Re: Microsegmentation with VM Tag

Moon1998 · ‎05-06-2019

Hi,

I can't get microsegmentation based on VM tag working. All other attributes I've tried (VM name, OS...) works, but not VM Tag. When I am creating uSEG rules for VM tag, APIC do not offer options (category and tag) from drop-down list. According to this document https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/3-x/virtualization/b_ACI_Virtualization_Guide_3_2_2/b_ACI_Virtualization_Guide_3_2_2_chapter_0100.pdf

it should be achieved by creating tags in vSphere before creating th uEPG. Which I did, but still can't get it working.

I am using vSphere 6.5.2 and ACI 4.0(3d).

Any suggestions?

Thanks,

Martin

jucoutur · ‎06-27-2019

Hi Martin,

To get vSphere tags in APIC, you need to enable tag collection on the VMM domain:

Virtual Networking > VMM Domains > VMWare > [your_vmm_domain] > select "Enable Tag Collection"

APIC will then poll the vCenter on a regular basis to get the vSphere tags. You can trigger a sync from the APIC so that it gets immediately the latest inventory from the vCenter :

Virtual Networking > VMM Domains > VMWare > [your_vmm_domain] > Controllers > [your_vCenter] > right click and choose "Trigger Inventory Sync"

Now if you check the "uSeg Attributes" menu in you Tenant Application Profile, you will be able to browse categories and tags coming from your vSphere configuration.

I've attached some screenshots that show the process.

Hope it helps !

/Julien