Cisco Nexus Dashboard Orchestrator Deployment Guide, Release 4.2(x)

Configuring Fabric Access Policies for All APIC Sites

Updated: November 11, 2023

Want to summarize with AI?

On this page

Overview

Configuring Fabric Access Global Policies
Configuring Fabric Access Interface Policies

Overview

sd Configuring Fabric Access Policies for All APIC Sites

Before your APIC fabrics can be added to and managed by the Nexus Dashboard Orchestrator, there is a number of fabric-specific access policies that you must configure on each site.

Configuring Fabric Access Global Policies

This section describes the global fabric access policy configurations that must be created for each APIC site before it can be added to and managed by the Nexus Dashboard Orchestrator.

Procedure

	1.	Log in directly to the site's APIC GUI.
	2.	From the main navigation menu, select Fabric > Access Policies. You must configure a number of fabric policies before the site can be added to the Nexus Dashboard Orchestrator. From the APIC's perspective, this is something you do just like you would if you were connecting a bare-metal host, where you would configure domains, AEPs, policy groups, and interface selectors; you must configure the same options for connecting the spine switch interfaces to the inter-site network for all the sites that will be part of the same Multi-Site domain.
	3.	Specify the VLAN pool. The first thing you configure is the VLAN pool. We use Layer 3 sub-interfaces tagging traffic with VLAN-4 to connect the spine switches to the inter-site network. In the left navigation tree, browse to Pools > VLAN. Right-click the VLAN category and choose Create VLAN Pool. In the Create VLAN Pool window, specify the following: For the Name field, specify the name for the VLAN pool, for example `msite`. For Allocation Mode, specify `Static Allocation`. And for the Encap Blocks, specify just the single VLAN 4. You can specify a single VLAN by entering the same number in both Range fields.
	4.	Configure Attachable Access Entity Profiles (AEP). In the left navigation tree, browse to Global Policies > Attachable Access Entity Profiles. Right-click the Attachable Access Entity Profiles category and choose Create Attachable Access Entity Profiles. In the Create Attachable Access Entity Profiles window, specify the name for the AEP, for example `msite-aep`. Click Next and Submit No additional changes, such as interfaces, are required.
	5.	Configure domain. The domain you configure is what you will select from the Nexus Dashboard Orchestrator when adding this site. In the left navigation tree, browse to Physical and External Domains > External Routed Domains. Right-click the External Routed Domains category and choose Create Layer 3 Domain. In the Create Layer 3 Domain window, specify the following: For the Name field, specify the name the domain, for example `msite-l3`. For Associated Attachable Entity Profile, select the AEP you created in Step 4. For the VLAN Pool, select the VLAN pool you created in Step 3. Click Submit. No additional changes, such as security domains, are required.

What to do next

After you have configured the global access policies, you must still add interfaces policies as described in Configuring Fabric Access Interface Policies.

Configuring Fabric Access Interface Policies

This section describes the fabric access interface configurations that must be done for the Nexus Dashboard Orchestrator on each APIC site.

Before you begin

You must have configured the global fabric access policies, such as VLAN Pool, AEP, and domain, in the site's APIC, as described in Configuring Fabric Access Global Policies.

Procedure

	1.	Log in directly to the site's APIC GUI.
	2.	From the main navigation menu, select Fabric > Access Policies. In addition to the VLAN, AEP, and domain you have configured in previous section, you must also create the interface policies for the fabric's spine switch interfaces that connect to the Inter-Site Network (ISN).
	3.	Configure a spine policy group. In the left navigation tree, browse to Interface Policies > Policy Groups > Spine Policy Groups. This is similar to how you would add a bare-metal server, except instead of a Leaf Policy Group, you are creating a Spine Policy Group. Right-click the Spine Policy Groups category and choose Create Spine Access Port Policy Group. In the Create Spine Access Port Policy Group window, specify the following: For the Name field, specify the name for the policy group, for example `Spine1-PolGrp`. For the Link Level Policy field, specify the link policy used between your spine switch and the ISN. For CDP Policy, choose whether you want to enable CDP. For the Attached Entity Profile, select the AEP you have configured in previous section, for example `msite-aep`. Click Submit. No additional changes, such as security domains, are required.
	4.	Configure a spine profile. In the left navigation tree, browse to Interface Policies > Profiles > Spine Profiles. Right-click the Spine Profiles category and choose Create Spine Interface Profile. In the Create Spine Interface Profile window, specify the following: For the Name field, specify the name for the profile, for example `Spine1-ISN`. For Interface Selectors, click the + sign to add the port on the spine switch that connects to the ISN. Then in the Create Spine Access Port Selector window, provide the following: For the Name field, specify the name for the port selector, for example `Spine1-ISN`. For the Interface IDs, specify the switch port that connects to the ISN, for example `5/32`. For the Interface Policy Group, choose the policy group you created in the previous step, for example `Spine1-PolGrp`. Then click OK to save the port selector. Click Submit to save the spine interface profile.
	5.	Configure a spine switch selector policy. In the left navigation tree, browse to Switch Policies > Profiles > Spine Profiles. Right-click the Spine Profiles category and choose Create Spine Profile. In the Create Spine Profile window, specify the following: For the Name field, specify the name for the profile, for example `Spine1`. For Spine Selectors, click the + to add the spine and provide the following: For the Name field, specify the name for the selector, for example `Spine1`. For the Blocks field, specify the spine node, for example `201`. Click Update to save the selector. Click Next to proceed to the next screen. Select the interface profile you have created in the previous step For example `Spine1-ISN`. Click Finish to save the spine profile.

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.