Cisco APIC Basic Configuration Guide, Release 1.x PDF
Preview Cisco APIC Basic Configuration Guide, Release 1.x
Cisco APIC Basic Configuration Guide, Release 1.x First Published: 2015-10-19 Last Modified: 2016-12-02 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THESPECIFICATIONSANDINFORMATIONREGARDINGTHEPRODUCTSINTHISMANUALARESUBJECTTOCHANGEWITHOUTNOTICE.ALLSTATEMENTS, INFORMATION,ANDRECOMMENDATIONSINTHISMANUALAREBELIEVEDTOBEACCURATEBUTAREPRESENTEDWITHOUTWARRANTYOFANYKIND, EXPRESSORIMPLIED.USERSMUSTTAKEFULLRESPONSIBILITYFORTHEIRAPPLICATIONOFANYPRODUCTS. THESOFTWARELICENSEANDLIMITEDWARRANTYFORTHEACCOMPANYINGPRODUCTARESETFORTHINTHEINFORMATIONPACKETTHATSHIPPEDWITH THEPRODUCTANDAREINCORPORATEDHEREINBYTHISREFERENCE.IFYOUAREUNABLETOLOCATETHESOFTWARELICENSEORLIMITEDWARRANTY, CONTACTYOURCISCOREPRESENTATIVEFORACOPY. TheCiscoimplementationofTCPheadercompressionisanadaptationofaprogramdevelopedbytheUniversityofCalifornia,Berkeley(UCB)aspartofUCB'spublicdomainversion oftheUNIXoperatingsystem.Allrightsreserved.Copyright©1981,RegentsoftheUniversityofCalifornia. NOTWITHSTANDINGANYOTHERWARRANTYHEREIN,ALLDOCUMENTFILESANDSOFTWAREOFTHESESUPPLIERSAREPROVIDED“ASIS"WITHALLFAULTS. CISCOANDTHEABOVE-NAMEDSUPPLIERSDISCLAIMALLWARRANTIES,EXPRESSEDORIMPLIED,INCLUDING,WITHOUTLIMITATION,THOSEOF MERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOFDEALING,USAGE,ORTRADEPRACTICE. INNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUT LIMITATION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHISMANUAL,EVENIFCISCOORITSSUPPLIERS HAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES. AnyInternetProtocol(IP)addressesandphonenumbersusedinthisdocumentarenotintendedtobeactualaddressesandphonenumbers.Anyexamples,commanddisplayoutput,network topologydiagrams,andotherfiguresincludedinthedocumentareshownforillustrativepurposesonly.AnyuseofactualIPaddressesorphonenumbersinillustrativecontentisunintentional andcoincidental. CiscoandtheCiscologoaretrademarksorregisteredtrademarksofCiscoand/oritsaffiliatesintheU.S.andothercountries.ToviewalistofCiscotrademarks,gotothisURL:http:// www.cisco.com/go/trademarks.Third-partytrademarksmentionedarethepropertyoftheirrespectiveowners.Theuseofthewordpartnerdoesnotimplyapartnership relationshipbetweenCiscoandanyothercompany.(1110R) ©2016CiscoSystems,Inc.Allrightsreserved. CONTENTS Preface Preface xi Audience xi DocumentConventions xi RelatedDocumentation xiii DocumentationFeedback xiii ObtainingDocumentationandSubmittingaServiceRequest xiv CHAPTER 1 UserAccess,Authentication,andAccounting 1 AccessRightsWorkflowDependencies 1 UserAccess,Authentication,andAccounting 2 MultipleTenantSupport 2 UserAccess:Roles,Privileges,andSecurityDomains 2 ConfiguringaLocalUser 3 ConfiguringaLocalUserUsingtheGUI 3 ConfiguringaLocalUserUsingtheNX-OSStyleCLI 4 ConfiguringaLocalUserUsingtheNX-OSStyleCLI 5 ConfiguringaRemoteUser 5 AVPairontheExternalAuthenticationServer 6 BestPracticeforAssigningAVPairs 6 ConfiguringanAVPairontheExternalAuthenticationServer 6 ConfiguringAPICforTACACS+Access 6 ConfiguringAPICforRADIUSAccess 9 ConfiguringACiscoSecureAccessControlServerforRADIUSandTACACS+Accesstothe APIC 12 ConfiguringWindowsServer2008LDAPforAPICAccess 13 ConfiguringAPICforLDAPAccess 15 ChangingtheDefaultBehaviorforRemoteUserswithMissingorBadCiscoAVPairs 17 Cisco APIC Basic Configuration Guide, Release 1.x iii Contents ChangingDefaultBehaviorforRemoteUserswithMissingorBadCiscoAVPairsUsingthe NX-OSStyleCLI 17 AboutSignature-BasedTransactions 18 GuidelinesandLimitations 19 GeneratinganX.509CertificateandaPrivateKey 19 ConfiguringaLocalUser 20 CreatingaLocalUserandAddingaUserCertificateUsingtheGUI 20 CreatingaLocalUserandAddingaUserCertificateUsingtheRESTAPI 21 CreatingaLocalUserUsingPythonSDK 23 UsingaPrivateKeytoCalculateaSignature 24 Accounting 25 RoutedConnectivitytoExternalNetworksasaSharedServiceBillingandStatistics 26 CHAPTER 2 Management 27 ManagementWorkflows 27 ACIManagementAccessWorkflows 27 AddingManagementAccess 29 In-BandandOut-of-BandManagementAccess 29 ConfiguringIn-BandManagementAccessUsingtheAdvancedGUI 29 ConfiguringIn-BandManagementAccessUsingtheNX-OSStyleCLI 33 ConfiguringIn-BandManagementAccessUsingtheRESTAPI 33 ConfiguringOut-of-BandManagementAccessUsingtheAdvancedGUI 36 ConfiguringOut-of-BandManagementAccessUsingtheNX-OSStyleCLI 38 ConfiguringOut-of-BandManagementAccessUsingtheRESTAPI 38 ExportingTechSupport,Statistics,andCoreFiles 40 AboutExportingFiles 40 FileExportGuidelinesandRestrictions 40 CreatingaRemoteLocationforExportingFiles 40 SendinganOn-DemandTechsupportFile 41 Overview 42 ConfigurationFileEncryption 42 CreatingaRemoteLocationUsingtheGUI 43 ConfiguringanExportPolicyUsingtheGUI 44 ConfiguringanImportPolicyUsingtheGUI 45 ConfiguringanExportPolicyUsingtheNX-OSStyleCLI 45 Cisco APIC Basic Configuration Guide, Release 1.x iv Contents ConfiguringanImportPolicyUsingtheNX-OSStyleCLI 47 ConfiguringanExportPolicyUsingtheRESTAPI 48 ConfiguringanImportPolicyUsingtheRESTAPI 48 EncryptingConfigurationFilesUsingtheGUI 49 EncryptingConfigurationFilesUsingtheNX-OSStyleCLI 51 EncryptingConfigurationFilesUsingtheRESTAPI 51 Backingup,Restoring,andRollingBackControllerConfiguration 52 Workflow 52 RemotePath 52 ConfigurationExporttoController 53 ConfigurationImporttoController 55 Snapshots 57 SnapshotManagerPolicy 58 Rollback 59 UsingSyslog 61 AboutSyslog 61 CreatingaSyslogDestinationandDestinationGroup 61 CreatingaSyslogSource 62 Out-of-BandDNSConnection 63 UsingAtomicCounters 64 AboutAtomicCounters 64 AtomicCountersGuidelinesandRestrictions 65 ConfiguringAtomicCounters 66 UsingSNMP 66 AboutSNMP 66 SNMPAccessSupportinACI 66 ConfiguringSNMP 67 ConfiguringtheSNMPPolicyUsingtheGUI 67 ConfiguringanSNMPTrapDestinationUsingtheGUI 68 ConfiguringanSNMPTrapSourceUsingtheGUI 69 MonitoringtheSystemUsingSNMP 70 UsingSPAN 70 AboutSPAN 70 SPANGuidelinesandRestrictions 71 ConfiguringaSPANSession 71 Cisco APIC Basic Configuration Guide, Release 1.x v Contents UsingTraceroute 72 AboutTraceroute 72 TracerouteGuidelinesandRestrictions 72 PerformingaTracerouteBetweenEndpoints 73 CHAPTER 3 ProvisioningCoreACIFabricServices 75 TimeSynchronizationandNTP 75 In-BandandOut-of-BandManagementNTP 76 ConfiguringNTPUsingtheAdvancedGUI 76 ConfiguringNTPUsingtheRESTAPI 77 VerifyingNTPPolicyDeployedtoEachNodeUsingtheNX-OSStyleCLI 78 VerifyingNTPOperationUsingtheGUI 78 ConfiguringaDHCPRelayPolicy 78 ConfiguringaDHCPServerPolicyfortheAPICInfrastructureUsingtheAdvanced GUI 79 ConfiguringaDHCPServerPolicyfortheAPICInfrastructureUsingtheNX-OSStyle CLI 80 ConfiguringaDHCPServerPolicyfortheAPICInfrastructureUsingtheRESTAPI 80 ConfiguringaDNSServicePolicy 81 ConfiguringExternalDestinationswithanIn-BandDNSServicePolicy 81 ConfiguringaDNSServicePolicytoConnectwithDNSProvidersUsingtheAdvanced GUI 83 ConfiguringaDNSServicePolicytoConnectwithDNSProvidersUsingtheNX-OSStyle CLI 84 ConfiguringaDNSServicePolicytoConnectwithDNSProvidersUsingtheREST API 84 VerifyingthattheDNSProfileisConfiguredandAppliedtotheFabricControllerSwitches UsingtheNX-OSStyleCLI 85 ConfiguringCustomCertificateGuidelines 86 ConfiguringaCustomCertificateforCiscoACIHTTPSAccessUsingtheGUI 86 CHAPTER 4 ACIFabricAccessLayer2Connectivity 89 Layer2Workflows 90 ACIVirtualPortChannelWorkflow 90 NetworkingDomains 91 Cisco APIC Basic Configuration Guide, Release 1.x vi Contents AttachableEntityProfile 91 ConfigurationofLeafSwitchPhysicalPorts 92 ConfiguringLeafSwitchPhysicalPortsUsingtheAdvancedGUI 92 ConfiguringPhysicalPortsinLeafNodesUsingtheNX-OSCLI 94 ConfigurationofLeafSwitchPortChannels 97 ACILeafSwitchPortChannelConfigurationUsingtheAdvancedGUI 97 ConfiguringPortChannelsinLeafNodesUsingtheNX-OSCLI 98 ConfigurationofLeafSwitchVirtualPortChannels 103 ACILeafSwitchVirtualPortChannelConfigurationUsingtheAdvancedGUI 103 ConfiguringVirtualPortChannelsinLeafNodesUsingtheNX-OSCLI 106 BasicFEXConfiguration 109 FEXPortChannelConfiguration 111 FEXVirtualPortChannelConfiguration 113 AboutTrafficStormControl 115 StormControlGuidelines 115 ConfiguringaTrafficStormControlPolicyUsingtheGUI 117 ConfiguringaTrafficStormControlPolicyUsingtheRESTAPI 118 ConfiguringaTrafficStormControlPolicyUsingtheNX-OSLikeCLI 118 Intra-EPGEndpointIsolation 119 Intra-EPGIsolationforBareMetalServers 119 UsingtheGUItoConfigureIntra-EPGIsolationforBareMetalServers 120 UsingtheNX-OSStyleCLItoConfigureIntra-EPGIsolationforBareMetalServers 121 UsingtheRESTAPItoConfigureIntra-EPGIsolationforBareMetalServers 122 CHAPTER 5 BasicUserTenantConfiguration 125 Tenants 125 RoutingWithintheTenant 126 Layer3VNIDsUsedtoTransportIntersubnetTenantTraffic 127 RouterPeeringandRouteDistribution 128 BridgedInterfacetoanExternalRouter 129 ConfiguringRouteReflectors 129 ConfiguringExternalConnectivityforTenants 130 ConfiguringanMP-BGPRouteReflectorUsingtheAdvancedGUI 130 CreatinganOSPFExternalRoutedNetworkforManagementTenantUsingthe AdvancedGUI 131 Cisco APIC Basic Configuration Guide, Release 1.x vii Contents ConfiguringanMP-BGPRouteReflectorUsingtheRESTAPI 132 VerifyingtheMP-BGPRouteReflectorConfiguration 133 CreatingTenants,VRF,andBridgeDomains 134 TenantsOverview 134 TenantCreation 134 VRFandBridgeDomains 134 CreatingaTenant,VRF,andBridgeDomainUsingtheAdvancedGUI 134 DeployinganApplicationPolicy 136 SecurityPolicyEnforcement 136 ContractsContainSecurityPolicySpecifications 136 Three-TierApplicationDeployment 138 ParameterstoCreateaFilterforhttp 139 ParameterstoCreateFiltersforrmiandsql 139 ExampleApplicationProfileDatabase 140 DeployinganApplicationPolicyUsingtheGUI 140 CreatingaFilterUsingtheGUI 140 CreatingaContractUsingtheGUI 141 CreatinganApplicationProfileUsingtheGUI 141 CreatingEPGsUsingtheGUI 142 ConsumingandProvidingContractsUsingtheGUI 142 StaticallyDeployinganEPGonaSpecificPort 143 DeployinganEPGonaSpecificPortwithAPICUsingtheGUI 143 DeployinganEPGonaSpecificPortwithAPICUsingtheNX-OSStyleCLI 144 DeployinganEPGonaSpecificPortwithAPICUsingtheRESTAPI 145 CreatingDomains,AttachEntityProfiles,andVLANstoDeployanEPGonaSpecific Port 145 CreatingDomains,andVLANStoDeployanEPGonaSpecificPortUsingtheGUI 146 CreatingAEP,Domains,andVLANstoDeployanEPGonaSpecificPortUsingtheNX-OS StyleCLI 147 CreatingAEP,Domains,andVLANstoDeployanEPGonaSpecificPortUsingtheREST API 148 CHAPTER 6 ACIFabricLayer3OutsideConnectivity 151 Layer3Workflows 151 ACILayer3OutsideNetworkWorkflows 152 Cisco APIC Basic Configuration Guide, Release 1.x viii Contents GuidelinesforConfiguringaBGPLayer3OutsideNetworkConnection 153 BGPConnectionTypesandLoopbackGuidelines 154 ConfiguringBGPExternalRoutedNetworkUsingtheGUI 155 ConfiguringBGPExternalRoutedNetworkUsingtheRESTAPI 157 ConfiguringBGPExternalRoutedNetworkUsingtheNX-OSStyleCLI 158 ConfiguringaTenantLayer3OutsideNetworkConnection 159 ConfiguringaLayer3OutsideforTenantNetworksUsingtheGUI 159 ConfiguringLayer3OutsideforTenantNetworksUsingtheRESTAPI 161 ConfiguringaLayer3OutsideforTenantNetworksUsingtheNX-OSStyleCLI 162 SharedServicesContractsUsage 165 SharedLayer3Out 166 NeighborDiscovery 168 CreatingtheTenant,VRF,andBridgeDomainwithIPv6NeighborDiscoveryUsingthe AdvancedGUI 170 CreatingtheTenant,VRF,andBridgeDomainwithIPv6NeighborDiscoveryUsingtheREST API 171 ConfiguringaTenant,VRF,andBridgeDomainwithIPv6NeighborDiscoveryUsingthe CLI 172 ConfiguringaRoutingControlProtocolUsingImportandExportControls 173 ConfiguringaRouteControlProtocoltoUseImportandExportControlsUsingtheGUI 173 ConfiguringaRouteControlProtocoltoUseImportandExportControlsUsingtheREST API 175 ConfiguringRouteControlProtocolUsingImportandExportControlsUsingtheNX-OSStyle CLI 176 ACITransitRouting 177 TransitRoutingUseCases 178 TransitRoutingOverview 181 RouteDistributionWithintheACIFabric 182 ExternalLayer3OutsideConnectionTypes 183 SupportedTransitCombinationMatrix 185 OSPFLayer3OutsideConnections 186 EIGRPLayer3OutsideConnections 187 BGPProtocolPeeringtoExternalBGPSpeakers 188 TransitRouteControl 189 ACIRouteRedistribution 191 Cisco APIC Basic Configuration Guide, Release 1.x ix Contents ControlsEnabledforSubnetsConfiguredundertheLayer3OutsideNetworkInstance Profile 191 AdvertisingTenantBDSubnetsOutsidetheFabric 192 TenantEPGtoLayer3OutsideContract 193 AdvertisingaDefaultRoute 193 RouteControlProfilePolicies 193 SecurityImportPolicies 195 CommonPervasiveGateway 196 ConfiguringCommonPervasiveGatewayUsingtheGUI 197 ConfiguringCommonPervasiveGatewayUsingtheRESTAPI 198 ConfiguringCommonPervasiveGatewayUsingtheNX-OSStyleCLI 199 Cisco APIC Basic Configuration Guide, Release 1.x x
Description:The list of books you might like
