Cisco ACI – Creating an Application Network Profile with the Basic GUI

Much like Cisco UCS, there was a bit of a learning curve to the GUI. However, once you became more familiar with the GUI it did become pretty intuitive and gave you every single command you needed without having to go to the command line. People expect more out of GUIs as of late, though. More and more emphasis is put on UX design. A few months ago, Cisco came up with the Basic GUI. So now there are two modes, the Basic GUI and the Advanced GUI and there are two ways to get to them:

  1. You can change modes at the initial login.
  2. You can toggle modes by going to the Admin pull-down menu in the upper right corner of the APIC GUI once you’ve already logged in.

The Basic GUI doesn’t actually cover every single configuration, so there may be a need to switch to the Advanced GUI, for example if you must create an Advanced Accesses Entity Profile, or AEP. However, for 80% – 90% of common configuration use cases the Basic GUI will cover it. You can do things like: create/modify/delete VRFs, contracts, bridge domains, and EPGs which is what I’ll go through in this example.

Create the Tenant and Networking

As with most things after Day 1 configuration, our Application Profile will be in a tenant. So we’ll need to add a new tenant by click on Tenants in the header and then click Add Tenant in the sub-header. Give the tenant a name and make sure to put a check next to “Take me to this tenant.” Once you’re in the new tenant we can start the main configuration.

Click on Networking in the menu on the left. At the top you’ll notice some circular icons, each called something different (VRF, Bridge Domain, L2, L3, etc.). These are drag and drop icons that we’ll use to build on the constructs required to build an application profile.

  1. Click on VRF and drag and drop it to the blank canvas below
  2. Once you’ve dropped the icon, a wizard will pop up
  3. Give the VRF a name and click Submit
  4. The VRF icon will now stay on the canvas
  5. Click on Bridge Domain and drag and drop it next to the VRF you’ll be using (notice a dotted circle appears – this indicates that the Bridge Domain will be attached to this particular VRF. If you had more than one VRF you would be able to pick which VRF you can associate the bridge domain)
  6. Once you put the Bridge Domain on the canvas a wizard will appear
  7. Specify a name and any other Layer 3 (required) and policy (optional) information you’d like to configure for that Bridge Domain.
  8. Click Submit
  9. Add as many Bridge Domains as is necessary for your design

At the very bottom right corner there is a submit button. Do not forget to click Submit here to save the entire configuration.

Create the Application Profile:

  1. Click on Application Profile in the menu on the left
  2. Right click on it and select Create New Application Profile
  3. A wizard will pop up where you can specify a name
  4. Click Submit
  5. Highlight the new Application Profile you’ve just created by clicking on it
  6. Notice the new circular icons at the top of the GUI
  7. Drag and drop an EPG down to the blank canvas
  8. Give it a name
  9. Select a Bridge Domain with which to associate it
  10. Click OK
  11. Create as many EPGs as you need for this design
  12. Now you can drag and drop a contract on the canvas. Whichever EPG you connect with first will be the provider EPG and the second one will be the consumer EPG. This can be changed in the wizard if you accidentally touch the wrong EPG first.
  13. A wizard will pop up
  14. Ensure the provider and consumer EPGs are correct
  15. Give the Contract a name
  16. By default the No Filter checkbox is checked. This will allow all traffic to be allowed between EPGs by basically specifying an Any-Any rule for the contract (remember ACI by default is a white list model).
  17. To specify particular protocols to be allowed, uncheck the box next to No Filter
  18. Now we can specify filter rules as we normally would, for example allow HTTPS traffic to a specific destination.
  19. There is also the option to configure an L4-L7 device directly in here if you need something like a firewall or load balancer in your Application Profile
  20. Click OK
  21. IMPORTANT: Don’t forget to click a final Submit at the bottom right of the canvas. If you forget this your configurations will not be saved!

Please watch the video below for a demo of how to use the Basic GUI. It looks like a lot of steps, but it’s really intuitive. Using the Basic GUI we can essentially drag and drop icons on a canvas to create powerful network policy within our ACI environments.

Disclaimer: Lauren Malhoit works for Cisco. If you have any questions or comments, please feel free to leave them below or tweet her @Malhoit.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top