Written by Michael Earls
If you're like me Christmas and New Year's went super fast and around this time Cisco announced the new software release of ACI 1.2. For others this was like an early Christmas present including support for a more advanced NX-OS style CLI, redesigned GUI, and Increased scalability. Check out the latest update here.
Below I will show just a few examples on using the new style CLI to create VLANs, and new Tenants.
Accessing the CLI:
Access the secure shell (SSH) client, open an SSH connection to the out-of-band management IP address that was configured durning the initial setup.
$ ssh apic-admin@10.10.10.10
Application Policy Infrastructure Controller
apic-admin@10.10.10.10's password:
The NS-OS style CLI is organized the same way using a hierarchy of commands starting with EXEC mode as the root tree. The CLI supports question mark (?) level help at the system prompt.
Difference in usage when using NX-OS
- Global configuration mode is entered when the configure command instead of configureterminal
- To configure node-level or Leaf-level configuration, you must navigate to that given switch using leaf command
- The physical port is slightly different, Ethernet port eth x/y instead of ethX/Y
- Special characters such as ‘$’ or ‘!’ should be escaped with a backslash (‘\$’) or wrap the word or string in single quotes
Below we are creating VLAN groups called VLAN Domains, this is a combination of single or multiple VLANS. The VLAN-DOMAIN supports dynamic and static VLANs. The default type is static unless otherwise defined.
apic# configure
apic(config)# vlan-domain domain1
apic(config-vlan)# vlan 1001-1999,4001
apic(config-vlan)# exit
apic(config)# vlan-domain domain2 dynamic
apic(config-vlan)# vlan 201-300
apic(config-vlan)# vlan 401-500 dynamic
Now, lets associate those new VLAN-Domains we created in the last step and associate them to a leaf node interface.
apic# configure
(config) # leaf 101-102
(config-leaf) # int eth 1/1-24
(config-leaf-if) # vlan-domain member domain1
(config-leaf) # int eth 1/1-12
(config-leaf-if) # no switchport
(config-leaf) # int eth 1/13-24
(config-leaf-if) # switchport
(config) # leaf 101-102
(config-leaf) # int eth 1/1-12
(config-leaf-if) # switchport vlan scope local
(config-leaf) # int eth 1/13
(config-leaf-if) # no switchport vlan scope local
We can also create new tenants or modify the existing tenants defined within APIC.
apic# configure
apic(config)# tenant CorpMarketing
apic(config-tenant)# security domain CorpMarketing_domain1
apic(config-tenant)# vrf context CorpMarketing_v1
apic(config-tenant-vrf)# contract enforce
apic(config-tenant-vrf)# contract provider web
apic(config-tenant-vrf)# contract consumer db
apic(config-tenant-vrf)# contract provider icmp
apic(config-tenant-vrf)# contract consumer icmp
apic(config-tenant-vrf)# exit
apic(config-tenant)# bridge-domain CorpMarketing_b1
apic(config-tenant-bd)# vrf member CorpMarketing_v1
apic(config-tenant-bd)# exit
apic(config-tenant)# interface bridge-domain CorpMarketing_b1
apic(config-tenant-interface)# ip address 172.1.1.1/24
apic(config-tenant-interface)# exit
Just like NS-OS to remove the current configuration set we issue a 'no' in front of the command.
apic# configure
apic(config)# no tenant CorpMarketing
apic# end
apic(config)# no vlan-domain domain1
apic# exit
In our next post we will look at using show commands as well the builtin diagnostic CLI commands.