Showing posts with label Application Profile. Show all posts
Showing posts with label Application Profile. Show all posts

Sunday, 20 July 2025

Cisco ACI – Port Channel (eth1/4 & eth1/5) Trunk Configuration for VLAN 420

 

Cisco ACI – Port Channel (eth1/4 & eth1/5) Trunk Configuration for VLAN 420 – Complete Guide


In modern data center architectures, Cisco ACI (Application Centric Infrastructure) plays a vital role in automating and simplifying complex network configurations. One such common scenario is setting up a Port Channel trunk to carry specific VLAN traffic—like VLAN 420—across fabric leaf switches. This step-by-step guide walks you through the complete configuration of a Port Channel using interface eth1/4 and eth1/5 on Leaf 101, allowing VLANs 400–500, and deploying VLAN 420 in production.

Note - Multivlan on Same port on same switch in same EPG is not supported.

✅ Objective

Configure a Port Channel (eth1/4 & eth1/5) on Leaf 101 in trunk mode to carry VLAN 420, using a static EPG binding, and associate it with the necessary ACI components like VLAN Pool, Physical Domain, AAEP, Bridge Domain, EPG, and Contract.

✅ Prerequisites

  • Cisco ACI Fabric running with APIC access.

  • Leaf 101 is discovered and operational.

  • End host (e.g., server or hypervisor) connected to eth1/4 and eth1/5.

  • Basic understanding of ACI policies and constructs.

Step-by-Step Summary

Step

Task

Navigation Path

1

Create VLAN Pool (400–500, static)

Fabric > Access Policies > Pools > VLAN

2

Create Physical Domain linked to VLAN Pool

Fabric > Access Policies > Physical and External Domains > Physical Domains

3

Create Interface Policies (Link Level, CDP, LLDP)

Fabric > Access Policies > Policies > Interface

4

Create AAEP and associate Physical Domain

Fabric > Access Policies > Policies > Global > Attachable Access Entity Profiles

5

Create Leaf Port Channel Policy Group

Fabric > Access Policies > Interfaces > Leaf Interfaces > Policy Groups > Port Channel

6

Create Leaf Interface Profile and assign eth1/4 & eth1/5

Fabric > Access Policies > Interfaces > Leaf Interfaces > Profiles

7

Create Leaf Switch Profile and assign Node 101 and Interface Profile

Fabric > Access Policies > Switches > Leaf Switch Profiles

8

Create Tenant, VRF, and Bridge Domain

Tenants

9

Create Application Profile and EPG

Tenants > Tenant Name > Application Profiles

10

Deploy Static EPG on Port Channel (Trunk mode, VLAN 420)

Tenants > Tenant Name > Application Profile > EPG > Static Ports

11

Associate EPG with Physical Domain

Tenants > Tenant Name > Application Profile > EPG > Domains

12

Create Contract, add Subject, Filters, and associate with EPG

Tenants > Tenant > Contracts & Application Profile > EPG > Contracts

13

Associate Contract with EPG

Tenants > Tenant > Contracts & Application Profile > EPG

Step 1 – Create VLAN Pool (VLANs 400–500)

  • Path: Fabric > Access Policies > Pools > VLAN
  • Action:
    • Right-click on "VLAN" > Create VLAN Pool
    • Name: VLANPool-400-500
    • Allocation Mode: Static Allocation
    • Add Encap Block:
      • From: 400
      • To: 500
      • Allocation Type: Static
    • Click OK > Submit

Step 2 – Create Physical Domain

  • Path: Fabric > Access Policies > Physical and External Domains > Physical Domains
  • Action:
    • Right-click Physical Domains > Create Physical Domain
    • Name: physDom-400-500
    • Associate VLAN Pool: VLANPool-400-500
    • Click Submit

Step 3 – Create Interface Policies

  • Path: Fabric > Access Policies > Policies > Interface
  • Create: Whatever parameters you want to set on the interface
    • Link Level Policy: 10G-Auto
    • CDP Policy: CDP-Enabled
    • LLDP Policy: LLDP-Enabled
    • Portchannel: PCP_101_1_4_1_5

Ø  Mode: LACP Active

Ø  Click Submit

 

Step 4 – Create AAEP

  • Path: Fabric > Access Policies > Policies > Global > Attachable Access Entity Profiles
  • Action:
    • Right-click Attachable Access Entity Profiles > Create AAEP
    • Name: AAEP_400-500
    • Click+ under Domain and Associate Domain: physDom-400-500
    • Click Update > Next > Finish

Step 5 – Create Leaf Port Channel Policy Group

  • Path: Fabric > Access Policies > Interfaces > Leaf Interfaces > Policy Groups > PC Interface
  • Action:
    • Right-click PC Interface > Create PC Interface Policy Group
    • Name: PCPG_101_1_4_and_1_5
    • Interface Type: PC (Port Channel)
    • Policies:
      • Link Level: 10G-Auto
      • CDP: CDP-Enabled
      • LLDP: LLDP-Enabled
      • Portchannel: PCP_101_1_4_1_5
      • AAEP: AAEP_400-500
  • Click Next - > Finish

⚠️ Note: VLAN Trunking is controlled through Static Binding and Domain VLAN Range, not inside the PC Policy Group.

Step 6 – Create Leaf Interface Profile

  • Path: Fabric > Access Policies > Interfaces > Leaf Interfaces > Profiles
  • Action:
    • Right Click on Profiles and Create Leaf Interface Profile: Leaf101_IntProf_PC
    • Add Interface Selector: Click + under Interface Selectors
      • Name: PC-eth1_4-1_5
      • Interface IDs: 1/4,1/5
      • Interface Policy Group: PCPG-101
  • Click Ok and then Submit

Step 7 – Create Leaf Switch Profile

  • Path: Fabric > Access Policies > Switches > Leaf Switch >Profiles
    • Right Click on Profiles and Create Leaf Profile: Leaf101-SWProf-PC
    • Click + under Leaf Selectors

Ø  Name: LS101

Ø  Blocks: 101

    • Click update, then Next Associate Interface Selector Profile: Leaf101-IntProf-PC
  • Click Finish

Step 8 – Create Tenant, VRF, and Bridge Domain

  • Path: Tenants
  • Action:
    • Click Add Tenants and Create Tenant: T1 and Click Submit
    • Create VRF : Path Tenants->Networking->VRFs

Ø  Right click on VRFs and Create VRF: VRF-T1, uncheck “Create A Bridge Domain” and click Finish

    • Create Bridge Domains : Path Tenants->Networking-> Bridge Domains

Ø  Right click on Bridge Domain > Create Bridge Domain: BD-420

Ø  Associate with VRF-T1 and Next

Ø  Click + on Subnets and Add Gateway IP: 192.168.42.1/24

  • Click Ok, Next and then Finish

Step 9 – Create Application Profile and EPG

  • Path: Tenants > T1 > Application Profiles
  • Action:Right Click on Application Profiles
    • Create Application Profile: App420 and click Submit
  • Create EPG Path: Tenants > T1 > Application Profiles> App420
    • Right Click on Application EPG > Create Application EPG:

Ø  Name: EPG-420

Ø  Associate with Bridge Domain: BD-420

Ø  Click Finish

Step 10 – Deploy Static EPG on Port Channel (Trunk, VLAN 420)

  • Path: Tenants > T1 > App420 > EPG-420 > Application EPGs > EPG-420
  • Action:
    • Right-click EPG-420 > Click Deploy Static EPG on PC, VPC or Interface
    • Path Type: Direct Port Channel
    • Path:  PCPG-101
    • Port Encap: 420
    • Mode: Trunk
  • Click Next>Finish

Step 11 – Associate EPG with Physical Domain

  • Path: Tenants > T1 > App420 > EPG-420
  • Action:
    • Right Click EPG-420 and click on Add Physical Domain Association
    • Domain: physDom-400-500
  • Click Submit

 

Step 12 – Create Contract and Associate with EPG

🔹 12.1 – Create Filter

  • Path: Tenants > T1 > Contracts
  • Right-click Filters > Create Filters: Filter-TCP80
  • Click + under Entries
    • Node: Entry_TCP80
    • EtherType: IP
    • IP Protocol: tcp
    • Stateful: checked
    • Destination Port/Range: From/To:http
    • Click Update and then Submit

🔹 12.2 – Create Contract

  • Path: Tenants > T1 > Contracts
  • Right-click Standard > Create Contract: Contract-420
  • Click + under Subject ,Name:Subject-420
  • Click + under Filters
    • Name: choose T1/Filter-TCP80
    • Action: Permit
    • Click Update and then Submit
  • Click OK, then Submit

🔹 12.2 – Associate Contract with EPG

  • Path: Tenants > T1 > Application Profile>App420 >Application EPG> EPG-420
  • Right Click on EPG-420
  • Click Add Provided Contracts
    • Select: Contract-420
  • Click Add, then Submit

 

Posted by at No comments:
Labels: , , , , , , , , , , ,

Saturday, 19 July 2025

Cisco ACI Static EPG Configuration– Step-by-Step Deployment Guide

 Cisco ACI Static EPG Configuration for VLAN 420 – Step-by-Step Deployment Guide

 In modern data center architectures, Cisco Application Centric Infrastructure (ACI) provides a scalable, policy-driven approach to network automation. One of the core elements of ACI is the Endpoint Group (EPG)—which simplifies the segmentation and application of network policies.

This blog post walks you through a complete and practical step-by-step guide to statically configure an EPG on VLAN 420 using Cisco ACI's GUI. Whether you're onboarding a new server, integrating legacy infrastructure, or setting up a dedicated application VLAN, this guide covers everything from VLAN Pool creation to contract association.

💡 What You’ll Learn:

  • How to properly configure access policies, domains, and interface profiles

  • How to statically bind a port on a leaf switch to a specific VLAN

  • How to associate EPGs with bridge domains and physical domains

  • How to create and apply contracts for traffic control

This is a hands-on guide built for ACI administrators, data center engineers, and network architects who want a repeatable and validated procedure to follow. VLAN 420 is used as a sample, but the steps can be adapted to any VLAN or tenant environment.

🧭 Step-by-Step Summary

Step

Task

Navigation Path

1

Create VLAN Pool for VLAN 420

Fabric > Access Policies > Pools > VLAN

2

Create Physical Domain linked to VLAN Pool

Fabric > Access Policies > Physical and External Domains > Physical Domains

3

Create Interface Policies (Link Level, CDP, LLDP)

Fabric > Access Policies > Policies > Interface

4

Create Attachable Access Entity Profile (AAEP) and associate Domain

Fabric > Access Policies > Policies > Global > Attachable Access Entity Profiles

5

Create Leaf Access Port Policy Group with policies and AAEP

Fabric > Access Policies > Interfaces > Leaf Interfaces > Policy Groups

6

Create Leaf Interface Profile and assign interface selector

Fabric > Access Policies > Interfaces > Leaf Interfaces > Profiles

7

Create Leaf Switch Profile and assign node + interface profile

Fabric > Access Policies > Switches > Leaf Switch Profiles

8

Create Tenant, VRF, and Bridge Domain

Tenants

9

Create Application Profile and EPG

Tenants > T1 > Application Profiles

10

Deploy Static EPG on Leaf101 Ethernet1/5 with VLAN 420

Tenants > T1 > App420 > EPG-420 > Static Ports

11

Associate EPG with Physical Domain

Tenants > T1 > App420 > EPG-420 > Domains

12

Create Contract and associate with EPG

Tenants > T1 > Contracts and App420 > EPG-420 > Contracts

🔧 Detailed Configuration Steps

Step 1 – Create VLAN Pool

  • Path: Fabric > Access Policies > Pools > VLAN
  • Right-click VLAN > Create VLAN Pool
  • Name: VLANPool-420
  • Allocation Mode: Static
  • Add Encap Block:
    • From: 420
    • To: 420
    • Allocation Type: Static
  • Click OK, then Submit

Step 2 – Create Physical Domain

  • Path: Fabric > Access Policies > Physical and External Domains > Physical Domains
  • Right-click Physical Domains > Create Physical Domain
  • Name: physDom420
  • VLAN Pool: VLANPool-420
  • Click Submit

Step 3 – Create Interface Policies

  • Path: Fabric > Access Policies > Policies > Interface
  • Create:
    • Link Level Policy: 10G-Auto (Speed: 10G, Auto-Negotiate: Enabled)
    • CDP Policy: CDP-Enabled (Admin State: Enabled)
    • LLDP Policy: LLDP-Enabled (Admin State: Enabled)

Step 4 – Create AAEP

  • Path: Fabric > Access Policies > Policies > Global > Attachable Access Entity Profiles
  • Right-click > Create Attachable Access Entity Profile
  • Name: AAEP-420
  • Under Domains, add: physDom420
  • Click Update, then Next, then Finish

Step 5 – Create Leaf Access Port Policy Group

  • Path: Fabric > Access Policies > Interfaces > Leaf Interfaces > Policy Groups
  • Right-click > Create Leaf Access Port
  • Name: AccessPG-420
  • Policies:
    • Link Level: 10G-Auto
    • CDP: CDP-Enabled
    • LLDP: LLDP-Enabled
    • AAEP: AAEP-420
  • Click Submit

Step 6 – Create Leaf Interface Profile

  • Path: Fabric > Access Policies > Interfaces > Leaf Interfaces > Profiles
  • Right-click > Profile > Click Create Leaf Interface Profile
  • Name: Leaf101_IntProf
  • Add Interface Selector:
    • Selector Name: IntSel_eth1/5
    • Interface: 1/5
    • Policy Group: AccessPG-420
  • Click OK, then Submit

Step 7 – Create Leaf Switch Profile

  • Path: Fabric > Access Policies > Switches > Leaf Switches
  • Right-click >Profiles > Create Leaf Profile
  • Name: Leaf101_SWProf
  • Click +  on Leaf Selector
  • Name - Leaf101_LS
  • Select Switch: 101 under Blocks
  • Click Update > Next
  • Associate Interface Select Profiles: Leaf101_IntProf
  • Click Finish

Step 8 – Create Tenant, VRF, and Bridge Domain

  • Path: Tenants
  • Click ADD Tenant
  • Name > T1
  • Click Submit

8.1 – Create VRF

Path: Tenants >T1>Networking

  • Right-click VRFs > Create VRF: VRF-T1
  • Uncheck Create A Bridge Domain
  • Click Finish

8.2 – Create BD

Path: Tenants >T1>Networking

 

  • Right-click Bridge Domains > Create Bridge Domain: BD-420
    • Associate with VRF: VRF-T1 and click Next
    • Add Subnet: Gateway IP: 192.168.42.1/24
  • Click Ok, Next and then Finish

Step 9 – Create Application Profile and EPG

  • Path: Tenants > T1 > Application Profiles
  • Right-click > Create Application Profile: Name:App420 > Click Submit
  • Right click App420 > Create Application EPG:
    • Name: EPG-420
    • Associate with: BD-420
  • Click Finish

Step 10 – Deploy Static EPG on Leaf Interface

  • Path: Tenants > T1 > App420 > Application EPG> EPG-420
  • Right-click > Static Ports , Click Deploy Static EPG on PC, VPC or Interface
    • Node: Leaf101
    • Interface: eth1/5
    • Encapsulation: 420
    • Mode: Access > Warning > OK
  • Click Next>Finish

Step 11 – Associate EPG with Physical Domain

  • Path: Tenants > T1 > App420 > EPG-420
  • Right-click Domains > Add Physical Domain Association
    • Physical Domain Profile: physDom420
  •  Click Submit

Step 12 – Create Contract and Associate with EPG

🔹 12.1 – Create Filter

  • Path: Tenants > T1 > Contracts
  • Right-click Filters > Create Filters: Filter-TCP80
  • Click + under Entries
    • Node: Entry_TCP80
    • EtherType: IP
    • IP Protocol: tcp
    • Stateful: checked
    • Destination Port/Range: From/To:http
    • Click Update and then Submit

🔹 12.2 – Create Contract

  • Path: Tenants > T1 > Contracts
  • Right-click Standard > Create Contract: Contract-420
  • Click + under Subject ,Name:Subject-420
  • Click + under Filters
    • Name: choose T1/Filter-TCP80
    • Action: Permit
    • IP Protocol: tcp
    • Click Update and then Submit
  • Click OK, then Submit

🔹 12.3 – Associate Contract with EPG

  • Path: Tenants > T1 > Application Profile>App420 >Application EPG> EPG-420 >Contracts
  • Right Click on Contracts
  • Click Add Provided Contracts
    • Select: Contract-420
  • Click Add, then Submit
Posted by at No comments:
Labels: , , , , , , , , , , ,

Friday, 18 July 2025

Key Concepts of Application Profile in ACI

 In Cisco ACI (Application Centric Infrastructure), an Application Profile is a logical container that defines the structure of an application in terms of endpoint groups (EPGs) and their policies. It is one of the key components of Cisco ACI’s policy-driven model and is used to group together the various parts of an application that communicate with each other.

Key Concepts of Application Profile in ACI:

  1. Represents an application’s communication behavior:

    • It defines how different tiers (e.g., web, app, database) interact.

    • These tiers are mapped to Endpoint Groups (EPGs).

  2. Organizational Hierarchy in ACI:


    Tenant
└── Application Profile
    └── EPGs

    • An Application Profile lives within a Tenant.

    • It contains one or more EPGs, which represent sets of endpoints (VMs, containers, physical servers) that require similar policies.

  3. Policies are applied to EPGs, not to individual endpoints.

    • Contracts define how EPGs communicate (e.g., allowing web EPG to talk to app EPG).

    • The Application Profile holds this policy structure.

  4. No direct configuration of networking constructs:

    • Instead of configuring VLANs, subnets, and ACLs manually, you define application intent through EPGs and contracts.

Example:

Let’s say you have a three-tier application:

  • Web Tier

  • App Tier

  • Database Tier

In ACI:

  • You create an Application Profile named MyAP.

  • Inside it, you create three EPGs: Web-EPG, App-EPG, and DB-EPG.

  • Then you define contracts:

    • Web-EPG can talk to App-EPG on TCP port 8080.

    • App-EPG can talk to DB-EPG on TCP port 3306.

 Benefits:

  • Simplifies application deployment and scaling.

  • Allows clear application segmentation.

  • Enables consistent policy enforcement.

  • Facilitates micro-segmentation and automation.

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)