Frequent Contributor

ACI Questions

Hi All

I have some ACI questions.


1.Does the fabric always use vxlan?

2.Do you have normal vlans on the leaf switches and then do these map to vxlans on the leaf? is this done automatically by ACI?

2.What is the take up on aci these days? are many Nexus customers using it?

4.Do you always need 3 APIC servers?

5.How would you add a switch to the fabric, would you put the switch in ACI mode using ACI os, do you have to put a management ip on the switch so aci can talk to it?

6.How easy is it generally to use?

VIP Mentor



Yes ACI users vxlan and there's nothing to do in your side.

One you configure an EPG and attach an interface with your real vlan id, all the backend configuration is handled by ACI.

Also ACI is meant to move from network centric mode towards application centric and deploying micro segmentation for more security.

Based on these few requirements, some customers are moving from VXLAN nexus designs towards ACI. It gives them more security on an easiest way to implement and manage.

You'll need 3 APICs servers to be deployed to follow best practices designs age redundancy.

It can work even with 1 server but you'll have an alert saying you're 2 servers and without 3 servers, you won't be running a supported design.


All Cisco devices (nexus switches) must be converted into aci mode to work. This is needed to have your nexus switch to operate within a Fabric 

You'll be able to interconnect this to any external switches (out of Fabric) in a L2 mode.

Management IP (out of band or in-band) isn't needed for ACI to communicate with leaves and and spines, it's for you to operate it. APIC will assign IP address on interfaces connected between each switches (leaves/spines) which an IP not reachable outside of the fabric.


It's not so complicated to operate but there's a learning curve to get used to it when moving to ACI fire the 1st time.




Thanks for the response,


So, with ACI, when adding new spine and leaf switches, do you need to do anything on them at all? or do you just boot them up in aci mode and then the apic's automatically find them by cdp etc?


Do you still add vlans as per normal on each of the end user ports etc? does aci automatically map these to the vxlan then?


Is it really that good? how reliable is it?