Logging ACL/Contract Permits and Denies with ACI

Did you know that you can enable logging for permitted and denied traffic that flows through your ACI Fabric? While this feature is not meant as a replacement for Tetration or Netflow, this can be a great tool for troubleshooting and examining traffic that is flowing through applications that reside in your ACI Fabric. In … More Logging ACL/Contract Permits and Denies with ACI

Changing the default port for HTTP(s) access to the APIC GUI

  Prerequisites Make sure and have the appropriate Contracts configured for OOB to permit the access to the desired port. If you do not have this in place, the traffic destined to the new port will be killed by the contracts. While not a prerequisite, Since HTTPs access via the GUI is generally the “front … More Changing the default port for HTTP(s) access to the APIC GUI

ACI: vPC in ACI

Prerequisites While there are no prerequisites, if you need a refresher on Fabric Access Policy Configurations inside of ACI (i.e., AAEP, Switch Profiles, Interface Profiles, Vlan Pools, Policy Groups), check out this post, Configuring Fabric Access Policies. vPC Overview A virtual port channel (vPC) allows links that are physically connected to two different ACI Leaf … More ACI: vPC in ACI

ASAv Service Graph – Cloud Orchestrator Package

Introduction Introduced in ACI 3.1, the Cloud Orchestrator Package greatly simplifies the configuration of Service Graphs. Intended for use with an Orchestrator such as Microsoft Azure for a generic configuration of any L4-L7 device. Prerequisites ACI 3.1 Supported Device Package Supported L4-L7 Device BD Configuration to match the Service Insertion configuration Since this is routed mode … More ASAv Service Graph – Cloud Orchestrator Package

Using MCP (MisCabling Protocol) for ACI

MisCabling Protocol (or MCP) detects loops from external sources (i.e., misbehaving servers, external networking equipment running STP) and will err-disable the interface on which ACI receives its own packet. Enabling this feature is a best practice and it should be enabled globally and on all interfaces, regardless of the end device. MCP limits the blast … More Using MCP (MisCabling Protocol) for ACI

Using Serial-over-Lan (SOL) on the CIMC to access the APIC (instead of KVM console)

The CIMC is Cisco’s answer to lights-out management for UCS servers, including the UCS servers that house the APICs. For troubleshooting the APIC, most engineers assume you must have direct console (i.e., physical access) or use the Java (or later HTTP)-based KVM Console to get true OOB access to your APIC, however, this is not … More Using Serial-over-Lan (SOL) on the CIMC to access the APIC (instead of KVM console)

Configuration to affect HealthScore with CRC errors

HealthScores are a good way to monitor faults and the general health of your ACI Fabric. But in certain cases, such as CRC errors, if the interface does not change state (up/down), no fault will be generated and consequently the HealthScore is not affected. In this article we examine what steps are necessary to ensure … More Configuration to affect HealthScore with CRC errors