vCenter registration and host connectivity

Verify all switches are online, and part of the fabric

Enable route reflectors and assign Autonomous System

1
Create fabric policy group and select bgp and ntp policies

Setup vpc between leaf1-leaf4 and leaf2-leaf3

2
Create dynamic pool for vcenter

Create vCenter domain. Specify vlan pool, credentials, vcenter address and version. Assign credentials to
vcenter.

3
Create switch profile for leaf2 and leaf3

4
Create interface selector profile for Srv5 and select interface 1/1

Assign interface selector Srv5 to switch profiles 102 and 103

5
Create AEP for Srv5 connection and select domain CCIE-DVS

6
Create Access Port policy group for Srv5 interfaces. Select CDP, LLDP policies and AEP

7
Assign policy group to interface selector

Tenant App-Db with epg's App and DB Setup

8
Configure bridged domain app using vrf app-db-vrf. Set default GW and shared between vrf's option.

9
Create application profile app-db.

Create epg app and add VMM domain CCIE-DVS

10
Connect to vCenter. Verify aci-app vm is connected to port-group app. Test a ping to default gw 10.3.2.1

11
Create bridged domain db. Set default GW and shared between vrf's option.

12
Create epg db and add VMM domain CCIE-DVS

13
Verify aci-db vm settings and ping the default gw.

14
Create a contract app-db with filter icmp of common tenant.

15
Add app-db provided contract to epg db

Add app-db consumed contract to epg app

16
Test a ping from aci-app vm to aci-db vm

17
Tenant ASAv with asav appliance

Create tenant ASAv with vrf asa

Create bridged domain Inside and Outside

18
Create application profile ASAv

19
Create epg ASA-inside with bridge domain inside

Assign domain CCIE-DVS

20
Create epg ASA-Outside with bridge domain outside

Assign domain CCIE-DVS

21
Test SSH to asav virtual machine 10.1.1.229 to make sure it is accessible

Deploy ASAv under L4-L7 Devices

22
Create Function Profile Group FP

23
Create Service Function Profile under FP group. Set routed mode. Set external address and internal
address.

24
Under Access List create new entry for icmp. Set the order number and action permit. Set protocol
number 1 (ICMP).

25
Create Service Graph Template

26
Deploy Service Graph Template

27
28
SSH to ASAv and make sure ip addresses and access list are applied

29
Check the CCIE-DVS switch under vcenter. You will notice that after appying asav template there are 2
additional port groups ASAVctx...

Connect ASAv virtual machine to port-groups inside and outside which correspond to epg inside and
outside. Verify Secure VM is connected to port-group inside. Verify Unsecure VM is connecte to port-
group outside.

30
31
Connect to secure vm and ping internal interface of asav.

Connect to unsecure vm and ping external interface of asav

32
Ping between unsecure and secure vm's

Connecting a host via FEX

Create static vlan pool to be used by SRV3 connection

33
Create physical domain SRV3-VPC using static pool

34
Create AEP SRV3-VPC for SRV3 connection. Don't select any interfaces at this point

35
36
Create SRV3-VPC interface policy group for SRV3 connections using SRV3-VPC AEP. Make sure to use
static port channel under Port Channel Policy

37
Create fex profile 102 with fex access port policy group

38
39
Add Interface Selector SRV3 to FEX102 using interface 1/1 and policy group SRV3-VPC

40
Create FEX103 profile similar to FEX102

41
Assign FEX102 interface selector to leaf102 and create fex interface profile

42
Assign FEX103 interface selector to leaf103 and create fex interface profile

43
If FEX's are powered on you should see fabric extenders detected under inventory, and interfaces on
SRV3 virtual switch should come online

44
Create tenant web with vrf web-vrf

45
Create bridge domain web-bd

46
Create application profile web

47
Create epg web and assign bridge domain web-bd

Add physical domain SRV3-VPC

48
Check vlan number used to encapsulate web traffic on vcenter, and deploy static vpc binding with the
correct vlan encapsulation

49
Configure epg subnet and enable Advertise Externally and Shared Between VRF's options

50
Test pinging from web vm to default gw

Communication between Tenants Web and App

Create filter that will permit ping

51
Create contract web-app of scope global using web ping filter created earlier

52
Export the contract to tenant app-db

53
Add provided contract under epg web

54
Add consumed contract interface of the exported contract under epg app

55
Test ping between web and app vm's

L3Out OSPF

Create external routed domain for web l3 out

56
Create AEP web-l3-out using l3 out domain. Don't assign any interfaces yet.

Create web-l3-out interface policy group for VPC using the AEP created earlier. Create and use LACP
active port-channel policy

57
Create switch profile for leaf101

58
Create interface profile for interface on leaf101 using policy group configured earlier

59
Add interface selector profile to leaf 101 switch profile

60
Create switch profile for leaf 104

Create interface profile for interface 1/12 of switch 104 using policy group configured earlier

61
Assign interface selector profile to leaf 104 switch profile

Under tenant web, created external routed ospf network

62
63
Create logical node profile

64
Create logical interface profile using svi interface option

65
Create and assign ospf interface profile using broadcast option

66
67
Configure external network

68
Verify ospf neighbors are detected

69
Assign l3 out domain to web dridge domain

Create contract web-l3-ping permitting icmp

70
Assign consumed contract to external network

71
Assign provided contract to epg web

Inspect ospf routing table on the outside device

72
Test ping between the router and the web vm

73
L3Out via common Tenant

Create tenant dci with vrf-dci

Create bridge domain dci and use vrf-dci

74
75
Add subnet to bridge domain

76
Create application profile dci

Create epg dci and associate with dridge domain dci

77
Add VMM domain

78
Verify DCI VM is connected to port group dci and ping the subnet assigned earlier

79
Create dci-l3out external routed domain and assign static vlan pool

80
Create dci-l3out aep and associate with dci-l3out domain. Don't assign any interfaces yet

Create dci-l3out vpc policy group with dci-l3out aep and make port channel active

81
Create interface profile for leaf101 interface 1/5. Add interface selector for interface 1/5 and assign
policy group dci-l3out

82
83
Create interface profile for leaf104 interface 1/13. Add interface selector for interface 1/13 and assign
policy group dci-l3out

Add interface selector profile to leaf101 switch profile

Add interface selector profile to leaf104 switch profile

84
Under tenant common create vrf dci-vrf

85
Create external routed network

86
Create node profile

87
88
Add logical interface profile with SVI virtual port-channel

89
90
Check bgp parameters on the external device; note the address and as number

Add bgp peer connectivity profile to svi interface

91
92
Add external network

93
Inspect contract and filter. Change scope to global.

94
Assign contract to external network

95
Check bgp neighbors being discovered on the external device

Add consumed contract under tenant dci epg

96
Check bgp routes on the external device

Test connection between vm and external device

97
L2Out Configuration

Create static vlan pool for dci-otv

98
Create physical domain using static pool

Create AEP using the previously create domain. Don't assign any interfaces.

99
Create access port policy group with previously created aep

Create interface profile for interface 1/14 using policy group created above

100
Assign interface selector to switch 104

Add domain dci-otv to aep SRV3-VPC in order to permit vlan100 towards SRV3

101
Add domain dci-otv and SRV3-VPC to epg dci

Add static binding for 1/14 of leaf104 and for SRV3 vpc connection with encapsulation vlan-100

102
Verify dci vm connectivity to the virtual switch and vlan 100 encapsulation

Send a ping to svi100 from the vm

103