Cisco APIC 40 With VMware NetworkAdmin v1

Cisco dCloud
Cisco Application Policy Infrastructure Controller 4.0 with

VMware – Network Admin v1
Last Updated: 06-NOVEMBER-2018
About This Demonstration

This preconfigured demonstration includes:
• Requirements
• About This Cisco Solution
• Topology
• Get Started
• Scenario 1: APIC Operations & Troubleshooting
• Scenario 2: Deploy an Application
• Scenario 3: Create L4-L7 Service Graph via Python Script
• Scenario 4: Use NX-OS-Style CLI
Limitations
APIC Simulator Limitations
Certain features of Cisco APIC 4.0 are outside the scope of this demonstration, because the demonstration uses a simulated fabric
rather than a physical fabric:
• All configuration will be lost after a reboot of the APIC simulator
• No traffic will pass between devices connected to the simulated fabric
• Screen refresh may take slightly longer than expected
Customizations
To demonstrate Fabric Discovery to the customer instead of using the discovered Fabric in the demo, reset the APIC Simulator
(see Appendix A) and then see Appendix B to discover the Fabric.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. Page 1 of 50
Cisco dCloud
Requirements
The table below outlines the requirements for this preconfigured demonstration.
Table 1. Demonstration Requirements
Required Optional
● Laptop ● Cisco AnyConnect
About This Cisco Solution

The Cisco Application Policy Infrastructure Controller (Cisco APIC™) is the unifying point of automation and management for
the Cisco Application Centric Infrastructure (Cisco ACI™) fabric. The Cisco APIC provides centralized access to all fabric
information, optimizes the application lifecycle for scale and performance, supporting flexible application provisioning across
physical and virtual resources.
For additional information, visit www.cisco.com/go/apic.
VMware Admin
The Cisco ACI vCenter Plugin is a user interface that allows virtualization administrators to define network connectivity of shared
infrastructure independent of the networking team. The plugin allows virtualization administrators to manage the ACI fabric from
within the vSphere Web client. This allows the VMware vSphere Web Client to become a single pane of glass to configure both
VMware vCenter and the ACI fabric.
No configuration of "in-depth" networking is done through the Cisco ACI vCenter Plugin. Only the elements that are relevant to
virtualization administrators are exposed.
The Cisco ACI vCenter Plugin adds a new view to the GUI called Cisco ACI Fabric. The plug-in does not change existing
integration of ACI with vCenter, it allows you to configure an EPG, uSeg EPG, contract, tenant, VRF, and bridge domain from the
VMware vSphere Web Client. The plug-in is stateless, fetches everything from Application Policy Infrastructure Controller (APIC)
and does not store any information.
The VMware Admin script shows administrative tasks performed via the vCenter ACI Plugin.
Network Admin
The APIC GUI is a browser-based graphical interface to the APIC that communicates internally with the APIC engine by
exchanging REST API messages.
The Network Administration script shows tasks performed in the APIC GUI, as well as configuration via Python scripting and the
NX-OS interface.
© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 50
Cisco dCloud
Topology
This demonstration contains preconfigured users and components to illustrate the scripted scenarios and features of this solution.
All information needed to access the demonstration components, is located in the Topology and Servers menus of your active
demonstration.
• Topology Menu. Click on any server in the topology and a popup window will appear with available server options.
• Servers Menu. Click on or next to any server name to display the available server options and credentials.
Figure 1 shows the virtual demonstration topology, which consists of the following virtual machines:
• VMware Virtual Center Server 6.7 Appliance
• APIC Simulator version 4.0(1H) – includes Spine 1 and Spine 2, Leaf 1 and Leaf 2, APIC1, APIC2 and APIC3
• VMware ESXi 6.7.0 (x2)
• EMC vVNXe Storage Appliance

• Cisco Unified Computing System Platform Emulator 3.1.(2e)
• Cisco UCS Director 6.6.1.0
• Linux Tools Repository (RHEL 7)
• Active Directory 2012 R2 (Domain Controller)
• Windows 10 Workstation
Figure 1. Demonstration Topology
Cisco dCloud
Get Started
BEFORE DEMONSTRATING
We strongly recommend that you go through this process at least once, before presenting in front of a live audience. This will
allow you to become familiar with the structure of the document and the demonstration.
It may be necessary to schedule a new session after following this guide in order to reset the environment to its original
configuration or reset the APIC Simulator (see Appendix A) and then see Appendix B to discover the Fabric.
PREPARATION IS KEY TO A SUCCESSFUL PRESENTATION.
Follow the steps to schedule a session of the content and configure your presentation environment.
Follow the steps to schedule a session of the content and configure your presentation environment.
1. Initiate your dCloud session. [Show Me How]
NOTE: It may take up to 10 minutes for your session to become active.
2. Connect to the workstation with one of the following two methods:
• Cisco AnyConnect VPN [Show Me How] and the local RDP client on your laptop [Show Me How]
• Workstation 1: 198.18.133.36, (DCLOUD\demouser/C1sco12345
• Cisco dCloud Remote Desktop Client [Show Me How]
• The fabric discovery is automatically started at demo setup. Double-click the APIC Login icon and log in
(admin/C1sco12345). Review the What’s New pop-up, select Do not show me this again at logon and click Close.
Cisco dCloud
• Select Fabric from the top menu.
• Select Inventory from the top sub-menu.
• In the left menu, click Fabric Membership and check that four devices are populated. (IP addresses may vary.) If only
TEP-1-101 is present, see Appendix B to discover the Fabric.
NOTE: The fabric discovery can take up to 15 minutes to complete. If you log in before 15 minutes have passed, all devices may
not be discovered. The following error message may display:
Cisco dCloud
Scenario 1. APIC System Overview and Operations

This scenario provides an overview of the APIC System Health dashboard, and provides information on how to drill down into a
health score to identify a root issue.
Steps
System Health Dashboard
1. From the demo workstation, open Application Policy Infrastructure Controller (if it is not already open) by clicking the APIC
Login icon , and log in (admin/C1sco12345).
2. From the menu bar, click System to display the System Health Dashboard.
• Explain that you logged in with global administrative rights and your view includes all system components.
• Show the single-pane view, which provides a centralized, application-level visibility with real-time application health
monitoring across the physical and virtual environments.
• Show the health scores and explain how a health score is displayed for components that are being monitored by APIC,
such as:
o Fabric health
o Connections to virtual and physical environments
• Show that the left pane contains health scores for the overall system as well as specific components.
• Show that the right pane contains fault counts based on areas that have errors.
Cisco dCloud
3. Double-click Leaf1, which has a health score of 90.
4. In the Leaf1 window, click the Health tab and scroll down until the Equipment Policy Entity element with a health score of 90
becomes visible.
Cisco dCloud
5. Click the fault to expand the Equipment Policy to view the Power Supply that is showing a fault.
6. Right-click one of the faults and click Show Faults in the resulting menu.
7. Examine the resulting table, which shows the details of the fault.
8. Close the Show Faults window.
Cisco dCloud
Visibility & Troubleshooting
1. Click Operations to get to the Troubleshooting Wizard View.
2. In the Session Name field, type tsw_session1.
3. Leave the Session Type as Endpoint to Endpoint.
4. In the Description field, enter Troubleshooting Session 1.
5. In the Source field, enter the source IP address: 10.193.101.14 and click Search. Click the result.
6. In the Destination field, enter the destination IP address: 10.193.102.17 and click Search. Click the result.
7. In the Time Window section, either use the drop-down to choose a number of minutes for the session, or check the Use fixed
time checkbox and select any From: and To: times in the Time Window drop-downs and click the click the Start button.
The APIC will start the live troubleshooting and build the logical topology based on source and destination.
Cisco dCloud
Troubleshooting Session
The system displays a logical topology based on the previously entered source and destination information.
1. Click any yellow icon to see the specific fault on the topology.
2. To see all the faults, click the List icon at the top left of the work pane.
3. Close the Faults window.
Cisco dCloud
Drops/Stats
The purpose of this section is to review packet drops on the logical topology.
1. Click Drop/Stats in the side menu.
2. Review the logical topology, which is similar to the earlier display in the Topology window.
3. Click any yellow icons with the down arrow to see the statistics on that device / node.
Cisco dCloud
Contracts
Contracts are enforced between EPGs (End Point Groups). Bi-directional contracts are shown in the figure below.
1. Click Contracts on the side menu.
2. The Source Endpoint  Destination Endpoint box shows the contracts, including filters with node IDs and hit counts.
3. The Destination Endpoint  Source Endpoint box shows the same information in the reverse direction.
Traceroute
The purpose of this section is to run fabric-aware traceroute on multipath based on the direction and protocols.
NOTE: A Cisco ACI Fabric outside of this demonstration environment would display traceroute GREEN from leaf1 all the way to
destination host for Source to Destination and vice versa. The APIC Simulator only shows traceroute from the Spines.
1. Click Traceroute in the side menu.
2. Select icmp from the Protocol drop-down.
3. Click the Play button to start the traceroute, and click OK on the pop-up.
Cisco dCloud
4. A green path from the source to the destination is displayed, because no issues are present.
Atomic Counter
The Atomic Counter counts packets and bytes between source and destination. Only packets that traverse the fabric are counted.
Locally switched packets are not counted.
1. Click Atomic Counter in the side menu.
2. Click Play to start the counters. The picture below shows Ongoing Counters. Click OK.
Cisco dCloud
3. Wait approximately two minutes for the counter table to generate.
4. Examine the data, then click Stop .
Cisco dCloud
Scenario 2. Deploy an Application

The purpose of this scenario is to create a tenant and bridge domains, and then deploy an application. The application has three
tiers – Web, App, and DB. This scenario creates an EPG for each tier, and the contracts that allow the layers to communicate with
each other.
The last step is to add the physical domain and the VMM domain to the previously created EPGs that will provide the networking
capability for the application, and then create a vPC.
Steps
Create Tenant and Bridge Domains
The purpose of this section is to create a Tenant, VRF and Bridge Domains.
1. In the APIC window, click Tenants > Add Tenant in the top menu.
2. In the Create Tenant dialog box, enter Tenant1 in the Name field and click Submit.
Cisco dCloud
3. In the resulting Tenant1 window, click Networking in the side menu.
4. In the Networks work pane, drag the VRF icon into the Networks window.
5. In the Create VRF window, enter VRF1 in the Name field and click Submit.
Cisco dCloud
6. Drag the Bridge icon into the Networks window, making sure that the icon connects to the gray circle that will appear around
the VRF, and that a line appears between the two icons.
7. In the resulting Create Bridge Domain window:
a. Enter BD1 in the Name field.
b. Select Optimize from the Forwarding drop-down.
c. Click the L3 Configurations tab.
Cisco dCloud
d. Click the + sign to add a Subnet.
e. Enter 10.1.1.1/24 in the Gateway IP field and click OK.
f. Click OK again.
8. Drag the Bridge icon to the main window to create a second bridge domain connected to VRF1.
Cisco dCloud
9. Enter BD2 in the Name field and click OK.
Create Application Profile
1. In the Tenant Tenant1 folder list, right-click Application Profiles, and select Create Application Profile.
Cisco dCloud
2. In the Create Application Profile dialog box:
a. Enter WebApplication in the Name field.
b. Click Submit to create the Application Profile.
NOTE: The next four sections – Create EPGs, Create Contracts, Create VMM Domains, and Create Physical Domain – take place
in the Application Profile window. Do not click Submit at the bottom of the window until all of these elements are created.
Create EPGs
The purpose of this section is to create three EPGs – AppEPG, WebEPG and DBEPG – one for each tier of the application.
1. In the side window, expand Tenant Tenant1 > Application Profiles and click WebApplication to display the Application
Profile window.
2. Click Topology.
3. Drag the EPG icon into the Application Profile window.
Cisco dCloud
4. In the Create Application EPG dialog box:
a. Enter Web in the Name field.
b. Select Tenant1/BD1 from the Bridge Domain drop-down.
c. Click OK to create the EPG.
5. Repeat Steps 2 and 3 to create two additional EPGs: App and DB. For the App EPG, select Tenant1/BD1. For the DB EPG,
select Tenant1/BD2 as the Bridge Domain.
Create Contracts
The purpose of this section is to create two contracts:
• The first contract, App2DB, allows the App tier to receive information from the DB tier. For this contract, the App tier is the
Consumer and the DB tier is the Provider.
• The second contract, Web2App, allows the Web tier to receive information from the App tier. For this contract, the Web
tier is the Consumer and the App tier is the Provider.
Cisco dCloud
1. Drag the Contract icon into the Application Profile window, rolling first over the DB EPG and then over the App EPG
without letting go of the mouse.
NOTE: Enlarge the APIC window if the Contract icon is not visible.
2. In the Create Contract dialog box, the Consumer and Provider EPGs will be pre-selected if the drag & drop of the contract
icon was successful. If not:
a. Choose Tenant1/WebApplication/epg-App from the Consumer EPG / External Network drop-down.
b. Choose Tenant1/WebApplication/epg-DB from the Provider EPG / Internal Network drop-down.
c. Enter App2DB in the Contract Name field.
d. Uncheck the No Filter (Allow All Traffic) checkbox.
e. Click the + sign to add a Filter Entry. Make the following updates and click Update:
o Name: sql
o Alias: sql
o EtherType: IP
o IP Protocol: tcp
o Destination Port Range – From/To: 481
o Source Port Range – From/To: 481
Cisco dCloud
f. Click OK.
3. Check the Application Profile window, which now shows the contract existing between the App and DB EPGs.
Cisco dCloud
4. Drag a second Contract icon into the Application Profile window, this time rolling over the App, then the Web EPG.
5. In the Create Contract dialog box:
a. Choose Tenant1/WebApplication/epg-Web from the Consumer EPG / External Network drop-down if it

is not pre-selected.
b. Choose Tenant1/WebApplication/epg-App from the Provider EPG / Internal Network drop-down if it is

not pre-selected.
c. Enter Web2App in the Contract Name field.
d. Click OK.
6. Check the Application Profile window, which now shows two contracts between the three EPGs. If necessary, move the
icons around the window until the relationships between them are clear.
Cisco dCloud
Attach VMM Domains
The purpose of this section is to attach the virtual domain to the App and Web EPGs.
1. Drag the VMWare icon into the Application Profile window, moving it until a dotted line connects it to the Web EPG icon.
2. In the resulting dialog box, click the + sign to add a VCenter domain.
3. In the resulting dialog box, select My-vCenter from the Domains drop-down and click OK.
4. Click OK.
Cisco dCloud
5. Drag a second VMWare icon into the main window, moving it until a dotted line connects it to the AppEPG icon.
6. Repeat Steps 3 and 4 to set the parameters of the second vmm.
Attach Physical Domain
The purpose of this section is to attach the physical domain to the DB EPG.
1. Drag the BareMetal icon into the main window, moving it until a dotted line connects it to the DB EPG icon.
Cisco dCloud
2. Click the + sign to add a physical domain to the EPG.
3. In the resulting window, set the parameters of the physical domain and click Update:
• VLAN Domain: phys
• Path: Pod-1/Node-101/eth1/20
• Path Encap: vlan-100
• Click Update.
4. Click OK.
5. Click Submit to finish creating the Application Profile.
Cisco dCloud
Scenario 3. Create L4-L7 Service Graph via Python Script

The purpose of this scenario is to deploy via a preconfigured Python script, which creates a tenant with one single-node graph
within the APIC via the northbound API.
The Python script performs the following functions:
• Create a Tenant
• Import Device Package
• Create L4-L7 Device
o Create Concrete Device
o Create Logical Interfaces
• Create the Service Graph
• Attach Service Graph to Contract
Steps
Execute Python Script
1. Double-click the Cisco ASDM-IDM Launcher icon to open the ASAv home page.
2. Log in (admin/C1sco12345) and click Continue at the Security Warning. Click OK to acknowledge that Login History is not
available.
Cisco dCloud
3. Minimize the ASDM window.
4. Start vSphere Web Client from the Desktop with the vSphere icon, and make sure the Use Windows session
authentication checkbox is checked. Click Login.
5. From the demonstration workstation, go to the open Application Policy Infrastructure Controller window.
a. If APIC is not open, launch Application Policy Infrastructure Controller by clicking the APIC Login icon .
Click No in the pop-up.
b. Log in with the following credentials: admin/C1sco12345.
6. Click Tenants in the top menu.
7. Click ALL TENANTS in the sub-menu.
Cisco dCloud
8. On the workstation Task Bar, click the PuTTY shortcut to open the application, then double-click tools1 to load the
saved session.
9. Login to PuTTy (user01/user01) and arrange the screen so that both the PuTTY window and the APIC windows are visible.
Cisco dCloud
10. From the command line type ./request.py Scripts/Build_All.cfg and press Enter.
NOTE: To show the XML code as the Python script calls each XML script, substitute
./xml_request.py Scripts/Build_All.cfg for the above command.
This is an example of the partial XML output for the Build_All.cfg script.
The Build_All.cfg script utilizes a series of XML scripts to perform the necessary configuration steps. It will pause between
each of the XML scripts, and the user can either press Enter to run the script, or type s to skip the script and configure the object
via a wizard. While the script is running, a brief description will display what that script is doing, while the APIC window updates in
real-time. When a script completes successfully, the success code 200 will appear onscreen.
Cisco dCloud
11. Create the Tenant.
a. In the APIC All Tenants window, review the list of tenants. If you have already performed Scenario 1, the tenants list
may vary slightly.
NOTE: If the TSW_Tenant0 tenant is not present, the Fabric was not discovered. Perform Fabric Discovery in Appendix B before
proceeding further.
b. Return to the PuTTy window and press Enter at the Hit return to process Scripts/Tenant.xml or
press‘s’ and return to skip this script prompt.
c. The Sales tenant is created and displayed in the APIC Tenants list. If necessary, click Refresh to display it in the
tenant list. (If a Server Side Error message is generated, wait a few seconds before refreshing again.)
Cisco dCloud
d. Double-click Sales in the APIC tenant list.
e. Expand the Tenant Sales > Networking > Bridge Domains directory to show that the SalesBDDb, SalesBDApp,
and SalesBDWeb bridge domains have been created.
f. Expand the Tenant Sales > Networking > VRFs folder to show that the Salesctx1 private network has been
created.
12. Import the Device Package as follows:
a. From the APIC top menu, select L4-L7 Services.
b. From the top sub-menu, select Packages.
c. Expand the L4-L7 Services Device Types folder and show that no packages are present.
d. Return to the PuTTY window and press Enter at the Hit return to process Scripts/asa-device-pkg-
1.2.4.8.zip or press‘s’ and return to skip this script prompt.
e. The CISCO-ASA-1.2 device package appears in the L4-L7 Services Devices directory as it is created.
Cisco dCloud
13. Create the Device Cluster:
a. From the top menu of the APIC window, select Tenants.
b. From the top sub-menu, select Sales. If Sales does not appear in the sub-menu, double-click it in the Tenants list.
c. Expand the Services > L4-L7 > Devices folder and show there are no device clusters present.
d. Return to the PuTTY window and press Enter at the Hit return to process Scripts/CreateDevice.xml
or press‘s’ and return to skip this script prompt.
e. Verify the creation of the Firewall device cluster.
Cisco dCloud
14. Create the Application Profile as follows:
a. Still in the Tenant Sales directory, expand Application Profiles, which is empty.
b. Return to the PuTTY window and press Enter at the Hit return to Process
Scripts/CreateAppProfile.xml or press‘s’ and return to skip this script prompt.
c. The CoolApp application profile drops into the directory as it is created. Expand CoolApp > Application EPGs to
view the EPGs – EPG App, EPG Db and EPG Web.
d. Click CoolApp and click the Topology to see the topology.
Cisco dCloud
15. Create the dbCtrct and webCtrct contracts as follows:
a. Expand Tenant Sales > Contracts > Standard.
b. Return to the PuTTY window and press Enter at the Hit return to Process
Scripts/CreateContract.xml or press‘s’ and return to skip this script prompt.
c. The contracts are created in Contracts. It may be necessary to refresh the screen to see the new contracts in the
topology.
16. Create the Webgraph Service Graph as follows:
a. Still in the Tenant Sales directory, expand Services > L4-L7 > Service Graph Templates, which is empty.
b. Return to the PuTTY window and press Enter at the Hit return to process Scripts/ CreateGraph.xml
or press ‘s’ and return to skip this script prompt.
c. FWGraph is created in the Service Graph Templates folder, with the Function Node – N1 sub-directory. This script
also pushes the Port Profiles and Connections.
d. Expand Function Node – N1 to show the objects that have been created.
e. Click FWGraph to see the topology.
Cisco dCloud
17. Click in the vSphere Web Client window.
18. If Networking view is not already loaded, open it.
19. Expand vc1.dcloud.cisco.com > dCloud-DC > My-vCenter > My-vCenter and verify the creation of the CoolApp Service
Profile and the EPGs in vSphere.
Cisco dCloud
20. Attach the Service Graphs to the Sales tenant, as follows:
a. Return to the APIC window. Still in Tenants > Sales, expand Services > L4-L7 > Deployed Graph Instances,
which is empty.
b. Return to the PuTTY window and press Enter at the Hit return to process Scripts/
AttachGraphToContract.xml or press ‘s’ and return to skip this script prompt.
c. Allow a few seconds for the script to finish. webCtrct-FWGraph-Sales drops into the Deployed Service Graph
directory, showing the association.
21. Click the Services > L4-L7 >Deployed Graph Instances folder – the contract is listed in applied state.
Cisco dCloud
22. Note that a pop-up from the ASDM has been generated, indicating that the configuration is out of sync. Do not click Refresh
Now.
23. Return to the vSphere Web Client, where the new port-profiles have been created.
24. Check the Recent Tasks pane at the bottom of the vSphere Web Client window, which shows the tasks to attach the new
port-profiles to the Virtual machine – ASAv.
Cisco dCloud
25. In the vSphere location bar, click Hosts and Clusters.
26. Click ASAv and click the Summary tab, and expand VM Hardware to display the VM Hardware configuration.
27. Right-click the VM ASAv, and select Edit Settings from the pop out menu.
28. Expand Network adapter 2 and Network adapter 3 to view the MAC addresses.
Cisco dCloud
29. Return to the APIC window. Within Tenant Sales > Services > L4-L7 > Deployed Graph Instances, click webCtrct-
FWGraph-Sales to see the topology of the deployed Service Graph.
30. Expand webCtrct-FWGraph-Sales and click Function Node – N1 to review the configuration being pushed to the ASA.
Cisco dCloud
31. Maximize the ASDM window and click Refresh Now on the ASDM pop-up to refresh the display.
32. Within ASDM, navigate to Configuration > Firewall > Access Rules to see the access-list-inbound and access-list-outbound
configuration matching the Access Rules created on the ASA. Maximize the Access Rules pane to review the rule
configuration.
Cisco dCloud
33. Return to the APIC window, and verify that the MAC addresses and the correct Port-Profiles show:
a. Click Virtual Networking > Inventory in the top menu.
b. Expand VMM Domains > VMware > My-vCenter > Controllers > dCloud-DC > Hypervisors >
vesx1.dcloud.cisco.com > Virtual Machines and vesx2.dcloud.cisco.com > Virtual Machines. (ASAv may be on
either host.)
c. Click ASAv to display its parameters. Verify that the newly attached port-profiles show in the attached Portgroup
field.
Cisco dCloud
Scenario 4. Use NX-OS-Style CLI

The APIC CLI is now similar to the NX-OS CLI. The NX-OS CLI has intelligence embedded that enables the APIC to create some
of the ACI model constructs automatically, and the CLI provides validations to ensure consistency in the configuration. This
functionality reduces and prevents faults.
The purpose of this scenario is to use the NX-OS-style CLI to configure a three-tier application in Cisco APIC.
NOTE: The Tab and up arrow keys will perform command completion and history functions in this scenario, similar to NX-OS.
Steps
1. From the Task Bar on wkst1, open a PuTTy window . If a PuTTY window is already open from a previous scenario,
right-click the PuTTY shortcut on the task bar and select PuTTY from the resulting menu. Double-click APIC1 in the PuTTy
Configuration window and click Yes through any security warnings.
Cisco dCloud
2. In the PuTTy window, login to APIC (admin/C1sco12345).
NOTE: No characters appear when typing the password.
3. Return to the APIC window, or open an APIC window and log in to APIC (admin/C1sco12345).
4. Position the windows so that both the console window and the APIC window are visible. In the APIC window, click Tenants >
ALL TENANTS to show the Tenants list.
Cisco dCloud
5. Execute the following commands in the console window to start the configuration of Tenant 2:
conf
tenant Tenant2
6. In the APIC window, double-click the newly created Tenant2 in the Tenants list, and expand all the folders. As objects are
created via CLI, they will drop into the APIC folders.
7. Select Tenant Tenant2 > Networking > Bridge Domains, which is empty.
8. Return to the PuTTY window and execute the following commands in order to create the bridge domains, watching the APIC
window as the bridge domains are created.
bridge-domain bd1
exit
bridge-domain bd2
exit
Cisco dCloud
9. Return to the APIC window and expand Tenant Tenant2 > Contracts and Tenant Tenant2 > Application Profiles.
10. Execute the following commands in the console window. The contracts will not appear in the work window until the EPGs are
created in the subsequent steps.
contract App2DB
exit
contract Web2App
exit
application WebApplication
11. In the APIC window, click Tenant Tenant2 > Application Profiles > WebApplication to show the EPGs and contracts in the
Application Profile window as they are created. Click the Refresh button (top right) to show new objects.
epg Web
contract consumer Web2App
exit
epg App
contract consumer App2DB
contract provider Web2App
exit
epg DB
contract provider App2DB
end
Cisco dCloud
Optional – Before Running APIC 4.0 VMware Admin Script
To proceed with the second script for this demo, Cisco Application Policy Infrastructure Controller 2.1 with VMware – VMware
Admin, perform the following procedure first to delete the Firewall device from the Sales tenant.
Remove APIC Objects (Optional)
1. Remove the Port-Profiles from the ASA VM, as follows:
a. From the demonstration workstation Task Bar, launch Windows Explorer.
b. Navigate to the C drive and double-click Remove_DVS_vNiCs to run the script.
2. The removal script runs, posting the results in the shell window. When the script has completed, the shell window closes.
3. Connect to the tools Linux server and run the clean-up script.
a. From the demonstration workstation, launch PuTTY [ ].
b. In the PuTTY Configuration window:
i. In the Saved Sessions area, double-click tools1.
ii. Log in with the following credentials: Username: user01, Password: user01.
4. In the PuTTY command window, type ./request.py Scripts/Remove_All.cfg at the command prompt and press ENTER.
NOTE: The python script will step through multiple XML scripts to remove the objects. Display the APIC window, open to Tenants
> Sales, expanding each folder to see the objects being removed.
5. Press ENTER at each prompt to walk through the script.
6. Return to the ASDM, vSphere and APIC windows to show that all the objects related to the Sales tenant have been removed.
Cisco dCloud
Appendix A. Reset APIC Simulator

APIC Fabric Members are created by default, so that the demonstration can begin with the creation of the APIC objects.
If you want to demonstrate the fabric discovery, reboot the ACI Simulator (apic-fcs-301k) via Guest OS Control as follows:
1. In Cisco dCloud, click My Hub > Sessions and then click View against the running demo.
2. Select Servers from the menu bar, then select Enable Status Polling.
3. Expand the menu against apic-fcs-401h and select Reset. This will perform a hard reboot of the simulator. As it is does not
retain its configuration after a reboot, a clean reboot is unnecessary.
NOTE: It will take up to 5 minutes before you can login and rebuild the Fabric using one of the Fabric Discovery methods in
Appendix B.
Cisco dCloud
Appendix B. Fix My Demo

Occasionally things go wrong in your session. The Fix My Demo script enables common issues to be resolved. The following
process can be used to manually resolve the following issues:
• Apply configuration to UCS Manager
• Discover the ACI Fabric and apply the demo configuration to the ACI Simulator
• Update the licenses applied to VMware vCenter and ESXi hosts.
• Reboot UCS Director.
NOTE: The ACI full fabric discovery can take up to 15 minutes. The apic3 controller will be discovered after all the devices are
discovered. You can monitor the progress by selecting Topology from the Inventory pane in the APIC GUI. While the discovery is
taking place, you can complete Scenario 1, which ends in the APIC Topology window showing the discovered elements.
Steps
1. From the demonstration workstation, click the Fix My Demo icon.
2. Select what you would like to fix. Do not close the command window, allow the task to fully complete.

Cisco APIC 40 With VMware NetworkAdmin v1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco APIC 40 With VMware NetworkAdmin v1

Uploaded by

Copyright:

Available Formats

Cisco dCloud

Cisco Application Policy Infrastructure Controller 4.0 with

About This Demonstration

• About This Cisco Solution

• Scenario 1: APIC Operations & Troubleshooting

• Scenario 2: Deploy an Application

• Scenario 3: Create L4-L7 Service Graph via Python Script

• Scenario 4: Use NX-OS-Style CLI

• All configuration will be lost after a reboot of the APIC simulator

• No traffic will pass between devices connected to the simulated fabric

• Screen refresh may take slightly longer than expected

Table 1. Demonstration Requirements

About This Cisco Solution

For additional information, visit www.cisco.com/go/apic.

• VMware Virtual Center Server 6.7 Appliance

• VMware ESXi 6.7.0 (x2)

• EMC vVNXe Storage Appliance

• Cisco UCS Director 6.6.1.0

• Linux Tools Repository (RHEL 7)

• Active Directory 2012 R2 (Domain Controller)

Figure 1. Demonstration Topology

PREPARATION IS KEY TO A SUCCESSFUL PRESENTATION.

1. Initiate your dCloud session. [Show Me How]

NOTE: It may take up to 10 minutes for your session to become active.

2. Connect to the workstation with one of the following two methods:

• Workstation 1: 198.18.133.36, (DCLOUD\demouser/C1sco12345

• Cisco dCloud Remote Desktop Client [Show Me How]

• Select Fabric from the top menu.

• Select Inventory from the top sub-menu.

Scenario 1. APIC System Overview and Operations

Login icon , and log in (admin/C1sco12345).

o Connections to virtual and physical environments

3. Double-click Leaf1, which has a health score of 90.

8. Close the Show Faults window.

Visibility & Troubleshooting

1. Click Operations to get to the Troubleshooting Wizard View.

2. In the Session Name field, type tsw_session1.

3. Leave the Session Type as Endpoint to Endpoint.

4. In the Description field, enter Troubleshooting Session 1.

3. Close the Faults window.

1. Click Drop/Stats in the side menu.

1. Click Contracts on the side menu.

1. Click Traceroute in the side menu.

2. Select icmp from the Protocol drop-down.

1. Click Atomic Counter in the side menu.

3. Wait approximately two minutes for the counter table to generate.

4. Examine the data, then click Stop .

Scenario 2. Deploy an Application

3. In the resulting Tenant1 window, click Networking in the side menu.

7. In the resulting Create Bridge Domain window:

a. Enter BD1 in the Name field.

b. Select Optimize from the Forwarding drop-down.

c. Click the L3 Configurations tab.

d. Click the + sign to add a Subnet.

e. Enter 10.1.1.1/24 in the Gateway IP field and click OK.

9. Enter BD2 in the Name field and click OK.

Create Application Profile

2. In the Create Application Profile dialog box:

a. Enter WebApplication in the Name field.

b. Click Submit to create the Application Profile.

3. Drag the EPG icon into the Application Profile window.

4. In the Create Application EPG dialog box:

a. Enter Web in the Name field.

b. Select Tenant1/BD1 from the Bridge Domain drop-down.