Creating a Tenant, VRF, and Bridge Domain
This topic describes the following steps in the basic provisioning of a new tenant:
-
Create a tenant
-
Associate the tenant with a security domain
-
Create a VRF for the tenant
-
Create a bridge domain for endpoint groups within the tenant
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure Example:
|
Enters configuration mode. |
Step 2 |
tenant tenant-name Example:
|
Creates a tenant if it does not exist and enters the tenant configuration mode. |
Step 3 |
security domain domain-name Example:
|
Associates the tenant with one or more security domains. |
Step 4 |
[no] vrf context vrf-name Example:
|
Creates a private network (VRF) for the tenant. A tenant can have one or more VRFs configured. |
Step 5 |
[no] contract {provider | consumer} contract-name Example:
|
Provide or consume contracts for all the EPGs under the VRF. |
Step 6 |
exit Example:
|
Returns to the tenant configuration mode. |
Step 7 |
[no] bridge-domain bd-name Example:
|
Creates or deletes a bridge domain under the tenant. Enters bridge domain configuration mode. |
Step 8 |
[no] vrf member vrf-name Example:
|
Assigns the bridge-domain to a VRF. |
Step 9 |
exit Example:
|
Returns to the tenant configuration mode. |
Step 10 |
interface bridge-domain bd-name Example:
|
Enters tenant interface configuration mode to enable routing and to apply interfaces to the bridge domain. |
Step 11 |
[no] {ip | ipv6} address address/mask-length [scope {private | public}] [secondary] Example:
|
Assigns or removes the gateway IP address of the bridge domain and enters the IP address mode to configure optional IP address properties. The scope of the gateway address can be one of the following:
The optional secondary keyword allows you to configure a secondary gateway address. |
Examples
This example shows the basic configuration of a tenant including assignment to a security domain, creation of a VRF with contracts, and creation of a bridge domain.
apic1# configure
apic1(config)# tenant exampleCorp
apic1(config-tenant)# security domain exampleCorp_dom1
apic1(config-tenant)# vrf context exampleCorp_v1
apic1(config-tenant-vrf)# contract enforce
apic1(config-tenant-vrf)# contract provider web
apic1(config-tenant-vrf)# contract consumer db
apic1(config-tenant-vrf)# contract provider icmp
apic1(config-tenant-vrf)# contract consumer icmp
apic1(config-tenant-vrf)# exit
apic1(config-tenant)# bridge-domain exampleCorp_b1
apic1(config-tenant-bd)# vrf member exampleCorp_v1
apic1(config-tenant-bd)# exit
apic1(config-tenant)# interface bridge-domain exampleCorp_b1
apic1(config-tenant-interface)# ip address 172.1.1.1/24
apic1(config-tenant-interface)# ipv6 address 2001:1:1::1/64
apic1(config-tenant-interface)# exit
This example shows the VRF configuration specific to a leaf.
apic1# configure
apic1(config)# leaf 101
apic1(config-leaf)# vrf context exampleCorp_v1 tenant exampleCorp
apic1(config-leaf-vrf)# ip route 1.2.3.4 5.6.7.8
This example shows the VRF configuration specific to a leaf interface.
apic1# configure
apic1(config)# leaf 101
apic1(config-leaf)# int eth 1/1
apic1(config-leaf-if)# vrf member exampleCorp_v1 tenant exampleCorp
What to do next
Add an application profile, create an application endpoint group (EPG), and associate the EPG to the bridge domain.