Cisco Application Centric Infrastructure 4.1 With Vmware V1: About This Demonstration

Lab Guide
Cisco dCloud
Cisco Application Centric Infrastructure

4.1 with VMware v1
Last Updated: 04-April-2020
About This Demonstration

This guide for the preconfigured demonstration includes:
About This Demonstration
Requirements
About This Solution
Topology
Get Started
Scenario 1. APIC Overview & VMM Domain Creation
Scenario 2. Create Tenant, EPGs and Port Groups in APIC
Scenario 3. Working with Contracts
Scenario 4. Micro-segmentation
Appendix A. Reset APIC Simulator
Appendix B. Fix My Demo
What’s Next?
© 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 54
Lab Guide
Cisco dCloud
Limitations
APIC Simulator Limitations
Certain features of Cisco APIC 4.1 are outside the scope of this demonstration, because the demonstration
uses a simulated fabric rather than a physical fabric:
• The simulator will need to be rebooted for left running for more than a few days.
• All configuration will be lost after a reboot of the APIC simulator

• No traffic will pass between devices connected to the simulated fabric (ESXi, VMs etc)
• Screen refresh may take slightly longer than expected
Customization Options
To demonstrate Fabric Discovery to the customer instead of using the discovered Fabric in the demo, reset the
APIC Simulator (see Appendix A) and then see Appendix B to discover the Fabric.
Requirements
The table below outlines the requirements for this preconfigured demonstration.
Required Optional
Laptop Cisco AnyConnect®
Lab Guide
Cisco dCloud
About This Solution

The Cisco Application Policy Infrastructure Controller (Cisco APIC™) is the unifying point of automation and
management for the Cisco Application Centric Infrastructure (Cisco ACI™) fabric. The Cisco APIC provides
centralized access to all fabric information, optimizes the application lifecycle for scale and performance,
supporting flexible application provisioning across physical and virtual resources.
Cisco ACI virtual machine networking provides hypervisors from multiple vendors programmable and
automated access to high-performance scalable virtualized data center infrastructure. Programmability and
automation are critical features of scalable data center virtualization infrastructure. The ACI open REST API
enables virtual machine (VM) integration with and orchestration of the policy-model-based ACI fabric. ACI VM
networking enables consistent enforcement of policies across both virtual and physical workloads managed by
hypervisors from multiple vendors.
For additional information, visit www.cisco.com/go/apic.
This Lab is intended to introduce Cisco ACI when integrated with VMware Virtual Infrastructure.
Lab Guide
Cisco dCloud
Topology
This content includes preconfigured users and components to illustrate the scripted scenarios and features of
the solution. Most components are fully configurable with predefined administrative user accounts. You can see
the IP address and user account credentials to use to access a component by clicking the component icon in
the Topology menu of your active session and in the scenario steps that require their use.
Figure 1 shows the virtual demonstration topology, which consists of the following virtual machines:
• VMware Virtual Center Server 6.7 Appliance

• APIC Simulator version 4.1 – includes Spine 1 and Spine 2, Leaf 1 and Leaf 2, APIC1, APIC2 and APIC3
• VMware ESXi 6.7.0 (x2)
• EMC vVNXe Storage Appliance

• Cisco Unified Computing System Platform Emulator 3.1.(2e)
• Cisco UCS Director 6.7.2.0
• Linux Tools Repository (CentOS 7)

• Active Directory 2012 R2 (Domain Controller)
• Windows 10 Workstation
dCloud Topology
Lab Guide
Cisco dCloud
Get Started
Follow the steps to schedule a session of the content and configure your presentation environment.
1. Initiate your dCloud session. [Show Me How]
NOTE: It may take up to 10 minutes for your session to become active.
2. For best performance, connect to the workstation with Cisco AnyConnect VPN [Show Me How] and the
local RDP client on your laptop [Show Me How]
• Workstation 1: 198.18.133.36, Username: dcloud\demouser, Password: C1sco12345
3. The fabric discovery is automatically started at demo setup. Double-click the APIC Login icon and
log in (admin/C1sco12345).
4.
Lab Guide
Cisco dCloud
5. Review the Welcome pop-up, specifically the sections on Getting Started, Explore and Support.
6. Click Close.
Lab Guide
Cisco dCloud
7. Select Fabric from the top menu.

8. Select Inventory from the top sub-menu.
9. In the left menu, click Fabric Membership and check that four devices are populated. (IP addresses may
vary.) If only TEP-1-101 is present, see Appendix B to discover the Fabric.
NOTE: The fabric discovery can take up to 15 minutes to complete. If you log in before 15 minutes have
passed, all devices may not be discovered. The following error message may display:
Lab Guide
Cisco dCloud
Scenario 1. APIC Overview & VMM Domain Creation

Value Proposition: In this scenario, there is an introduction to the APIC dashboard and an overview of the ACI
fabric topology. VMware vCenter is then connected to Cisco APIC via a VMM domain.
NOTE: If you prefer to skip this section, then follow the process detailed at the end of this scenario.
Steps
1. On the desktop, double-click the vSphere Web Client shortcut to open the vSphere Web Client.
Click Use Windows login credentials and click Login.
2. In the APIC window, click Fabric.

3. In the menu, click Topology.
4. Click Topology to show the graphical representation of the APIC fabric.
Lab Guide
Cisco dCloud
5. Click System to see the overview.
6. In the Nodes with Health less than or equal to 99 listing, double click Spine1.
Lab Guide
Cisco dCloud
7. This shows the health details for the Spine.
8. In the menu, expand and click Leaf2 to see the Summary information for that Leaf.
Lab Guide
Cisco dCloud
9. Click System and point out the fault counts and controller status sections.
10. Click Tenants and show that three tenants are configured.
Lab Guide
Cisco dCloud
Create VMM Domain Profile for vCenter Manually
ACI fabric virtual machine manager (VMM) domains enables an administrator to configure connectivity policies
for VM controllers. The essential components of an ACI VMM domain policy include the following:
• VMM Domain Profile: groups VM controllers with similar networking policy requirements. For example, VM
controllers can share VLAN pools and application endpoint groups (EPGs). The APIC communicates with the
controller to publish network configurations such as port groups that are then applied to the virtual
workloads. The VMM domain profile includes the following essential components:
o Credential: associates a valid VM controller user credential with an APIC VMM domain.
o Controller: specifes how to connect to a VM controller that is part of a policy enforcement
domain. For example, the controller specifies the connection to a VMware vCenter that is
part a VMM domain.
• EPG Association: endpoint groups regulate connectivity and visibility among the endpoints within the scope
of the VMM domain policy. VMM domain EPGs behave as follows:
o The APIC pushes these EPGs as port groups into vCenter to a VMware Distributed Switch.
o An EPG can span multiple VMM domains, and a VMM domain can contain multiple EPGs.
• Attachable Entity Profile Association: associates a VMM domain with the physical network infrastructure.
An attachable entity profile (AEP) is a network interface template that enables deploying VM controller
policies on a large set of leaf switch ports. An AEP specifies which switches and ports are available, and
how they are configured.
• VLAN Pool Association: a VLAN pool specifies the VLAN IDs or ranges used for VLAN encapsulation that
the VMM domain consumes.
Steps
1. Click Virtual Networking.

2. Expand VMM Domains and right-click on VMware.
3. Select Create vCenter Domain.
Lab Guide
Cisco dCloud
4. Enter My-vCenter for Virtual Switch Name.

5. Select the following options:
• VMware vSphere Distributed Switch

• Associated Attachable Entity Profile > default
• VLAN Pool > dCloud_VLAN_Pool(dynamic)
6. At the vCenter Credentials section, click the plus sign.
a. Enter defaultAcc for the name.
b. Enter username and password. Confirm the password.
o User name: administrator@vsphere.local
o Password: C1sco12345!
c. Click OK.
7. Now provide the details of the vCenter to be connected to ACI. Click the plus sign for vCenter.
• Enter dCloud-DC for the name.
• Enter 198.18.133.30 for the Host Name.
• Enter dCloud-DC for the Datacenter.
• Select defaultAccP the for the Associated Credentials.
Lab Guide
Cisco dCloud
8. Set the Port Channel Mode to LACP Active.

9. Click Submit.
NOTE: The UCS Service Profiles are configured so that the interfaces that are connected to the ACI fabric have
been configured with the VLAN ranges defined in the dCloud_VLAN_Pool. As VMware Port Profiles are pushed
in from ACI, these VLANs from this pool are allocated.
10. Switch to the vSphere tab and notice that My-vCenter displays.
Lab Guide
Cisco dCloud
11. Right-click and select Add or Manage Hosts.
12. On the Select Task window, select Add Hosts. Click Next.
Lab Guide
Cisco dCloud
13. On the Select Hosts window, select New hosts. Select All and click OK.
14. Click Next.

15. Leave the defaults for Select network adapter tasks and click Next.
Lab Guide
Cisco dCloud
16. In Manage physical network adapters, highlight the first vmnic2 and click Assign Uplink.
17. Click Auto Assign and click OK.
18. Highlight the second vmnic2 and click Assign Uplink. Click Auto Assign and click Ok.
19. Click Next.

20. Leave the defaults for Manage VMkernel network adapters and click Next.
Lab Guide
Cisco dCloud
21. Leave the defaults for Analyze Impact and click Next.
22. Review the information in Ready to Complete and click Finish.
Lab Guide
Cisco dCloud
23. The two hosts display in the listing.

24. In the menu, click the dCloud-Cluster and click one of the hosts to show the details.
25. Return to the APIC tab. Expand VMM Domains > My-vCenter > Controllers > dCloud-DC > Hypervisors.
NOTE: If the ESXi hosts are not listed, then there was an issue in the creation of the VMM Domain Profile, and
APIC is not connected to vCenter. Verify the credentials in VMM Domains > VMware > My-vCenter > vCenter
Credentials.
26. Expand one of the ESXi hosts to see the virtual machines listed.
Lab Guide
Cisco dCloud
27. Expand the Virtual Machine to see more servers.
28. Expand DVS- My-vCenter > Portgroups > MyClient-DVuplinks.
Lab Guide
Cisco dCloud
Create VMM Domain Profile for vCenter Automatically
NOTE: If you have followed the manual process, please skip this section and go to Scenario 2.
Steps
1. On the desktop, select Fix My Demo.
2. Select option 4 and press Enter.
3. In the vSphere tab, notice that the ACI domain and switches are created automatically.
4. In the APIC tab, notice that the ACI domain and switches are created automatically.
Lab Guide
Cisco dCloud
Scenario 2. Create Tenant, EPGs and Port Groups in APIC

Value Proposition: Cisco ACI has been designed from the beginning to be "multi-tenant". In the case of a
classic service provider, a tenant is a unique customer, while in a typical end-customer environment a tenant
could be an operating group, business unit, application owner, and so on.
In traditional networking environments, making a routing protocol change on a router or Layer 3 switch could
potentially affect hundreds of unique VLANs/subnets. This introduces a warranted level of caution around
change control and application impact. Leveraging the ACI policy model, the physical hardware is abstracted
from the logical constructs. The tenant object gives us the ability to draw a box around the logical and concrete
objects that we use to provide a unified view of the configuration dependencies for underlay and overlay
networks.
A tenant in the ACI object model represents the highest-level object. Inside, you can differentiate between the
objects that define the tenant networking, such as private networks (VRFs), bridge domains and subnets; and
the objects that define the tenant policies such as application profiles and endpoint groups.
The system provides the following four kinds of tenants:
• User tenants are defined by the administrator according to the needs of users. They contain policies that
govern the operation of resources such as applications, databases, web servers, network-attached storage,
virtual machines, and so on.
• The common tenant is provided by the system but can be configured by the fabric administrator. It contains
policies that govern the operation of resources accessible to all tenants, such as firewalls, load balancers,
Layer 4 to Layer 7 services, intrusion detection appliances, and so on.
• The infrastructure tenant is provided by the system but can be configured by the fabric administrator. It
contains policies that govern the operation of infrastructure resources such as the fabric VXLAN overlay. It
also enables a fabric provider to selectively deploy resources to one or more user tenants. Infrastructure
tenant polices are configurable by the fabric administrator.
• The management tenant is provided by the system but can be configured by the fabric administrator. It
contains policies that govern the operation of fabric management functions used for in-band and out-of-
band configuration of fabric nodes.
• There are four methodologies for setting up your ACI policies, as can be seen in the following
illustration:
Lab Guide
Cisco dCloud
•
• Options B and C are the recommended methodologies. In option B, subnets can be used by any Tenant,
option C subnets are cannot be shared between tenants.
• This lab uses option B, which has VRFs and Bridge Domains already created in the Common Tenant.
Bridge Domains are named according to the IP Subnet name, to make them easily understood, and is a
recommended approach.
Steps
1. Open the vSphere Web Client.

2. From the home menu, select Networking.
Lab Guide
Cisco dCloud
3. Expand My-vCenter and point out the distributed switch, which is the integration point for ACI into
VMware. The VMware ESXi hosts connect to the vSphere Distributed Switch, and they communicate
through the ACI leafs.
4. Return to the APIC tab.

5. From the menu, select Tenants.
6. Click Add Tenant.
7. Enter dCloud in the Name field.
8. Click Submit.
9.
Lab Guide
Cisco dCloud
Create an Application Profile
In ACI, the tenant policies are where you define applications. An application could consist of a combination of
physical servers or virtual machines that we will call servers from now on. For example, a website could use a
3-tier application model, comprised of web servers, application servers and database servers. When a user
browses the web site, they might actually be communicating with a virtual IP address on a load balancer that in
turn can distribute the web request to a number of different web servers. The web servers in turn communicate
with core applications that can be divided amongst several application servers for load balancing or high
availability purposes. Finally, the application servers communicate with the database which could also be a
cluster of servers.
1. Right click the dCloud tenant. Select Create Application Profile.
2. Enter the following and click Submit.

• Name: 192.168.20.x_24
Lab Guide
Cisco dCloud
3. Right click Application Profile. Select Create Application Profile.

4. Enter the following and click Submit.
• Name: 192.168.21.x_24
5. Switch back to the vSphere Web Client. Show that nothing has been pushed at this point.
6. Return to APIC and double click on the dCloud tenant.
7. Expand Application Profiles > 192.168.20.x_24.
8. Right-click Application EPGs in the side menu.
9. Select Create Application EPG.
10. Enter portgroup-01 as the name.

11. In Bridge Domain, select 192.168.20.0_24.
NOTE: Aligning the naming of Application Profiles and Bridge Domains used from the Common tenant makes
it simple to understand what is happening.
Lab Guide
Cisco dCloud
12. Click Associate with VM Domain Profile.
13. Click Next.

14. Click the plus sign for Associated VM Domain Profiles.
15. Select VMware/My-vCenter for the domain profile.
16. Click to deploy immediately.
17. Select to Allow Microsegmentation.
Lab Guide
Cisco dCloud
18. Click Update.

19. Click Finish.
20. Expand Application Profiles > 192.168.21.x_24.

21. Right-click Application EPGs in the side menu.
22. Select Create Application EPG.
23. Enter portgroup-01 as the name.

24. In bridge domain, select 192.168.21.0_24.
25. Click Associate to VM Domain Profile.
26. Click Next.
Lab Guide
Cisco dCloud
27. Click the plus sign.

28. Select the VMware/My-vCenter for the domain profile.
29. Click to deploy immediately.

30. Select to Allow Microsegmentation.
31. Click Update.
32. Click Finish.
33. Return to the vSphere Web Client tab. Point out that now the two port groups display.
Value Proposition: Note the use of the naming of the Bridge Domains, Application Profiles and EPGs which
result in easy to interpret Port Group naming in vCenter.
Lab Guide
Cisco dCloud
Scenario 3. Working with Contracts

Value Proposition Contracts provide a way for the Cisco Application Centric Infrastructure (ACI) administrator
to control traffic flow within the ACI fabric between endpoint groups. These contracts are built using a provider-
consumer model where one endpoint group provides the services it wants to offer and another endpoint group
consumes them. Contracts are assigned a scope of Global, Tenant, VRF, or Application Profile, which limit the
accessibility of the contract.
In brief, contracts consist of 1 or more subjects. Each subject contains 1 or more filters. Each filter contains 1 or
more entries. Each Entry is equivalent to a line in an Access Control List (ACL) that is applied on the leaf switch
to which the endpoint within the endpoint group is attached.
In detail, contracts are comprised of the following items:
• Subjects — A group of filters for a specific application or service.
• Filters — Used to classify traffic based upon layer 2 to layer 4 attributes (such as Ethernet type, protocol
type, TCP flags and ports).
• Actions — Action to be taken on the filtered traffic.
Steps
1. In the APIC tab, click Tenants.

2. Click Common.
3. Expand Contracts > Filters.
Lab Guide
Cisco dCloud
4. This lists ports that are created in the common tenant. They can be consumed in other tenants to allow
traffic to pass.
5. Click on one of the ports to see the filter definitions and details.
6. From the menu, click dCloud.

7. From the menu, expand Contracts.
8. Right click on Standard and select Create Contract.
Lab Guide
Cisco dCloud
9. Enter permit-to-192.168.20.x_24-portgroup-01 for the name.
NOTE: The long name ensures it is simple to understand what the contract does.
10. Click the plus sign to create a contract subject.
11. Enter tcp_src_any_to_dest_port_80.
12. Click the plus sign to add a Filter.
Lab Guide
Cisco dCloud
13. In the Name drop down, select the one with tcp_src_port_any_to_dst_port_80.
NOTE: Filters are pre-created in the common tenants, and can therefore be easily re-used amongst Tenants
and Application Profiles.
14. Set the Action to Permit.

15. Click Update.
Lab Guide
Cisco dCloud
16. Click OK.

17. Click Submit.
18. The contract displays in the menu.
19. In the menu, expand Application Profiles > 192.168.20.x_24 > Application EPGs.
20. Right click on the port group and select Add Provided Contract.
Lab Guide
Cisco dCloud
21. Select the newly added contract in the Contract field.

22. Click Submit.
23. In the menu, expand Application Profiles > 192.168.21.x_24 > Application EPGs.
24. Right click on the port group and select Add Provided Contract.
25. Select the newly added contract in the Contract field.
26. Click Submit.
27. From the menu, click 192.168.20.x_24.
28. Click Topology to see the topology of the port groups and endpoint group we just added.
Lab Guide
Cisco dCloud
vSphere Web Client – ACI Plugin
The Cisco ACI vCenter plug-in for the VMware vSphere Web Client, adds a new view to the GUI called Cisco
ACI Fabric. The plug-in does not change existing integration of ACI with vCenter, it allows you to configure an
EPG, uSeg EPG, contract, tenant, VRF, and bridge domain from the VMware vSphere Web Client. The vCenter
plug-in is stateless, fetches everything from Cisco APIC and does not store any information.
The Cisco ACI vCenter plug-in provides the possibility to create, read, update and delete (CRUD) the following
object on the ACI Fabric:
• Tenant
• Application Profile
• EPG / uSeg EPG
• Contract
• VRF
• Bridge Domain
1. In the VMware vSphere Web Client, click Home.
2. Click the ACI Fabric.

3. Click Yes.
Lab Guide
Cisco dCloud
4. Enter C1sco12345 as the password. Click OK.

5. Click OK to close the pop up.
6. The table shows that the ACI controllers are all fit.
7. Click Application Profile.

8. From the drop down, select the dCloud tenant, and the Application Profile 192.168.20.x_24.
Value Proposition: It is possible from Tenants, Application Profiles, Contracts etc to be configure via the
vSphere Web Client. A html version of the ACI plugin is in development.
Lab Guide
Cisco dCloud
Scenario 4. Micro-segmentation
Microsegmentation with Cisco ACI provides the ability to automatically assign endpoints to logical security
zones called endpoint groups (EPGs) based on various network-based or virtual machine (VM)-based
attributes. This scenario contains conceptual information about Microsegmentation with Cisco ACI and
instructions for configuring microsegment (uSeg) EPGs.
Endpoint groups (EPGs) are used to group virtual machines (VMs) within a tenant and apply filtering and
forwarding policies to them. Microsegmentation with Cisco ACI adds the ability to group endpoints in existing
application EPGs into new microsegment (uSeg) EPGs and configure network or VM-based attributes for those
uSeg EPGs. This enables you to filter with those attributes and apply more dynamic policies. Microsegmentation
with Cisco ACI also allows you to apply policies to any endpoints within the tenant.
Value Proposition:: Microsegmentation with Cisco ACI Within a Single EPG or Multiple EPGs in the Same
Tenant
You might assign web servers to an EPG so that you can apply the similar policies. By default, all endpoints
within an EPG can freely communicate with each other. However, if this web EPG contains a mix of production
and development web servers, you might not want to allow communication between these different types of
web servers. Microsegmentation with Cisco ACI allows you to create a new EPG and auto-assign endpoints
based on their VM name attribute, such as "Prod-xxxx" or "Dev-xxx".
Value Proposition:: Microsegmentation for Endpoint Quarantine

You might have separate EPGs for web servers and database servers, and each one contains both Windows
and Linux VMs. If a virus affecting only Windows threatens your network, you can isolate Windows VMs across
all EPGs by creating a new EPG called, for example, "Windows-Quarantine" and applying the VM-based
operating systems attribute to filter out all Windows-based endpoints. This quarantined EPG could have more
restrictive communication policies, such as limiting allowed protocols or preventing communication to any other
EPGs by not having any contract. A microsegment EPG can have a contract or not have a contract.
Steps
1. In the APIC tab, select Tenants.

2. Click Add Tenant.
3. Enter dCloud-MicroSeg for the name. Click Submit.
Lab Guide
Cisco dCloud
4. From the menu, select ALL TENANTS.

5. Double click the dCloud-MicroSeg tenant.
6. In the menu, expand Networking > VRFs.

7. Right click on VRFs and select Create VRF.
Lab Guide
Cisco dCloud
8. Enter vrf-01 for the name.

9. Click Next.
10. Enter MicroSeg-BD for the name.
11. Select Finish.

12. Click on Application Profiles and select Create Application Profile.
Lab Guide
Cisco dCloud
13. Enter MicroSeg-ApplicationProfile for the name.

14. Click Submit.
15. Expand Application Profiles > MicroSeg-ApplicationProfile.
16. Right click on Application EPGs and select Create Application EPG.
Lab Guide
Cisco dCloud
17. Enter AllServer for the name.

18. In the Bridge Domain, select MicroSeg-BD.
19. Click Finish.

20. Expand Application EPG and click on AllServer.
Lab Guide
Cisco dCloud
21. Right click Domains (VMs and Bare-Metals) and select Add VMM Domain Association.
22. Select My-vcenter for the Domain Profile.

23. Select Immediate for Deploy Immediacy and Resolution Immediacy.
24. Click Allow Micro-Segmentation.
25. Click Submit.
Lab Guide
Cisco dCloud
26. Switch to the vSphere tab and notice that the new portgroup is created.
27. Click Hosts and Clusters.

28. Right click on the ubuntu server and click Edit Settings.
Lab Guide
Cisco dCloud
29. In the Network Adapter drop down, select Show more networks.
30. Select dCloud MicroSegMicroSeg from the listing.
Lab Guide
Cisco dCloud
31. Click OK. Click OK again.

32. Right click on the other ubuntu server and click Edit Settings.
36. Right click on the Win10ent server and click Edit Settings.

40. Return to the APIC tab and click on AllServer.
41. From the menu, click Operational.
42. Select Client End-Points.
NOTE: The added servers would be displayed here, but as this demo uses a simulated ACI fabric, they are not
detected and unfortunately will not appear here.
Lab Guide
Cisco dCloud
43. In the menu, right click on uSeg EPGs.

44. Select Create uSeg EPG.
45. Enter ubuntuServer for the name.

46. Select MicroSeg-BD for the Bridge Domain.
47. Click Next.
Lab Guide
Cisco dCloud
48. Click the plus sign to add a Domain Profile.

49. Select My-vCenter for the Domain Profile.
50. Select Immediate for Deployment Immediacy.

51. Click Update.
52. Click Finish.
53. Expand uSeg EPG > ubuntuServer.

54. Click uSeg Attributes.

56. In the filter criteria, build VM – VM Name Starts With ubuntu.
57. Click Submit.
58. On the pop up, click Submit Changes.

59. From the menu, select the ubuntuServer.
Lab Guide
Cisco dCloud
62. In the menu, right click on uSeg EPGs.

63. Select Create uSeg EPG.
64. Enter WindowsServer for the name.
65. Select MicroSeg-BD for the Bridge Domain.
66. Click Next.
Lab Guide
Cisco dCloud
67. Click the plus sign to add a Domain Profile.

68. Select My-vCenter for the Domain Profile.
69. Select Immediate for Deployment Immediacy.

70. Click Update.
71. Click Finish.
72. Expand the WindowsServer.

73. Click uSeg Attributes.
75. In the filter criteria, build VM – VM Name Starts With windows.
76. Click Submit.
Lab Guide
Cisco dCloud
77. On the pop up, click Submit Changes.

78. From the menu, select the WindowsServer.

Lab Guide
Cisco dCloud
Appendix A. Reset APIC Simulator

APIC Fabric Members are created by default, so that the demonstration can begin with the creation of the APIC
objects.
If you want to demonstrate the fabric discovery, reboot the ACI Simulator (apic-fcs-412g) via Guest OS Control
as follows:
1. In Cisco dCloud, click My Hub > Sessions and then click View against the running demo.
2. Select Servers from the menu bar, then select Enable Status Polling.
3. Expand the menu against apic-fcs-412g and select Reset. This will perform a hard reboot of the simulator.
As it is does not retain its configuration after a reboot, a clean reboot is unnecessary.
NOTE: It will take up to 5 minutes before you can login and rebuild the Fabric using one of the Fabric Discovery
methods in Appendix B.
Lab Guide
Cisco dCloud
Appendix B. Fix My Demo

Occasionally things go wrong in your session. The Fix My Demo script enables common issues to be resolved.
The following process can be used to manually resolve the following issues:
• Apply configuration to UCS Manager

• Discover the ACI Fabric and apply the demo configuration to the ACI Simulator
• Update the licenses applied to VMware vCenter and ESXi hosts.
• Reboot UCS Director.
NOTE: The ACI full fabric discovery can take up to 15 minutes. The apic3 controller will be discovered after all
the devices are discovered. You can monitor the progress by selecting Topology from the Inventory pane in the
APIC GUI. While the discovery is taking place, you can complete Scenario 1, which ends in the APIC Topology
window showing the discovered elements.
Steps
1. From the demonstration workstation, click the Fix My Demo icon.

2. Select what you would like to fix. Do not close the command window, allow the task to fully complete.
Lab Guide
Cisco dCloud
What’s Next?
Check out the related information to learn more:
• Cisco Application Centric Infrastructure Multi-Site Lab v2
• Cisco Secure Data Center in Action v2

• Cisco ACI with AppDynamics v1
•

Cisco Application Centric Infrastructure 4.1 With Vmware V1: About This Demonstration

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Cisco Application Centric Infrastructure 4.1 With Vmware V1: About This Demonstration

Загружено:

Авторское право:

Доступные форматы

Lab Guide

Cisco Application Centric Infrastructure

Last Updated: 04-April-2020

About This Demonstration

About This Demonstration

About This Solution

Scenario 1. APIC Overview & VMM Domain Creation

Scenario 2. Create Tenant, EPGs and Port Groups in APIC

Scenario 3. Working with Contracts

Appendix A. Reset APIC Simulator

Appendix B. Fix My Demo

APIC Simulator Limitations

• All configuration will be lost after a reboot of the APIC simulator

Laptop Cisco AnyConnect®

About This Solution

• VMware Virtual Center Server 6.7 Appliance

• EMC vVNXe Storage Appliance

• Linux Tools Repository (CentOS 7)

NOTE: It may take up to 10 minutes for your session to become active.

7. Select Fabric from the top menu.

Scenario 1. APIC Overview & VMM Domain Creation

2. In the APIC window, click Fabric.

5. Click System to see the overview.

7. This shows the health details for the Spine.

Create VMM Domain Profile for vCenter Manually

1. Click Virtual Networking.

4. Enter My-vCenter for Virtual Switch Name.

• VMware vSphere Distributed Switch

8. Set the Port Channel Mode to LACP Active.

11. Right-click and select Add or Manage Hosts.

14. Click Next.

19. Click Next.

22. Review the information in Ready to Complete and click Finish.

23. The two hosts display in the listing.

27. Expand the Virtual Machine to see more servers.

28. Expand DVS- My-vCenter > Portgroups > MyClient-DVuplinks.

Create VMM Domain Profile for vCenter Automatically

1. On the desktop, select Fix My Demo.

2. Select option 4 and press Enter.

Scenario 2. Create Tenant, EPGs and Port Groups in APIC

1. Open the vSphere Web Client.

4. Return to the APIC tab.

Create an Application Profile

2. Enter the following and click Submit.

3. Right click Application Profile. Select Create Application Profile.

10. Enter portgroup-01 as the name.

12. Click Associate with VM Domain Profile.

13. Click Next.

18. Click Update.

20. Expand Application Profiles > 192.168.21.x_24.

23. Enter portgroup-01 as the name.

26. Click Next.

27. Click the plus sign.

29. Click to deploy immediately.

Scenario 3. Working with Contracts

1. In the APIC tab, click Tenants.

6. From the menu, click dCloud.

9. Enter permit-to-192.168.20.x_24-portgroup-01 for the name.

10. Click the plus sign to create a contract subject.

11. Enter tcp_src_any_to_dest_port_80.

12. Click the plus sign to add a Filter.

14. Set the Action to Permit.

16. Click OK.