Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2598
Views
10
Helpful
5
Replies

ACI basic config help

Go to solution
raza555
Level 3
Level 3

‎04-17-2019 04:58 PM - edited ‎04-17-2019 05:04 PM

Hi,

I am new to ACI. I like to keep single Physical domain & AAEP as per attached diagrammed requirement.

 

Kindly advise that as configured in attached diagram, is it the best approach or there are better ways to do it.

 

  • BD-Vlan10[subnet:10.10.10.0/24]->EPG-Web[Static Binding:1/10]->Phy Domain[Vlan10, 20]->Phy-AAEP->Phy-Int-Profile[interface 1/10-1/20]->Sw-Profile-Leaf101-102

 

  • BD-Vlan20[subnet:10.20.10.0/24]->EPG-DB[Static Binding:1/20]->Phy Domain[Vlan10, 20]->Phy-AAEP->Phy-Int-Profile[interface 1/10-1/20]->Sw-Profile-Leaf101-102

Thanks

 

 

 

Labels:
Preview file
39 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
RedNectar
VIP
VIP

‎04-18-2019 04:21 AM - edited ‎04-18-2019 02:29 PM

Hi rizwan555,

You are on the right track. Although I really do think you should do a google search for an ACI Access Policy Chain tutorial.

So here are your choices. All involve settting up an access policy chain so that the VLANs you wish to access will be available on the ports you want.  But to begin, let's look again at your diagram:

aaf9a2a0-c7ff-4451-b9a2-69c325c745d2.png

Preparation (the Access Policy Chain)

  1. Create a VLAN Pool (say MappedVLANs_VLAN.Pool) with at least two VLANs (VLAN 10 and 20)
  2. Create a Physical Domain (say MappedVLANs_PhysDom) linked to the recently created MappedVLANs_VLAN.Pool
  3. Create an AAEP (say MappedVLANs_AAEP) linked to the recently created MappedVLANs_PhysDom.
  4. Create an Access Port Policy Group (say S.A.Hosts_APPG) linked to the recently created MappedVLANs_AAEP
  5. Create an Interface Profile for Leaf Swtich 101 (say L101_IntProf) and within that interface profile -
    1. Add an Interface selector for port 1/10 (say 1:10_IntSel) and link it to to the recently created S.A.Hosts_APPG
  6. Create an Interface Profile for Leaf Swtich 102 (say L102_IntProf) and within that interface profile -
    1. Add an Interface selector for port 1/20 (say 1:20_IntSel) and link it to to the recently created S.A.Hosts_APPG
  7. Create a Leaf Switch Profile for Leaf Switch 101 (say L101_LeafProf) and within that leaf profile -
    1. Add a Leaf Selector for leaf 101 (say L101_LeafSel) AND
      1. link the Leaf Profile to the recently created L101_IntProf
  8. Create a Leaf Switch Profile for Leaf Switch 121 (say L102_LeafProf) and within that leaf profile -
    1. Add a Leaf Selector for leaf 102 (say L102_LeafSel) AND
      1. link the Leaf Profile to the recently created L102_IntProf

Option#1 - Tenant config - Network Centic Approach#1 (Old but true)

  1. Create a Tenant (say TenantX)
    1. Within TenantX, create a VRF (say Production_VRF)
    2. Within TenantX, create a Bridge Domain (say Web_BD) linked to Production_VRF
      1. Add a Subnet to the BD of 10.10.10.x/24
    3. Within TenantX, create a Bridge Domain (say DB_BD) linked to Production_VRF
      1. Add a Subnet to the BD of 10.20.10.x/24
    4.  Within TenantX, create an Application Profile (say Production_AP
      1. Within Production_AP add an Application EPG (say Web_EPG)
        1. Link Web_EPG to the Web_BD 
        2. Link Web_EPG to the MappedVLANs_PhysDom
        3. [Static Map Option] Add a static path to Leaf101/1/10 vlan 10 (tagged or 802.1P depending on whether your host is sending tagged or untagged frames)
      2. Within Production_AP add an Application EPG (say DB_EPG)
        1. Link DB_EPG to the DB_BD
        2. Link DB_EPG to the MappedVLANs_PhysDom
        3. [Static Map Option] Add a static path to Leaf102/1/20 vlan 20 (tagged or 802.1P depending on whether your host is sending tagged or untagged frames)

Option#2 - Tenant config - Network Centic Approach#2 (VERY network centric )

  1. Create a Tenant (say TenantX)
    1. Within TenantX, create a VRF (say Production_VRF)
    2. Within TenantX, create a Bridge Domain (say Web_BD) linked to Production_VRF
    3. Within TenantX, create a Bridge Domain (say DB_BD) linked to Production_VRF
    4.  Within TenantX, create an Application Profile (say Production_AP
      1. Within Production_AP add an Application EPG (say Web_EPG)
        1. Link Web_EPG to the Web_BD 
        2. Link Web_EPG to the MappedVLANs_PhysDom
        3. Add a Subnet to the Web_EPG of 10.10.10.x/24
        4. [Static Map Option] Add a static path to Leaf101/1/10 vlan 10 (tagged or untagged depending on whether your host is sending tagged or untagged frames)
      2. Within Production_AP add an Application EPG (say DB_EPG)
        1. Link DB_EPG to the DB_BD
        2. Link DB_EPG to the MappedVLANs_PhysDom
        3. Add a Subnet to the DB_EPG of 10.20.10.x/24
        4. [Static Map Option] Add a static path to Leaf102/1/20 vlan 20 (tagged or untagged depending on whether your host is sending tagged or untagged frames) 

Option#3 - Tenant config - Application Centric Approach

  1. Create a Tenant (say TenantX)
    1. Within TenantX, create a VRF (say Production_VRF)
    2. Within TenantX, create a Bridge Domain (say Production_BD) linked to Production_VRF
      1. Add a Subnet to the BD of 10.10.10.x/24
      2. Add a second Subnet to the BD of 10.20.10.x/24
    3.  Within TenantX, create an Application Profile (say Production_AP
      1. Within Production_AP add an Application EPG (say Web_EPG)
        1. Link Web_EPG to the Production_BD
        2. Link Web_EPG to the MappedVLANs_PhysDom
        3. [Static Map Option] Add a static path to Leaf101/1/10 vlan 10 (tagged oruntagged depending on whether your host is sending tagged or untagged frames)
      2. Within Production_AP add an Application EPG (say DB_EPG)
        1. Link DB_EPG to the Production_BD
        2. Link DB_EPG to the MappedVLANs_PhysDom
        3. [Static Map Option] Add a static path to Leaf102/1/20 vlan 20 (tagged or untagged depending on whether your host is sending tagged or untagged frames)

Option#4 - Tenant config - Somewhat Hybrid Approach

  1. Create a Tenant (say TenantX)
    1. Within TenantX, create a VRF (say Production_VRF)
    2. Within TenantX, create a Bridge Domain (say Production_BD) linked to Production_VRF
    3.  Within TenantX, create an Application Profile (say Production_AP
      1. Within Production_AP add an Application EPG (say Web_EPG)
        1. Link Web_EPG to the Production_BD
        2. Link Web_EPG to the MappedVLANs_PhysDom
        3. Add a Subnet to the Web_EPG of 10.10.10.x/24
        4. [Static Map Option] Add a static path to Leaf101/1/10 vlan 10 (tagged oruntagged depending on whether your host is sending tagged or untagged frames)
      2. Within Production_AP add an Application EPG (say DB_EPG)
        1. Link DB_EPG to the Production_BD
        2. Link DB_EPG to the MappedVLANs_PhysDom
        3. Add a Subnet to the DB_EPG of 10.20.10.x/24
        4. [Static Map Option] Add a static path to Leaf102/1/20 vlan 20 (tagged or untagged depending on whether your host is sending tagged or untagged frames)

Options#5 - 8 -  EPGs mapped to AAEP approach

  1. Create a Tenant (say TenantX) and follow Options 1-4 above EXCEPT the [Static Map Option]
  2. In the Access Policy Chain, locate the MappedVLANs_AAEP: [Fabric Policies > Access Policies > Policies > Global > Attachable Access Entity Profiles - I spent 2 hrs looking for that option one night]
  3. Within the MappedVLANs_AAEP, add an Application EPG
    1. Link it to TenantX, Application Profile Production_AP, EPG Web_EPG, Encap vlan-10 (tagged or untagged depending on whether your host is sending tagged or untagged frames)
  4.  Within the MappedVLANs_AAEP, add a second Application EPG
    1. Link it to TenantX, Application Profile Production_AP, EPG DB_EPG, Encap vlan-20 (tagged or untagged depending on whether your host is sending tagged or untagged frames)

 

With Options 5-8, you will now be stuck with VLAN 10 ALWAYS being mapped to the WEB_EPG and VLAN 20 ALWAYS being mapped to the DB_EPG for all switch ports that link back to the MappedVLANs_AAEP - but that is probably a good thing.

So there you go. Eight options to choose from. My preference. Probably Option #7 - ie like Option #3 but using the EPGs mapped to AAEP approach.

I hope this helps

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

 

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

Go to solution
RedNectar
VIP
VIP
In response to raza555

‎04-18-2019 02:31 PM

No problem. I actually added another variation just for completeness, so now there are eight options!

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

5 Replies 5

Go to solution
raza555
Level 3
Level 3

‎04-17-2019 05:02 PM

1) BD-Vlan10[subnet:10.10.10.0/24]->EPG-Web[Static Binding:1/10]->Phy Domain[Vlan10, 20]->Phy-AAEP->Phy-Int-Profile[interface 1/10-1/20]->Sw-Profile-Leaf101-102

2) BD-Vlan20[subnet:10.20.10.0/24]->EPG-DB[Static Binding:1/20]->Phy Domain[Vlan10, 20]->Phy-AAEP->Phy-Int-Profile[interface 1/10-1/20]->Sw-Profile-Leaf101-102
0 Helpful

Go to solution
RedNectar
VIP
VIP

‎04-18-2019 04:21 AM - edited ‎04-18-2019 02:29 PM

Hi rizwan555,

You are on the right track. Although I really do think you should do a google search for an ACI Access Policy Chain tutorial.

So here are your choices. All involve settting up an access policy chain so that the VLANs you wish to access will be available on the ports you want.  But to begin, let's look again at your diagram:

aaf9a2a0-c7ff-4451-b9a2-69c325c745d2.png

Preparation (the Access Policy Chain)

  1. Create a VLAN Pool (say MappedVLANs_VLAN.Pool) with at least two VLANs (VLAN 10 and 20)
  2. Create a Physical Domain (say MappedVLANs_PhysDom) linked to the recently created MappedVLANs_VLAN.Pool
  3. Create an AAEP (say MappedVLANs_AAEP) linked to the recently created MappedVLANs_PhysDom.
  4. Create an Access Port Policy Group (say S.A.Hosts_APPG) linked to the recently created MappedVLANs_AAEP
  5. Create an Interface Profile for Leaf Swtich 101 (say L101_IntProf) and within that interface profile -
    1. Add an Interface selector for port 1/10 (say 1:10_IntSel) and link it to to the recently created S.A.Hosts_APPG
  6. Create an Interface Profile for Leaf Swtich 102 (say L102_IntProf) and within that interface profile -
    1. Add an Interface selector for port 1/20 (say 1:20_IntSel) and link it to to the recently created S.A.Hosts_APPG
  7. Create a Leaf Switch Profile for Leaf Switch 101 (say L101_LeafProf) and within that leaf profile -
    1. Add a Leaf Selector for leaf 101 (say L101_LeafSel) AND
      1. link the Leaf Profile to the recently created L101_IntProf
  8. Create a Leaf Switch Profile for Leaf Switch 121 (say L102_LeafProf) and within that leaf profile -
    1. Add a Leaf Selector for leaf 102 (say L102_LeafSel) AND
      1. link the Leaf Profile to the recently created L102_IntProf

Option#1 - Tenant config - Network Centic Approach#1 (Old but true)

  1. Create a Tenant (say TenantX)
    1. Within TenantX, create a VRF (say Production_VRF)
    2. Within TenantX, create a Bridge Domain (say Web_BD) linked to Production_VRF
      1. Add a Subnet to the BD of 10.10.10.x/24
    3. Within TenantX, create a Bridge Domain (say DB_BD) linked to Production_VRF
      1. Add a Subnet to the BD of 10.20.10.x/24
    4.  Within TenantX, create an Application Profile (say Production_AP
      1. Within Production_AP add an Application EPG (say Web_EPG)
        1. Link Web_EPG to the Web_BD 
        2. Link Web_EPG to the MappedVLANs_PhysDom
        3. [Static Map Option] Add a static path to Leaf101/1/10 vlan 10 (tagged or 802.1P depending on whether your host is sending tagged or untagged frames)
      2. Within Production_AP add an Application EPG (say DB_EPG)
        1. Link DB_EPG to the DB_BD
        2. Link DB_EPG to the MappedVLANs_PhysDom
        3. [Static Map Option] Add a static path to Leaf102/1/20 vlan 20 (tagged or 802.1P depending on whether your host is sending tagged or untagged frames)

Option#2 - Tenant config - Network Centic Approach#2 (VERY network centric )

  1. Create a Tenant (say TenantX)
    1. Within TenantX, create a VRF (say Production_VRF)
    2. Within TenantX, create a Bridge Domain (say Web_BD) linked to Production_VRF
    3. Within TenantX, create a Bridge Domain (say DB_BD) linked to Production_VRF
    4.  Within TenantX, create an Application Profile (say Production_AP
      1. Within Production_AP add an Application EPG (say Web_EPG)
        1. Link Web_EPG to the Web_BD 
        2. Link Web_EPG to the MappedVLANs_PhysDom
        3. Add a Subnet to the Web_EPG of 10.10.10.x/24
        4. [Static Map Option] Add a static path to Leaf101/1/10 vlan 10 (tagged or untagged depending on whether your host is sending tagged or untagged frames)
      2. Within Production_AP add an Application EPG (say DB_EPG)
        1. Link DB_EPG to the DB_BD
        2. Link DB_EPG to the MappedVLANs_PhysDom
        3. Add a Subnet to the DB_EPG of 10.20.10.x/24
        4. [Static Map Option] Add a static path to Leaf102/1/20 vlan 20 (tagged or untagged depending on whether your host is sending tagged or untagged frames) 

Option#3 - Tenant config - Application Centric Approach

  1. Create a Tenant (say TenantX)
    1. Within TenantX, create a VRF (say Production_VRF)
    2. Within TenantX, create a Bridge Domain (say Production_BD) linked to Production_VRF
      1. Add a Subnet to the BD of 10.10.10.x/24
      2. Add a second Subnet to the BD of 10.20.10.x/24
    3.  Within TenantX, create an Application Profile (say Production_AP
      1. Within Production_AP add an Application EPG (say Web_EPG)
        1. Link Web_EPG to the Production_BD
        2. Link Web_EPG to the MappedVLANs_PhysDom
        3. [Static Map Option] Add a static path to Leaf101/1/10 vlan 10 (tagged oruntagged depending on whether your host is sending tagged or untagged frames)
      2. Within Production_AP add an Application EPG (say DB_EPG)
        1. Link DB_EPG to the Production_BD
        2. Link DB_EPG to the MappedVLANs_PhysDom
        3. [Static Map Option] Add a static path to Leaf102/1/20 vlan 20 (tagged or untagged depending on whether your host is sending tagged or untagged frames)

Option#4 - Tenant config - Somewhat Hybrid Approach

  1. Create a Tenant (say TenantX)
    1. Within TenantX, create a VRF (say Production_VRF)
    2. Within TenantX, create a Bridge Domain (say Production_BD) linked to Production_VRF
    3.  Within TenantX, create an Application Profile (say Production_AP
      1. Within Production_AP add an Application EPG (say Web_EPG)
        1. Link Web_EPG to the Production_BD
        2. Link Web_EPG to the MappedVLANs_PhysDom
        3. Add a Subnet to the Web_EPG of 10.10.10.x/24
        4. [Static Map Option] Add a static path to Leaf101/1/10 vlan 10 (tagged oruntagged depending on whether your host is sending tagged or untagged frames)
      2. Within Production_AP add an Application EPG (say DB_EPG)
        1. Link DB_EPG to the Production_BD
        2. Link DB_EPG to the MappedVLANs_PhysDom
        3. Add a Subnet to the DB_EPG of 10.20.10.x/24
        4. [Static Map Option] Add a static path to Leaf102/1/20 vlan 20 (tagged or untagged depending on whether your host is sending tagged or untagged frames)

Options#5 - 8 -  EPGs mapped to AAEP approach

  1. Create a Tenant (say TenantX) and follow Options 1-4 above EXCEPT the [Static Map Option]
  2. In the Access Policy Chain, locate the MappedVLANs_AAEP: [Fabric Policies > Access Policies > Policies > Global > Attachable Access Entity Profiles - I spent 2 hrs looking for that option one night]
  3. Within the MappedVLANs_AAEP, add an Application EPG
    1. Link it to TenantX, Application Profile Production_AP, EPG Web_EPG, Encap vlan-10 (tagged or untagged depending on whether your host is sending tagged or untagged frames)
  4.  Within the MappedVLANs_AAEP, add a second Application EPG
    1. Link it to TenantX, Application Profile Production_AP, EPG DB_EPG, Encap vlan-20 (tagged or untagged depending on whether your host is sending tagged or untagged frames)

 

With Options 5-8, you will now be stuck with VLAN 10 ALWAYS being mapped to the WEB_EPG and VLAN 20 ALWAYS being mapped to the DB_EPG for all switch ports that link back to the MappedVLANs_AAEP - but that is probably a good thing.

So there you go. Eight options to choose from. My preference. Probably Option #7 - ie like Option #3 but using the EPGs mapped to AAEP approach.

I hope this helps

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

 

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Go to solution
raza555
Level 3
Level 3
In response to RedNectar

‎04-18-2019 05:37 AM

Hi RedNectar,

 

Thank very much for very detailed & complete solution. It very much appreciated.

 

That's the best explanation, i have ever found on web.

 

Further comparison between Network Centric vs Application centric has crystal clears my understandings about this concept.

 

Thanks and Kind Regards

 

 

0 Helpful

Go to solution
RedNectar
VIP
VIP
In response to raza555

‎04-18-2019 02:31 PM

No problem. I actually added another variation just for completeness, so now there are eight options!

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Go to solution
raza555
Level 3
Level 3
In response to RedNectar

‎04-18-2019 03:12 PM

Thankyou very much.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License