0% found this document useful (0 votes)

63 views55 pages

Cisco Application Policy Infrastructure Controller 1.0 With F5 Integration V1

Uploaded by

Hermin Kosasih

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

63 views55 pages

Cisco Application Policy Infrastructure Controller 1.0 With F5 Integration V1

Uploaded by

Hermin Kosasih

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 55

Cisco dCloud

Cisco Application Policy Infrastructure Controller 1.0 with

F5 Integration v1 dCloud: The Cisco Demo Cloud

Last Updated: 21-OCT-2014

About This Cisco Solution

The Cisco Application Policy Infrastructure Controller (Cisco APIC) is the unifying point of automation and management for the
Application Centric Infrastructure (ACI) fabric. The Cisco APIC provides centralized access to all fabric information, optimizes
the application lifecycle for scale and performance, supporting flexible application provisioning across physical and virtual
resources.

For additional information, visit www.cisco.com/go/apic.

About This Demonstration

This preconfigured demonstration includes:

 Scenario 1: APIC System Health Dashboard and Topology Overview

 Scenario 2: Building a Multi-Tenant, Multiple Graphs with a single node within the APIC via the northbound API

 Scenario 3: Building a Single-Tenant, Single Graph with multiple nodes within the APIC via the northbound API

 Scenario 4: Removing APIC Objects

 Appendices (not to be performed as stand-alone procedures)

o Reset APIC Simulator

o Fabric Discovery

o Add Hosts Manually

o Create a Device Cluster

o Attach Service Graphs to Tenants

o Add the F5 bigIP VM

o VMware Port-Profile Work-Around

o Create VMM Domain

Demonstration Requirements
Table 1. Demonstration Requirements

Required Optional

● Laptop ● Cisco AnyConnect

Demonstration Configuration
This demonstration contains preconfigured users and components to illustrate the scripted scenarios and features of this Cisco
dCloud: The Cisco Demo Cloud
solution. All access information needed to complete the demonstration scenario, is located in the Topology and Servers menus of
your active demonstration, and throughout this script.

 Topology Menu. Click on any server in the topology to display the available server options and credentials.

 Servers Menu. Click on or next to any server name to display the available server options and credentials.

Demonstration Topology

The following is the virtual demonstration topology, which consists of the following virtual machines:

 APIC Simulator (version 1.0.1e)

o APIC1, APIC2 and APIC3

o Leaf1 and Leaf2

o Spine1 and Spine2

 VMware Virtual Center Server 5.5 Appliance

o ASAv – version 9.3(1)

o bigIP – version 11.5

 VMware ESXi 5.5 Host 1

 VMware ESXi 5.5 Host 2

 Workstation – Windows 8

 NetApp EDGE Storage Appliance – ONTAP 8.2

 Linux Tools Repository (Ubuntu 12.04)

Figure 1. Demonstration Topology

dCloud: The Cisco Demo Cloud

This demonstration contains preconfigured users and components to illustrate the scripted scenarios and features. All access
information needed to complete the scripted scenarios is located in the Topology and Servers menus of your active
demonstration, and throughout this script.

Demonstration Preparation
Follow the steps below to schedule and configure your environment.

BEFORE DEMONSTRATING

We strongly recommend that you go through this process at least once, before presenting in front of a live audience. This will allow
you to become familiar with the structure of the document and the demonstration.

PREPARATION IS KEY TO A SUCCESSFUL CUSTOMER PRESENTATION.

1. Browse to dcloud.cisco.com, choose the location closest to you, and then login with your Cisco.com credentials.

2. Schedule a session. [Show Me How].

3. Test your bandwidth from the demonstration location before performing any scenario. [Show Me How]

4. Verify your session has a status of Active under My Demonstrations on the My Dashboard page in the Cisco dCloud UI.

 It may take up to 15 minutes for your demo to become active.

5. Access the workstation named wkst1 located at 198.18.133.36 and login using the following credentials: Username:
dcloud\demouser, Password: C1sco12345.

 Option 1: (Preferred) Use Cisco AnyConnect [Show Me How] and the local RDP client on yourdCloud:
laptopThe Cisco Demo
[Show Cloud
Me How].

o Accept any certificates or warnings.

o From the Start menu, click Desktop.

 Option 2: Use the Cisco dCloud Remote Desktop client with HTML5. [Show Me How]

o Accept any certificates or warnings.

o From the Start menu, click Desktop.

Figure 2. Start Menu

6. The fabric discovery is automatically started at demo setup. Double-click the APIC Login icon and login with the
following credentials: Username: admin, Password: C1sco12345.

7. Select Fabric from the top menu.

8. Select Inventory from the top sub-menu.

9. In the left menu, click Fabric Membership and check that you have the 4 devices populated as shown in Figure 3. (IP
addresses may vary.)

NOTE: The fabric discovery can take up to 15 minutes to complete. If you login before 15 minutes have passed, all devices may
not be fully discovered.

Figure 3. Completed Fabric Membership

dCloud: The Cisco Demo Cloud

NOTE: To demonstrate Fabric Discovery, reset the APIC Simulator (see Appendix A.) If only TEP-1-101 is present at login, see
Appendix B to discover the Fabric.

10. Double-click the VI Login icon and login with the following credentials: Username: demouser, Password:
C1sco12345. (If password is grayed out, click Login.)

11. Check that the bigIP virtual machine is present and running as below.

Figure 4. Virtual Center Inventory

NOTE: If the bigIP VM is not present in the L4-L7 Services Resource Pool, add it manually.

Scenario 1: APIC System Health Dashboard and Topology Overview

In this scenario, we will provide an overview of the APIC System Health dashboard and Topology.
dCloud: The Cisco Demo Cloud

Demonstration Steps
System Health Dashboard

1. From the demo workstation, open Application Policy Infrastructure Controller by clicking the APIC Login icon.

 Log in with the following credentials: Username: admin, Password: C1sco12345.

2. From the menu bar, click System to display the System Health Dashboard.

 Explain that you logged in with global administrative rights and your view includes all system components.

 Show the single-pane view, which provides a centralized, application-level visibility with real-time application health
monitoring across the physical and virtual environments.

 Show the health scores and explain how a health score is displayed for components that are being monitored by APIC,
such as:

o Fabric health

o Connections to virtual and physical environments

 Show how the left-pane contains health scores for the overall system as well as specific components.

 Show how the right-pane contains fault counts based on areas that have errors.

Figure 5. System Health Dashboard

dCloud: The Cisco Demo Cloud

Topology Overview

1. From the menu bar, navigate to Fabric > Inventory.

2. In the left-pane, click next to Pod 1 to expand the view.

3. In the left-pane, choose Pod 1.

The right-pane populates with a dashboard view similar to the System Health Dashboard and contains tabs for further details
about Pod 1.

Figure 6. Pod 1 Details

4. In the left-pane, click the Topology tab.

 Show that the ACI fabric for this demonstration contains two spines, two leafs, and three APIC controllers.
dCloud: The Cisco Demo Cloud
 Explain that three controllers are the minimum number required and act as a clustered system and there is high
availability and redundancy across the APIC controllers, from a big data perspective this is similar to a Hadoop Cluster.

 Explain that all hosts that connect to an ACI fabric connects to a leaf, a leaf connects to a spine, leafs communicate with
other leafs through spines, spines talk to leafs, spines do not communicate with each other.

 Explain that spines only talk to leafs and provides the ability to scale out linearly, provide information on the amount of
bandwidth availability between leafs; scalability of up 288 leafs, up to 12 spines; this provides consistent, predictable,
latency from any point in the fabric to any other point in the fabric.

Figure 7. Pod 1 Topology

This concludes the activity in this scenario.

Scenario 2: Multi-Tenant with Multiple Graphs via the Northbound API

In this scenario, we use a preconfigured Python script to create two tenants; each with two graphs, and each is a single
dCloud: The Cisco Demo Cloud
node graph within the APIC.

Figure 8. Multi-Tenant with Multiple Graphs, Single Node (system will create two for each tenant)

NOTE: The Python script method calls individual XML scripts to create a series of objects. To pause the script and create an object
using an APIC wizard, see the instructions inline. Objects that can be created via wizard using this script are indicated with (*) in
the list below.

The Python script performs the following functions:

 Create two Tenants

 Create the Physical Domain

 Create VLAN Namespace*

 Create VMware VM Provider*

 Import F5 Device Package

 Attach VLAN Namespace to Physical Domain*

 Create Shared Device Cluster*

o Create Concrete Device*

o Create Logical Interfaces*

 Export the Device Cluster to each Tenant

 Create two Service Graphs for each Tenant

 Attach Service Graphs to Contracts*

Method Automation Explanation Completion Notes

Level Time
dCloud: The Cisco Demo Cloud

Use Python High To configure the APIC objects with 20 minutes To maximize the effectiveness of this
Scripting to Build scripts, the user downloads a set of Scenario, view the relevant directories

Objects Within the configuration scripts and employs in APIC while the Python scripts are

APIC them in a command window, working, to show the discovery of the

monitoring the output via the APIC UI. network objects in real-time.

Manual Low Use an APIC wizard and the 60 minutes See the links in each step to the

Configuration of configuration parameters provided in procedure for manual object creation.

Individual Objects this script to manually create each

required object

Demonstration Steps

NOTE: If you have already demonstrated Scenario 3, you must Remove the APIC Objects before proceeding with this scenario,
because there is only a single bigIP device.

Execute Python Script

1. From the demonstration workstation, launch PuTTY [ ].

2. In the PuTTY Configuration window:

a. In the Saved Sessions area, double-click TOOLS to open a stored session.

Figure 9. PuTTY Configuration Window

3. Log in with the following credentials: Username: user01, Password: user01.

NOTE: No characters will display while typing the password.

4. From the demonstration workstation, go to the open Application Policy Infrastructure Controller window.
dCloud: The Cisco Demo Cloud
a. If the application is not open, launch Chrome and then log in with the following credentials: Username: admin,
Password: C1sco12345.

5. From the top menu, select TENANTS.

6. From the top sub-menu, select mgmt.

7. Expand the Tenant mgmt > Networking > External Routed Networks hierarchy and its sub-folders to show that the sub-
folders are empty.

8. Return the PuTTY window to the front, placing it so that both the PuTTY window and the APIC directories are visible.

Figure 10. Window Placement for Scripting Demo

9. From the command line type ./request.py F5_Scripts/Build_MGMT_F5.cfg and hit <Enter>.

NOTE: To show the XML code as the Python script calls each XML script, substitute
dCloud: The Cisco Demo Cloud
./xml_request.py F5_Scripts/Build_MGMT_F5.cfg for the above command.

This is an example of the partial XML output for the ‘acme.xml’ script.

The Build_MGMT_F5.cfg script utilizes a series of XML scripts to perform the necessary configuration steps. It will pause
between each of the XML scripts, and the user can either press <Enter> to run the script, or type s to skip the script and
configure the object via a wizard. While the script is running, a brief description will display what that script is doing, while the
APIC window updates in real-time. When a script completes successfully, the success code 200 will appear onscreen.

Figure 11. Continue or Skip at Each Step

10. Create the Tenants.

a. In the APIC top menu, select TENANTS. Select ALL TENANTS from the top sub-menu.

Figure 12. ALL TENANTS Window

dCloud: The Cisco Demo Cloud

b. Return to the PuTTY window and hit <Enter> at the Hit return to process F5_Scripts/acme.xml or
press ‘s’ and return to skip this script prompt. The acme tenant is created and displayed in the
window.

c. Hit <Enter> at the Hit return to process F5_Scripts/coke.xml or press ‘s’ and return to
skip this script prompt. The coke tenant is created and displayed in the window.

Figure 13. Newly Created Tenants

NOTE: If a tenant is not displayed in the menu, click briefly to FABRIC in the top menu, and then click back to TENANTS to
refresh.

d. In the top sub-menu, select acme.

e. Expand the Tenant acme > Networking > Bridge Domains directory to show that the AppBD and webBD bridge
domains have been created.

f. Expand the Tenant acme > Networking > Private Networks folder to show that the acmeCtx private network has
been created.

g. In the top sub-menu, select coke.

h. Expand the Tenant coke > Networking > Bridge Domains directory to show that the AppBD and webBD bridge
domains have been created.

i. Expand the Tenant coke > Networking > Private Networks folder to show that the cokeCtx private network has
been created.

11. Create the Physical Domain for the APIC as follows:

a. In the APIC window, select Fabric > ACCESS POLICIES from the top menus.

b. Expand the Physical and External Domains > Physical Domains folders. Click the phys domain to show that no
VLAN pools are associated with it.

c. Return to the PuTTY window and hit <Enter> at the Hit return to process
F5_Scripts/CreatePhysDomP.xml or press ‘s’ and return to skip this script prompt.

d. The uni/infra/vlanns-[webService]-dynamic VLAN Pool is now associated with the physical domain.

12. Create the VLAN Name Space as follows:

a. Still in FABRIC > ACCESS POLICIES, expand the Pools > VLAN hierarchy and show that no VLANs exist.

b. Return to the PuTTY window and hit <Enter> at the Hit return to process
F5_Scripts/CreateVlanNamespace.xml or press ‘s’ and return to skip this script prompt.

c. The webService (Dynamic Allocation) VLAN Pool appears in the folder as it is configured. dCloud: The Cisco Demo Cloud

NOTE: The following step creates the VMware VM Provider and integrates the VMware. To perform this procedure manually, type
s and hit enter at the prompts for the CreateVmmDomP.xml script.

13. Create the VMware VM Provider and integrate the VMware as follows:

a. From the top menu, select VM NETWORKING.

b. From the top sub-menu, select POLICIES.

c. Expand the VM Provider VMware folder and show that there is no VMware present.

d. Return to the PuTTY window and hit <Enter> at the Hit return to process
F5_Scripts/CreateVmmDomP.xml or press ‘s’ and return to skip this script prompt.

e. The My-vCenter hierarchy appears in the VM Provider VMware folder as it is created.

14. Add the VM Hosts to the APIC DVS manually.

15. Import the F5 Device Package as follows:

a. From the top menu of the APIC window, select L4-L7 Services.

b. From the top sub-menu, select Packages.

c. Expand the L4-L7 Services Device Types folder and show that no packages are present.

d. Return to the PuTTY window and hit <Enter> at the Hit return to process
F5_Scripts/F5DevicePackage.zip or press ‘s’ and return to skip this script prompt.

e. The F5-BIGIP-1.0.0 device package appears in the L4-L7 Services Device Types folder as it is created.

Figure 14. F5-BIGIP-1.0.0 Device Package Creation

NOTE: The next three steps create the device cluster, concrete device and logical interfaces in the APIC. To create these devices
dCloud: The Cisco Demo Cloud
manually, type s and hit enter at the prompts for the following scripts:

 mgmt-CreateLDevVip.xml
 mgmt-CreateCDev.xml
 mgmt-CreateLIf.xml

16. Create the shared Device Cluster called F5 and a device called BIGIP1 as follows:

a. From the top menu, select Tenants.

b. From the top sub-menu, select mgmt.

c. Expand the L4-L7 Services > Device Clusters folders and show no devices are present.

d. Return to the PuTTY window and hit <Enter> at the Hit return to process F5_Scripts/mgmt-
CreateLDevVip.xml or press ‘s’ and return to skip this script prompt.

e. Verify the F5 device was created.

NOTE: Although the Device Type of F5 is PHYSICAL, it is not a physical device. The PHYSICAL designation and the Contact
Aware setting of Multiple indicate that more than one tenant will share the device.

17. Create the Concrete Devices for the F5 Device Cluster as follows:

a. Return to the PuTTY window and hit <Enter> at the Hit return to process F5_Scripts/mgmt-
CreateCDev.xml or press ‘s’ and return to skip this script prompt.

b. The BIGIP1 device is created in the F5 device cluster, Expand the BIGIP1 device to display the concrete interfaces.

18. Create the logical interfaces and map them to the concrete interfaces as follows:

a. Click F5 to view the empty information page.

b. Return to the PuTTY window and hit <Enter> at the Hit return to Process F5_Scripts/mgmt-
CreateLIf.xml or press ‘s’ and return to skip this script prompt.

c. The internal and external logical interfaces show in the BIGIP1 directory and under Logical Interfaces on the
information page.

NOTE: Wait until both device clusters are in a stable state before proceeding. It may take up to 30 seconds. You may need to click

the icon.

Figure 15. F5 Device Cluster

dCloud: The Cisco Demo Cloud

19. Export the device cluster to each tenant as follows:

a. In the APIC window, select TENANTS from the top menu.

b. Select acme from the top sub-menu.

c. Expand the L4-L7 > Imported Device Clusters, folder which is empty.

d. Return to the PuTTY window and hit <Enter> at the Hit return to process F5_Scripts/acme-
CreateLDevIf.xml or press ‘s’ and return to skip this script prompt.

e. The F5 device cluster from the mgmt area is associated with acme, as indicated by the mgmt/F5 designation.

f. Select coke from the top sub-menu.

g. Expand the L4-L7 > Imported Device Clusters folder, which is empty.

h. Return to the PuTTY window and hit <Enter> at the Hit return to process F5_Scripts/coke-
CreateLDevIf.xml or press ‘s’ and return to skip this script prompt.

i. The F5 device cluster from the mgmt area is associated with coke, as indicated by the mgmt/F5 designation.

Figure 16. Device Associated With A Tenant

20. Open another Chrome browser tab, and click the F5 BIG-IP Admin shortcut.

Figure 17. Shortcut

dCloud: The Cisco Demo Cloud

21. Log in with the following credentials: Username: admin, Password: C1sco12345.

22. Return to the APIC tab.

23. Create the Webgraph Service Graph for each tenant, as follows:

a. In the APIC TENANTS window, select acme from the top sub-menu.

b. Expand the L4-L7 Services > Service Graphs folder, which is empty.

c. Return to the PuTTY window and hit <Enter> at the Hit return to process F5_Scripts/acme-
CreateGraphWithParams.xml or press ‘s’ and return to skip this script prompt.

d. WebGraph is created in the Service Graphs folder.

e. Select coke from the top sub-menu.

f. Expand the L4-L7 Services > Service Graphs folder, which is empty.

g. Return to the PuTTY window and hit <Enter> at the Hit return to process F5_Scripts/coke-
CreateGraphWithParams.xml or press ‘s’ and return to skip this script prompt.

h. WebGraph is created in the Service Graphs folder.

24. Create the SecureWebgraph Service Graph for each tenant, as follows:

a. Still in the APIC TENANTS window, select acme from the top sub-menu.

b. Expand the L4-L7 Services > Service Graphs folder.

c. Return to the PuTTY window and hit <Enter> at the Hit return to process F5_Scripts/acme-
CreateSecureWebGraph.xml or press ‘s’ and return to skip this script prompt.

d. SecureWebGraph is created in the Service Graphs folder.

e. Select coke from the top sub-menu.

f. Expand the L4-L7 Services > Service Graphs folder.

g. Return to the PuTTY window and hit <Enter> at the Hit return to process F5_Scripts/coke-
CreateSecureWebGraph.xml or press ‘s’ and return to skip this script prompt.

h. SecureWebGraph is created in the Service Graphs folder.

NOTE: The following four steps run the scripts that attach each Service Graph to each Contract for both Tenants. To perform the
procedure manually, type s at the prompts for the following scripts:

 F5_Scripts/acme-AttachWebGraph.xml
 F5_Scripts/acme-AttachSecureWebGraph.xml
 F5_Scripts/coke-AttachWebGraph.xml
 F5_Scripts/coke-AttachSecureWebGraph.xml

NOTE: You must wait for each Virtual-Server to be created on the bigIP before proceeding to attach the next Service Graph. This
can take up to 60 seconds in some cases. If you do not wait, not all Virtual-Servers will be created on the bigIP.

25. Attach the WebGraph Service Graph to the acme tenant, as follows: dCloud: The Cisco Demo Cloud

a. Still in the APIC TENANTS window, select acme from the top sub-menu.

b. Expand L4-L7 Services > Deployed Service Graph, which is empty.

c. Return to the PuTTY window and hit <Enter> at the Hit return to process F5_Scripts/acme-
AttachWebGraph.xml or press ‘s’ and return to skip this script prompt.

d. Allow a few seconds for the script to finish. The WebGraph script drops into the Deployed Service Graph directory.

e. Return to the F5 admin console and see the creation of the new partition for the acme tenant and then the Virtual-
Server with an HTTP Service Port has been created. (The name of the partition will not match the name in APIC.)

Figure 18. Acme – WebGraph in F5 Console

26. Attach the SecureWebGraph Service Graph to the acme tenant, as follows:

a. Return to the PuTTY window and hit <Enter> at the Hit return to process F5_Scripts/acme-
AttachSecureWebGraph.xml or press ‘s’ and return to skip this script prompt.

b. Allow a few seconds for the script to finish. The SecureWebGraph script drops into the Deployed Service Graph
directory.

c. Return to the F5 admin console and see the additional Virtual-Server with an HTTPS Service Port has been created.

Figure 19. Acme – SecureWebGraph in F5 Console

27. Attach the WebGraph Service Graph to the coke tenant, as follows:

a. Still in the APIC TENANTS window, select coke from the top sub-menu.

b. Expand the L4-L7 Services > Service Graphs folder, which is empty.

c. Return to the PuTTY window and hit <Enter> at the Hit return to process F5_Scripts/coke-
AttachWebGraph.xml or press ‘s’ and return to skip this script prompt.

d. Allow a few seconds for the script to finish. The WebGraph script drops into the Deployed Service Graph directory.

e. Return to the F5 admin console and creation of the new partition for the coke tenant the additional Virtual-Server with
an HTTP Service Port. (The name of the partition will not match the name in APIC.)

Figure 20. Coke – WebGraph in F5 Console dCloud: The Cisco Demo Cloud

28. Attach the SecureWebGraph Service Graph to the coke tenant, as follows:

a. Return to the PuTTY window and hit <Enter> at the Hit return to process F5_Scripts/coke-
AttachSecureWebGraph.xml or press ‘s’ and return to skip this script prompt.

b. Allow a few seconds for the script to finish. The SecureWebGraph script drops into the Deployed Service Graph
directory.

c. Return to the F5 admin console and see the additional Virtual-Server with an HTTPS Service Port.

29. In the APIC window, click TENANTS.

30. Click acme from the top sub-menu and expand L4-L7 Services. Click Deployed Service Graphs and show that both scripts
are also listed in applied status on acme.

31. Perform the same step for the coke tenant.

32. Examine the VLANs connected to the device clusters (optional.) Perform this step for both acme and coke.

a. In the TENANT hierarchy, expand the L4-L7 Services > Deployed Device Clusters hierarchy. Click Deployed
Device Clusters and take note of the VLANs for the internal and external interfaces.

b. On the F5 tab, select either the acme or the coke tenant from the Partitions drop-down. (The names will not be acme
and coke in the Partition drop-down. The two partitions that are not Common represent the two APIC tenants.)

c. Select Networks > VLANs > VLAN List from the side menu and compare the VLAN numbers from APIC.

Figure 21. APIC VLANs match F5 VLANs

dCloud: The Cisco Demo Cloud

This concludes the activity in this scenario.

Scenario 3: Single-Tenant , Single Graph with Multiple Nodes

In this scenario, we will create a single tenant, with a single graph with multiple nodes within the APIC using a
dCloud: The Cisco Demo Cloud
preconfigured Python script.

Figure 22. Single-Tenant, Single Graph, Multi Node

The Python script performs the following functions:

 Create Tenant

 Create the Physical Domain

 Create VLAN Namespace

 Create VMware VM Provider*

 Import F5 and ASA Device Packages

 Attach VLAN Namespace to Physical Domain*

 Integrate VMware to APIC

 Create Device Cluster*

o Create Concrete Device*

o Create Logical Interfaces*

 Export the Device Cluster

 Create Service Graph

o Attach Service Graph to Contracts*

Method Automation Explanation Completion Notes

Level Time
dCloud: The Cisco Demo Cloud

Use Python High To configure the APIC objects with 20 minutes To maximize the effectiveness of this
Scripting to Build scripts, the user downloads a set of Scenario, view the relevant directories

Objects Within the configuration scripts and employs in APIC while the Python scripts are

APIC them in a command window, working, to show the discovery of the

monitoring the output via the APIC UI. network objects in real-time.

Manual Low Use an APIC wizard and the 60 minutes See the links in each step to the

Configuration of configuration parameters provided in procedure for manual object creation.

Individual Objects this script to manually create each

required object

Demonstration Steps

NOTE: If you have already demonstrated Scenario 2, you must Remove the APIC Objects before proceeding with this scenario as
we only have a single F5 bigIP device.

Execute Python Script

1. From the demonstration workstation, launch PuTTY [ ].

2. In the PuTTY Configuration window:

a. In the Saved Sessions area, choose TOOLS.

b. Click Load and then click Open.

Figure 23. PuTTY Configuration Window

dCloud: The Cisco Demo Cloud

3. Log in with the following credentials: Username: user01, Password: user01.

NOTE: No characters will display while typing the password.

4. From the demonstration workstation, double-click the ASDM on 198.18.128.100 icon [ ] and log in with the following
credentials: Username: admin, Password: C1sco12345.

5. Click Continue on the Security Warning popup window

Figure 1. ASDM Pop-Up Messages

6. The ASAv Home page will be displayed, now minimize we will check it again later.

Figure 2. ASDM Home Page

dCloud: The Cisco Demo Cloud

7. From the demonstration workstation, go to the open Application Policy Infrastructure Controller window.

a. If the application is not open, launch Chrome and then log in with the following credentials: Username: admin,
Password: C1sco12345.

8. From the top menu, select FABRIC.

9. From the top sub-menu, select ACCESS POLICIES.

10. Expand the Pools > VLAN hierarchy and its sub-folders to show that the sub-folders are empty.

11. Return the PuTTY window to the front, placing it so that both the PuTTY window and the APIC directories are visible.

Figure 24. Window Placement for Scripting Demo

dCloud: The Cisco Demo Cloud

12. From the command line type ./request.py ASA_F5_Scripts/Build_ASA_F5.cfg and hit <Enter>.

NOTE: To show the XML code as the Python script calls each XML script, substitute
./xml_request.py ASA_F5_Scripts/Build_ASA_F5.cfg for the above command.

The Build_ASA_F5.cfg script utilizes a series of XML scripts to perform the necessary configuration steps. It will pause
between each of the XML scripts, and the user can either press <Enter> to run the script, or type s to skip the script and
configure the object manually via a wizard in the APIC GUI. While the script is running, a brief description will display what that
script is doing, while the APIC window updates in real-time.

Figure 25. Continue or Skip at Each Step

dCloud: The Cisco Demo Cloud

13. Create the VLAN Name Space as follows:

a. Expand the Pools > VLAN hierarchy and show that no VLANs exist.

b. Return to the PuTTY window and hit <Enter> at the Hit return to process
F5_Scripts/CreateVlanNamespace.xml or press ‘s’ and return to skip this script prompt.

c. The webService (Dynamic Allocation) VLAN Pool appears in the folder as it is configured.

14. Create the Physical Domain for the APIC as follows:

a. Expand the Physical and External Domains > Physical Domains folders. Click the phys domain to show that no
VLAN pools are associated with it.

b. Return to the PuTTY window and hit <Enter> at the Hit return to process
ASA_F5_Scripts/CreatePhysDomP.xml or press ‘s’ and return to skip this script prompt.

c. The uni/infra/vlanns-[webService]-dynamic VLAN Pool is now associated with the physical domain.

NOTE: The following step creates the VMware VM Provider and integrates the VMware. To perform this procedure manually, type
s and hit enter at the prompts for the CreateVmmDomP.xml script.

15. Create the VMware VM Provider and integrate the VMware as follows:

a. From the top menu, select VM NETWORKING.

b. From the top sub-menu, select POLICIES.

c. Expand the VM Provider VMware folder and show that there is no VMware present.

d. Return to the PuTTY window and hit <Enter> at the Hit return to process
ASA_F5_Scripts/CreateVmmDomP.xml or press ‘s’ and return to skip this script prompt.

e. The My-vCenter hierarchy appears in the VM Provider VMware folder as it is created.

16. Add the VM Hosts to APIC DVS manually.

17. Import the F5 Device Package and create the F5 and Firewall Device Clusters as follows:

a. From the top menu, select L4-L7 Services.

b. From the top sub-menu, select Packages.

c. Expand the L4-L7 Services Device Types folder and show that no packages are present.

d. Return to the PuTTY window and hit <Enter> at the Hit return to process
ASA_F5_Scripts/F5DevicePackage.zip or press ‘s’ and return to skip this script prompt.

e. Hit <Enter> at the Hit return to process ASA_F5_Scripts/asa-device-pkg-1.0.1.zip or press

‘s’ and return to skip this script prompt.

f. dCloud:
The F5-BIGIP-1.0.0 and the CISCO-ASA-1.0.1 device packages appear in the L4-L7 Services The Cisco
Device TypesDemo Cloud
folder
as they are created by the two scripts.

Figure 26. ASA and F5 Device Package Creation

18. Create the Tenant.

a. In the APIC top menu, select TENANTS. Select ALL TENANTS from the top sub-menu.

Figure 27. ALL TENANTS Window

b. Return to the PuTTY window and hit <Enter> at the Hit return to process ASA_F5_Scripts/Tenant.xml
or press ‘s’ and return to skip this script prompt. The Pepsi tenant is created and displayed in the
window. If this does not happen after several seconds, click the Refresh button. (If a Server Side Error message is
generated, wait a few seconds before refreshing again.)

Figure 28. Newly Created Tenants

c. In the top sub-menu, select Pepsi.

d. Expand the Tenant Pepsi > Networking > Bridge Domains directory to show that the BD1, BD3, BD4 and
MgmtBD bridge domains have been created.

e. Expand the Tenant Pepsi > Networking > Private Networks folder to show that the pepsiMgmtCtx, pepsictx1 and
pepsictx2 private networks have been created.

NOTE: The next three steps create the device cluster, concrete devices and logical interfaces in the APIC. To create these devices
manually, type s and hit enter at the prompts for the following scripts:

 CreateLDevVip.xml
 CreateCDev.xml
 CreateLIf.xml
dCloud: The Cisco Demo Cloud
19. Create the Device Cluster:

a. From the top menu, select Tenants.

b. From the top sub-menu, select Pepsi.

c. Expand the L4-L7 Services > Device Clusters folder and show there are no device clusters present.

d. Return to the PuTTY window and hit <Enter> at the Hit return to process
ASA_F5_Scripts/CreateLDevVip.xml or press ‘s’ and return to skip this script prompt.

e. Verify the creation of the F5 and Firewall Device Clusters.

20. Export the device cluster to each tenant as follows:

a. Still in TENANTS > Pepsi, expand the L4-L7 Services folder and select F5.

b. Return to the PuTTY window and hit <Enter> at the Hit return to process
ASA_F5_Scripts/CreateLIf.xml or press ‘s’ and return to skip this script prompt.

c. F5 and Firewall are populated with Logical Devices.

d. Click Firewall and review the Logical devices.

21. Create the Concrete Devices for the Pepsi tenant as follows:

a. Return to the PuTTY window and hit <Enter> at the Hit return to process
ASA_F5_Scripts/CreateCDev.xml or press ‘s’ and return to skip this script prompt.

b. The BIGIP device is created in the F5 device cluster, and the ASA device is created in Firewall. Expand each BIGIP
device to display the concrete interfaces.

Figure 29. L4-L7 Services Concrete Device

NOTE: Wait until both device clusters are in a stable state before proceeding. It may take up to 30 seconds and you may need to

click the icon.

22. Create the Application Profile as follows:

a. Still in the Tenant Pepsi directory, expand Application Profiles, which is empty.
dCloud: The Cisco Demo Cloud
b. Return to the PuTTY window and hit <Enter> at the Hit return to Process
ASA_F5_Scripts/CreateAppProfile.xml or press ‘s’ and return to skip this script prompt.

c. The eStore application profile drops into the directory as it is created. Expand the directory to view the EPGs –
CLIENT and WEB.

23. Attach the VM Domains to each EPG as follows:

a. Return to the PuTTY window and hit <Enter> at the Hit return to Process
ASA_F5_Scripts/CreateDomAtt.xml or press ‘s’ and return to skip this script prompt.

b. Expand each EPG in turn and click Domains (VMs and Bare-Metals) to see that the State is formed.

24. Create the contracts as follows:

a. Expand Security Policies > Contracts and Security Policies > Filters.

b. Return to the PuTTY window and hit <Enter> at the Hit return to Process
ASA_F5_Scripts/CreateContract.xml or press ‘s’ and return to skip this script prompt.

c. webCtrct is created in Contracts and wildcard is created in Filters.

25. Open another Chrome browser tab, and click the F5 BIG-IP Admin shortcut.

Figure 30. F5 Shortcut

26. Log in with the following credentials: Username: admin, Password: C1sco12345.

27. Return to the APIC tab.

28. Create the Webgraph Service Graph as follows:

a. In the APIC TENANTS window, select Pepsi from the top sub-menu.

b. Expand the L4-L7 Services > Service Graphs folder, which is empty.

c. Return to the PuTTY window and hit <Enter> at the Hit return to process ASA_F5_Scripts/
CreateGraphWithParams.xml or press ‘s’ and return to skip this script prompt.

d. Webgraph is created in the Service Graphs folder.

NOTE: The next step runs the script that attaches the Service Graph to the Contract. To perform the procedure manually, type s at
the prompts for the ASA_F5_Scripts/AttachWebGraph.xml script:

29. Attach the Service Graphs to the Pepsi tenant, as follows:

a. Still in TENANTS > Pepsi, expand L4-L7 Services > Deployed Service Graphs, which is empty.

b. Return to the PuTTY window and hit <Enter> at the Hit return to process ASA_F5_Scripts/
AttachGraphToContract.xml or press ‘s’ and return to skip this script prompt.

c. Allow a few seconds for the script to finish. webCtrct-WebGraph-Pepsi drops into the Deployed Service Graph
directory, showing the association.

30. Click the L4-L7 Services > Deployed Service Graphs folder – the script is listed in applied state. dCloud: The Cisco Demo Cloud

Figure 31. Scripts in applied State

31. Login to VI Client (no login credentials needed – click Login) and see the creation of the additional Port-Profiles.

Figure 32. Creation of ASA and F5 VMware Port-Profiles

32. Now you will see the new port-profiles being attached to the VM’s.

Figure 33. VC tasks

33. Apply the VMware Port-Profile Work-Around.

34. Return to the ASA ADSM console and you will see the additional interface created.

Figure 34. ASA additional Interfaces

35. Return to the F5 window and select Local Traffic > Virtual Servers > Virtual Servers List from the side menus. There is a
new partition in the partition list. (The partition names do not match the tenant names in APIC.)

Figure 35. F5 Partitions dCloud: The Cisco Demo Cloud

36. Click the partition to see the scripts attached to that tenant.

Figure 36. F5 Virtual Server

37. Examine the VLANs connected to the device clusters (optional.)

a. In the TENANT hierarchy, expand the L4-L7 Services > Deployed Device Clusters hierarchy. Click Deployed
Device Clusters. Click F5-default and Firewall-default in turn, and take note of the VLANs for the internal and
external interfaces.

b. On the F5 tab, select the apic_xxxx tenant from the Partitions drop-down. (The name will not be Pepsi in the
Partition drop-down. The partition that is not Common represent the APIC tenant.)

c. Select Networks > VLANs > VLAN List from the side menu and compare the VLAN numbers from APIC.

Figure 37. APIC VLANs match F5 VLANs

This concludes the activity in this scenario.

Scenario 4: Removing APIC Objects

This scenario can only be performed after the APIC objects are created, whether the creation method was via Python script, APIC
wizard, or manual. THIS SCENARIO MUST BE PERFORMED IN ITS ENTIRETY TO ENSURE REMOVALdCloud:
OF ALL The Cisco Demo Cloud
OBJECTS.

NOTE: If performing this Scenario immediately after Scenario 2 or 3, leave the APIC window open with all the directories
expanded, to demonstrate the objects being removed in real-time.

1. Remove the services from the VM, as follows:

a. From the demonstration workstation Task Bar, launch Windows Explorer.

b. Navigate to the C drive and double-click Remove_L4-L7-Services-vNiCs to run the script.

Figure 38. Removal Script

2. The removal script runs, posting the results in the shell window. When the script has completed, the shell window closes.

Figure 39. Removal Script Results

dCloud: The Cisco Demo Cloud

3. If you created the objects and have not yet closed the PuTTY window, proceed to Step 5.

4. If the PuTTY application is closed and you have to reopen it, it will be necessary to reload the Python script package, as
follows:

a. From the demonstration workstation, launch PuTTY [ ].

b. In the PuTTY Configuration window:

a. In the Saved Sessions area, double-click TOOLS.

b. Log in with the following credentials: Username: user01, Password: user01.

5. Perform the appropriate removal actions:

a. To remove objects created by Scenario 2

i. From the top menu of the APIC window, select VM NETWORKING.

ii. From the top sub-menu of the APIC window, select POLICIES.

iii. Expand VM Provider VMware.

iv. Right-click My-vCenter and select Delete from the menu.

v. Click Yes to confirm the deletion.

vi. Return to the PuTTY window and type ./request.py F5_Scripts/Remove_MGMT_F5.cfg at the
command prompt. Press <ENTER>.

b. To remove objects created by Scenario 3, type ./request.py ASA_F5_Scripts/Remove_ASA_F5.cfg at the

command prompt and press ENTER.

The python script will step through multiple XML scripts to remove the objects. You can verify in the APIC GUI to see the removal
of the objects, like the tenant, VMM Domain My-vCenter and others. Once this script is completed, you can also go to the vCenter
server to see that the My-vCenter DVS has been removed.

6. Press ENTER at each prompt to walk through the script.

An output description provides basic information on what the script is doing (see next page.) After each completed item, the script
will return the code 200, indicating success.
dCloud: The Cisco Demo Cloud

user01@tools:~$ ./request.py F5_Scripts/Remove_MGMT_F5.cfg

Hit return to process F5_Scripts/acme-DeleteGraph.xml or press 's' and return to skip this script. <Enter>
You have successfully removed the acme WebGraph.
To verify the deletion of the acme WebGraph, go to Tenants --> acme. Expand L4-L7 Services --> Deployed
Service Graph.
You have successfully removed the acme Secure WebGraph.
To verify the deletion of the acme Secure WebGraph, go to Tenants --> acme. Expand L4-L7 Services -->
Deployed Service Graph.
You have successfully removed the coke WebGraph.
To verify the deletion of the coke WebGraph, go to Tenants --> acme. Expand L4-L7 Services --> Deployed
Service Graph.
You have successfully removed the coke Secure WebGraph.
To verify the deletion of the coke WebGraph, go to Tenants --> acme. Expand L4-L7 Services --> Deployed
Service Graph.
This script will delete the shared concrete device of the BIGIP1 for the Device Cluster name F5.
To verify the deletion of the concrete device, go to Tenants --> mgmt. Then expand L4-L7 Services -->
Device Clusters --> F5.
This script will delete the shared Device Cluster for the F5.
To verify the deletion of the shared Device Cluster, go to Tenants --> mgmt. Then expand L4-L7 Services -->
Device Clusters.
Hit return to process F5_Scripts/DeleteMDev.xml or press 's' and return to skip this script. <Enter>
You have successfully deleted the F5 device package.
To validate this step, go to L4-L7 Services --> Packages and expand Device Types to verify deletion.
Hit return to process F5_Scripts/Delete-acme.xml or press 's' and return to skip this script. <Enter>
You have successfully deleted acme Tenant.
To validate this step, go to Tenants and verify acme is no longer there.
Hit return to process F5_Scripts/Delete-coke.xml or press 's' and return to skip this script. <Enter>
You have successfully deleted coke Tenant.
To validate this step, go to Tenants and verify coke is no longer there.

This concludes the activity in this scenario.

Appendix A. Reset APIC Simulator

APIC Fabric Members are created by default, so that the demonstration can begin with the creation of the APIC objects.
dCloud: The Cisco Demo Cloud
If you want to demonstrate the fabric discovery, reboot the apic-fcs via Guest OS Control as follows:

1. From the Demo Dashboard, click Servers.

Figure 40. Servers Tab

2. From the Servers list, click the next to apic-fcs.

3. Click the Reboot button in Guest OS Control to restart the server.

NOTE: It will take up to 5 minutes before you can login and rebuild the Fabric using one of the Fabric Discovery methods in
Appendix B.

Appendix B. Fabric Discovery

If they are not configured, use one of the three methods below to configure:
dCloud: The Cisco Demo Cloud

Method Automation Explanation Completion Time

Level

Script Configuration High Skip the configuration steps and discover the APIC Fabric automatically, as shown 1 minute, followed by
in Configure APIC Fabric Using Scripts. 15 minutes to build the

fabric

Wizard Configuration Medium Set up the APIC Fabric using the Postman–REST client, as shown in Configure 5 minutes, followed by

APIC Fabric Using Postman–REST Client. 15 minutes to build the

fabric

NOTE: The full fabric discovery can take up to 15 minutes. The apic3 controller will be discovered after all the devices are
discovered. You can check monitor the progress by selecting Topology from the Inventory pane in the APIC GUI. While the
discovery is taking place, you can complete Scenario 1, which ends in the APIC Topology window showing the discovered
elements.

Demonstration Steps
Configure APIC Fabric Using Scripts

1. From the demonstration workstation, click the Build ACI Fabric icon.

2. Type Y <Enter> at the Do you want to continue (Y/N)? prompt. The script will begin building the fabric, which will take about
15 minutes.

Figure 41. Build ACI Fabric Script

3. Type Y <Enter> at the Do you want to continue (Y/N)? prompt. The script will begin building the F5, which will complete
before the ACI fabric is set up.

Configure APIC Fabric Using Postman–REST Client

1. From the demonstration workstation, launch ‘APIC Login’, and then log in to the Application Policy Infrastructure
Controller with the following credentials: Username: admin, Password: C1sco12345.

2. From the menu bar, click Fabric.

3. From the sub-menu bar, click Inventory.

4. In the left-pane, choose Fabric Membership.

dCloud: The Cisco Demo Cloud
5. Review the current members of the Fabric.

Figure 42. Fabric Membership

6. Launch the Postman – REST Client [ ] from the taskbar. You are automatically be logged in. This is where you will
register the switches for the APIC.

Important: If you get a status of 403 Forbidden while performing the activity in this scenario, review the text below for more
information on the error. If you see Token was invalid (Error: Token timeout), this means that your session has timed out. You
will need to launch the APIC Login POST [ ] and then proceed with the next POST.

7. In the left-pane, click the arrow [ ] next to dCloud APIC Demo, and then click the arrow next to Create Fabric and dCloud
APIC Connectivity.

Figure 43. dCloud APIC Demo

8. Go to dCloud APIC Connectivity and then choose APIC Login. Click Send to connect to the APIC.

Figure 44. APIC Login and Send

dCloud: The Cisco Demo Cloud

9. Review the Status of the submission. A result of 200 OK means the submission was successful.

Figure 45. Status

10. Go to Create Fabric.

11. Choose the Add Spine1 to Fabric post. Click Send to configure the first spine,a and then it will discover the others.

12. Review the status of the submission.

13. In the APIC application window, you can see Spine1 is now part of the Fabric Membership.

Figure 46. Fabric Membership

dCloud: The Cisco Demo Cloud

14. Go to the Postman – REST Client window.

15. Under Create Fabric, choose the Add Spine2 to Fabric post and then click Send to configure the second spine.

16. Review the status of the submission.

17. In the APIC window, you can see Spine2 is now part of the Fabric Membership.

Figure 47. Fabric Membership

18. Go to the Postman – REST Client window.

19. Under Create Fabric, choose the Add Leaf2 to Fabric post.

20. Review the command for this post and you can see that it:

 Looks for the serial number (TEP-1-102)

 Sets up the serial number for node 102

 Names Leaf2

Figure 48. Add Leaf2 to Fabric

dCloud: The Cisco Demo Cloud

21. Click Send.

22. Review the status of the submission.

23. In the APIC window, you can see Leaf2 is now part of the Fabric Membership.

Figure 49. Fabric Membership

24. Go to the Postman – REST Client window.

25. Under Create Fabric, choose the Configure Leaf 1 to Fabric post, which will update the first member of the Fabric.

26. Click Send.

27. Review the status of the submission.

28. In the APIC window, you can see that Node ID and Node Name have been set for serial number TEP-1-101.

29. As it discovers Leaf1, an IP address is allocated.

30. The discovery will continue until it finds all of the links to the other members and populates the IP Addresses.

Figure 50. Fabric Membership

dCloud: The Cisco Demo Cloud

31. Wait for discovery to finish. In the APIC window, select Fabric > Inventory from the main menu. Click Topology and
demonstrate that the entire fabric has been discovered and is included in the topology.

Figure 51. Fabric Discovery Topology

Appendix C. Add VM Hosts to APIC DVS Manually

Use the vSphere client to add the Hosts as follows: dCloud: The Cisco Demo Cloud

1. Start vSphere from the Task Bar by clicking the icon, and make sure the Use Windows Credentials checkbox is
checked. Click Login.

2. Click Hosts and Clusters in the Location bar to open the drop-down menu.

3. Choose Networking from the menu.

Figure 52. vSphere Menu Sequence

4. If the networking view is not expanded, then from the top view called vcva.dcloud.cisco.com, click the + to expand the view.

5. The logical data center can be expanded by clicking on the + next to the entry dCloudDC.

6. You will now notice that a new DVS has been created named My-vCenter and you can expand it. This verifies that the APIC
has connection to the VMware vCenter Server.

7. Click My-vCenter to display the Getting Started page.

8. Click Add a host.

9. In the Add Host to vSphere Distributed Switch wizard, select vmnic2 as the target physical adapter for each switch and click
Next.

Figure 53. Choose Hosts

dCloud: The Cisco Demo Cloud

10. Click Next to the end of the wizard, then click Finish.

11. Monitor the status of the host creation in the Recent Tasks bar until the Status column shows Completed.

12. Click the Hosts tab to see that the new hosts have been enabled.

Figure 54. Recently added hosts

NOTE: There may be a warning icon in the Status column. This can be ignored.

13. Return to the appropriate script and continue:

 If performing Scenario 2, add the Device Package.

 If performing Scenario 3, add the Device Package.

Appendix D. Create a Device Cluster

NOTE: This procedure replaces three scripts in the automated procedure: dCloud: The Cisco Demo Cloud

 Scenario 2 - Type s and <enter> at the prompts for the following scripts:
mgmt-CreateLDevVip.xml
mgmt-CreateCDev.xml
mgmt-CreateLIf.xml

 Scenario 3 - Type s and <enter> at the prompts for the following scripts:
CreateLDevVip.xml
CreateCDev.xml
CreateLIf.xml

The Device Cluster in a single-tenant configuration is created within that tenant. In multi-tenant configurations, such as Scenario 2,
the Device Cluster is created in the mgmt area and shared between the two tenants.

1. In the APIC window, select TENANTS from the top menu.

2. Select the target area:

a. For single-tenant configurations, select the name of the tenant.

b. For multi-tenant configurations, select mgmt.

3. Expand the L4-L7 Services > Device Clusters hierarchy, which is empty.

4. Right-click Device Clusters and select Create Device Cluster from the menu.

5. Enter the Device Cluster parameters as follows. Note that all parameters are case-sensitive. Click Next.

Parameter Scenario 2 Scenario 3 – F5 Scenario 3 – ASA

Tenant Where Cluster Is Created mgmt Pepsi Pepsi

Name F5 F5 Firewall

Device Package (drop down) F5-BIGIP-1.0.0 F5-BIGIP-1.0.0 CISCO-ASA-1.0.1

Content Aware Multiple Single Single

Function Type (radio button) GoTo GoTo GoTo

Device Type (radio button) Physical Virtual Virtual

Physical Domain phys

Virtual Domain My-vCenter My-vCenter

EPG Leave blank Leave blank Leave blank

Virtual IP Address 198.18.128.130 198.18.128.130 198.18.128.100

Port 443 443 443

Username admin admin admin

Password/Confirm Password C1sco12345 C1sco12345 C1sco12345

6. Add the Logical Interfaces by clicking the + and entering the following parameters. Note that all parameters are case
sensitive.

Scenario/Device Interface Name Interface Type dCloud: The Cisco Demo Cloud

Scenario 2/F5 internal internal

Scenario 2/F5 external external

Scenario 3/F5 internal internal

Scenario 3/F5 external external

Scenario 3/ASA internal internal

Scenario 3/ASA external external

7. Add the Concrete Device by clicking the + and entering the following parameters. Note that all parameters are case-sensitive.
st nd
8. Add the two Interfaces by clicking the + and entering the details below for 1 and 2 interfaces. Click Next.

Parameter Scenario 2 Scenario 3 – F5 Scenario 3 – ASA

Name BIGIP1 BIGIP ASA

Context Label

IP Address 198.18.128.130 198.18.128.130 198.18.128.100

Port 443 443 443

Username admin admin admin

Password/Confirm Password C1sco12345 C1sco12345 C1sco12345

VM Name (Scenario 3 only) ASAv bigIP

vCenter Name (Scenario 3 only) dCloudDC dCloudDC

st
Interface Name (1 interface) 1_1 1_1 GigabitEthernet0/0

Interface Path or VNIC (1st interface) Node-101/eth1/30 Network adapter 2 Network adapter 2
nd
Logical Interface (2 interface) external external external

Interface Name (2nd interface) 1_2 1_2 GigabitEthernet0/1

Interface Path or VNIC (2nd interface) Node-101/eth1/31 Network adapter 3 Network adapter 3
nd
Logical Interface (2 interface) internal internal internal

7. Click Next through all the screens in the Parameters tab. Do not make any changes.

8. Click Finish.

9. Review the parameters of the newly created Device Cluster. The figure below shows how it should look make sure you have
configured all section highlighted.

NOTE: Wait until all created device clusters are in a stable state before proceeding. It may take up to 30 seconds. You may need

to click the icon.

Figure 55. Device Cluster Parameters

dCloud: The Cisco Demo Cloud

10. Return to the appropriate scenario:

 If you are performing Scenario 2, return to Step 20 and create the service graphs.

 If you are performing Scenario 3, return to Step 22 and continue with the script.

Appendix E. Attach Service Graphs to Tenants

NOTE: This step replaces Steps 22 and 23 in Scenario 2, or Step 27 in Scenario 3. dCloud: The Cisco Demo Cloud

 If you are performing Scenario 2, type s at the prompts for the following scripts:
F5_Scripts/acme-AttachWebGraph.xml
F5_Scripts/acme-AttachSecureWebGraph.xml
F5_Scripts/coke-AttachWebGraph.xml
F5_Scripts/coke-AttachSecureWebGraph.xml

 If you are performing Scenario 3, type s at the prompt for the ASA_F5_Script/AttachWebGraph.xml script.

Use this procedure to attach a Service Graph to a Tenant. If there a multiple tenants or multiple service graphs in a scenario,
repeat the procedure for each graph for each tenant, as follows:

Script Scenario Tenant Contract Filter Service Graph

F5_Scripts/acme-AttachWebGraph.xml 2 acme http WebGraph

F5_Scripts/acme-AttachSecureWebGraph.xml 2 acme https SecureWebGraph

F5_Scripts/coke-AttachWebGraph.xml 2 coke http WebGraph

F5_Scripts/coke-AttachSecureWebGraph.xml 2 coke https SecureWebGraph

ASA_F5_Script/AttachWebGraph.xml 3 Pepsi http WebGraph

1. In the APIC window, select TENANTS from the top menu.

2. Select a tenant from the top sub-menu. (see table)

3. Expand the L4-L7 Services > Service Graphs folders, which are empty.

4. Expand the Security Policies > Contracts > webContract hierarchy and select a contract. (see table)

5. From the Service Graph drop-down, select a service graph. (see table)

Figure 56. Attach a Service Graph to a Tenant

6. Click Submit. The selected service graph now appears in the L4-L7 Services > Service Graphs folder.
dCloud: The Cisco Demo Cloud
7. After attaching each service graph, verify the attachment in the F5 application, as follows:

a. Open the F5 admin console in Chrome if it is not already open.

b. Choose the apic_xxxx partition in the partition drop-down – the partition names will not match the APIC tenant
names. If you are performing Scenario 2, be sure that you are choosing the second partition when you review the
service graph attachment for coke.

c. Verify that the Virtual-Server with an HTTP Service Port has been created.

Figure 57. Acme – WebGraph in F5 Console

8. Return to the appropriate scenario:

 If you are performing Scenario 2, return to Step 24 and verify that the scripts are attached.

 If you are performing Scenario 3, return to Step 28 and verify that the script is attached.

Appendix F. Add the F5 bigIP VM

dCloud: The Cisco Demo Cloud

1. Click Windows Explorer from the wkst1 taskbar.

2. Click Local Disk (C:) in the Navigation Pane.

3. Double-click Setup_F5 to run the F5 setup script.

Figure 58. F5 Configuration Script Location

4. Return to the appropriate scenario:

 Scenario 1: APIC System Health & Topology

 Scenario 2: Multi-Tenant with Multiple Graphs via Northbound API

 Scenario 3: Single-Tenant, Single-Graph with Multiple Nodes via Northbound API

Appendix G. VMware Work-Around for Port-Profiles

The MAC address is not assigned to the link created between the tenant and the graph. Because of this, VMware will continually
dCloud: The Cisco Demo Cloud
try to reconfigure the vSphere Distributed Switch (vDS). VMware vCenter will continue to do this until it causes the APIC to crash
after approximately 30 minutes. If the APIC crashes, it is only recoverable by a reboot, which will cause all configurations to be lost
as its non-persistent.

To avoid this, you must complete the following workaround before continuing to the next portion of the scenario.

1. Go to the VMware vCenter window.

2. Expand the vcva.dcloud.cisco.com > dCloud-Cluster > L4-L7-Services folders and select ASAv.

3. Click Edit virtual machine settings.

Figure 59. Select

4. In the resulting dialog box, click the Hardware tab.

5. Click Network adapter 2.

6. Go to the Network label field and reselect the same port-profile as already used from the drop-down list.

Figure 60. ASA - Virtual Machine Properties

dCloud: The Cisco Demo Cloud

7. In the Hardware section, click Network adapter 3.

8. Go to the Network label field and reselect the same port-profile as already used from the drop-down list.

9. Click OK.

10. Go to the APIC window and open the Properties for the Virtual Machine - ASAv. You can see a MAC address has been
assigned to each, and the port-profile is being displayed correctly in APIC.

Figure 61. Assigned MAC Address - ASA

11. Repeat the procedure for bigIP.

Figure 62. Assigned MAC addresses – bigIP

dCloud: The Cisco Demo Cloud

12. Return to the appropriate scenario:

 Continue to perform Scenario 2.

 Continue to perform Scenario 3.

Appendix H. Create VMM Domain

dCloud: The Cisco Demo Cloud

1. On the top menu of the APIC window, select VM NETWORKING.

2. Then under the sub-menu, click POLICIES.

3. On the left-hand panel, select VM Provider VMware.

4. Then on the right-hand panel, click ACTIONS.

5. Then select Create vCenter Domain.

Figure 63. Networking > Policies > VM Provider VMware

6. In the Name window box, type My-vCenter.

7. In the VLAN Pool window, click the drop-down arrow.

8. Select webService(dynamic).

9. Create the credentials to login to the vCenter server by clicking the + next to the vCenter Credentials.

10. In the Name window, type administrator.

11. In the Username box, type administrator.

12. In the Password: window, type C1sco12345.

13. In the Confirm Password window, retype the password.

14. Click OK to complete the task.

15. Create the vCenter server object by clicking the + next to vCenter/vShield.

Figure 64. Create vCenter Controller

dCloud: The Cisco Demo Cloud

NOTE: Within this Create vCenter Domain task, it is important to enter in the information EXACTLY as shown below.

16. Make sure the vCenter button is selected.

17. In the Name window, type dCloudDC.

18. In the Address, type 198.18.133.211.

19. In the DVS Version, select DVS Version 5.5 from the drop down.

20. In the Datacenter window, type dCloudDC.

21. In the Associated Credential drop-down menu, select the credential object that was created in the previous task:
administrator.

22. Click OK.

Figure 65. vCenter Domain Connection to VMware vCenter Server

23. Add the VM Hosts to APIC DVS manually.

dCloud: The Cisco Demo Cloud

WITSML API Documentación
No ratings yet
WITSML API Documentación
147 pages
SAP Business Technology Platform (SAP BTP)
No ratings yet
SAP Business Technology Platform (SAP BTP)
5 pages
Cisco Application Centric Infrastructure 4.1 With Vmware V1: About This Demonstration
50% (2)
Cisco Application Centric Infrastructure 4.1 With Vmware V1: About This Demonstration
54 pages
DLL Proper Use of Tools in Embroidery
50% (6)
DLL Proper Use of Tools in Embroidery
3 pages
Quest For The Centre of The Old Testamen
No ratings yet
Quest For The Centre of The Old Testamen
14 pages
BRKNMS-2289 NSO For Network Operators
No ratings yet
BRKNMS-2289 NSO For Network Operators
54 pages
Syllable Types.
No ratings yet
Syllable Types.
4 pages
BRKCRS-2468 Cisco Catalyst Virtual Switching System
No ratings yet
BRKCRS-2468 Cisco Catalyst Virtual Switching System
166 pages
AMP Endpoints Basics Lab v1.6-US
No ratings yet
AMP Endpoints Basics Lab v1.6-US
325 pages
OT24 Jericho Usa
No ratings yet
OT24 Jericho Usa
15 pages
World English 3e Level 2 Grammar Activities Unit 1 Lesson C
No ratings yet
World English 3e Level 2 Grammar Activities Unit 1 Lesson C
1 page
The Whole Art of Detection - by Sherlock Holmes
100% (2)
The Whole Art of Detection - by Sherlock Holmes
55 pages
Grade 5 Compare Contrast A
100% (1)
Grade 5 Compare Contrast A
3 pages
B APIC Troubleshooting PDF
100% (1)
B APIC Troubleshooting PDF
216 pages
Firepower NGFW Lab-Features v1.7
No ratings yet
Firepower NGFW Lab-Features v1.7
173 pages
Module 1 Director
No ratings yet
Module 1 Director
38 pages
Cisco Aci 5.1 With Vmware Lab V1: Americas Headquarters
67% (3)
Cisco Aci 5.1 With Vmware Lab V1: Americas Headquarters
52 pages
SAT Writing - Punctuation and Grammar
100% (1)
SAT Writing - Punctuation and Grammar
5 pages
FONETICA
No ratings yet
FONETICA
8 pages
Cisco HyperFlex 40 in Action v1
No ratings yet
Cisco HyperFlex 40 in Action v1
92 pages
Demonstration Requirements: Table 1
No ratings yet
Demonstration Requirements: Table 1
46 pages
PI 32 WLAN Planning Tool v1
No ratings yet
PI 32 WLAN Planning Tool v1
12 pages
Grupo 17115 A2 - Eci 2021
No ratings yet
Grupo 17115 A2 - Eci 2021
6 pages
B Get Started Cisco Aci 4 2 v1 1 PDF
No ratings yet
B Get Started Cisco Aci 4 2 v1 1 PDF
76 pages
Cisco WAN Automation Engine Live 7.4 v1: About This Demonstration
No ratings yet
Cisco WAN Automation Engine Live 7.4 v1: About This Demonstration
30 pages
Am I A Confident Muslim
No ratings yet
Am I A Confident Muslim
11 pages
Cisco APIC 3-2 With VMware v1 Network Admin Demo Guide
No ratings yet
Cisco APIC 3-2 With VMware v1 Network Admin Demo Guide
42 pages
Firepower NGFW Lab Features 7.1 - Guide
No ratings yet
Firepower NGFW Lab Features 7.1 - Guide
173 pages
God Is Pure Bliss
No ratings yet
God Is Pure Bliss
26 pages
Cisco SD-WAN (Viptela) Instant Demo v1: About This Demonstration
No ratings yet
Cisco SD-WAN (Viptela) Instant Demo v1: About This Demonstration
20 pages
Python Regular Expression (Regex) Cheat Sheet: by Via
No ratings yet
Python Regular Expression (Regex) Cheat Sheet: by Via
3 pages
Todays FPSC Computer Operator Paper (29-09-2020)
No ratings yet
Todays FPSC Computer Operator Paper (29-09-2020)
4 pages
Tutorial 2 What Is The Output of The Below Program?
No ratings yet
Tutorial 2 What Is The Output of The Below Program?
2 pages
MSSP Federation Vs Multitenancy
No ratings yet
MSSP Federation Vs Multitenancy
5 pages
Cisco 4D SD WAN Secure Viptela v3.3 Single DC - MASTER 12 11 19
No ratings yet
Cisco 4D SD WAN Secure Viptela v3.3 Single DC - MASTER 12 11 19
64 pages
Cisco Anyconnect Posture With Asa, Ise and Amp V1.1: About This Demonstration
No ratings yet
Cisco Anyconnect Posture With Asa, Ise and Amp V1.1: About This Demonstration
29 pages
Cisco 4D Secure SD WAN Viptela v32 - 101004
No ratings yet
Cisco 4D Secure SD WAN Viptela v32 - 101004
67 pages
Ise With Security Incident Event Managements (Siems) For Real and Simulated Clients
No ratings yet
Ise With Security Incident Event Managements (Siems) For Real and Simulated Clients
34 pages
Python Fundamentals
No ratings yet
Python Fundamentals
3 pages
Unleashing The Power of ChatGPT For Translation
No ratings yet
Unleashing The Power of ChatGPT For Translation
10 pages
Cisco CloudCenter 5.0 With ACI 4.0 v1
No ratings yet
Cisco CloudCenter 5.0 With ACI 4.0 v1
74 pages
God's Will or Your Will
No ratings yet
God's Will or Your Will
4 pages
Lecture4 AccessControl
No ratings yet
Lecture4 AccessControl
13 pages
Travelling: Types of Transport
No ratings yet
Travelling: Types of Transport
2 pages
Cisco UCS Director 5-4 VMware v1 Demo Guide
No ratings yet
Cisco UCS Director 5-4 VMware v1 Demo Guide
66 pages
Cisco Firepower Next-Generation Firewall 6.5 Features Lab v1.0
No ratings yet
Cisco Firepower Next-Generation Firewall 6.5 Features Lab v1.0
23 pages
Cisco Cyber Vision v1-1
No ratings yet
Cisco Cyber Vision v1-1
48 pages
Cisco UCS Central 1-4 v1 Demo Guide
100% (1)
Cisco UCS Central 1-4 v1 Demo Guide
109 pages
Cisco Application Centric Infrastructure Multi-Site Lab v2: About This Demonstration
No ratings yet
Cisco Application Centric Infrastructure Multi-Site Lab v2: About This Demonstration
60 pages
Cisco Nexus 7000 Introduction To NX-OS Lab Guide
100% (1)
Cisco Nexus 7000 Introduction To NX-OS Lab Guide
38 pages
ISE 2.6 Instant Demo v1 - 191121
No ratings yet
ISE 2.6 Instant Demo v1 - 191121
17 pages
Firepower NGFW Lab Basics - Guide
No ratings yet
Firepower NGFW Lab Basics - Guide
92 pages
Ansible For Cisco Nexus Switches v1
No ratings yet
Ansible For Cisco Nexus Switches v1
22 pages
Firepower NGFW Lab-Basics v1.7
No ratings yet
Firepower NGFW Lab-Basics v1.7
78 pages
A1 Módulo 1 Multifluent Book
No ratings yet
A1 Módulo 1 Multifluent Book
22 pages
Cisco Vxlan Config v1
No ratings yet
Cisco Vxlan Config v1
38 pages
Ansible F5 ACI Lab v1-1
No ratings yet
Ansible F5 ACI Lab v1-1
59 pages
Cisco APIC 40 With VMware Admin v1 PDF
No ratings yet
Cisco APIC 40 With VMware Admin v1 PDF
40 pages
Alchemy of The Heart - Week 3 Article
No ratings yet
Alchemy of The Heart - Week 3 Article
2 pages
Cisco UCS Central 2.0: About This Demonstration
No ratings yet
Cisco UCS Central 2.0: About This Demonstration
21 pages
Cisco Meeting Server 3 0 Demo Guide v1-1
No ratings yet
Cisco Meeting Server 3 0 Demo Guide v1-1
12 pages
Nxos Ansible v1 New-3
No ratings yet
Nxos Ansible v1 New-3
22 pages
Cisco Secure SD-WAN Viptela v31 Instant Demo 191004
No ratings yet
Cisco Secure SD-WAN Viptela v31 Instant Demo 191004
33 pages
Cisco Nexus 7000 Introduction To NX-OS 2014-05-20
No ratings yet
Cisco Nexus 7000 Introduction To NX-OS 2014-05-20
39 pages
Aijaz Ali
No ratings yet
Aijaz Ali
2 pages
Puncation Tutoira
No ratings yet
Puncation Tutoira
4 pages
ACI Multi Lab v2-3
No ratings yet
ACI Multi Lab v2-3
60 pages
M03 - Apic - V2.5 PDF
No ratings yet
M03 - Apic - V2.5 PDF
42 pages
Prime Infrastructure 2-1 v1-1 Demo Script
No ratings yet
Prime Infrastructure 2-1 v1-1 Demo Script
23 pages
Sna101 7
No ratings yet
Sna101 7
257 pages
Carta de Smith HP Prime
No ratings yet
Carta de Smith HP Prime
4 pages
ACI Anywhere With DevNet - DEVNET-4001
No ratings yet
ACI Anywhere With DevNet - DEVNET-4001
36 pages
Cisco DevNet Express Cisco DNA Sandbox V3.0a
No ratings yet
Cisco DevNet Express Cisco DNA Sandbox V3.0a
8 pages
Getting Started With Cisco DCloud
No ratings yet
Getting Started With Cisco DCloud
1 page
Pyq 2 Real Analysis
No ratings yet
Pyq 2 Real Analysis
2 pages
(Certification Guide) Omar Santos, Joseph Muniz, Stefano de Crescenzo - CCNA Cyber Ops SECFND #210-250 Official Cert Guide-Cisco Press (2017)
No ratings yet
(Certification Guide) Omar Santos, Joseph Muniz, Stefano de Crescenzo - CCNA Cyber Ops SECFND #210-250 Official Cert Guide-Cisco Press (2017)
7 pages
NFV - Nso - Esc - Virtual - Services - v1 - IMP
No ratings yet
NFV - Nso - Esc - Virtual - Services - v1 - IMP
25 pages
APIC 2-1 WalkMe Demo Guide
No ratings yet
APIC 2-1 WalkMe Demo Guide
7 pages
B Nexus Dash Orchestrator Ac1 v1
No ratings yet
B Nexus Dash Orchestrator Ac1 v1
80 pages
Speaking in Subtitles Revaluing Screen Translation 1st Edition Tessa Dwyer 2024 Scribd Download
100% (1)
Speaking in Subtitles Revaluing Screen Translation 1st Edition Tessa Dwyer 2024 Scribd Download
72 pages
Secure Firewall Lab-Basics 7
No ratings yet
Secure Firewall Lab-Basics 7
88 pages
Cisco Threat Response Guide v1-2 - Umbrella
No ratings yet
Cisco Threat Response Guide v1-2 - Umbrella
19 pages
Lab 2
No ratings yet
Lab 2
3 pages
Segmenting Your ACI Fabric With ESGs and Secure Firewalls
No ratings yet
Segmenting Your ACI Fabric With ESGs and Secure Firewalls
36 pages
Cisco ACI With F5 ServiceCenter Lab v3
No ratings yet
Cisco ACI With F5 ServiceCenter Lab v3
92 pages
A1 Unit7 Notes
No ratings yet
A1 Unit7 Notes
10 pages
APIC 2.2 Security Integration v1 Demo Guide
No ratings yet
APIC 2.2 Security Integration v1 Demo Guide
25 pages
Cisco Nexus Dashboard 32 A Global View v1
No ratings yet
Cisco Nexus Dashboard 32 A Global View v1
16 pages
Firewall 7.4 Basic Lab 240709 301 No CTF Final
No ratings yet
Firewall 7.4 Basic Lab 240709 301 No CTF Final
101 pages
Professional Foundations - Week 7 Milestone Rubric
No ratings yet
Professional Foundations - Week 7 Milestone Rubric
6 pages
Nso Auto Deploy Zero Touch Provisioning v1
No ratings yet
Nso Auto Deploy Zero Touch Provisioning v1
11 pages
Cisco Apic Release Notes 602
No ratings yet
Cisco Apic Release Notes 602
17 pages
Guide Collaboration 15
No ratings yet
Guide Collaboration 15
8 pages