Categories Virtualization

Cisco ACI - Switch Profiles and Interface Policies

The following is a high-level diagram of the topology for this example:

Building a switch profile

After we bring our fabric up we need to create switch profiles for each leaf and a pair of leaf switches for later use with vPCs. So for example we will create a switch profile for leaf-101 and then we will create a switch profile for leaf-101 and leaf-102. This is similar to creating profiles on UCS Manager. They will help us to create policies more easily once we get started with that configuration.

  1. Click on Fabric
  2. Click on Access Policies
  3. On the Quick Start menu click on Configure and interface, PC, and VPC to start the wizard
  4. Click on the + sign under the “Configured Switch Interfaces”
  5. On the right, click on the pull-down menu “Switches” and select your first leaf switch (in my lab it is 101)
  6. Give it a name such as Profile-Leaf-101
  7. Click Save
  8. Repeat for as many leaf switches as you have

Later we can add interface policies with specific ports to these profiles for things we need to connect to only one switch. Now we’ll do the same thing for both the leaf switches Leaf-101 and Leaf-102. If you had four leaf switches you would also configure a profile for Leaf-103 and Leaf 104.

After we configure the switch profile for a vPC we will now create an interface policy for it. In this scenario let’s say we’re adding a VMware ESXi server to our environment and we want it to connect to both Leaf-101 and Leaf-102 in a vPC for redundancy.

  1. Click on the vPC switch profile you just created
  2. In the right pane click on the green + sign to configure switch interfaces
  3. Enter an interface, such as 1/5. Keep in mind that we will be using the same ports on both switches for the VPCs. Though it’s possible to use different ports, it makes things much more difficult, so a best practice is to use the same ports for VPCs.
  4. Enter an Interface Selector Name such as ESXi-01-vPC-Port5
  5. Select the pull-down menu for the Interface Policy Group and select Create Interface Policy Group.
  6. Give it a name such as ESXi-01-vPC-PolGrp
  7. Either select the default CDP policy, or create a CDP policy that either enables or disables CDP. This will depend on what it’s connecting to. For example you will want to enable CDP if you’re connecting to a B series UCS chassis.
  8. Do the same for the LLDP. Again, in the case of the UCS B Series you will actually need to disable this.
  9. We will also create an LACP Policy. In general for a VMware server we will create a Mac Pinning policy. If we were connecting to a Nexus 7000 or Nexus 5000 for example we might configure it to be LACP Active if that’s how we have the other switches set up.
  10. Click Submit
  11. Save the profile

Create interface policies for the individual switch profiles as well.

We now need to create the the vPC domain in order to actually create the virtual port channel.

  1. Click on the + sign under vPC Switch Pairs.
  2. Enter a number for the domain, for example 10.
  3. Next to Switch 1 select the drop down box and select Leaf-101
  4. Next to Switch 2 select the drop down box and select Leaf-102
  5. Click Save

Now make sure to click Submit at the bottom to save all the configuration you just did! I’ve also created a video which gives an example of creating a switch profile for a vPC and then the interface policy for the vPC.

Lauren Malhoit

Share
Published by
Lauren Malhoit

Recent Posts

Microsoft Teams guest access: How to enable and manage it

Two of the main factors that affect the total cost of an organization’s Microsoft 365…

15 hours ago

Samsung Galaxy Unpacked 2020: Everything you need to know

Samsung rolled out the all-new Galaxy Z Fold 2, Note 20, Note 20 Ultra handsets…

18 hours ago

SAN vs. NAS: Detailed comparison of these two storage technologies

SAN and NAS provide dedicated storage for a group of users using completely different approaches…

21 hours ago

Generation 1 virtual machines: Modernize them and bring them up to date

In many companies, Generation 1 virtual machines have been superseded by Gen 2 VMs. But…

2 days ago

Free VPNs from Hong Kong with ‘no-log policy’ experience data leak

With these free VPNs based in Hong Kong, you may not be paying any money…

2 days ago

Azure DevOps tips and tricks: Using built-in features

These Azure DevOps tips and tricks come fresh from the field where they have been…

2 days ago