Solved: Re: How to assign EPGs/Vlans to multiple ports?

Stefan Tiefel · ‎02-27-2020

Hello everyone,

is there any smart way of assigning EPGs/Vlans static to multiple Ports at once?

Let's assume we have an installation with many leafs and many VmWare ESX-Hosts connected to this leafs but no VMM integration.

So, everytime there is a new EPG the EPG/VLAN mapping has to be configured static to many trunk ports.

Is there any posibillity to build a profile or a group "esx-hosts" and to assign the EPGs to this profile?

Maybe I'm missing out on some obvious thing?

Im glad for every hint and kind regards

Stefan

Remi-Astruc · ‎02-27-2020

Hi @Stefan Tiefel ,

Yes, you can deploy an EPG/Vlan automatically to all the ports belonging to an AEP.

When you create an EPG, assign the Physical Domain, then open the related AEP policy and add the new EPG and Encap in the section "Application EPGs". That's all.

More info:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/L2_config/b_Cisco_APIC_Layer_2_Configuration_Guide/b_Cisco_APIC_Layer_2_Configuration_Guide_chapter_011.html#d15623e2252a1635

Remi Astruc

View solution in original post

RedNectar · ‎02-27-2020

Hi Stepan,

is there any smart way of assigning EPGs/Vlans static to multiple Ports at once?

Yes - even if you are NOT using VMM integration (which would overcome the problem immediately)

Forget doing any static mappings in EPGs. Instead, make sure you have your Access Policy Chain (Google it) completed with all the access ports you require for the VLAN mappings in the same chain, connected to the same AAEP.

Now go to the AAEP (Fabric > Access Policies >> Policies > Global > Attachable Access Entity Profiles > YourAAEP) IN the Work Pane, scroll down and look for the section called Applicaiton EPGs. Click the [+] icon to add the Tenant+ApplicationProfile+EPG to vlan-ID mapping you wish to add to all ports at once.

Repeat for all Vlan-to-EPG mappings

Job Done.

Note: If you have set the Global Enforce Domain Validation option (System > Sytem Settings >> Fabric Wide Settings) option, you will still need to ensure every EPG is linked to (one of) the Physical Domain(s) in your Access Policy Chain.

Let's assume we have an installation with many leafs and many VmWare ESX-Hosts connected to this leafs but no VMM integration.
So, everytime there is a new EPG the EPG/VLAN mapping has to be configured static to many trunk ports.
Is there any posibillity to build a profile or a group "esx-hosts" and to assign the EPGs to this profile?

There is also the option of using integrated VMM Domains, where you allow ACI to manage vCenter and create vSwitches. Let me know if you want more info on this.

Maybe I'm missing out on some obvious thing?

Im glad for every hint and kind regards
Stefan

I hope this helps

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

Remi-Astruc · ‎02-27-2020

Hi @Stefan Tiefel ,

Yes, you can deploy an EPG/Vlan automatically to all the ports belonging to an AEP.

When you create an EPG, assign the Physical Domain, then open the related AEP policy and add the new EPG and Encap in the section "Application EPGs". That's all.

More info:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/L2_config/b_Cisco_APIC_Layer_2_Configuration_Guide/b_Cisco_APIC_Layer_2_Configuration_Guide_chapter_011.html#d15623e2252a1635

Remi Astruc

peterzhang · ‎02-27-2020

I recommend use postman, either with a spreadsheet, or construct a specific postman JSON so that it applies a specific of EPGs with specific encap and you can simply replace the leaf and switch ports. I've done something similar for openstack environment where I needed to tag 500 VLANs per compute nodes.

Python would give you the best outcome though, as exactly what you described "deploy all VLANs for these 50 new ESX hosts attached to switch 101, port 1 - 24". - a few minutes with a single click.

Using AEP methodology does give you a nice way of doing something similar as mentioned above, but there are caveats. I'd prefer to have granular control any day, over "make life easier within ACI" because most objects are "immutable" (meaning you can't edit them without disruption). Of course there are certain logical designs that would achieve a much more efficient fabric, but using AEP for static path deployment isn't one of them

RedNectar · ‎02-27-2020

Hi Stepan,

is there any smart way of assigning EPGs/Vlans static to multiple Ports at once?

Yes - even if you are NOT using VMM integration (which would overcome the problem immediately)

Forget doing any static mappings in EPGs. Instead, make sure you have your Access Policy Chain (Google it) completed with all the access ports you require for the VLAN mappings in the same chain, connected to the same AAEP.

Now go to the AAEP (Fabric > Access Policies >> Policies > Global > Attachable Access Entity Profiles > YourAAEP) IN the Work Pane, scroll down and look for the section called Applicaiton EPGs. Click the [+] icon to add the Tenant+ApplicationProfile+EPG to vlan-ID mapping you wish to add to all ports at once.

Repeat for all Vlan-to-EPG mappings

Job Done.

Note: If you have set the Global Enforce Domain Validation option (System > Sytem Settings >> Fabric Wide Settings) option, you will still need to ensure every EPG is linked to (one of) the Physical Domain(s) in your Access Policy Chain.

Let's assume we have an installation with many leafs and many VmWare ESX-Hosts connected to this leafs but no VMM integration.
So, everytime there is a new EPG the EPG/VLAN mapping has to be configured static to many trunk ports.
Is there any posibillity to build a profile or a group "esx-hosts" and to assign the EPGs to this profile?

There is also the option of using integrated VMM Domains, where you allow ACI to manage vCenter and create vSwitches. Let me know if you want more info on this.

Maybe I'm missing out on some obvious thing?

Im glad for every hint and kind regards
Stefan

I hope this helps

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

OQ · ‎05-04-2021

Hi Chris.

I found this post after a deployment supporting a large number of static port mapping. If I decide to adopt this approach, would the old way of trunking down vlans coexist with mapping EPGs at the AEP level.

The reason I asked is that not all the connected endpoints are ESXi host. So I will have to create a new AEP and assigned a vlan pool that will have a subset of vlans for the vlan pool associated to the current physical domain with has a different AEP.

I other words, would I be able to support the old static port mapping at the same time associated the epg to a different AEP?

I am looking for guidelines but only found

VLAN Guidelines
Use the following guidelines to configure the VLANs where EPG traffic will flow.

Multiple domains can share a VLAN pool, but a single domain can only use one VLAN pool.
To deploy multiple EPGs with same VLAN encapsulation on a single leaf switch, see PER PORT VLAN