectivity path set" when mapping a VLAN segment to a Tier-1 or Tier-0 Gateway in NSX.

book

Article ID: 428978

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

When attempting to create or modify a Segment in NSX, the following error is displayed: "VLAN backed segment cannot have connectivity path set".

This occurs when a user attempts to select a Tier-0 or Tier-1 Gateway in the "Connectivity" or "Connected Gateway" field for a Segment that is backed by a VLAN Transport Zone.

Environment

VMware NSX

Cause

This behavior is by design in the NSX.

  • Overlay Segments: The "Connectivity" path is used to automatically plumb the segment to a Tier-0 or Tier-1 Gateway, instantiating a Distributed Router (DR) port for east-west routing.

  • VLAN Segments: These are Layer 2 constructs that bridge virtual machines directly to the physical network. They do not support the automatic "Connectivity" path linkage used by Overlay segments because their routing is typically handled by the physical upstream router or via specific Gateway Interfaces (Service Interfaces or External Interfaces) which are configured on the Gateway object, not the Segment object.

Attempting to bind a VLAN segment to a gateway using the "Connectivity" field which implies an Overlay-style distributed connection triggers this validation error.

Resolution

To resolve this issue, we must clear the connectivity binding or configure the connection correctly based on the desired topology.

Method 1: Clear the Connectivity Path (L2 Only)

If the intention is to provide Layer 2 connectivity to the physical network without NSX routing services:

  1. Edit the Segment configuration.

  2. Locate the Connected Gateway or Connectivity field.

  3. Set this field to None or clear the selection.

  4. Save the Segment.

Method 2: Connect via Service Interface (L3 Routing)

If the intention is to route traffic from this VLAN segment via an NSX Tier-0/Tier-1 Gateway (e.g., for Load Balancing, NAT, or Edge Firewalling):

  1. Leave the Segment's Connected Gateway field as None.

  2. Navigate to Networking > Tier-0/Tier-1 Gateways.

  3. Edit the target Gateway.

  4. Under Service Interfaces (or External Interfaces for T0), click Set.

  5. Add a new Interface, select the VLAN Segment, and assign an IP address.

  6. Save the configuration.

Method 3: Use an Overlay Segment

If the intention was to use NSX Distributed Routing (East-West routing):

  1. Delete the current VLAN-backed segment (or create a new one).

  2. Ensure the Transport Zone selected is an Overlay Transport Zone.

  3. We may now map the Connected Gateway to the desired Tier-1 Gateway.

Powered by Wolken Software