Performing NX-OS CLI Tasks

Cisco ACI Virtual Machine Networking

Configuring a NetFlow Exporter Policy for Virtual Machine Networking Using the NX-OS-Style CLI

The following example procedure uses the NX-OS-style CLI to configure a NetFlow exporter policy for virtual machine networking.

Procedure

Step 1

Enter the configuration mode.

Example:

apic1# config

Step 2

Configure the exporter policy.

Example:

apic1(config)# flow vm-exporter vmExporter1 destination address 2.2.2.2 transport udp 1234
apic1(config-flow-vm-exporter)# source address 4.4.4.4
apic1(config-flow-vm-exporter)# exit
apic1(config)# exit

Consuming a NetFlow Exporter Policy Under a VMM Domain Using the NX-OS-Style CLI for VMware VDS

The following procedure uses the NX-OS-style CLI to consume a NetFlow exporter policy under a VMM domain.

Procedure

Step 1

Enter the configuration mode.

Example:

apic1# config

Step 2

Consume the NetFlow exporter policy.

Example:

apic1(config)# vmware-domain mininet
apic1(config-vmware)# configure-dvs
apic1(config-vmware-dvs)# flow exporter vmExporter1
apic1(config-vmware-dvs-flow-exporter)# active-flow-timeout 62
apic1(config-vmware-dvs-flow-exporter)# idle-flow-timeout 16
apic1(config-vmware-dvs-flow-exporter)# sampling-rate 1
apic1(config-vmware-dvs-flow-exporter)# exit
apic1(config-vmware-dvs)# exit
apic1(config-vmware)# exit
apic1(config)# exit

Enabling or Disabling NetFlow on an Endpoint Group Using the NX-OS-Style CLI for VMware VDS

The following procedure enables or disables NetFlow on an endpoint group using the NX-OS-style CLI.

Procedure

Step 1

Enable NetFlow:

Example:

apic1# config
apic1(config)# tenant tn1
apic1(config-tenant)# application app1
apic1(config-tenant-app)# epg epg1
apic1(config-tenant-app-epg)# vmware-domain member mininet
apic1(config-tenant-app-epg-domain)# flow monitor enable
apic1(config-tenant-app-epg-domain)# exit
apic1(config-tenant-app-epg)# exit
apic1(config-tenant-app)# exit
apic1(config-tenant)# exit
apic1(config)# exit

Step 2

(Optional) If you no longer want to use NetFlow, disable the feature:

Example:

apic1(config-tenant-app-epg-domain)# no flow monitor enable

Cisco ACI with VMware VDS Integration

Creating a VMware VDS Domain Profile

Creating a vCenter Domain Profile Using the NX-OS Style CLI

Before you begin

This section describes how to create a vCenter domain profile using the NX-OS style CLI:

Procedure

Step 1

In the CLI, enter configuration mode:

Example:

apic1# configure
apic1(config)#

Step 2

Configure a VLAN domain:

Example:

apic1(config)# vlan-domain dom1 dynamic
apic1(config-vlan)# vlan 150-200 dynamic
apic1(config-vlan)# exit
apic1(config)#

Step 3

Add interfaces to this VLAN domain. These are the interfaces to be connected to VMware hypervisor uplink ports:

Example:

apic1(config)# leaf 101-102
apic1(config-leaf)# interface ethernet 1/2-3
apic1(config-leaf-if)# vlan-domain member dom1 
apic1(config-leaf-if)# exit
apic1(config-leaf)# exit

Step 4

Create a VMware domain and add VLAN domain membership:

Example:

apic1(config)# vmware-domain vmmdom1
apic1(config-vmware)# vlan-domain member dom1
apic1(config-vmware)#

Create the domain with a specific delimiter:

Example:

apic1(config)# vmware-domain vmmdom1 delimiter @

Step 5

Configure the domain type to DVS:

Example:

apic1(config-vmware)# configure-dvs
apic1(config-vmware-dvs)# exit
apic1(config-vmware)#

Step 6

(Optional) Configure a retention time for detached endpoints:

You can choose a delay of between 0 and 600 seconds. The default is 0.

Example:

apic1(config)# vmware-domain <domainName>

apic1(config-vmware)# ep-retention-time <value>

Step 7

Configure a controller in the domain:

Example:

apic1(config-vmware)# vcenter 192.168.66.2 datacenter prodDC
apic1(config-vmware-vc)# username administrator
Password:
Retype password:
apic1(config-vmware-vc)# exit
apic1(config-vmware)# exit
apic1(config)# exit

Note

 
When configuring the password, you must precede special characters such as '$' or '!' with a backslash ('\$') to avoid misinterpretation by the Bash shell. The escape backslash is necessary only when configuring the password; the backslash does not appear in the actual password.

Step 8

Verify configuration:

Example:

apic1# show running-config vmware-domain vmmdom1 
# Command: show running-config vmware-domain vmmdom1
# Time: Wed Sep  2 22:14:33 2015
  vmware-domain vmmdom1
    vlan-domain member dom1
    vcenter 192.168.66.2 datacenter prodDC
      username administrator password *****
    configure-dvs
      exit
    exit

Creating a Read-Only VMM Domain Using the NX-OS Style CLI

You can use the NX-OS style CLI to create a read-only VMM domain.

Before you begin

  • Fulfill the prerequisites in the section Prerequisites for Creating a VMM Domain Profile.

  • In the VMware vCenter, ensure that under the Networking tab, the VDS is contained by a folder.

    Also ensure that the folder and the VDS have the exact same name of the read-only VMM domain that you plan to create.

Procedure

Step 1

In the CLI, enter configuration mode:

Example:

apic1# configure
apic1(config)#

Step 2

Configure a controller in the domain:

Example:

Note

 
The name of the read-only domain (labVDS) must be the same as the name of the VDS and the folder that contains in the VMware vCenter. 
apic1(config)# vmware-domain labVDS access-mode readonly   
apic1(config-vmware)# vcenter 10.1.1.1 datacenter prodDC 
apic1(config-vmware-vc)# username administrator@vpshere.local
Password:
Retype password:
apic1(config-vmware-vc)# exit
apic1(config-vmware)#  configure-dvs
apic1(config-vmware-dvs)# exit
apic1(config-vmware)# end

Note

 
When configuring the password, you must precede special characters such as '$' or '!' with a backslash ('\$') to avoid misinterpretation by the Bash shell. The escape backslash is necessary only when configuring the password; the backslash does not appear in the actual password.

Step 3

Verify the configuration:

Example:

apic1# show running-config vmware-domain prodVDS 
# Command: show running-config vmware-domain prodVDS
# Time: Wed Sep  2 22:14:33 2015
  vmware-domain prodVDS access-mode readonly
      vcenter 10.1.1.1 datacenter prodDC
      username administrator@vsphere.local password *****
    configure-dvs
      exit
    exit

What to do next

You can attach an EPG to the read-only VMM domain and configure policies for it. However, those policies are not pushed to the VDS in the VMware vCenter.

Promoting a Read-Only VMM Domain Using the NX-OS Style CLI

You can use the NX-OS style CLI to promote a read-only VMM domain.

Before you begin

Instructions for promoting a read-only VMM domain to a managed domain assume you have completed the following prerequisites:

Procedure

Step 1

In the CLI, enter configuration mode.

Example:

apic1# configure
apic1(config)#

Step 2

Change the VMM domain's access mode to managed.

In the following example, replace vmmDom1 with the VMM domain you have previously configured as read-only.

Example:

apic1(config)# vmware-domain vmmDom1 access-mode readwrite
apic1(config-vmware)# exit
apic1(config)# exit

Step 3

Create a new Link Aggregation Group (LAG) policy.

If you are using vCenter version 5.5 or later, you must create a LAG policy for the domain to use Enhanced LACP feature, as described in Create LAGs for DVS Uplink Port Groups Using the NX-OS Style CLI.

Otherwise, you can skip this step.

Step 4

Associate the LAG policy with appropriate EPGs.

If you are using vCenter version 5.5 or later, you must associate the LAG policy with the EPGs to use Enhanced LACP feature, as described in Associate Application EPGs to VMware vCenter Domains with Enhanced LACP Policies Using the NX-OS Style CLI.

Otherwise, you can skip this step.

What to do next

Any EPGs you attach to the VMM domain and any policies you configure will now be pushed to the VDS in the VMware vCenter.

Enhanced LACP Policy Support

Create LAGs for DVS Uplink Port Groups Using the NX-OS Style CLI

Improve distributed virtual switch (DVS) uplink port group load balancing by putting the port groups into link aggregation groups (LAGs) and associating them with specific load-balancing algorithms. You can perform this task using the NX-OS style CLI.

Before you begin

You must have created a VMware vCenter virtual machine manager (VMM) domain for VMware VDS.

Procedure

Create or delete an enhanced LACP policy.

Example:

apic1(config-vmware)# enhancedlacp  LAG name 
apic1(config-vmware-enhancedlacp)# lbmode loadbalancing mode
apic1(config-vmware-enhancedlacp)# mode mode
apic1(config-vmware-enhancedlacp)# numlinks max number of uplinks
apic1(config-vmware)# no enhancedlacp LAG name to delete

What to do next

If you are using VMware VDS, associate endpoint groups (EPGs) to the domain with the enhanced LACP policy.

Associate Application EPGs to VMware vCenter Domains with Enhanced LACP Policies Using the NX-OS Style CLI

Associate application endpoint groups (EPGs) with the VMware vCenter domain with LAGs and a load-balancing algorithm. You can perform this task using NX-OS style CLI. You can also deassociate application EPGs from the domain.

Before you begin

You must have created link aggregation groups (LAGs) for distributed virtual switch (DVS) uplink port groups and associated a load-balancing algorithm to the LAGs.

Procedure

Step 1

Associate an application EPG with the domain or deassociate it from the domain.

Example:

apic1(config-tenant-app-epg-domain)#  lag-policy name of the LAG policy to associate
apic1(config-tenant-app-epg-domain)# no  lag-policy name of the LAG policy to deassociate

Step 2

Repeat Step 1 for other application EPGs in the tenant as desired.

Endpoint Retention Configuration

Configure Endpoint Retention Using the NX-OS Style CLI

Before you begin

You must have created a vCenter domain.

Procedure

Step 1

In the CLI, enter configuration mode:

Example:

apic1# configure
apic1(config)#

Step 2

Configure a retention time for detached endpoints:

You can choose a delay of between 0 and 600 seconds. The default is 0.

Example:

apic1(config)# vmware-domain <domainName>

apic1(config-vmware)# ep-retention-time <value>

Creating a Trunk Port Group

Creating a Trunk Port Group Using the NX-OS Style CLI

This section describes how to create a trunk port group using the NX-OS Style CLI.

Before you begin

  • Trunk port groups must be tenant independent.

Procedure

Step 1

Go to the vmware-domain context, enter the following command:

Example:

apic1(config-vmware)# vmware-domain ifav2-vcenter1

Step 2

Create a trunk port group, enter the following command:

Example:

apic1(config-vmware)# trunk-portgroup trunkpg1

Step 3

Enter the VLAN range:

Example:

apic1(config-vmware-trunk)# vlan-range 2800-2820, 2830-2850

Note

 
If you do not specify a VLAN range, the VLAN list will be taken from the domain’s VLAN namespace.

Step 4

The mac changes is accept by default. If you choose to not to accept the mac changes, enter the following command:

Example:

apic1(config-vmware-trunk)# no mac-changes accept

Step 5

The forged transmit is accept by default. If you choose to not to accept the forged transmit, enter the following command:

Example:

apic1(config-vmware-trunk)# no forged-transmit accept

Step 6

The promiscuous mode is disable by default. If you choose to enable promiscuous mode on the trunk port group:

Example:

apic1(config-vmware-trunk)# allow-promiscuous enable

Step 7

The trunk port group immediacy is set to on-demand by default. If you want to enable immediate immediacy, enter the following command:

Example:

apic1(config-vmware-trunk)# immediacy-immediate enable

Step 8

Show the VMware domain:

Example:

apic1(config-vmware)# show vmware domain name mininet 
Domain Name                        : mininet
Virtual Switch Mode                : VMware Distributed Switch
Switching Encap Mode               : vlan
Vlan Domain                        : mininet (2800-2850, 2860-2900)
Physical Interfaces                : 
Number of EPGs                     : 2
Faults by Severity                 : 0, 2, 4, 0
LLDP override                      : no
CDP override                       : no
Channel Mode override              : no

vCenters:
Faults: Grouped by severity (Critical, Major, Minor, Warning)
 vCenter               Type      Datacenter            Status    ESXs   VMs    Faults          
 --------------------  --------  --------------------  --------  -----  -----  --------------- 
 172.22.136.195        vCenter   mininet               online    2      57     0,0,4,0         

Trunk Portgroups:
 Name                                           VLANs                                          
 ---------------------------------------------  ---------------------------------------------- 
 epgtr1                                         280-285                                        
 epgtr2                                         280-285                                        
 epgtr3                                         2800-2850                    


apic1(config-vmware)# show vmware domain name mininet trunk-portgroup 

 Name                            Aggregated EPG                                 
 ------------------------------  ---------------------------------------------- 
 epgtr1                          test|wwwtestcom3|test830                       
 epgtr2                                                                         
 epgtr3                          test|wwwtestcom3|test830                       
                                 test|wwwtestcom3|test833                       


apic1(config-vmware)# )# show vmware domain name ifav2-vcenter1 trunk-portgroup name trunkpg1
Name                             Aggregated EPG                  Encap        
 ------------------------------  ------------------------------  ------------ 
 trunkpg1                        LoadBalance|ap1|epg1            vlan-318     
                                 LoadBalance|ap1|epg2            vlan-317     
                                 LoadBalance|ap1|failover-epg    vlan-362     
                                 SH:l3I:common:ASAv-HA:test-     vlan-711     
                                 rhi|rhiExt|rhiExtInstP                       
                                 SH:l3I:common:ASAv-HA:test-     vlan-712     
                                 rhi|rhiInt|rhiIntInstP                       
                                 test-dyn-ep|ASA_FWctxctx1bd-    vlan-366     
                                 inside|int                                   
                                 test-dyn-ep|ASA_FWctxctx1bd-    vlan-888     
                                 inside1|int                                  
                                 test-dyn-ep|ASA_FWctxctx1bd-    vlan-365     
                                 outside|ext                                  
                                 test-dyn-ep|ASA_FWctxctx1bd-    vlan-887     
                                 outside1|ext                                 
                                 test-inb|FW-Inbctxtrans-        vlan-886     
                                 vrfinside-bd|int                             
                                 test-inb|FW-Inbctxtrans-        vlan-882     
                                 vrfoutside-bd|ext                            
                                 test-inb|inb-ap|inb-epg         vlan-883     
                                 test-pbr|pbr-ap|pbr-cons-epg    vlan-451     
                                 test-pbr|pbr-ap|pbr-prov-epg    vlan-452     
                                 test1|ap1|epg1                  vlan-453     
                                 test1|ap1|epg2                  vlan-485     
                                 test1|ap1|epg3                  vlan-454     
                                 test2-scale|ASA-                vlan-496     
                                 Trunkctxctx1bd-inside1|int                   
                                 test2-scale|ASA-                vlan-811     
                                 Trunkctxctx1bd-inside10|int                  


apic1(config-vmware)# show running-config vmware-domain mininet 
# Command: show running-config vmware-domain mininet
# Time: Wed May 25 21:09:13 2016
  vmware-domain mininet
    vlan-domain member mininet type vmware
    vcenter 172.22.136.195 datacenter mininet
      exit
    configure-dvs
      exit
    trunk-portgroup epgtr1 vlan 280-285
    trunk-portgroup epgtr2 vlan 280-285
    trunk-portgroup epgtr3 vlan 2800-2850
    exit

Custom EPG Names and Cisco ACI

Configure or Change a Custom EPG Name Using the NX-OS Style CLI

You can use the NX-OS Style CLI to configure or change a custom endpoint group (EPG) name. Execute the following command in configuration mode for the application EPG domain.


Note
You can use the NX-OS Style CLI to configure or change a custom EPG name only for VMware vCenter-based domains. If you use Microsoft System Center Virtual Machine Manager, you can use the Cisco Application Policy Infrastructure Controller (APIC) GUI or the REST API to configure or change a custom EPG name.

Note

Make sure to attach the EPG to the Virtual Machine Manager (VMM) using a single CLI under the following circumstances:

  • You attach the EPG and specify a custom EPG name.

  • You intend that the attachment takes over an existing EPG in VMware vCenter with the same name as the custom EPG name.

If you fail to attach the EPG and specify a custom EPG name in a single CLI line, you may create duplicate EPGs.

Before you begin

You must have performed the tasks in the section Prerequisites for Configuring a Custom EPG Name in this chapter.

Procedure

Add or modify the custom EPG name for port-groups in VMM domain;

Example:

apic1(config-tenant-app-epg-domain)# custom-epg-name My\|Port-group_Name\!XYZ
apic1(config-tenant-app-epg-domain)# show running-config
# Command: show running-config tenant Tenant1 application App1 epg Epg1 vmware-domain member dvs1
# Time: Tue Nov 12 07:33:00 2019
  tenant Tenant1
    application App1
      epg Epg1
        vmware-domain member dvs1
          custom-epg-name My|Port-group_Name!XYZ
          exit
        exit
      exit
    exit

What to do next

Verify the port group name, using Verify the Port Group Name in VMware vCenter in this chapter.

Delete a Custom EPG Name Using the NX-OS Style CLI

You can delete a custom endpoint group (EPG) name using the NX-OS Style CLI. Doing so renames the port group in the Virtual Machine Manager domain to the default format: tenant|application|epg.


Note
You can use the NX-OS Style CLI to delete a custom EPG name only for VMware vCenter-based domains. If you use Microsoft System Center Virtual Machine Manager, you can use the Cisco Application Policy Infrastructure Controller (APIC) GUI or the REST API to delete a custom EPG name.

Procedure

Remove the custom EPG name, applying the default name format to the port group in the VMM domain.

Example:

apic1(config-tenant-app-epg-domain)# no custom-epg-name
apic1(config-tenant-app-epg-domain)# show running-config
# Command: show running-config tenant Tenant1 application App1 epg Epg1 vmware-domain member dvs1
# Time: Tue Nov 12 07:51:38 2019
  tenant Tenant1
    application App1
      epg Epg1
        vmware-domain member dvs1
          exit
        exit
      exit
    exit

What to do next

Verify the change, using Verify the Port Group Name in VMware vCenter in this chapter.

Microsegmentation with Cisco ACI

Configuring Microsegmentation with Cisco ACI Using the NX-OS-Style CLI

This section describes how to configure Microsegmentation with Cisco ACI for VMware VDS or Microsoft Hyper-V Virtual Switch using VM-based attributes within an application EPG.

Procedure

Step 1

In the CLI, enter configuration mode:

Example:

apic1# configure
apic1(config)#

Step 2

Create the uSeg EPG:

Example:

This example is for an application EPG.

Note

 
The command to allow microsegmentation in the following example is required for VMware VDS only.
 
apic1(config)# tenant cli-ten1
apic1(config-tenant)# application cli-a1
apic1(config-tenant-app)# epg cli-baseEPG1
apic1(config-tenant-app-epg)# bridge-domain member cli-bd1
apic1(config-tenant-app-epg)# vmware-domain member cli-vmm1 allow-micro-segmentation

Example:

(Optional) This example sets match EPG precedence for the uSeg EPG:
apic1(config)# tenant Coke
apic1(config-tenant)# application cli-a1
apic1(config-tenant-app)# epg cli-uepg1 type micro-segmented
apic1(config-tenant-app-uepg)# bridge-domain member cli-bd1
apic1(config-tenant-app-uepg)# match-precedence 10

Example:

This example uses a filter based on the attribute VM Name. 

apic1(config)# tenant cli-ten1
apic1(config-tenant)# application cli-a1
apic1(config-tenant-app)# epg cli-uepg1 type micro-segmented
apic1(config-tenant-app-uepg)# bridge-domain member cli-bd1
apic1(config-tenant-app-uepg)# attribute-logical-expression ‘vm-name contains <cos1>’

Example:

This example uses a filter based on an IP address. 

apic1(config)# tenant cli-ten1
apic1(config-tenant)# application cli-a1
apic1(config-tenant-app)# epg cli-uepg1 type micro-segmented
apic1(config-tenant-app-uepg)# bridge-domain member cli-bd1
apic1(config-tenant-app-uepg)# attribute-logical-expression ‘ip equals <FF:FF:FF:FF:FF:FF>’

Example:

This example uses a filter based on a MAC address. 

apic1(config)# tenant cli-ten1
apic1(config-tenant)# application cli-a1
apic1(config-tenant-app)# epg cli-uepg1 type micro-segmented
apic1(config-tenant-app-uepg)# bridge-domain member cli-bd1
apic1(config-tenant-app-uepg)# attribute-logical-expression ‘mac equals <FF-FF-FF-FF-FF-FF>’

Example:

This example uses the operator AND to match all attributes and the operator OR to match any attribute.
apic1(config)# tenant cli-ten1
apic1(config-tenant)# application cli-a1
apic1(config-tenant-app)# epg cli-uepg1 type micro-segmented
apic1(config-tenant-app-uepg)# attribute-logical-expression 'hv equals host-123 OR (guest-os equals "Ubuntu Linux (64-bit)" AND domain contains fex)'

Example:

This example uses a filter based on the attribute VM-Custom Attribute.
apic1(config)# tenant cli-ten1
apic1(config-tenant)# application cli-a1
apic1(config-tenant-app)# epg cli-uepg1 type micro-segmented
apic1(config-tenant-app-uepg)# bridge-domain member cli-bd1
apic1(config-tenant-app-uepg)# attribute-logical-expression 'custom <Custom Attribute Name> equals <Custom Attribute value>'

Step 3

Verify the uSeg EPG creation:

Example:

The following example is for a uSeg EPG with a VM name attribute filter


apic1(config-tenant-app-uepg)# show running-config
# Command: show running-config tenant cli-ten1 application cli-a1 epg cli-uepg1 type micro-segmented # Time: Thu Oct 8 11:54:32 2015
  tenant cli-ten1
    application cli-a1
      epg cli-uepg1 type micro-segmented
        bridge-domain cli-bd1
        attribute-logical-expression ‘vm-name contains cos1 force’
        {vmware-domain | microsoft-domain} member cli-vmm1
        exit
     exit 
exit

Intra-EPG Isolation Enforcement and Cisco ACI

Configuring Intra-EPG Isolation for VMware VDS or Microsoft Hyper-V Virtual Switch using the NX-OS Style CLI

Procedure

Step 1

In the CLI, create an intra-EPG isolation EPG:

Example:

The following example is for VMware VDS: 
apic1(config)# tenant Test_Isolation  
apic1(config-tenant)# application PVLAN 
apic1(config-tenant-app)# epg EPG1 
apic1(config-tenant-app-epg)# show running-config  
# Command: show running-config tenant Tenant_VMM application Web epg intraEPGDeny
  tenant Tenant_VMM
    application Web
      epg intraEPGDeny
        bridge-domain member VMM_BD
        vmware-domain member PVLAN encap vlan-2001 primary-encap vlan-2002 push on-demand
        vmware-domain member mininet
          exit
        isolation enforce
        exit
      exit
    exit
apic1(config-tenant-app-epg)#

Example:

The following example is for Microsoft Hyper-V Virtual Switch:
apic1(config)# tenant Test_Isolation  
apic1(config-tenant)# application PVLAN 
apic1(config-tenant-app)# epg EPG1 
apic1(config-tenant-app-epg)# show running-config 
# Command: show running-config tenant Tenant_VMM application Web epg intraEPGDeny
  tenant Tenant_VMM
    application Web
      epg intraEPGDeny
        bridge-domain member VMM_BD
        microsoft-domain member domain1 encap vlan-2003 primary-encap vlan-2004
        microsoft-domain member domain2 
          exit
        isolation enforce
        exit
      exit
    exit
apic1(config-tenant-app-epg)#

Step 2

Verify the configuration:

Example:

 show epg StaticEPG detail
Application EPg Data: 
Tenant              : Test_Isolation 
Application         : PVLAN 
AEPg                : StaticEPG 
BD                  : VMM_BD 
uSeg EPG            : no 
Intra EPG Isolation : enforced 
Vlan Domains        : VMM 
Consumed Contracts  : VMware_vDS-Ext 
Provided Contracts  : default,Isolate_EPG 
Denied Contracts    :  
Qos Class           : unspecified 
Tag List            :   
VMM Domains: 
Domain                Type       Deployment Immediacy  Resolution Immediacy  State           Encap       Primary 
Encap  
 --------------------  ---------  --------------------  --------------------  --------------  ----------  ----------     
 DVS1                  VMware     On Demand             immediate             formed          auto        auto           
 
Static Leaves: 
 Node        Encap             Deployment Immediacy  Mode                Modification Time                
----------  ----------------  --------------------  ------------------  ------------------------------  
 
Static Paths: 
 Node        Interface                       Encap             Modification Time               
 ----------  ------------------------------  ----------------  ------------------------------  
 1018        eth101/1/1                      vlan-100          2016-02-11T18:39:02.337-08:00    
 1019        eth1/16                         vlan-101          2016-02-11T18:39:02.337-08:00   
 
Static Endpoints: 
 Node        Interface          Encap             End Point MAC      End Point IP Address          Modification Time               
 ----------  ------------------------------  ----------------  -----------------  ------------------------------  ------------------------------  
 
Dynamic Endpoints: 
Encap: (P):Primary VLAN, (S):Secondary VLAN 
 Node        Interface            Encap             End Point MAC      End Point IP Address         Modification Time               
 ----------  ------------------------------  ----------------  -----------------  ------------------------------  ------------------------------   
1017        eth1/3              vlan-943(P)       00:50:56:B3:64:C4  ---                        2016-02-17T18:35:32.224-08:00                    
                                vlan-944(S)

Cisco ACI with Cisco UCSM Integration

Integrating Cisco UCSM Using the NX-OS Style CLI

You can use the NX-OS style CLI to integrate Cisco UCS Manager (UCSM) into the Cisco Application Centric Infrastructure (ACI) fabric.

Before you begin

You must have fulfilled the prerequisites in the section Cisco UCSM Integration Prerequisites in this guide.

Procedure

Create the integration group, the integration for the integration group, and choose the Leaf Enforced or the Preprovision policy.

If you choose the default Pre-provision policy, Cisco Application Policy Infrastructure Controller (APIC) detects which virtual machine manager (VMM) domain that you use. Cisco APIC then pushes all VLANs associated with that domain to the target Cisco UCSM.

If you choose the Leaf Enforced policy, Cisco APIC detects only the VLANS that are deployed to the top-of-rack leaf nodes. Cisco APIC then filters out any undeployed VLANs, resulting in fewer VLANs pushed to the Cisco UCSM.

Note

 
The following example includes an example of specifying the uplink port channel, which your deployment might require. For example, Layer 2 disjoint networks require that you make that specification.

Example:

APIC-1# config terminal 
APIC-1(config)# integrations-group GROUP-123
APIC-1(config-integrations-group)# integrations-mgr UCSM_001 Cisco/UCSM
APIC-1(config-integrations-mgr)#
APIC-1(config-integrations-mgr)# device-address 1.1.1.2
APIC-1(config-integrations-mgr)# user admin
Password:
Retype password:
APIC-1(config-integrations-mgr)#
APIC-1(config-integrations-mgr)# encap-sync preprovision
APIC-1(config-integrations-mgr)# nicprof-vlan-preserve ?
overwrite overwrite
preserve preserve
APIC-1(config-integrations-mgr)# nicprof-vlan-preserve preserve
APIC-1(config-integrations-mgr)#
  exit

Cisco ACI with Microsoft SCVMM

Creating a Static IP Address Pool Using the NX-OS Style CLI

Procedure

Step 1

In the CLI, enter configuration mode:

Example:

apic1# config

Step 2

Create the Static IP Address Pool:

Example:

apic1(config)# tenant t0
apic1(config-tenant)# application a0
apic1(config-tenant-app)# epg e0
apic1(config-tenant-app-epg)# mic
microsoft  microsoft-domain
apic1(config-tenant-app-epg)# microsoft static-ip-pool test_pool gateway 1.2.3.4/5
apic1(config-tenant-app-epg-ms-ip-pool)# iprange 1.2.3.4 2.3.4.5
apic1(config-tenant-app-epg-ms-ip-pool)# dns
dnssearchsuffix  dnsservers  dnssuffix
apic1(config-tenant-app-epg-ms-ip-pool)# dnssuffix testsuffix
apic1(config-tenant-app-epg-ms-ip-pool)# exit
apic1(config-tenant-app-epg)# no mi
microsoft  microsoft-domain
apic1(config-tenant-app-epg)# no microsoft static-ip-pool ?
 test_pool
apic1(config-tenant-app-epg)# no microsoft static-ip-pool test_pool gateway ?
 gwAddress  gwAddress
apic1(config-tenant-app-epg)# no microsoft static-ip-pool test_pool gateway 1.2.3.4/5
apic1(config-tenant-app-epg)#

Step 3

Verify the Static IP Address Pool:

Example:

apic1(config-tenant-app-epg-ms-ip-pool)# show running-config
# Command: show running-config tenant t0 application a0 epg e0 microsoft static-ip-pool test_pool gateway 1.2.3.4/5
# Time: Thu Feb 11 23:08:04 2016
  tenant t0
    application a0
      epg e0
        microsoft static-ip-pool test_pool gateway 1.2.3.4/5
          iprange 1.2.3.4 2.3.4.5
          dnsservers
          dnssuffix testsuffix
          dnssearchsuffix
          winservers
          exit
        exit
      exit

Creating a SCVMM Domain Profile Using the NX-OS Style CLI

This section describes how to create a SCVMM domain profile using the command-line interface (CLI).

Procedure

Step 1

In the NX-OS Style CLI, configure a vlan-domain and add the VLAN ranges:

Example:

apic1# configure
apic1(config)# vlan-domain vmm_test_1 dynamic
apic1(config-vlan)# vlan 150-200 dynamic
apic1(config-vlan)# exit

Step 2

Add interfaces to the vlan-domain:

Example:

apic1(config)# leaf 101
apic1(config-leaf)# interface ethernet 1/2
apic1(config-leaf-if)# vlan-domain member vmm_test_1
apic1(config-leaf-if)# exit
apic1(config-leaf)# exit

Step 3

Create the Microsoft SCVMM domain and associate it with the previously created vlan-domain. Create the SCVMM controller under this domain:

Example:

apic1(config)# microsoft-domain mstest
apic1(config-microsoft)# vlan-domain member vmm_test_1
apic1(config-microsoft)# scvmm 134.5.6.7 cloud test
apic1#