Sunday, 20 July 2025

Cisco ACI – Port Channel (eth1/4 & eth1/5) Trunk Configuration for VLAN 420

 

Cisco ACI – Port Channel (eth1/4 & eth1/5) Trunk Configuration for VLAN 420 – Complete Guide


In modern data center architectures, Cisco ACI (Application Centric Infrastructure) plays a vital role in automating and simplifying complex network configurations. One such common scenario is setting up a Port Channel trunk to carry specific VLAN traffic—like VLAN 420—across fabric leaf switches. This step-by-step guide walks you through the complete configuration of a Port Channel using interface eth1/4 and eth1/5 on Leaf 101, allowing VLANs 400–500, and deploying VLAN 420 in production.

Note - Multivlan on Same port on same switch in same EPG is not supported.

✅ Objective

Configure a Port Channel (eth1/4 & eth1/5) on Leaf 101 in trunk mode to carry VLAN 420, using a static EPG binding, and associate it with the necessary ACI components like VLAN Pool, Physical Domain, AAEP, Bridge Domain, EPG, and Contract.

✅ Prerequisites

  • Cisco ACI Fabric running with APIC access.

  • Leaf 101 is discovered and operational.

  • End host (e.g., server or hypervisor) connected to eth1/4 and eth1/5.

  • Basic understanding of ACI policies and constructs.

Step-by-Step Summary

Step

Task

Navigation Path

1

Create VLAN Pool (400–500, static)

Fabric > Access Policies > Pools > VLAN

2

Create Physical Domain linked to VLAN Pool

Fabric > Access Policies > Physical and External Domains > Physical Domains

3

Create Interface Policies (Link Level, CDP, LLDP)

Fabric > Access Policies > Policies > Interface

4

Create AAEP and associate Physical Domain

Fabric > Access Policies > Policies > Global > Attachable Access Entity Profiles

5

Create Leaf Port Channel Policy Group

Fabric > Access Policies > Interfaces > Leaf Interfaces > Policy Groups > Port Channel

6

Create Leaf Interface Profile and assign eth1/4 & eth1/5

Fabric > Access Policies > Interfaces > Leaf Interfaces > Profiles

7

Create Leaf Switch Profile and assign Node 101 and Interface Profile

Fabric > Access Policies > Switches > Leaf Switch Profiles

8

Create Tenant, VRF, and Bridge Domain

Tenants

9

Create Application Profile and EPG

Tenants > Tenant Name > Application Profiles

10

Deploy Static EPG on Port Channel (Trunk mode, VLAN 420)

Tenants > Tenant Name > Application Profile > EPG > Static Ports

11

Associate EPG with Physical Domain

Tenants > Tenant Name > Application Profile > EPG > Domains

12

Create Contract, add Subject, Filters, and associate with EPG

Tenants > Tenant > Contracts & Application Profile > EPG > Contracts

13

Associate Contract with EPG

Tenants > Tenant > Contracts & Application Profile > EPG

Step 1 – Create VLAN Pool (VLANs 400–500)

  • Path: Fabric > Access Policies > Pools > VLAN
  • Action:
    • Right-click on "VLAN" > Create VLAN Pool
    • Name: VLANPool-400-500
    • Allocation Mode: Static Allocation
    • Add Encap Block:
      • From: 400
      • To: 500
      • Allocation Type: Static
    • Click OK > Submit

Step 2 – Create Physical Domain

  • Path: Fabric > Access Policies > Physical and External Domains > Physical Domains
  • Action:
    • Right-click Physical Domains > Create Physical Domain
    • Name: physDom-400-500
    • Associate VLAN Pool: VLANPool-400-500
    • Click Submit

Step 3 – Create Interface Policies

  • Path: Fabric > Access Policies > Policies > Interface
  • Create: Whatever parameters you want to set on the interface
    • Link Level Policy: 10G-Auto
    • CDP Policy: CDP-Enabled
    • LLDP Policy: LLDP-Enabled
    • Portchannel: PCP_101_1_4_1_5

Ø  Mode: LACP Active

Ø  Click Submit

 

Step 4 – Create AAEP

  • Path: Fabric > Access Policies > Policies > Global > Attachable Access Entity Profiles
  • Action:
    • Right-click Attachable Access Entity Profiles > Create AAEP
    • Name: AAEP_400-500
    • Click+ under Domain and Associate Domain: physDom-400-500
    • Click Update > Next > Finish

Step 5 – Create Leaf Port Channel Policy Group

  • Path: Fabric > Access Policies > Interfaces > Leaf Interfaces > Policy Groups > PC Interface
  • Action:
    • Right-click PC Interface > Create PC Interface Policy Group
    • Name: PCPG_101_1_4_and_1_5
    • Interface Type: PC (Port Channel)
    • Policies:
      • Link Level: 10G-Auto
      • CDP: CDP-Enabled
      • LLDP: LLDP-Enabled
      • Portchannel: PCP_101_1_4_1_5
      • AAEP: AAEP_400-500
  • Click Next - > Finish

⚠️ Note: VLAN Trunking is controlled through Static Binding and Domain VLAN Range, not inside the PC Policy Group.

Step 6 – Create Leaf Interface Profile

  • Path: Fabric > Access Policies > Interfaces > Leaf Interfaces > Profiles
  • Action:
    • Right Click on Profiles and Create Leaf Interface Profile: Leaf101_IntProf_PC
    • Add Interface Selector: Click + under Interface Selectors
      • Name: PC-eth1_4-1_5
      • Interface IDs: 1/4,1/5
      • Interface Policy Group: PCPG-101
  • Click Ok and then Submit

Step 7 – Create Leaf Switch Profile

  • Path: Fabric > Access Policies > Switches > Leaf Switch >Profiles
    • Right Click on Profiles and Create Leaf Profile: Leaf101-SWProf-PC
    • Click + under Leaf Selectors

Ø  Name: LS101

Ø  Blocks: 101

    • Click update, then Next Associate Interface Selector Profile: Leaf101-IntProf-PC
  • Click Finish

Step 8 – Create Tenant, VRF, and Bridge Domain

  • Path: Tenants
  • Action:
    • Click Add Tenants and Create Tenant: T1 and Click Submit
    • Create VRF : Path Tenants->Networking->VRFs

Ø  Right click on VRFs and Create VRF: VRF-T1, uncheck “Create A Bridge Domain” and click Finish

    • Create Bridge Domains : Path Tenants->Networking-> Bridge Domains

Ø  Right click on Bridge Domain > Create Bridge Domain: BD-420

Ø  Associate with VRF-T1 and Next

Ø  Click + on Subnets and Add Gateway IP: 192.168.42.1/24

  • Click Ok, Next and then Finish

Step 9 – Create Application Profile and EPG

  • Path: Tenants > T1 > Application Profiles
  • Action:Right Click on Application Profiles
    • Create Application Profile: App420 and click Submit
  • Create EPG Path: Tenants > T1 > Application Profiles> App420
    • Right Click on Application EPG > Create Application EPG:

Ø  Name: EPG-420

Ø  Associate with Bridge Domain: BD-420

Ø  Click Finish

Step 10 – Deploy Static EPG on Port Channel (Trunk, VLAN 420)

  • Path: Tenants > T1 > App420 > EPG-420 > Application EPGs > EPG-420
  • Action:
    • Right-click EPG-420 > Click Deploy Static EPG on PC, VPC or Interface
    • Path Type: Direct Port Channel
    • Path:  PCPG-101
    • Port Encap: 420
    • Mode: Trunk
  • Click Next>Finish

Step 11 – Associate EPG with Physical Domain

  • Path: Tenants > T1 > App420 > EPG-420
  • Action:
    • Right Click EPG-420 and click on Add Physical Domain Association
    • Domain: physDom-400-500
  • Click Submit

 

Step 12 – Create Contract and Associate with EPG

🔹 12.1 – Create Filter

  • Path: Tenants > T1 > Contracts
  • Right-click Filters > Create Filters: Filter-TCP80
  • Click + under Entries
    • Node: Entry_TCP80
    • EtherType: IP
    • IP Protocol: tcp
    • Stateful: checked
    • Destination Port/Range: From/To:http
    • Click Update and then Submit

🔹 12.2 – Create Contract

  • Path: Tenants > T1 > Contracts
  • Right-click Standard > Create Contract: Contract-420
  • Click + under Subject ,Name:Subject-420
  • Click + under Filters
    • Name: choose T1/Filter-TCP80
    • Action: Permit
    • Click Update and then Submit
  • Click OK, then Submit

🔹 12.2 – Associate Contract with EPG

  • Path: Tenants > T1 > Application Profile>App420 >Application EPG> EPG-420
  • Right Click on EPG-420
  • Click Add Provided Contracts
    • Select: Contract-420
  • Click Add, then Submit

 

Posted by at
Labels: , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)