Aci vmware integration_youtube
Download as PPTX, PDF0 likes196 views
This document discusses two modes for connecting a Cisco Firepower Threat Defense (FTD) appliance to the leaf switches in an ACI fabric. Mode 1 connects the FTD using an EPG over L2 configuration, while Mode 2 connects the FTD using an EPF over L2 or using L3 mode connecting to a single virtual routing domain. It also provides steps for configuring access policies in ACI, including creating VLAN pools, application endpoint groups, contracts, and verifying the interfaces.
Aci vmware integration_youtube
- 1. ACI Integration with VMware By Dhruv Sharma
- 2. Introduction • There are two ways to connect an appliance/FTD to the leaf. • Mode 1: Connect the FTD using an EPG (bare metal) over L2 configuration. • Mode 2: Connect FTD using an EPF (Vmware ) over L2 configuration. • Mode 2: Connect the FTD to the leaf using L3 mode. In this mode the FTD connects to the leaf using a single VR.
- 4. Policies within ACI Access Policy Tenant Based Policy
- 5. • Part 1: Configure Access Policy Virtual Networking Fabric Policy
- 6. Setup Access Policy • Step 1: Connect to vSphere client hosted on Cisco UCS Server confirm if you can see any VDS (Virtual Distributed Switch). In our case there is not VDS. Domain = dcloud.DC
- 7. Setup Access Policy –Part A • Step 2: Connect to APIC and follow below steps to create vCEntre Domain Profile:
- 8. Setup Access Policy –Part A (i) Create a new VLAN Pool
- 9. Setup Access Policy –Part A (ii) Create a new AEP Policy and map it to the profile:
- 10. Setup Access Policy –Part A (iii) Provide vCenter Credentials
- 11. Setup Access Policy –Part A (iv) Add vCenter Address details
- 12. Setup Access Policy –Part A (v) Configure Port channel settings for vCenter. Mostly we use Mac-pinning when connecting UCS blade enclosures since LACP is not supported at the server level.
- 13. Summary
- 14. Setup Access Policy –Part B Step 3: Configure Access Policy (i) Configure Interface Policy Group:
- 15. Setup Access Policy –Part B (ii) Create a new Interface Profile
- 16. Setup Access Policy –Part B (iii) Create Interface Selector Profile
- 17. Verification • Step 4: Finally the Domain is created on the vsphere, which we created over the ACI fabric automatically.
- 18. Verification • Step 5: Verification- Verify the interfaces imported from vSphere for the virtual machines.
- 19. • Part 2: Tenant Based Policy
- 20. Tenant Policy • Step 1: Create an Application Profile & map Application EPGs
- 21. Tenant Policy Step 2: Drag and drop the orange VMware icon onto the 20-Web EPG until you see a link between them.
- 22. Tenant Policy Step 3: Finally we need contracts - Note: Consumer is the source and Provider is the destination.
- 23. Tenant Policy
- 24. Questions • Question: What does an interface status “Out Of Service” implies when we run the command “show interface brief” from the leaf switches? • Answer: Policy isn’t applied on the interface.
- 25. Questions • Question: What are modes connecting from APIC controller ? • Answer: We can connect to APIC controller using BASH (Linux) and NXOS mode shown below.