Categories Massive MIMO

ACI Access Policies – Cisco Describing Cisco ACI

ACI Access Policies

Access policies configure external-facing interfaces that connect to devices such as virtual machine controllers and hypervisors, hosts, network attached storage, routers, or Fabric Extender (FEX) interfaces. Access policies enable the configuration of port channels and virtual port channels, protocols such as Link Layer Discovery Protocol (LLDP), Cisco Discovery Protocol (CDP), and Link Aggregation Control Protocol (LACP), and features such as statistics gathering, monitoring, and diagnostics.

Figure 8-22 provides an overview of the access policy model.

  

Figure 8-22 Access Policy Model Overview

Access policies are grouped into the following categories:

  • Switch profiles specify which switches to configure and the switch configuration policy.
  • Module profiles specify which leaf switch access cards and access modules to configure and the leaf switch configuration policy.
  • Interface profiles specify which access interfaces to configure and the interface configuration policy.
  • Global policies enable the configuration of DHCP, QoS, and attachable entity profile (AEP) functions that can be used throughout the fabric. AEP profiles provide a template to deploy hypervisor policies on a large set of leaf ports and associate a Virtual Machine Manager (VMM) domain and the physical network infrastructure. They are also required for Layer 2 and Layer 3 external network connectivity
  • Pools specify VLAN, VXLAN, and multicast address pools. A pool is a shared resource that can be consumed by multiple domains such as VMM and Layer 4 to Layer 7 services.
  • Physical and external domains policies include the following:
    • External bridged domain Layer 2 domain profiles contain the port and VLAN specifications that a bridged Layer 2 network connected to the fabric uses.
    • External routed domain Layer 3 domain profiles contain the port and VLAN specifications that a routed Layer 3 network connected to the fabric uses.
    • Physical domain policies contain physical infrastructure specifications, such as ports and VLAN, used by a tenant or endpoint group.
  • Monitoring and troubleshooting policies specify what to monitor, thresholds, how to handle faults and logs, and how to perform diagnostics.

To apply a configuration across a potentially large number of switches, an administrator defines switch profiles that associate interface configurations in a single policy group. In this way, large numbers of interfaces across the fabric can be configured at once. Switch profiles can contain symmetric configurations for multiple switches or unique special purpose configurations. Figure 8-23 shows the process for configuring access to the ACI fabric.

  

Figure 8-23 Access Policy Configuration Process

Figure 8-24 shows the result of applying Switch Profile 1 and Switch Profile 2 to the ACI fabric.

Although configuration steps of each logical construct along with Cisco ACI fabric and access policy components are beyond the scope of this book, I would highly recommend you check out dCloud lab on “Getting Started with Cisco ACI” (https://dcloud2-sng.cisco.com/content/demo/343552?returnPathTitleKey=content-view) to get a feel of the GUI interface and the configuration steps involved in configuring the individual components discussed in this chapter.

   

Figure 8-24 Applying an Access Switch Policy

Leave a Reply

Your email address will not be published. Required fields are marked *