CPOC Series: ACI Service Chaining using Policy Based Redirect (PBR) for east-to-west traffic through an ASA FW

In this video we explore using Policy Based Redirects to identify either a subset or ALL traffic between EPGs and forcing that traffic to an external device, in our case, an ASA FW. In our case, our ACI Fabric is the L3GW for all traffic. With the PBR feature, we are going to use an … More CPOC Series: ACI Service Chaining using Policy Based Redirect (PBR) for east-to-west traffic through an ASA FW

CPOC Series: ACI Segmentation Using Microsegmented EPGs (uSeg)

In this video we explore a very popular topic in Microsegmentation. To summarize, Microsegmentation inside of ACI is taking devices inside of an EPG, and placing them inside of their own “sub-EPG”. This new EPG behaves exactly like normal EPGs from a connectivity perspective; we still need contracts to talk to other EPGs (including our … More CPOC Series: ACI Segmentation Using Microsegmented EPGs (uSeg)

CPOC Series: Segmentation in ACI using Isolated EPGs

In this video, we take a look at Isolated EPGs. By default, endpoints within the same endpoint group are free to communicate with each. However, there are use-cases where you might want to group a common set of devices, allow them to communicate to an restricted set of services, but not allow them to communicate … More CPOC Series: Segmentation in ACI using Isolated EPGs

Logging ACL/Contract Permits and Denies with ACI

Did you know that you can enable logging for permitted and denied traffic that flows through your ACI Fabric? While this feature is not meant as a replacement for Tetration or Netflow, this can be a great tool for troubleshooting and examining traffic that is flowing through applications that reside in your ACI Fabric. In … More Logging ACL/Contract Permits and Denies with ACI

Changing the default port for HTTP(s) access to the APIC GUI

  Prerequisites Make sure and have the appropriate Contracts configured for OOB to permit the access to the desired port. If you do not have this in place, the traffic destined to the new port will be killed by the contracts. While not a prerequisite, Since HTTPs access via the GUI is generally the “front … More Changing the default port for HTTP(s) access to the APIC GUI

ACI: vPC in ACI

Prerequisites While there are no prerequisites, if you need a refresher on Fabric Access Policy Configurations inside of ACI (i.e., AAEP, Switch Profiles, Interface Profiles, Vlan Pools, Policy Groups), check out this post, Configuring Fabric Access Policies. vPC Overview A virtual port channel (vPC) allows links that are physically connected to two different ACI Leaf … More ACI: vPC in ACI