Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
What Should I Expect from this Lab?
You will provision 3-Tier application with below labs in ACI:
Module 1
• Lab 1 – Deploying Basic ACI functions
• Lab 2 – L2out – Creating L2 Extension
• Lab 3 – L3out – Creating an L3 Extension with OSPF/iBGP
• Lab 4 – Associate a VMM Domain to the EPG’s in Application Profile
Module 2
• Lab 5 – L4-7 Services Integration and Python Automation
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ACI hands on Lab
LABSDN-2331
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
What is Application Centric Infrastructure ?
Cisco ACI
Logical Network Provisioning of Stateless Hardware
Web App DB
APIC
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
ACI Network Profile
Policy-Based Fabric Management Application
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Opflex: AN OPEN, extensible policy protocol
Policies:
OPFLEX WAS • Who can talk to whom
HYPERVISOR
Open, standardized API with an open FIREWALL SWITCH ADC
4. source reference implementation
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Multi-Hypervisor-Ready Fabric
Network
Admin
Virtual Integration APIC
APIC
ACI Fabric
Integrated gateway for VLAN,
VxLAN, and NVGRE networks
from virtual to physical
VLAN VLAN VLAN VLAN
VXLAN NVGRE VXLAN
Normalization for NVGRE,
VXLAN, and VLAN networks ESX Hyper-V KVM
VMware Microsoft Red Hat
Customer not restricted by a VMware
Microsoft PHYSICAL
choice of hypervisor SERVER
Red Hat
Fabric is ready for multi- XenServer
Application Hypervisor
hypervisor Admin Management
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Review of the ACI Policy Model
End-points
Things that connect to the fabric and use it to interface with other things
A compute, storage or service instance attaching to a fabric
NIC
vNIC
. end-points [ EP ]
.
.
ACI Fabric
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
End-points
Things that connect to the fabric and use it to interface with other things
A compute, storage or service instance attaching to a fabric
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
End-point Groups (EPGs)
EPG APP SERVER Allows to specify rules and policies on
groups of physical or virtual end-points
without understanding of specific
identifiers and regardless of physical
policies location.
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Application Network Profiles (ANP) – what’s that ?
Application Network profiles are a group of EPGs and the
policies that define the communication between them.
Inbound/Outbound Inbound/Outbound
Policies Policies
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Applying Policy between EPGs: ACI contracts
Contracts define the way in which EPGs interact.
Unidirectional
Communication
EPG EPG
B Contract 02
C
Bidirectional
Contract 01 Communication
Context Context
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Tenant L3, L2 Isolation
VTEP
Physical and Virtual VTEP’s VTEP
VTEP
(Policy & Forwarding Edge AVS
Nodes) AVS
WAN/DCI
Services
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Lab-Session: Module 1
What equipment do we have? OOB mgmt WS-C3750G
Spine 1 Spine 2
APIC 1 APIC
APIC 3 APIC
Leaf 1 Leaf 2
Internet
UCS -B UCS -B
Windows 2008
RDP Server
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Now lets translate to a logical model
APIC
VM VM VM
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
ACI Fabric per POD
Tenants, Private Networks,
Tenant “customerX”
Bridge Domains, EPGs…
Infrastructure
PN “CTX1”
X - POD number
BD1 BD2
Subnet 10.X.10.1/24
Subnet 10.X.20.1/24 101.X.90.1/24
Subnet 10.X.30.1/24
EPG VMs
DB
Apps
EPG EPG
WEB
Services
inside outside
EPG
APP ASAv
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Timelines
ACI Hand-on-Lab Session
Conclusion
Q&A
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Integrating L4-7 Services with ACI
ACI Layer 4 - 7 Service Integration
Centralized, Automated, And Supports Existing Model
• Elastic service insertion architecture for physical Policy Redirection
Web Tier App Tier
and virtual services
A B
Web
Web Web
App
• Helps enable administrative separation between Server
Server
Server
Server
Application
application tier policy and service definition Admin Chain
“Security 5”
• APIC as central point of network control with
policy coordination
Service
…..
Graph
begin Stage 1 Stage N end
Service Profile
integrated with existing services inst inst
Providers
…
…
Service ……..
• Service enforcement guaranteed, regardless of Admin inst inst
endpoint location Firewall Load Balancer
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Device Definition and Package
Device Specification
Device <dev type= “f5”>
Package <service type= “slb”>
• Securely upload Device Package zip file to APIC <param name= “vip”>
<dev ident=“210.1.1.1”
<validator=“ip”
• Device Package consists of <hidden=“no”>
<locked=“yes”>
– DeviceSpecification (xml): The configuration of the APIC is
represented as an object model consisting of a large number
of Managed Objects (MOs). A Device type is defined by a tree
of MOs with a Meta Device (MDev) at the root. DeviceScript DeviceSpec
– DeviceScript (py): The integration between the APIC and a
Device is performed by a DeviceScript, which maps APIC
events to Device interactions.
• The Device Package should be created by a 3rd party vendor,
ACI, advanced services, the customer, etc.
• Interactions are Device Attachment, Endpoint Attachment,
Service Graph Rendering, Health Monitoring, Faults, Counters Partner
Rest/CLI
DevicePartner Device
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Key Concepts in Service Insertion
• Concrete Device: it represents a service device, e.g. one load balancer, or one firewall
• Logical Device: represents a cluster of 2 devices that operate in active/standby mode for instance.
• Abstract Service Graph: defines a sequence of “functions” connected: e.g. a firewall followed by a load
balancing.
• Abstract Node: it is an element in the Abstract Graph. The Abstract node is mapped to the logical
devices via the Logical device Context
• Device Package: defines things such as how to label “connectors” for a function, and how to translate
“names” from ACI to the specific device.
• Device Types:
GoTo – L3 mode
GoThrough – L2 mode
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Initial steps
• First you need to configure the management IP address for the pair of load
balancers or firewalls
• Also add a license to the device
• The management interface connects to a Management EPG that you need to
configure or it connects out of band
• And you need to configure them in active/standby or active/active mode
• Connect them to a leaf or
• install the virtual appliance on a virtualized servers
• Make sure the device package is installed on the APIC
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configuration steps
• Split the bridge domain as needed and associate subnets with it - BD1 and BD2
• Create Logical Device, and Concrete Device
• Create Service Graph
• Create Selection Criteria (Logical Device Context) to render the service graph
• Associate Service Graph with a contract
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Lab-Session: Module 2
What we will do in this Module
Single node service graph
contract: WEB_FW
subject: web_fw
BD2 BD1
101.X.90.3 101.X.90.1 Policy Redirection
10.X.10.1
Web
L2OUT Web
EPG
Server Server
Services Service Graph WEB
200.X.1.1
Firewall
200.X.1.200 10.X.10.198
101.X.90.198
outside inside
ASAv WebServer
GoTo mode 10.X.10.200
X - pod number
http://10.X.10.200
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Timelines
ACI Hand-on-Lab Session
Conclusion
Q&A
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Call to Action
• Visit the World of Solutions for
– Cisco Campus
– Walk in Labs
– Technical Solution Clinics
• Meet the Engineer
• Lunch time Table Topics
• DevNet zone related labs and sessions
• Recommended Reading: for reading material and further resources for this
session, please visit www.pearson-books.com/CLMilan 2015
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Complete Your Online Session Evaluation
• Please complete your online session
evaluations after each session.
Complete 4 session evaluations
& the Overall Conference Evaluation
(available from Thursday)
to receive your Cisco Live T-shirt.
LABSDN-2331 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
ACI hands on Lab
LABSDN-2331
1 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Table of Contents
Module 1 ------------------------------------------------------------------------------------------- 5
Remote Desktop Connection and APIC / vCenter / N3K / Application servers login access
and credentials ------------------------------------------------------------------------------------------------- 8
Table 1 - RDP/VM IP address per assigned POD---------------------------------------------------- 9
Remote Lab Access Instructions ------------------------------------------------------------------------ 11
Table 2 – Naming convention used in Module 1 and 2 -------------------------------------------- 17
Table 3 – L2out (Vlan ID) / L3out (Router ID/ SVI IP/ VLAN ID) -------------------------------- 19
Module2: ------------------------------------------------------------------------------------------ 93
2 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Introduction to the Lab
The lab has two modules.
In this lab, all the configuration tasks will focus on the basic ACI features. You will not
configure the AVS integration with ACI. It is already preconfigured for you. All VMs are
deployed and preconfigured with the needed IPs – you will have to assign the proper port
group which is explained in details later in this manual.
This lab is not a design guide. The purpose of this lab is to teach and experiment with
certain elements of ACI fabric.
3 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Prerequisites:
Notes:
• You do not have to save your configuration as APIC is doing automatically for you
• Much of the screen shoots in the diagram used in this lab guide are from tenant
“customer1”
4 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Module 1
Lab 0 – Lab Topology, Components and
Connectivity
Objective:
• Briefly introduce each component in the topology
• Remote connection information to the lab pod.
• Explains how to open HTTPS/ssh/telnet sessions that you will use through the lab.
5 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Logical Topology Diagram:
• The lab contains 1 ACI fabric shared by all pods according to the diagram above.
• The UCS Servers are shared by all pods.
• Nexus 3172 is shared by all pods – only view access as it is already preconfigured for
you.
• VMs will be used for Remote Desktop that will allow you to access your assigned
POD devices. 3 VMs WEB/APP/DB will be used as application VMs. There is also 1
“ubuntu-python” VM shared by all pods for running a Python script in Module 2
• Please do not change any configuration at the VMs except changing the port groups
in vCenter as per the instructions later in the lab guide.
6 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Addressing and naming scheme:
“X” in this Lab Guide represents the POD number. You will be required to
substitute the “X” with your assigned POD number throughout the lab.
For RDP to the Student Desktop(Windows 2008 Server) and VMs access check Table 1.
For naming scheme for configuring APIC tasks in Module 1 and 2 check Table 2. Please
use the exact naming scheme as per Table 2 as this is very important to completing the
whole lab where all the names need to much and especially for the L4-L7 Service Graph
part. We are using a Python script to shorten and ease the configuration so this names need
to much exactly as per Table 2.
For L3out (Router ID/ SVI IP/ VLAN ID) in module 1 check Table 3 (Router ID/ SVI IP/ VLAN
ID).
For ASAv MGMT IP please check Table 4 . Please Do not change any configuration at
the ASAv – only APIC will do the needed configuration !
7 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Remote Desktop Connection and APIC / vCenter / N3K / Application
servers login access and credentials
Please use your POD in “POD number and corresponding RDP IP table” below and use
ONLY the assigned IP to connect to your POD devices with the instruction below.
vCenter: 10.15.27.150
Please use Username: studentX
Please use Password: Password!
X is the pod number.
WEB/APP/DB/ (see the IPs from Table 1 below) (only non root access is needed)
Please use Username: student
Please use Password: student
ASAv : (see the IPs per POD from the Table 4 below) – please do not change the
config.
Please use Username: cisco
Please use Password: cisco123
8 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
The following are the IPs and the instructions how to access the Lab, which is based in San
Jose, CA , USA
9 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
POD 21 173.36.249.109 10.15.28.101 / 10.15.28.151 / 10.15.28.191
10
10 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Remote Lab Access Instructions
In case of AnyConnect VPN session is needed first (this info will be provided from the Lab
Proctors) please do:
Step 1 Step 2
Click on the icon on your Desktop
Connect to IP 173.36.255.218
11
11 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
LAB Testbed can be remotely accessed using Remote Desktop Connection.
A Windows 2008 Terminal Server is used as a Student Desktop that has access to the
Cisco DMZ lab network. PuTTY client will provide a preconfigured database with all the lab
management IP addresses. APIC and vCenter are reachable via a web browser from it.
Step 1 Step 2
12
12 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Step 3 Step 4
Username: aci-user-podX
Password: (Proctors will provide)
13
13 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
How to access APIC via HTTPS
Username: studentX
Password: ciscolabX
14
14 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
How to access WEB/APP/DB via SSH
15
15 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
How to access vCenter
Step3:
For login credentials use:
Step4:
16
16 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Table 2 – Naming convention used in Module 1 and 2
Tenant customerX
Private Subnet
101.X.90.1/24
Application1 APP1
EPG1 WEB
EPG2 APP
EPG3 DB
Contract 1 APP-‐to-‐WEB
Subject 1 All
Contract 2 DB-‐to-‐APP
Subject 2 All
Contract 3 Internet-‐to-‐APP
Subject 3 All
17
17 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Interface
Profile
L2out_interface_profile
Networks
L2out_ext_network
External
Routed
Network
(Routed
Outside
–
L3out)
Internet_access
Logical
Node
profile
to_N3K
Logical
Interface
Profile
SVI_to_N3K
Networks
Internet
L4-‐L7
Devices
(ASAv)
ASAv-‐customerX
18
18 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Table 3 – L2out (Vlan ID) / L3out (Router ID/ SVI IP/ VLAN ID)
19
19 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
POD 20 820 100.11.19.1 -leaf1 10.11.19.2/24 / vlan-1119
100.11.19.2 -leaf2 10.11.19.3/24 / vlan-1119
20
20 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Module 1
Lab 1 – Deploying Basic ACI functions
Objective:
• Creating a Private Network (context) for the tenant
• Creating two Bridge Domains
• Creating Subnets
• Creating one Application profiles
• Creating Contracts and Filters
NOTE:
Tenant is already created for you.
21
21 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
NOTE: All the below screenshots, except explicitly mentioned are taken
from tenant “customer1” for your reference.
Tenant’s for everyone is already pre-configured, Steps are shown in
Appendix A.
1. At the APIC GUI, navigate to customerX Tenant , by typing your tenant name
customerX in the search window and then click it.
22
22 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
2. Expand the Networking folder, then right-click on the Bridge Domains and select
Create Bridge Domain
23
23 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
3. On the CREATE BRIDGE DOMAIN screen:
a. Give the Bridge Domain a name BD1
b. Click on the Networking drop-down menu
c. Select Create Private Network.
24
24 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
5. Back on the CREATE BRIDGE DOMAIN screen:
a. On the Subnets Window, Click on the “+” sign
25
25 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
7. Back on the CREATE BRIDGE DOMAIN screen:
a. On the Subnets Window, Click on the “+” sign
26
26 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
9. Back on the CREATE BRIDGE DOMAIN screen:
a. On the Subnets Window, Click on the “+” sign
27
27 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
11. Back on the CREATE BRIDGE DOMAIN screen:
a. Click SUBMIT
28
28 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
12. Create a Second Bridge Domain by following step 7-11 with following:
a. Name the Bridge Domain as BD2
b. Use the previously created Network CTX1
c. Add the Subnets Gateway IP 101.X.90.1/24 (X is the POD number)
d. Select the Scope as Private Subnet
e. Finish it by clicking on the SUBMIT
13. Now:
a. In the left-hand pane, expand the Networking folder, and expand the Bridge
Domains folder. Here you will see the name of the Bridge Domain you just created.
Now expand the name of the Bridge Domain folder, and you will see the Subnet you
have created.
b. Expand the Private Networks folder. Here you will see the Context you just
created.
29
29 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Add an Application Profile to ‘customerX’ Tenant (X – pod number)
30
30 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
3. On the CREATE APPLICATION EPG screen:
a. Give the EPG a name APP
b. Select the Bridge Domain BD1 which you created above
c. Click OK.
31
31 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
5. Again on the CREATE APPLICATION EPG screen:
a. Give the second EPG a name WEB
b. Select the Bridge Domain BD1 which you created above
c. Click OK.
32
32 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
7. Again on the CREATE APPLICATION EPG screen:
a. Give the third EPG a name DB
b. Select the Bridge Domain BD1 which you created above
c. Click OK.
33
33 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
9. On the ADD PROVIDED CONTRACT screen:
a. Select the drop down menu for Name
b. Select Create New Contract.
34
34 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
11. On the CREATE CONTRACT SUBJECT screen:
a. Give the Subject a name ALL
b. Click the “+” under Filter Chain
35
35 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
d. Then click “update”
e. Click on “+” on the FILTERS window and select another filter “icmp”
under Tenant:common
36
36 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
f. Then click “update”
g. Click “OK”
37
37 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
h. On the next screen, click SUBMIT
38
38 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
13. Back on the CREATE APPLICATION PROFILE screen:
Notice the graphic at the bottom now shows DB EPG with an arrow to the contract you just
created, indicating that DB EPG is providing that contract.
39
39 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
15. Back on the CREATE APPLICATION PROFILE screen:
Notice now that the graphic at the bottom shows an arrow from the contract to APP EPG,
indicating that APP EPG is consuming the contract provided by DB EPG.
40
40 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
17. On the CREATE CONTRACT screen:
a. Give the contract a name APP-to-WEB
b. Click the “+” under Subjects
41
41 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
c. Select “arp” under Tenant:common
42
42 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
e. Click on “+” on the FILTERS window and select another filter “icmp”
under Tenant:common
43
43 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
g. Click “OK”
44
44 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
19. Back on the ADD PROVIDED CONTRACT screen:
a. Select the contract you just created above
b. Click OK.
Notice the graphic at the bottom now shows APP EPG with an arrow to the contract you
just created, indicating that APP EPG is providing that contract.
45
45 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
21. On the ADD CONSUMED CONTRACT screen:
a. For Name, select the contract you created above.
b. Click OK.
Notice now that the graphic at the bottom shows an arrow from the contract to WEB EPG,
indicating that WEB EPG is consuming the contract provided by APP EPG.
a. Click SUBMIT.
46
46 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
NOTE: the graphic of the EPG to Contract relationships can be seen at any time by
selecting the Application EPGs folder under the Application Profile name.
47
47 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Module 1
Lab 2 – L2out – Creating L2 extension
Objective:
• Creating L2out for Extending the layer 2 domain beyond the ACI Fabric
48
48 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
L2 OUT – Extending L2 out to the Nexus 3k
Extending the layer 2 domain beyond the ACI Fabric is to create layer 2 outside connections.
Below configuration will extend the whole bridge domain ( not an individual EPG under
bridge domain) to the outside network. In our topology we are extending the layer 2 Bridge
domain outside to the Nexus 3K environment.
2. Expand the Networking folder, then right-click on External Bridged Networks and select
Create Bridged Outside.
49
49 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
3. On the CREATE BRIDGE OUTSIDE screen:
a. Give the connection a name L2out_Services
b. For Bridge Domain, Select the “BD2” you created in previous sections, this is
the bridge which is being extended.
c. For Encap, give the value as “ vlan-8XX” – XX is the POD number and please
refer to Table 3 according to your POD (This VLAN is already configured in N3K).
Example: POD1 will use VLAN 801
The layer 2 outside connection will put this VLAN and the BD2 of the ACI fabric
under the same layer 2 domain.
d. Click the “+” to add a node profile
2
1
1
4
3 – for VLAN ID
please refer to
Table 3
50
50 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
4. On the CREATE NODE PROFILE screen:
a. Give the profile a name L2out_node_profile
b. Click the “+” to add interface profiles
2
1
51
51 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
6. On the CREATE INTERFACE PROFILE screen:
a. Select Path Type as “Virtual Port Channel”
b. And select the path topology/pod-1/protpaths-101-102/pathep-[VPC_N3k_VPC]
c. Click OK
52
52 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
8. Back on the CREATE NODE PROFILE screen:
a. Click OK
53
53 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
10. On the CREATE BRIDGED OUTSIDE screen:
a. Click the “+” on the Configure External EPG Networks window
2
1
54
54 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
To test if the configuration is successful from N3K:
Nexus 3000 : 10.15.27.10 (accessible via Putty from the Windows 2008 Desktop )
Please use Username: student
Please use Password: Password!
55
55 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Module 1
Lab 3 – L3out - Creating an external
OSPF/iBGP connections
Objective:
• Creating L3out for L3 External Connection beyond the ACI Fabric
56
56 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
L3 External Connection
2. Expand the Networking folder, then right-click on External Router Networks and select
Create Routed Outside.
57
57 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
3. On the CREATE ROUTED OUTSIDE screen:
a. Give the connection a name Internet_access
b. For Private Network, select the network you created CTX1
c. Check the box for OSPF and BGP
d. Give a value of 1 for the OSPF Area ID
e. Click the “+” to add a node profile
58
58 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
4. On the CREATE NODE PROFILE screen:
a. Give the profile a name to_N3K
b. Click the “+” to add a node.
59
59 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
6. Back on the CREATE NODE PROFILE screen:
a. Click the “+” again to add a 2nd node.
60
60 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
8. Back on the CREATE NODE PROFILE screen:
a. Click on the “+” under BGP Peer Connectivity Profiles, to add a profile
61
61 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
10. Back on the CREATE NODE PROFILE screen:
a. Click on the “+” under OSPF INTERFACE PROFILES, to add a profile
62
62 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
11. On the CREATE INTERFACE PROFILE screen:
a. Give the profile a name SVI-to-N3K
b. Down in the INTERFACES section, select the SVI tab.
c. Then click on the “+” to add SVI INTERFACES
63
63 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
12. On the SELECT SVI INTERFACE
a. For Path type, select “Port”
b. For Path, select eth1/48 on Leaf-101
c. For Encap, type vlan-XXXX , where XXXX is the VLAN number and please
refer to it from Table 3 according to your POD
d. For IP, type IP according to Table 3
e. Click OK.
64
64 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
13. Back on the CREATE INTERFACE PROFILE screen, click the “+” to add another
SVI Interface
65
65 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
15. Back on the CREATE INTERFACE PROFILE screen, click OK.
66
66 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
17. Back on the CREATE ROUTED OUTSIDE screen, click NEXT.
18. On the CREATE ROUTED OUTSIDE screen, click the “+” to add EXTERNAL EPG
NETWORK.
67
67 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
19. On the CREATE EXTERNAL NETWORK screen:
a. Give it a name Internet
b. Click “+” to add a SUBNET
20. On the CREATE SUBNET screen, enter 0.0.0.0/0 as the External Subnet.
68
68 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
21. Back on the CREATE EXTERNAL NETWORK screen, click OK.
69
69 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
After this step your configuration should looks exactly like the screenshot below:
Example from tenant4:
70
70 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Now, we need to associate the BD1 ( which was created earlier ) with the
L3 out created earlier in order to advertise the subnets. The subnets will
be advertised only when we associate VMM domain in EPG later in this
lab.
1. Expand the Networking Folder and then expand the Bridge Domains Folder:
a. Click on the BD1 folder
b. Click the “+” on the Associated L3 Out Window
c. Select the “ cutsomerX/Internet_access “ (X – pod number ) which was created in
previous steps
71
71 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
d. Click “ update “
e. Click SUBMIT
72
72 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Now lets create Internet Contract (this will allow APP VM to be accessible from
Internet)
This contract will be b/n L3out EPG and APP EPG , which will allow ARP,ICMP and TCP
port 443.
L3out EPG will consume this contract and APP EPG will provide this contract:
Step1: Expand the Application EPGs Folder and right-click on the EPG APP Folder
a. Click on the Add Provided Contract icon
73
73 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Step 3: On the CREATE CONTRACT screen
a. Provide a name “Internet-to-APP”
b. Click on the “+” icon on the Subjects Window
74
74 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Step 5: On the FILTERS window:
a. Click the drop-down icon and select “arp”
75
75 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
c. Click on the “+” icon on the FILTERS window again and select “icmp”
76
76 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
e. Click on “+” on the FILTERS window again and then click on second “+” for
adding a new filter
77
77 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
c. On the Entries window:
1. Give a name “ Port-443”
2. Select the EtherType as IP
3. Select the IP Protocol as tcp
4. Select the Destination Port / Range as https
5. Click UPDATE
78
78 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Step 7: Back on the CREATE CONTRACT SUBJECT screen:
a. Click UPDATE on the filter you created in the above step
b. Click OK
79
79 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Step 8: Back on the CREATE CONTRACT screen:
a. Click SUBMIT
80
80 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Step 10: To add consumer a consumer for the provided contract created above,
a. Expand the “External Routed Networks” folder
b. Expand the Internet_access folder
c. Click the Internet folder
d. Click the “+” on the Consumed Contracts Window
e. Click on the drop-down under the Name column
f. Select the contract name created above “ Internet-to-APP”
g. Click UPDATE
h. Click SUBMIT
81
81 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
When done it should looks exactly like this:
82
82 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Check if the OSPF/BGP sessions are UP with N3K.
Check from N3K for your POD IPs. There should be 2x OSPF and 2x iBGP (1 per leaf)
sessions from each tenant established with N3K and 0 networks announced from ACI at
this point over iBGP (N3K is already preconfigured for all PODs):
Nexus 3000 : 10.15.27.10 (accessible via Putty from the Windows 2008 Desktop )
Please use Username: student
Please use Password: Password!
83
83 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Example OSPF for POD4 – tenant4:
84
84 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Module 1
Lab 4 – Associate a VMM Domain to the
EPGs in Application Profiles
Objective:
• Associate an existing VMM Domain to the EPGs that were created for APP1
85
85 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Associate a VMM Domain to the EPGs in Application Profiles
In this section, we will now associate an existing VMM Domain to the EPGs that were
created for APP1. Once this association is done, we will then place VM’s in to these EPG’s.
Note: A brief summary of how the VMM Domain was created is shown in Appendix A.
First, notice that under the Distributed Port Groups at the Vsphere Web Client for the
CiscoLiveAVS , that currently there are no Port Groups shown for customer1. Once you add
the VMM Domain to the EPGs, a Port Group corresponding to your tenant customer(pod
number) with that name will show up on the AVS.
a. Login to the vSphere Web Client with your credentials which is present on your machine.
b. Once logged in, Click on the
vCenter>Networking>CiscoLiveDC>CiscoLiveAVS>CiscoLiveAVS
vCenter: 10.15.27.150
Please use Username: studentX
Please use Password: Password!
X is the pod number.
86
86 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Now lets associate the VMM Domain with the EPGs we created for APP1 in CustomerX
Tenant
1. Go back to customerX:
a. Click on TENANTS at the top menu
b. Select your tenant from the submenu (if you do not see your tenant, then select the
ALL TENANTS submenu all the way on the left hand side)
c. Expand the EPG’s
d. Then right-click on the Domains folder, and select Add VMM Domain Association
87
87 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
2. Perform the above two steps for DB and WEB EPGs also.
88
88 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
3. Now go back to the vSphere Web Client, and under
Networking>CiscoLiveAVS>Distributed Port Groups, view that there are now three Port
Groups that have been created, one for each EPG, using a naming standard of
{TenantName|ApplicationProfileName|EpgName}
vCenter: 10.15.27.150
Please use Username: studentX
Please use Password: Password!
X is the pod number.
89
89 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
4. THIS STEP IS JUST FOR A REFERENCE – IT IS ALREADY PRECONFIGURED
The VLAN ID assigned to each port group comes from the vlan_200_400 pool that was
defined under the Fabric Access Policies. ( Already Pre-Configured – below
configuration is just for your reference):
a. Click on FABRIC from the main menu items
b. Click on ACCESS POLICES submenu
c. Expand the Pools folder
d. Expand the VLAN folder
Here you see the Encap Blocks set to range of [200-400], and the Domains using this
pool is set to the CiscoLiveAVS VMM Domain.
90
90 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Place VM’s on EPG Port Groups
Now lets place a VM in each of the three EPGs we created.
vCenter: 10.15.27.150
Please use Username: studentX
Please use Password: Password!
X is the pod number.
91
91 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Lets check again from N3K for your POD IPs . There are 2x iBGP (1 per leaf) sessions
from each tenant established with N3K and now you should see 2 networks
announced from ACI at this point to N3K from each leaf.
Note: WEB/APP/DB virtual machines are accessible via Putty from the Student
Desktop.
92 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Module2:
Lab5 - L4-L7 Services integration
Objective:
• ASAv will be used for service interstation
• In this module you will be creating a Service Graph between two EPGs
93
93 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Create a Service Graph between EPG‐L2out_Services and EPG‐WEB
using an ASAv
In this lab we will insert an ASAv firewall between EPG‐L2out_Services and EPG‐WEB. We
will use previously created Bridge Domain: BD1 and BD2 and EPG: L2out_Services and
WEB. ASAv VM is deployed in routed‐mode. Please see the diagram below.
In this lab, we will be deploying an ASAv in L3‐mode (aka: Goto‐mode). The verification will
be to Access the Web Server as per the diagram above from the RDP Desktop.
94
94 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
1. Create a new contract to be used between EPG‐L2out_Services and EPG‐WEB:
a. Navigate to Security Policies > Contracts
b. Right‐click on Contracts
c. Select Create Contract.
2. Create a contract with name WEB_FW_contract and subject named web_fw which allows
HTTP/ICMP/ARP:
a. Name: WEB_FW_contract
b. Scope: Private Network
c. QOS Class: Unspecified
95
95 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
d. Create Subject: click the plus sign “+” under Subjects
f. Click the “+” under Filer Chain in order to add icmp/arp filters and create http filter:
96
96 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Select arp, icmp and http(if it was created before if not follow step g.) under
Tenant: common
g. Create HTTP filter by clicking the plus sign “+” if it was not previously created:
97
97 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
h. Name it http and by clicking on the plus sign, add Entries with also name http with
parameters as per the screenshot , click on update when you done:
3 4 5 6 7
i. After adding all 3 filters and it will looks like this you can click OK button:
98
98 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
j. On the following screen, click SUBMIT
3. Add the contract to WEB EPG as a Provided contract (procedure described in more
details in Module 1)
99
99 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
4. Add the contract to L2out_Services EPG as a Consumed contract (procedure described
in more details in Module 1)
At this point, the contract for EPGs WEB and L2out_Services EPGs for APP1 should look
like the diagram below.
Navigate to Application Profile > APP1 > OPERATIONAL menu in the right:
100
100 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
5. Creating Device Cluster. Under Tenant CustomerX > L4‐L7 Services > Device Clusters
right click and choose Create L4-L7 Devices
Note: Please use exact names as per the instructions below to fill this wizard; there
will be a Python script later using this names. Please do not change anything on the
ASAv VMs.
X – pod number
GENERAL:
Name: ASAv-customerX
Device Package: CISCO-ASA-1.1
Model: ASAv
Mode: Single Node
Function Type: GoTo
CONNECTIVITY:
VMM Domain: CiscoLiveAVS
APIC to Device Management cConnectivity: Out-Of-Band
CREDENTIALS:
Username: cisco
Password: cisco123
Device 1:
Management IP Address: “please check Table 4 bellow ”
Management Port: https
VM: ASAv-customerX
Virtual Interfaces: (create two)
1) Name: GigabitEthernet0/0
vNIC: Network adapter 2
Directtion: provider
2) Name: GigabitEthernet0/1
vNIC: Network adapter 3
Directtion: consumer
101
101 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Please the Management IPs of the ASAv from table bellow.
Table 4 – ASAv Management IPs
POD 1 10.15.27.11
POD 2 10.15.27.12
POD 3 10.15.27.13
POD 4 10.15.27.14
POD 5 10.15.27.15
POD 6 10.15.27.16
POD 7 10.15.27.17
POD 8 10.15.27.18
POD 9 10.15.27.19
POD 10 10.15.27.20
POD 11 10.15.27.21
POD 12 10.15.27.22
POD 13 10.15.27.23
POD 14 10.15.27.24
POD 15 10.15.27.25
POD 16 10.15.27.26
POD 17 10.15.27.27
POD 18 10.15.27.28
POD 19 10.15.27.29
POD 20 10.15.27.30
POD 21 10.15.27.31
POD 22 10.15.27.32
POD 23 10.15.27.33
POD 24 10.15.27.34
POD 25 10.15.27.35
POD 26 10.15.27.36
POD 27 10.15.27.37
POD 28 10.15.27.38
POD 29 10.15.27.39
102
102 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
POD 30 10.15.27.40
POD 31 10.15.27.41
POD 32 10.15.27.42
103
103 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Without changing anything on the next screen click Finish.
104
104 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
6. Deploy ASAv Service Graph
Now lets deploy the ASAv Service Graph for Tenant
a. right‐click on the L4-L7 Service Graph Templates folder, and select Create L4‐L7
Service Graph Template (Advanced).
105
105 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
b. give a name Web_Services - you have to use the exact name:
c. Drag and drop the Firewall to the right‐hand side and choose after:
Profile: WebPolicyForRoutedMode
Function Type: GoTo
106
106 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
d. Drag and drop the connection b/n Consumer/Provider EPG to the Firewall ext/int
interfaces
Leave the defaults as per the screenshot and click ok for both connections:
107
107 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Click submit when done with the connections:
108
108 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
e. Config Parameters
The Config Parameters are used to configure the ASAv. For this guide, to save time,
we will configure these parameters using Python script.
From the Desktop click on the PyTTY icon. Open SSH connection to the ubuntu-
python server in order to run a Python script which will configure the parameters that
APIC will configure on the ASAv
ubuntu-python server credentials:
username: studentX
password: Password!
109
109 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
navigate to /home/cisco/AbsNode-python
NOTE:
!!!!!! Run ONLY the script which coresponding to your POD - AbsNode-
customerX.py where X is the POD number !!!!!!
After successfully executing the script you should see the following CONFIG
PARAMETERS populated and updated via the script:
110
110 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
f. Configure a Device Selection Policy for the Service Graph
A device cluster can be selected based on a contract name, a graph name, or the
function node name inside the graph. After you create a device cluster, you create a
device cluster context, which provides a selection criteria policy for a
device cluster. A device cluster context specifies the policy for selecting a device
cluster for a service graph. This allows an administrator to have multiple device
clusters and then be able to use them for different service graphs.
111
111 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
On the CREATE LOGICAL DEVICE CONTEXT screen:
112
112 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
When done it must look exactly like the following:
113
113 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Check the configuration at the ASAv before applying the Service Graph.
Click on the PuTTY icon on your Desktop and open ssh session to the ASAv.
Execute the command “ show ip” and you will see only the management IP address:
114
114 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Open the vCenter with vSphere Web Client and the corresponding credentials (how
to access it was explained earlier in this lab). Do not change anything!!!
Pease just check from the ASAv VM what port groups are assigned. They will look
exactly like the following:
vCenter: 10.15.27.150
Please use Username: studentX
Please use Password: Password!
X is the pod number.
115
115 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Now lets Apply the Service Graph
Now we will actually deploy the Service Graph that was configured. A Service Graph
is deployed by selecting the Service Graph in a contract. Since we want to apply the
graph between WEB and L2out_Services EPGs, we will need to add the graph to the
contract WEB_FW_contract.
116
116 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Check the configuration at the ASAv after applying the Service Graph.
APIC configured inside/outside IPs and all needed ACLs:
APIC creates inside/outside interface port groups on the AVS and assigns to the
proper port groups accordingly (DO NOT CHANGE ANYTHING HERE!!!! – Please
just verify that this is already done):
117
117 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Test from the Desktop if you can reach the web server :
Also ping from ASAv BD1(10.X.10.1) and BD2(101.X.90.1) IPs (X is the POD number).
Because ARP Flooding is disabled by default. We need to present the end-points in
the fabric.
118
118 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
2) Open a web browser and navigate to http://10.X.10.200 , where X is the POD
number. You should see web page with your POD number.
119
119 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Appendix A
Module 1
How Tenant was created:
Note: Below steps from 1 to 5 are already configured for you. The steps
below show how it was done. It is just for your reference.
1. Using Chrome, connect to the APIC at the following URL:
https://10.15.27.221
120
120 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
4. On the CREATE TENANT screen:
a. Give the Tenant a name ( student1)
b. Select a Security Domain for the Tenant
c. then click Next.
121
121 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
VMM Networking Setup
Before associating the VMM Domain, we will briefly review the VMM setup (which is already
preconfigured for you!)
122
122 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
3. Now, click on the INVENTORY submenu item, and expand the folders until you can
view the listed Hypervisors, and the listed Portgroups under the AVS folder. You can also
log into the vSphere Web Client and view that the information is correct.
123
123 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
Appendix B
Module 2
Device Package Installation (this is just an explanation - no configuration is needed
at this point as it is already done for you !!!!!):
1. Device Package for the L4‐L7 Device you will be using was downloaded from
www.cisco.com. Device Packages from partners, like Citrix or F5, are available from the
partner web site)
2. right‐click Under the L4‐L4 SERVICES main menu option, under the PACKAGES
submenu option on the L4‐L7 Service Device Types folder and select Import Device
Package.
124
124 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved
ASAv was deploy from OVA file at the vSphere Client. ASAv OVF file can be
downloaded from www.cisco.com
125
125 of 125
© LABSDN-2331 ACI hands on Lab - Cisco Systems, Inc. All rights reserved