ACI 2.1 Bootcamp 1.0 LAB - Actualizado Al 18jul

!
Cisco&ACI&2.1&
Bootcamp&1.0&LAB&
Network&Centric&Master&Lab&
&
1!
!
Indice'de'Actividades'de'Laboratorio!
0.&!Introduction!.....................................................................................................................!4!
1.1&! City!Lab!Access!...........................................................................................................!5!
1.2&! Lab!Access!Connection!...............................................................................................!8!
Lab!1.!DEMO.!Provision!Initial!APIC!Cluster!Configuration!(only!instructor)!........................!9!
Task!1.0.1!Information!Required!for!all!labs!.........................................................................!9!
Task!1.0.2!Provisioning!the!APIC!Cluster!.............................................................................!15!
Lab!2.!Out!Of!Band!(OOB)!&!Access!Policies!Configuration!................................................!37!
Task!2.0.1!Out!Of!Band!Configuration.!...............................................................................!37!
Task!2.0.2:!Configure!Out!of!Band!Management!(OOB)!.....................................................!38!
Task!2.0.3:!Creating!Basic!Policies!and!Profiles!for!ACI.!......................................................!44!
Task!2.0.4:!Confguring!vPC!Conectivity!with!UCS!Fabric!Interconnects.!............................!57!
Lab!3.!Verification!Tasks!.....................................................................................................!81!
Task!3.0.1!VPC!verification!with!UCS!System!......................................................................!81!
Task!3.0.2:!Create!BGP!Route!Reflector!..............................................................................!89!
Task!3.0.3:!Modify!REST!API!timeout!..................................................................................!92!
Task!3.0.4:!Configure!Network!Time!Protocol!....................................................................!93!
Lab!4.!Configuring!RBAC!support!for!the!Fabric.!..............................................................!100!
Task!4.0.1!Configure!RBAC!on!the!ACI!environment!........................................................!100!
Task!4.0.2!Create!Interface!Policies!on!the!Live!Network!for!your!C&Series!Servers!........!103!
Task!4.0.3!Create!Interface!Policy!Groups!and!Interface!Profiles!for!your!own!Cisco!C&
Series!Servers.!...................................................................................................................!106!
Lab!5.!Configure!ACI!Tenants!............................................................................................!128!
Task!5.0.1!Create!a!Tenant!...............................................................................................!128!
Task!5.0.2!Create!a!Private!Network!under!a!New!Tenant!...............................................!130!
Task!5.0.3!Create!Tenant!Bridge!Domains!and!Subnets!...................................................!131!
Lab!6.!Configuring!Application!Profiles!.............................................................................!139!
Task!6.0.1!Create!Filters!....................................................................................................!139!
Task!6.0.2!Create!Contracts!..............................................................................................!142!
Task!6.0.3!Create!ANP!(Application!Network!Profile)!.......................................................!154!
Lab!7.!Configuring!VMM!Integration!................................................................................!161!
2!
!
Task!7.0.1!Configuring!VMM!Integration!using!VMware!..................................................!161!
Task!7.0.2!Adding!Hosts!to!DVS!created!by!APIC!using!VCenter!5.X!.................................!167!
Task!7.0.3!Adding!Application!End!Points!to!VMM!Domain!.............................................!170!
Task!7.0.4!Verification!Task:!Exploring!ACI!Contract!........................................................!175!
Lab!8.!Configuring!External!L2!Connectivity.!First!Network!Centric!Lab!...........................!182!
Task!8.0.1!Configuring!Physical!Port!for!External!L2!Connection!.....................................!182!
Task!8.0.2!Create!Bridge!Outside!in!your!Tenant!.............................................................!188!
Task!8.0.3!Cloning!a!VM!and!associate!to!the!DB!EPG!......................................................!194!
Task!8.0.4!Verification!Tasks:!Moving!inside!the!App,!Web!and!DB!VMs!.........................!196!
Lab!9.!Connecting!a!L3!Outside!using!OSPF!......................................................................!205!
Task!9.0.1!Verify!the!BGP!Route!Reflector!Configuration!.................................................!205!
Task!9.0.2!Configuring!External!L3!Integration!with!OSPF!................................................!207!
Task!9.0.3!Verification!Tasks!in!ACI!for!OSPF!Configuration!.............................................!223!
Lab!10.!Configuring!ANP!Using!POSTMAN!........................................................................!242!
Task!10.0.1!Launch!Postman&RESTful!Client!.....................................................................!242!
Task!10.0.2!Create!a!Tenant!using!POSTMAN!RESTful!Client!...........................................!244!
Task!10.0.3!Create!a!new!ANP!in!your!Tenant!..................................................................!246!
Task!10.0.4!Delete!the!Tenant!created!in!POSTMAN!.......................................................!248!
! !
3!
!
0.#$Introduction$
!
This!Bootcamp!was!developed!with!the!objective!tol!et!delegates!interact!with!ACI!starting!
from! the! beggining! ! and! increase! the! level! step! by! step,! focusing! in! Network! Centric!
Concept.!
! $
4!
!
1.1# City$Lab$Access$
!
!Here!you!have!all!the!information!about!the!lab!access!for!your!course.!
!
Schedule! 1st!to!5th!Day!from!09:00!to!17:00!
AnyConnect!Credentials! Same!as!POD!credentials!!
POD!Credentials! Lab:!For!AllPODS!!
Destination:!201.151.104.4!
VPN!Group:!CIT_Curso_Mexico!
Userame:!!usuario10!
Password:!(Ask!your!instructor!please)!
Will!be!my!PODs!shared! No!
with!another!Lab!in! !
another!timezone?!
During!my!use,!are!the!rest! Yes,!all!PODs!will!be!in!use!
of!PODs!in!use!by!another!
Lab!Course?!
Do!I!have!shared!devices?! Yes,!FI,!Storage!and!network!devices!are!shared!by!all!
PODs!
!
!
1. Just! in! the! case! that! the! Cisco! AnyConnect! is! not! already! installed! on! your! laptop,! please!
install!it,!the!SW!will!be!provided!to!you!by!your!instructor.!
5!
!
2. Open!AnyConnect!
!
3. Type! 201.151.104.4 and! Connect,! then,! select! the! group! Curso_CIT_Mexico! and! use! your!
credentials!provided!by!your!instructor!as!username!and!password.!
4. This!credentials!are!the!same!for!students!and!instructor!
6!
!
!!
!
Accept!all!the!certificates!proposed!and!you!will!get!the!Next!screen:!
!
5. Once!logged,!you!should!be!able!to!access!to!Students!VMs!and!Lab!menu!
7!
!
1.2# Lab$Access$Connection$
!
Once!you!can!establish!a!VPN!SSL!session!through!Anyconnect,!then,!telnet!to!the!Terminal!
Server!(172.16.1.201).!
1. Enter!the!username!and!password!provided!by!your!instructor,!(aciuser!/!int4u).!
!
!
! !
8!
!
Lab$1.$DEMO.$Provision$Initial$APIC$Cluster$Configuration$(only$instructor)$
Task$1.0.1$Information$Required$for$all$labs$
STUDENT&PCS& STUDENT&& POD&#& Access&Credentials& PROTOCOL&
192.168.70.151& 1& 1& Administrator/1234QWer& RDP&
!
CLUSTER&INFO& IP&address& DG& Credential& Value&

Fabric&Name& & & & ACI&INT4U&Fab1&
#&of&Apics& & & & 3&
VLAN& & & & 4093&
Apic1&OOB& 192.168.70.161/24& 172.16.1.254& admin/1234QWer& &
Cluster&IP&Pool& 10.17.0.0/16& & & &
Cluster& Multicast& 225.0.0.0/16& & & &
Pool&
Apic1&CIMC& 192.168.70.164/24& 172.16.1.254& admin/1234QWer& &
LEAF1&OOB& 192.168.70.167/24& 172.16.1.254& admin/1234QWer& &
LEAF2&OOB& 192.168.70.168/24& 172.16.1.254& admin/1234QWer& &
SPINE1&OOB& 192.168.70.169/24& 172.16.1.254& admin/1234QWer& &
SPINE2&OOB& 192.168.70.170/24& 172.16.1.254& admin/1234QWer& &
!
9!
!
ACI&FABRIC&CONNECTIONS& CONNECTED&TO& SPEED&

Apic1&Nic1& LEAF1&Port&1/46& 10GB&
Apic3&OOB&Nic2& LEAF2&Port&1/48& 10GB&
SPINE1&Port&1/1& LEAF1&Port&1/49& 40GB&
!
! !
10
!
STUDENTS&SERVER&CONNECTIONS& CONNECTED&TO& SPEED& TENANT/POD&&

UCSC220INT4USRV1&&VIC&Port1& LEAF1&Port&1/1& 10GB& 1&
UCSC220INT4USRV1&VIC&Port2& LEAF2&Port&1/1& 10GB& 1&
UCS&MINI1&FIWA&Port3& LEAF1&Port&1/43& 10GB& &
UCS&MINI1&FIWA&Port4& LEAF2&Port&1/43& 10GB& &
UCS&MINI1&FIWB&Port3& LEAF2&Port&1/44& 10GB& &
UCS&MINI1&FIWB&Port4& LEAF1&Port&1/44& 10GB& &
!
STUDENT&CIMC&C220& CIMC&IP& CREDENTIALS& TenantPod#&&

C220INT4U1&&& 192.168.70.171/24& admin/1234QWer& 1!
C220INT4U2& 192.168.70.172/24& admin/1234QWer& 1&
C220INT4U3& 192.168.70.173/24& admin/1234QWer& 2!
C220INT4U4& 192.168.70.174/24& admin/1234QWer& 2&
C220INT4U5& 192.168.70.175/24& admin/1234QWer& 3!
C220INT4U6& 192.168.70.176/24& admin/1234QWer& 3&
C220INT4U7& 192.168.70.177/24& admin/1234QWer& 4!
C220INT4U8& 192.168.70.178/24& admin/1234QWer& 4&
C220INT4U9& 192.168.70.179/24& admin/1234QWer& 5!
C220INT4U10& 192.168.70.180/24& admin/1234QWer& 5&
C220INT4U11& 192.168.70.181/24& admin/1234QWer& 6!
C220INT4U12& 192.168.70.182/24& admin/1234QWer& 6&
C220INT4U13& 192.168.70.183/24& admin/1234QWer& 7!
C220INT4U14& 192.168.70.184/24& admin/1234QWer& 7&
C220INT4U15& 192.168.70.185/24& admin/1234QWer& 8!
C220INT4U16& 192.168.70.186/24& admin/1234QWer& 8&
!
11
!
STUDENTS&ESXI&SERVERS& SVC&CONSOLE&IP& VLAN& CREDENTIALS& TenantPod#&&

UCSC220ESXI1&&& 192.168.70.221/24& 130& root/1234QWer& 1!
UCSC220ESXI2& 192.168.70.222/24& 130& root/1234QWer& 1&
!
STUDENTS&L2&N5548&CONNECTIONS& CONNECTED&TO& SPEED& VPC& STUDENT& TENANT/POD&

LEAF1&Port&1/17& N5548WA&Port&1/17& 10GB& VPC12& 1& 1!
LEAF2&Port&1/17& N5548WA&Port&1/18& 10GB& VPC12& 2& 1&
LEAF1&Port&1/21& N5548WB&Port&1/17& 10GB& VPC910& 9& 5!
LEAF2&Port&1/21& N5548WB&Port&1/18& 10GB& VPC910& 10& 5&
!
STUDENTS&L3&ROUTER&CONNECTIONS& CONNECTED&TO& SPEED& STUDENT& TENANT/POD&

LEAF1&Port&1/25& L3SW1&Port&0/3&& 1GB& 1W2! 1&
LEAF1&Port&1/26& L3SW1&Port&0/4& 1GB& 3W4! 2&
!
The!first!action!before!to!start!to!create!a!cluster!is!connect!the!Spines!to!the!Leaves!,!the!
APIC´s!to!the!Leaves,!the!student!C220!Servers!and!UCS!Mini!System!also!to!the!Leafs.!This!
work!is!already!done!as!described!in!the!table!and!in!the!LAB!Setup!Diagram.!
12
!
!
!
!
!
13
!
!
!
!
This!lab!only!must!be!performed!by!the!instructor.!!
14
!
Task$1.0.2$Provisioning$the$APIC$Cluster$
!
1. Telnet! to! 172.16.1.201! (Mexico! Lab! Console! Server)! and! login! with! the! Next!
credentials:! (aciuser! /! int4u).! Remember! that! in! the! router! any! connection! will!
require! to! be! authenticated,! so,! after! you! select! a! console! option,! ! please! use!
aciuser!/!int4u!again!and!then!type!enter!to!get!the!right!login.!If!the!username!is!
not! displayed,! please! clear! the! right! line! with! the! comand! cls#! where! #! is! the!
console!option!number.!!
!
2. We!are!going!to!recreate!the!cluster,!so!,!we!will!need!to!ssh!the!Apic’s!OOB!ip!
address:!192.168.70.161!for!Apic1,!.162!for!Apic2!or!.163!for!Apic3.!!
3. Login!with!admin!/!1234QWer!credentials!and!type!the!command:!!eraseconfig&
setup&to!erase!the!config!and!start!the!wizard,!note!that!the!ssh!connection!will!
be!dropped.!
15
!
16
!
4. Telnet! to! the! console! server! 172.16.1.201! using! the! credentials! aciuser! /! int4u!
and!connect!to!each!of!the!console!of!switches!(Leaves!and!Spines)!and!restore!
their! configurations! to! factory! defaults.! Place! the! shown! command! and! then!
reload!the!switch!and!confirm!“y”,!you!can!observe!the!boot!process!of!the!ACI!
image.! When! finish,! go! inside! with! the! username! admin! and! no! password.! The!
username!and!password!of!the!Leaves!and!Spines!is!admin!/!1234QWer!
17
!
5. From! the! Instructor! assigned! Virtual! Machine,! (192.168.70.151)! Using! Mozilla!

Firefox,!Open!the!CIMC!connection!to!each!of!the!APIC´s,!remember!that!the!ip!
address! are:! 192.168.70.164! for! Apic1,! .165! for! Apic2! and! .166! for! Apic3.! The!
credentials!are!the!same:!admin!/!1234QWer!!
6. Start! on! the! Apic1! CIMC,! (this! process! has! to! be! done! in! all! 3! Apics)! Open! the!
KVM! Console! and! accept! the! certificates,! when! you! receive! the! request.! Once!
login,!press!any!key!to!access!the!wizard,!type!Intro!and!you!will!ready!to!start!
the!wizard.!!!
18
!
19
!
Note:!If!you!can!not!see!the!wizard!when!you!press!any!key,!please!login!to!the!
Console! server! 172.16.1.201! with! the! username! aciuser! /! int4u! and! access! the!
serial! console! of! each! apic! to! complete! the! wizard! (start& on& Apic1).! Look! that!
maybe!you!are!asked!to!input!the!Vlan!inmediatly!(the!first!step(s)!were!accepted!
with!the!default!values,!so!when!promted!if!yoyu!want!to!edit!the!config!shown,!
type! yes! and! specify! the! right! parameters! according! the! table! above).! Please!
during!the!Wizard!in!Apic1!type!N!to!the!use!of!Strenght!Passwords!and!configure!
1234QWer!as!the!password!of!the!Cluster.!
20
!
21
!
22
!
23
!
24
!
CLUSTER&INFO& IP&address& DG& Credential& Value&

Fabric&Name& & & & ACI&INT4U&Fab1&
#&of&Apics& & & & 3&
VLAN& & & & 4093&
Cluster&IP&Pool& 10.17.0.0/16& & & &
Cluster&Multicast& 225.0.0.0/16& & & &
Pool&
!
7. When!you!finish!the!setup!wizard!of!all!Apics,!then!you!are!ready!to!discover!the!
Fabric.!But!first!we!will!place!some!troubleshooting!commands!on!LEAF1,!APIC1,!
CIMC!of!APIC1:!
25
!
LEAF1:!
APIC1:!(On!this!captures!he!APIC1!has!connected!only!the!VIC!port!2&1)!
CIMC!of!the!APIC1:!(lldp!must!be!disabled)!
Justification:!On!ACI!environment,!APIC!is!handling!LLDP!with!software!level.!So!we!have!disabled!
LLDP!on!VIC1225!adapter!level!so!that!the!exit!sent!by!leaves!will!not!be!consume!by!the!adapter.!
They!will!be!transmitted!to!APIC!instead.!
26
!
8. Please! from! your! Student! Assigned! VM! (192.168.70.151…160! for! Students! 1! to!
10!or!192.168.70.111..116!for!Students!10!to!16)!using!Google&Chrome!login!to!
the!Apic1!ip!using!https.:!https://192.168.70.161!and!select!Mode:!Advanced!
9. Use!the!username!admin!and!password!1234QWer!
10. Cick!on!YES!and!then!mark!the!square!and!click!on!Submit.!
27
!
11. Click!System,!Controllers,!Controllers:!
12. Click!on!apic1:!
13. Click!on!Fabric,!Inventory,!Fabric!Membership!and!you!can!see!one!Leaf!Switch,!
remember! that! in! this! capture,! the! second! Port! of! the! VIC! on! APIC1! is!
disconnected,!otherwise,!you!will!be!able!to!see!the!2!Leaves.!
28
!
14. !Double!click!on!the!Switch!(SAL1941QU9F).!Place!the!Node!ID!to!101,!the!name!
to!LEAF1,!and!then!Submit,!after!a!few!minutes!the!switch!will!get!an!IP!Address.!
And! the! process! to! discover! the! other! switches,! is! going! to! proceed.! NOTE:!
Remember!that!in!these!captures!only!LEAF1!SW!is!shown!because!the!2nd!LEAF!
is! not! connected! to! the! 2nd! VIC! Port! of! APIC1.! On! your! lab,! both! LEAVES! will!
appear.!
SWITCH& Serial& Name& Node&ID&

Number&
SAL1941QU9F& 101& LEAF1&
SAL1941QUFQ& 102& LEAF2&
!
15. Please!logout!or!close!the!Google!Chrome!window!and!then!login!again!(accept!
new! certificates),! you! will! receive! some! Web! Socket! Connection! Errors.& Go& to&
System,&Controllers,&Controllers:!
29
!
16. Go! back! to! Fabric,! inventory,! Fabric! Membership! and! one& by& one! specify! a!
NodeID! and! a! Node! Name! for! your! 2! Spines.& Please! configure! the! SW! with! the!
serial! number! SAL1938P7BD! SPINE1! and! the! switch! with! the! serial! number!
SAL1938P78S!as!SPINE2.!!
USE!THE!INFOMATION!ON!THE!NEXT!TABLE!TO!FILL!THE!FIELDS.!Click!on!Update!
and!wait!for!see!the!assigned!IP!and!check!how!does!the!second!LEAF!appears.!
SWITCH& Serial& Name& Node&ID&

Number&
SAL1938P7BD& 201& SPINE1&
SAL1938P78S& 202& SPINE2&
&
&
30
!
17. Set!a!NodeID,!Node!Name!for!the!2nd!LEAF.!(NodeID!102,!NodeName!LEAF2),!click!
on!update!and!wait!for!the!IP!address!assigned.!
31
!
18. Go!to!Fabric,!Inventory,!Topology:&!
19. Go!to!System,!Controllers,!Controllers!
32
!
20. Review!the!Dashboard!for!LEAF1!Switch:!
Note:!Ignore!the!errors!and!the!low!health!score!shown!when!setting!up!real.!ACI!
Fabric!is!up,!but!connectivity!with!external!devices!that!are!cabled,!such!as!UCS!
system,!UCS!Servers!and!external!switches,!is!not!configured!yet.!That!is!causing!
the! errors.! Once! everything! is! configured,! the! errors! should! go! away! and! the!
health!score!should!improve.!!
Most! of! the! Switches/Domains! have! status! overview! Dashboards! allowing! us!
higher! granularity! and! exploration! of! status! in! depth.! This! Dashboard! is! at! the!
LEAF101!level!only,!while!the!Dashboard!we!saw!as!soon!as!we!logged!into!the!
APIC!was!at!the!whole!system!level.!!
!
21. Click!on!the!TOPOLOGY!tab.!!
!
!
A!picture!of!LEAF101!will!appear!with!color!coded!interfaces.!By!clicking!on!any!
33
!
interface! we! can! get! available! information! about! the! device! connected! to! that!
interface.!This!screen!shows!topology!from!LEAF101’s!point!of!view.!!
22. Click!on!any!green!interface!to!explore!what!is!attached!to!them.!In!the!example!
below,!we!selected!interfaces!46,!47!and!48!that!have!APICs!tied!to!them.!!
!
23. We!will!go!back!to!the!System&>Controllers!menu!to!see!information!about!the!
formed!APIC!Cluster.!Select!SYSTEM.!!!
34
!
!
24. Select!Controllers!!!
!
25. Expand!the!Controllers!view!on!the!left&hand!side!by!clicking!>!!!
!
26. Notice!that!we!now!have!3!controllers!displayed.!Expand!the!apic1!(Node&1)!view!
by!clicking!>!
35
!
!!
27. Select!the!Cluster!as!Seen!by!Node!folder.!
!!
27.1.1.1.1.1.1.1.1 Review! the! Target! Size,! Current! Size! and!
Operation!State!of!the!APIC!cluster.!!
!
28. This!concludes!APIC!cluster!Set!Up!and!Fabric!Discovery!process.!!
29. Good!Job!!& !
36
!
Lab$2.$Out$Of$Band$(OOB)$&$Access$Policies$Configuration$
Task$2.0.1$Out$Of$Band$Configuration.$$
In! this! lab,! we! will! configure! out! of! band! management! configuration! (This! task!
will& be& completed& just& by& the& instructor! using! the! projector)! and! setup! access!
policies!to!configure!connectivity!with!UCS!Fabric!Interconnects!and!Student!UCS!
C&Series!Servers.!!Each!student!will!work!alone!for!your!own!Tenant/Pod.!!
Remember!the!Next!table:!(The!students!need!to!place!a!RDP!connection!to!the!
student! VM! that! is! running! Windows! 2k8! and! is! also! your! vcenter.! You! can!
connect!to!this!VM!that!is!running!on!your!own!ESXi!server!because!we!are!using!
one!1GB!interface!on!he!ESXi!as!OOB).!

$$
!
37
!
!
!
Task$2.0.2:$Configure$Out$of$Band$Management$(OOB)$$
1. This!task!is!done!by!the!instructor!
2. In!this!task,!we!will!create!and!review!OOB!Management!configuration!of!ACI!Fabric!
Nodes! (Spines! and! Leaves).! At! the! end! of! this! task,! Mgmt! 0! interfaces! of! the! ACI!
Nodes!will!have!the!following!IP!addresses:!!
LEAF101W 192.168.70.167/24& 172.16.1.254& admin/1234QWer&

OOB&
LEAF102W 192.168.70.168/24& 172.16.1.254& admin/1234QWer&
OOB&
38
!
SPINE201W 192.168.70.169/24& 172.16.1.254& admin/1234QWer&

OOB&
OOB&
!
Note:!The!configuration!is!done!by!creating!Policies.!!
3. Click!on!Tenants.!!
4. Click!mgmt!tenant.!!
5. Right!click!Node!Management!Address!and!select!Create!Node!Management!
Address.!!
39
!
6. Enter!the!information!from!the!Next!image!to!configure!LEAF101!Mgmt!interface!
policy!and!click!Submit.!!
Note:!Node!Management!IP!addresses!are!assigned!to!the!MGMT!0!interface!of!the!
switch.!!
7. Click!YES!to!proceed.!
8. Click!YES!to!proceed.!
9. Repeat! steps! 3&5! to! create! additional! 3! Node! Management! addresses! named!
LEAF102&! OOB,! SPINE201&OOB,! and! SPINE202&OOB.! Make! sure! to! check! the!
corresponding!nodes!and!modify!IP!addresses!according!to!the!table!below.!!
LEAF102W 192.168.70.168/24& 172.16.1.254& admin/1234QWer&

OOB&
OOB&
OOB&
40
!
Note:! If! we! did! not! want! to! have! tight! control! over! which! node! gets! which!
management! IP! address,! we! could! have! connected! the! range! of! Nodes! with! the!
range! of! IP! addresses! by! checking! Range! option! instead! of! Specific! option! in! the!
Select! Nodes! By! field.! IP! addresses! would! be! assigned! in! the! order! Nodes! were!
initially!discovered!during!ACI!Fabric!discovery!phase.!!
41
!
!
!
10. To!verify!that!the!switches!are!assigned!addresses,!expand!Node!Management!
42
!
Addresses!and!select!any!of!the!Leaf/Spine!policies!we!just!created.!This!concludes!
OOB!Management!interface!configuration!of!ACI!Nodes.
! $
43
!
Task$2.0.3:$Creating$Basic$Policies$and$Profiles$for$ACI.$$
!
This&task&has&to&be&done&by&each&Pod&or&Student.&(Later&you&will&use&just&one&policy.)&
Some!of!the!ACI!policies!and!profiles!are!independent!from!the!specific!implementation!and!
Data!Center!topology.!The!best!practice!is!to!create!such!policies!and!profiles!ahead!of!time.!
That!is!what!we!will!do!in!this!task.!!
We!will!create!several!Interface!Policies!(One!for!each!Tenant).!Afterward,!we!will!create!a!
place! holder! for! Switch! Profiles! for! each! Leaf! we! have.!Interface! Policies! control! the!
configuration!of!an!individual!feature,!CDP!on/off,!LLDP!on/off,!LACP!mode,!port&speed!etc.!!
Switch!Profiles!define!on!which!Switch!(i.e.!Leaf)!we!are!applying!policies.!We!will!dive!much!
deeper!into!what!these!and!other!policies!and!profiles!mean!and!how!they!fit!into!the!big!
picture!in!the!Next!task!when!connecting!ACI!system!with!UCS!using!vPC.!!
First! we! will! create! CDP! (Enable),! LLDP! (Disable)! and! LACP (Active! and! Mac! Pinning)!
Interface!Policies.!!
1. Click!Fabric&>Access!Policies.!!
Note:!There!are!two!types!of!policies!under!FABRIC.!!
Fabric& policies! configure! interfaces! that! connect! Spine! and! Leaf! switches.! Fabric!
policies! can! enable! features! such! as! monitoring! (statistics! collection! and! statistics!
export),!troubleshooting!(on&demand!diagnostics!and!SPAN),!or!NTP.!!
Access& policies! configure! external&facing! interfaces! that! do! not! connect! to! a! Spine!
switch.!External&facing!interfaces!connect!to!external!devices!such!as!virtual!machine!
controllers!and!hypervisors,!hosts,!routers,!or!fabric!extenders!(FEX).!Access!policies!
enable!configuring!port!channels!and!virtual!port!channels,!protocols!such!as!LLDP,!
CDP!or!LACP,!and!features!like!monitoring!or!diagnostics.!!
2. Click!on!>!to!expand!Interface!Policies!option.!!
44
!
3. Click!on!>!to!expand!Policies!option.!!
4. Right!click!on!CDP!Interface!and!select!Create!CDP!Interface!Policy.!!
45
!
5. Type!CDPenableTenPod#!for!the!Name,!select!Enabled!for!the!Admin!State,!and!click!
Submit.!Where!#!=!Your!Tenant!Number!Assigned!Example!for!TenantPod4:!

!
Note:!The!existing!default!policy!has!CDP!disabled.!!
46
!
Note:!In!this!lab!environment!the!UCS!is!running!Firmware!3.0(2c)!which!does!
support!LLDP.!Also!CDP!and!LLDP!is!enabled!for!the!vNICs!in!the!UCSM!service!
profile.!The!UCS!C&Series!student!Servers!also!supports!CDP!and!LLDP.!
47
!
6. Right!click!on!Port!Channel!Policies!and!select!Create!Port!Channel!Policy.!!
48
!
7. Type!LACPactiveTenPod#!for!the!Name,!select!LACP!Active!for!the!mode,!and!click!
Submit.!Where!#!=!Your!TenantPod#!Number!Assigned.!Example!is!TenantPod4!for!
students!7!and!8.!
8. Right!click!on!Port!Channel!Policies!again!and!select!Create!Port!Channel!Policy.!!
49
!
9. Type!MacPinTenPod#!for!the!Name,!select!MAC!Pinning!for!the!mode,!and!click!
Submit.!Where!#!=!Your!TenantPod#!Number!Assigned.!Example!is!TenantPod4!for!
students!7!and!8.!
10. PLEASE,!CREATE!ANOTHER!POLICY!ModeOnTenPod#!for!the!Name,!select!Static!
Channel!Mode!On!for!the!mode,!and!click!Submit.!Where!#!=!Your!TenantPod#!
Number!Assigned.!Example!is!TenantPod4!for!students!7!and!8.!!
Note:&There&is&no&image&to&show&this&procedure,&please,&do&not&forget&to&create&it&
because&is&the&only&VPC&Policy&that&will&let&you&configure&“Sucess”&your&VPC&with&
the&C&Series&Rack&Servers&in&both&Leaves.&&
11. Right!click!on!LLDP!Interface!and!select!Create!LLDP!Interface!Policy.!!
50
!
12. Type!LLDPdisableTenPod#!for!the!Name,!select!Disabled!for!both!Receive!and!
Transmit!state,!and!click!Submit.!Where!#!=!Your!TenantPod#!Number!Assigned.!
Example!is!TenantPod4!for!students!7!and!8.!
Note:!The!existing!default!policy!has!LLDP!Enabled.!!
Now!we!will!create!Switch!Profiles!for!each!of!our!Leaves.!Since!we!will!need!that!
object!no!matter!what!we!connect!to!the!Leaves,!it!is!best!practice!to!create!a!
placeholder!ahead!of!time.!We!will!provide!minimum!information!for!these!profiles!
and!fill!in!the!details!as!needed!for!our!specific!connectivity.!!
13. Expand!Switch!Policies,!right!click!on!Profiles,!and!select!Create!Switch!Profile.!
51
!
14. Type!LEAF101TenPod#!as!a!name!and!click!+!Next!to!Switch!Selectors.!Where!#!=!
Your!TenantPod#!Number!Assigned.!Example!is!TenPod4!for!students!7!and!8.!!
15. Name!Switch!L101,!Expand!Blocks,!and!select!only!LEAF101.!!
16. Click!Update.!!
52
!
17. Click!Next!to!finish!the!Step!1!of!Switch!Profile!creation.!!
18. Click!Finish!to!finish!creation!of!Switch!Profile.!!
Note:!We!did!not!include!Interface!Selector!Profiles.!We!will!assign!those!later!as!we!
start!attaching!external!devices!to!this!Leaf.!!
Repeat!the!previous!steps!to!create!a!Switch!Profile!for!LEAF102TenPod#.!Where!#!=!
Your!TenantPod#!Number!Assigned.!Example!is!TenPod4!for!students!7!and!8.!
19. Right!click!on!Profiles!and!select!Create!Switch!Profile!!
53
!
20. Type!LEAF102!as!a!name!and!click!+!Next!to!Switch!Selectors.!!
21. Name!Switch!L102,!Expand!Blocks,!and!select!only!LEAF102.!!
54
!
22. Click!Update.!!
23. Click!Next!to!finish!the!Step!1!of!Switch!Profile!creation!!
24. Click!Finish!to!finish!creation!of!Switch!Profile.!!
55
!
25. In!this!task,!we!preconfigured!some!basic!Interface!Policies!and!created!placeholders!
for!Switch!Profiles!for!LEAF101!and!LEAF102.!!
! $
56
!
Task$2.0.4:$Confguring$vPC$Conectivity$with$UCS$Fabric$Interconnects.$$
This&task&has&to&be&done&by&the&instructor&
Some!of!the!ACI!policies!and!profiles!are!independent!from!the!specific!In!this!task,!we!will!
configure! vPC! connectivity! with! UCS! Fabric! Interconnects! by! creating! access! policies! and!
profiles.!!
While! for! this! exercise! and! during! production! it! might! be! easier! to! use! Configure! an!
interface,!PC!and!VPC!wizard!available!from!the!Quick!Start!in!Fabric&>Access!Policies!menu,!
in! the! interest! of! knowing! what! exactly! we! are! configuring,! we! will! configure! necessary!
policies!and!pools!individually.!!
The!overall!workflow!for!creating!connectivity!is!depicted!below.!!
Interface& Policies! control! the! configuration! of! an! individual! feature,! CDP! on/off,! LLDP!
on/off,!LACP!mode,!port&speed!etc.!!
Interface& Policy& Group! is! a! container! consisting! of! multiple! Interface! Policies! grouped!
together.!!
Note:!We!can!have!only!one!PC!or!vPC!per!policy!group.!
Interface&Profile!consists!of!a!range!of!interfaces!with!similar!configuration!so!that!we!can!
apply!the!same!Interface!Policy!Group.!!
Switch& Profile! defines! on! which! Nodes! we! will! use! the! specific! Interface! Policy! Group.!
Whether!you!connect!physical!or!virtual!servers!to!the!Cisco!ACI!fabric,!you!define!a!physical!
or!a!virtual!domain.!Virtual!domains!reference!a!particular!virtual!machine!manager!and!a!
57
!
particular!pool!of!VLANs!or!VxLANs!that!will!be!used.!!
Access& Entity& Profile& (AEP)! connects! concepts! of! Domains! (and! corresponding!
VLAN/VxLANs)!with!interfaces!that!tie!to!that!domain.!!
Note:! For! VLAN/VxLAN! to! function! on! the! specific! Leaf,! both! AEP! and! End! Point!
Group!(EPG)!have!to!be!provisioned.!!
The! person! who! administers! the! VLAN! or! VxLAN! space! is! the! infrastructure&
administrator.! The! person! who! consumes! the! domain! is! the! tenant& administrator.!
The! infrastructure! administrator! associates! domains! with! a! set! of! ports! that! are!
entitled! or! expected! to! be! connected! to! virtualized! servers! or! physical! servers!
through!an!attach!entity!profile!(AEP).!!
vPC&Explicit&Protection&group!defines!vPC!domain!ID!and!which!switches!participate!in!the!
domain.!!
1. Click!Fabric&>Access!Policies.!!
In!the!previous!Task!we!already!preconfigured!all!necessary!Interface!Policies!needed!
for!this!task.!We!will!now!create!the!Interface!Policy!Group.!!
2. Click!on!>!to!expand!Interface!Policies!option.!!
58
!
3. Right!click!on!Policy!Groups!and!select!Create!VPC!Interface!Policy!Group!for!FIA.!!
Note:!To!check!policies!we!created!or!to!see!the!default!policies,!expand!the!feature!
you!want!to!see!by!clicking!on!+!Next!to!it!and!selecting!the!policy.!!
4. Type!PG_vPCtoUCS_FIA!for!the!Name.!
5. For!CDP!policy,!select!CDPenableTen#Pod$.!(Choose!one!already!existing!students!
policy!with!CDP!enable)!
6. In!the!Port!Channel!Policy!drop!down!box,!select!LACPactiveTenPod#.&(Choose!one!
already!existing!students!policy!with!LACP!enable)!
59
!
7. Click!Submit.!!
Note:!All!other!policies!will!automatically!take!default!values.!!
Note:!If!an!Attached!Entity!Profile!(AEP)!was!already!created,!this!would!be!the!place!
to!connect!it.!We!will!connect!the!AEP!and!the!Interface!Policy!Group!later!when!we!
create!AEP.!!
8. Right!click!on!Profiles!and!select!Create!Interface!Profile.!
60
!
9. Type!IntProf_vPC_UCS_FIA!as!a!name!and!click!on!+!to!use!Interface!Selectors.!!
61
!
10. Type!Port43!for!the!Name,!1/43!for!interface!ID,!select!the!Interface!Policy!Group!
PG_vPCtoUCS_FI_A!created!previously!and!click!OK.!!
11. Click!SUBMIT!to!complete!Interface!Profile.!!
Note:!We!just!created!the!Interface!Profile!for!vPC!that!will!tie!to!USC!FI&A!via!ports!
43!on!both!LEAVES.!!
Next!we!will!define!from!which!Switches!(Leaves)!we!will!be!using!port!43!for!vPC!!
12. Expand!Switch!Policies!by!clicking!on!>.!!
62
!
13. Right!click!on!Profiles!and!select!Create!Switch!Profile.!!
14. Type!LEAF101andLEAF102!as!a!name!and!click!on!+!to!use!the!Switch!Selectors.!!
63
!
15. Type!L101WL102!as!a!Name,!click!on!the!Arrow!within!Block!field!and!select!both!
Leaves.!!
16. Click!anywhere!on!the!screen!to!close!Leaf!selector!window!and!click!Update.!
!!
17. Click!Next.!!
64
!
18. Select!the!two!Interface!Profiles!IntProf_vPC_UCS_FIA!created!in!previous!steps!and!
click!FINISH.!!
65
!
Until!now!we!have!created!Interface!and!Switch!Profiles!for!vPC!connectivity!to!UCS!
FI&A.!We!will!create!THESE!TWO!PROFILES!AND!THE!POLICY!GROUP!NOW!FOR!VPC!
TO!UCS!FIB.!
19. Right!click!on!Policy!Groups!and!select!Create!VPC!Interface!Policy!Group.!!
20. Type!PG_vPCtoUCS_FIB!for!the!Name.!
21. For!CDP!policy,!select!CDPenableTen#Pod$.!(Choose!one!already!existing!students!
policy!with!CDP!enable)!
22. In!the!Port!Channel!Policy!drop!down!box,!select!LACPactiveTen#Pod$.&(Choose!one!
already!existing!students!policy!with!LACP!enable)!
66
!
23. Click!Submit.!!
24. Right!click!on!Profiles!and!select!Create!Interface!Profile.!!
25. Type!IntProf_vPC_UCS_FIB!as!a!name!and!click!on!+!to!use!the!Interface!Selectors.!!
67
!
26. Type!Port44!for!the!Name,!1/44!for!interface!ID,!select!the!Interface!Policy!Group!
PG_vPCtoUCS_FIB!created!previously!and!click!OK.!!
27. Click!SUBMIT!to!complete!Interface!Profile.!!
68
!
Note:!We!just!created!the!Interface!Profile!for!vPC!that!will!tie!to!USC!FIB!via!port!44.!!
28. Expand!Switch!Policies!by!clicking!on!>.!
!!
29. Expand!Profiles!by!clicking!on!>.!!
69
!
30. Click!on!Switch!Profile!LEAF101andLEAF102!created!previously!and!click!on!+!Next!to!
Associated!Interface!Selector!Profiles.!!
Note:!Observe!the!presence!of!the!previously!associated!Interface!Profile!to!this!
Switch!Profile.!!
Note:!Due!to!the!granularity!of!this!process,!we!do!not!have!to!create!separate!
Switch!Profiles!since!we!are!using!the!same!two!switches!and!the!same!two!ports!
(port!44)!on!both!of!them.!
31. Select!the!previously!created!Interface!Profile!IntProf_vPC_UCS_FIB!and!click!Submit.!!
70
!
Until!now!we!configured!the!tasks!on!the!left!hand!side!of!the!graph.!For!the!final!
steps!we!will:!!
1)!!Create!the!VLAN!Pool!and!the!Physical!Domain!for!UCS.!!!
2)!!Tie!that!Physical!Domain!with!the!Interface!Policy!Group!using!the!Access!
71
!
Entity!Profile.!!!
3)!!Define!vPC!properties!through!the!vPC&Explicit&Protection&Group.!!!
32. Right!click!on!Pools!and!select!Create!VLAN!Pool.!!
72
!
33. Type!VlPool_UCS_System!as!the!Name,!select!Static!Allocation!and!click!+.!!
34. Type!Vlan!range!200&300!and!click!OK.!
35. Click!Submit.!!
73
!
36. Expand!Physical!and!External!Domains!by!clicking!on!>.!
! !
37. Right!click!on!Physical!Domain!and!select!Create!Physical!Domain.!!
38. Type!PhyDom_UCS!as!a!name,!select!VlPool_UCS_System!for!the!VLAN!pool!and!
click!Submit.!!
74
!
39. Expand!Global!Policies!by!clicking!on!>.!
!!
40. Right!click!on!Attachable!Access!Entity!Profiles!and!select!Create!Attachable!Access!
Entity!Profile.!!
41. Type!UCS_Domain1!as!the!AEP!name!and!click!on!+!to!select!the!domain.!!
75
!
!!
42. Select!PhyDom_UCS!as!the!Physical!domain!we!want!to!tie!to!this!AEP.!!!
43. Click!UPDATE.!!!
76
!
44. Click!Next.!!!
45. Select!All!in!the!Select!Interface!choice!of!both!Interface!Policy!Groups,!and!for!
vSwitch!Policies!select!Specify.!Select!the!right!options!as!indicated!in!the!image.!
Note:!We!enabled!CDP!on!the!UCS.!When!implementing!VM!Networking,!we!will!
create!a!new!virtual!Switch!DVS!within!the!hypervisor.!To!enable!discovery!of!the!
VMs!we!have!to!enable!CDP!on!that!virtual!switch!as!well.!!
46. As!soon!as!you!check!Specify,!additional!options!will!appear.!Set!CDPEnable,!
77
!
LACP_MAC_Pinning!and!LLDP_Disable!as!policies!and!click!Finish.!Select!the!right!
policies!selecting!one!student!configuration.!Ten#Pod!
Note:!LACP_MAC_Pinning!is!enabled!as!a!best!practice.!!
47. Expand!Switch!Policies!by!clicking!on!>.!
Note:!For!vPC!we!have!to!define!vPC!properties!like!Domain!ID!and!participating!
Switches.!!
48. Expand!Policies!by!clicking!on!>.!
78
!
!!
49. Right!click!on!Virtual!Port!Channel!default!and!select!Create!VPC!Explicit!Protection!
Group.!!
50. Type!VPC_UCS!as!the!Name!and!give!vPC!domain!ID!the!value!7.!And!select!Switch1:!
101!and!Switch2:!102.!Click!Submit.!!
79
!
This!concludes!setup!of!vPC!connection!between!UCS!and!ACI!Leaves.!!
! !
80
!
Lab$3.$Verification$Tasks$
Task$3.0.1$VPC$verification$with$UCS$System$
1. To!verify!the!vPCs!are!operational,!Select!Fabric!!
2. Select!Inventory!!
3. Expand!Pod1!!
4. Expand!LEAF101!!
5. Expand!Interfaces!!
6. Expand!VPC!Interfaces!!
81
!
7. Expand!VPC!domain!7!
8. Expand!the!vPCs!IDs!to!find!Po5!and!Po6!to!view!properties.!!
Note:!vPC!numbers!and!Port!channel!numbers!will!vary!as!the!system!assigns!these!
dynamically!at!time!of!creation.!Here!we!are!verifying!physical!interfaces!43!and!44,!
see!topology!diagram!!
9. Verify!Operational!State!is!up!!
82
!
10. Verify!that!the!po5’s!operational!state!is!also!up.!
11. If!you!place!a!ssh!session!to!each!LEAF1!and!LEAF2!to!the!OOB!ip’s!192.168.70.167!
for! LEAF1! and! 192.168.70.168! for! LEAF2,! you! can! type! the! command! show! vpc!
extended!and!review!the!state!of!the!Po5!and!Po6!as!shown!!in!the!next!image:!
83
!
! !
12. Ask! your! trainer! to! show! you! the! PortChannel! config! on! the! UCS! Manager.! (The&
credentials& are:& 172.16.1.200& admin& /& 1234QWer).! The! process! to! enable! Uplinks!
and! a! PortChannel! on! the! UCS! System! is! shown! above:! All! these! steps! have! to! be!
repeated!for!ports!3!and!4!on!each!FIA!and!FIB.!This!process!can!be!done!or!not,!if!
not,!please!ask!the!trainer!to!do!it!together!with!the!delegates!in!the!screen.!
84
!
Click!Yes.!
Now!the!Port!is!shown!in!UP!sate!and!in!Green!Color.!Repeat!3!times!the!same!steps!
for!the!remaining!ports:!Port!4!in!FIA!and!Ports!3!and!4!in!FIB!
Look!that!all!UPLINK!ports!must!be!in!Green!and!in!UP!State.!!
85
!
! !
Now!is!time!to!configure!the!PortChannels!on!the!LAN!tab>LAN!Cloud,!we!will!Create!
PoCh80!on!FIA!including!ports!3!and!4!and!POCh81!on!FIB!including!ports!3!and!4!as!
shown!in!the!next!images.!
86
!
Add!both!ports!to!the!right!and!click!Finish.!
Wait!a!few!seconds!to!get!the!next!image:!
87
!
Repeat!the!same!steps!to!create!the!PoCh81!in!FIB!and!get!the!next!image:!
! !
88
!
Task$3.0.2:$Create$BGP$Route$Reflector$
To! propagate! externally! learned! L3! addresses! within! the! ACI! fabric,! Multiprotocol!
BGP! (MP&! BGP)! is! used.! To! support! a! large! number! of! Leaf! Switches,! BGP! route!
reflector!technology!is!deployed.!!
In! this! task! we! will! configure! BGP! route! reflectors,! and! since! there! can! only! be! a!
single! instance! per! fabric,! this! cannot! be! offered! in! the! main! lab.! When! we! are!
configuring! External! L3! connectivity! in! the! lab,! the! Route! Reflector! part! will! be!
ready.!!!
1. In!the!APIC!GUI,!expand!Fabric&>Fabric!Policies&>Pod!Policies&>Policies!and!click!on!
BGP!Route!Reflector!default.!!
2. Put!999!as!the!Autonomous!System!Number!and!click!on!+!to!select!Route!Reflector!
Nodes.!!
89
!
Note:!We!are!selecting!which!two!Spines!will!be!BGP!Route!Reflectors.!!
3. Select!Spine!Node!201!and!click!Submit.!!
4. Click!on!+!next!to!Route!Reflector!Nodes!to!add!the!second!Spine!202.!!
5. Select!Spine!Node!202!and!click!Submit.!!
6. Right!Click!on!Policy!Groups!and!select!Create!POD!Policy!Group.!!
90
!
7. Input!LabPodPolicy!as!a!Name,!for!BGP!Route!Reflector!Policy!select!default,!and!
click!Submit.!!
!
! $
91
!
Task$3.0.3:$Modify$REST$API$timeout$
When! using! API,! the! default! timeout! period! is! 600s.!We! can! modify! it! up! to! 9600!
seconds!using!following!steps:!!
1. Log!into!the!APIC!via!the!console!or!the!management!network.!ssh!192.168.70.161:!
username!admin!and!password!1234QWer!
2. Go!to!the!directory!/home/admin/aci/admin/aaa/security&management.!!
3. Issue!the!command!moset!web&token&timeout&s!9600.!!
4. You!can!verify!configuration!using!the!command!cat!summary.!!
5. Issue!the!command!moconfig!commit.!!
92
!
Task$3.0.4:$Configure$Network$Time$Protocol$
Note:&This&task&has&to&be&completed&by&the&students.&
Time!synchronization!is!a!very!important!function!for!ACI!operations,!monitoring!and!
troubleshooting.!We!need!to!configure!NTP!for!effective!fabric!operations.!
1. Expand!Fabric!>!Fabric!Policies!>!Pod!Policies!>!Policies!
2. Right&click!Date!and!Time!>!Create!Date!and!Time!Policy!!
93
!
Note:!If!you!expand!Date!and!Time!in!the!navigation!pane,!you!will!see!an!existing!
policy!named!“Policy!default”.!You!could!edit!and!use!this!existing!policy!instead!of!
creating!a!new!one.!!
3. In!the!Create!Date!and!Time!Policy!window,!enter!the!following!data.!!
Name:!Ten#Pod$FabricDateTime&(#&is&your&Tenant&assigned&Number&and&$&is&your&
Pod&Assigned&Number),!Administrative!State:!Enabled!Click!Next.!!
4. In!Step!2!>!NTP!Servers,!you’ll!be!entering!information!on!each!NTP!server!you!plan!
to!use.!First,!click!the!“+”!sign!to!add!an!NTP!server.!!
94
!
5. Enter! the! following! information! according! the! next! image:! (192.168.70.254,!

preferred)!
Note:!Regarding!the!Management!EPG:!Selecting!the!default!(Out&of&Band)!from!the!
drop&down! menú,! we! are! indicating! ACI! to! find! this! server! via! the! out&of&band!
management!network!instead!the!in&band!management!network.!!
6. Click!OK.!And!then!FINISH!
95
!
7. Navigate!to!Fabric>!Fabric!Policies>!Pod!Policies>!Policies>!Date!and!Time>!default!
8. On!Datetime!Format!Windows!are!shown!several!options!to!be!configured.!!
9. In! the! Time! Zone,! select! America/Mexico! City.! Click! local! for! Display! Format.! Click!
enabled!for!Offset!State.!Click!Submit.!!(Look!that!there!is!only!one!“default”!option,!
we! an! not! create! another! one! under! Pod! Policies! in! version! 1.2! of! ACI,! so! just!
confirm!that!Amercica/Mexico!City!is!selected.!)!
10. You!will!now!created!a!new!Pod!Policy!Group.!This!is!just!a!collection!of!policies!that!
you! will! apply! to! your! fabric! (or! “Pod”).! In! the! navigation! pane,! expand! ! Fabric>!
Fabric! Policies>! Pod! Policies>! Policy! Groups>! and! right! click! on! Policy! Groups! and!
select!Create!POD!Policy!Group.!!
96
!
11. In!the!Create!Pod!Policy!Group!window,!note!the!different!types!of!policies!you!can!
include! in! this! group.! For! purposes! of! this! exercise,! enter! the! following:! Name:!
TenPod#_DateTimePolicy&(remember&that&#&is&your&TenantPod&Number):&select!the!
Date!and!Time!Policy!created!earlier!in!this!Task!from!the!drop&down!menu:!fabric&
datetime.!Click!Submit.!!
12. Apply!the!new!Pod!Policy!Group!to!the!default!Profile!for!it!to!be!applied!to!all!nodes!
in! the! fabric.! In! the! navigation! pane,! go! to! Fabric>! Fabric! Policies>! Pod! Policies>!
Profiles>! default! In! the! right! pane! select! the! right! Fabric! Policy! Group! that! you!
already!created.!NOTE:!This!task!can!be!done!just!for!one!TenantPod(#)!
97
!
13. Then!click!Submit.!!
14. Confirm!SUBMIT!CHANGES!
15. Verify!that!the!Switches!Leafs!and!Spines!are!associated!to!the!NTP!server!selected:!
16. After!a!few!minutes…!
98
!
!! !
99
!
Lab$4.$Configuring$RBAC$support$for$the$Fabric.$$
Before!making!any!changes!to!the!live!fabric,!each!student!will!create!his!or!her!own!Admin&!
level! user.! It’s! generally! poor! practice! to! allow! several! users! to! access! a! system! with! the!
same! “admin”! login.! Individual! admin&level! users! clarifies! management,! and! simplifies!
troubleshooting.!!
ACI!supports!RBAC!via!local!and!remote!AAA!authentication!to!identify!individual!users.!An!
ACI!fabric!user!is!associated!with!the!following:!!
1. A!set!of!roles!!!
2. For!each!role,!a!privilege!type:!no!access,!read&only,!or!read&write!!!
3. One! or! more! security! domain! tags! that! identify! the! portions! of! the! management!
information! tree! (MIT)! that! a! user! can! access! !ACI! has! several! pre&defined! roles!
that! permit! access! to! certain! objects! in! the! MIT;! those! objects! are! used! to!
configure!policies!applicable!to!that!role.!!
For!example,!a!“vmm&admin”!role!has!access!to!objects!used!to!configure!virtual!
machine!management.!Each!role!has!one!of!3!privilege!types!to!those!objects:!no!
access,!read&only,!or!read&write;!which!controls!what!the!user!of!that!role!can!do!
with!those!objects.!!
Security! domain! tags! are! used! to! further! restrict! what! portions! of! the! MIT! that!
user!can!access.!!
For!example,!a!“tenant&admin”!role!can!access!all!tenant!objects;!if!I!associate!
that! user! with! only! the! “Company”! security! domain! tag,! then! that! user! can!
only! access! “Coke”! tenant! objects.! !You! will! create! a! user! with! the! “admin”!
role,!and!access!to!“all”!(the!entire!MIT).!Creating!a!user!in!ACI!consists!of!3!
steps:!!!
Specify!the!user’s!security!information!(security!domain,!certs,!SSH!keys)!!
Designate!roles!and!privileges!for!each!security!domain!!!
Specify!identity!(username,!password,!contact!info,!etc)!!!
Task$4.0.1$Configure$RBAC$on$the$ACI$environment$
1. Open! Chrome! Browser! to! https://192.168.70.161! and! login! to! APIC.! User! ID:!
admin!Password:!1234QWer!!
10
!
2. Choose!Admin!>!AAA!>!select!Security!Management!!
3. Expand! Security! Management,! right&click! on! Local! Users! and! select! Create! Local!
User!!
4. In!the!Security!Domain!field,!check!the!box!next!to!“all”.!This!will!permit!your!user!
access!to!the!entire!MIT.!Leave!all!other!fields!blank!and!click!Next.!!
10
!
5. In! the! Roles! window,! locate! the! “admin”! role.! Check! the! radio! button! for! Read!
Write!access!for!the!admin!role.!Leave!all!other!fields!blank!and!click!Next.!!
6. In! the! User! Identity! window,! enter! a! unique! Logon! ID! for! yourself.! Enter! a!
password! and! confirm! the! password.! Complete! other! fields! if! you! want.! click!
Finish.!!
10
!
7. Use!the!ID!you!just!created!to!logon!whenever!the!lab!guides!ask!you!to!logon!to!
APIC! as! admin.! Do! NOT! logon! to! APIC! as! the! admin! user! unless! your! instructor!
specifically!directs!you!do.!!
Task$ 4.0.2$ Create$ Interface$ Policies$ on$ the$ Live$ Network$ for$ your$ C#Series$
Servers$$
Configure! an! Access! Policy! for! UCS! C&Series.! Work! in! teams! of! two! according! to! the! table!
below!(Ex:!students!1!&!2!build!Pod1;!students!3!&!4!build!Pod2,!etc..).!!
STUDENT&PCS& STUDENT& POD&#& TENANT&NAME&

192.168.70.151& 1& 1& TenantPod1&
10
!
192.168.70.152& 2& 1& TenantPod1&

192.168.70.153& 3& 2& TenantPod2&
192.168.70.154& 4& 2& TenantPod2&
192.168.70.155& 5& 3& TenantPod3&
192.168.70.156& 6& 3& TenantPod3&
192.168.70.157& 7& 4& TenantPod4&
192.168.70.158& 8& 4& TenantPod4&
192.168.70.159& 9& 5& TenantPod5&
192.168.70.160& 10& 5& TenantPod5&
192.168.70.111& 11& 6& TenantPod6&
192.168.70.112& 12& 6& TenantPod6&
192.168.70.113& 13& 7& TenantPod7&
192.168.70.114& 14& 7& TenantPod7&
192.168.70.115& 15& 8& TenantPod8&
192.168.70.116& 16& 8& TenantPod8&
Remember!that!on!Lab2,!you!already!created!some!Interface!Policies!under!Fabric>!Access!
Policies,!The!format!that!you!used!to!create!them!is!above:!!!
#!corresponds!to!your!TenantPod!assigned!Number.!
! CDPenableTenPod#!
! LLDPdisableTenPod#!
! LACP!ActiveTenPod#!
! MACPinTenPod#!
! ModeOnTenPod#&&
Note:&This&is&the&VPC&Interface&Policy&that&you&will&use,&even&if&the&lab&
ask&you&to&select&another&one.&
The!use!of!these!Interface!Policies!is!associated!to!the!next!image:!
10
!
10
!
Task$ 4.0.3$ Create$ Interface$ Policy$ Groups$ and$ Interface$ Profiles$ for$ your$
own$Cisco$C#Series$Servers.$$
!In!this!task,!you!will!create!vPC!Interface!Policy!Group!for!your!assigned!connections!to!the!
UCS!C&Series!Rack!Servers.!Each!tenant!(each!pair!of!students)!will!create!a!vPC!from!the!ACI!
fabric!(Leaves!1!and!2)!to!the!VIC!Card!(2!physical!ports)!of!your!assigned!C&Series!Server!
according!the!next!table!and!diagram:!
STUDENTS&SERVER&CONNECTIONS& CONNECTED&TO& SPEED& TENANT&&

UCSC220INT4USRV1&&VIC&Port1& LEAF1&Port&1/1& 10GB& 1!
!
10
!
1. Verify!the!VPC!Domain!has!been!configured.!Choose:!Fabric>!Access!Policies>!Switch!
Policies>!Polices>!Virtual!Port!Channel!default!(local&Pair&ID&=&7)!
2. Create! your! own! VPC! Interface! Policy! Groups.! Choose:! Fabric>! Access! Policies>!
Interface!Policies.!Right&click!Policy!Groups!>!Create!VPC!Interface!Policy!Group!!
10
!
3. In! the! dialog,! enter! the! information! as! follows:! Name:! TenPod#VPCIntPolGrp,&
(Where& #& is& your& TenantPod& assigned& number)! specify! a! CDP! Policy,! !LLDP! Policy,!
VPChannel!Policy:!and!click!Submit.!(LLDP!default!policy!enable!LLDP).!Click!SUBMIT.!
Note:&Please&select&on&the&“Port&Channel&Policy”&field&ModeOn&even&if&this&is&not&
reflected& in& the& next& image!& Otherwise& the& VPC& status& won’t& be& success& in& both&
Leaves.&
4. Verify!that!your!!VPC!Policy!Group!appear!in!the!table.!!
10
!
5. On!your!ESXi!servers,!configure!a!new!vSwitch1!with!your!2!vnic’s!(The!vSwitch0!is!
created! automatically! using! by! default! 1! of! the! 2! x! 1Gbps! interfaces,! vmnic0! by!
default,! we! are! going! to! create! a! vSwitch1! using! vmnic2! and! vmnic3! that! are!
associated!to!the!VIC!card),!also,!you!will!configure!the!right!Teaming!Configuration!
that!match!with!your!Policy!Group!Configuration!used!to!create!your!VPC!to!connect!
your! UCS! C&Series! Server.! Use! the! table! above! to! remember! the! IP! of! your! ESXI!
server.! Then! open! your! Vsphere! Client,! type! your! ESXi! IP! Address,! use! root! as!
username!and!1234QWer!for!password.!
STUDENTS& ESXI& SVC&CONSOLE&IP& VLAN& CREDENTIALS& STUDENT&& VCENTER&&

SERVERS&
UCSC220ESXI1&&& 192.168.70.221/24& 130& root/1234QWer& 1& 192.168.70.151!
UCSC220ESXI2& 192.168.70.222/24& 130& root/1234QWer& 2& 192.168.70.151&
!
10
!
!!!
6. Select! your! own! ESXi! Server! and! then! go! to! the! Configuration! Tab! and! select!
Networking,!you!will!see!that!you!will!have!only!vSwitch0.!Click!on!Add!Networking.!
Note:! If! you! already! have! a! vSwitch1,! just! enter! to! verify! that! you! have! the! right!
configuration!
11
!
7. Select!Virtual!Machine!and!then!Click!Next.!
8. Select!vmnic2!and!vmnic3!to!create!a!vSphere!standard!switch,!then!Click!Next.!
9. On!the!Port!Group!Properties!type!Mgmt130!on!Network!Label,!and!type!130!on!the!
VLAN!ID!(Optional)!field,!then!Click!Next.!
11
!
10. Click!Finish.!
11. Verify!that!now!you!have!the!vSwitch1!with!both!vmnics!(vnics!on!VIC)!associated.!
11
!
12. Click!on!properties!of!the!vSwitch1.!
&
13. Be!sure!to!select!the!vSwitch!field,!and!click!on!Edit...!button.!
14. Go!to!the!NIC!Teaming!Tab.!And!on!the!Load!Balancing!Field,!select!“Route!based!on!
IP! hash”,! on! the! Network! Failover! Detection! be! sure! to! select! “Link! status! only”.!
Then!Click!OK!
11
!
15. Click!Close.!
11
!
16. Create! an! Interface! Profile! to! specify! the! specific! Ethernet! interfaces! assigned! to!
your!Cisco!UCS!C&Series!Server.!Fabric>!Access!Policies>!Interface!Policies.!Right&click!
Profiles!>!Create!Interface!Profile!!
17. Please!remember!the!ports!assigned!to!your!tenant!according!the!next!table:!
STUDENTS&SERVER&CONNECTIONS& CONNECTED&TO& SPEED& TENANT/POD&&

UCSC220INT4USRV1&&VIC&Port1& LEAF1&Port&1/1& 10GB& 1!
11
!

!
18. Enter! name! TenPod#L101L102IntProfWX& (Where! X! is! the! port! where! your! ESXi! is!
connected! on! each! Leaf! and! #! is! your! TenantPod! assigned! number)! and! click! [! +! ]!
Interface!Selectors.!!
19. Port! Selector! name:! PortX,! Interface! IDs:! 1/X,! !Interface! policy! group:!
TenPod#VPCIntPolGrp! (Where! X! is! your! Tenant! assigned! number! and! #! your!
TenantPod!Number)!
Note:&Remember&that&this&step&has&to&be&completed&for&the&2&ESXi&servers&that&are&
part&of&each&PodTenant&using&the&right&port.&
11
!
20. Click!OK,!and!then!SUBMIT.!!
21. Repeat!the!process!for!the!second!port!(the!port!assigned!to!your!2nd!ESXi!connected!
on!each!Leaf)!Go!back!to!Step!18!to!complete!the!process.!!
22. Create!a!profile!to!select!the!leaf!switches!where!the!Cisco!UCS!C&Series!server!are!
connected.! Select! Fabric! >! Access! Policies! >! Switch! Policies!Right&click! Profiles! >!
Create!Switch!Profile!!
23. In!the!dialog,!enter!name!TenPod#SWProfL101L102.!Select!the![!+!]!adjacent!Switch!
Selectors:!
11
!
24. Name:!TenPod#L101L102,!Blocks:!select!both!LEAF101!and!LEAF102!!
25. Click!UPDATE,!NEXT.!!
26. Locate! and! check! your! already! created! Interface! Selector! Profile(S)! and! then! Click!
FINISH.!!
11
!
27. To!verify!your!vPC!is!operational!you!will!launch!Putty!and!connect!to!LEAF101!and!
LEAF102.!!
Apic1&CIMC& 192.168.70.164/24& 172.16.1.254& admin/1234QWer&

LEAF1&OOB& 192.168.70.167/24& 172.16.1.254& admin/1234QWer&
LEAF2&OOB& 192.168.70.168/24& 172.16.1.254& admin/1234QWer&
SPINE1&OOB& 192.168.70.169/24& 172.16.1.254& admin/1234QWer&
SPINE2&OOB& 192.168.70.170/24& 172.16.1.254& admin/1234QWer&
!
28. Launch! Putty! and! connect! to! LEAF101! &! LEAF102.!Enter! IP! address! 192.168.70.167!
and!168!using!SSH!(You!can!use!any!other!ssh!client)!
29. Login!credentials!are!same!as!APIC!(admin!/!1234QWer).!!
Type!the!next!command!on!LEAF1!and!LEAF2:!!
11
!
30. Note! ! ID! and! port&channel! number! (Po#)! are! automatically! created! and! will! vary.!
Notice! no! active! VLANs.! The! first! Port! Channel! corresponds! to! the! port! channel!
created!between!your!Cisco!UCS!C&Series!server,!and!the!next!2!correspond!to!the!
Port!Channels!that!your!trainer!created!between!ACI!Fabric!and!UCS!System.!!
31. Command!line!Help:!APIC!and!node!(leaf/spine)!command!line!do!not!support!using!
12
!
the! question! mark! for! CLI! help.! To! Type! context! sensitive! help,! use! <esc><esc>! in!
place!of!‘?’.!!
For!example:!!
LEAF101#!show!<esc><esc>!LEAF101#!show!v<esc><esc>!LEAF101#!show!vpc!
<esc><esc>!!
Note:!ACI!Fabric!provides!multiple!attachment!points!that!connect!through!leaf!ports!
to!various!external!entities!such!as!bare!metal!servers,!hypervisors,!layer!2!switches!
(i.e.! UCS! FI)! or! routers.! An! Attachable! Entity! Profile! (AEP)! represents! a! group! of!
external! entities! with! similar! infrastructure! policy! requirements! (i.e.! CDP,! LLDP,!
LACP,!etc..).!!
32. Create!an!AEP!to!connect!these!polices!and!profiles!together.!Select!Fabric!>!Access!
Policies!>!Global!Policies!!
33. Right&!click!Attachable!Access!Entity!Profile>!Create!Attachable!Access!Entity!Profile!!
12
!
34. In! STEP! 1,! enter! Name:! TenPod#UCSCSeriesAEP.!Mark! the! option! “Enable!
Infrastructure!VLAN”.!Click!on!+!to!add!a!Physical!Domain.!
!!
35. Locate!the!already!created!PhyDom_UCS!Domain!Profile!and!click!UPDATE!
12
!
36. Click!NEXT!to!get!STEP!2.!On!the!Interface!Policy!Group!Column,!locate!your!Tenant!
VPC! interface! policy! group.! Mark! “All”! Selected! Interfaces! and! on! the! vSwitch!
Policies,!select!the!option!“Inherit&(Same&as&attached&physical&interfaces)”&!
37. Click!FINISH.!
38. In!your!Putty!session,!re&Type:!#!show!vpc!extended.!!
12
!
39. Verify! the! infrastructure! VLAN! 4093! is! active! for! the! UCS! C&Series! Server.! Now! we!
will!enable!Infrastructure!VLAN!for!the!AEP!associated!to!the!VPC!connections!to!the!
UCS!System!(FIA!and!FIB)!
40. Please,! go! to! Fabric>! Access! Policies>! Global! Policies>! Attachable! Access! Entity!
Profiles!and!select!the!UCS_Domain1!AEP.!!
Note:&Do&not&forget&that&the&Port&Channel&Policy&for&your&CWSeries&Servers&must&be&
ModeWOn.&(not&shown&in&the&image)&
41. Please!click!on!Enable!Infrastructure!VLAN!and!then!click!on!SUBMIT.!
12
!
42. Repeat!the!“show!vpc!extended”!command!to!verify!that!the!Infrastructure!Vlan!is!
enabled!now!for!the!VPC’s!to!FIA!and!FIB!
!!!
43. Since! CDP! is! enabled,! you! can! do! the! equivalent! of! #show! CDP! neighbor.! Go! to!
Fabric>!Inventory>!Pod!1>!LEAF1>!Protocols>!CDP>!Neighbors!,!you!will!see!just!the!
FIA!and!FIB!associated!to!interfaces!eth1/43!and!eth!1/44!
12
!
44. Repeat!the!same!for!LEAF2!and!if!time!permits,!test!LLDP!also!to!verify!that!your!UCS!
CSeries!Server!appears!in!the!right!port!number.!!
45. Type!the!next!commands!on!each!LEAF:!
show!vpc!brief!!
show!port&channel!summary!!
12
!
show! interface! brief! (Note:! when! the! AEP! is! created! including! the! Interface! Policy!
Groups,!the!ports!change!the!Reason!from!“out&of&service”!to!“none”)!
Note:&The&output&screen&could&be&different&as&he&image&shows.&
! !
12
!
Lab$5.$Configure$ACI$Tenants$
In!this!Lab,!you!will!create!a!tenant!with!a!private!network!and!two!bridge!domains.!Please!
start!to!work!together!Student!1!and!Student!2,!Student!3!and!Student4!and!so!on.!!
Tip:! One! student! can! read! the! lab! and! other! get! in! to! APIC! GUI! for! some! labs! and! then!
interchange.!
Task$5.0.1$Create$a$Tenant$
In!this!Lab!you!will!work!in!pairs!according!the!next!Table!
STUDENT&PCS& STUDENT&& POD&#& Used& for& TENANT&NAME&TO&

Vcenter& USE&
192.168.70.151& 1& 1& Yes& TenantPod1&
192.168.70.152& 2& 1& & TenantPod1&
192.168.70.153& 3& 2& Yes& TenantPod2&
192.168.70.154& 4& 2& & TenantPod2&
192.168.70.155& 5& 3& Yes& TenantPod3&
192.168.70.156& 6& 3& & TenantPod3&
192.168.70.157& 7& 4& Yes& TenantPod4&
192.168.70.158& 8& 4& & TenantPod4&
192.168.70.159& 9& 5& Yes& TenantPod5&
192.168.70.160& 10& 5& & TenantPod5&
192.168.70.111& 11& 6& Yes& TenantPod6&
192.168.70.112& 12& 6& & TenantPod6&
192.168.70.113& 13& 7& Yes& TenantPod7&
192.168.70.114& 14& 7& & TenantPod7&
192.168.70.115& 15& 8& Yes& TenantPod8&
192.168.70.116& 16& 8& & TenantPod8&
!
1. Go!to!APIC!and!select!Tenants!>!choose!Add!Tenant.!!
!
2. Enter!the!name!according!to!the!table!at!the!beginning!of!this!Lab/Task.!
a. Click![!+!]!adjacent!Security!Domains!(to!create!a!security!domain!for!the!given!
tenant)!!
12
!
!
3. Enter!Name:!Tenant#SecDom&&(Where!#!is!your!Tenant/Pod!Number!assigned)!and!click!
SUBMIT!!
!
Note:! The! Security! Domain! is! a! tag! that! will! be! associated! with! this! tenant! in! the!
APIC! Management! Information! Model.! APIC! will! use! the! Security! Domain! tag! to!
restrict!Tenant!Admin!access!to!this!tenant!only!via!RBAC.!The!Security!Domain!tag!is!
necessary!to!assign!a!Tenant!Admin!later!in!the!Lab.!!
4. Click!the!check!box!for!security!domain!you!just!created.!Click!SUBMIT!
12
!
5. Your!Tenant!is!created!and!you!are!placed!into!the!new!tenant.!!
a. The!URL!will!update!and!place!you!in!the!Tenant!Dashboard.!!
!
!
Task$5.0.2$Create$a$Private$Network$under$a$New$Tenant$
In!this!task,!you!will!create!a!Layer&3!private!network!(VRF)!for!your!tenant.!VRFs!allow!for!
separate! routing! instances,! and! can! be! used! as! an! admin! separation.! All! subnets! must! be!
associated! with! a! Private! Network! within! the! Tenant.! A! Tenant! can! have! multiple! Private!
Networks.!Subnets!cannot!overlap!within!the!same!Private!Network.!!
1. Under!the!Tenant!created!in!the!previous!task,!expand!Networking!!
!
a. Drag!and!Drop!under!VRF!Cloud!(Starting!on!version!1.2!of!ACI)!
!
!
13
!
2. Enter!Name:!VRF1;!type!Description:!Tenant#!L3!Private!network.!Click!SUBMIT!
!
3. Under!your!Tenant#,!expand!Networking>!VRFs>!click!to!see!your!VRF1!in!the!Navigation!
pane.!!
Task$5.0.3$Create$Tenant$Bridge$Domains$and$Subnets$
In! this! task,! you! will! create! two! bridge! domains! and! their! respective! subnets.! A! Bridge!
Domain!is!a!container!for!subnets.!It!is!a!mac&address!table!and!can!be!used!to!define!a!L2!
boundary,!depending!on!how!it!is!configured.!It!is!NOT!a!VLAN,!particularly!in!the!sense!that!
a!VLAN!is!a!security!zone.!All!Bridge!Domains!(subnets)!must!be!associated!with!a!Private!
Network.!!
The!first!task!is!to!determine!the!default!gateway!addresses!configured!on!the!end&points!
(virtual!machines!managed!in!vCenter).!!
1. Use!the!following!vCenter!IP!address!assigned!to!your!tenant.!You!will!decide!if!you!
want!to!work!with!the!vCenter!of!the!Odd!of!Even!Students!(normally!the!Active!vCenter!
is!Student!VM1,!3,!5,!7,!9,!11,!13,!15):!!
VCENTER& STUDENT&& POD&#& Access&Credentials& PROTOCOL&

13
!

!
2. Launch!vSphere!Client!and!connect!to!your!assigned!vCenter!to!determine!the!gateway!
addresses!configured!in!the!Web!and!App!Servers!virtual!machines.!Accept!the!
Certificate!warning.!
!
!
3. Navigate!to!Inventory!>!Hosts!and!Clusters.!!
13
!
!
4. Under!your!first!ESXi!Server,!Right&click!the!Web_Server#!>!choose!Open!Console.!!
!
5. Enter!username!/!password:!student!/!1234QWer!!
Note:!Enter!Ctrl!+!Alt!to!release!your!cursor!from!the!VM!console.!!
6. Right!Click!on!the!Network!Icon!in!the!upper!right!corner,!and!then!click!on!Edit!
Connections!
13
!
!
7. Select!on!the!ETH0!and!click!Edit!
!
8. Locate!the!IPv4!Settings!Tab!and!identify!your!Gateway,!it!most!be!192.168.10.1.!Then!
click!Save!and!then!Close.!
!
9. Repeat!the!process!for!the!App_Server#.!!
10. The!following!default!gateways!should!be!currently!assigned.!!
Web_Server#:!192.168.10.1/24!!
13
!
App_Server#:!192.168.11.1/24!!
11. Return!to!APIC.!!
12. In!your!tenant,!Click!on!Networking,!in!the!right!Panel,!Drag!and!Drop!a!BD!in!any!part!of!
the!Work!Area.!.!
!
13. Enter!a!name!for!your!BD:!BD_Web,!Select!your!own!VRF!and!then!click!NEXT!
!
14. Click!on!the!+!Symbol!to!add!Subnets!
!
15. In!the!Create!Subnet!dialog,!enter!Gateway!IP:!192.168.10.1/24.!!
a. Click!on!Advertised!Externally.!(This!subnet!will!be!advertised!using!an!IGP)!
13
!
b. Leave!other!Fields!default!and!Click!OK!
!
16. Scroll!down!and!Click!NEXT!
!
!
17. Click!FINISH!and!then!SUBMIT!
!
18. Repeat!the!process!to!create!the!APP!bridge!domain.!!
Enter!a!name!for!your!BD:!BD_App,!Select!your!own!VRF.!
19. When!you!finish,!if!you!Click!on!Your!Tenant,!Click!on!Networking,!you!must!see!a!screen!
like!this,!displaying!your!two!BridgeDomains!under!your!own!VRF:!
13
!
!
20. Expand!each!bridge!domain!and!the!subnets!to!verify!correct!IP!addresses.!!
!
21. Now!we!need!to!enable!ARP!flooding!(default=disabled)!for!each!Bridge!Domain,!
normally,!the!hosts!always!talk!and!generate!source!frames!that!will!be!learned!by!the!
LEAVES,!so!the!LEAVES!will!learn!about!these!hosts!(endpoints).!Later!in!another!lab!we!
will!create!a!SVI!interfaces!on!our!N5548!switches!to!simulate!other!hosts!that!will!talk!
to!Web!and!Arp!Servers.!By!default!the!SVI!do!not!source!traffic,!so!the!LEAVES!(Fabric)!
will!not!learn!IP!Addresses.!(they!are!not!present!in!the!routing!table!and!the!ARP!is!
dropped)!
By!turning!on!ARP!flooding!the!“ARP!Request”!is!sent!out!the!interface!toward!the!N5K!
and!when!the!“ARP!Response”!returns!the!fabric!dynamically!learns!about!the!SVI!(IP!
address!and!MAC).!!
22. Navigate!under!your!Tenant!to!Networking>!Bridge!Domains>!and!select!your!BD_App!
Bridge!Domain.!Click!to!check!“ARP!Flooding”!Click!SUBMIT!and!then!SUBMIT!CHANGES.!
13
!
!
23. Repeat!the!process!to!the!BD_Web:!
!
!
! !
13
!
Lab$6.$Configuring$Application$Profiles$
In!this!activity,!you!will!work!in!pairs!to!create!an!Application!Network!Profile!using!the!APIC!
GUI!!
Task$6.0.1$Create$Filters$
In!this!activity!you!will!create!filters!to!be!used!in!the!contracts!!
1. In!your!tenant,!expand!Security!Policies!>!right&click!Filters!>!Create!Filter.!!
!
2. Enter!name!Web_Filters!according!to!the!image,!!then!Click!the![!+!]!Entries.!!
!
3. Fill! the! fields! according! the! image:! ! Name:! http,! Ethertype:! IP,! IP! Protocol:! tcp,!
Destination!Port!/!Range:!From&http,!To&http.!Then!click!UPDATE!
!!
4. Add!a!second!filter!entry!for!https.!Click!the![!+!]!Entries.!!
&
13
!
!
5. Fill! the! fields! according! the! image:! ! Name:! https,! Ethertype:! IP,! IP! Protocol:! tcp,!
Destination!Port!/!Range:!From&https,!To&https.!Then!click!UPDATE!
&
6. Click!SUBMIT!
!
7. Repeat!steps!1&6!to!create!APP_Filters.&In!your!tenant,!expand!Security!Policies!>!right&
click!Filters!>!Create!Filter.!!
!
8. Enter!name!App_Filters!according!to!the!image,!!then!Click!the![!+!]!Entries.!!
14
!
!
9. Fill! the! fields! according! the! image:! ! Name:! tcp8080,! Ethertype:! IP,! IP! Protocol:! tcp,!
Destination!Port!/!Range:!From&8080,!To&8080.!Then!click!UPDATE.!(8080!must!by!typed)!
!!
10. Add!a!second!filter!entry!for!tcp8443.!Click!the![!+!]!Entries.!!
!
11. Fill! the! fields! according! the! image:! ! Name:! tcp8443,! Ethertype:! IP,! IP! Protocol:! tcp,!
Destination!Port!/!Range:!From&8443,!To&8443.!Then!click!UPDATE!!(8443!must!by!typed)!
&
12. Click!SUBMIT!
13. Verify!your!Filter!configuration.!
14
!
Task$6.0.2$Create$Contracts$
In!this!activity!you!will!create!contracts!to!be!used!between!the!End!Point!Groups!(EPGs)!in!
the!Application!Network!Profile!(ANP).!You!will!use!the!filters!created!in!the!task!6.0.1.!!
1. Under!Security!Policies!>!right&click!Contracts!>!Create!Contract.!!
!
2. Enter!Name!WEB!and!under!Scope!select!VRF!according!to!the!image.!Leave!other!fields!
and!click!the![!+!]!Subjects.!!
14
!
!
3. Enter!Subject!name!Web_Ports!and!click!the!+!FILTERS!symbol!
!
4. Select!the!WebWFilters!and!Click!UPDATE!!
14
!
!
5. Add!ICMP!from!Tenant/Common!as!a!filter.!Select!the![!+!]!adjacent!FILTERS.!!
!
6. Choose!the!following!from!the!drop&down!menu.!!
14
!
7. Click!UPDATE!
!
8. Click!OK!
!
9. Click!SUBMIT.!!
14
!
!
10. To!verify,!expand!Contracts!>!expand!WEB!>!select!Web_Ports.!!
!
11. Repeat!the!process!to!configure!the!APP!contract.!!
14
!
!
12. Enter!Name!APP!and!under!Scope!select!VRF!according!to!the!image.!Leave!other!fields!
and!click!the![!+!]!Subjects.!!
!
13. Enter!Subject!name!App_Ports!and!click!the!+!FILTERS!symbol!
!
14. Select!the!AppWFilters!and!Click!UPDATE!!
14
!
!
15. Add!ICMP!from!Tenant/Common!as!a!filter.!Select!the![!+!]!adjacent!FILTERS.!!
!
16. Choose!the!following!from!the!drop&down!menu.!!
14
!
!
17. Click!UPDATE!
!
18. Click!OK!and!then!SUBMIT.!!
14
!
!
19. To!verify,!expand!Contracts!>!expand!APP!>!select!App_Ports.!!
!
20. Create!a!DDBB!contract!with!only!ICMP!as!a!filter.!!
15
!
!
21. Enter!Name!DDBB!and!under!Scope!select!VRF!according!to!the!image.!Leave!other!
fields!and!click!the![!+!]!Subjects.!!
!
22. Enter!Subject!name!DDBB_Mgmt!and!click!the!+!FILTERS!symbol!
15
!
23. Select!ICMP!from!Tenant/Common!as!a!filter.!!
!
24. Click!UPDATE!
!
25. Click!OK!
15
!
!
26. Click!SUBMIT.!!
!
27. To!verify,!expand!Contracts!>!expand!DDBB!>!select!DDBB_Mgmt.!
15
!
!!
Task$6.0.3$Create$ANP$(Application$Network$Profile)$
In! this! task,! each! POD! will! create! a! 3&tier! ANP! in! their! respective! tenant! employing! the!
contracts!created!in!the!previous!task.!This!Task!will!show!only!the!Logical!Model!used!by!
the!APIC!to!configure!the!communications!inside!your!Data!Center.!
1. Under!your!tenant!in!the!left!pane,!right&click!Application!Profiles!>!choose!Create!
Application!Profile.!!
!
2. Enter!the!Name:!Pod#AppProf!(Where!#!)!according!to!the!image.!Then!Click!+!Under!
EPGs!to!add!a!new!EPG!according!to!the!image!
! !
15
!
3. Type!WEB_EPG!as!the!name,!and!from!the!drop!down!menu,!select!the!right!Bridge!
Domain:!BD_Web,!then!click!UPDATE!!!
!
4. Repeat!the!process!to!create!the!APP_EPG!with!the!BD_App!and!DDBB_EPGs!with!
Default!Bridge!Domain.!!
!
5. Click!SUBMIT!
15
!
!
6. Verify!your!configuration!expanding!Application!Profiles!and!click!on!your!already!
created!Application!Profile.!
!
7. Order!your!EPGs!(Using!Drag!and!Drop):!First!the!WEB_EPG,!Second!the!APP_EPG,!third!
the!DDBB_EPG!
!
8. From!the!Toolbar!Menu,!Drag!and!Drop!a!Contract!selecting!first!the!DDBB_EPG!and!link!
it!to!the!APP_EPG.!!
15
!
!
9. A!new!Config!Contract!Window!appears:!(In!the!Consumer!EPG!appears!the!APP_EPG,!in!
the!Provider!EPG!appears!the!DDBB_EPG)!
!
10. Click!on!Choose!An!Existing!Contract,!and!from!the!Menu!Select!the!Contract!DDBB!
!
11. !Click!OK!
15
!
!!
12. Repeat!the!same!process!to!associate!a!Contract!between!APP_EPG!and!WEB_EPG.!
From!the!Toolbar!Menu,!Drag!and!Drop!a!Contract!selecting!first!the!APP_EPG!and!link!it!
to!the!WEB_EPG!
!
13. A!new!Config!Contract!Window!appears:!(In!the!Consumer!EPG!appears!the!WEB_EPG,!
in!the!Provider!EPG!appears!the!APP_EPG)!
15
!
14. Click!on!Choose!An!Existing!Contract,!and!from!the!Menu!Select!the!Contract!APP!
!
15. Click!OK!and!then!SUBMIT!
!
16. Now!we!need!to!associate!a!contract!to!be!provided!by!WEB_EPG.!Go!to!your!Tenant,!
expand!Application!Profiles>!Select!the!POD#AppProf,!expand!Application!EPGs,!Select!
WEB_EPG,!Right!Click!on!Contracts!and!then!click!on!Add!Provided!Contract!
15
!
!
17. Select!the!WEB!contract!and!click!on!SUBMIT!
!
18. To!verify!your!configuration!click!on!your!POD#AppProf!
!
! $
16
!
Lab$7.$Configuring$VMM$Integration$
Task$7.0.1$Configuring$VMM$Integration$using$VMware$
In! this! activity,! integrate! a! Virtual! Machine! Manager! (VMM),! the! vcenter! server! 5.X,! with!
ACI.!
Use!the!following!table!as!a!reference!to!fulfill!in!the!next!steps!in!concordance!with!the!pod!
you!have!
VLAN_POOL_NAME& VLAN&RANGE&
Vlan_TenPod1& 210W219&
!
!!POD1!will!be!used!as!example!
1. Go!to!Fabric&>Access!Policies&>Pools&>right&click!VLAN&>!Create!VLAN!pool!
!
!
2. Enter! the! name! of! the! Vlan! Pool! according! the! previous! table! and! select! +! on!
adjacent!Encap!Blocks.!
16
!
!
3. Enter!the!vlan!range!of!your!pod!from!the!table!above.!Click!OK!and!the!submit!
!
4. Your!vlan!pool!should!appear!in!the!table!
!
5. Use!your!vSphere!Client!(should!be!on!your!desktop)!and!connect!to!your!assigned!
Vcenter!Server.!!
Vcenter&Server& Tenant&& Student& Access&Credentials&

192.168.70.151& TenantPod1& 1,2& Administrator/1234QWer&
16
!
!
Note:!your!Datacenter!name!should!match!your!tenant!name!(TenantPod#,!where!#!is!Your!
Pod!assigned!number).!If,!it!is!not,!please,!rename!it.!!
!
6. In!APIC,!a!VVM!Domain!must!be!created.!GO!to!VM!networking&>!Policies.!Right&click!
VM!Providers!VMWare!&>!Create!vCenter!Domain.!
!
7. Use!the!VMM!Name!according!the!next!table!and!the!previously!created!AEP!and!
Vlan!Pool!associated!to!your!Tenant/Pod!
TENANT& STUDENT& VMM&NAME&

TenantPod1& 1,2& DVSPod1&
16
!

!
!
8. Select!+!adjacent!vCenter!Credentials.!Fill!the!values!with!the!step!5!table.!As!a!name!
you!can!choose!the!one!you!wish.!(Credentials!is!used!on!the!illustration).!Then!click!
ok!
!
9. Now,!to!specify!the!vCenter!Controller,!select!+!adjacent!vCenter/vShield!
!
10. Refer!to!the!below!table!to!fill!up!the!fields!
Note:!Datacenter!name!is!case&sensitive!!
16
!
Enter!name,!IP!address,!Datacenter!and!associated!credentials!
Choose!DVS!version!5.5!
Leave!Management!EPG!field!
NAME& VCENTER& DATACENTER&NAME& STUDENT& Access&Credentials&

VCPod1& 192.168.70.151& TenantPod1& 1,2& Administrator/1234QWer&
!
!
11. Click!on!SUBMIT!
16
!
!
12. Your!VM!provider!profile!will!appear!in!the!Vcenter!Domains!
!
13. To!Verify,!go!to!Inventory&>VMWare&>DVSPod#.!!Select!your!vCenter!Domain.!Then!
swap!to!operational!tab.!Verify!state!is!online!
!
14. Expand!your!vcenter!domain!and!select!VCPod#,!then!click!operational!to!verify!the!
APIC!created!a!VDS!in!this!Vcenter!
16
!
!
!
Task&7.0.2&Adding&Hosts&to&DVS&created&by&APIC&using&VCenter&5.X&
!
1. Let’s! double&check! that! APIC! created! a! new! DVS! on! the! vcenter! Server.! Return! to! the!
vsphere!client,!go!to!Home&>Inventory&>Networking.!
!
2. Now,! time! to! add! your! ESXi! hosts! to! the! just! created! DVS,! right&click! DVSPod#! &>! Add!
hosts!
16
!
!
3. In!the!dialog,!select!vmnic2!and!vmnic3!for!both!hosts.!Click!next!
Warning:&DO&NOT&select&vmnic0&neither&vmnic1&(they&are&for&management)&
!
4. Click!next,!next!and!finish.!Go!to!the!hosts!Tab.!Verify!your!esxi!hosts!were!added!in!and!
their!vds!status!is!up!and!the!state!connected.!
!
5. Go! to! home&>inventory&>Hosts! and! Clusters! and! select! one! of! your! VMs.! Select! the!
Summary!tab!and!verify!the!network!setting!displays!VLAN130_VMs_MGMT!
16
!
!
If!you!wish,!you!can!repeat!the!process!for!the!other!VMs!
6. Going!back!to!APIC,!navigate!to!TenantPod#&>!Application!profiles&>!POC&>!Application!
EPGs! and! select! EPG! app.! Choose! operational! tab.! See! there! are! no! end&points! in! this!
EPG.!
!
7. To!associate!the!APP!EPG!to!your!VMM!domain,!right!click!APP!EPG&>add!VMM!Domain!
Association!
!
8. Select!your!just!created!DVSPod#,!choose!immediate!in!deploy!immediacy!and!leave!the!
default!values!for!the!rest.!Click!submit!
16
!
!
9. Repeat!the!process!for!the!Web!EPG!
10. Expand! the! EPGs! and! select! Domains! (VMs! and! Bare&Metals).! The! state! should! be!
formed.!
!
11. Return! to! the! vsphere! client,! navigate! home&>inventory&>Networking! view! and! notice!
the!APP!and!WEB!port!groups!have!been!created.!
!
!
Task$7.0.3$Adding$Application$End$Points$to$VMM$Domain$$
!
17
!
1. To!assign!the!VMs!to!the!new!port!groups,!navigate!to!Hosts!and!Clusters.!Right!click!
a!VM&>Edit!settings!
!
2. Select!Network!adapter!1!&>!change!network!label!TenantPod#|ANPPod#(DVPod#)!
!
3. Repeat!the!process!for!each!VM;!assign!the!corresponding!port!group.!
4. Lets!see!what!where!the!port!group!id!automatically!assigned!by!the!APIC.!In!the!
Vsphere!client,!go!to!Home&>Inventory&>Networking.!Select!
TenantPod#|ANPPod#|app!port!group.!Choose!edit!settings!
17
!
!
5. In!the!new!window,!select!vlan!(according!to!your!vlan!pool)!and!write!the!vlan!id!
down.!
!
6. Repeat!steps!4!and!5!for!the!TenantPod#|ANPPod#|web!port!group.!
7. Now,!we!will!fix!a!static!binding!between!the!port!group!id!and!the!EPG!app.!
Navigate!to!TenantPod#&>Application!Profiles&>ANPPod#&>Application!EPGs&>EPG!
app.!Select!Static!Bindings!(Leaves).!Right&click!and!select!statically!link!with!node.!
Note:&The&act&to&use&a&static&vlan&associated&to&the&EPG&is&named&Etwork&Centric,&
later&in&lab&11&we&will&repeat&this&action&with&other&EPG&and&Vlan,&but&it&has&to&be&
clear&that&we&are&using&the&concept&of&Network&Centric.!
!
8. In!the!node!field,!click!the!icon!to!deploy!the!options.!Select!both!LEAF1,!id!101!and!
LEAF2,!id!102!
17
!
!
9. Fill!the!field!Encap!with!vlan&217!(Use!the!same!vlan!under!your!pool!as!you!use!
before).!Select!Deployment!Immediacy!as!Immediate!and!mode!equal!to!trunk.!Click!
Submit!
!
10. Repeat!the!procedure!(steps!7!to!9)!for!the!EPG!web!with!the!corresponding!vlan!id.!
11. To!verify!the!correct!assignment,!go!to!TenantPod#&>Application!Profiles&>ANPPod#&
>Application!EPGs.!Select!EPG!app,!for!instance,!and!swap!to!Operational!
!
12. Open!a!console!to!one!of!your!VMs.!!
17
!
!
13. Verify!you!can!ping!the!gateway!
Note:&If&the&ping&is&not&working,&please&review&the&Ethernet&config&of&the&VM&and&
try&again.&
APP! 192.168.11.1!
WEB! 192.168.10.1! User:!student! Password:!1234QWer!
!
!
14. Go!back!to!APIC,!navigate!TenantPod#&>Application!Profiles&>ANPPod#&>Application!
EPGs.!Select!any!EPG!and!swap!to!Operational.!Notice!the!IP!address!appears!for!any!
EPG!that!sourced!traffic!
Note:!Under!learning!source!–!vmm!means!vCenter!informed!the!APIC!of!this!VM;!
learned!means!the!leaf!received!at!least!one!frame/packet!from!this!endpoint!
15. Two&click!the!End!point!to!retrieve!and!expanded!view!of!that!end!point’s!learned!
information!
17
!
!
16. Notice!the!physical!interface!used!by!the!VM!to!move!traffic!in/out!!
Task$7.0.4$Verification$Task:$Exploring$ACI$Contract$
!
1. In!the!vpshere!client,!open!the!Web!server!VM!and!ping!your!partner’s!webserver!
Pod!odd!! 192.168.10.101!
Pod!even! 192.168.10.102! User:!student! Password:!1234QWer!
!
17
!
!
Remember:!Endpoints!in!the!same!EPG!domain!do!not!require!a!contract,!except!in!
two!situations:!
! 1.&!When!you!activate!Intra&EPG!Isolation!
! 2.&!If!you!activate!uEPG!(Microsegmentation)!
2. Open!a!firefox!browser!and!try!https!Access!to!your!partner’s!web!server!also!works!
properly.! If! Warning! messages! appear,! just! accept! them.! Something! similar! to! the!
next!screenshot!should!be!gotten!
!
Remember:! ping! and! any! kind! of! protocol! between! either! the! two! web&servers! or!
the! two! app&servers! are! operative! because! contracts! are! not! required! between!
endpoints!in!the!same!EndPoint!Group!(EPG)!
3. From!the!web&server!VM!try!to!ping!your!app&server!VM.!It!should!work!
AppWserver&& 192.168.11.101& User:&student& Password:&1234QWer&
17
!
WebWserver& 192.168.10.101&
!
!
4. Now!try!to!https!from!the!web&server!to!the!app&server.!It!should!fail.!The!question!
is!why?!(Maybe!you!should!ask!to!your!instructor)!
!
5. Let’s! see! how! the! filters! work.! First,! verify! the! APP! contract! filters.! Go! to!
TenantPod#&>Security!Policies&>Contracts&>Filters!and!expand!APP&filters.!
17
!
!
Note:!we!are!going!to!use!the!non!well&known!ports!8080!(instead!of!80)!and!8443!
(instead!of!443)!
6. In!the!vpshere!client!open!a!console!to!an!app&server!VM!and!verify!the!ping!works!
perfectly!for!both!web&server!VMs!
Web&server!! 192.168.10.101!
Web&server! 192.168.10.102!
!
7. Now,!https!using!the!port!8443!from!the!app&server!to!the!web&server.!It!should!fail.!
!
!
8. To!make!it!work,!it!is!needed!that!we!add!the!app!contract!as!consumed.!Navigate!to!
TenantPod#&>! Application! profiles! &>! ANPPod#&>! Application! EPGs.! Select! EPG! app!
and!right&click!on!it.!Then!choose!add!consumed!contract!
17
!
!
9. Click! to! make! the! drop&down! menu! appear! and! select! TenantPod#/app! and! finally!
click!submit.!
!
10. Verify!that!APP!EPG!is!both!provided!and!consumed!as!a!contract!
!
11. Repeat!the!process!for!the!web!EPG!and!verify!it.!
17
!
12. You! can! get! the! same! information! in! a! graphical! way.! Go! to! Security! Policies&>!
Contracts.!Select!app.!
!
13. If!we!repeat!the!test!of!step!7,!it!should!work!now.!
!
14. We!can!Type!some!cli!commands!for!extra!verifications.!SSH!to!a!leaf!and!type:!
& Show!endpoint!
& Show!endpoint!summary!
& Show!vlan!extended!
& Show!vpc!extended!
18
!
!
!
! !
18
!
Lab$8.$Configuring$External$L2$Connectivity.$First$Network$Centric$Lab$
Task$8.0.1$Configuring$Physical$Port$for$External$L2$Connection$$
!
1. Go!to!Fabric&>Access!Policies&>!Select!Quick!start!
!
2. Click!on!the!green!+!icon!
!
3. Click!to!make!the!drop&down!menu!appear!and!select!the!proper!switch!according!to!
your!POD.!!
DataCenter&Name& Switch& Switch&profile&Name&

TenantPod1& 101& TenPod1WSwitch101_Prof&
18
!

!
!
!!! ! Warning:!DO!NOT!click!on!Save!button!!!!
4. Again,!click!green!+!icon!to!configure!interfaces!
!
5. Fill!the!fields!with!the!following!values:!
Note:! #! =! Your! TenantPod! Number! Assigned! Number! Assigned.! Example! for!

TenantPod1!is!shared!between!student!1!and!2.!
**!CDP!Policy,!LLDP!Policy:!!You!can!use!the!default!values!or!the!policies!created!in!
previous!LABS!
& Attached!Device!Type:!External)Bridged)Devices!
& Domain!Name:!TenPod#(ExtL2(Domain!
& Enter!VLAN!Range,!Interface!Selector!Name!and!interfaces!
according!to!the!table!below!
! !
18
!
Pod& Tenant& Interface& Switch& Interface&Selector&Name& Vlan&Range&

1& TenantPod1& 1/17& 101& TenPod1WSwitch101_1Wports17& 210&
8& TenantPod8& 1/24& 102& TenPod8WSwitch102_8Wports24& 280!
!
!
Important:!Click!SAVE!in!the!current!screen!
6. And!click!SAVE!again!
! !
7. And!the!very!important!now,!scroll&down!and!click!on!submit!
18
!
!
8. Verify! the! configuration! created! by! the! Quick! Start! Wizard.! Go! to! Fabric! &>! Access!
Policies!&>!Interface!Policies!&>!Policy!Groups.!Select!the!one!you!created!
!
Notice!the!following:!
a. The!policy!name!is!gotten!from!your!Interface!Selector!Name!
b. The! AEP! (Attached! Entity! Profile)! was! automatically! created! and! associated!
by!the!wizard!
9. On! the! left! current! pane,! browse! Switch! Policies! &>! Profiles.! Select! the! one! you!
created!
18
!
!
!
10. Go!to!Interface!Profiles&>!Profiles.!Expand!it!
!
11. Browse!Physical!and!External!Domains!&>!External!Bridged!Domains!and!locate!and!
select!Domain!TenPod1&ExtL2&Domain.!&
18
!
!
Notice!the!vlan!Pool!and!AEP!(Attached!Entity!Profile)!associations!
12. Go!to!Pools&>!VLAN.!Select!TenPod#&ExtL2&Domain_vlans.!Verify!that!!
TenPod#(ExtL2(Domain!TenPod#(ExtL2(Domain!
!
Notice!the!vlan!pool!name!is!derived!from!the!domain!name!
i. Navigate!Global!Policies&>!
Attachable!Access!Entity!
Profiles.!Check!the!
associated!L2&external!
Domain!
18
!
!
!
Task$8.0.2$Create$Bridge$Outside$in$your$Tenant$
!
1. Go! to! your! Tenant! &>Networking&>External! Bridged! Networks.! Right&click! on! it! and!
select!create!bridged!outside!
!
!
2. Fill!the!fields!with!the!following!information:!
& Name:!!Pod#(ExtL2(vlan(2#0!
& Bridge!Domain:!TenantPod#/app!
& External!Bridged!Domain:!TenPod#(ExtL2(Domain!
& Path!Type:6Port!
Leaf& Tenant& Leaf&Interface& Encap&
18
!
101& TenantPod1& 1/17& VlanW210&

102& TenantPod8& 1/24& VlanW280!
!
!
3. In!the!Path!field,!you!must!select!your!leaf!and!interface!from!the!above!table.!Click!
Add!
18
!
!
4. Click!Next!(The&Encaps&Field&must&be&vlanW2#0&no&vlanW2010&as&the&image&shows)!
!
5. Click!on!the!+!sign.!Create!and!external!EPG!(Endpoint!Group)!Network!
19
!
!
6. Use!TenPod#(EPG(vlan2#0!as!the!Name.!Leave!the!default!values!for!the!rest.!Hit!OK.!
!
7. Click!Finish!
!
8. Verify!the!recent!created!External!bridged!Network!
19
!
! !
9. Display!the!network!view.!Go!to!your!Tenant&>Networking!
!
10. !Navigate! to! your! Tenant&>Networking&>External! Bridged! Networks&>Pod#&ExtL2&
vlan2#0.!Select!Networks.!On!the!new!screen!click!the!+!icon.!
!
! !
19
!
11. Choose!TenantPod#/DDBB!and!click!update!
!
12. Submit!
!
13. Verify!the!app&server!VM!can!ping!the!SVI!on!the!Nexus!5k.!Launch!a!putty!session!
from!your!student!PC!to!the!N5K!
Tenant/Pod& 5K&IP&address& user& password&

1,3,5,7& 10.10.40.4&
admin& Cisco123&
2,4,6,8& 10.10.40.5&
!
Type!a!Show6run6int6vlan2#06
6
!
14. SSh!to!your!corresponding!leaf!and!verify!the!interface!is!trunking!VLAN!2#0!
LEAF101& 192.168.70.167&
admin& 1234QWer&
LEAF102& 192.168.70.168&
!
Type!the!following!CLI!commands:!
19
!
& show!vlan!ext!|!grep!vlan&2#0!
& show!interface!e1/XX!switchport!|!grep!Allowed!
!
15. In!vsphere,!open!a!console!to!one!app&server!VM!and!ping!the!SVI!with!IP!address!
192.168.11.254!
!
16. Verify!the!5k!can!ping!the!app&server!VMs!
Task$8.0.3$Cloning$a$VM$and$associate$to$the$DB$EPG$$
1. In!Vsphere!client,!first!shutdown,!then!clone!one!of!your!VMs!!
19
!
!
2. Name!the!clone!DDBB_server.!Click!Next.!Select!your!POD’s!ESXI!host!
19
!
3. Hit!next!and!select!the!only!datastore!available!
!
4. Hit!next!until!to!finish!the!wizard!
!
5. Observe!the!process!under!Recent!Tasks!
Task$8.0.4$Verification$Tasks:$Moving$inside$the$App,$Web$and$DB$VMs$$
&
1. Once!cloned!the!VM,!open!a!DDBB_Server!console!
19
!
!
!
2. Use!student/1234QWer!as!a!login/password.!!Look!for!the!radiation!icon.!Clik!on!it!
until!the!options!appear.!Select!Edit!Connections.!
!
3. Delete!ETH0!connection!
4. Edit!the!wired!connection1!
19
!
!
5. Change!the!name!to!ETH0!and!swap!to!the!IPv4!settings!tab!
!
6. Change!method!to!manual!and!click!add!
!
7. Use!the!IP!Address!192.168.12.101/24!and!as!a!default!gateway!192.168.12.1.!After!
the!ip!is!entered!hit!save.!
19
!
!
8. Open!a!terminal!and!check!whether!the!IP!is!correct!with!the!command!ifconfig!
!
9. In!your!Tenant,!modify!the!APP!bridge!domain.!Add!the!gateway!address!specified!in!
the!cloned!VM!(192.168.12.1).!Right&click!on!Subnets!and!select!create!Subnet.!
19
!
Note:& Remember& that& the& creation& of& Contracts,& EPG´s& and& their& association& can& be&
completed&using&Drag&and&Drop&as&we&will&see&in&the&L3ext&Lab.&
10. Enter!the!gateway!address!192.168.12.1/24!and!submit!
!
11. Associate!the!APP!bridge!domain!to!the!DDBB!EPG.!Scroll!down!and!hit!Submit!
!
12. Associate!the!DDBB!EPG!to!your!VMM!domain.!
20
!
!
13. Select!your!DVSPod$.!Select!Check!Immediate!and!Submit!
!
14. In!vsphere!client,!go!to!networking!view!and!verify!the!DDBB!port!group!was!created!
15. !
20
!
16. !Go!to!hosts!and!clusters&>Edit!settings!on!the!DDBB&Server!
!
17. Set!network!adapter1!to!the!DDBB!port!group.!
!
18. Verify!DDBB&server!Vm!can!ping!its!default!gateway!and!the!App&Servers!
20
!
!
19. Verify!the!App&Server!can!ping!the!DDBB&Server!
!
20. Test!whether!DDBB&server!can!ping!the!SVI!(192.168.12.254)!
20
!
!
Note:!The!ping!should!fail.!There!is!no!route!on!N5k!to!the!192.168.12.0/24!subnet!
! $
20
!
Lab$9.$Connecting$a$L3$Outside$using$OSPF$
In!this!activity,!you!will!create!an!EPG!with!External!Layer!3!connectivity.!You!will!create!a!
contract!and!link!this!EPG!to!an!existing!application!EPG.!!
The!OSPF!neighbors!and!IP!test!points!are!provided!using!VRF’s!in!the!L3SW1!of!the!Lab!as!
described!in!the!next!image.!!
On!the!L3SW1!we!will!have!a!Loopback!address!(Same!IP!Address!for!all!Pods)!associated!to!
a!VRF!that!will!simulate!a!Host!behind!the!L3!Device.!!
In!summary!you!will!provide!access!to!your!VM´s!to!the!exterior!through!OSPF.!
!
STUDENTS&L3&ROUTER&CONNECTIONS& CONNECTED&TO& SPEED& STUDENT& TENANT/POD&
!
Task$9.0.1$Verify$the$BGP$Route$Reflector$Configuration$$
In!this!task!you!will!verify!a!previously!created!BGP!Route!Reflector!policy!for!the!entire!ACI!
Fabric.!!
1. In! APIC,! choose! Fabric! >! Fabric& Policies! >! Pod& Policies! >! Policies! ! >! BGP& Route&
Reflector&default.!!
Verify!that!the!Autonomous!System!Number!is!99!
20
!
Verify!that!both!Spine!switches!are!list!as!Route!Reflector!Nodes!!
Do&not&make&any&changes&&
&
2. Goto! Inventory! >! Pod1! >! LEAF101(NodeW101)! >! Protocols! >! BGP! >! BGP& for& VRFW
overlayW1!>!Neighbors.!!
Verify!that!the!Leaf!has!a!BGP!session!established!with!each!of!the!Spines!!
!
Note:!All!of!the!leaf!and!spine!switches!are!in!one!single!BGP!autonomous!system!(AS=99).!
Once!the!border!leaf!learns!the!external!routes,!it!can!then!redistribute!the!external!routes!
of! a! given! VRF! to! an! MP&BGP! address! family! VPN! version! 4! (or! VPN! version! 6! when! IPv6!
routing!is!supported!in!ACI).!!
MP&BGP!maintains!a!separate!BGP!routing!table!for!each!VRF.!Within!MP&BGP,!the!border!
leaf!advertises!routes!to!a!spine!switch,!which!is!a!BGP!route!reflector.!The!routes!are!then!
propagated! to! all! the! leaves! where! the! VRFs! (or! private! network! in! the! APIC! GUI’s!
terminology)!are!instantiated.!!
20
!
Task$9.0.2$Configuring$External$L3$Integration$with$OSPF$
In!this!task!you!will!work!in!groups!of!two!to!enable!External!Routing!using!OSPF!within!your!
TenantPod.!!
In!this!Lab!we!will!work!only!with!ports!associated!to!LEAF1.!
Complete!these!steps.!!
Refer!to!the!following!chart!for!L3SW1!port!assignments.!!
STUDENTS& L3& ROUTER& CONNECTED&TO& SPEED& PROTOCOL& STUDENT& TENANT/POD&

CONNECTIONS&
LEAF1&Port&1/25& L3SW1&Port&0/3&& 1GB& OSPF/EIGRP& 1W2! 1&
LEAF1&Port&1/26& L3SW1&Port&0/4& 1GB& OSPF/EIGRP& 3W4! 2&
!
VLAN_POOL_NAME& VLAN&POOL& VLAN&USED&FOR&OSPF& VLAN&USED&FOR&EIGRP&

Vlan_TenPod1& 210W219& 218& 219&
Vlan_TenPod2& 220W229& 228& 229&
Vlan_TenPod3& 230W239& 238& 239&
Vlan_TenPod4& 240W249& 248& 249&
Vlan_TenPod5& 250W259& 258& 259&
Vlan_TenPod6& 260W269& 268& 269&
Vlan_TenPod7& 270W279& 278& 279&
Vlan_TenPod8& 280W289& 288& 289&
!
L3SW1:&10.10.40.20&(telnet)&&
Credentials:&student&/&1234QWer&&
3. Just!for!verificate!your!configuration,!you!can!launch!a!putty!session!to!the!L3SW1!to!
type!some!show!commands!to!verify!the!ip!routing!process.!!
Here!are!some!example!commands:!!
show!ip!vrf!
show!ip!vrf!interface!
show!ip!int!brief!
show!ip!route!!
show!ip!route!vrf!TenantPODX!(where!X!is!your!Assigned!TenantPOD)!
20
!
show!ip!ospf!
Note:!Refer!to!the!next!table!to!know!the!the!IP!subnet!used!to!establish!an!OSPF!session!
between!the!LEAF1!and!the!L3SW1.!You!will!configure!an!IP!in!the!same!subnet!for!the!SVI!
interface!that!connects!to!the!router!according!to!the!next!table.!!
Tenant/POD& SUBNET& VLAN&FOR&OSPF& VLAN&FOR&EIGRP&

1& 172.16.11.0/24&&SWL31:&.1&&&LEAF1:&.254& 218& &
2& 172.16.12.0/24&&SWL31:&.1&&&LEAF1:&.254& 228& &
3& 172.16.13.0/24&&SWL31:&.1&&&LEAF1:&.254& 238& &
4& 172.16.14.0/24&&SWL31:&.1&&&LEAF1:&.254& 248& &
5& 172.16.15.0/24&&SWL31:&.1&&&LEAF1:&.254& 258& &
6& 172.16.16.0/24&&SWL31:&.1&&&LEAF1:&.254& 268& &
7& 172.16.17.0/24&&SWL31:&.1&&&LEAF1:&.254& 278& &
8& 172.16.18.0/24&&SWL31:&.1&&&LEAF1:&.254& 288& &
1& 172.17.11.0/24&&SWL31:&.1&&&LEAF1:&.254& & 219&
2& 172.17.12.0/24&&SWL31:&.1&&&LEAF1:&.254& & 229&
3& 172.17.13.0/24&&SWL31:&.1&&&LEAF1:&.254& & 239&
4& 172.17.14.0/24&&SWL31:&.1&&&LEAF1:&.254& & 249&
5& 172.17.15.0/24&&SWL31:&.1&&&LEAF1:&.254& & 259&
6& 172.17.16.0/24&&SWL31:&.1&&&LEAF1:&.254& & 269&
7& 172.17.17.0/24&&SWL31:&.1&&&LEAF1:&.254& & 279&
8& 172.17.18.0/24&&SWL31:&.1&&&LEAF1:&.254& & 289&
4. Next,!configure!the!L3&outside!network!in!your!TenantPod.!For!each!TenantPod#!you!
have!assigned!one!port!for!L3!proposes!in!LEAF1!to!configure!OSPF!and!EIGRP!later!
in!the!next!Lab.!Refer!to!the!previous!table!for!LEAF!port!assignments.!!
5. Go!to!your&Tenant!>!expand!Networking!>!rightWclick&External&Routed&Networks!>!
Create&Routed&Outside.!!
!
6. Specify! the! Name! L3ExtOspf_TenPod#.! (where! #! is! the! TenantPod! Number!
assigned)!!
20
!
Mark!OSPF!
On!VRF!select!your!previously!created!VRF!associated!to!your!TenantPod:!VRF1!!
Click!on!Regular&area!
Leave!other!settings!default!!
Click![+]!under!Nodes&and&Interface&Protocol&Profiles.!!
!
7. For!the!Name,!type!LEAF1!
Click![+]!next!to!Nodes.!!
Select!from!the!list!the!Node!ID:!LEAF1!(Node&101)!!
Leave!marked!the!option!“Use!Router!ID!as!Loopback!Address”!
Type!the!Router!ID:!172.31.1.#!(Where!#!is!your!assigned!TenantPod!Number)!and!
then!click!OK!!
20
!
!
8. On!OSPF!Interface!Profiles!Section,!click!![+].!!
!
9. Enter! Name:! LEAF101_SVI2#8! (Where! #! is! your! assigned! TenantPod! Number)! and!
then!click!on!SVI!
21
!
10. Then!click!on!the![+]!to!add!a!SVI!Interface.!
!!
11. On!the!Path&Type!field!leave!the!Port!option!
12. On!the!Path!field!select!LEAF1!and!scroll&down!to!find!your!assigned!port!used!for!
OSPF!according!the!previous!table.!
!!
13. On!Encap!field,!type:!vlan&2#8!(Where!#!is!your!already!assigned!TenantPod!number)!
21
!
!
14. On!IPv4!Primary!/!IPv6!Preferred!Address!field!type!the!already!assigned!ip!address!
for!OSPF!on!the!LEAF1!side!according!the!table!above:!
Tenant/POD& SUBNET& VLAN&FOR&OSPF& VLAN&FOR&EIGRP&

1& 172.16.11.0/24&&SWL31:&.1&&&LEAF1:&.254& 218& &
2& 172.16.12.0/24&&SWL31:&.1&&&LEAF1:&.254& 228& &
3& 172.16.13.0/24&&SWL31:&.1&&&LEAF1:&.254& 238& &
4& 172.16.14.0/24&&SWL31:&.1&&&LEAF1:&.254& 248& &
5& 172.16.15.0/24&&SWL31:&.1&&&LEAF1:&.254& 258& &
6& 172.16.16.0/24&&SWL31:&.1&&&LEAF1:&.254& 268& &
7& 172.16.17.0/24&&SWL31:&.1&&&LEAF1:&.254& 278& &
8& 172.16.18.0/24&&SWL31:&.1&&&LEAF1:&.254& 288& &
1& 172.17.11.0/24&&SWL31:&.1&&&LEAF1:&.254& & 219&
2& 172.17.12.0/24&&SWL31:&.1&&&LEAF1:&.254& & 229&
3& 172.17.13.0/24&&SWL31:&.1&&&LEAF1:&.254& & 239&
4& 172.17.14.0/24&&SWL31:&.1&&&LEAF1:&.254& & 249&
5& 172.17.15.0/24&&SWL31:&.1&&&LEAF1:&.254& & 259&
6& 172.17.16.0/24&&SWL31:&.1&&&LEAF1:&.254& & 269&
7& 172.17.17.0/24&&SWL31:&.1&&&LEAF1:&.254& & 279&
8& 172.17.18.0/24&&SWL31:&.1&&&LEAF1:&.254& & 289&
!
!
15. On!MTU!field!type!1500.!!
16. Click!on!Access!(Untagged)!option!and!then!click!OK!
21
!
!
17. Click!OK!again!
!
18. Click!OK!Again!
21
!
!
19. Click!NEXT!to!create!an!External!EPG!Network.!Note:!The!OSPF!Area!Type!must!be:!
Regular&area!for!this!LAB.!
!
20. Click![+]!to!create!an!External!EPG!Networks.!!
21
!
21. Type! the! Name! TenPod#EPG_Ospf! (Where! #! is! your! already! assigned! TenantPod!
Number)!
!
22. !Then!click![+]!under!Subnet.!!
!
23. Type!0.0.0.0/0&to!allow!all!subnets,!leave!the!other!fields!with!default!values,!then!
click!OK.!!
!
24. Then!click!OK!again.!
21
!
!
25. Finally!click!Finish.!
!!
26. Select!Networking!folder!to!display!the!networking!graphic!pane.!!
21
!
!
27. Assign!consumed!contract!WEB!to!the!OSPF&EPG.!!
Expand! External& Routed& Networks! >! L3ExtOspf_TenPod#! >! Networks! >!

TenPod#EPG_Ospf.!
!
28. Click!on!Contracts!
!
29. Click![+]!on!Consumed&Contracts!>!select!WEB.!!
21
!
!
30. Click!UPDATE!
!
31. Under!your!Tenant,!Expand!Application&Profiles!>!Pod#AppProf!verify!that!!
TenPod#EPG_Ospf! appears! as! a! WEB! contract! consumer.! (you! can! relocate! the! L3!
EPG!and!then!click!on!it!to!get!the!next!image)!!
21
!
!
32. Next,!bind!the!L3ExtOspf_TenPod#!to!the!WEB!bridge!domain.!!
Under!Networking!>!expand!Bridge&Domains!>!select!BD_WEB.!!
21
!
!
33. On!the!right!side,!click!L3&Configurations!!
!
34. Cick!on![+]!under!Associate&L3&Outs!and!add!your!L3ExtOspf_TenPod#!!
22
!
!
35. Click!UPDATE!
!
36. Click!on!SUBMIT!
22
!
!
37. Verify!the!BD_WEB!subnets!Scope!is!set!to!Advertised&Externally.!!
Advertised& Externally! indicates! that! this! subnet! will! be! advertised! to! the! external!
router!by!the!border!leaf.!!
Private&to&VRF!indicates!that!this!subnet!will!be!contained!within!the!ACI!fabric!and!
will!not!be!advertised!to!external!routers!by!the!border!leaf.!!
Shared& between& VRFs! is! for! shared! services.! It! is! used! to! indicate! that! this! subnet!
needs!to!be!leaked!to!one!or!more!private!networks.!The!shared!subnet!attribute!is!
applicable!to!both!public!and!private!subnets.!!
22
!
38. Click! on! each! subnet! configured! under! the! BD_Web! and! verify! that! is! marked! as!
Advertised&Externally.!Click!on&SUBMIT!
Task$9.0.3$Verification$Tasks$in$ACI$for$OSPF$Configuration$
!
1. Verify!the!operational!state!of!your!TenantPod#!OSPF!configuration.!Go!to!!Fabric!>!
Inventory!>!POD1!>!LEAF1&(NodeW101)!>!Protocols!>!OSPF!
On!the!OPERATIONAL!tab!the!operation!state!must!be!Up!!
!
2. Click!on!OSPF!for!VRFWTenantPod#:VRF1!the!Neighbors&state!must!be!Full!
22
!
!!
3. Click!Routes;!verify!that!there!are!two!external!routes:!
&0.0.0.0/0! that! is! the! default! route! injected! by! the! L3SW1! through! the! default! –
information&originate!command,!so!is!shown!as!ext2!
!&The!prefix!10.1.0.1/32!is!the!loopback!of!the!L3SW1!router!associated!to!each!VRF,!
is!shown!as!intra!Area!because!the!Area!ID!is!the!same!as!LEAF1!(0.0.0.1)!
&The!prefix!172.31.1.#/32!is!the!loopback!of!the!LEAF!associated!to!the!TenantPOD#.!
Is!known!also!as!internal!in!the!OSPF!DB.!
&The! prefix! 172.16.1#.0/24! is! the! subnet! associated! to! the! link! between! the! SVI!
interfaces! associated! to! the! TenantPOD#! and! the! VRF! named! TenantPOD#! in! the!
L3SW1.!Is!known!also!as!internal!in!the!OSPF!DB.!
22
!
!
!!
Specific!32&bit!routes!for!each!Tenant!in!the!table!below:!!
4. The!Route!Table!in!the!L3SW1!looks!like!this,!(the!output!is!just!shown!for!
TenantPod1)!
!
5. Other!commands!that!you!can!test!are!shown!above:!
Observe!that!the!first!ping!directed!to!the!default!gateway!of!the!Web!Servers!is!
working!because!you!have!a!contract!between!them,!the!second!ping!is!directed!to!
the!default!gateway!of!the!App!Servers!and!fail!because!you!do!not!have!a!contract.!
You!will!create!one!in!the!Step!46.!
22
!
!
!
6. If!you!ping!from!a!Web_Server,!to!the!loopback!of!the!OSPF!Router!L3SW1,!it!must!
work.!!
Ping!10.1.0.1!!
7. Go!to!your!TenantPod#!>!Networking!>!External&Routed&Networks!>!
L3ExtOspf_TenPod#!>!Networks!>!TenPod#EPG_Ospf!
!
8. In!the!right!side!click!on!Contracts!and!then!click!on![+]!to!add!a!Consumed!Contract!
22
!
!
9. Mark!the!APP!Contract!and!then!click!on!UPDATE!
!
10. Go!to!your!TenantPod#!>!Networking!>!Bridge&Domains!>!BD_App!>!!
22
!
!
11. In!the!right!Panel,!Click!on!L3!Configurations!
!
12. On!the!Associated!L3!Outs!field,!click!on![+]!to!create!a!new!entry.!
22
!
!
13. From!the!Drop&down!menu!select!your!L3ExtOspf_TenPod#!configuration!
!
14. Click!UPDATE!
22
!
!
15. Is! not! necessary! to! click! on! SUBMIT,! but! if! you! ant! to! do! it,! go! ahead! and! then!
confirm.!
16. If!you!go!to!the!L3SW1,!and!ping!the!default!gateway!of!the!subnet!192.168.11.0/24!
(192.168.11.1)!it!will!work!now!!
!
17. This!is!because!the!subnet!192.168.11.0/24!is!now!in!the!routing!table!associated!to!
the!VRF!TenantPOD#!on!the!L3SW1!
23
!
!
18. Above!is!shown!the!config!of!the!L3SW1.!You!finished!this!lab!!!!
NOTE:&The!OSPF!configurations!from!the!L3SW1!router!is!above!just!to!review!what!
is!configured!there.!!
L3SW1&&Config&&
ip!vrf!TenantPOD1!
ip!vrf!TenantPOD2!
ip!vrf!TenantPOD3!
ip!vrf!TenantPOD4!
ip!vrf!TenantPOD5!
ip!vrf!TenantPOD6!
ip!vrf!TenantPOD7!
ip!vrf!TenantPOD8!
interface!Loopback0!
!description!primary!loopback!
!ip!address!10.1.1.1!255.255.255.255!
!!
!ip!vrf!forwarding!TenantPOD1!
23
!
!ip!address!10.1.0.1!255.255.255.255!
!!
!ip!address!10.1.0.1!255.255.255.255!
!!
!ip!address!10.1.0.1!255.255.255.255!
!!
!ip!address!10.1.0.1!255.255.255.255!
!!!!!!!!!!!
!ip!address!10.1.0.1!255.255.255.255!
!!!!!!!!!!!
!ip!address!10.1.0.1!255.255.255.255!
!!!!!!!!!!!
!ip!address!10.1.0.1!255.255.255.255!
!!!!!!!!!!!
23
!
!ip!address!10.1.0.1!255.255.255.255!
interface!GigabitEthernet0/3!
!description!INT4U!ACI!L3!Ports!LEAF1!Port!25!TenantPOD1!
!switchport!trunk!encapsulation!dot1q!
!switchport!trunk!native!vlan!218!
!switchport!mode!trunk!
!power!inline!never!
!no!energywise!
!spanning&tree!portfast!trunk!
!!!!!!!!!!!
switchport!trunk!encapsulation!dot1q!
!no!energywise!
!!!!!!!!!!!
23
!
!no!energywise!
!!!!!!!!!!!
!no!energywise!
!!!!!!!!!!!
!no!energywise!
!!!!!!!!!!!
23
!
!no!energywise!
!!!!!!!!!!!
!no!energywise!
!!!!!!!!!!!
!no!energywise!
!!!!!!!!!!!
interface!Vlan218!
23
!
!description!INT4U!ACI!L3!Ports!TenantPOD1!
!ip!address!172.16.11.1!255.255.255.0!
!ip!ospf!mtu&ignore!
interface!Vlan228!
!ip!address!172.16.12.1!255.255.255.0!
interface!Vlan238!
!ip!address!172.16.13.1!255.255.255.0!
interface!Vlan248!
!ip!address!172.16.14.1!255.255.255.0!
interface!Vlan258!
23
!
!ip!address!172.16.15.1!255.255.255.0!
interface!Vlan268!
!ip!address!172.16.16.1!255.255.255.0!
interface!Vlan278!
!ip!address!172.16.17.1!255.255.255.0!
interface!Vlan288!
!ip!address!172.16.18.1!255.255.255.0!
router!ospf!1!vrf!TenantPOD1!
!router&id!172.16.11.1!
!log&adjacency&changes!
!network!172.16.11.0!0.0.0.255!area!1!
23
!
!network!10.1.0.1!0.0.0.0!area!1!
!default&information!originate!
!!!!!!!!!!!
!router&id!172.16.12.1!
!network!172.16.12.0!0.0.0.255!area!1!
!network!10.1.0.1!0.0.0.0!area!1!
!!!!!!!!!!!
!router&id!172.16.13.1!
!network!172.16.13.0!0.0.0.255!area!1!
!network!10.1.0.1!0.0.0.0!area!1!
!!!!!!!!!!!
!router&id!172.16.14.1!
network!172.16.14.0!0.0.0.255!area!1!
network!10.1.0.1!0.0.0.0!area!1!
!!
!router&id!172.16.15.1!
23
!
!network!172.16.15.0!0.0.0.255!area!1!
!network!10.1.0.1!0.0.0.0!area!1!
default&information!originate!
!!
!router&id!172.16.16.1!
!network!172.16.16.0!0.0.0.255!area!1!
network!10.1.0.1!0.0.0.0!area!1!
!!
!router&id!172.16.17.1!
!network!172.16.17.0!0.0.0.255!area!1!
network!10.1.0.1!0.0.0.0!area!1!
!!
!router&id!172.16.18.1!
!network!172.16.18.0!0.0.0.255!area!1!
network!10.1.0.1!0.0.0.0!area!1!
!!
23
!
ip!route!vrf!TenantPOD1!0.0.0.0!0.0.0.0!Null0!
24
!
! !
24
!
Lab$10.$Configuring$ANP$Using$POSTMAN$
In! this! activity,! you! will! use! Postman! and! xml! to! Create! a! Tenant,! Create! an! ANP! in! that!
Tenant!and!Delete!the!Tenant.!!!
Task$10.0.1$Launch$Postman#RESTful$Client$
In! this! task! you! will! launch! the! browser! Chrome! and! activate! the! Postman&RESTful! Client;!
then!login!to!APIC!!
1. Login!to!the!student!PC.!!

!
2. On! the! Windows! Task! Bar! you! can! open! the! Chrome! Applications! or! directly! you! can!
open!POSTMAN!client.!(There!is!a!shortcut!of!POSTMAN!on!your!desktop!also)!
!
3. The!!POSTMAN!dialog!will!appear.!!
24
!
!
4. Click!Skip!this!
!
5. Open!a!new!tab!in!Chrome!and!go!to!https://192.168.70.161!>!login!to!APIC.!(admin!/!
1234QWer)!
!
6. To!view!all!tenants,!select!the!ALL!TENANTS!tab.!!
24
!
!
!
Task$10.0.2$Create$a$Tenant$using$POSTMAN$RESTful$Client$
In!this!task,!you!will!login!to!the!APIC!GUI!using!the!Postman!RESTful!Client!and!create!a!new!
tenant!by!posting!xml!to!the!APIC!API,!and!then!verify!the!tenant!in!the!APIC!GUI.!!
1. Expand!Basic!APIC!Collection,!!Select!the!“LoginWDo&this&first”!!Script,!!Select!Basic!Login,!
Change! the! URL! IP! to! 192.168.70.161,! also! change! the! username! to! admin! and! the!
password!to!1234QWer!then!Click!Save!and!then!click!Send!!
!
2. When! the! Post! is! successful! a! STATUS& of& 200& Ok! is! returned.! Scroll&down! to! view! the!
actual!xml!code!returned!and!any!error!conditions!(hint:!maximize!the!window).!!
24
!
!
Note:!Verify!that!the!version!is!1.2(1k).!
3. Select!Basic!APIC,!APIC!Configuration,!Create!a!Tenant!script.!!
!
4. Change!the!IP!and!Tenant!name!Parameters!to!192.168.70.161!and!TenS1000RRPod#!
where!#!is!your!Pod!Number.!Click!Send.!
!!
24
!
5. Scroll!down!to!note!the!actual!xml!code!and!any!error!conditions.!!
Note:!Verify!STATUS!200!OK.!!
!
6. Return! to! the! APIC! GUI! and! view! the! newly! created! TenS1000RRPod#! Tenant.! Select!
TENANTS!>!ALL!TENANTS.!!
!
!
Task$10.0.3$Create$a$new$ANP$in$your$Tenant$$
In!this!task,!you!will!create!a!new!ANP!via!Postman,!and!then!verify!the!tenant!in!the!APIC!
GUI!!
1. In!the!APIC!tab,!select!your!TenS1000RRPod#!!Tenant!and!expand!Application!Profiles.!
Double&click!TenS1000RRPod#!!
24
!
!!
Note:!There!should!be!no!existing!ANPs.!!
2. In!Postman!tab,!select!the!APIC!Configuration,!Create!ANP!with!3tier!app!script.!!
!
3. In! line! 1,! replace! the! {{TenantName}}! to! TenS1000RRPod#,! change! the! IP! to!
192.168.70.161!and!Click!Send.!!
Note:!Change!the!Tenant!Name!in!2!places!(URL!and!XML!body)!
!
4. Scroll!down!to!note!the!actual!xml!code!and!any!error!conditions.!!
24
!
!
5. In!the!APIC!tab,!note!the!newly!created!ANP!OnlineStore!
!!
Task$10.0.4$Delete$the$Tenant$created$in$POSTMAN$$
In!this!task,!you!will!delete!your!tenant!via!xml,!then!verify!removal!in!the!APIC!GUI.!!
1. In! Postman! tab,! select! Basic! APIC,! APIC! Configuration! and! then! select! the! “Delete! a!
Tenant”!script.!
!
!
2. Change!the!IP!from!the!URL!to!192.168.70.161!and!change!the!name!to!the!Tenant!to!
TenS1000RRPod#!(where!#!is!your!POD!Number)!and!Click!Send.!!
24
!
!
3. In!the!APIC!tab,!note!that!your!Tenant!TenS1000RRPod#!does!not!exist!now.!
! $
24
!
Congratulations!- You! have! finished! your% Cisco&

ACI$2.1!Bootcamp!1.0!!
25

ACI 2.1 Bootcamp 1.0 LAB - Actualizado Al 18jul

Uploaded by

Copyright:

Available Formats

ACI 2.1 Bootcamp 1.0 LAB - Actualizado Al 18jul

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ACI 2.1 Bootcamp 1.0 LAB - Actualizado Al 18jul

Uploaded by

Copyright:

Available Formats

!

CLUSTER&INFO& IP&address& DG& Credential& Value&

ACI&FABRIC&CONNECTIONS& CONNECTED&TO& SPEED&

STUDENTS&SERVER&CONNECTIONS& CONNECTED&TO& SPEED& TENANT/POD&&

STUDENT&CIMC&C220& CIMC&IP& CREDENTIALS& TenantPod#&&

STUDENTS&ESXI&SERVERS& SVC&CONSOLE&IP& VLAN& CREDENTIALS& TenantPod#&&

STUDENTS&L2&N5548&CONNECTIONS& CONNECTED&TO& SPEED& VPC& STUDENT& TENANT/POD&

STUDENTS&L3&ROUTER&CONNECTIONS& CONNECTED&TO& SPEED& STUDENT& TENANT/POD&

5. From! the! Instructor! assigned! Virtual! Machine,! (192.168.70.151)! Using! Mozilla!

CLUSTER&INFO& IP&address& DG& Credential& Value&

SWITCH& Serial& Name& Node&ID&

SWITCH& Serial& Name& Node&ID&

STUDENT&PCS& STUDENT&& POD&#& Access&Credentials& PROTOCOL&

LEAF101W 192.168.70.167/24& 172.16.1.254& admin/1234QWer&

SPINE201W 192.168.70.169/24& 172.16.1.254& admin/1234QWer&

LEAF102W 192.168.70.168/24& 172.16.1.254& admin/1234QWer&

STUDENT&PCS& STUDENT&& POD&#& Access&Credentials& PROTOCOL&

5. Enter! the! following! information! according! the! next! image:! (192.168.70.254,!

STUDENT&PCS& STUDENT& POD&#& TENANT&NAME&

192.168.70.152& 2& 1& TenantPod1&

STUDENTS&SERVER&CONNECTIONS& CONNECTED&TO& SPEED& TENANT&&

STUDENTS& ESXI& SVC&CONSOLE&IP& VLAN& CREDENTIALS& STUDENT&& VCENTER&&

STUDENTS&SERVER&CONNECTIONS& CONNECTED&TO& SPEED& TENANT/POD&&

UCSC220INT4USRV5&VIC&Port2& LEAF2&Port&1/5& 10GB& 3&

Apic1&CIMC& 192.168.70.164/24& 172.16.1.254& admin/1234QWer&

STUDENT&PCS& STUDENT&& POD&#& Used& for& TENANT&NAME&TO&

VCENTER& STUDENT&& POD&#& Access&Credentials& PROTOCOL&

192.168.70.153& 3& 2& Administrator/1234QWer& RDP&

Vcenter&Server& Tenant&& Student& Access&Credentials&

TENANT& STUDENT& VMM&NAME&

TenantPod3& 5,6& DVSPod3&

NAME& VCENTER& DATACENTER&NAME& STUDENT& Access&Credentials&

AppWserver&& 192.168.11.101& User:&student& Password:&1234QWer&

DataCenter&Name& Switch& Switch&profile&Name&

TenantPod7& 101& TenPod7WSwitch101_Prof&

Note:! #! =! Your! TenantPod! Number! Assigned! Number! Assigned.! Example! for!

Pod& Tenant& Interface& Switch& Interface&Selector&Name& Vlan&Range&

Leaf& Tenant& Leaf&Interface& Encap&

101& TenantPod1& 1/17& VlanW210&

Tenant/Pod& 5K&IP&address& user& password&

STUDENTS& L3& ROUTER& CONNECTED&TO& SPEED& PROTOCOL& STUDENT& TENANT/POD&

VLAN_POOL_NAME& VLAN&POOL& VLAN&USED&FOR&OSPF& VLAN&USED&FOR&EIGRP&

Tenant/POD& SUBNET& VLAN&FOR&OSPF& VLAN&FOR&EIGRP&

Tenant/POD& SUBNET& VLAN&FOR&OSPF& VLAN&FOR&EIGRP&

Expand! External& Routed& Networks! >! L3ExtOspf_TenPod#! >! Networks! >!

STUDENT&PCS& STUDENT&& POD&#& Access&Credentials& PROTOCOL&

Congratulations!- You! have! finished! your% Cisco&

You might also like