cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2180
Views
15
Helpful
2
Replies

APIC - How to Configure L2 Interfaces

mathris
Level 1
Level 1

Never posted here before but basically I'm running ACI through my APIC controllers and having issues doing a physical bare metal configuration. I found a guide, listed below:

Cisco APIC Layer 2 Networking Configuration Guide, Release 4.0(1)

But so far it doesn't seem to give me a clear direction on how to configure it.

Selecting the switches, switch profile name I think I have and found, but the Interface Selector Name and the Policy Group Name I still can't find links too.

1 Accepted Solution

Accepted Solutions

Jayesh Singh
Cisco Employee
Cisco Employee

Hi Mathris,

I would like to share with you a simple flow to understand and remember fabric access policies to on-board any physical server. Go to Fabric tab -> Access Policies and look at the options on left pane from bottom. Never start from top.

Below are the config steps with GUI path navigation details. However, I am pretty sure just reading them won’t make sense and it would really help only if you actually try out those steps on your APIC.

 

Fabric Side Config:

 

  1. Create a static VLAN Pool

So basically you define what vlan id you will be using on your interface to onboard the server.

Fabric -> Access Policies -> Pools -> VLAN -- Right click and Create Vlan Pool

 

  1. Create Physical Domain and bind Vlan Pool to the domain

Fabric -> Access Policies -> Physical and External Domains -> Physical Domains – Right click and Create Physical Domain

Just give name for the physical domain and attach the Vlan pool created in step 1. Leave the Associated Attachable Entity Profile option blank, we will do that in next step.

 

  1. Create AAEP and bind domain to the AAEP

Fabric -> Access Policies -> Global Policies -> Attachable Access Entity Profile – Create Attachable Access Entity Profile and just attach your physical domain created in step 2 here.

 

  1. Create Interface Policies – These are nothing but generic configs that you would want on your interface like cdp on, lldp off, speed, duplex, bpdu filter etc. Policies created here is an one time process and are reused extensively in future while onboarding new servers.

Fabric -> Access Policies -> Interface Policies ->Policies – Expand this and you will find all different parameters and their possible attributes. Select whatever is applicable for your servers. Common ones are cdp, link level, lldp, Port-Channel(LACP modes).

 

  1. Create Interface Policy Group -- Select what all policies created in step 4 need to be activated on the interface

Fabric -> Access Policies -> Interface Policies -> Leaf Policy Group – Right click and create policy group based on interface type(PC, VPC or access). You can select policies through drop down menu here. This is the place where you also attach the AAEP created in step 3.

 

  1. Create Leaf Profiles – So here you select the interfaces and attach policy group created in step 5

Fabric -> Access Policies -> Interface Policies ->Profiles -> Leaf Profiles – Right Click and create leaf interface profile, create interface selector (where you define interface name and attach interface policy group)

 

  1. Create Switch Profile – So finally, you select the switches here, where exactly the servers are connected. Everything done till step 6 is just an abstract and when you bind leaf interface profile created in step 6 to the switch profile then the config is actually completed and makes sense.

Fabric -> Access Policies ->Switch Policies -> Profiles – Right click and create leaf profile, select leaf switches (keep the policy group option empty), then move to the associated interface selector profiles and select the leaf interface profile created in leaf selector option and attach the interface policy group.

 

Phew!!! That completes your switch interface configuration required to on-board the server. But since we are in ACI, there are few more things to do before we are done.

 

Any server (physical or virtual) we on-board in ACI has to part of an application EPG, as everything is policy driven in ACI and to write policies you need to have classification of services.

 

Tenant Side Config:

 

So we need to go to respective tenant where that sever belongs and do following things:

  1. Create a VRF in Networking Tab
  2. Create a BD in Networking Tab (you need to associate your BD with the VRF) and create the subnet (which will be the distributed gateway)
  3. Create Application Profile
  4. Create an Application EPG -- Inside that application profile, create an application EPG ( you will have to associate BD while creating EPG). Keep remaining options as default.
    - When you expand that application EPG, you would see Domains option on left pane, that’s the place you need to attach your Physical domain option created in Step 2.
  5. Static port binding in EPG – You need to statically bind the configured interfaces to the EPG. Also need to specify the vlan encap id from the vlan pool created in Step 1.

This completes your server on-boarding configuration. With this your server should be able to ping the gateway. However, to communication with services hosted in other EPG or External network it would need contracts and additional configurations.

 

In addition to this, please also refer below sessions from Cisco Live which would help you understand ACI in depth:

1. ACI Under the Hood - How Your Configuration is Deployed - BRKACI-3101

https://ciscolive.cisco.com/on-demand-library/?search=aci&search.event=ciscoliveus2018#/session/1509501653465001PRkT

2. How to setup an ACI fabric from scratch - BRKACI-2004

https://ciscolive.cisco.com/on-demand-library/?search=aci&search.event=ciscoliveus2018#/session/1509501634778001Pfqx

 

Regards,

Jayesh

 

Rate all post that are helpful. Mark it as a solution if it solves your problem, it might help other users who have the same query.

View solution in original post

2 Replies 2

Jayesh Singh
Cisco Employee
Cisco Employee

Hi Mathris,

I would like to share with you a simple flow to understand and remember fabric access policies to on-board any physical server. Go to Fabric tab -> Access Policies and look at the options on left pane from bottom. Never start from top.

Below are the config steps with GUI path navigation details. However, I am pretty sure just reading them won’t make sense and it would really help only if you actually try out those steps on your APIC.

 

Fabric Side Config:

 

  1. Create a static VLAN Pool

So basically you define what vlan id you will be using on your interface to onboard the server.

Fabric -> Access Policies -> Pools -> VLAN -- Right click and Create Vlan Pool

 

  1. Create Physical Domain and bind Vlan Pool to the domain

Fabric -> Access Policies -> Physical and External Domains -> Physical Domains – Right click and Create Physical Domain

Just give name for the physical domain and attach the Vlan pool created in step 1. Leave the Associated Attachable Entity Profile option blank, we will do that in next step.

 

  1. Create AAEP and bind domain to the AAEP

Fabric -> Access Policies -> Global Policies -> Attachable Access Entity Profile – Create Attachable Access Entity Profile and just attach your physical domain created in step 2 here.

 

  1. Create Interface Policies – These are nothing but generic configs that you would want on your interface like cdp on, lldp off, speed, duplex, bpdu filter etc. Policies created here is an one time process and are reused extensively in future while onboarding new servers.

Fabric -> Access Policies -> Interface Policies ->Policies – Expand this and you will find all different parameters and their possible attributes. Select whatever is applicable for your servers. Common ones are cdp, link level, lldp, Port-Channel(LACP modes).

 

  1. Create Interface Policy Group -- Select what all policies created in step 4 need to be activated on the interface

Fabric -> Access Policies -> Interface Policies -> Leaf Policy Group – Right click and create policy group based on interface type(PC, VPC or access). You can select policies through drop down menu here. This is the place where you also attach the AAEP created in step 3.

 

  1. Create Leaf Profiles – So here you select the interfaces and attach policy group created in step 5

Fabric -> Access Policies -> Interface Policies ->Profiles -> Leaf Profiles – Right Click and create leaf interface profile, create interface selector (where you define interface name and attach interface policy group)

 

  1. Create Switch Profile – So finally, you select the switches here, where exactly the servers are connected. Everything done till step 6 is just an abstract and when you bind leaf interface profile created in step 6 to the switch profile then the config is actually completed and makes sense.

Fabric -> Access Policies ->Switch Policies -> Profiles – Right click and create leaf profile, select leaf switches (keep the policy group option empty), then move to the associated interface selector profiles and select the leaf interface profile created in leaf selector option and attach the interface policy group.

 

Phew!!! That completes your switch interface configuration required to on-board the server. But since we are in ACI, there are few more things to do before we are done.

 

Any server (physical or virtual) we on-board in ACI has to part of an application EPG, as everything is policy driven in ACI and to write policies you need to have classification of services.

 

Tenant Side Config:

 

So we need to go to respective tenant where that sever belongs and do following things:

  1. Create a VRF in Networking Tab
  2. Create a BD in Networking Tab (you need to associate your BD with the VRF) and create the subnet (which will be the distributed gateway)
  3. Create Application Profile
  4. Create an Application EPG -- Inside that application profile, create an application EPG ( you will have to associate BD while creating EPG). Keep remaining options as default.
    - When you expand that application EPG, you would see Domains option on left pane, that’s the place you need to attach your Physical domain option created in Step 2.
  5. Static port binding in EPG – You need to statically bind the configured interfaces to the EPG. Also need to specify the vlan encap id from the vlan pool created in Step 1.

This completes your server on-boarding configuration. With this your server should be able to ping the gateway. However, to communication with services hosted in other EPG or External network it would need contracts and additional configurations.

 

In addition to this, please also refer below sessions from Cisco Live which would help you understand ACI in depth:

1. ACI Under the Hood - How Your Configuration is Deployed - BRKACI-3101

https://ciscolive.cisco.com/on-demand-library/?search=aci&search.event=ciscoliveus2018#/session/1509501653465001PRkT

2. How to setup an ACI fabric from scratch - BRKACI-2004

https://ciscolive.cisco.com/on-demand-library/?search=aci&search.event=ciscoliveus2018#/session/1509501634778001Pfqx

 

Regards,

Jayesh

 

Rate all post that are helpful. Mark it as a solution if it solves your problem, it might help other users who have the same query.

Jayesh Singh
Cisco Employee
Cisco Employee

Hi Mathris,

 

Just wanted you to know, I have written even more detailed article explaining server on-boarding steps in ACI. I got this idea while drafting response for your question, ACI journey becomes simple once you get good grip on this piece. Appreciate you used Cisco Community for your query, question like yours make this space what it is! Thank you!

 

Here is the link for your reference:

Connecting Physical Servers To Cisco ACI Fabric - Simplified!

 

Regards,

Jayesh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Save 25% on Day-2 Operations Add-On License