思科ACI配置手册1

ACI 配置手册
Part I –开启ACI之路
Fabric Initial / Access Policy / Port Configuration / VMM
Integration / ANP
配置实验物理环境一
Spine 201
Leaf 101
FEX ESX 1 ESX 2
ACI Fabric
40G Interfaces
10G Interfaces 2/1
1/1
2/1
1/2
1/1
1G Interfaces VM-01 VM-02
Leaf 102
VM-03 VM-04
1/3
2/1
Windows
Cat 3750
1/1
1/5 1/5
1/47 1/48
1/0/23 1/0/24
103/1/9
ACI架构初始配置的步骤
•ACI架构初始化
•APIC初始配置
•ACI架构设备自动发现
•ACI架构微码升级
•ACI接口策略
•独立端口配置
•Port Channel 端口配置
•VPC 端口配置
•FEX 连接配置
•配置 VLAN Pool / Domain
•配置 VMWare 集成
•配置租户（Tenant）、VRF 和 Bridge Domains.
•Creating one or more Subnets.
•创建应用配置文件（ANP）
•创建 ANP 和 EPG
•创建合同（Contracts 和 Filter）
•应用 Contract
•将 EPG 关联到相应的 Domain
•关联虚拟机到 VMM Domain
•关联物理端口到 EPG
ACI架构初始化
APIC bring-up
•Bringing up APIC is extremely simple:
•power on
•attach to CiMC’s virtual KVM
•Answer initial setup dialog (Fabric name, controller name, TEP IP pool, infra VLAN, mgmt IP, default gateway, enforce password strength check)
•Repeat for each controller (3 supported at FCS)
•Open up a browser and visit https://<ip_you_assigned>
•The 3 APICs automatically join a cluster
•Data is replicated and split into shards for better efficiency in lookups
•That’s it, you are done!
•Physical Setup: Rack up, Cabling as the Topology Slide.
•CIMC configuration: using the adapter and connect monitor/keyboard in front (not rear). (CICM IP. No VLAN. Dedicated. Default: admin/password).
•
https://x.x.x To Access •Username: admin •Password: password
Fabric Initial Setup APIC Initial Setup
•Using KVM Console on CIMC to connect into APIC Management.
APIC Initial Setup
APIC Initial Setup
•Configure the APIC setup wizard with IP mgmt, subnet, gateway, subnet infra, VLAN infra, password.
Press any key
From the following page
We will start the initial setup wizard
APIC Initial Setup
•Start the initial setup wizard (Continued)
Cluster-Controller number[1
for master]
IP address: x.x.x.x/x
Default gateway: x.x.x.x
Speed/duplex mode: auto
•Apply the settings and save the configuration
APIC Initial Setup
Apply and save the configuration
by "Enter"
ACI自动发现设备
Fabric Initial Setup
Fabric Discovery
•APIC will detect the connected switch automatically by LLDP.
•You need to capture the switch serial number to key into the APIC Management with Switch name and Switch ID.
•Detected more neighboring devices from the captured switch
Nexus 9396PX
Leaf2(102) Nexus 9396PX
Leaf1(101)
Nexus 9336PQ
Spine(200)
LLDP
LLDP
LLDP
•FABRIC > INVENTORY > Fabric Membership
Fabric Discovery
Fabric Discovery
•Enter NODE ID, NODE NAME
SAL1832…
(Please check the Serial Number）
NODE ID: 101
NODE NAME: Leaf101
•Wait a moment, it detects the Spine, which is connected to the registered Leaf •Same with Leaf 1, register the Spine, Leaf 2
Fabric Discovery
SALxxxx
NODE ID: 200
NODE NAME: Spine200 SALyyyy
NODE ID: 102
NODE NAME: Leaf102
•FABRIC > INVENTORY > Pod1 > TOPOLOGY
•The topology will show after discover
Fabric Discovery
ACI微码升级
Enter Firmware maintenance menu
•Admin => Firmware
Check current controller firmware version
•Admin => Firmware =>
Controller Firmware
Current Firmware Repository
Upload Firmware to APIC 1. 2.
3.
•通过Upload Firmware to APIC，将本地存放的
Firmware存入APIC中
Check storage utilization
Upgrade controller firmware first (I)
•先升级 Controller 的微码
Upgrade controller firmware first (II)
•选择目标的微码版本
•Upgrade Now or Later
•SUBMIT
Upgrade controller firmware first (III)
•升级过程中•升级完成
Upgrade switch firmware secondly (I)
•再升级交换机的微码
•首先查看目前的微码版本
Upgrade switch firmware secondly (II)
•创建交换机的目标微码分组
Upgrade switch firmware secondly (III)
1.创建目标微码分组名称
2.选择目标微码版本
3.交换机ID
1.
2.
3.
Upgrade switch firmware secondly (IV)
1.创建微码维护分组，即升级的
交换机分组
Upgrade switch firmware secondly (V)
1.创建微码维护分组名称
2.交换机ID，建议将交换机分成
不同分组完成升级
3.可以选择一个预订的时间升
级；或手动选择升级，即保持
缺省
1.
2.
3.
Upgrade switch firmware secondly (VI)
1.选择微码维护分组
2.Upgrade Now
Upgrade switch firmware secondly (VII)
•微码升级完成
ACI Access Policy
What is an Access Policy?
Access policies define parameters associated with access into the fabric, such as port-channeling, Spanning-Tree, CDP, LLDP and so on.
•Access Policy is the connection settings for Leaf port that Endpoints (server,
router, virtual machine, etc.) connected.
•We need to define some objects: Switch profile, Interface Profile, and Policy Group. Access Policy
Policy Group
Switch Profile
Selector Switch Selector （101−102） Interface profile
Selector Port Settings Selector
（Speed 、CDP 、LLDP 、LACP etc) Leaf1
(101) Leaf2
(102)
1/11 1/11 Interface Selector （1/1-10)
Port Settings
・1G or 10G
・LLDP
・LACP or vPC
etc Switch Policy
Interface
Concept of Policies, Groups, Profiles and configuration flow
A number of policy types are accessible from the menu in the navigation pane:
- Switch Policies
- Module Policies
-Interface Policies
-Global Policies
-Monitoring Policies
-Troubleshooting Policies
Interface policies are concerned with physical interfaces – speeds, CDP, LACP, Spanning-Tree and so on.
Switch policies allow you to configure global Spanning-Tree & vPC parameters.
Troubleshooting policies are
used to configure SPAN sessions and port diagnostics.
What is a ‘Pool’?
A pool is used to associate VLANs or VXLANs
with a VMM or physical domain.
We’ll talk about VMM domains later.
Access Policy Settings
•FABRIC > ACCESS POLICIES > Interface Policies > Policies
•For example: Interface Policies: define the policy like Speed, CDP/LLDP
(disable/enable), LACP,…
For example, LLDP is Enable in the
default
•FABRIC > ACCESS POLICIES > Interface Policies > Policy Groups
•Policy Group will show all defined policy Group. We will add all defined Policies into Policy Group. This is also place we add the VLAN Pool through AEP.
Access Policy Settings
•FABRIC > ACCESS POLICIES > Interface Policies > Profiles •You can apply the Policy Group to the interface.
Access Policy Settings
•FABRIC > ACCESS POLICIES > Switch Policies > Profiles •You can apply the Interface Profile to the Switch.
Access Policy Settings
定义接口策略（Interface Policy）
Define Interface Policies
•在 Interface Policies 中主要
定义 Link Level、CDP、LLDP
•Fabric =》 Access Policies =》
Interface Policies
Define Interface Policies – Link Level
•Link Level 在新版中（1.2以上）
支持 Auto Negotiation
•举例定义 1G 连接
Define Interface Policies – Link Level – 1G
1.定义策略名称： 1G
2.选定 1G 连接
3.按 Submit 完成
1.
2.
3.
Check configured policy。