Step 1 |
In the AWS site, get the Cloud APIC IP address.
|
Step 2 |
Open a browser window and, using the secure version of HTTP (https://), paste the IP address into the URL field, then press Return to access this Cloud APIC.
For example, https://192.168.0.0.
If you see a message asking you to Ignore Risk and Accept Certificate, accept the certificate to continue.
|
Step 3 |
Enter the following information in the login page for the Cloud APIC:
-
Username: Enter admin for this field.
-
Password: Enter the password that you provided on the Specify Details page from Step 12 in the Deploying the Cloud APIC in AWS procedures.
-
Domain: If you see the Domain field, leave the default Domain entry as-is.
|
Step 4 |
Click Login at the bottom of the page.
Note
|
If you see an error message when you try to log in, such as REST Endpoint user authentication datastore is not initialized - Check Fabric Membership Status of this fabric node, wait for several minutes, then try again after a few minutes. You might also have to refresh the page in order to log in.
|
The Welcome to Cloud APIC setup wizard page appears.
|
Step 5 |
Click Begin Set Up.
The Let's Configure the Basics page appears, with these areas to be configured:
-
DNS Servers
-
Region Management
-
Smart Licensing
|
Step 6 |
In the DNS Servers row, click Edit Configuration.
The DNS and NTP page appears.
|
Step 7 |
In the DNS and NTP page, add the DNS, if necessary, and NTP servers.
-
A DNS server is already configured by default. Add a DNS server if you want to use a specific DNS server.
-
An NTP server is not configured by default, however, so we recommend that you configure an NTP server. Skip to 7.d if you want to configure an NTP server and you do not want to configure a DNS server.
-
If you want to use a specific DNS server, under the DNS Servers area, click +Add DNS Provider.
-
Enter the IP address for the DNS servers and, if necessary, check the box next to Preferred DNS Provider.
-
Click the check mark next to the DNS server, and repeat for any additional DNS servers that you want to add.
-
Under the NTP Servers area, click +Add Providers.
-
Enter the IP address for the NTP servers and, if necessary, check the box next to Preferred NTP Provider.
-
Click the check mark next to the NTP server, and repeat for any additional NTP servers that you want to add.
|
Step 8 |
When you have finished adding the DNS and NTP servers, click Save and Continue.
The Let's Configure the Basics page appears again.
|
Step 9 |
In the Region Management row, click Begin.
The Region Management page appears.
|
Step 10 |
Verify that the Cloud APIC home region is selected.
The region that you selected in Step 2 in Deploying the Cloud APIC in AWS is the home region and should be selected already in this page. This is the region where the Cloud APIC is deployed (the region that will be managed by Cloud APIC), and will be indicated with the text cAPIC deployed in the Region column.
|
Step 11 |
Select additional regions if you want the Cloud APIC to manage additional regions, and to possibly deploy CSRs to have inter-VPC communication and Hybrid-Cloud, Hybrid Multi-Cloud,
or Multi-Cloud connectivity on those other regions.
The CSR can manage four regions, including the home region where Cloud APIC is deployed.
A Cloud APIC can manage multiple cloud regions as a single site. In a typical Cisco ACI configuration, a site represents anything that can be managed by an APIC cluster. If a Cloud APIC cluster manages two regions, those two regions are considered a single site by Cisco ACI.
The following options are available on the row for any region that you select:
-
Cloud Routers: Select this option if you want to deploy CSRs in this region. You must have at least one region with CSRs deployed to have
inter-VPC or inter-VNET communications. However, if you choose multiple regions in this page, you do not have to have CSRs
in every region that you choose. See Understanding Limitations for Number of Sites, Regions and CSRs for more information.
-
Inter-Site Connectivity: This option is shown as On Premises Connectivity in releases prior to 4.2(1).
Select this option if you want this region to connect to other sites (for example, if you want this region to connect to an
on-premises site, or to connect cloud site-to-cloud site, through Cisco ACI Multi-Site). Infra VPCs or VNETs are deployed
on all regions selected for inter-site connectivity. Note that when you select inter-site connectivity for a region, the cloud
routers option is also selected automatically for this region because you must have two cloud routers deployed for inter-site
connectivity hubs.
|
Step 12 |
When you have selected all the appropriate regions, click Next at the bottom of the page.
The General Connectivity page appears.
|
Step 13 |
Enter the following information on the General Connectivity page.
-
In the Fabric Autonomous System Number field, enter the BGP autonomous system number (ASN) that is unique to this site.
Note
|
Do not use 64512 as the autonomous system number in this field.
|
-
In the Subnet for Cloud Router field, enter the subnet for the cloud router.
The first subnet pool for the first two regions is automatically populated. If you selected more than two regions, you will
need to add a subnet for the cloud router to the list for the additional two regions. Addresses from this subnet pool will
be used for inter-region connectivity for any additional regions that are added that need to be managed by the Cloud APIC
after the first two regions. This must be a valid IPv4 subnet with mask /24.
-
Under the Cloud Router Template area, in the Number of Routers Per Region field, choose the number of Cisco Cloud Services Routers that will be used in each region.
-
In the Username, enter the username for the Cisco Cloud Services Router.
-
In the Password field, enter the password for the Cisco Cloud Services Router.
-
In the Throughput of the routers field, choose the throughput of the Cisco Cloud Services Router.
Changing the value in this field changes the size of the CSR instance that is deployed. Choosing a higher value for the throughput
results in a larger VM being deployed.
Note
|
If you wish to change this value at some point in the future, you must delete the CSR, then repeat the processes in this chapter
again and select the new value that you would like in the same Throughput of the routers field.
|
In addition, the licensing of the CSR is based on this setting. You will need the equivalent or higher license in your Smart
account for it to be compliant. See Requirements for the AWS Public Cloud for more information.
Note
|
Cloud routers should be undeployed from all regions before changing the router throughput or login credentials.
|
-
In the License Token field, enter the license token for the Cisco Cloud Services Router.
This is the Product Instance Registration token from your Cisco Smart Software Licensing account. To get this license token,
go to http://software.cisco.com, then navigate to to find the Product Instance Registration token.
|
Step 14 |
Click the appropriate button, depending on whether you are configuring inter-site connectivity or not.
-
If you are not configuring inter-site connectivity (if you did not select Inter-Site Connectivity when you were selecting regions to manage in the Region Management page), click Save and Continue. The Let's Configure the Basics page appears again. Skip to Step 17.
-
If you are configuring inter-site connectivity (if you selected Inter-Site Connectivity when you were selecting regions to manage in the Region Management page), click Next at the bottom of the page. The Inter-Site Connectivity page appears.
|
Step 15 |
Enter the following information in the Inter-Site Connectivity page:
-
IPSec Tunnels to Inter-Site Routers: This field is necessary only for on-premises connectivity to cloud sites. There is no need to enter information in this
field if you don't have an on-premises site.
In this area, click the + button next to the Add Public IP of IPsec Tunnel Peer field.
-
OSPF Area for Inter-Site Connectivity: Enter the underlay OSPF area ID that will be used with on-premises ISN peering (for example, 0.0.0.1)
-
Under the External Subnets for Inter-Site Connectivity heading, click the + button next to the +Add External Subnet field.
-
Enter the subnet tunnel endpoint pool (the cloud TEP) that
will be used in AWS. It must be a valid IPv4 subnet with a
mask between /16 and /22 (for example,
30.29.0.0/16). This subnet will be
used to address the IPsec tunnel interfaces and loopbacks of
the Cloud Routers used for on-premises connectivity, and
cannot overlap with other on-premises TEP pools.
-
Click the check mark after you have entered in the appropriate subnet pools.
|
Step 16 |
When you have entered all the necessary information on this page, click Save and Continue at the bottom of the page.
The Let's Configure the Basics page appears again.
|
Step 17 |
In the Smart Licensing row, click Register.
The Smart Licensing page appears.
|
Step 18 |
Enter the necessary information in the Smart Licensing page.
Cisco Smart Licensing is a unified license management system that manages software licenses across Cisco products. To register
your Cloud APIC with Cisco Smart Software Licensing, do the following
-
Ensure that this product has access to the internet or a Smart Software Manager satellite installed on your network.
-
Log in to Smart Account:
-
Navigate to the Virtual Account containing the licenses to be used by this Product Instance.
-
Generate a Product Instance Registration Token (this identifies your Smart Account) and copy or save it.
To learn more about Smart Software Licensing, visit https://www.cisco.com/go/smartlicensing.
|
Step 19 |
Click Register at the bottom of the page if you entered the necessary licensing information on this page, or click Continue in Evaluation Mode if you want to continue in evaluation mode instead.
The Summary page appears.
|
Step 20 |
Verify the information on the Summary page, then click Close.
At this point, you are finished with the internal network connectivity configuration for your Cloud APIC.
If this is the first time that you are deploying your Cloud APIC, this process might take quite a bit of time, possibly 30 minutes or so before the process is successfully completed.
|