Cisco ACI – Attachable Access Entity Profiles

Within Cisco ACI we are able to connect to external virtual and physical domains by using Attachable Access Entity Profiles, or AEPs. AEPs are configured from on the Application Policy Infrastructure Controller, the controller that handles the ACI fabric configuration and pushes policies. Attachment points for AEPs can be ports, port-channels, and VPCs. This is also where we can provide interface policies for VMware vCenter distributed virtual switch, or DVS. AEPs also provision VLAN pools on leaf switches within the ACI fabric. VLAN pools may not be enabled without having been provisioned from an AEP. As stated from the information section within the APIC, “an AEP represents a group of external entities with similar infrastructure policy requirements.” Figure 1 shows logically how AEPs configured. In essence, if you’re planning on attaching either virtual or physical integration with your end point devices, you will likely need to configure an AEP.

Connect to the APIC by browsing to the IP address of one of your controllers and login. From here we will configure our first AEP.

To Configure AEP for VMM Domain:

  1. Click on Fabric on Top
  2. Click on Access Policies in the Sub-Header
  3. Expand Global Policies in the left navigation tree
  4. Highlight Attachable Access Entity Profiles
  5. Right click and select Create Attachable Access Entity Profile
  6. Give it a name such as  ESXi-Servers-AEP
  7. Check the box to enable the Infrastructure VLAN*
  8. Click Next
  9. Select the All radio button next to the ESXi VPC Policy Group. For more information on creating VPC interface policies check out my previous article here.
  10. Click Finish

*In step 7 we enabled the infrastructure VLAN. This is not necessary for all AEPs, however, according to the ACI fundamentals guide:

The fabric infrastructure VLAN must be extended to the hypervisor ports. The fabric infrastructure VLAN is used as the outer VLAN in the Ethernet header of the VXLAN data packet. The APIC automatically pushes the fabric infrastructure VLAN to the vShield Manager when preparing the APIC VDS for the VXLAN.

Create a VLAN Pool for the VMM Domain:

  1. Click on Fabric at the Top
  2. Click on Access Policies in the Sub Header
  3. Expand Pools in the navigation tree on the left
  4. Right click on VLAN and select Create VLAN Pool
  5. Give it a name such as VMM-VLAN-Pool
  6. Next to Encap Blocks (indicating VLANs) click the + sign
  7. Specify the Encap Block Range, which will be the VLAN range you plan on using within your VMware environment. Keep in mind these VLANs will also need to be specified in UCS Manager if you’re using UCS.
  8. Click submit

At this point we have an AEP set up for use with our VMM domain as well as a pool available for VLANs within our VMware environment. This VLAN pool will only be enabled because we’ve created an AEP also associated with the VMM domain.

In future articles we will continue the configuration of the ACI fabric. Also, below I’ve included a video to show how we create an AEP as well as a VLAN pool following the steps described above.

Leave a Comment

Your email address will not be published.

Scroll to Top