Technology
Screenshot-2019-04-27-at-9.09.00-PM

How to configure Cisco ACI Part 1 of 2

Before going deep into how to configure Cisco ACI (Network Centric Mode), let’s understand what Cisco ACI is.

Cisco ACI (Application Centric Infrastructure) is Cisco’s Software Defined Networking Solution for the Data Center. 

It let’s the application requirements define the network. 

At a high level, it comprises of:

1. An APIC cluster (Application Policy Infrastructure Controller) which defines policy models, and provides management, analytics and monitoring for the entire fabric.

2. The actual fabric; which comprises of Cisco Nexus leaf / spine switches running the Cisco ACI mode operating system.

3. The resource pool which comprises of L2/L3 connectivity, infrastructure services (L4 to L7), Compute, Storage and virtualisation.

Cisco ACI

About this text

I’ll break up this text into two parts. The table of content has been provided for your reference. Part 1 will cover the fundamentals of configuration. Followed by that, we’ll get deeper into startup config, and discovery. After that, we’ll head towards installing and upgrading the image on the APIC. After that, we’ll configure the basic logical constructs such as tenant, application profile, bridge domain, end point group, etc. We’ll end this part with a discussion on creation of physical domains.

Table of Contents – Configuring Cisco ACI

  1. What is Cisco ACI
  2. Initial Start-up configuration
  3. Fabric Discovery and Node registration
  4. Upgrade the fabric
  5. Add Image to APIC
  6. Upgrading Device
  7. Creating Tenant
  8. Create Application Profile
  9. Create Bridge Domain
  10. Creating EPG ( END POINT GROUP)
  11. ADD Domain in EPG
  12. Assign Static Ports IN EPG
  13. Creating VLAN Pool
  14. Creating Physical Domain
  15. Create Policies
  16. Create Global Policies
  17. Create Attachable Access Entity Profiles
  18. Create Interface policies
  19. Link Level policies
  20. Create CDP Interface Policies
  21. LLDP Interface Policies
  22. Port Channel Policies
  23. Switch Policies
  24. Configuring Leaf Interfaces
  25. Leaf Interface Policy group
  26. Create Leaf Access Port
  27. Port Channel Interfaces
  28. Virtual Port-Channel Interface (VPC)
  29. Leaf Interface Profiles
  30. Configuring Leaf switch
  31. Leaf Switch Policy Group
  32. Leaf Switch Policy Group
  33. Leaf Switch Profiles.

What is Cisco ACI

Before getting into Configuring Cisco ACI, let’s understand what the APIC is. The Cisco Application Policy Infrastructure Controller (Cisco APIC) is the main architectural component of the Cisco ACI solution. It is the unified point of automation and management for the Cisco ACI fabric, policy enforcement, and health monitoring. The controller optimizes performance and manages and operates a scalable multitenant Cisco ACI fabric.

Initial Start-up configuration when configuring Cisco ACI

Cisco ACI

Step 1 :-  Enter your Fabric Name.

Step 2 :- In second step you will enter the fabric ID here.

Step 3 :- In this you will specify who many active controller you have in the fabric, active controller can  3, 5 or 7.

Step 4 :- Enter the POD ID, Single POD ID represent individual site.

Step 5 :- In this Step you will specify that is this a active controller or standby controller.

Step 6 :- In this you will enter the VTEP IP Address pool. This pool ACI will use for his own internal communication.

Step 7 :-  Here you will specify the Out-Of-Band Management details and Interface Mode.

Step 8:- And in the final step you will specify the admin credential.

Fabric Discovery and Node registration

Step 1 :- Go to Fabric tab> Inventory

Cisco ACI

Step 2:- Click on Fabric Membership

Cisco ACI

Step 3 :-  Go to None Pending Registration and select the Node.

Cisco ACI

Step 4 :- Right click on discovered switch and click register.

Cisco ACI

Step 5 :- Enter Node ID, Select Node and enter Node Name and click register.

Cisco ACI
Cisco ACI

Step 6 :- After register you can see the Node ID, Name and Status. it will shows Unknown first after registration.

Cisco ACI

Step 7 :- After that your register node will move from none pending Registration to Registration Node and it will see as an Inactive first , it will take time to come from Inactive to Active.

Cisco ACI

Step 8 :- Now finally you can see that you node is completely register.

Cisco ACI

Upgrade the fabric

Add Image to APIC

Step 1 :-  Login APIC GUI using GUI Credential.

Cisco ACI

Step 2 :- Go to admin tab > Firmware > go to the right corner click on image and then click on setting and then click on add firmware to APIC.

Cisco ACI

Step 3 :- Select the image location option from where you will fetch the image and then browse it.

Cisco ACI
Cisco ACI

Step 4 :- After browse click submit.

Cisco ACI
Cisco ACI

Configuring Cisco ACI – Upgrading Device

Step :- Go to Admin > Firmware > Infrastructure > Nodes.

Cisco ACI

Step 2 :- Click on right corner below the node and schedule the upgrade.

Cisco ACI

Step 3 :- Fill the required field.

Cisco ACI
Cisco ACI
Cisco ACI
Cisco ACI
Cisco ACI

Configuring Cisco ACI – Creating Tenant

Step 1:  Open ACI in browser and enter USERNAME and PASSWORD

Cisco ACI

Step 2:-  Go to Tenant tab

Cisco ACI

Step 3 :- Click on Add tenant tab

Cisco ACI

Step 4: Fill all the required field and click on Submit.

Cisco ACI

Configuring Cisco ACI – Create Application Profile

Step 1:- Go to tenant tab

Cisco ACI

Step 2 :  Click on created Tenant like: I have create common, mgmt, infa tenant

Cisco ACI

Step 3:- Click on Tenant (Mgmt) dropdown arrow.

Cisco ACI

Step 4: Right Click on application Profile.

Cisco ACI

Step 5 :- Create application Profile

Cisco ACI

Step 6:- Fill all the required field and then click submit.

Cisco ACI

Configuring Cisco ACI – Create Bridge Domain

Step 1 :-  Go to the Tenant tab > Tenant  dropdown in left side navigation > Networking.

Cisco ACI

Step 2: Click on networking dropdown

Cisco ACI

Step 3: Right click on Bridge Domain and create bridge domain.

Cisco ACI

Step 4: Enter the Name of the BD and VRF in Step1 > Main and click next

Cisco ACI

Step 5: In Step >2 L3 Configuration click on add subnet button and add subnet

Cisco ACI

Step 6:- In Create Subnet will define the gateway and scope of the network and click OK and then click on Next.

Cisco ACI

Step 7 :- In Step > 3 Advanced/ Troubleshooting click on Finish.

Cisco ACI

Step 8 :-  You can see created BD on Right Side.

Cisco ACI

Configuring Cisco ACI – Creating EPG ( END POINT GROUP)

Step 1: Go to Tenant > Click on created tenant > click on tenant dropdown >click on Application Profile Dropdown you will see your configured application profile which you configured earlier.

Cisco ACI

Step 2 :-  Click on created Application Profile dropdown navigator.

Cisco ACI

Step 3: –  Right click on Application EPG

Cisco ACI

Step 4 :- Click on Create application EPG

Cisco ACI

Step 5 :- In Step 1 > Identity enter the Name of EPG and enter the BD which you created earlier after that click on Finish tab.

Cisco ACI

Step 6 :- you can see your created EPG on right side and you can click on Application EPG Navigator and you can see the list of created EPG’s in Navigation as well.

Cisco ACI

Configuring Cisco ACI – ADD Domain in EPG

Step 1 :- Click on created EPG navigator and go to Domains.

Cisco ACI

Step 2 :-  Right Click on Domain and add Physical Domain Association.

Cisco ACI

Step 3 :-  Select Physical domain from dropdown which you configured earlier under Fabric > access policies > physical and external domain > Physical domain and click submit.

Cisco ACI

Step 4 :- You can see created domain in right side window.

Cisco ACI

Assign Static Ports IN EPG

Step 1 :- Click on EPG navigator and go to Static Port.

Cisco ACI

Step 2 :- Right Click on it and deploy static EPG on PC, VPC or Iinterface.

Cisco ACI

Step 3 :-  Select Port Type, Node form Dropdown, Port form dropdown in path section, enter VLAN, Select deployment and interface Mode and click submit.

Cisco ACI

Cisco ACI

Step 4 :- you can see your created static port on right side window and you can click on Static port Navigator and you can see the list of configured ports in Navigation as well.

Creating VLAN Pool

Step 1:- Go to Fabric tab

Cisco ACI

Step 2:- Click on Access Policies

Cisco ACI

Step 3:- Go to Pool and click on navigator

Cisco ACI

Step 4 :- Go to VLAN and right click on it

Cisco ACI

Step 5:- Click on Create VLAN Pool

Cisco ACI

Step 6:- Enter Name of the pool and define the Allocation Type

Cisco ACI

Step 7 :- Go to Encap Block and click on + button and define the VLAN Range

Cisco ACI

Step 8 :- Click on Submit button

Cisco ACI

Step 9 :- You can see created VLAN pool on right side and you can click on VLAN Navigator to see the individual Created Vlan Pool.

Cisco ACI

Step 10 :- Click on Created VLAN Pool in Navigator menu and you will see the VLAN Pool.

Cisco ACI

Creating Physical Domain

Step 1 :- Go to Fabric Tab > Access Policy > Physical and External Domain

Cisco ACI

Step 2:- Click on the Navigator.

Cisco ACI

Step 3 :- Go to Physical Domain and right click on it.

Cisco ACI

Step 4 :- Click on Create Physical Domain to create a physical domain.

Cisco ACI

Step 5 :- Enter Name and Vlan Pool which you Created earlier and click on submit.

Cisco ACI

Step 6 :- You can see the created Physical domain in right side window and you can click on physical domain navigator and you can see the created physical domain in left side navigator as well.

Cisco ACI

Summary

In this section on configuring Cisco ACI, we brought up the physical domain and created basic logical constructs such as VLANs, tenants, bridge domains, etc. Stay tuned for part 2 of 2, where we’ll go deeper and create policies (global, Attachable Access Entity profiles, interface policies, link level policies, CDP interface policies, etc). We’ll also look at VPC config, and leaf switch policies and profiles, and other constructs required when configuring Cisco ACI.

Are you looking for advisory, consulting and professional services that will help you meet your Information Technology goals? Zindagi can help!

Zindagi Technologies is an IT consultancy and professional services organization based out of New Delhi, India. We’re experts in large scale data centre design and deployment, service provider network design, information security, blockchain, IoT, Smart Cities, and Private/Public/Hybrid cloud solutions. Each one of us has years of experience in large scale network design, deployment and automation. Our “customer first” motto drives us forward, and we believe in providing quality services to our clients always.

Contact us now, to know how Zindagi can help solve your IT / Information Security related problems. We’re also available on email and phone (India business hours).

Author

Hi, This is Gagan. I have had the opportunity of configuring Cisco ACI apart from many other complex technologies when working with the team at Zindagi Technologies. I believe that when one teaches, two learn. Which is why i love sharing my knowledge. Hope you enjoyed this. Keep an eye out for part 2!

Gagan Tyagi
Consulting Engineer
Zindagi Technologies LLP

Author

Team ZT